Category: Blog

 

Microsoft Teams and the Future of Video Calling

 

Microsoft Teams is a free cross-platform collaboration software that focuses on users, enabling great collaboration with teammates and customers across any device and empowering customers to work faster. Teams aims to propel traditional productivity experiences to the future, giving all kinds of teams a purpose and a reason to stand alone from other software. Team members set their own notifications based on their roles and priorities, so they never get too few or too many messages in their inbox. This flexibility to prioritize notifications with peers and outside users will be appreciated by anyone on your team, and it encourages trust, collaboration, and increased productivity. The Microsoft Teams alert feature alerts team members when necessary, and you can assign a timer to notifications, helping you better manage the number of people and alerts by priority.

 

 

Why Microsoft Teams Integrations

 

Teams has thought long and hard about their integration with Microsoft Office 365. This implementation is available at no extra cost. Teams also integrates with other popular tools from Microsoft, such as Skype, Slack, Excel, PowerPoint, Word, and OneNote. This flexibility helps make collaboration and communication easy and available to everyone on your team that uses other Microsoft products. Team members set their own notifications based on their roles and priorities, and this is a crucial feature to assist in prioritizing notifications with peers. Just like the dial-in phone number in Teams, the notifications now include the message, your team number, and additional information. The call response options are now easier to navigate and make it easier to initiate a group conversation than before. You can call an entire group at the same time to save time when calling similar groups of people. Team members will receive a notification when they get a new call in a conversation screen, so they can respond quickly.

 

Why Is Microsoft Teams Growing So Fast?

 

At first, when a topic dominates the news, it is easier to assume that the reality won’t measure up to the hype. But the reason why Microsoft Teams is growing so quickly is because it adds a lot of substance to the hype. All types of teams need this service, so they love that new features are being added at an alarming rate. We’re continuing to see customers and business teams increasing their usage of Microsoft Teams. The stream of good news continues to grow at this time, surrounding the features that make their video collaboration and presentation features rival and exceed competitive online software. Organizations are not just embracing Microsoft Teams; they are making their own success stories. General Mills uses Microsoft Teams to help its broad base of users, along with its IT support team, brand partners, and suppliers on teams worldwide.

 

More than 500 companies use Microsoft Teams at this time, and big data continues to remain at the heart of every digital transformation project, so Teams has made improvements in facilitating this area as well. Today’s customers expect businesses to leverage the insights provided by big data and to inform decisions for the future – driving better business outcomes. These are never binary decisions: Users want to be part of the conversation. To achieve big data success in partnership with great service that empowers them, IBM collaborates with Microsoft Teams to provide real-time communications, conversational commerce, and customer insights to help understand “what they see, hear and do.” IBM announced a new privacy-focused version of IBM Smart Answer — information about people, tasks, and interests — for Microsoft Teams, giving customers worldwide a secure, central view of their data to learn about their customers, behaviors, and how they choose to interact with their businesses.

Does Your Workforce Create Strong Passwords & Have a Plan B Cybersecurity Defense?

 

As the old saying goes, “a chain is only as strong as its weakest link.” Unfortunately, the new saying is that a business network is only as secure as its employees’ passwords.

 

Despite widespread knowledge that hackers exploit weak passwords to breach entire systems, trusted workers still use ones that are easy to guess at and repeat them across platforms. If that seems counterintuitive, business leaders may want to consider these statistics.

 

• The two most commonly used passwords remain “iloveyou” and “sunshine.”
• Approximately 23 million people use the password “123456.”
• More than half of workforces use the same password for personal and business purposes.
• Upwards of 57 percent of phishing email scam victims do not change their password.
• One-third of people stop doing business with organizations responsible for compromising their credentials.

 

What seems stunningly illogical about rampant password protection failures stems from this statistic: Approximately 90 percent of internet users say they are worried about getting hacked due to a compromised password. Industry leaders may be left scratching their heads. But as a decision-maker responsible for ensuring the integrity of digital assets, something needs to be done. You can set company policy that educates team members about how to create and remember strong network passwords. If that doesn’t work, there’s always Plan B.

