GSuite becomes Google Workspace

Last month, Google has announced Workspace, the brand-new name for all their productivity apps such as Gmail, Drive, Docs, Keep, Sheets, Calendar, Slides, Meet, etc.

According to the company, Workspace isn’t just a new brand (a replacement for GSuite), it also offers a deeper integration between apps, helping users collaborate more efficiently, improving their experience while aligning their products to today’s business necessities.

Improved User Experience

One of Google’s strengths has always been smart integration between its various products and services, but now the organization is taking dozens of little steps towards making these integrations deeper, simpler, and making the collaboration process more natural, especially when working in teams from remote locations.

Today you have the possibility to preview a linked file without having to open a new tab, which means less time spent switching between apps and more time getting the work done.

Also, when you mention someone (by using @ in your document), a smart chip will show the person’s contact details, including for those outside your organization, providing context and even suggesting actions like adding that person to Contacts or reaching out via email, chat or video.

In the coming weeks, Google promises that users will be able to create and collaborate in a more dynamic way on a document with guests in a Chat room. This will make content sharing easier and will allow users to directly work together with those outside their organization.

Google prepares even more ambitious features, such as creating a document directly from Chat or starting a video call from within a presentation. Those features are expected to be launched in the coming months.

Pricing Changes

There are some changes to the pricing, too. Starting this month, the cheapest plan named Business Starter costs $6 per month/per user and it allows users to create business emails using their organization’s domain name, video meetings for 100 participants, and 30 GB of cloud storage per user.

The next pricing plan is Business Standard, which costs $12 per month/per user, and you will get video meetings for 150 participants plus recording capabilities, as well as 2 TB of cloud storage/user.

Business Plus will cost $18 per month/per user and you will get video meetings for 250 participants plus the benefits of recording and tracking attendance, 5TB of cloud storage/user, enhanced security, and management controls, including Vault and advanced endpoint management.

Eventually, if your organization needs more resources, you may contact Google for a customized Enterprise plan.

Final Thoughts

Google has made obvious improvements in user experience, app integration, product flexibility within the last ten years and promises to continue this process. It has also launched, rebranded, and merged so many products over the past couple of years it’s hard to keep track, so most likely, in the following years, we will see a stronger Google Workspace, a tougher competitor to Office/Microsoft 365.

IT Advisory Services: Getting More Than Just Good Advice

All the buzz words are out there; virtual CIO (vCIO), IT Advisory Services, Technology Advisor, etc.  Yes, all the reasons why you should engage in such a service is important, but it should be more than just good advice.

Let’s explain the key aspects of an IT Advisory practice, and what it can do for you.  Then we should talk about the key differentiator between “talking about IT strategy” vs. “doing IT strategy”.

Key aspects of an IT Advisory practice:

Assists in aligning IT to your business objectives

  • Involves in strategy meetings with leadership/management
  • Comprehends short-term vs. long-term initiatives

Identifies and documents your infrastructure

  • Aligns technology with your business objectives
  • Hardware and service standardization, from workstations, networks, servers, backup solutions, and cloud services

Recommends process improvements, investments and savings based on your infrastructure and business objectives

  • Assists in developing your IT budget based on useful life of your current environment
  • IT governance policy and process, along with new technology recommendations

Recognizes vulnerabilities to achieve your business objectives

  • From compliance shortfalls to security vulnerabilities
  • Starting with identifying, then communicating, and finally prioritizing solutions

“Talking about IT strategy” vs. “Doing IT strategy”:

When a managed IT service provider tells you, they provide vCIO or IT Advisory services, ask them what their methodology is and do they have a platform to orchestrate the process. As was mentioned in a previous blog “MSP-Are You Getting More Than A HelpDesk”, also ask if the service is being delivered by a dedicated resource or an engineer who also resolves tickets, etc.

Too often IT providers market that they provide Virtual CIO (vCIO) services, but those services are being provided by an engineer who is also responsible for resolving tickets or installing hardware. When you ask about advisory services, ask if this service is delivered by dedicated individuals, or is it part of the responsibility of the engineering team.

