Find the latest news and information here.
Using Microsoft 365 Without MFA In Place? You Are At Risk.
By: Brad Jepsen, Master IT Engineer/Sales Engineer
If you use Microsoft 365 products and you don’t have MFA (Multi-Factor Authentication) enabled in your organization yet, you are at heightened risk of user accounts getting compromised.
I can’t say this more plainly – if you do not have MFA in place and a cybersecurity incident hasn’t happened to you yet, it is only a matter of time before you fall victim.
What is MFA for Microsoft 365?
MFA increases the security of user logins for cloud services beyond only using a password. With MFA for Microsoft 365 users are required to take a second step to sign in. This step comes after the user has correctly entered their password and can either come in the form of a text message or an app notification on their phone.
What’s my risk if I’m not using MFA?
- A single password is not enough, regardless of how complex it is. Hackers have ways to crack passwords.
- Phishing emails appearing legit can lead end-users to hand over their login credentials to the hacker.
- If your data is compromised in Microsoft 365, it then gives the hacker access to everything saved in the software, including emails and data in OneDrive and SharePoint.
- Non-Compliance. Depending on your industry, MFA may be one component of compliance standards.
- If your credentials are compromised, hackers can send emails directly from your account. For example, the hacker could send phishing emails to your customers with ransomware and other types of malware.
- Your business reputation. You don’t want to have to answer to questions from your contacts/customers about why you don’t have safeguards in place to protect both your business and theirs.
What are the cons of MFA?
- You may have concerns about setup costs. Some may believe that it’s too expensive to set up or you just don’t have the time to do it. While cost is always a factor to consider, setting up MFA does not require a lot of time. The protection you get from MFA significantly outweighs the costs.
- End-user training. Yes, by enabling MFA you are requiring all users to learn an additional step to log in and it’s less convenient. However, within a few days users will have an understanding and the login process will only take a few additional seconds.
The majority of today’s data breaches are a result of compromised credentials. We strongly urge our partners to take action now to implement MFA to protect yourself and your customers.
For any further questions about protecting your data and/or enabling MFA for Microsoft 365, please reach out to your Business Consultant at email@example.com or Technical Support team at firstname.lastname@example.org.
How to Sign Into the Networks Plus Customer Portal:
Visit: Go directly to the website networksplus.myportallogin.com, or click on the “View Ticket” link in your generated service ticket email from Networks Plus.
The following sign-in options are available for the Networks Plus customer portal. Please note, the email used to long onto the customer portal needs to match the email address under the contact in ConnectWise Manage. If you are having issues signing in, please contact us at email@example.com for assistance.
- Microsoft – Allows users to sign in with their own Microsoft Credentials
- Note: This must be a cloud-based Microsoft account. This could be Azure Active Directory, a personal Microsoft account, or Microsoft 365. On-premises Active Directory is not supported. The first time a user logs in with this option, they must grant consent for access to their basic Microsoft profile information, including name and email address.
- Google – Allows users to sign in with their own Google Credentials
User Permissions Options
The “Users” screen is where portal administrators can define permissions and create new users for their Customer Portal. Users automatically sync from Manage. To log in to the Customer Portal, each user must be created as a contact and associated with a company in ConnectWise Manage. Only Active users are displayed in the portal. Use the search feature to quickly locate users by first name, last name, or company.
By default, all users listed under companies in ConnectWise Manage have a role of “Standard User” assigned to them, meaning they can log into the portal, submit tickets, and look up tickets. If an admin requests additional access, that change must be done within the Admin portal.
Watch the full tutorial here.
Looking at Ordering New Business-Grade PCs or Servers in the Next Year? The Time to Order is NOW.
By Kelly Gillespie
If you have tried to order business-grade electronics lately, you may have noticed there are slim pickings out there in some categories. This is due to a shortage of processors and other electronic components. The IT and cybersecurity industries aren’t the only ones that have been hit. Everything from gaming consoles to the auto industry has been affected.
So, what has caused this shortage and when will it end? The answer to that question is not too complicated, but it does have layers.
As of January 14, 2020, any computer running Windows 7 still functions, but Microsoft no longer provides technical support for any issues, software updates, or (what we consider the biggest issue) security updates or fixes for businesses. This means any business with Windows 7 PCs now has unlocked doors and windows to their IT and cyber networks. Unfortunately, many of these businesses waited until the last minute to replace their laptops and desktops. That meant millions of PCs being replaced globally from late 2019 to early 2020. Computers were being put on backorder and stocks started to run low.