 

 

How To Educate Employees About Strong Passwords

 

Getting workers to create powerfully secure passwords may not be that difficult. Insisting on a series of unrelated letters, numbers, and characters will fend off most hackers. On the other hand, team members will likely lose productivity, resetting a difficult-to-remember login profile. Fortunately, a happy medium can be achieved without too much difficulty.

 

Passwords do not necessarily need to be obscure. They just need to be difficult for hackers to unveil. A password employing 8-10 characters can be hard to crack if done cleverly. For example, the too common “iloveyou” can be tweaked to “iLuv2Make$,” which could be a tough one. That’s largely because it uses untraditional “Luv” in place of the spelled-out word, employs uppercase letters, a symbol, and a number. All an employee has to do is remember the phrase “I Love To Make Money” as a trigger.

 

Repeated passwords also need to be addressed. Consider training those under your leadership to make variations on one primary password. In this case, it could include “uLuv2Make$2” or “iH82owe$.”

 

It’s also important to share the reason that complex passwords are necessary. Hackers have a toolkit at their disposal that typically includes brute-force and dictionary techniques. When brute-force attacks try to run every conceivable combination of letters and characters possible. This tends to be time-consuming, and digital thieves are likely to give up when faced with strong passwords. Dictionary attacks run common words at the profile. If your worker’s password is “sunshine,” consider your network breached.

 

How Can Business Leaders Implement a Plan B?

 

Practical business leaders learn that human error ranks among the top reason things go sideways. Cybercriminals send out thousands of scam emails, knowing someone will open one, download a malicious file, or respond with critical information. Someone will make a mistake. Given that your financial future can be one mistake away from ruin, organizations are using multi-factor authentication as a fallback defense.

 

Multi-factor authentication requires employees to receive and enter a secondary code before gaining access to the network. This may be sent to another device that hackers cannot access. In some instances, an email alert is sent that must be approved. Even if someone foolishly uses “password123,” a cybercriminal would still need to know the authentication code or approve login access to upend your network.

 

If you are concerned about password security, consider working with a managed IT professional to educate employees about password protection, and install multi-factor authentication just in case.

 

What Is PCI Compliance?

 

You’re probably reading this because you looked up information on PCI compliance. This article explores how you can meet PCI requirements and secure your clients’ sensitive cardholder data.

 

Today’s business world is highly regulated, and while this has its upsides, there is a great deal of pressure on businesses to stay compliant with all the relevant standards. If your business processes, stores, or transmits credit card information, you need to ensure you meet all the PCI requirements.

 

PCI non-compliance poses a frightening host of risks such as:

 

• Compromised data that can harm your clients and business
• A severely damaged brand image
• Account data breaches that could result in lower sales, and destroyed relationships
• Lawsuits, government fines, insurance claims, payment card issuer fines

 

If you aren’t PCI compliant, don’t panic just yet. Our team has assembled this article to share what you need to start your journey towards PCI compliance. Let’s first define some important terms.

 

 

What Is PCI Compliance?

 

The Payment Card Industry Data Security Standards (PCI DSS) is a set of requirements designed to create a secure data environment for any business that processes, stores, or transmits credit card information. It’s a legal requirement and assigns two compliance levels for service providers (third-party vendors) and four for merchants (brands). Behind its launch in 2006 was the need to manage PCI security standards and bolster account security throughout the transaction process.

 

What Is PCI DSS?

 

The PCI Security Standards Council (PCI DSS) is an independent body that administers and manages the PCI DSS. It was created by Visa, MasterCard, American Express, JCB, and Discover. However, the responsibility of enforcing compliance falls on the payment brands and acquirers.

 

How Can You Achieve PCI Compliance?

 

PCI compliance involves consistently adhering to the PCI Security Standards Council’s guidelines (PCI DSS). PCI DSS has the following six major objectives:

 

1. Maintain a vulnerability management program
2. Build and maintain a secure network and systems
3. Regularly monitor and test networks
4. Protect cardholder data
5. Maintain an information security policy
6. Implement strong access control measures

 

Apart from 78 base requirements and over 400 test procedures, PCI compliance also has 12 key requirements.

 

What Are the 12 Key PCI DSS Compliance Requirements?

