Hackers exploit vulnerable Office feature
As the world’s most popular productivity suite, Microsoft Office tends to receive much attention from cybercriminals. Generally, hackers embed malware in authentic Office files to trick users into unleashing it onto their machines. However, the most recent exploit proves to be much more dangerous than any Office hack we’ve seen. What’s the new Office threat? The Office exploit takes advantage of Microsoft’s Dynamic Data Exchange (DDE), a protocol that sends messages and data between applications. For example, DDE can be used to automatically update a table in a Word document with data collected in an Excel spreadsheet. The problem with this is hackers can create DDE-enabled documents that link to malicious sources rather than to other Office apps. Theoretically, this allows hackers to launch scripts that download Trojan viruses from the internet and execute it before the user is even aware of the attack. And unlike most malware-embedded Office files, which are usually blocked by security protocols from Microsoft, DDE exploits are instant. Once a compromised Word file is opened, it automatically executes the hack. Outlook at risk What’s even more alarming are the DDE vulnerabilities in Outlook. Recent reports found that hackers can embed malicious code in the body of an email or calendar invite, allowing them to perform phishing scams without a file attachment. Fortunately, Outlook DDE attacks are not as automated as Word or Excel DDE attacks. Two dialog boxes will usually appear when you open the email asking if you want to update a document with data from linked files and start a specific application. Simply clicking ‘No’ on either of these boxes will stop the attack from executing. Defending against DDE attacks Beyond saying no, you can protect yourself by following these security best practices: Evaluate the authenticity of unsolicited emails before interacting with them and don’t open attachments from unfamiliar contacts. View emails in plain text format to completely stop DDE attacks embedded directly in emails from running. Note that this will also disable all original formatting, colors, images, and buttons. Use a strong email security system that prevents phishing emails, spam, and other unwanted messages from reaching your inbox. Get in the habit of checking for Microsoft updates, as they’re usually quick to release patches after vulnerabilities have been discovered. Last but not least, consider working with our team. We’re Microsoft Office experts who can keep you safe from the latest threats. Call us today to get started! Published with permission from TechAdvisory.org. Source.
Navigate Windows 10 easily with ‘Follow Me’
According to a Microsoft tipster, a proposed new feature in Windows 10 will allow users to navigate the system with the help of its virtual assistant (VA), Cortana. ‘Follow Me’ is an enhancement that will make navigating the operating system much easier, which will be particularly useful to those who find it a bit challenging. Possible new Cortana features Cortana can perform several tasks, including answering basic questions, sending reminders, and adjusting your music player’s volume. With the introduction of ‘Follow Me,’ it will provide an audiovisual-guided navigation within your Windows computer. Currently, Cortana is capable of providing voice prompts when providing search results. Based on this short video clip, the improved version will perform more complicated tasks such as providing users with visual prompts for pairing a Bluetooth device with their PC. The new feature looks easy to activate and deactivate, too. To quit, users can simply press the escape key. Follow Me for businesses Many business users haven’t fully embraced VA technology. In fact, those who work in corporate environments don’t find them particularly useful, as they’re often seen as an unnecessary add-on that doesn’t do much beyond performing voice-prompted searches, taking notes, placing or answering Skype calls, and doing other negligible tasks. However, VAs are becoming standard features in modern operating systems, which means they’re likely to see substantial improvements in the future. Moreover, assistants like Cortana are useful to some business users that require quick assistance in finding information on their computers. And although they perform mostly small tasks, they also help speed up things like calculating and setting schedules. What’s in store for the MS assistant In early 2017, Microsoft demonstrated that Cortana was capable of performing complex tasks when it introduced the ability for users to set up their PCs with the help of its digital assistant. When “Follow Me’ is launched, it will be a logical next step to this recently introduced functionality. Since the Fall Creators Update was recently launched, ‘Follow Me’ will likely be featured in upcoming Windows 10 updates. As of now, Microsoft tipsters continue to speculate about the digital assistant’s new capabilities as they wait for an official announcement from the software company. If you wish to explore time-saving and productivity-enhancing tools for your company’s Windows computers, contact us today. Published with permission from TechAdvisory.org. Source.