In addition, Windows Server 2008 went end of life the same month. So, now servers needed to be replaced as well. Server stocks were being depleted not quite as fast as the PCs, but the components still needed to be made to keep up with the demand. This puts even more strain on the PC and laptop markets already struggling to keep up.
Now, don’t forget to layer in the global pandemic that slowed manufacturers to a crawl at best, and shut them down for weeks (if not months) at worst. The shortage of parts only got worse. On top of manufacturing facilities unable to produce at full capacity, shipping was also limited as facilities struggled to keep their workers safe and healthy.
So, what about now? In a nutshell, the industry has not fully recovered just yet. Computers and other electronics are still in short supply. If you want to replace your systems later this year or even early 2021, the time to start ordering is now. It is not uncommon for us to see certain equipment backordered for up to 6 months.
What can you do to ensure you are sticking with your life cycle plan for your system over the next year? Contact your business consultant here at Networks Plus and we will work together toward your timeline and finding the right options for your business. Email us at firstname.lastname@example.org and we will set up an appointment to discuss your priorities over the next year.
For more information on affected industries, you can visit this article: What’s causing the chip shortage affecting PS5, cars and more? (cnbc.com)
World Backup Day – A Great Time To Take A Look At Your Backup Practices
By Adam Boyle, Senior Business Consultant
We have all been advised to perform tornado and fire drills at least once a year, but when is the last time you took a hard look at your backup practices. And are you checking these practices regularly? March 31st is World Backup Day and is a great reminder to get your annual data check-up on your calendar.
Here are some simple steps to follow for your annual check-up:
- Know where your data resides. The more places data exists, the more likely it is that unauthorized individuals will be able to access it. Quiz your employees and consider using data discovery tools to find and appropriately secure data.
- Control access to your data. Once you have defined every place your data lives, it is time to limit your employees’ access to specific data they need to perform their jobs. This isn’t a matter of whether or not you trust your employees, it’s a matter of keeping your data as secure as possible. Any administrative privileges should be kept to a very small number of trusted and qualified staff.
- Define how you are protecting each data point. Go through the practice of documenting how each data point is protected. It is so important to remember that just because some of your data may live in the “cloud”, it does not mean it is backed up. Microsoft makes no guarantee on backing up your data and clearly states that it is the user’s responsibility. In fact, 75% of companies that use applications like OneDrive, SharePoint, Outlook, Calendar, and others experience a data loss incident every year – and most of it is unrecoverable. The good news is, there are solutions that can back up your data in these applications. (Shameless sales plug – YES, Networks Plus can help you with this.)
- Decide on the amount of downtime you are comfortable with for data that resides on your business server. If your business has evolved over the past year, this too may have changed. Have the discussion on whether or not your leadership is comfortable with your current backup solution. How many times a day do you feel you need to back up? Discuss with your trusted IT provider on whether or not you are needing instant recovery and get a plan in place.
Not sure where to start? No problem. Give Networks Plus a call and we can take these steps off your plate, or help your team learn how to walk through them.
Microsoft Zero-Day Exploits
By: Jake Schulte, IT Manager
This week Microsoft detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments.
Before panic sets in, it’s important to note that Exchange Online is not affected. If you’re currently using Microsoft 365 services through Networks Plus and using Exchange Online – no action is needed.
Microsoft released patches for multiple on-premises Microsoft Exchange Server zero-day vulnerabilities being exploited by a nation-state affiliated group. The vulnerabilities exist in on-premises Exchange Servers 2010, 2013, 2016, and 2019.
To minimize or avoid impacts of this situation, Microsoft highly recommends that you take immediate action to apply the patches for any on-premises Exchange deployments. To patch these vulnerabilities, you should move to the latest Exchange Cumulative Updates and then install the relevant security updates on each Exchange Server.
Microsoft published a blog providing an overview of the attack and a link to the security updates that were released. You can view that information here: Microsoft Blog – New nation-state cyberattacks.
How To Enable Remote Work Without Exposing Your Entire Business To Cybercriminals
A record number of businesses said goodbye to the traditional in-office work model in 2020. They embraced the remote work model as they adapted to the new COVID-19 reality. It was a huge shift that came with many challenges, and some of those challenges are still felt today.
One of those challenges was – and is – cyber security. Businesses wanted to get their remote workforce up and running, but there were a lot of questions about how they would keep their newly remote employees secure.
So, how can you enable remote work while keeping your business and your employees secure? How do you keep cybercriminals out? The answer is multifaceted. There is no one-size-fits-all approach to cyber security — that would make things much easier! But there are several steps you can take to help your remote team stay productive while keeping the cybercriminals out. Here are three things you need to do:
- Skip the public WiFi. This is Cyber Security 101. Never use unsecured, public WiFi, especially when working. For remote employees who have the option to work from anywhere, using public WiFi is tempting. It’s just so easy to access, but it comes with huge risks, including the potential to expose your device to intruders.
