Call (716) 373-4467
31Oct

There was an article that came out this week written by the previous CIO of the New York City Law Department (which is also the world’s largest public sector law firm, fun fact), discussing the best ways to avoid ransomware. In the article he discussed 3 key points:

  1. Cyber Hygiene: This is an obvious one but cannot be underrated! Passwords must be changed regularly, and everyone must remain diligent while browsing their inbox.
  2. Best practices: Best practices in this context covers updating existing tech, using preventative technologies, and communication. To have the best practice for updating existing tech, put a priority on pushing out patches, use cloud web application firewalls and credential monitoring to stay a step ahead with preventative tech, and communicate with your security team and employees about what they should be doing as individuals and as a team.
  3. Testing disaster recovery plans: This point is self-explanatory, you need a test to see if your backup plans work. You wouldn’t leave the fire alarms untested!

With ransomware being seen all over the world from Atlanta to Moscow to Sydney, it is something every business should take into account.

Request your free security risk assessment and consultation with a Databranch Security Expert here:

https://www.darkreading.com/cloud/3-keys-to-reducing-the-threat-of-ransomware/a/d-id/1333113

1) In 2013, 37 critical updates were released for Windows 2003.  As of July 14, 2015, no new updates will be released for Windows Server 2003 and Windows Small Business Server 2003.

2) Unsupported products are more likely to be attacked by malicious parties, which may increase the cyber security risk to your business. 

3) Payment processors may not do business with you if your payments are going through an unsupported server.  Your business may not pass a business audit if you do not transition from unsupported software

4) An average security breach costs an SMB $50,000.  Running unsupported software and old hardware can be more expensive than upgrading to a modern technology platform

5) Improved performance, simplified management, and more affordable storage choices.

Click here to learn more about why your organization needs to transition from Microsoft Server 2003 before July!

Ready to discuss? You can reach Databranch at 716-373-4467, sales@databranch.com, or click here to get started.

Courtesy of Microsoft Community Connections

Our July Client of the Month is Jackie Gregg, Controller at Control Chief, a manufacturer of industrial crane remote control and locomotive remote control solutions. We have had the pleasure of working with Jackie since the early days of Databranch and have enjoyed partnering with Control Chief for their IT needs since 2009. Our mission is to help our clients succeed through effective planning, implementation and management of their technology and as Jackie says in the video below, “What do I have? I have peace of mind. I can go on vacation for a week and know that my servers are going to run and my people are going to keep working. If there’s a problem all I have to do is pick up the phone and I’m going to have someone here onsite with the problem fixed and that’s well worth the price we pay you every month. Would I recommend Databranch? Highly.” 

 

 

 
 

Recently, a few of our Office 365 Exchange Online clients have been receiving correspondence from Microsoft concerning the version of Outlook they are using. The message is Outlook 2007 and 2010 are out of mainstream support and their users might start experiencing reduced functionality. In this post, I’ll answer the two biggest questions we have been receiving from our clients, “What does this mean for me? and What do you recommend I do?”

What does the end of mainstream support for Outlook 2010 mean for my organization?

In general, there are two levels of end of support Microsoft products move into: End of Mainstream Support and End of Extended Support. When a product enters into the end of mainstream support it means Microsoft will no longer be releasing any non-security updates or new software design changes. The program will still function and is not a security risk to your network since Microsoft keeps releasing security fixes until the End of Extended Support date but because new features will not be added the software may not be as compatible with newer programs like Office 365 Exchange Online which is constantly being updated and improved to provide the highest level of service to subscription customers. This is why Microsoft is urging clients using their hosted email platform to upgrade their Outlook clients. Even though you will still be able to use Office 365 and connect to the platform for email, your experience will diminish over time and Microsoft won’t provide code fixes to resolve non-security related problems.

What does Databranch recommend our clients to do?

We recommend that organizations start upgrading their Outlook to a client that is still in Mainstream Support like Outlook 2013 or 2016 or start budgeting for Office upgrades. Like Windows 7, Outlook 2010 will be in Extended Support until 2020 and all users will want to be upgraded prior to the end of support date in October of that year.

Is your organization looking to migrate your email platform to Office 365? Databranch is a Microsoft Certified Silver Small and Midmarket Cloud Solutions Provider and is ready to assist with your migration. A Databranch Cloud Solutions specialist can be reached at 716-373-4467 ext. 15, info@databranch.com, or click here to get started.

Sitting Duck

Small businesses are under attack. Right now, extremely dangerous and well-funded cybercrime rings in China, Russia and the Ukraine are using sophisticated software systems to hack into thousands of small businesses to steal credit cards, client information, and swindle money directly out of your bank account. Some are even being funded by their own government to attack small, virtually defenseless businesses. 

Don’t think you’re in danger because you’re “small” and not a big target like a Target or Home Depot? Think again. 82,000 NEW malware threats are being released every single day and HALF of the cyber-attacks occurring are aimed at small businesses; you just don’t hear about it because it’s kept quiet for fear of attracting bad PR, lawsuits, data-breach fines and out of sheer embarrassment.