KRACK hacks: What you need to know
You’ve heard of ransomware, denial-of-service attacks, and even phishing, but one hacking technique you may not have heard of is the KRACK exploit. This attack takes advantage of a vulnerability in WiFi networks, which puts any device with a wireless connection at risk. Here’s everything you need to know about KRACK. What is KRACK? Simply put, KRACK, short for ‘key reinstallation attack,’ allows hackers to bypass WPA2 — a security protocol used by routers and devices to encrypt activity — and intercepts sensitive data passing between the mobile device and the wireless router, including login details, credit card numbers, private emails, and photos. In extreme cases, KRACKed devices can be remotely controlled. For example, hackers can log in to your surveillance systems and shut them down. What’s worse, Internet of Things devices — like smart thermostats and IP cameras — rarely receive security fixes, and even if some are available, applying patches are difficult, as these devices tend to have complex user interfaces. The good news, however, is you can do several things to mitigate the risks. Download patches immediately According to recent reports, security patches have already been released for major platforms, including iOS, Windows, and Android. Router manufacturers such as Ubiquiti, Mikrotik, Meraki, and FortiNet have also issued firmware updates, so make sure to install them as soon as possible. Although IoT patches are rare, consider getting your smart devices from reputable vendors that push out updates regularly. It’s also a good idea to contact a managed services provider to install the updates for you. Use Ethernet connections Some wireless routers don’t yet have a security patch, so while you’re waiting, use an Ethernet cable and disable your router’s wireless setting. Turn off the WiFi on your devices as well to make sure you’re not connecting to networks susceptible to KRACK. Stay off public networks Free public WiFi networks — even ones that are password-protected — in your local cafe should also be avoided because they usually don’t have holistic security measures in place, making them easy targets for cybercriminals. Connect to HTTPS websites If you do need to connect to a public WiFi hotspot, visit websites that start with “HTTPS,” and stay away from ones that are prefaced with “HTTP.” This is because HTTPS websites encrypt all traffic between your browser and the website, regardless of whether the connection is vulnerable to KRACK Hop on a Virtual Private Network (VPN) You can also use a VPN service to hide all network activity. Simply put, VPNs encrypt your internet connection so that all the data you’re transmitting is safe from prying eyes. Although the potential impact of a KRACK hack is devastating, security awareness and top-notch support are the best ways to stay safe online. Want more security tips? Contact us today. Published with permission from TechAdvisory.org. Source.
How does Apple Pay work and is it secure?
Apple Pay is a way for iPhone and iWatch users to make credit card payments using only their mobile device. Although it’s incredibly simple to use, some small businesses are worried about whether accepting these digital payments will add to their data security burdens. However, once you understand how it works, you’ll see just how easy it is to manage. How does it work? Credit card transactions are more complicated than most people realize. There are a few middlemen between the merchant you purchase from and the bank that issues your credit card. Apple Pay simplifies the payment process by reducing the number of middlemen who have access to credit card numbers. When you add a new card to the digital wallet on your mobile device, Apple works with the card issuer to create something called a Device Account Number (DAN). Once the DAN has been stored on your phone, with your bank, and on Apple’s servers — Apple erases your credit card number from its database. To make a payment at a merchant that accepts Apple Pay, you place your phone near the payment terminal and your iPhone or iWatch will transmit your DAN over an encrypted connection (after scanning your fingerprint). The merchant sends the purchase amount, your DAN, and a unique transaction code to the bank to be approved and checked against the records saved on your phone. The time it takes to request authorization and approve the transaction is on par with swiping the magnetic strip in your wallet, but keeps your credit card number out of the merchant’s recorded history. And even if hackers were to decrypt and steal your DAN, it is totally useless without your fingerprint. What do businesses need to accept Apple Pay? All that is required to process a transaction is a payment terminal with Near Field Technology (NFC), which allows your phone to transmit encrypted information wirelessly. Apple Pay transaction fees are quite a bit lower than those of traditional card readers and NFC terminals range from $300-$500. Depending on what you sell, this method could pay for itself in a matter of months. Aside from installation and integration with your existing sales and accounting software, Apple Pay requires little to no IT support. As an SMB ourselves, we view it as a way to improve the customer experience — and that’s what we care about most. If you need help with more technical support issues related to Apple products — just give us a call today. Published with permission from TechAdvisory.org. Source.