Thankfully, there are plenty of options to help keep employees connected without having to worry about snoops. The most popular is the VPN, or virtual private network. VPNs allow remote workers to securely access the Internet, even through public WiFi. VPNs are ideal for remote workers who need to routinely access your network.
Another option is the personal hotspot. This is a portable WiFi access point, usually paired with data service through a telecom like Verizon, AT&T or T-Mobile. It gives remote workers flexibility to work anywhere they can get high-speed data service. Because the remote worker is the only person on the hotspot (and should be the only person), there is less worry about hackers snooping for your data.
- Have a strong device policy. When it comes to cost-cutting, it can be appealing to let employees use their own devices while working remotely. Avoid this, if possible. The bring-your-own-device (BYOD) approach has its benefits, including keeping costs down, but the security costs could be massive, especially if an employee gets hacked or misplaces crucial data. In short, BYOD can get complicated fast, especially for businesses unfamiliar with the BYOD approach.
That said, many businesses work with an IT services company or managed services provider to create a list of approved devices (PCs, laptops, tablets, smartphones, etc.) that employees can use. Then those devices are loaded up with malware protection, a VPN, and other security solutions. So, while employees may be using a variety of devices, they all have the same security and other necessary software in order to perform their duties.
The best device policy, however, is to provide employees with work devices. This ensures that everyone is using the same hardware and software, and this makes it much easier to keep everyone up-to-date and secure. It takes a little more effort logistically, and it has a higher up-front cost, but when it comes to keeping your business secure, it’s worth it.
- Don’t forget about physical security. While a lot of businesses are focusing on digital security right now, they’re not putting a similar focus on physical security. They may have a team of people working remotely spread across different neighborhoods, towns, states or countries. This mobility comes with the risk of device theft or loss.
If employees will be carrying their work devices with them for any reason, those devices should be kept nearby at all times. That means never leaving work devices in vehicles or unattended at a café or airport (or any location). Never leave a device where it has the potential to be taken.
It’s also important to remind employees to not only keep their doors locked but also keep work devices out of sight. You wouldn’t want to set up a home office in a room facing the street outside while leaving the windows open and the door unlocked, because you never know who may walk or drive by. Just as cybercriminals are always looking for ways to break into your network, criminals are looking for opportunities to walk away with high-value items.
The way we work is changing, so we must be prepared for whatever happens next. Implementing these three steps will give you a starting point, but they aren’t the end point. Work with an experienced MSP to get the most out of your remote work approach. Many businesses will not be returning to the traditional in-office model, so the more steps we take to secure our businesses and our remote teams, the better off we’ll all be.
2021 Trend Report
Join our panel of experts from the views of consultanting, technical and leadership perspectives as we forecast IT trends for 2021. We will be discussing: How to prepare your company for, dare we say, the unexpected? And, how to keep your company flexible & secure in today’s climate.
This will be interactive, so bring your thoughts, questions, comments and concerns for your business.
Watch the replay here.
The Dangers of Expired User and PC Accounts
By: Paul Facey, Managed Services/Advanced IT Technician
It’s that time of year where many of us are working on building new habits, getting organized, and starting the New Year off on the right foot. If you are looking to clear out clutter in the new year, we urge you to look beyond what is filling up your cabinet spaces. Clutter in your network could cause you some serious vulnerabilities, especially when it comes to expired user and PC accounts.
So, what are the risks associated with not disabling or removing expired accounts? Let’s first dig into the basics:
What is considered an “account”?
An account is generally a paired set of information (usually an ID and password) that is used to control access to something. For our purposes, it gains access to data in an organization. Most users are aware of user accounts. What users may not be aware of is that not only do users have accounts, but the PCs they are working on have additional accounts as well (this is especially true in an Active Directory Environment). When a computer is functioning in an Active Directory environment it is constantly verifying itself to domain controllers (servers) just like users do to ensure it has permission to access data and resources.
Why is this important?
Account maintenance is an often-overlooked part of organizational health and maintenance that can lead to data breaches. If a user leaves an organization, or a system has retired the accounts for that user, the system should be disabled or deleted as well. If those accounts are left active, that is an easy opportunity for an attacker to try and compromise those accounts and gain access to company data. Attackers can have “all the time in the world” to try and compromise these accounts as they are no longer in use and can go unnoticed for extended periods of time.
How do we prevent or limit this?
