Find the latest news and information here.
Questions Every Business Leader Should Ask Before Choosing MFA
Multi-factor authentication (MFA) is an essential piece of security for any modern business. Whether you’re trying to meet compliance requirements or trying to increase the security of your business, MFA can help. By implementing MFA, you can help secure your company’s assets, confidential information, and accounts – especially if you have remote workers, privileged users, Cloud applications, and employees that access corporate resources on their laptops. Implementing MFA also minimizes the risk of a breach and the reputation damage, legal fees, and other consequences that come with that.
A warning – not all MFA is created equal. By asking these questions, you can better determine whether a potential MFA solution will provide the security you need or if you need to look elsewhere.
- Does your MFA solution use SMS-based verification as the primary or default authentication option?
SMS-based verification is less secure than other methods because it is vulnerable to hijacking. It is acceptable as a back-up method since using multiple factors of authentication will always be stronger than using just one layer of protection. However, SMS-based authentication should not be the primary or default method used. If it is, look elsewhere.
- How is the user experience for end users?
A good user experience is critical to ensure successful MFA adoption. If end users feel that the particular solution impedes productivity and prevents them from accessing the resources they need, it will not work. Ask the service provider to walk you through the user experience and question any parts that you predict will frustrate your employees (e.g. certain hardware tokens that are easily lost or forgotten). Ask the service provider if there are features that help with end-user adoption or if they have any recommendation on gaining end-user adoption.
- Does it support offline authentication?
If you have employees that travel for work and that need to access their laptops while on the airplane, you’ll need to ensure that your chosen MFA solution supports offline authentication. There are other instances, such as when you are connecting to hotel Wi-Fi or public Wi-Fi or when an Internet connection is spotty, in which offline authentication is required. Ask the service provider about offline authentication options and be sure that their solution is easy, secure, and doesn’t require helpdesk connections.
- Does the solution support secure Web Single Sign-On (SSO)?
Web single sign-on not only makes the solution easier for the end user, but also makes it more secure. It’s essential that Web SSO into Cloud applications is supported by any MFA solution you are considering. If your company uses many different Cloud applications and each of those apps require users to sign in and create passwords, then the user experience becomes very complex. It also means employees will need to reset their passwords more often and may require helpdesk support more often. This can be avoided with single sign-on, which enables users to sign on just once to access all their Cloud applications. This ultimately provides a better user experience and is an important motivation for user adoption.
- What is the MFA vendor’s business model?
When purchasing MFA, it’s not just important to make sure the solution meets your needs, but that the solution provider is the right fit for you as well. Ask the solution provider about their business model to get a feel for how much they’ll be able to support you beyond just the purchase. Will they be able to support all your needs during deployment? Do they have local partners to provide support if there are ever issues? Does their pricing model accommodate how and when you want to allocate license?
- Is the solution localized for end users?
End-user facing applications should be localized. While the management interface does not need to be localized, the language of the UI should be appropriate for all applicable regions. This is critical for end-user adoption of any MFA solution. Remember that an MFA end user is most of the time not a cyber security expert.
- Is the solution easy to manage?
Management and token allocation should be simple, quick, intuitive, and web-based, even for non-experienced operators. How easy is it to set up and start using the solution? How fast can you add a resource to be protected by the MFA solution? How fast and easy can you provision authenticators for the users? Is the admin interface easy to understand and use? Seek solutions that provide a comprehensive interface for what you need without requiring you to be an expert.
- How much does the solution cost?
Asking about pricing is a given, but we wanted to bring it up because MFA pricing can be unclear and sometimes there are hidden costs. How is it sold: per user, per authenticator, or even per protected application? Is support included – both technical support and subscription management support? Are there any other hidden costs that may apply, such as extra software you will need to license? Pricing for MFA is often done in bands or ranges with bulk discounts. If you fall below a certain range, work with the solution provider to see how you can be creative to meet the bulk requirements of the next pricing band.
For additional information, talk to your dedicated consultant at Networks Plus.
