More than just offering apps and cloud services designed to boost productivity, Microsoft 365 also provides robust security tools for protecting data from loss and theft. Make the most out of these tools and ensure data security by following these tips.

Take advantage of policy alerts

Establish policy notifications in Microsoft 365’s Compliance Center to help you meet your company’s data security obligations. With these in place, your employees will receive policy tips about sending confidential information anytime they’re about to send messages to contacts outside of the company network. These preemptive warnings can prevent data leaks and also educate users on safer data sharing practices.

Secure mobile devices

Since employees often use personal smartphones or computers to access their work email, calendar, contacts, and documents — especially if they’re working remotely — securing employee-owned devices should be a critical part of protecting your organization’s data. Installing mobile device management features for Microsoft 365 enables you to manage security policies and access permissions/restrictions, and remotely wipe sensitive data from mobile devices if they’re lost or stolen.

Use multifactor authentication

Relying on a single password to protect your Microsoft 365 accounts could lead to account hijacking, which could put your data at risk of being compromised. Instead, enable multifactor authentication (MFA). MFA requires users to supply additional credentials on top of a password before they can access their accounts. This makes it difficult for hackers to access your accounts since they not only have to guess user passwords, but they also need to provide a second authentication factor like a one-time SMS code or a fingerprint scan.

Apply session timeouts

Many employees usually forget to log out of their Microsoft 365 accounts and keep their computers or mobile devices unlocked. This could give unauthorized users unfettered access to company accounts, allowing them to steal sensitive data. By applying session timeouts to Microsoft 365 accounts, email accounts, and internal networks, users will be automatically logged out after a period of inactivity, preventing hackers from taking over users’ devices and accessing private information.

Avoid public calendar sharing

Microsoft 365’s calendar sharing feature allows employees to share and sync their schedules with their colleagues. However, publicly sharing this information is a bad idea because it helps attackers understand how your company works, determine who’s away, and identify vulnerable users. For instance, if security administrators are publicly listed as “Away on vacation,” an attacker may see this as an opportunity to unleash malware on unattended computers.

Employ role-based access controls

Access management is another Microsoft 365 feature that will limit the flow of sensitive data across your organization. It lets you determine which users have access to specific files in your company. For example, rank-and-file employees won’t be able to read or edit executive-level documents, minimizing the risk of data leaks.

Encrypt emails

Encrypting classified information is your last line of defense against data breaches. If hackers intercept your emails, encryption tools will make files unreadable to unauthorized recipients. This is a must-have for Microsoft 365, where files and emails are shared on a regular basis.

Partner with us to ensure your organization’s Microsoft 365 accounts are always secure and compliant with changing data security requirements. Give us a call today — our team of experts are here to help.

The post 7 Ways to boost data protection in Microsoft 365 appeared first on TechSolutions, Inc..

Don’t give your customers any reason to feel insecure when dealing with your business. When they visit and use your website, you must engender feelings of trust and security instead of alarm and distrust. Don’t worry — you can easily do this with these three tips.

Tip 1: Use HTTPS

Short for Hypertext Transfer Protocol Secure, HTTPS indicates that a website has an extra layer of security for its users. This layer encrypts data exchanged between a user’s browser and the web server that delivers the data requested by the user. To use a simpler comparison, imagine someone tapping your landline, but instead of getting to listen in on your conversations, they’ll hear people speaking in tongues instead.

In August 2014, Google Chrome, the world’s most popular browser, announced that having HTTPS makes your website rank higher in its search algorithm. And since October 2017, the browser began flagging non-HTTPS websites as not secure whenever users try to fill out something as simple as a contact form on it. In July 2018, Chrome started showing a “not secure” warning on any website that does not implement HTTPS, whether or not users are filling out a form there.

Because of Google’s measures, the security protocol has been widely adopted. Even if your website does not contain or ask for sensitive information, implementing HTTPS engenders trust and a sense of security among internet users, while remaining on HTTP will make web visitors abandon or avoid you sooner or later.

Tip 2: Embrace multifactor authentication (MFA)

Since account credentials can be easily stolen via phishing attacks, username and password combos are no longer enough to keep bad actors at bay. To ensure that the one accessing an account is truly that account’s owner, additional identity authentication steps must be implemented.