- Physical account management when a user departs or a system is replaced. The account should either be disabled or deleted at this time. For users it is recommended they be disabled and moved to an isolated “no-permissions group” for a period of time, then deleted once it is confirmed the account no longer contains any useful data.
- To protect the organization, the administrators or IT team should be conducting periodic audits of all accounts (user and system accounts) to identify old or stale (not frequently used) accounts to determine if they should be disabled or deleted.
- Account policies should be deployed that enforce password age, account lockout, and other security features. This ensures that even if an account is forgotten, it can no longer be accessed after a set amount of time. This way, if an attacker is attempting to compromise an account they will be locked out after a set number of attempts. This is a recommended practice for active accounts as well.
Account management is only one piece in the overall goal of protecting your organization and data, but a vital one. Each organization should define its needs and security goals, then implement the action steps whenever possible. The Networks Plus Team is standing by to assist your organization in evaluating and implementing these measures, and to help make your organization and data as safe and protected as possible.
Want to read more on this topic? Paul recommends you check out this article from InfoSecurity Magazine.
Your Business Will Be Hacked – Part 2
By: Jerry Horton, IT Director
“You can’t defend. You can’t prevent. The only thing you can do is detect and respond.” -Bruce Schneier
Bruce Schneier is a guy you should listen to. He is widely recognized as a cybersecurity expert, wrote the book on cryptography, and is a respected thought leader about digital privacy and the surveillance economy. While I don’t entirely agree with Bruce here – I think defense and prevention to some degree is possible – the final sentence of this quote should be everyone’s focus. Detection and Response are key to minimizing the effects of all cybersecurity incidents. That being said, all of the detection and response in the world aren’t worth much if you don’t do basic prevention/defense strategies. Installing a great intrusion detection system in your office won’t yield results you intended if you don’t first prevent intrusions by locking the doors.
Last month, this blog (read it here) focused on the fact that a cybersecurity incident (or more than one…) is inevitable and began building the foundational elements for good cybersecurity. As a quick recap, you should:
- Change your mindset
- Stop being your own worst cyber-enemy
- Figure out what to protect and what to protect against
- Practice good basic cyber-hygiene, including passwords, patches, least privilege, and touching on backups
This month, we are digging into the basic elements you need to help you do the best detection and response for your business. Next month we will explore security without boundaries, such as work-from-home and a mobile workforce.
Let’s get started!
From this point forward, the assumption is that you have put all of the steps from the first blog into place. If you haven’t yet, go back, re-read that blog, and finish checking those boxes. That being said, you can implement them at the same time you start working through this section, but it is a lot easier if all of the simple things are done first.
Lock the outer doors
The first thing to talk about is the perimeter of your business. In a brick-and-mortar facility, you have doors for both staff and customers. Each of these doors will be treated very differently. Areas for inventory, offices, or workspace are restricted for staff members that have been assigned access, perhaps using a physical key or code, but that door will remain locked 24×7 as it is only intended for authorized personnel; the public entrances are a different matter. Such entrances will need to be open during business hours and locked outside of them. Sounds obvious, right?
Think of your network as the digital brick-and-mortar building. You have areas where only employees should be able to operate, but you still have email servers or websites which the public will need to access in order to communicate with you. The way you lock and monitor these digital doors is with a business-grade firewall, coupled with a secured wireless network.
By default, a firewall is effectively a one-way door, allowing authorized traffic out and blocking all entry attempts by unauthorized traffic. You need to add specially locked ‘doors’ to allow staff members in when they aren’t physically in the building through a Virtual Private Network (VPN) and some doors that allow certain types of traffic to communicate with your email or web servers. Add a firewall for inbound and outbound traffic and you have a top notch first line of defense.
A business-grade firewall is the first technical control you have to put into place. While it may seem that a consumer-grade router, like the one you have at your home, will do the same job, let me assure they do not. Comparing the two in sports terms, the consumer-grade router is a weekend ball player and a business-grade firewall is an Olympic level athlete. Put another way, using a consumer-grade router in your business is like locking your doors with Velcro strips – sure, it will keep the door closed, but they easy to open.
Lock the inner doors
Now that you have traffic controls in and out of your digital building, think about how best to protect each area. You may have traffic flowing freely between areas, but you still need to know who is going where, when they go there, and what transpires. In a brick-and-mortar building, that means adding additional locks for secure areas, putting in video cameras to watch traffic, or even putting RFID tags on equipment or inventory so you can track it more efficiently.