Any IT provider selling IT Advisory services should have three key aspects to ensure it’s the right service for you.

  1. A dedicated team solely focused on the customer success and tasked with supporting and driving positive change in your business.
  2. A methodology geared around a strategic, business driven, technology consulting process to engage with customers. A methodology that is a value-add service to assist customers through an ever-changing technology landscape, from cloud migrations, to implementing proper security protocols.
  3. A platform to orchestrate the methodology, where the customer and advisor can share, document, communicate, and track decisions and agenda items in one portal.

It’s easy for someone to talk to you about IT strategy, and they will call it vCIO services, but you deserve more than just a conversation.  Engage with an IT provider that has a dedicated team that provides a proven methodology through a transparent process on driving success with their customers.

Contact StratusPointIT and ask about our STAR methodology, and see how we are “doing IT strategy”.

Office 365 Multi-Factor Authentication

Multi-factor authentication (MFA) is commonly used to prevent a stranger from logging in, with or without a password. MFA improves the security of user logins.

With Office 365 MFA, users are required to allow a phone call, a text message, or enter an app-generated number on their smartphone after correctly entering their username and password. Only after this additional authentication factor has been verified the user can sign in.

Security Is Key

Using passwords alone is risky. If a single password is cracked, cyber criminals could have their way in your system, and you would probably not be alerted to their access. Enabling MFA for an Office 365 user ensures that if access occurs from an unusual location, from another device, or another Office client, etc. the user will be blocked until he/she provides additional verification.

Many users still have weak passwords, and it becomes difficult for management to mandate strong password management. By implementing Office365 MFA, it provides a layer of security to protect sensitive information.

NOTE: Based on studies conducted by Microsoft, an account is more than 99.9% less likely to be compromised if MFA is enabled.

Compliance Requirements

To date, the use of MFA to protect systems is not mandatory for every industry.

However, The Payment Card Industry Data Security Standard (PCI DSS) requires companies to use multi-factor authentication (MFA) to protect against breaches that could compromise payment card data.

Two-Factor Authentication (2FA) is a needed measure to comply with password restrictions in sectors such as finance, healthcare, defense, law enforcement, and government, among others. Let’s take a few examples:

The Healthcare Industry

The Health Insurance Portability and Accountability Act (HIPAA) does require organizations to confirm that users looking for access to electronic protected health information (ePHI) have the necessary authorization. Two-factor authentication addresses this HIPAA requirement, and multi-factor authentication takes it to the next level.

The Finance Industry

The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Modernization Act includes The Safeguards Rule which is a directive designed to secure customer data with specific provisions to ensure that data is not accessed under false claims. Risk assessment and risk mitigation are integral to compliance with the Safeguards Rule.

An identity and access management (IAM) solution can proactively address provisions in The Safeguards Rule and improve GLBA compliance through role-based management, entitlement management (limits permissions and only access what is needed), and multi-factor authentication.

The Unites States Government

For several years, 2FA has been a requirement for accessing government websites. This action plan has also instructed the National Cyber Security Alliance (NCSA), a non-profit, public-private partnership, to partner with leading technology companies such as Google and Microsoft to promote the use of 2FA.

These public-private partnerships instituted by the US Government prove that MFA is a handy solution for mitigating security risks inherent to systems that use single password authentication protocols.

Microsoft Authenticator

Authenticator is Microsoft’s two-factor authentication app. Launched around four years ago the app simplifies the multi-factor authentication process. Basically, you log into an account and after entering the username and password you are asked to provide a code to ensure MFA.

The Authenticator generates a six-digit code every 30 seconds that you must enter to finalize the login process into your app or service.

It is extremely useful for quick sign-ins, it works cross-platform, and it is faster than email or SMS codes.