Cisco introduces new AI services
Modern IT systems are generating more data than ever before, and humans can’t keep up. Thankfully, certain tasks have already been offloaded to machines. Even better, Cisco may have a long-term solution to IT management complexities. Artificial intelligence (AI) and machine learning are extremely useful in helping us sift through massive amounts of information, and networking behemoth Cisco recently announced that they will be incorporating these technologies with two of their services. Business Critical Services This suite of services uses AI-powered automation, compliance, security, and machine learning analytics tools to reduce the complexity of IT systems management. It helps monitor the health of your business services and mitigate risks via automated compliance and remediation audits. You can also replicate your network to improve reliability between your hardware and software components, and deploy features with automation capabilities. Cisco High Value Services This product support model provides network, software, and solution support using advanced analytics and best practices to access infrastructure performance and remediate issues. Cisco aims to improve business continuity and reduce resource constraints with remote monitoring, automated incident detection, and high SLAs. Some of the services you can expect include software analysis, workflow integration, customer benchmarking, and predictive network analysis. Using cutting-edge technologies as well as networking and hardware expertise, Cisco is gearing up its attempt to predict IT failures before they happen. That said, we assume it’s only a matter of time before other major developers follow suit, and when they do, you’ll be the first to know. If you’d like to learn more about how to predict IT failures before they happen, or stay protected and operational when they do, just give us a call. Published with permission from TechAdvisory.org. Source.
Here comes Dropbox Professional
Lack of storage space is something we all have to deal with at some point. You’ll be forced to delete some seemingly unnecessary files, only to find out that you actually needed them later. What would you do? Dropbox offers a quick fix with its new Professional plan. Read on to learn more. Stop worrying about storage space Gone are the days when you have to regularly remove, relocate, or reorganize files stored on your hard disk because there’s not enough space. Dropbox has recently introduced a new plan, Dropbox Professional, aimed at self-employed professionals and entrepreneurs. And it comes with a new feature called Smart Sync. Smart Sync allows you to choose any file or folder stored in your computer’s Dropbox folder and send it to the cloud, thus freeing your hard disk space. What’s great about this feature is that all the “online-only” files and folders will still be visible on your desktop, allowing for convenient access. You can view, rename, remove, or preview those files and folders easily from your computer, just like you can for regular files. It also comes with an array of extra features, such as advanced sharing controls that include remote device wipe, password-protected and expiring shared links, detailed viewer history, and priority support with the Dropbox support team. Let’s welcome Showcase Another exciting feature of Dropbox Professional is Showcase. Instead of organizing your files in a traditional folder, now you can arrange them on a “branded page” with customized layouts, captions, visual preview and show them to the world. This PowerPoint-like page is a great tool for designers, marketeers, or any entrepreneurs who have to present their work to potential clients. You can also see who viewed your file, as well as how they might have interacted with it (e.g., by downloading and/or commenting whatever work your share). Any type of file can be shown on Showcase except video files which, for now, can be presented only as a static image. Dropbox will roll out a support for this soon. And the good news is: Showcase doesn’t take up your Dropbox space. Pricing $19.99 a month or $199 a year is the price you have to pay for Dropbox Professional and its extras. The plan comes with 1TB storage and allows you to recover old versions or restore deleted files from the last 120 days. Let’s see whether the new Dropbox plan can compete with other cloud-storing products in the market, including Box.com, which costs only $15 a month (but has fewer features). Using productivity apps is one way to help you become more efficient. But there are also many other ways in which technology can help improve your efficiency. Why not contact our IT team today? Our staff knows how to turn technology to your advantage, and they’ll be more than happy to talk to you! Published with permission from TechAdvisory.org. Source.