Your digital building has a lot more openings than your physical one. Each and every workstation, laptop, server, or smart device is a door for the cybercriminals to try to open. Patching, which we talked about last month, is only the first step. You need to have robust protection on every one of these devices, which is an advanced endpoint solution. An advanced endpoint protection product needs to have some of features of traditional anti-malware, but it needs to go much further. New versions of ransomware and other malware are created at far too fast a pace for traditional methods alone to completely protect your environment. A solution that can look at the behavior of your machines and the software on them, make intelligent decisions, block potential malicious actions and record an audit trail of the incident is what is required.
But wait – there’s more!
Lock your inner doors – Part II
If you followed the advice I’ve given so far, there is one more thing that will make cybercriminals give up in disgust – Encryption. There is no slick building metaphor I can think of here, so this is straight up geek stuff…
You’ve probably seen movies where a villain steals digital data and brilliantly cracks the encryption in the nick of time using nothing more than a beefy laptop, chewing gum, and grim purpose. While encryption is crackable, it is also really, really hard to crack, even with the right tools.
You need to protect your data with encryption both in-transit (while it is moving from one location to another, both inside and outside of your network) and at-rest (when it is just sitting around on a hard drive, not doing much of anything.) The ability to encrypt your data is built into the Windows operating systems and so is easy to implement.
Get Virtual Security Guards
Okay, you made the perimeter and offices of your digital building as tightly locked as you can, so you are done, right? Not at all! The time has come to put a few more elements in place to detect and respond to events that will occur. Think of these as the security guards.
Email Security Gateway
Since the vast majority of cyberattacks begin with phishing emails, this is a critical element. An email security gateway acts as that security guard sitting at the desk who only allows authorized traffic and blocks all other attempts to enter or exit the building. A well-designed email security gateway will do that job and more; including blocking spam, checking every URL in an email, preventing spoofed emails, and checking outbound emails to make sure you aren’t sending credit cards or Social Security Numbers.
File Integrity Monitoring
You have your files stored, secured, and encrypted – all snuggled down and safe, correct? Not entirely. How can you be certain this is the exact same file with all of the exact same attributes you stored away? There are thousands of files on your computer before you even turn it on for the first time. The system files are critical to keeping your machine running and secure. These system files will be updated with patches and others are dependent on dynamic content that is specific to the user and the machine. Add the files created or installed when you add applications or hardware, your files, and it is safe to say that there is no practical way for you to determine what might have been modified. Enter File Integrity Monitoring: an automated method of tracking changes made in your system with a complete audit trail of what occurred, when it happened, and who did it. Detection accomplished and responses made quicker and simpler.
System Logging and Auditing
Since your digital building consists of many machines and traffic going every direction, you would be hard pressed to constantly review the logs of all of the machines, firewall rules, file changes, logon/logoff, emails, print jobs, etc. Those logs are generated on every machine all day long. Trying to find an indication that a bad guy was attempting something nefarious would be essentially impossible, especially if the logs are not centralized and filtered to only show critical or suspicious events. This is why Security Incident Event Manager (SIEM) was invented. Needless to say, having all of these logs collated, tagged, and sorted by importance means auditing those records becomes significantly less painful.
Implementing a SIEM is a pretty advanced and expensive step for most organizations, but also the most advanced best practice in cybersecurity.
No, we aren’t bringing in references to a hilarious 1960’s sitcom, we are talking about building your knowledge and awareness of cybersecurity. If nothing else I have written resonates with you, this one must – you cannot neglect regular cybersecurity training for you and your staff. Our good friend, Bruce Schneier, says “The user is going to pick dancing pigs over security every time.” It is sad to say that Bruce is correct. You have to learn how to recognize social engineering and phishing attempts in order to combat the evil intentions of cybercriminals.
No matter how many technical safeguards you put in place, the bad guys will walk right in if someone holds the door for them.
Wrapping it up…for now…
“The nature of computerized systems makes it easier for the attacker to find one exploitable vulnerability in a system than for the defender to find and fix all vulnerabilities in the system.”
Bruce is not exactly the most optimistic voice when it comes to cybersecurity, but he is accurate. As I said at the beginning, you can and should do as much as you can to lock your doors and minimize the effect the bad guys can have when they inevitably get to you. Even if Bruce and I disagree on basic protections, we see eye to eye on the fact that we have to get everything right every time and the bad guys only have to be right once. The advantage is theirs, so let’s make sure to make it as tough for them as we can.
Your Secret Weapon in Your War Against Cybercrime
Business downtime is much more common than you may think. Every business faces the risk of business interruption every day, from an employee clicking on something that they shouldn’t have, hardware failure, the list just goes on and on. There are ways to protect your business from this loss of production time and data. We will explore real-world examples of downtime, and how you can protect yourself with a true business continuity solution. Join us to learn how to safeguard your organization in this presentation by Eric Torres, Datto expert.
Watch the replay here.