The Easiest Way To Disaster-Proof Your Cybersecurity
Though no one would dispute the increasing prevalence of cyber-attacks on businesses in recent years, many small-business owners believe themselves and their business to be immune to such attacks. Broadly speaking, many small-business owners are likely to think that cybercriminals will go after the bigger fish. However, the fact of the matter is that cyber-attacks are crimes of opportunity, and small businesses often have access to a good amount of sensitive data without many major safeguards. In other words, they’re low-hanging fruit, ripe for the picking.
Back in 2019, two-thirds of respondents to a survey about cyber security didn’t believe that their small to mid-size business (SMB) would fall victim to a cyber-attack. Consequently, only 9% of respondents said cyber security was a top priority for their business, and 60% didn’t have any sort of plan for deterring a cyber-attack. All of this, despite the fact that, according to a report from CNBC, SMBs endured 43% of reported cyber-attacks, and according to data from the Ponemon Institute and Keeper Security, 76% of SMBs in the U.S. alone reportedly endured a cyber-attack within the previous year.
Every small-business owner should have some plan for deterring cyber-attacks so they don’t end up as another statistic. Here are a few strategies for keeping the cybercriminals at bay.
Boost Your Cloud Security
Storing data in the cloud is easy and cost-effective, but you should take care to find the most secure cloud storage platforms. Not all cloud platforms make security a priority, but some do. And be sure to have a back-up solution in place for your cloud storage.
Secure All Parts Of Your Network
Our computers and the many smart devices hooked up to our network can become weak spots for hackers to get in. Taking steps to safeguard each device in your network with strong passwords and robust authentication measures will go a long way toward keeping the hackers at bay. In fact, one of the most basic security measures you can take for your network is to restrict access to your WiFi with a strong password.
Invest In Extra Security Measures
Virtual private networks (VPNs), firewalls, and advanced endpoint security agents are all tools that are highly effective in protecting against cyber-attacks, even if they can’t prevent 100% of them.
Pay Attention To Updates And Upgrades
When you get notified that one of the technological tools that you use has a new update, it’s easy to ignore it. However, you should commit to regularly updating and upgrading these tools because developers will often add patches to their programs that make them more secure against attacks with each update. So, it behooves business owners to regularly install updates for their tech tools. Don’t want to worry about installing every patch? Hit your consultant up about software that can do that for you on all of your endpoints.
Back Up Your Data
With one of the most common forms of cyber-attacks being ransomware attacks, where hackers will hold your company data hostage until you pay them a ransom amount, having your company data stored on multiple backups can ensure that your business won’t crumble due to your data’s inaccessibility.
Limit Employee Access To Your Network
As much as we’d wish it weren’t true, many cyber-attacks don’t come from outside of your company. Instead, they originate from within. If you want to limit the amount of damage that someone inside your company can do in a cyber-attack, the best course of action is to limit their access to different parts of your network.
Train Your Employees
At the same time, just as many cyber-attacks occur not because of an employee’s malicious intent, but because of their natural human characteristic to trust others. They click on a link in a sketchy e-mail and fall for a phishing scheme, volunteer their password info without thinking about it, click on an attachment from a source asking for their help, or choose a weak password for their computer. That’s why you need to dedicate time to training your employees on best practices when it comes to security.
Set Up A ‘Security Culture’ At Your Workplace
You need to make cyber security a top priority, not just for your IT department, but for every department at your business. When everyone works together to protect their workplace from a cyber-attack, you have a better chance of succeeding.
Will protecting your business from a cyber-attack require a good amount of time and money? Absolutely. Can you afford to ignore the prevalence of cyber-attacks any longer? Statistically, no. The sad truth is that 60% of SMBs that fall victim to a cyber-attack end up shuttering within six months. Don’t put yourself in that kind of position. Instead, take your business’s cyber security seriously.
Beat The Heat!
Beat The Heat! How The Dog Days Of Summer Can Wreak Havoc On Your Technology
The dog days of summer are here, and it’s hot out! Homeowners and business owners alike are bracing for their upcoming power bills as they run their air conditioners around the clock trying to keep cool. But for many business owners, it’s not just about keeping your team cool – it’s also about keeping your technology cool.
Every piece of technology you use is susceptible to heat damage. Sometimes they overheat due to internal issues. Maybe they’re processing a lot of data. Or maybe the internal cooling system isn’t enough. But they can also overheat due to external issues, such as high summer temperatures, inadequate air conditioning, or being left in vehicles on a hot day.
