Enhancing Your Security in Microsoft Office 365 with Multi-Factor Authentication

Microsoft Office 365 is a popular cloud-based version of Microsoft Office. In addition to the standard features, this new version of Office now offers online conferencing, file sharing, business-level email, shared calendars, and website creation. Unfortunately, since Office 365 is cloud-based, there are new security concerns that should be considered when using it.

cloud servicesPlacing data in the cloud introduces risks such as data breaches, data loss, account hijacking, and more. Microsoft acknowledges these issues, and has started to put measures in place to help you protect your data. Multi-factor authentication (MFA) is one such measure. Multi-factor authentication is sometimes referred to as Two-step authentication as well.

Multi-factor Authentication

Under normal circumstances, authentication relies on a username and password. If a hacker were to steal that password, they could easily access your account. Multi-factor authentication, on the other hand, requires two pieces of information: something you know and something you have. An example of MFA in everyday life would be ATM access. In order to access your bank account through an ATM, you need something you know (your PIN) and something you have (your card). Similarly, accessing an MFA-enabled account on Office 365 requires interaction with a mobile app, phone call, or text message, in addition to entering a password.

How to Set Up Multi-Factor Authentication

To set up MFA in Office 365, follow these steps:
Sign in to the Office 365 portal, and go to the "Office 365 admin center."
Select "Users and groups." On the right, you will see a list of options. Click on "Set up" next to the "Set multi-factor authentication requirements" line.
Find the user that you want to set up with MFA, and check the box next to their name. You will then see two options on the right: "Enable" and "Manage user settings." Click on "Enable."

If you enabled MFA for another user, be sure to contact them and explain how it will affect the way they use apps like Outlook and Lync.

Call Ease Technologies today at (301)854-0010 and learn how Managed IT Services can help secure your business and reduce your IT costs in Baltimore, Washington or Fairfax.

CryptoWall: The Latest in Ransomware and Cyber Crime

Over the last year, authorities have been fighting a series of ransomware viruses — first CryptoLocker, then CryptoDefense, and now Cryptowall. CryptoLocker infected over 500,000 computers and although only 1.3% of the victims paid the ransom, the criminals are believed to have made over $3 million dollars.

In June 2014, the US Justice Department began a multinational campaign to eradicate CryptoLocker. Department officials then announced that they had managed to neutralize it. Unfortunately, their efforts may have been a case of too little, too late as two new versions appeared: CryptoDefense and the malware's newest iteration, CryptoWall.

CryptoWall appears to have been derived from CryptoDefense, a shortlived and unsuccessful version. Unlike CryptoDefense, CryptoWall infected around 625,000 systems in six months according to an August 2014 report from Dell researchers. The report revealed CryptoWall encrypted 5.25 billion files and netted criminals over $1.1 million from March to August. CryptoWall's reach is expected to grow. The analysts described it as the largest, most devastating ransomware threat on the Internet.

CryptoWall's Plan of Attack

The ransomware typically enters a system by masquerading as a legitimate program update. Usually these programs are well-known, such as Java, Flash Player, or Adobe Reader. CryptoWall can also infiltrate a system through an infected email attachment.

Cyber security professionals have also warned about the criminals using exploit kits. This term refers to web pages with pre-packaged methods for sending malware. This means that in some cases, an ill-advised download is not necessary in order to spread CryptoWall. Victims can instead become infected just by visiting a website with a hidden exploit kit.

Once the system is infected, CryptoWall will begin encrypting its files. These protocols use twin encryption keys. The public key locks the files and the private one unlocks it. While this method may sound simple, it has been touted as nearly uncrackable.

Digital criminals have also developed offshoots of the basic CryptoWall virus. These new versions can infect mobile devices as well as personal computers.

After CryptoWall encrypts the system's data, the ransomware will display a warning. This tells victims that their files have been "irrevocably changed," and that they will not be able to work with them or even see them.

The ransom note demands that people pay several hundred dollars in order to free their files. Victims are directed to the Tor network, where payment can be received anonymously. They also face a ticking clock, since the criminals generally threaten to double the ransom if they do not pay within a few days.

Authorities' Ongoing War Against Ransomware

As part of law enforcement's crackdown on ransomware, the FBI in June 2014 put Evgeniy Mikhailovich Bogachev on its list of most wanted criminals. The authorities have accused him of committing bank fraud, wire fraud, computer fraud, money laundering, and aggravated identity theft. Bogachev is believed to be the man behind CryptoWall's predecessor, CryptoLocker.

While the US government was shutting down his criminal network, a group of private cyber security professionals was hard at work on recovering the stolen data. In August, they announced that they had uncovered the encryption keys used to hijack people's data. They also created a website where victims can receive the key needed to unlock their files.