Guest Wi-Fi 101
No matter who they are, people today expect Wi-Fi access when they’re guests of your office. Setting up your Wi-Fi the wrong way can create a tedious experience for them and even expose your confidential information. So what’s the right way to do it? Never give guests access to your primary Wi-Fi While giving guests password to your company’s main Wi-Fi might be the easiest way to get them connected, you should avoid this at all costs. Anyone with a little technical know-how can potentially access everything on your company network, including confidential data. Not to mention, guests’ devices connected to your business network increase the risk of a malware infection or cyber attack since you can never be sure that they’re safe and secure. Ways to create secondary Wi-Fi for guests If you router has built-in guest Wi-Fi support (you can check this feature through a quick web search) you could use it to create a separate “virtual” network. This means guests will have access to the internet without connecting to your main company network. If your router doesn’t support multiple Wi-Fi networks, you can implement a separate wireless access point that bypasses the rest of your network and connects directly to your Internet service provider (ISP) connection. Both options will keep your guests’ connectivity separate from your company network so you’ll never have to worry about unauthorized persons accessing your company data. Keep in mind that guest Wi-Fi still uses your ISP connection so you should limit bandwidth usage on your guest network. The last thing you want is a guest streaming videos that slow down the Internet for your employees. With that in mind, you can even have your employees use guest Wi-Fi for their personal devices too. This minimizes the chance of employees hogging company bandwidth for personal use. Your guest Wi-Fi should only provide outsiders with internet access, nothing more. While proper setup isn’t rocket science, it can be a tedious process. Having said that, if you need a team of experts to take care of it all for you, or simply have questions about how else to leverage your hardware for better efficiency and security, just give us a call. Published with permission from TechAdvisory.org. Source.
Microsoft Edge goes mobile
Microsoft Edge is a great browser — it’s fast, clean, and has every feature you need. But alas, few people use it. So in an attempt to encourage PC users who also own an Android or iOS device to use Edge, the company is moving the browser to mobile platforms. Read on for more details. Why Microsoft is expanding Edge to mobile Microsoft’s Windows Phone is dead. So as a new mobile strategy, Microsoft has decided to bring the Edge browser to iOS and Android phones in hopes of expanding the browser’s reach. Doing so helps with Microsoft brand recognition, and gives mobile users a reason to stick to Windows-based desktops. What’s new in Edge for Android The highlight of Microsoft Edge for Android is the “Continue on PC” feature, which enables you to move between mobile and desktop browsers without starting a browsing session from scratch. Beyond convenience, this feature is also helpful for viewing sites that aren’t optimized for mobile devices. Edge for Android also syncs Favorites, New Tab Pages, and Reading Lists between your phone and PC. And even if you’re not using Edge for the cross-comparability with your desktop, the clean Reading View feature is an excellent way to declutter articles on your mobile device. If you assumed Microsoft would restrict Edge’s search engine to Bing, you’d be wrong — the default search engine can be set to Google, Yahoo, or others. How to get the beta version You can try the beta Microsoft Edge for Android by signing up for the preview in the Google Play Store. For now, Edge for Android is in US English only, but the company said it plans to include other languages as the preview expands. The official launch of Microsoft Edge for Android will be later this year. It will likely come with other announcements, such as tablet support. Whatever device or platform you use — whether it’s Microsoft, iOS, or Android — make sure you get the most benefits from its features. Our IT experts keep themselves up to date with the latest IT news and know how to help you reap the benefits of the technology you have. Contact us today. Published with permission from TechAdvisory.org. Source.