If heat overwhelms your systems, it has the potential to knock out your business. If computers go down or servers can’t run efficiently due to heat, it can be a costly disaster. The average computer is built to work in external temperatures of 50 to 82 degrees Fahrenheit. Laptops and tablets can handle 50 to 95 degrees Fahrenheit.
Every business should be aware of just how much damage heat can cause. For example, heat can damage individual components in your devices. There are records of graphic cards bursting into flame as a result of overheating and heat-related electrical issues. These components are designed to withstand high heat, but they can only take so much.
Heat can also disrupt productivity. It’s one thing if your business is warmer than usual and you have fans running. It can make work harder. But heat slows down devices. They cannot run as efficiently and, as a result, programs and apps will struggle to run. In some cases, they might not be able to run at all because they require a certain amount of data processing that is negatively impacted by too much heat.
If your systems are disrupted or damaged, you can also lose critical data. Heat can damage hard drives and solid-state disk drives, leaving you without access to your data. Sometimes, with proper cooling, this data can be recovered, but if the heat and damage persist, the data may be unrecoverable if you don’t have a backup.
What’s the next step? Every business needs to fully understand its cooling needs. It’s one thing to cool people working in an office. It’s something else entirely to cool a server room. Ask yourself questions like:
- Does your business have adequate and efficient air conditioning?
- Does your technology (such as a computer or server room) have adequate air conditioning?
- Have you educated remote or mobile employees about the dangers heat can cause to their laptops and tablets if they are left in a vehicle?
- Do individual devices have adequate cooling (have employees complained about weird app slowdowns)?
On top of this, it’s critical to ask questions about your data security needs:
- Do you keep all of your data on-site?
- Is your data protected from natural disaster or outside intrusion (have you invested in cyber security)?
- Do you have a plan if your data is damaged or lost?
- Do you routinely back up your data to the cloud or another off-site solution?
You never have to compromise your data or your business. There are countless solutions on the market today to help you protect your most valuable assets – and even to help with your technology cooling needs. As you navigate the dog days of summer, remember you have options. Contact your local business consultant for more information at firstname.lastname@example.org. They can help you ensure the longevity of your technology and keep your data safe.
Password Managers & Why We Need Them
By: Paul Facey, Advanced IT Technician
Let me start off this little article with a few questions for you to ponder:
- How many passwords do you have?
- Do you consider them complex?
- Are you using the same one (or variation of one) over and over?
- Do you constantly forget them and need to reset them, wasting time and generating frustration?
- Do you have any passwords stored under your keyboard?
- Are you using your web browser to store your passwords? (GASP)
If any of the above questions made your heart beat a little faster, then this post is for you!
What is a password manager?
Gone should be the days of weak passwords or writing down passwords and putting them under the keyboard, or even worse, on a sticky note on the side of the monitor.
A password manager is simply an application that allows users to record passwords in a secure environment and then access those passwords in a convenient manner. Depending on the password manager, passwords can also be shared between users for sites and applications requiring shared access.
How does it work?
Password managers are usually an application or browser plugin that each user has installed on their system that records user logins and passwords. Most web browsers include a basic password management system, however these systems lack in both security and features that significantly improve the user experience.
What does Networks Plus recommend?
Networks Plus has partnered with LastPass – a leading Password Management and Multi-Factor Authentication provider to offer LastPass Password Management.
The LastPass Password Management system offers a robust tool set that enables both users and administrators to securely create, use, and manage credentials across a large collection of sites and platforms.
Some the features of LastPass Include:
- Web based and browser plugin based management. Users can access the password manager from any location with an internet connection. This includes the office, home, and mobile.
- Policy management forces users to create and use password that meet minimum complexity levels and remind users if passwords are getting old and need to be updated.
- Password sharing allows multiple users the ability to share passwords and even create groups for shared passwords. Users that no longer need access to the credentials can simply be removed from the group.
- The LastPass Phone App seamlessly integrate. This way if a user’s mobile device is damaged or replaced, MFA codes and account logins can be quickly pulled down again on a new device.
- Scoring and reporting features alert your admins when users are using good complex passwords or are using the same password repeatedly at multiple sites.