In fact, the National Cyber Security Alliance reports that one in five small businesses have been victims of cybercrime in the last year – and that number is growing rapidly as more businesses utilized cloud computing, mobile devices and store more information online. Quite simply, most small businesses are low-hanging fruit to hackers due to their lack of adequate security systems.

As a local IT support company, we work day and night to protect our clients from these attacks – and unfortunately we see, on a regular basis, hardworking entrepreneurs being financially devastated by these lawless scumbags – We are determined to WARN as many businesses as possible of the VERY REAL threats facing their organization so they have a chance to protect themselves and everything they’ve worked so hard to achieve.

Free Report Reveals The Critical Protections Small Businesses Need Today

We want to do everything that we can to stop cybercrime, so we have put together a FREE Executive Report titled “7 Urgent Security Protections Every Business Should Have In Place Now” that we have made available at no charge here on our website at www.databranch.com/sittingduck.

Download your free Report today at www.databranch.com/sittingduck or by calling our office at 716-373-4467 ext. 15.

Today we’re launching a new monthly series on the blog called “Ask a Databranch Engineer”. During these posts we’ll compile frequently asked questions from our clients and answer your top questions about information technology in the workplace. 

Anyone who watches the news has become all too familiar with this headline, “Data Breach at Company X”. From Target to the FBI, personal identifying information is being exposed at a rapid rate and a top question from our clients is, “What is one thing I can do as a small business to protect my organization’s valuable company data?” Here’s what our team had to say:

Aaron Duell (Systems Engineer): “If you’re not expecting an email and you don’t know the sender, don’t open the email!”

Jason Aderman (Systems Engineer): “Set-up a password protected screen saver. Users should never step away from their computer without locking their desktop and if you do happen to leave your computer unattended an automated screen saver with a password will ensure your computer is protected.”

Matt Hillman (Senior Systems Engineer): “I would rate the need for a complex password as a high security priority. Too many times we find the password is “password”, or the name of the person’s pet, or worse yet, written down right at their desk! A password should be at least 8 characters long, include a combination of upper case, lower case, and numbers, should not be a word easily identified in the dictionary, and is not a variation of the user’s name. Best practice now is to also include spaces and create a phrase, rather than use a single word. Recent operating systems require more complex passwords, but applying these basic rules will make it even more difficult for someone with malicious intent to guess a user’s password. And, it seems to be common sense, but a password should never be shared!”

David Prince (President): “If you get an email with an attachment (doc., PDF., etc.) be very careful and suspicious. If it appears to come from someone you know, I recommend contacting the sender to confirm they sent you an email with an attachment.”

Have a technology question you’ve always wanted answered? Reach out to Amanda Lasky at 716-373-4467 ext. 15 or alasky@databranch.com.

Next month our engineers will be answering the following questions, “Should I turn my computer off when I leave the office at night?” and “How can I be sure my data is protected in the cloud?”,as well as any other questions we receive in February.

Take this quiz to find out!
 

How can you tell if you are receiving poor or substandard service? 

 
How do you know if your computer guy is doing everything possible to secure your network from downtime, cyber-criminals, data loss, or other frustrating and expensive disasters? 
 
Could your current computer guy actually be jeopardizing your network?

 
If your computer support company does not score a “YES” on every point, you could be paying for substandard support. 
 
  • Do they respond to emergencies in 30 minutes or less?
  • Are they easy to reach when you need them for non-emergencies?
  • Do they offer ongoing maintenance to keep your systems running smooth?
  • Do they proactively offer new ways to improve your network’s performance?
  • Do they provide detailed invoices that clearly explain what you are paying for?
  • Do they complete projects on time and on budget?
  • Do they follow up on your support requests quickly?
  • Do they offer a guarantee on their services?
  • Do they arrive on time and dress professionally?
  • Do they have other technicians on staff who are familiar with your network in case your regular technician goes on vacation or gets sick?
  • Do their technicians maintain current vendor certifications and participate in ongoing training?
  • Are you confident they aren’t learning on your time?
  • Do they give you their full attention rather than seeming constantly rushed?
  • Are they adamant about backing up your network and having a disaster recovery plan in place?
  • Do they offer to meet with you regularly to review your business plans, your network status and their own performance in supporting your company?
  • Do they provide frequent updates, status reports and follow-up calls and e-mails so you don’t have to manage their progress on projects?
  • Do they offer flat-rate or fixed-fee project quotes, rather than giving themselves a wide-open playing field with “time and materials”?

 


You Already Take Security Seriously… Why Not Take Security to the Next Level with Strong, Easy-to-Manage Passwords?

