This infographic lists the many ways you can use Microsoft Teams to drive workplace collaboration. It also provides statistics on the success and popularity of Microsoft Teams.
This video captures the journey of Samit Saini, a security officer at London Heathrow Airport and who discovered Microsoft Power Apps. As a novice, he easily created useful, time-saving applications. Now, as a member of the IT team, he teaches others to do the same. See how Samit and Power Apps led digital transformation.
This infographic displays stats on how Microsoft Teams reduces the total number of meetings as well as their duration from improved collaboration and information sharing.
Why run Windows Server on Azure? Ellen Kirby, senior manager of Technical Operations and senior enterprise architect at Bradley Arant Boult Cummings LLP, talks about the benefits of running the law firm’s Windows Servers on Azure and about leveraging Windows Admin Center for better management and automation.
Everyone needs to know about phishing emails and the serious impact that they can have on you and your company’s data.
Phishing is widely used term now and to make sure we’re all clear, it’s a form of social engineering in which cyber criminals will try to gain access to sensitive information and data by posing as a legitimate organization or person through email.
What types of emails should I look out for?
Please pay extra attention to the types of emails listed below as they are commonly used to take advantage of users. These emails may try to manipulate a user’s emotions to make them feel a false sense of urgency or to spark their curiosity.
Emails relating to accounts and passwords: Password resets, account log in verifications, anything pertaining to banking, finances, credit cards, or account updates.
Emails that are offering or asking for money: You won money, claim this prize, special offers, ‘you got hacked, pay me’, or ‘send me money or else this will happen to you’.
Emails containing extra links or attachments: Social media messages with website links, LinkedIn invitations and profiles with website links, or emails with download links and attachments.
What can I do to verify legitimacy of an email?
Cyber criminals will try to disguise themselves so they seem like a legitimate organization or person. Double check these areas of an email to validate legitimacy or to confirm the email is a phishing email.
From: Check to see if the sender’s email address is someone you recognize and that it is spelled correctly. If the email seems suspicious, do not open attachments or click on links without first verifying with the sender that the email is valid. If you have an internal IT department or an MSP, ask them to check it for you. Pay attention to the characters after the @ sign. Common tactics that are used are to interchange characters that look identical or to use a similar website.
YourBoss@arrovv.amazon.com where it should be YourBoss@arrow.amazon.com
(There are two ‘V’s, not a ‘W’)
Support@Mlcrosoft.com (This is a lower case ‘L’, not an ‘i’)
Yourcoworker@the-realdomain.com, email@example.com, firstname.lastname@example.org (These may seem legitimate at a quick glance, but these email addresses are not from therealdomain.com)
To: or CC: Check to see if this email has multiple recipients, or other recipients you do not recognize.
Links: Hover over any links and verify the link is to the website it indicates. If you feel unsure or uncertain, do not open any attachments or click on any links. Call, or otherwise contact, the sender to verify the email and any attachments or links are valid.
Verify any hyperlinks are spelled correctly:
www.bankofamerica.corn, (What looks like ‘m’ in .com, is lower case ‘RN’)
www.WeIIsFargo.com (The ‘ll’ in Wells is two capital ‘i’s, not lowercase ‘L’s)
www.paypal.net (This is not correct, if searched the website for PayPal it is actually www.paypal.com)
facebook.com (This looks correct; however, when you hover over it you see www.fadebook.com)
Date: Check if the email was sent during normal business hours.
Subject: Check if the subject irrelevant or if it is an unexpected reply.
Attachments: Check for attachments that were not expected. Also confirm the file type is something that is expected (i.e. an attached voicemail is an audio file, not a PowerPoint file or Word document). Be extra cautious with any attachments in an email. If you feel unsure or uncertain, do not open any attachments or click on any links. Call, or otherwise contact, the sender to verify the email and any attachments or links are valid. If you have an internal IT department or an MSP, ask them to check it for you.
Content: Check for grammar or incorrect spelling. Read the email to confirm it is business related or regarding something that is being worked on.
Spear Phishing attacks continually become more sophisticated
Spear phishing attacks are messages typically personalized based on public information the attacker has found on the recipient and organization. This can include topics surrounding the recipient’s area of expertise, role in the organization, interests, residential and tax information, and any information that can be gleaned from your company website or social networks. These specific details make the email appear more legitimate and more likely for the recipient to click any links or download attachments.
