Who Else is Using Your Email Address

Imagine this scenario. You get into your office in the morning and start checking your email. Everything seems business as usual, until you come upon an email that tells you that your email to someone has failed. You look and don't recall sending an email to that email address. You don't even know who that email address belongs to!

This isn't an uncommon scenario. As email has become the primary method of communication for businesses, more and more people are trying to figure out how to gain access to email addresses to send spam emails or access sensitive or valuable information. If you feel this has happened to you, don't freak out. It's probably one of two situations.

  • 1
    Your email has been spoofed. This is the most common one. It's when a spammer sends spam emails but makes it look like they're coming from your email address. The spammer does not have access to your inbox but any replies to the spoofed emails will show up in your inbox. There's not much you can do about this. Frankly, spoofing email addresses are very easy to do. Having your email address spoofed is annoying but your data is safe.
  • 2
    Create a policy that forces your users to change their email password every 60 or 90 days.

It won't prevent anyone from spoofing your email address but you can at least feel confident that if someone had access to your inbox they don't anymore. Here's a few more things you can do to make your email inbox hack-proof.


​As always, if you have any more questions or need help we're here for you!

  • 1
    Create a policy that forces your users to change their email password every 60 or 90 days.
  • 2
    Turn on Two-Factor Authentication for your email address.
  • 3
    If you check your email from your phone, make sure that your phone requires a separate password or pin.

If you have any questions or concerns, don't hesitate to let us know.  That's what we're here for.

Continue reading

Windows 10 Creators Update

Back in April Microsoft began to release the newest build of Windows 10, dubbed the "Creator's Update". And that's when the wheels began to fall off. As the update was pushed out to more and more PC's we began to get more calls about user's having internet issues after the update was installed. Being IT professionals who like to preach keeping PC's up to date, we poured a lot of time into finding a fix for the issue while allowing people to keep the update. But it seems rolling your computer back is the only option to truly fix the internet issues caused by the Creator's Update. Now that news has surfaced that Microsoft has accidentally released experimental versions of a newer Creator's Update that is also causing problems, we thought it was time to bring up the subject.

First off, not everyone who installs the Creator's Update has an issue with it. We haven't been able to find a trend in the PC's that do have an issue. But I would still recommend installing it first to see if you will have any issues.

If you install it and begin to notice issues then you can follow the instructions below to roll back your computer. Then once you do that we will include some instructions on how to defer those builds from installing in the future.

I would certainly suggest calling us, or whoever your IT provider is first. But if you're in a pinch and need a solution now, you're welcome to follow the steps below.


Before you begin rolling back to previous builds, it's crucial that you confirm that you have the Creator's Update. If you do not but think you do and decide to roll your computer back, you could potentially roll your computer back 6 months by accident.

  • 1
    Open the "Run" box by hitting the Windows key + R keyboard shortcut.
  • 2
    Type "Winver" in the run box and hit enter.
  • 3
    A screen like the one below should appear. If you have the Creator's Update you'll see version 1703 below Microsoft Windows. As you can see below, I do not have the Creator's Update.
    SMXLL

So once you have confirmed that you do have the Creator's Update here's how to remove it.

  • 1
    Click the Start Menu -> Settings -> Update & Security.
  • 2
    Click Recovery.
  • 3
    You should now see an option to "Roll Back to Previous Builds".
  • 4
    Select that and follow the prompts.

​Now that you know that the Creator's Update has caused issues on your PC and you've removed it. Now let's prevent it from installing again. Don't worry, after you do this you'll continue to get security patches just not the new build.

  • 1
    Click the Start Menu -> Settings -> Update & Security.
  • 2
    Under Windows Update select "Advanced Options".
  • 3
    Then put a check box in "Defer Feature Updates".
    SMXLL

Continue reading

Global Ransomware Attack Makes History

Well, history was made this weekend. But not really in a good way. This weekend we witnessed the fastest spreading, largest scale ransomware attack ever. The latest numbers I read reported that since Friday 5/12/17 to Sunday 5/14/17 over 200,000 computers were infected across 150 countries.

So far, most of the infections have been in Russia and Europe forcing hospitals in the UK to have to reschedule surgeries, the German public rail system to halt it's system, and even the Russian Interior Ministry.

But there are concerns that the virus will pick up steam on Monday morning as western workers turn on their computers. So here is a condensed list of what you can do to keep your PC's and business safe.