- No more sticky notes or passwords under keyboards.
- No more passwords of 12345
- No more using the same password at every site because it is easy to remember
- No more constantly resetting passwords because users cannot remember what they are
So, there you go! And remember, if you could relate to any of those questions at the beginning of this article, it might be a good idea to reach out to us and see how we can help you protect your businesses’ passwords. Reach out to email@example.com or give us a call at 800.299.1704.
Want to learn more about why it is so important to protect your passwords? Check out this article at toolbox.com – https://tinyurl.com/5946ejys
Using Microsoft 365 Without MFA In Place? You Are At Risk.
By: Brad Jepsen, Master IT Engineer/Sales Engineer
If you use Microsoft 365 products and you don’t have MFA (Multi-Factor Authentication) enabled in your organization yet, you are at heightened risk of user accounts getting compromised.
I can’t say this more plainly – if you do not have MFA in place and a cybersecurity incident hasn’t happened to you yet, it is only a matter of time before you fall victim.
What is MFA for Microsoft 365?
MFA increases the security of user logins for cloud services beyond only using a password. With MFA for Microsoft 365 users are required to take a second step to sign in. This step comes after the user has correctly entered their password and can either come in the form of a text message or an app notification on their phone.
What’s my risk if I’m not using MFA?
- A single password is not enough, regardless of how complex it is. Hackers have ways to crack passwords.
- Phishing emails appearing legit can lead end-users to hand over their login credentials to the hacker.
- If your data is compromised in Microsoft 365, it then gives the hacker access to everything saved in the software, including emails and data in OneDrive and SharePoint.
- Non-Compliance. Depending on your industry, MFA may be one component of compliance standards.
- If your credentials are compromised, hackers can send emails directly from your account. For example, the hacker could send phishing emails to your customers with ransomware and other types of malware.
- Your business reputation. You don’t want to have to answer to questions from your contacts/customers about why you don’t have safeguards in place to protect both your business and theirs.
What are the cons of MFA?
- You may have concerns about setup costs. Some may believe that it’s too expensive to set up or you just don’t have the time to do it. While cost is always a factor to consider, setting up MFA does not require a lot of time. The protection you get from MFA significantly outweighs the costs.
- End-user training. Yes, by enabling MFA you are requiring all users to learn an additional step to log in and it’s less convenient. However, within a few days users will have an understanding and the login process will only take a few additional seconds.
The majority of today’s data breaches are a result of compromised credentials. We strongly urge our partners to take action now to implement MFA to protect yourself and your customers.
For any further questions about protecting your data and/or enabling MFA for Microsoft 365, please reach out to your Business Consultant at firstname.lastname@example.org or Technical Support team at email@example.com.
How to Sign Into the Networks Plus Customer Portal:
Visit: Go directly to the website networksplus.myportallogin.com, or click on the “View Ticket” link in your generated service ticket email from Networks Plus.
The following sign-in options are available for the Networks Plus customer portal. Please note, the email used to long onto the customer portal needs to match the email address under the contact in ConnectWise Manage. If you are having issues signing in, please contact us at firstname.lastname@example.org for assistance.
- Microsoft – Allows users to sign in with their own Microsoft Credentials
- Note: This must be a cloud-based Microsoft account. This could be Azure Active Directory, a personal Microsoft account, or Microsoft 365. On-premises Active Directory is not supported. The first time a user logs in with this option, they must grant consent for access to their basic Microsoft profile information, including name and email address.
- Google – Allows users to sign in with their own Google Credentials
User Permissions Options
The “Users” screen is where portal administrators can define permissions and create new users for their Customer Portal. Users automatically sync from Manage. To log in to the Customer Portal, each user must be created as a contact and associated with a company in ConnectWise Manage. Only Active users are displayed in the portal. Use the search feature to quickly locate users by first name, last name, or company.
By default, all users listed under companies in ConnectWise Manage have a role of “Standard User” assigned to them, meaning they can log into the portal, submit tickets, and look up tickets. If an admin requests additional access, that change must be done within the Admin portal.
Watch the full tutorial here.
Looking at Ordering New Business-Grade PCs or Servers in the Next Year? The Time to Order is NOW.