 

1. Use and Maintain Firewalls: Firewalls are highly effective in preventing unauthorized access to private information.
2. Proper Password Protections: We recommend keeping a secure device/password inventory and implementing basic precautions like regularly changing passwords.
3. Protect Cardholder Data: By encrypting data and performing regular scans to ensure no unencrypted data exists.
4. Encrypt Transmitted Data: Even data sent to known locations need to be encrypted.
5. Use and Maintain Anti-Virus: This is required for all devices that interact with primary account numbers (PAN).
6. Properly Updated Software: This includes firewalls, antiviruses, and any other piece of software.
7. Restrict Data Access: Cardholder information should be exclusively “need to know.”
8. Unique IDs for Access: These enhance security and reduce response time in case data is compromised.
9. Restrict Physical Access: Cardholder data needs to be kept in a secure physical location and access locked.
10. Create and Maintain Access Logs: You must document any activity involving cardholder information and PAN.
11. Scan and Test for Vulnerabilities: This will help you identify potential weaknesses at any stage of your compliance efforts.
12. Document Policies: Everything needs to be recorded, from equipment to software to authorized employees to access logs, and so on.

 

Need Reliable IT Support with PCI Compliance?

 

Our experienced team is eager to help your organization achieve PCI compliance and safeguard your sensitive cardholder data.

 

Contact us now to schedule your first PCI compliance consultation.

New and heightened digital threats develop every day, and having standard security software may not be enough to protect your personal data and business from exploitation from malware attacks. Businesses across industries are vulnerable to new attacks, as many security software lags behind. Hackers find ways to work around the most common security platforms to find new ways into systems to gain access to all sorts of information, and the only way to ensure that you are as protected as possible is to work with an IT expert who knows how to take the preventative measures to keep up with the latest malware developments.

 

One of the latest bugs causing a lot of damage to businesses is a vulnerability to the Microsoft-based cloud office platform, Microsoft 365. This platform allows businesses to push their productivity almost entirely online, giving employees access to their data from literally anywhere in the world while still collaborating in real-time. The use of cloud platforms allowed businesses to stay productive during the 2020 shutdown. The use has grown exponentially in popularity as everything from law firms, doctors’ offices, and schools have shifted as much business as possible over to the virtual platforms.

Hackers recently exploited a bug present in the multi-factor authentication system for access into the Microsoft 365 platform, which meant that there was a somewhat easily accessible back door into the otherwise secure cloud system. There is a lot of damage done when a hacker can get access to your business or personal data. Information can be stolen or deleted, which could lead to costly repairs as you spend time re-collecting data or ensuring that your employees and clients are protected from additional attacks on their finances and identity based on the type of information accessed by the hackers.

System flaws happen, and typically patches are issued to fix bugs that may allow hackers into programs — especially in the case of well-funded, popular programs like those owned by Microsoft. However, that doesn’t mean that there isn’t a chance of an attack before that patch being issued. Also, if your employees aren’t receiving guidance on keeping up with regular updates and maintenance on their work computers, they could be putting everyone at risk as those updates are how patches are installed. A single point of access through an outdated computer can allow hackers to access all sorts of data.

In the case of the latest vulnerability that impacted Microsoft 365, the issue was present in the WS-Trust, an OASIS standard that delivers security extensions and is used to renew and validate security tokens, thus ensuring identity. A bug in this system could be disastrous, allowing for the easy manipulation of security tokens and identity, allowing hackers in. The attacker could easily access mail, files, data, contacts, and more — depending on the amount of information stored on the cloud.

Working with a strong IT support team is the best way to ensure that you are protected from the latest developments in malware. Keep your computers up to date and your employees knowledgeable on the best ways to stay protected by having a strong IT support team to rely on.

 

What Is The Dark Web?

 

Are your company’s data and network secure? Solidly secure? Or, are you worried you may have been hacked, putting sensitive data at risk? You may be wondering about the latter if you’re looking up information on the dark web and how it may impact your business. Because, indeed, if you were hacked, that information is likely on the dark web and it can deeply and detrimentally impact your business.

 

An ongoing study series most recently released in 2019, Into the Web of Profit by Dr. Michael McGuire, explored the Dark Web and shed light on just how serious and dangerous it is to businesses throughout the nation and the world. From bespoke malware to hacking services targeted at FTSE 100 and Fortune 500 companies, the Dark Web has gone deeper underground to thwart law enforcement as much as to share new and advanced ideas with fellow hackers on how to best to hack businesses.