O365 Re-Authentication

When MFA is enabled, there are certain situations when O365 users must re-authenticate:

  • In case of password change;
  • In case the user signs in and out in Office clients;
  • In case users swap between Office 365 accounts;
  • In case administrators apply conditional policies to restrict the resource the user is trying to access.

MFA Can Combat Phishing Attacks

How? Basically, by making it harder for hackers to get into your system. With multi-factor authentication enabled, cyber criminals need to have initial access to even more information in order to perform a successful login (sometimes access to the victim’s phone, so not just the username and password).

Finally

MFA is a needed enhancement as more people use the entire Office 365 suite and save sensitive data in OneDrive and/or SharePoint. Protecting your data is crucial, and it seems that MFA’s importance and applicability will only grow over time.

The Limitations of Private Browsing

While private and “incognito” modes can reduce your digital footprint online to an extent, there are still ways in which your activity can be tracked by malicious third-parties such as people on your network, the internet service provider, government agencies, and cyber criminals.

NOTE: Private Browsing mode is also known as Incognito Mode in Google Chrome and InPrivate Browsing in Microsoft Edge.

So, What Is Private Browsing?

Web browsers generally store data about your searches and online activity to make it easier for you to revisit websites. Browsers can store web-based content like usernames and passwords to speed up the log-in process or information about your location and preferences (favorite pages or certain features). This can be helpful in the short-term, but you likely don’t want this information shared with other users.

Private browsing first appeared in Apple’s Safari 4.4 browser back in 2005. It didn’t take long for other players like Google and Mozilla to release the feature. Soon, it became a standard component for any modern web browser.

Basically, private browsing creates a separate browsing session that’s isolated from the main one. Any websites you visit within that tab aren’t recorded in your device’s history. So, if you log in to a website in private mode, the cookies aren’t saved when you close the window.

Another consequence is that private browsing tabs can’t access cookies you use in the main session. For instance, if you log in to LinkedIn, and then enter incognito mode, you’ll have to re-enter your credentials. This also allows you to easily access multiple accounts at the same time and will make it more difficult for third-party sites to track your activity while in incognito mode.

Besides, using private or incognito mode, it becomes easier to further check some “soft paywalls” websites such as The New York Times, where you’re granted access to a few pages before being prompted to either log in or subscribe.

NOTE: When private browsing mode was first introduced, websites could avoid this limitation by storing cookies using the Adobe Flash browser plug-in, but now Flash supports private browsing and won’t store data when private-browsing mode is enabled.

The Incognito Mode

Your private browsing mode only blocks your own device from getting information about your web session. Browsers that offer private (or incognito) mode usually warn users it isn’t an efficient security method.

Incognito mode doesn’t stop network administrators from keeping an eye on your activity. It also doesn’t prevent a third party from spying on your browsing habits if you’re using a public hotspot in a restaurant.

So, private browsing is a matter of how browsing activity data is stored on the user’s personal device, and not about its transmission across a network.

Google and Mozilla are completely upfront about this in their browsers. “Going incognito doesn’t hide your browsing from your employer, your Internet service provider or the websites that you visit,” Chrome users are warned each time they open a new incognito window. Microsoft Edge also informs its users about “InPrivate” browsing limitations.

Furthermore, there are several ways to defeat private browsing at local level. If your device is infected with malware that tracks network traffic and DNS requests, incognito mode cannot help you. It also can’t protect the user from “fingerprinting”, in which third parties (usually advertising companies) try to determine unique features of your computer to track its activity across a network.

Unfortunately, fingerprinting attracts less attention than malware, despite its ability to identify individuals with remarkable accuracy. As you browse the internet, third-party sites can squeeze information about your device, your display resolution, the browser, plugins, language, time zone, and so on. Any piece of information might be insignificant by itself, but together, it may be used to create your computer’s profile putting yourself and your organization at risk.

Conclusion: In 2020, anonymous browsing is still work in progress. Currently, not even Tor, a browser developed with the sole purpose of anonymizing traffic is not a completely private and secure solution.