By Kelly Gillespie
If you have tried to order business-grade electronics lately, you may have noticed there are slim pickings out there in some categories. This is due to a shortage of processors and other electronic components. The IT and cybersecurity industries aren’t the only ones that have been hit. Everything from gaming consoles to the auto industry has been affected.
So, what has caused this shortage and when will it end? The answer to that question is not too complicated, but it does have layers.
As of January 14, 2020, any computer running Windows 7 still functions, but Microsoft no longer provides technical support for any issues, software updates, or (what we consider the biggest issue) security updates or fixes for businesses. This means any business with Windows 7 PCs now has unlocked doors and windows to their IT and cyber networks. Unfortunately, many of these businesses waited until the last minute to replace their laptops and desktops. That meant millions of PCs being replaced globally from late 2019 to early 2020. Computers were being put on backorder and stocks started to run low.
In addition, Windows Server 2008 went end of life the same month. So, now servers needed to be replaced as well. Server stocks were being depleted not quite as fast as the PCs, but the components still needed to be made to keep up with the demand. This puts even more strain on the PC and laptop markets already struggling to keep up.
Now, don’t forget to layer in the global pandemic that slowed manufacturers to a crawl at best, and shut them down for weeks (if not months) at worst. The shortage of parts only got worse. On top of manufacturing facilities unable to produce at full capacity, shipping was also limited as facilities struggled to keep their workers safe and healthy.
So, what about now? In a nutshell, the industry has not fully recovered just yet. Computers and other electronics are still in short supply. If you want to replace your systems later this year or even early 2021, the time to start ordering is now. It is not uncommon for us to see certain equipment backordered for up to 6 months.
What can you do to ensure you are sticking with your life cycle plan for your system over the next year? Contact your business consultant here at Networks Plus and we will work together toward your timeline and finding the right options for your business. Email us at email@example.com and we will set up an appointment to discuss your priorities over the next year.
For more information on affected industries, you can visit this article: What’s causing the chip shortage affecting PS5, cars and more? (cnbc.com)
World Backup Day – A Great Time To Take A Look At Your Backup Practices
By Adam Boyle, Senior Business Consultant
We have all been advised to perform tornado and fire drills at least once a year, but when is the last time you took a hard look at your backup practices. And are you checking these practices regularly? March 31st is World Backup Day and is a great reminder to get your annual data check-up on your calendar.
Here are some simple steps to follow for your annual check-up:
- Know where your data resides. The more places data exists, the more likely it is that unauthorized individuals will be able to access it. Quiz your employees and consider using data discovery tools to find and appropriately secure data.
- Control access to your data. Once you have defined every place your data lives, it is time to limit your employees’ access to specific data they need to perform their jobs. This isn’t a matter of whether or not you trust your employees, it’s a matter of keeping your data as secure as possible. Any administrative privileges should be kept to a very small number of trusted and qualified staff.
- Define how you are protecting each data point. Go through the practice of documenting how each data point is protected. It is so important to remember that just because some of your data may live in the “cloud”, it does not mean it is backed up. Microsoft makes no guarantee on backing up your data and clearly states that it is the user’s responsibility. In fact, 75% of companies that use applications like OneDrive, SharePoint, Outlook, Calendar, and others experience a data loss incident every year – and most of it is unrecoverable. The good news is, there are solutions that can back up your data in these applications. (Shameless sales plug – YES, Networks Plus can help you with this.)
- Decide on the amount of downtime you are comfortable with for data that resides on your business server. If your business has evolved over the past year, this too may have changed. Have the discussion on whether or not your leadership is comfortable with your current backup solution. How many times a day do you feel you need to back up? Discuss with your trusted IT provider on whether or not you are needing instant recovery and get a plan in place.
Not sure where to start? No problem. Give Networks Plus a call and we can take these steps off your plate, or help your team learn how to walk through them.
Microsoft Zero-Day Exploits
By: Jake Schulte, IT Manager
This week Microsoft detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments.
Before panic sets in, it’s important to note that Exchange Online is not affected. If you’re currently using Microsoft 365 services through Networks Plus and using Exchange Online – no action is needed.