Links or attachments that are included often include malware that can compromise the credentials of the recipient or may include malware that will attempt to encrypt your data. These emails can be sent directly to a C level executive, IT Director or other individual that may have administrator permissions, or they may appear to be from one of these trusted sources in an attempt to convince you to open it.
Phishing and spear phishing email examples
Here are sites with examples of phishing emails:
Here are a couple of online tests that you can use to test your knowledge of phishing emails:
Vermont Panurgy Solutions
Opening malicious attachments or links can expose you, your PC, your network and potentially your customer’s data to a possible attack. These attacks may include information disclosures, system viruses, data destruction or encryption resulting in loss of productive work time, loss of customer trust and lost company revenue.
As a managed service provider, we are ready to assist you with suspicious emails that you may encounter. You are an important layer in the defense of your network and awareness of these tricks and how to spot them is key to preventing a successful attack.
Vermont Panurgy: email@example.com
Tel: 800-974-1115 or 802-658-7788
A world top ten university, with an international reputation for excellence in teaching and research, Imperial College London now uses Microsoft Teams to teach and connect in a time of COVID-19. In this video, see how the college is now relying on Teams for the delivery of its lectures and its remote labs, as well as a “virtual common room” where students and faculty can interact. Staff now have the fluid integration of shared files, scheduled events, and the students’ use of the virtual learning environment, providing opportunities to respond to students in a way never done before.
You may have the pieces in place to recover from a ransomware attack or environmental disaster. If you’re like a lot of today’s businesses, though, you probably have little, if any, clue as to how you would actually perform that recovery or how it would impact your business. What kind of downtime are you looking at? How many partners are involved? How many users are impacted? How much will it cost? Answers to these questions are critical to a complete disaster recovery plan. Find out how to get those answers in today’s post from your friends at Vermont Panurgy.
In the IT Security world, we recommend all businesses have not only the components in place to recover from a disaster, but also what’s called a BCDR Plan, which stands for Business Continuity and Disaster Recovery. Basically, this plan lays out in detail the processes and timelines by which data and access would be restored in the event of a disruption or disaster. It gives a business perspective on how long it would take, what costs there would be, and what other expectations to hold when responding to a critical service or resource outage.
The first and most crucial part starts with a risk analysis, which helps the business and the security provider creating the document to understand the internal and external risks facing the business, and the likelihood they will occur. In tandem with a business impact analysis (BIA), your partner can quickly determine the level of risk your business faces, and how devastating it would be to your company.
With an understanding of risk and impact, you are then able to begin planning out how to respond when these issues occur. Each business is going to have a different BCDR Plan, because the amount of downtime, the impact of that downtime and the potential losses resulting from the downtime will be unique for each business. A children’s book author or artist collective, for example, is going to have a very different perspective on downtime from a 24-hour manufacturing plant or public utility.
To better understand the BCDR Plan, we can break it down into the two primary components: “Business Continuity” and “Disaster Recovery”. Business Continuity refers to the plan for how the business is going to continue to function during the recovery period. Whether this means breaking out the notepads and pens, rolling a filing cabinet up from storage and breaking out the adding machines, or having an entire parallel cloud infrastructure to quickly spin up a virtual replica of your existing network at a moment’s notice (also known as a failover), Business Continuity can mean many different things to different companies, and all depends on the impact of downtime on the business’s ability to continue functioning.
Once a plan is formed to keep the lights on, the second part, Disaster Recovery, determines how the business gets back to fully functional operation. Different disasters are going to require different types of recovery, so the risk analysis is important to help prioritize and identify the most likely disasters to occur. An attack by ransomware may not require hardware replacement (wiping the drives and restoring a backup usually does the trick), but a dead server may not necessarily require a lengthy data restoration process if the drives in the server are still good.
The interrelated nature of the two components also effects data recovery plans for each business and their existing configuration. A business with a high need for a quick Continuity plan (like the 24-hour manufacturing plant) may be able to continue functioning indefinitely under their contingency plan, thereby reducing the need for a quick-turnaround recovery plan. Business owners who don’t mind going back to the stone age for a bit, or whose budget is unable to maintain a robust failover infrastructure, on the other hand, may prefer to focus on a speedy recovery. It’s all a question of priority.