 

So, if you are thinking that your data and network system aren’t secure enough, or––alternatively––think it is secure enough: (1) you need to get it secure immediately; and (2) you should know that secure enough won’t cut it ever again. Having a comprehensive security plan that evolves with the changes and advancements in security is key to protecting your data, your identity, your company, your company’s brand, your clients, your customers, among other things. Read more to learn about the Dark Web and how to protect yourself.

 

What is the Dark Web as opposed to the Plain Ole’ Internet?

 

The internet isn’t plain at all, and it’s made up of three parts:

 

1. The surface web, also known as the clear web, which makes up the websites and webpages of the Internet that are indexed by search engines (e.g., Google, Yahoo!, Bing, Wikipedia, etc.);
2. The deep web, which consists of pages that you can find and access by using login information (e.g., your bank account or medical records); and
3. The dark web, also referred to as the DarkNet, which is the part of the Internet not indexed by search engines and which cannot be accessed unless done anonymously by using special anonymizing software.

 

Due to its anonymity, the dark web has been used for good in some respects. Importantly, people who live in countries where access to the internet is restricted can communicate more openly on the dark web. Mostly, however, it has been infiltrated by criminals. They deal in drugs, illicit firearms, and child pornography. They also, however, deal in things like malware, stolen data, and stolen identities.

 

So, in that respect, the dark web is a source of serious concern for businesses.

 

What Do We Know About the Dark Web’s Impact on Businesses?

 

If statistics matter to you, then your business needs to up its game. Below are facts providing an overview of what we know about cybercrime generally and the dark web specifically and its impact on or threats to businesses.

 

Hackers Attack Businesses

 

• According to Security magazine, there is a hacker attack approximately every 39 seconds.
• Stale user accounts, like those that are unused or with outdated permissions, are easy targets for hackers to exploit, and according to Varonis, 65% of all companies have more than 1,000 stale user accounts.
• Hacker groups are making millions by selling millions of business data on the dark web––for example:
  • ShinyHunters breached ten companies in the Spring and sold more than 73 million user records on the dark web; and
  • More than 600,000 users of Email.it have their data placed and sold on the dark web.
  • At the start of 2020, more than 30 million stolen credit cards were sold to cybercriminals on the dark web after a gas station and convenience store chain were breached.
• Hackers are constantly scouring the dark web for the next best way to hack.

 

The Consequences of Stolen Data on the Dark Web are Costly

 

• Cybercrime on the dark web is incredibly profitable––according to Cybersecurity Ventures, it’s more profitable than even the global illicit drug trade.
• According to RSA, a consumer account could go for as little as $1.00 on the dark web––this means just about anyone can purchase at least one stolen account; it also means that the hacker needs to obtain a significant amount of your data to reap the benefits, which could be good or bad for you.
• SecurityIntelligence’s 2019 report on the Cost of a Data Breach Report found that the “global average cost of a data breach … is $3.92 million, a 1.5 percent increase from its 2018 study.
• According to SeurityIntelligence’s reporting, the average total cost of a data breach for a U.S. business is $3.86 million.
• Also, according the SecurityIntelligence’s reporting, it takes on average 280 days before a company identifies and contains a breach.
• What’s probably most troubling is this: according to Fortune, 66% of businesses experiencing a hack lacked the confidence that the company would recover from it.

 

The Dark Web is Creating the Need for More Cybersecurity Experts

 

Because the demand is high, the need for cybersecurity experts is high––in 2019 alone, there were more than 715,000 cybersecurity experts as reported by Cyberseek. Meanwhile, Cybersecurityventures estimates that will be more than 3.5 million cybersecurity jobs come 2021.

 

What Can You Do About the Dark Web’s Threats to Your Business

 

Many of us have taken for granted network solutions and cybersecurity. Further, many businesses have limited resources to address cybersecurity comprehensively and on an ongoing basis. But this needs to change. Priority must be given to a comprehensive security system that can aptly and proactively protect your business’s data.