Microsoft released patches for multiple on-premises Microsoft Exchange Server zero-day vulnerabilities being exploited by a nation-state affiliated group. The vulnerabilities exist in on-premises Exchange Servers 2010, 2013, 2016, and 2019.
To minimize or avoid impacts of this situation, Microsoft highly recommends that you take immediate action to apply the patches for any on-premises Exchange deployments. To patch these vulnerabilities, you should move to the latest Exchange Cumulative Updates and then install the relevant security updates on each Exchange Server.
Microsoft published a blog providing an overview of the attack and a link to the security updates that were released. You can view that information here: Microsoft Blog – New nation-state cyberattacks.
How To Enable Remote Work Without Exposing Your Entire Business To Cybercriminals
A record number of businesses said goodbye to the traditional in-office work model in 2020. They embraced the remote work model as they adapted to the new COVID-19 reality. It was a huge shift that came with many challenges, and some of those challenges are still felt today.
One of those challenges was – and is – cyber security. Businesses wanted to get their remote workforce up and running, but there were a lot of questions about how they would keep their newly remote employees secure.
So, how can you enable remote work while keeping your business and your employees secure? How do you keep cybercriminals out? The answer is multifaceted. There is no one-size-fits-all approach to cyber security — that would make things much easier! But there are several steps you can take to help your remote team stay productive while keeping the cybercriminals out. Here are three things you need to do:
- Skip the public WiFi. This is Cyber Security 101. Never use unsecured, public WiFi, especially when working. For remote employees who have the option to work from anywhere, using public WiFi is tempting. It’s just so easy to access, but it comes with huge risks, including the potential to expose your device to intruders.
Thankfully, there are plenty of options to help keep employees connected without having to worry about snoops. The most popular is the VPN, or virtual private network. VPNs allow remote workers to securely access the Internet, even through public WiFi. VPNs are ideal for remote workers who need to routinely access your network.
Another option is the personal hotspot. This is a portable WiFi access point, usually paired with data service through a telecom like Verizon, AT&T or T-Mobile. It gives remote workers flexibility to work anywhere they can get high-speed data service. Because the remote worker is the only person on the hotspot (and should be the only person), there is less worry about hackers snooping for your data.
- Have a strong device policy. When it comes to cost-cutting, it can be appealing to let employees use their own devices while working remotely. Avoid this, if possible. The bring-your-own-device (BYOD) approach has its benefits, including keeping costs down, but the security costs could be massive, especially if an employee gets hacked or misplaces crucial data. In short, BYOD can get complicated fast, especially for businesses unfamiliar with the BYOD approach.
That said, many businesses work with an IT services company or managed services provider to create a list of approved devices (PCs, laptops, tablets, smartphones, etc.) that employees can use. Then those devices are loaded up with malware protection, a VPN, and other security solutions. So, while employees may be using a variety of devices, they all have the same security and other necessary software in order to perform their duties.
The best device policy, however, is to provide employees with work devices. This ensures that everyone is using the same hardware and software, and this makes it much easier to keep everyone up-to-date and secure. It takes a little more effort logistically, and it has a higher up-front cost, but when it comes to keeping your business secure, it’s worth it.
- Don’t forget about physical security. While a lot of businesses are focusing on digital security right now, they’re not putting a similar focus on physical security. They may have a team of people working remotely spread across different neighborhoods, towns, states or countries. This mobility comes with the risk of device theft or loss.
If employees will be carrying their work devices with them for any reason, those devices should be kept nearby at all times. That means never leaving work devices in vehicles or unattended at a café or airport (or any location). Never leave a device where it has the potential to be taken.
It’s also important to remind employees to not only keep their doors locked but also keep work devices out of sight. You wouldn’t want to set up a home office in a room facing the street outside while leaving the windows open and the door unlocked, because you never know who may walk or drive by. Just as cybercriminals are always looking for ways to break into your network, criminals are looking for opportunities to walk away with high-value items.
The way we work is changing, so we must be prepared for whatever happens next. Implementing these three steps will give you a starting point, but they aren’t the end point. Work with an experienced MSP to get the most out of your remote work approach. Many businesses will not be returning to the traditional in-office model, so the more steps we take to secure our businesses and our remote teams, the better off we’ll all be.