Portsmouth

The Relaunch of Microsoft Edge

It has been a while since Microsoft adopted the Chromium engine for the new version of Edge, and reception to the browser, according to field data, was positive overall.

Initially, Microsoft has given Windows 10 users the option to use the new Chromium-based Edge or stick with the old version. But that has changed. Few weeks ago, the company pushed out the browser via Windows Update to Windows 10 versions 1803, 1809, 1903, 1909, and 2004, so Windows users are not allowed anymore to keep using the old Edge.

Why Did Microsoft Choose Chromium Over EdgeHTML?

NOTE: EdgeHTML is based on the Microsoft Trident rendering engine, which is used by Internet Explorer browser.

In December 2018, Microsoft announced it would replace the EdgeHTML engine with the Chromium rendering engine. Microsoft’s Corporate Vice President of Windows at the time, Joe Belfiore explained this decision was made to create better web compatibility for their customers.

New Edge Vs. Chrome: What’s the Difference?

Although Chrome and Edge look similar, certain aspects are different. Firstly, Edge will keep its users away from Google services and usually replaces them with Microsoft ones. For example, Edge will sync your browser data with your Microsoft account rather than a Google one.

Secondly, the new Edge offers some features that Chrome doesn’t. For instance, Edge has a native tracking prevention feature and a potentially unwanted program (PUP) blocker.

As the old Edge interface, the new version of Edge still includes the Favorites button to the right of the address bar, but also a shortcut to the Collections folder for capturing and storing snippets of certain web pages.

Tracking Prevention Option

Chromium rendering engine gets updated every 6-8 months with the latest security patches. Google rapidly implements them in the Chrome browser, and Microsoft did the same since relaunching Edge.

However, Microsoft has gone ahead and added a tracking prevention option in the Settings menu. Users can go to Settings > Privacy and Services and switch on the option and set it to a Balanced approach. Balanced is the default option and blocks potentially harmful URLs. Be aware in case you choose Strict because this will likely result in issues when loading certain websites.

You can install a Chrome extension to achieve similar results, but with Edge, you have this security feature by default.

Permissions work comparably on both browsers. Users can get specific about what permissions each individual website has on their device(s).

Edge Performance

There are already a few sites that are testing both browsers. For instance, according to Speed-battle.com, which measures JavaScript performance, Microsoft Edge came out on top with an overall score of 1,478 to Chrome’s 1,420.

Also, running an identical setup on both browsers with a single window and four tabs open (to Google Docs, Microsoft, Facebook, and Twitter), we saw literally more than double the RAM and CPU usage from Chrome. Google Chrome sat consistently around 3.91GB of RAM and 5.9% of CPU, while Microsoft Edge sat at around 1.81GB of RAM and 3.1% of CPU. The gap is bigger when using less powerful computers.

Does Edge Support Other OSs?

Microsoft’s new Chromium-based Edge browser is available for Windows 7, Windows 8, Windows 8.1, Windows 10, macOS, iPhone, iPad, and Android.

Microsoft will release a version of Edge for Linux probably by the end of the year. Chrome already supports all these operating systems, making the update simpler for Microsoft.

The Browser War Continues

Google wants you to use Chrome and its extensions, while Microsoft will always suggest the new Edge.

For example, you can install extensions from the Chrome Web Store in the new Edge. But, when you do so, Microsoft will warn you that extensions from the Chrome Web Store are unverified and may affect browser performance. After you agree to that, Google will recommend you switching to Chrome to use their extensions securely.

Even though Edge is now based on the same code as Google Chrome, many Google-developed and partner websites still throw warning messages recommending you switch to Chrome. For example, when you visit Google News in Microsoft Edge, you will be prompted a message saying Google recommends Chrome, encouraging you to try a fast and secure browser with updates built in.

Conclusion

Bottom line, old Edge is completely replaced by the new Edge in a non-reversible process. Any existing data is migrated across, but even if you’re not using Edge, you’ll find that desktop and taskbar shortcuts are created on your computer.