1.   Be cautious of emails. The reports all weekend have agreed that the virus was delivered by a spam email, a lot of times posing as a fake invoice. Be sure to have your employees be paranoid of unknown email senders, and make sure your email spam filter is finely tuned.

2.   Update your systems. The virus is able to work because of a known vulnerability in Windows. The good news is that Microsoft released a patch. Be sure all your PC's are up to date on their Windows updates.

3.   Check your backups. There is currently no way to salvage data on a computer infected with the ransomware. So good cloud backups are your best bet to save your data. The FBI suggests not paying the ransom to get your data back, and honestly I haven't heard if the hacker's hold true to their word when paid. Reliable cloud backups are your best bet to stay safe from this threat.

4.   Be alert. One way this virus has spread so fast, is because once it gets on one PC in a network it can spread to all the other PCs over the internal network. If any of the PC's in your office shows this message. Cut the power immediately!
SMLXL

Please reach out and let us know if you have any questions or concerns. Our mission is to help businesses to continue to operate in the midst of these situations, unscathed.

Continue reading

RIP, Windows Vista


As of April 11th, Microsoft has officially declared Windows Vista "end of life". What does this mean? Well, it means that Microsoft will no longer release security updates for that version of Windows. And new versions of software will no longer be compatible with Vista. It presents a security and productivity risk.

Because Windows Vista and Windows 7 are so visually similar, you can follow these instructions to confirm if you are running Windows Vista.

  • 1
    Click the Start button, and then type winver in the search box.
  • 2
    Double-click winver in the list of results to open the About Windows dialog box, where you'll see the version of Windows that your PC is running.

If you find out you are running Windows Vista still, my recommendation would be to replace the whole PC. Chances are that PC is pushing 5 years or more, and usually at that age a PC isn't worth putting a lot of money into. If you have any questions or would like any recommendations feel free to reach out to us by going to our contact page. That's what we're here for!

Continue reading

Tax Season May Be Over, But Scam Season is Year Round


Tax season may be ending today, but scammers are still hard at work trying to convince you to send them your precious information.  Here's a few things to look out for and keep in mind.


W-2 Scam


 The scary truth about email scams, is that it's very easy for a thief to "spoof" their email address to look like the business owners email, or your bookkeeper. But when you reply to that email it goes back to the thief and not the business owner or bookkeeper. Here's an example of how one of these emails would look like courtesy of JD Supra:


SMLXL


As you can see, it's almost impossible to tell it's a scam with the naked eye, unless you know the sender well enough to know that they don't word things a certain way. Your only defense against this is a good spam filter. The naked eye may not be able to tell this email was spoofed but a good spam filter can. If you use Office 365 or G Suite their spam filters are good at catching these. If you're not using those then you can get a third party spam filter like Proofpoint.


IRS Scam 


This one is pretty cut and dry. You get an email saying it's the IRS and you need to send them your social security number or other financial info. The easy thing about this one is that the IRS will never call or email you. They only send you letters in the mail. If you get a call or email from the IRS, ignore it.


Bank Scam 


Bank's have really caught on to the mobile era by creating apps that allow to manage your accounts through your phone or tablet. But, as a result, scammers have started sending text messages saying that there's an urgent need and you need to either go to a link or call a number. You may also get a phone call from a person or automated recording. The important thing to remember here is that your bank will never contact you and then ask you to confirm your identity by providing your account number or other confidential info.


70% of all hacks or information leaks are not the result of a virus or some fancy hack. They are the result of someone being tricked into willingly providing information to someone who shouldn't have it. I hope this information is helpful at keeping you on alert and your information safe.

Continue reading

Ransomware is Making Us Step Up Our Backup Game

Over the last year or so, a new type of virus has quickly become the newest IT Boogeyman. Getting it's name from it's ability to encrypt all your data so that it's unusable and then holding it for ransom, many credible businesses have had to fork over tens of thousands of dollars to recover data that is crucial to their business.


Because Ransomware viruses are so new, and changing daily, you can have antivirus, email spam filters and a hardware firewall and still get hit. Your only protection from Ransomware is to have reliable and diverse data backups.


But before you go buy an external hard drive and put a weekly reminder on your Outlook to copy your stuff over, let's talk about how to keep your backups safe.

Most Ransomware work by encrypting everything with a drive letter. That includes external hard drives that are plugged in and mapped network drives. So if you get hit with a Ransomware and your external hard drive is still plugged in that you store your backups on. Those backups are now useless. Same thing goes for that network share that you use for your backups.