These steps can involve the use of the account holder’s device — the one logging in must first verify their phone number, receive a one-time password on their smartphone, then enter that code in the access portal before the code’s validity lapses. Alternatively, MFA may ask for a face, retina, voice, or fingerprint scan for authentication.

MFA can be a bit of a hassle for your internal and external users, but a little inconvenience is a small price to pay for immensely effective cybersecurity.

Tip 3: Update browsers and devices

Did you know that dated versions of browsers, operating systems, and even other software packages can create an easy entry point for hackers? Often, new updates are created specifically to fix security holes. However, people tend to procrastinate and leave applying updates for another day. Hackers take advantage of this by searching for outdated devices to infiltrate while their victims watch YouTube on last year’s version of Firefox.

Yes, installing an update might take 15 minutes of your time, but this time investment can pay dividends in terms of preventing a security breach that could cost you or your business thousands.

Looking for more tips to boost your internet security? Get in touch to find out how we can help.

The post Make site visitors feel secure with these tips appeared first on TechSolutions, Inc..

The smartphone has become an important part of our lives and is one gadget that many of us carry most of the time. We not only use it to communicate with others, but to store personal information like email, photos, and contacts, as well. So if you plan to sell your phone or give it to someone else, make sure you erase everything that’s stored there.

1. Encrypt your Android phone

Ensure that strangers don’t have access to your private data by encrypting it to make it unreadable. Newer phones usually encrypt data by default. But if you’re unsure about yours,  double-check to avoid regrets later.

Go to Settings in your phone and search for Encryption. Where you’ll find that depends on the phone you’re using, but it should be easy to locate. Once there, you’ll see whether your device is encrypted or not. If it’s the latter, start the encryption process. This normally takes an hour or more, and you can’t use your device during that time.

2. Remove the SIM and storage cards

Now that your data is encrypted, remove your SIM card and external memory card. Both are linked to your identity and contain sensitive information so don’t let them out of your sight. 

3. Perform a factory reset

You can now start the actual data wiping process. Under Settings, look for Backup & Reset and go to Factory Data Reset. This is where you can remove data and accounts from your phone. You will be asked to verify your fingerprint, or input your password, pattern, or PIN before starting the process.

4. Sever ties to specific websites

The final step is to manually remove your old device from Google and other websites it is associated with. Go to the concerned sites, choose your device, and remove it from the list of Trusted Devices. Don’t forget your password manager and multi-device authentication apps; sign in to those and close any connections there as well.

As long as you follow these four easy steps, you can safely get rid of your old mobile phone. For those who are still worried about their data, give us a call. We’ll protect your files from prying eyes and give you valuable tips to secure your Android device.

The post 4 easy ways to wipe data from your phone appeared first on TechSolutions, Inc..

You can’t afford to lose business data. It takes away the trust of your clients, leading to loss of revenue. Cybercriminals are here to stay, so it’s more important than ever to utilize tight security measures to keep your business data safe. Still, some hackers may have advanced cracking skills, or are really determined to break into your network, so it’s a good idea to use the following methods for safeguarding your corporate data.

Use Two-Factor Authentication

Using a complicated password to secure your system is no longer an effective way to solve the issue of cybersecurity. We tend to use that same complex password in our email accounts or bank accounts, and if one of your logins is compromised, this can result in grave consequences.

Two-factor authentication (2FA) adds an extra layer of security for your systems and accounts. It can be biometric verification for devices that you own, or a time-sensitive auto-generated code that is sent to your mobile phone. This security feature works in the same way websites would require you to confirm your email address. They want to make sure that you’re not a bot or anything else.

Encrypt all data

Encryption is a great obstruction to hackers, since it scrambles and descrambles data every time someone tries to read it. Encryption also causes compatibility issues if the data is not being accessed via the company’s own network systems. While applying encryption can be costly, it is certainly well worth the money if it can protect your business data from falling into the wrong hands.

Keep systems up to date

Technology is moving at a fast pace. Hackers are always upgrading their tools to take advantage of outdated security systems, so companies should do likewise to protect their valuable resources. Yet many companies don’t install software updates immediately. If the update closes existing security loopholes, delaying an update exposes you to external attacks. So install software updates as soon as they are released.

Back up frequently

Although you’ve implemented several layers to your security, sometimes hackers can still find their way in. This is why you need to back up data frequently, whether it’s on-site, off-site, or by way of cloud backups. In the worst-case scenario where your systems do get infiltrated, you can restore lost data from those backups.