 

Introducing

Password Management as a Service


Your business has always taken security seriously and been mindful of protecting your data. You’ve invested in firewalls, anti-virus programs, spam filtering, and backup/disaster recovery tools. But when is the last time you considered the first line of defense beyond all these security measures? Passwords are used to protect your systems, data, and online accounts; however, the difficulty of remembering strong passwords often puts people off creating them. Interested in learning more about Databranch’s new password management service? Reach out to a Databranch Account Manager at 716-373-4467, info@databranch.com, or click here to get started.


Our Password Management as a Service offering makes it simple for you to use strong passwords while delivering the following benefits:

 
 
 
Ease of Use
Your staff members can easily reset their own Windows login passwords without needing to call the help-desk and wait for a response.
 
 
 
Enhanced Productivity
Your staff members will no longer waste time hunting for or trying to remember passwords, and through one-click login tools…
 
 
 
Improved Operational Efficiency
Your staff members will be able to consolidate website favorites/ bookmarks across all computers using one click login tools…
 
 
 
Unsurpassed Security
Your staff members will use more complex passwords as opposed to easily remembered passwords – and each password will be unique.
 

 

  1. Login Notifications – Enabling this feature allows you to be notified when your account is accessed from a computer or mobile device that you have not used before.
    1. Click on Settings ==> Security ==> Edit
    2. There are two notification methods: Email or Text Message/Push Notification.
      • If you choose the Email Option:
        1. You need to check the box and save changes.
        2. You will now receive notification emails to the account associated with your Facebook Account.
      • If you choose the Text Messaging Option:
        1. You will be prompted to enter your cell phone number.
        2. You will receive a text with a confirmation code.
        3. To finish set-up, you will need to enter the code on the site and click save changes.
        4. You will now receive notifications to your phone.
      • You can enable both notification methods!
  2. Login Approvals – Enabling this feature allows you to use your phone as an extra layer of security to keep others from logging into your account. This means that when someone tries to log-in to your account from a browser that has not been previously used to access your account, you will receive a notification requiring your approval before access is granted.
    1. Click on Settings ==> Security ==> Edit
    2. Check box “Require a security code to access my account from unknown browsers”
      • Benefit: You are able to prove that it is actually you trying to access your account.
      • Note: These codes can only be sent to your cell phone via text message or through the Facebook app
    3. Click Get Started ==> Choose your phone type: Android, iPhone, iPod touch, or Other
      • If you choose Android, iPhone, or iPod touch:
        1. You will be asked to make sure you have the latest version of the Facebook App on your device.
        2. Next, you will need to activate Code Generator which will create new security codes in your phone’s Facebook app every 30 seconds. Follow the 4 steps provided on your screen.
        3. Using Code Generator, you will enter the security code provided.
        4. You then will have the option to delay needing a security code for a week after set-up or requiring a security code right away. We recommend you check the box that says, “No thanks, require a code right away.”
      • If you choose Other:
        1. You will be sent a text message with a code to confirm access to your phone for login approvals.
        2. Enter the security code once you have received it.
        3. You then will have the option to delay needing a security code for a week after set-up or requiring a security code right away. We recommend you check the box that says, “No thanks, require a code right away.”

If you set-up either feature below or are already using Login Notifications/Login Approvals, leave a comment below with your thoughts!

Last week one of our customers was contacted by “Microsoft”. He was told that a virus had been discovered on his computer and that the “tech” needed access to his machine. By the end of the call his perfectly good computer was so infected with malware his best option was to wipe the device and start fresh, losing his personal data.

The worst part of the story is he thought he was talking to a Databranch engineer.

This scam has been around for a few years now and is showing no signs of slowing down. Here are a few tips to help you recognize the situation and avoid becoming their next victim.

  1. Unless you are expecting a call from Microsoft or Databranch, it is relatively safe to assume the call is not legitimate. If you are concerned, please hang-up and reach out to Microsoft or our office (716-373-4467) directly. Our business hours are Monday-Friday, 8am-5pm, so if you get called outside of that time or at your home, please hang-up!
  2. DO NOT download any software, go to any links, or provide any personal or credit information. These scammers are looking to install malicious software on your machine to steal your passwords, online banking info, etc., trying to get you to click on links that give them remote access to your machine, or get you to provide them credit card information to pay them for their services. In the end, it’s all about the money and how much they can get from you!
  • Common organizations the scammers pretend to be from:
    • Windows Helpdesk
    • Windows Service Center
    • Microsoft Tech Support
    • Microsoft Support
    • Windows Technical Department Support Group
    • Microsoft Research and Development Team

If you have been victim of a telephone scam please take the following steps:

  1. Change your passwords
  2. Scan your computer for malware. One free program we recommend is called Malwarebytes.
  3. Install/Update Anti-Virus Software
  4. Report the call to the FTC – 1-877-FTC-HELP

When your system is compromised, the best thing you can have is a good back-up of your data. If your system is recoverable, the consequences of an attack are less severe. Click here to learn more about are favorite back-up/disaster recovery solution.

For another take on this scam check out this article from Forbes Tech: http://onforb.es/VOG9FI

Have you been a victim of a telephone scam? Share your story or ask any questions in the comments below!