As you can see, BCDR plans depend not just on tangibles such as technology, warranties and failovers, they also depend very much on both the physical environments the business operates in as well as the intangible personal preferences and business needs of the company and its constituents. This is why BCDR Plans tend to be so expensive. It takes a lot of conversation and reflection to truly understand the needs of a business to the point where an appropriate and effective BCDR Plan can be created. If you encounter a company that purports to offer cheap or quick BCDR Plans, run away fast. These plans most likely will be very generic and not specific to your business or even industry, likely will contain unrealistic timelines and may even include technologies that your business doesn’t even have.
If budget is a concern (as it is to most businesses these days), I would encourage you to at least start with a Risk Analysis and BIA. This will help you understand how important a BCDR Plan would be in the event of a disaster and will help determine priority for future budgeting. Contact Vermont Panurgy today to discuss how we can help you make sure your business is safe from disaster.
“I’m just a small business,” “What would they do with my company’s data anyways?” “There are plenty of bigger fish in the sea.” I’ve heard many excuses from executives and managers dismissing the need for effective cybersecurity, and these are just a few of them. In 2021, though, small- to medium-size businesses (SMBs) have become some of the highest-risk targets for cyberattack and specifically, ransomware. This is primarily due to the dismissal of risk and corresponding lack of protection, which makes SMBs very low-hanging fruit. With the increase in standardized IT infrastructure models, automated attack processes and credentials availability on the dark web, hackers now have the capability to attack and potentially take hostage the business data of even hundreds of businesses an hour. The question is no longer if your business’s IT will be attacked, but when.
As if losing access to your company’s important and sensitive data weren’t bad enough, a potentially bigger threat from ransomware comes in what the security community calls doxing. When a hacker takes away access to your files, they can use those files and info as additional leverage to get you to pay the ransom by threatening to dox you, which means releasing the data publicly on the internet. Private personnel information, internal IP addresses, financials, all that data is valuable for the ransom, but is doubly valuable to resell or trade it with other bad actors. Furthermore, paying the ransom does not guarantee that the attacker will delete your data. After all, how many cinematic pirates have you seen that are true to their word? Once a hacker has access to your business data, all bets are off.
Remember the SolarWinds attack last year? And more recently, the Kaseya attack? These are called supply-chain attacks, because they don’t just directly attack the target businesses, they attack the infrastructure used to manage those businesses’ IT. When hackers were able to compromise the platform used to connect to endpoints, this allowed them access to endpoints at not just one business, but thousands of businesses whose devices were connected to these platforms. Once the hackers gained access to these endpoints, they were able to cut them off from the end users and hold the data stored on them hostage until the end user paid a ransom to regain access.
Managed Service Providers (MSPs) who are savvy, such as Vermont Panurgy, are able to mitigate against any potential supply chain attacks by monitoring for any such threats and then quickly responding to cut off the hackers’ access until vulnerabilities are patched. For our business, additional “hardening” configurations (additional protection of the platform from unauthorized access) further increase both the security of managed endpoints, as well as the reliability of our management platform.
That said, ransomware is still and will always be a potential threat to all MSP clients. Effective, up-to-date network security and end-user training are the most effective prevention steps to fight back against this threat. Thankfully, unlike more traditional hostage situations, data can be backed up and encrypted, so even if a business does get infected with ransomware, recovery options are available without necessarily having to pay the ransom. This is likely why the #1 function outsourced to MSPs in a recent 2021 survey on IT operations is backup management. Businesses want to know that if they lose their data, they have a path to recovery that won’t cost them their hides.
Business Continuity is another critical concept, especially for companies that strategically cannot handle more than a few hours of downtime in the event of a successful ransomware attack. Business Continuity refers in part to strategies and technologies that create redundant infrastructures that can be spun up at a moment’s notice if access to the primary infrastructure is denied. It can reduce hours or days of downtime to just minutes, which is extremely important for businesses in critical sectors, such as infrastructure delivery (water management, electrical providers, internet providers, etc.) and healthcare.
What to do to safeguard your business? Recognize the vulnerabilities inherent in your business, which may include: not training your employees about security protocols, not activating a firewall, or ignoring firmware and security updates. Implement strategies to train and test your employees, patch the security holes, and reduce the risk that an attack will cripple your company. Finally, make sure your backup/continuity strategy is effective and robust enough so that when your business does get hacked, you will be able to get back up and running with minimal cost and downtime. Contact Vermont Panurgy today to discuss these threats and your options to stay safe!