Monitor connectivity

Many businesses have no idea how many computers they have, so it’s very hard to keep track of which computers are online. Sometimes a company’s computers and servers are online when they don’t need to be, making them tempting targets for attackers. It’s advisable to configure business servers properly, ensuring that only necessary machines are online and that they’re well-protected.

It’s much more expensive to recover from a data breach than to prevent one. If you’re looking to protect your business IT systems for potential threats, contact us today so we can help.

The post Tips for safeguarding business data appeared first on TechSolutions, Inc..

Avoiding malware and online scams takes a lot of work. You have to treat every email with suspicion, manage a long list of convoluted passwords, and avoid public WiFi networks. Ideally, you follow several other cybersecurity best practices, but many users don’t believe they’re worth the time. If you’re one of those people, here are five ways to stay safe that won’t eat up all your time.

1. Multi-factor authentication (MFA)

This tool earns the number one spot on our list because it can keep you safe even after a hacker has stolen one of your passwords. That’s because MFA requires more than one form of identification to grant access to an account.

The most common example is a temporary code that is sent to your mobile device. Only someone with both the password and access to your smartphone will be able to log in. Almost any online account provider offers this service, and some let you require additional types of verification, such as a fingerprint or facial scan.

2. Password managers

Every online account linked to your name should have a unique password with at least 12 characters that doesn’t contain facts about you (avoid anniversary dates, pet names, etc.). Hackers have tools to guess thousands of passwords per second based on your personal details, and the first thing they do after cracking a password is to try it on other accounts.

Password manager apps create random strings of characters and let you save them in an encrypted list. You only need one complex password to log into the manager, and you’ll have easy access to all your credentials. No more memorizing long phrases, or reusing passwords!

3. Software updates

Software developers and hackers are constantly searching for vulnerabilities that can be exploited. Sometimes, a developer will find one before hackers and release a proactive update to fix it. Other times, hackers find the vulnerability first and release malware to exploit it, forcing the developer to issue a reactive update as quickly as possible.

Either way, you must update all your applications as often as possible. If you are too busy, check the software settings for an automatic update option. The inconvenience of updating when you aren’t prepared to is nothing compared to the pain of a data breach.

4. Disable flash player

Adobe Flash Player is one of the most popular ways to stream media on the web, but it has such a poor security record that most experts recommend that users block the plugin on all their devices. Flash Player has been hacked thousands of times, and products from companies like Microsoft, Apple, and Google regularly display reminders to turn it off. Open your web browser’s settings and look for the Plugins or Content Settings menu, then disable Adobe Flash Player.

5. HTTPS Everywhere

Just a few years ago, most websites used unencrypted connections, which meant anything you typed into a form on that site would be sent in plain text and could be intercepted with little effort. HTTPS was created to facilitate safer connections, but many sites were slow to adopt it or didn’t make it the default option.

HTTPS Everywhere is a browser extension that ensures you use an encrypted connection whenever possible and are alerted when one isn’t available on a page that requests sensitive information. It takes less than one minute and a few clicks to install it.

If you run a business with 10 or more employees, these simple tips won’t be enough to keep you safe. You’ll need a team of certified professionals that can install and manage several security solutions that work in unison. If you don’t have access to that level of expertise, our team is available to help. Give us a call today to learn more.

The post 5 Cybersecurity measures anyone can master appeared first on TechSolutions, Inc..

Google Chrome currently marks HTTPS-encrypted sites with a green lock icon and “Secure” sign. And starting in July, Chrome will mark all HTTP sites as “not secure.” Google hopes this move will nudge users away from the unencrypted web. Read on to learn more about the forthcoming changes.

For several years, Google has moved toward a more secure web by strongly advocating that sites adopt the Secure HyperText Transfer Protocol (HTTPS) encryption. And last year, Google began marking some HyperText Transfer Protocol (HTTP) pages as “not secure” to help users comprehend risks of unencrypted websites. Beginning in July 2018 with the release of a Chrome update, Google’s browser will mark all HTTP sites as “not secure.”

Chrome’s move was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and the majority of Chrome traffic is already encrypted.