Also, Windows 10 users who stick with the included browser will now have a faster, more capable browser with an open-source rendering engine that is updated frequently and better supported by websites, providing them a better browsing experience.

Microsoft’s work on the Edge browser will improve Chromium, which ultimately is a win for all Edge and Chrome users.

MSP – Are you getting more than a helpdesk?

When a business is looking for assistance in managing their IT infrastructure, many times they realize it’s more cost effective to partner with a managed IT service provider. There are key aspects for a business to look for when selecting an IT provider, which goes well beyond simply a helpdesk to call when something breaks.

Basic Requirements

There are basic services that every business should receive from an IT provider:

  • Access to a remote helpdesk: Ability to call, email, or log a ticket via a web portal to receive assistance with basic issues for your workstation, along with access to key applications
  • 24×7 Network Monitoring: Ensuring your network is up and running, along with support for as-needed firmware updates, device security and VPN administration, and firewall rules provisioning.
  • 24×7 Server Monitoring: Includes systems administration, security and critical patch management for operating systems, and proper anti-virus.

Why businesses need to go beyond the basics

Too often businesses feel that the above services meet their IT needs, but a true IT partner should go well beyond the basic services.  Why do businesses need more than just the basics? Because of the following:

  • 99% of malware is deployed using email and the web1
  • 81% of breaches leverage stolen and/or weak passwords1
  • 74% of security professionals rank Data Back-up & Recovery is the most effective solution to respond to a successful attack2
  • 66% of malware is via email attachments1

Security and Back-up Solutions for your Business

Don’t think your business isn’t vulnerable, and you won’t be targeted by hackers. Businesses that think that way are the targets. Why? Because they are an easy target.

An experienced IT provider will proactively advise and provide solutions to help mitigate risk factors due to these potential threats. When you research an IT provider, ask about their cyber security services. For example:

  • Advanced Phishing & Spam Protection: A suite of services inspecting inbound, outbound and internal emails to help detect and fight phishing and ransomware via malicious URLs, attachments, and impersonation attempts.
  • Web Protection (DNS filtering): Add a layer of protection between an employee & the internet by blacklisting dangerous sites & filtering out unwanted content.
  • Office 365/GSuite Multi-Factor Authentication: Establishing multi-factor authentication (MFA) by sending a second randomly generated pass code to your phone for your O365 and/or GSuite account will further protect your company from malicious attackers.
  • Security Awareness Training: More than ever, employees are the weak link in an organization’s network security. They are frequently exposed to sophisticated phishing and ransomware attacks. Employees need to be trained and remain on their toes with security top of mind.
  • Network Security: Go beyond just monitoring, perform proactive network scans for vulnerabilities, ensure proper firewalls are installed and configured, or even establish a Managed Detection and Response solution.
  • Office 365/GSuite Back-up & Recovery: Having your O365 and/or GSuite backed-up provides a multi-layered approach to security against ransomware, compliance needs such as HIPAA, & advanced recovery features.  From human error to phishing emails or malware can cause data loss. SaaS/Cloud providers protect your data from hardware failure, software failure, natural disaster, and power outages, but who is protecting your data from human error and malicious acts from internal or external sources.
  • Cloud Backups: A secure, easy-to-use cloud backup service to protect your important data on your server. A perfect cost-effective solution for those focused on protecting key information, but flexible on business continuity.
  • Business Continuity and Disaster Recovery: Go beyond just a cloud backup, and make sure your business has little to no downtime. A disaster recovery solution provides an appliance onsite for quick and easy recovery, along with a cloud backup in case of a disaster. A key solution for those focused on continuous uptime, regardless if a server goes down or a natural disaster occurs.

Advisory Services

Too often IT providers market that they provide Virtual CIO (vCIO) services, but those services are being provided by an engineer who is also responsible for resolving tickets or installing hardware. When you ask about advisory services, ask if this service is delivered by dedicated individuals, or is it part of the responsibility of the engineering team.