Call today to set up a free consultation:
I live in Vermont. This state is beautiful, but its glory comes at a cost: the weather. Up here we get all sorts of weather, and while it is rarely extreme, it is an unusual week if it doesn’t include some sort of meteorological variation. Thunderstorms, high winds, freezing rain, sleet, hail, and blizzards are just a few of the events we contend with regularly up here.
Personal effects aside, a major repercussion of this wild weather is frequent fluctuation in power supply. Fairly often when coming back after a spring or fall weekend, or sometimes after a prolonged hot spell that results in severe thunderstorms, office workers may find they have to turn on all their computers again. Sometimes the computers come back up with issues they didn’t have before, sometimes they don’t come back on at all. Servers and network devices, if set up correctly, will be connected to battery backups and usually are fine, but irregular line currents and abrupt voltage spikes can sometimes cause issues with the backup power systems too, which can quickly cascade into massive network failure.
Unless you live somewhere that never has fluctuations with power supply for any reason, it is of utter importance that you understand the various basic options for protection from these types of issues.
The topic of power protection is vast, and requires a high level of knowledge in electrical and networking concepts. This article is only scratching the surface, but for the average small business owner, this is what you need to know.
If you’ve got all your desktop PCs hooked up to 6-outlet extension cords that have switches on them, but that’s all you know, you’ve taken a step in the right direction. You may, however, be surprised to learn that not all power strips are created equal. Some are nothing more than glorified extension cords, with no protection from surges or any power fluctuation. What you should be looking for are called “surge protectors” and they actually do what they claim, which is protect from power surges. Imagine that!
Have you ever been at home during a storm, and you saw the lights get brighter momentarily, or flicker erratically for a second? They’re often called “brown outs” because they don’t cut off power entirely or only for a few moments. These “brown outs” are often caused by power surges. While they don’t knock the power out enough to cause things to shut off, most electronics are much more sensitive to these kinds of things than your average light bulb and, without surge protection, that little jolt of extra electricity can cause unexpected failures in critical components of the machine.
To avoid this, use surge protectors to intermediate between the wall current and the connected devices. Surge protectors act to absorb any additional current before it hits your machine, stopping it in its tracks before it can damage anything. Surge protectors offer protection rated in joules: the higher the joules, the more protection it offers.
You’re probably looking at your power strip now, wondering if it is a surge protector or not. Thankfully, with most surge protectors it is pretty easy to tell. Look first for an indicator light that glows and often flickers when plugged in and turned on. If you see this light, then you likely have a surge protector and it is functional. Another way to check is to (carefully) look on the back of the strip for information about something along the lines of “suppressed voltage rating.” If you see details about “suppression” or “protection,” then you are looking at a bona fide surge protector.
But that’s not the end of what you need to do to keep all your equipment safe. That’s because a surge protector does not protect from power outages, which is when the power goes out unexpectedly and stays off for a period of time. If your desktop PC is on when the power goes out and it doesn’t have a battery backup, then it will shut off unexpectedly. This can cause its own share of problems, particularly with the potential for data corruption and loss. The best mitigation for these situations is to have at least one regularly occurring backup, storing critical information on a network device (see below), and potentially also employing a battery backup of some sort on the workstation itself.
Server and Network Device Protection: Battery Backup
Power surges can cause the same kinds of problems with network infrastructure as they can for workstations, but power outages can cause even more problems and significant damage. If all your office’s network switches, server, firewall and wireless access points lost power and shut off, then when the power comes back on your devices would not start back up in the proper order. When that happens, a seamlessly integrated network can quickly become like a bramble patch, with devices being unable to find their way to each other or to the internet.
For this reason, IT administrators will typically centralize the server and critical network infrastructure to a specific location so that they can connect them all to what is known as an “Uninterruptible Power Supply” or UPS. These devices contain batteries to provide power during an outage; they also can be set up to gracefully shut down servers and other network devices before the battery dies to prevent data corruption.
If you own a business that has a physical work location, multiple workstations, network devices and/or servers, you now know enough to at least have an idea of whether your business’s devices are protected or not. If not, then you now also have some critical keywords for further research and decision-making. If you need help securing your devices against the forces of nature, drop us a line. Vermont Panurgy is here to help you make sure you and your business stay up and running safely and securely, as consistently as possible.