Here’s how the transition to security has progressed, so far:

• Over 68% of Chrome traffic on both Android and Windows is now protected
• Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
• 81 of the top 100 sites on the web use HTTPS by default

HTTPS: The benefits and difference

What’s the difference between HTTP and HTTPS? With HTTP, information you type into a website is transmitted to the site’s owner with almost zero protection along the journey. Essentially, HTTP can establish basic web connections, but not much else.

When security is a must, HTTPS sends and receives encrypted internet data. This means that it uses a mathematical algorithm to make data unreadable to unauthorized parties.

#1 HTTPS protects a site’s integrity

HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one can tamper with the traffic or spy on what you’re doing.

Without encryption, someone with access to your router or internet service provider (ISP) could intercept (or hack) information sent to websites or inject malware into otherwise legitimate pages.

#2 HTTPS protects the privacy of your users

HTTPS prevents intruders from eavesdropping on communications between websites and their visitors. One common misconception about HTTPS is that only websites that handle sensitive communications need it. In reality, every unprotected HTTP request can reveal information about the behaviors and identities of users.  

#3 HTTPS is the future of the web

HTTPS has become much easier to implement thanks to services that automate the conversion process, such as Let’s Encrypt and Google’s Lighthouse program. These tools make it easier for website owners to adopt HTTPS.

Chrome’s new notifications will help users understand that HTTP sites are less secure, and move the web toward a secure HTTPS web by default. HTTPS is easier to adopt than ever before, and it unlocks both performance improvements and powerful new features that aren’t possible with HTTP.

How can small-business owners implement and take advantage of this new interface? Call today for a quick chat with one of our experts to get started.

The post Chrome to mark HTTP as ‘not secure’ appeared first on TechSolutions, Inc..

Very few internet users understand the meaning of the padlock icon in their web browser’s address bar. It represents HTTPS, a security feature that authenticates websites and protects the information users submit to them. Let’s go over some user-friendly HTTPS best practices to help you surf the web safely.

HTTPS Encryption

Older web protocols lack data encryption. When you visit a website that doesn’t use HTTPS, everything you type or click on that website is sent across the network in plain text. So, if your bank’s website doesn’t use the latest protocols, your login information can be intercepted by anyone with the right tools.

HTTPS Certificates

The second thing outdated web browsing lacks is publisher certificates. When you enter a web address into your browser, your computer uses an online directory to translate that text into numerical addresses (e.g., www.google.com = 8.8.8.8) then saves that information on your computer so it doesn’t need to check the online directory every time you visit a known website.

The problem is, if your computer is hacked it could be tricked into directing www.google.com to 8.8.8.255, even if that’s a malicious website. Oftentimes, this strategy is implemented to send users to sites that look exactly like what they expected, but are actually false-front sites designed to trick you into providing your credentials.

HTTPS created a new ecosystem of certificates that are issued by the online directories mentioned earlier. These certificates make it impossible for you to be redirected to a false-front website.

What this means for daily browsing

Most people hop from site to site too quickly to check each one for padlocks and certificates. Unfortunately, HTTPS is way too important to ignore. Here are a few things to consider when browsing:

• If your browser marks a website as “unsafe” do not click “proceed anyway” unless you are absolutely certain nothing private will be transmitted.
• There are web browser extensions that create encrypted connections to unencrypted websites (HTTPS Everywhere is great for Chrome and Firefox).
• HTTPS certificates don’t mean anything if you don’t recognize the company’s name. For example, goog1e.com (with the ‘l’ replaced with a one) could have a certificate, but that doesn’t mean it’s a trustworthy site.

Avoiding sites that don’t use the HTTPS protocol is just one of many things you need to do to stay safe when browsing the internet. When you’re ready for IT support that handles the finer points of cybersecurity like safe web browsing, give our office a call.

The post The importance of HTTPS appeared first on TechSolutions, Inc..

Just when you thought cyber criminals couldn’t get smarter, along comes a new scamming technique. Previously used for safeguarding browsing activity, encryption tools are now used by hackers in carrying out phishing scams. This means some fraudulent sites may have HTTPS on their address, giving users a false sense of security.

How hackers use encryption to carry out phishing scams

According to recent research, 24% of phishing scams in 2017 use web encryption — an astounding increase from last year’s 3%. This means more HTTPS sites may not be truly safe.

Phishing scammers rely on their victims to do what they ask, which is why it’s so effective. And with this new trick, unsuspecting users are more likely to be deceived. What makes this encryption-aided scam even more effective — and dangerous — is that it makes hackers’ phishing email or text that much more authentic-looking.