A dedicated technology advisory team focuses on providing proactive, unbiased, and thorough support and advise. Part of that advise is understanding your IT infrastructure, your business processes, and assists in coordinating your IT roadmap that compliments and supports your business goals.

 

Is your IT provider protected?

Most times small and medium size businesses focus on the IT needs of their respective business. They are forgetting a key question to ask the IT provider. What security does the IT provider have implemented? Also, how is the IT provider protecting your data? Do they use a password vault? Before an IT provider sells you a security solution, are they using it themselves? We just learned why businesses should go beyond the basics of IT support, so shouldn’t the IT provider be doing the same thing?

In Summary

You might not need or can afford some of these solutions today, but don’t you want to partner with an IT provider that can provide IT support not only for today, but for tomorrow (future). As your needs expand, and your business allows you to invest more in your IT infrastructure, you should choose an IT Partner, not just a vendor.

 

1 Verizon Data Breach Investigations Report 10th Edition
2 Cybersecurity Insiders & Bitdefender 2017 Ransomware Report

Microsoft Teams: Overview

Microsoft Teams combines meetings, calls, chat, and collaboration in one place, in addition it integrates with other popular apps (Jira, Trello, Evernote, GitHub etc.) and the rest of the Office 365 suite.

What is Microsoft Teams?

Teams is a collaboration tool designed to enable people to communicate with each other, share documents, add discussions, and carry out various tasks.

As of April 30th, Microsoft Teams has reached 75 million daily active users.

Launch Teams.

Teams can be used on a computer from any browser, on mobile devices (Android and iOS) and via desktop applications for PC and Mac. If your organization already uses Office 365, you should see Teams as one of the standard applications in the Office workspace.

Once you enter the Microsoft account you wish to use, you will be instructed to choose between: for school, for friends and family or for work to customize the application. After that, you will type the password, confirm your name, and the organization name.

Create Your First Team.

Create Team

To create a team, you just need to click on the Teams section of the sidebar, and at the bottom left of the app, click Join or create a team. If public teams already exist, you will see those listed, or you can enter a code to join a private team.

 

Create Join Team

 

There are many ways to add people to Teams. You can add their email address directly into Teams, or you can send them a clickable link via email, allowing them to enroll simply by clicking that link. You can also import names and email addresses from other applications such as People or Outlook.

Once a team has members, then it will appear on the Teams list. Any team will have only one discussion named General. The subsections to a Team are called Channels.

Add A Channel.

A Channel, exactly like a Team will have a name, a description and you can make it Standard or Private. The latter will allow you to make the channel accessible to a specific group of people.

Once a channel is created, you can load files, start discussions, and interact with other team members. Any member with access to that channel can be alerted if new content is posted and can also notify other people in posts by placing an @ in front of their names.

 

Create Channel

Teams Conversations

Microsoft Teams enables you to host internal and external conference calls with their desktop, mobile, and browser applications. Teams can be an efficient, cloud-based replacement for your phone system, providing a better experience than Skype for Business.

Chatting in a Channel isn’t like a chat between two parties, it is more like a loud discussion had in an open space office where you can reply even if you aren’t mentioned.

If you join a channel and after some time, for whatever reason, you decide it’s not relevant to you anymore, you can delete that channel. However, all the records of meetings, discussions, and almost anything related to that channel will be deleted. The only exception is that all attached files will be retained on SharePoint, so even after the channel is removed.

Of course, if you delete a channel created for a meeting that didn’t happen or for a project that never started, then there’s nothing to lose. But be careful when removing channels that you might need at some point.

With Microsoft Teams you can plan meetings, share your screen, chat, and see real-time presence throughout your organization. When scheduling meetings, you can automatically access coworkers’ schedules to check their availability. Users no longer have to share calendars or send/receive emails for checking that. Users can also invite people to join an in-progress meeting just by clicking a button.

 
New Teams Meeting

Targeted Use Cases

Microsoft Teams enables you to create focused use cases. These can include anything from building a department specific team to projects, activities, client engagement, and corporate communications. It can be customized to suit the overall business needs. For example, you can create a dedicated communication channel that’s reserved for a specific location or integrate Teams into your intranet for more flexibility.