While these efforts crippled CryptoLocker, they left CryptoWall unaffected. As of this publication, the ransomware is still at large and IT experts have yet to find a remedy for it. Thankfully, there are a number of ways that users can protect themselves.

Defense and Prevention

First and foremost, users should have current anti-virus software on their computers. In general, all software programs should be kept up-to-date with the latest security enhancements.

Suspicious websites should be avoided at all costs. Users should never open emails that appear suspect or were sent by entities that they don't trust. Similarly, users should never download attachments that they're not expecting. These statements may seem intuitive, but the spread of ransomware is driven almost entirely by the behavior of careless and unsuspecting victims.

Additionally, files should be regularly backed up. Ideally, one backup copy should be stored through a cloud-based service that backs up daily and provides for access from anywhere. The second backup should be on an external hard drive. Users should update this copy on a weekly or monthly basis.

Once a computer has been infected, users should also be concerned about their networked devices. CryptoWall victims have found that the malware can infect connected drives through the network. Users should carefully examine these devices to see if they have been compromised as well.

Threats like CryptoWall pose serious challenges to businesses across the globe. Being aware of these issues is the first step in combating them. For assistance with the prevention of CryptoWall, or possible recovery, contact us today at 301-854-0010 or here.

Steps before upgrading your device to iOS 8

Apple has just release the latest operating system (OS) upgrade for iPhones and iPads.  Like all software updates, iOS 8 offers many new compelling features and improved security for your mobile devices.  I encourage taking a little time before rushing into a new major operating system update.  Often there are a few incompatibles and technical issues that are only uncovered after the final release to the public.  When it is time to upgrade your iOS device, there are a few steps to take before you get started.

cloud servicesCan you upgrade your device?
Apple has identified the following devices as upgradable to iOS 8:
• iPhones 4s, 5 and 5s
• iPad 2, 3, 4, Air, Mini 
• iPod 5 Gen

Do you have enough room?
It is a good time to look over your device to see if you have enough space and clean up some space.
Check under Settings>General>Usage to uncover how much storage space is being used up.  Anything less than about 1 GB it is time to remove some older items.  A full list of apps and storage demands by those apps are listed as well.  If you are no longer playing Candy Crush you can delete it here.

Clean up media
You may be low or storage space or just in need to clear out some old photos and videos. After a year of birthday parties and vacations there will be plenty of videos and photos that you no longer may need.  Save the good ones, but no need to keep everything.  You can use Dropbox as a way to regularly store those photos and then permanently delete that media off your iPhone.

Update Your Apps
I always update my current applications before upgrading the OS. Most all App developers update their applications with a major OS update and you will likely need that update in combination with the OS upgrade.  It can take some time to update 15-30 or more apps on your device.  Get it done ahead of time.

Backup everything in iTunes
A nonnegotiable is backing up your device before you start the upgrade to iOS 8.  Any number of things can go wrong and having a fall back option is critical. I like to do the backup in iTunes with the Encrypted iPhone backup option.  That way all the passwords I have installed on that device are backed up in the process.  This is also the process I would take before transferring my iPhone 5 to a new iPhone 6 for example, too.

Finally, make sure your device is fully charged and you can start your upgrade. 

Call Ease Technologies today at (301)854-0010 and learn how Managed IT Services can help secure your business and reduce your IT costs in Baltimore, Washington or Fairfax.

The Importance of Data Encryption in the Cloud

Cloud computing is significant part of normal business operations, and it is here to stay.  But, when it comes to cloud security, don't assume that cloud services meet all your needs. 

cloud servicesThe scalability and flexibility offered by the cloud can be overshadowed by potentially security implications. This risk can be absolutely worth it, as long as you understand how to keep your data encrypted, even in the cloud.

What to look for in a vendor

Most cloud vendors offer encryption of the virtual image, physical hard disk encryption, and encryption of backups, but most lack offerings around encryption of unstructured of structured data. And, most companies have encryption requirements for sensitive information already in place. Moving data to the cloud will involve integrating current encryption solutions onto a virtualized cloud image.

Whether you're looking at public or private cloud offerings, SSL/TLS should be a standard offering. A dedicated private cloud will add an additional layer of security since traffic is not routed over the public web.

In a perfect world, IT managers would like to have the same controls and reporting that they have in-house when migrating data to the cloud. However, they often run into challenges when integrating the in-house security tools that can be deployed to the cloud with the security offerings of a cloud vendor - all at a price that fits the company's budget.

Don't settle for consumer-oriented encryption systems, which may not have the stringent requirements businesses need. Effective encryption standards include strong and vetted algorithms, a multilayer key management system, and reasonably long keys. Look for a forward-thinking vendor that stays one step ahead of current security trends.