The most reliable backup method to shield you from Ransomware are secure cloud backups. Mostly because most cloud backup solutions are continuous and versioned.

Continuous backups mean that it's backing everything up throughout the day so that if you get hit at 3:30PM on a Thursday, you don't have to go back to Wednesday nights backup and lose a day's worth of work.

Versioned backups mean that there are multiple versions of the same file stored in the cloud. So if you get hit and it's several hours before your realize you've been hit and all those unusable files are backed up to the cloud. You can easily restore your files from the most recent useable version.


If you aren't confident about your backups please contact us. All of our contract clients have secure cloud backups and we have other noncontract clients who have just asked us to set something up for them. All businesses are at risk, and we're here to help all businesses.

Continue reading

Senate Ruling Allows ISPs to Sell Browsing History

On March 23rd, the Senate voted to eliminate privacy rules that would have required your consent before internet providers sold your internet browsing history to advertisers. ISP's made the argument that companies like Facebook and Google can do it, so why shouldn't they be able to?

Advertisers will pay internet providers a premium for the data they can gather from your browsing habits. From that they can figure out very specific and intimate information such as your location, gender, marital status, occupation, hobbies, if you're moving, if you're expecting a baby, etc. And then do very targeted ad compaigns geared specifically to you.


What Can You Do About It?

ISP's can't track your internet browsing if your internet traffic is encrypted. VPN products such as Nord and PIA are cheap and simple to setup and will keep your internet activity private wherever you are.

You should also write your representative. The House of Representatives is expected to vote this week on this. But it's not too late to reach out.

Demanding internet privacy doesn't mean you're doing something illegal or sketchy. Privacy is your right and you don't want the intimate details of your life left to the discretion of ISP's and ad companies.

Continue reading

Is Your Phone the Weak Link in Your Security?

Everyone agrees that security for your network and PC's is a great idea. Afterall, whether your data is stored at your office or in the cloud, any place it is accessed from could be exploited. So, we manage those PC's closely to protect your data.


But what we tend to forget about are our phones and tablets. We live in a world where we gauge the convenience of a service on if they've developed an app for your phone so you don't have to log in with your computer.


If your phone fell into the wrong hands, they'd probably have access to all your emails and text messages. If you use OneDrive or Dropbox to manage your files, they'd have access to all of those as well.


We can't afford to think of our mobile devices as "lesser technology" anymore. If you're just responsible for yourself or a small team, it may be easy to enforce security measures such as lockscreen passwords. But it's easy for details to slip through the cracks. Especially in large teams.

That's why Office 365 and G Suite have mobile device security policies. These allow you to enforce policies on any mobile device that has email on it such as a mandatory passcode, screen timeouts and even remotely wiping phones that are lost or stolen.


If your email currently is not hosted on Office 365 or G Suite there are other solutions that can allow you to manage the mobile devices in your organization. Either way, at least you can sleep well at night knowing all your bases are covered!

Continue reading

The Cheapest Most Effective Security Change for Your Network

Revoking the admin rights for all of your users could be one of the most secure changes your make to your computer network. It's common to allow all your users to use admin accounts, that way they can install any software and make any changes they need to without issue.

The problem is that 97% of critical vulnerabilities that were found last year specifically require admin rights to be effective. But the good news, is that when you revoke admin rights, that leaves 97% of the critical vulnerabilities from last year harmless.

Even if you give the admin password to everyone so that they have it when they need it. That would still be more secure then having everyone operate with admin rights. If you have any questions, feel free to reach out. That's what we're here for.

Continue reading

Microsoft Office 2007 End of Life

All Microsoft products must come to an end. Microsoft's term for that is called "End of Life". When a product reaches it's "Extended Support End Date". That means that Microsoft will no longer release security updates for that product and any new products that are released will not be supported to work with the older one.

So based on those two factors, it can be costly to continue to run software that is no longer supported by Microsoft.

Microsoft has announced that Microsoft Office 2007 will reach it's End of Life on October of 2017.
Visit Here
That means that Word, Excel, Powerpoint and Outlook 2007 will no longer be supported or receive security updates from Microsoft.

If you're a contract business customer with us you should be receiving an email from us soon to start making plans to migrate away from that software. If you do not have a contract with us you'll certainly want to make arrangements to update that software before October. Cheers!

Continue reading