Call (716) 373-4467

What Happened?

WinRAR, a Windows data compression tool that focuses on the RAR and ZIP data compression formats for all Windows users (win-rar.com), recently announced that it had patched a 19-year-old security vulnerability that allowed cyber attackers to install malicious files on users’ hard drives. The problem many users will face is that the software does not auto-update so they will need to go through the manual update process to ensure their computer is no longer exposed to the security vulnerability.

What Should I Do?

Databranch recommends users uninstall WinRAR from their systems. WinRAR is a program that used to be needed to create zip folders and unzip folders but now this function is built into the Windows Operating System.

How Do I Uninstall WinRAR?

  1. Find the Control Panel in your Windows Explorer.
  2. Click on Programs & Features
  3. Select WinRAR and Press Uninstall Program

How Do I Find Out About Vulnerabilities Like This Sooner and Protect My Business From Being Affected By Cybercrime?

Databranch offers managed service plans to proactively monitor, detect, and remediate identified security vulnerabilities like this. We were able to remove this program from our managed client’s machines as soon as it became a known issue and our clients were able to continue working without interruption.

To learn more about becoming a Databranch Managed Services client, call 716-373-4467, email info@databranch.com, or fill out the form below to get started!

Get Started

Source: https://www.theverge.com/2019/2/21/18234448/winrar-winace-19-year-old-vulnerability-patched-version-5-70-beta-1


Databranch Offers Monitoring and Alerting of Stolen Digital Credentials, Increasingly Valuable Asset on Dark Web

Olean, NY –8/1/2018 – Databranch announced its new Dark Web monitoring services provided through its partnership with ID Agent, provider of Dark Web monitoring and identity theft protection solutions. With Dark Web ID, Databranch offers around the clock monitoring and alerting for increasingly compromised digital credentials, scouring millions of sources, including botnets, criminal chat rooms, peer-to-peer networks, malicious websites, bulletin boards and illegal black-market sites.

“Databranch views Dark Web ID monitoring services as a critical component of our managed security suite. Through the detection of compromised credentials, we are able to offer another security layer for our clients and respond to threats against their networks in an efficient, proactive manner.” said David Prince, President at Databranch.

 

The Dark Web is made up of various digital communities, and while there are legitimate purposes for the Dark Web, it is estimated that over 50 percent of all sites on the Dark Web today are used for criminal activities, including the disclosure and sale of digital credentials. 

 

“Digital credentials such as usernames and passwords are widely used to connect to critical business applications – the reason these credentials are among the most valuable assets found on the Dark Web,” said Kevin Lancaster, CEO of ID Agent. “Unfortunately, the unaffordability of cyber offerings has played into the cyber poverty line experienced by small businesses. Dark Web ID, however, delivers an affordable model that provides small businesses with the same advanced credential monitoring capabilities used by Fortune 500 companies to organizations in the SMB and mid-market space.”

 

Dark Web ID is the industry’s only commercial solution available to detect customers’ compromised credentials in real-time on the Dark Web. It vigilantly searches the most secretive corners of the Internet to find compromised data associated with your customers’ employees, contractors and other personnel, and notifies them immediately when these critical assets are compromised. There are a few competitors in the market but none completely focused on the Dark Web as ID Agent’s solution.

 

About ID Agent

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and to millions of individuals impacted by cyber incidents. The company’s flagship product, Dark Web ID, combines human and sophisticated Dark Web intelligence with capabilities to identify, analyze and monitor for compromised or stolen employee and customer data, mitigating exposure to clients’ most valuable assets their digital identity. From monitoring your organization’s domain for compromised credentials to deploying identity and credit management programs in order to protect the employees and customers you serve ID Agent has the solution. For more information, visit: http://www.idagent.com or go to LinkedIn, Twitter or Facebook.

 

About Databranch

Databranch, Inc., is an IT consulting and outsourcing provider serving local, national and international businesses in Western New York and Northwestern Pennsylvania since 1985. We help our clients use information technology to cut costs, increase efficiencies and enhance customer service across four main areas: managed technical services, networking, security, and data protection.

The Databranch staff is made up of highly skilled, experienced and certified professionals. Our clients look to us to provide technology solutions that work. We offer consulting services that provide organizations with the best possible solutions for the most affordable price that are executed with a personal touch.

Key Benefits of working with Databranch:

• Reduce complexity of managing your technology infrastructure.

• Gain confidence that your technology is aligned with your business goals.

• Have a team of skilled and certified technology professionals backing you at every step.

• Maintain flexibility, choice and control over your business.

For more information, visit:  http://www.databranch.com or go to LinkedIn, Twitter or Facebook.

Contact:                                                          

Amanda Lasky

Databranch, Inc.

716-373-4467 x 15

alasky@databranch.com

Recently, a few of our Office 365 Exchange Online clients have been receiving correspondence from Microsoft concerning the version of Outlook they are using. The message is Outlook 2007 and 2010 are out of mainstream support and their users might start experiencing reduced functionality. In this post, I’ll answer the two biggest questions we have been receiving from our clients, “What does this mean for me? and What do you recommend I do?”

What does the end of mainstream support for Outlook 2010 mean for my organization?