Datacenters hosting hosting cloud services need to be secure and follow industry standards as it relates to manage data policy.  Make sure hosting services compliant and the platform meets your HIPPA and other compliance needs like SSAE 16 SOC(II).

Key challenges

The number of layers in a cloud environment makes it challenging to compile a list of everyone who has administrative access, and who could potentially have access to the data and encryption keys. A variety of audit and compliance activities would require such access. IT managers must use caution in architecting solutions that put sensitive data in the cloud due to the potential for everything to be in a connected system.

Another concern that is enhanced in the cloud environment is managing encryption keys. If the provider allows for encrypting the file system of each virtualized image, the key management procedures should be clearly defined in the service-level agreement (SLA). Ask potential providers how they manage the key for each system, how they keep it separate from all their other clients, and how often they revoke or rotate keys.

Yet another challenge is monitoring access to data within a cloud provider. When working in-house, you can simply hook in monitor solutions to keep tabs on your data. However, when moving to the cloud, you must investigate the compatibility of solutions. For example, you can secure assurances that your vendor's employees can only access customer data in a number of well-defined and limited cases, and only with the customer's consent.

Many firms are recognizing the value of cloud services.  To learn more about how cloud services can cut costs and improve your firm’s security check out the benefits of our Ease Cloud Workspace™ or call us today at (301) 854-0010.

The Pros and Cons of Using VoIP for Your Business

Much has changed and the days of needing a landline to stay connected with your customers are coming to an end. VoIP (Voice over Internet Protocol) lets you make calls over the Internet. Benefits include mobility, scalability, and cost savings. However, there are certain drawbacks to consider before switching over.

IT SupportWhat is VoIP?

VoIP converts the traditional analog audio signals into digital data that can be transmitted over the Internet. With VoIP, you can use the Internet to make phone calls rather than relying on the phone company and on-location PBX systems. VoIP calls can be made through the use of analog telephone adaptors (ATAs), computer-to-computer connections, or IP phones.

The most popular VoIP solution for businesses is IP phones. IP phones look identical to normal phones. However, they have an Ethernet connector allowing them to be connected directly to your network.  When a business makes a transition to VoIP, it is more practical to make the switch over to IP phones. 

Your computer can be turned into a VoIP phone through software and an Internet (SIP phone).  This includes even turning your smartphone into a SIP phone as well providing you two different phone numbers and ways to be contacted. 

VoIP Benefits

Compared to standard telephone service, VoIP saves you money. Operating costs for VoIP service providers are much lower than those for traditional phone companies. These savings are passed on to you. VoIP also provides a suite of free features including caller ID, voice emails, call waiting, call transfer, and three-way calling, for which most phone companies charge extra. Furthermore, long distance VoIP calls are cheap or free, depending on how the call is placed.

For most all small and medium businesses using VoIP the traditional PBX is removed. A virtual PBX is established with a provider in the cloud.  There is typically no extra fee and most providers charge by the phone and no extra for the cloud-based PBX. 

VoIP also helps you scale. As your company grows, you won't have to install new phone lines. You can use your existing broadband and simply buy more handsets.

In addition to scalability, VoIP offers flexibility. IP phones and computer-to-computer connections let you make calls almost anywhere you go. As long as there's an Internet connection, you can hold a conversation. Apart from making phone calls, you can also use VoIP for video conferencing. This allows you to stay in touch with employees and clients, no matter where they're located.

Mobility is an important advantage of a VoIP system.  Each VoIP phone establishes it's own connection back to the virtual PBX, that phone can be anywhere.  During sever weather related events or other circumstances employees need to be home, they can just bring their VoIP phone home with them and their office line goes with them. 

Many people shy away from VoIP due to rumors of inferior sound quality. However, the opposite is true. VoIP typically provides better sound quality than traditional phones, but it does depend on the quality of your Internet connection.

VoIP Drawbacks

The most obvious drawback to VoIP is the Internet. Traditional phones just work, while Internet service occasionally has hiccups or reliability. These issues can cause latency, jitter, and packet loss during VoIP conversations. Some call quality issue can be a result.  Checking on the quality of service from the provider and making sure you have the correct Internet bandwidth helps ahead of time.

Although VoIP provides outright cost savings, you may need to hire personnel to manage it. Simple VoIP systems require little technical know-how, but larger VoIP systems need to be installed, configured, and maintained by experts. Your technical services provider should be able to help you evaluate, setup and support your new VoIP system.

Lastly, VoIP's increasing popularity has unfortunately attracted hackers. Hackers may intercept VoIP calls or even bring down the phone system. The best defense against these attacks is to follow best practices, apply regular security updates, and monitor for exploits.

Sign up here for monthly newsletter

Upcoming Events

Calendar Icon

Upcoming Events

Wounded Warrior iPad Training
10/16/2014 12:00 PM - 1:00 PM

Blog Archive

Archive by Years