For example, if you receive an email that purports to be from Amazon and includes a link to an encrypted site, there’s now a slightly higher chance you’d believe this email is the real deal. Clearly, if you’ve never purchased anything from Amazon, you’d know that this is a fake. But then again, there are millions of Amazon customers who could be misled into thinking that that email is legitimate.

Does encryption mean a safer internet?

With organizations like the Internet Security Research Group and Google promoting encryption, the world wide web should be a safer place, but that’s not necessarily the case. In fact, encrypting more legitimate websites could simply result in an increased number of encrypted phishing sites.

It may also be useful to know that not all phishing sites use encryption. Many phishing scams are still carried out using websites that may or may not be encrypted.

What you can do to ensure safety

This isn’t meant to cause panic, and despite this new phishing tactic, encryption is still an essential security tool that every business must implement.

Websites with HTTPS are still much safer than unencrypted ones. This is why it’s more important than ever to be vigilant when visiting suspicious sites and clicking on links. If you receive an email from PayPal asking you to verify your bank account details or password to a seemingly secure link, be wary. Some phishing scams are easy to detect, but some are not.

Practice extreme caution when responding to requests for sensitive data. Consider the source of the message, think before clicking, and don’t hesitate to seek the advice of an expert in case you have doubts. Phishers succeed only if you do what they ask you to do.

Phishing and other cyber scams are constantly getting upgrades, and no single solution can prevent hackers from attacking you. But your business could be much safer with the right cyber security protections in place. If this is exactly what you need, get in touch with our cyber security technicians.

The post Phishers use encrypted sites to scam appeared first on TechSolutions, Inc..

It’s hard to deny how quickly the different types of ransomware multiply — they do so faster than rabbits during mating season. Ransomware vary in appearance, subtlety, and targets. The latest addition to the extensive list of ransomware varieties is Fantom. This cybersecurity nightmare adopts a facade that many would have no qualms trusting. Like many other things, these technologically menacing forces are like “a wolf in sheep’s clothing” — impending danger lurks beneath the most seemingly innocent guises.

AVG security researcher Jakub Kroustek recently spotted Fantom coded atop an EDA2, a ransomware-building kit that was open-sourced but eventually taken down. EDA2 contained certain flaws that allowed researchers to obtain decryption keys from its C&C server, yet these flaws have since disappeared, indicating that Fantom coders might have found and fixed them before anyone else had a chance to.

Very little is known as to how Fantom is distributed. As for the method of deployment, cybercriminals plant the file onto the target’s computer via spam email or exploit kits. Fantom-infected files are named criticalupdate01.exe; they utilize a “Windows Security Update” to prompt targets into running the file.

After activation, the ransomware starts by locking the user’s screen while displaying fake Windows Update graphics, complete with a fully-functioning percentage-based loading timer that mirrors the original Windows Update screen. However, beneath this pleasant facade, Fantom is encrypting your files right before your eyes. Luckily, the temporary lock screen is removable before it reaches 100% — simply press CTRL+F4. Unfortunately, the encryption process remains intact.

The MalwareHunterTeam states, “The ransomware uses classic ransomware encryption by locking files using an AES-128 key and then encrypting this key with a dual RSA key, with the private key stored on the crook’s server, and a public key left on the user’s PC.”

In order to retrieve the private key to unlock your files, you must contact the perpetrators by email. The email address is listed in the ransom note that appears after the process of encryption is complete. Fantom displays ransom notes in the form of HTML and TXT files, while changing the user’s desktop with a custom screenshot that lists the contact details. Lastly, after completing all its operations, Fantom cleans after itself by running two batch scripts wiping all the installation files clean.

Ransomware isn’t new, but the ways that cybercriminals utilize them are. Who would’ve thought that the ever so familiar Windows Update window has fallen prey to malicious intent? Pretend that you’re the Little Red Riding Hood and that the wolf is the ransomware that cybercriminals have disguised as your grandmother. They no longer wait to trap you, instead, they wait for you to walk straight into one instead.

The issue of ransomware is as extensive as it is meticulous. If you have any questions about Fantom or would like to request more information, feel free to get in touch with us! Give us a call or send us an email. Our dedicated staff are more than happy to help.

The post Fantom: the latest cybersecurity spectre appeared first on TechSolutions, Inc..