Secure mobile devices with virtualization
Mobile device security is paramount in today’s unpredictable IT landscape. There are plenty of ways to be sure your employees are accessing data safely away from the office, but there is one solution we recommend for the best results: combining mobile security efforts with virtualization technology. Mobile device management and virtualization Simply put, mobile device management (MDM) is about controlling how users on any device — from laptops to internet-connected printers — view, share, and store sensitive information. For example, if you have a user who accesses data via a company-provided laptop, an office copier and a personal smartphone, IT administrators can install an application on each device that enforces policies created from a centralized console. There are dozens of standalone MDM solutions that consolidate device administration, but by using one that integrates with your virtualization platform, you can standardize policies for any industry across a range of company-owned, line-of-business, and personal devices. Users are constantly picking up and discarding devices. Solutions like VMware’s AirWatch and Citrix’s XenMobile mean you no longer need to manage security settings for each device; instead, you can configure one virtualized environment for one employee, and its settings will be applied regardless of which device it’s accessed from. What are the benefits? Beyond a centralized approach to device management and data access rights, virtualized MDM solutions allow you to enjoy a number of other benefits. For example, IT administrators can remotely lock or erase data on employee devices if the device has been lost or stolen. You can also benefit from Single Sign-On security. This means your users need only one set of login credentials to access all their applications. Technically, each application will still use a different username and password, but your virtualized solution will securely store each of the credentials and automatically log in users whenever they sign in to your MDM platform. Hardware and software are evolving so fast that it’s almost impossible to secure them without extensive IT training. With a little help from trained professionals, virtualization is one of the easiest and most cost-effective ways for business owners to simplify user settings and management. It only makes sense that the next step would be unifying virtualized desktops, laptops, smartphones and other mobile devices under a single solution. Call us today to get started. Published with permission from TechAdvisory.org. Source.
What’s happening to Skype for Business?
At the Ignite conference in September, Microsoft announced that the Teams app will eventually replace Skype for Business as the primary communication tool for Office 365. This is a huge development, and there are undoubtedly many questions that need answers. To find out more about what’s going to happen to Skype for Business and Microsoft Teams, read on. Upgrades for Teams To phase out Skype for Business, Teams will gradually acquire communications features such as the ability to call traditional landlines and phone numbers, call routing, speech-to-text, voicemail, and HD video conferencing. On the back-end, Microsoft will beef up their servers and smooth out some glitches to ensure crisp and clear communications between team members. Why is this happening? Over the years, Microsoft has improved the Skype infrastructure to enable faster, clearer, and more reliable voice and video communications. But as executives noted, Microsoft applications are disjointed, requiring users to switch between windows to use their favorite collaboration tools. To schedule events during a video conference, for instance, you need to open the Group Calendar and Skype for Business app separately. With Teams, users can enjoy Skype for Business features that are seamlessly integrated with other Office 365 applications like SharePoint, Outlook, Groups, and Dynamics 365, all in one window. What about on-premises Skype for Business? While Skype for Business in Office 365 will eventually be replaced, on-premises versions of the VoIP software will still be available for the foreseeable future. In fact, Microsoft stated that they will release another version of the Skype for Business on-premises server in the second half of 2018. Can you still use your VoIP devices? To make the transition process much easier for users, Microsoft Teams is compatible with the same VoIP devices used by Skype, including webcams, microphones, and desktop handsets. What’s more, Microsoft announced that communications devices made by third-party manufacturers like Lenovo and Logitech work with their new platform. How do you migrate? The Office 365 administrator portal allows you to easily manage the migration process. If you want your employees to get acquainted with Microsoft Teams first, there is a “side by side with notify” option. This feature allows you to run both Skype for Business and Teams to train employees how to use Teams features, and alert them when telephony features are available in Teams. Before the cutover date, users also have the option to import all contacts from their Skype directory to their Teams list, so they can quickly move to the new platform with a click of a button. The takeaway here is you really shouldn’t be too concerned about the shift to Microsoft Teams. All the Skype features you know and love will still exist, but improved with tighter integrations with other Office 365 products. The migration process is also painless, so if you use Office 365, do your employees a favor and have them get used to Teams today. For more information on Microsoft Teams or other VoIP-related trends and services, call us today. Published with permission from TechAdvisory.org. Source.