In general, there are two levels of end of support Microsoft products move into: End of Mainstream Support and End of Extended Support. When a product enters into the end of mainstream support it means Microsoft will no longer be releasing any non-security updates or new software design changes. The program will still function and is not a security risk to your network since Microsoft keeps releasing security fixes until the End of Extended Support date but because new features will not be added the software may not be as compatible with newer programs like Office 365 Exchange Online which is constantly being updated and improved to provide the highest level of service to subscription customers. This is why Microsoft is urging clients using their hosted email platform to upgrade their Outlook clients. Even though you will still be able to use Office 365 and connect to the platform for email, your experience will diminish over time and Microsoft won’t provide code fixes to resolve non-security related problems.

What does Databranch recommend our clients to do?

We recommend that organizations start upgrading their Outlook to a client that is still in Mainstream Support like Outlook 2013 or 2016 or start budgeting for Office upgrades. Like Windows 7, Outlook 2010 will be in Extended Support until 2020 and all users will want to be upgraded prior to the end of support date in October of that year.

Is your organization looking to migrate your email platform to Office 365? Databranch is a Microsoft Certified Silver Small and Midmarket Cloud Solutions Provider and is ready to assist with your migration. A Databranch Cloud Solutions specialist can be reached at 716-373-4467 ext. 15, info@databranch.com, or click here to get started.

Today we’re launching a new monthly series on the blog called “Ask a Databranch Engineer”. During these posts we’ll compile frequently asked questions from our clients and answer your top questions about information technology in the workplace. 

Anyone who watches the news has become all too familiar with this headline, “Data Breach at Company X”. From Target to the FBI, personal identifying information is being exposed at a rapid rate and a top question from our clients is, “What is one thing I can do as a small business to protect my organization’s valuable company data?” Here’s what our team had to say:

Aaron Duell (Systems Engineer): “If you’re not expecting an email and you don’t know the sender, don’t open the email!”

Jason Aderman (Systems Engineer): “Set-up a password protected screen saver. Users should never step away from their computer without locking their desktop and if you do happen to leave your computer unattended an automated screen saver with a password will ensure your computer is protected.”

Matt Hillman (Senior Systems Engineer): “I would rate the need for a complex password as a high security priority. Too many times we find the password is “password”, or the name of the person’s pet, or worse yet, written down right at their desk! A password should be at least 8 characters long, include a combination of upper case, lower case, and numbers, should not be a word easily identified in the dictionary, and is not a variation of the user’s name. Best practice now is to also include spaces and create a phrase, rather than use a single word. Recent operating systems require more complex passwords, but applying these basic rules will make it even more difficult for someone with malicious intent to guess a user’s password. And, it seems to be common sense, but a password should never be shared!”

David Prince (President): “If you get an email with an attachment (doc., PDF., etc.) be very careful and suspicious. If it appears to come from someone you know, I recommend contacting the sender to confirm they sent you an email with an attachment.”

Have a technology question you’ve always wanted answered? Reach out to Amanda Lasky at 716-373-4467 ext. 15 or alasky@databranch.com.

Next month our engineers will be answering the following questions, “Should I turn my computer off when I leave the office at night?” and “How can I be sure my data is protected in the cloud?”,as well as any other questions we receive in February.

  1. Login Notifications – Enabling this feature allows you to be notified when your account is accessed from a computer or mobile device that you have not used before.
    1. Click on Settings ==> Security ==> Edit
    2. There are two notification methods: Email or Text Message/Push Notification.
      • If you choose the Email Option:
        1. You need to check the box and save changes.
        2. You will now receive notification emails to the account associated with your Facebook Account.
      • If you choose the Text Messaging Option:
        1. You will be prompted to enter your cell phone number.
        2. You will receive a text with a confirmation code.
        3. To finish set-up, you will need to enter the code on the site and click save changes.
        4. You will now receive notifications to your phone.
      • You can enable both notification methods!
  2. Login Approvals – Enabling this feature allows you to use your phone as an extra layer of security to keep others from logging into your account. This means that when someone tries to log-in to your account from a browser that has not been previously used to access your account, you will receive a notification requiring your approval before access is granted.
    1. Click on Settings ==> Security ==> Edit
    2. Check box “Require a security code to access my account from unknown browsers”
      • Benefit: You are able to prove that it is actually you trying to access your account.
      • Note: These codes can only be sent to your cell phone via text message or through the Facebook app
    3. Click Get Started ==> Choose your phone type: Android, iPhone, iPod touch, or Other
      • If you choose Android, iPhone, or iPod touch:
        1. You will be asked to make sure you have the latest version of the Facebook App on your device.
        2. Next, you will need to activate Code Generator which will create new security codes in your phone’s Facebook app every 30 seconds. Follow the 4 steps provided on your screen.
        3. Using Code Generator, you will enter the security code provided.
        4. You then will have the option to delay needing a security code for a week after set-up or requiring a security code right away. We recommend you check the box that says, “No thanks, require a code right away.”
      • If you choose Other:
        1. You will be sent a text message with a code to confirm access to your phone for login approvals.
        2. Enter the security code once you have received it.
        3. You then will have the option to delay needing a security code for a week after set-up or requiring a security code right away. We recommend you check the box that says, “No thanks, require a code right away.”

If you set-up either feature below or are already using Login Notifications/Login Approvals, leave a comment below with your thoughts!