Security

Security is yet another area in which Microsoft Teams stands apart from its competitors ensuring users peace of mind. You are provided with state-of-the-art security and compliance capabilities when using any of the O365 apps.

Teams and all the other Office 365 applications meet compliance standards such as ISO 27001, SOC 2, HIPPA, and the EU Model Clauses.

Conclusion

Microsoft Teams’ potential to transform organizational communications, information sharing, project tracking, and overall collaboration is undeniable. It can be integrated with many software applications, enabling users to seamlessly share business information for improved organizational transparency.

Nashua

Key ways to reduce exposure to ransomware for SMBs

Ransomware is probably the largest security threat facing small and medium businesses. According to the 2019 Verizon Data breach Investigations Report, 28% of all data incidents were caused by malware infections, and ransomware attacks represented 24% of all malware breaches.

Don’t Trust, Verify!

Always be skeptical when spending time online, either when surfing the Internet or when reading email.

Never open attachments in unsolicited emails, even if they come from someone in your contact list. You should go even further and treat attachments from known sources with suspicion until they have been scanned for malware.

Hackers are getting better and better at impersonating members of your staff or other legitimate sources. Think of all links and attachments in any email as being dangerous until proven otherwise.

Always apply the “Zero Trust” approach and don’t access/allow access to anything to your organization’s systems unless you are authorized by your information security team.

Beware of Freeware!

Free software and apps may save you some money, but these have become a conventional hunting ground for cyber thieves from all over the world, particularly for ransomware extortionists. Ransomware has been sent via free software such as downloadable games, file-sharing programs, and customized toolbars.

Train Your Employees!

Creating a cybersecurity culture within your SMB is the only way to a secure future, and it is mostly about training and awareness.

Information security specialists need to ensure that every employee is aware of the potential threats they face, whether it’s a phishing email, clicking suspicious links, sharing passwords, using outdated software, or an insecure network.

Employees sometimes falsely believe that the IT department can fix everything, or that antivirus software is infallible. Unfortunately, cyberattacks can quickly escalate, rapidly changing their characteristics. For instance, they might start with a phishing email, and continue with a phone call, or with a visit at the victim’s office.

You can’t prevent a cyberattack from coming your way, but advanced information security training for employees can minimize human error and improve the quality of your response.

Regularly Update Everything!

Make sure all the software on your system is up to date, including the operating system (OS), the antivirus software, the firewall, the browsers, and all the plug-ins that it uses. One of the most common infection vectors is a malicious exploit that leverages a software vulnerability. Enable automated patches for the Web browsers, which can help avoid suspicious websites that are often used as bait to get victims to click links and unknowingly download ransomware.

Backup All Your Data!

Although backing up won’t prevent a ransomware infection, it can mitigate the impact in case of a successful attack on your system. If your files are backed up properly and maintained remotely, either in a cloud or disk-based system, ransomware scams will be less destructive. Instead of paying a ransom hoping to get a decryption key, you will be able to simply restore your system to an earlier date before the attack.

Test Your Incident Response Plan!

It is security best practice to have an incident response plan in place with formally documented protocols that all employees should be aware of and follow on an ongoing basis. The response plan should outline specific actions to take when ransomware is discovered to mitigate its effects.

Enable Popup Blockers!

Popup ads are commonly used by digital marketers, but hackers use them too as vectors to deliver many types of malware, including ransomware. So, just to be safe and to avoid clicking dangerous popups, it is best practice to prevent them from appearing at all.

Disable Macros & Scan All Downloaded Files!

The majority of staff will never need to use a macro. Macros and any other similar settings need to be disabled for those who don’t need them.

Also, disable auto-run features for external media and always scan all software downloaded from the internet prior to executing.

Finally, you should always consider limiting user privileges wherever possible. For more information, please visit our IT security services page.