 

So, what can you do about the dark web’s threats to your business? Things like changing passwords regularly, training employees, choosing the right ISP, monitoring spyware, encrypting client and customer data, among other things are necessary. But it all must be included in a customized plan that is always reviewed, updated, and addressed the new concerns of the day.

 

Remember: hackers are constantly changing and advancing their methods, so your business needs to do the same to stay on top of it. If you don’t have your own team to address these issues specifically, then you may want to consider outsourcing it to a professional group. With 2021 upon us soon and the economy hit hard by the coronavirus pandemic, the time is now to ensure the safety and integrity of your data.

What Exactly Is NIST?

 

No matter what industry you work in, chances are you’ve encountered the term NIST at one time or another.

 

It’s most often used in relation to technology and, specifically, in relation to cybersecurity.

 

Like many things related to these fields, NIST is both complicated and simple. It’s complicated because you have to have a bit of background to fully understand what it represents. It’s simple because once you understand this background, NIST actually makes a lot of sense.

 

What Is NIST?

 

NIST is a federal agency within the United States Government (specifically, the U.S. Department of Commerce). The acronym stands for National Institute of Standards and Technology.

 

As an agency, NIST was founded by Congress in 1901. Basically, it was established as a way to standardize and promote competitiveness within the fields of science and technology in the U.S. A simultaneous mission was to promote the harnessing of science and technology to improve quality of life in the U.S. and protect our economic security.

 

What Does NIST Have to Do With Cybersecurity?

 

Essentially, the National Institute of Standards and Technology has its hands in many areas of industry. But more recently — from the late 20th century up until today — it has particularly impacted how we create, use, and disseminate technology.

 

As computers and the Internet became more ubiquitous in recent decades, it became apparent to the government that some standardized practices needed to be established. NIST became the authoritative body that would create and disseminate these standardized practices.

 

According to the NIST website, “Congress has given NIST responsibility to disseminate consistent clear, concise, and actionable resources to small businesses.” That goes for all other sizes of businesses too.

 

In addition, NIST standards generally apply to all industries. Most importantly, where cybersecurity is uniquely concerned, NIST 800-171 was created to control unclassified government information that is being stored and/or handled by non-governmental organizations.

 

What Is NIST 800-171?

 

NIST 800-171 is a special publication that was created and is mandated by the National Institute of Standards and Technology. The goal of this publication is to maintain uniformity in how organizations handle data — especially sensitive government data.

 

Both small to mid-sized businesses and large enterprises should know about NIST 800-171. As a business owner or C-level executive, it’s important that you, specifically, know about it. And if you work with the federal government — either directly or indirectly — it’s absolutely critical that you know about it.

 

Essentially, any business that works with the government or with government information needs to be NIST 800-171 compliant. But even companies that don’t work directly or indirectly with government information can find it useful as well.

 

Here are the basics:

 

Special publication NIST 800-171 was created to protect something called “Controlled Unclassified Information.”

 

What is “Controlled Unclassified Information,” you ask?

 

Controlled Unclassified Information, or CUI, is information that is relevant to the federal government but not necessarily classified. A good example would be legal documents or technical drawings of government projects.

 

This is important information to keep secure, and though it is not technically “classified” and doesn’t include “state secrets,” the government has an interest in protecting it and making sure it doesn’t fall into sinister hands.

 

How Does a Business Stay Compliant With NIST 800-171?

 

We’re not going to tell you that it’s impossible to stay compliant with NIST 800-171 on your own — without the help of a managed service provider.

 

However … it’s much harder.

 

NIST compliance is not simple.

 

First, you have to know which information is CUI and where it is located (all copies). You then have to classify and categorize that information. After that, you have to limit access to the CUI so that only authorized workers can see and use it. You also have to encrypt it.

 

Once that’s done, you should implement a system of monitoring to ensure that all CUI access dates and times are logged. From there, you need a system of training that can educate your employees on all of this information and how to reduce the risk of CUI access across the board.

 

Interested in Discovering More About How to Stay NIST Compliant?

 

As we said, NIST 800-171 compliance is not simple.

 

It’s far easier to have a managed service provider handle it for you. If you already work with an MSP you trust, talk to them about NIST compliance. If not, get in touch with a reputable MSP in your area today. Managing your NIST compliance is something that shouldn’t wait.