As we conclude the month of May, we have another zero-day vulnerability to report. This vulnerability is a zero-click remote code execution vulnerability utilizing Microsoft Diagnostic Tool and the Microsoft Office Utilities. The vulnerability is primarily exploited by Microsoft Word documents, but can be accessed by any of the Office applications. Email-based delivery will be the main attack vector used by malicious actors to deliver this cruel code execution to their victims.
To summarize the vulnerability, in Microsoft Word, you are asked to select "Enable Content" or "Enable Saving" when you open the document. By selecting these options, the malicious process can be spawned. Huntress has discovered that this code can be executed upon simply opening the file without any other actions, which makes this Zero-Click that much worse. Microsoft does not yet have any mitigations that have been fully tested or verified, and there is no patch available at the time of writing this (May 31, 2022 @ 11:00AM).
We strongly advise all our clients and readers to be vigilant and not open any Word documents you receive via email (or any other source) without verifying the sender first. Please ensure that even if the person is legitimate, the document you receive is an expected attachment until we have a patch in place. We appreciate your cooperation and understanding.
The global damage of cybercrime has risen to an average of $11 million USD per minute, which is a cost of $190,000 each second.
60% of small and mid-sized companies that have a data breach end up closing their doors within six months because they can’t afford the costs. The costs of falling victim to a cyberattack can include loss of business, downtime/productivity losses, reparation costs for customers that have had data stolen, and more.
You may think that this means investing more in cybersecurity, and it is true that you need to have appropriate IT security safeguards in place (anti-malware, firewall, etc.). However, many of the most damaging breaches are due to common cybersecurity mistakes that companies and their employees make.
The 2021 Sophos Threat Report, which looked at thousands of global data breaches, found that what it termed “everyday threats” were some of the most dangerous. The report stated, “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we've investigated.”
Is your company making a dangerous cybersecurity mistake that is leaving you at high risk for a data breach, cloud account takeover, or ransomware infection?
Here are several of the most common missteps when it comes to basic IT security best practices.
Credential theft has become the top cause of data breaches around the world, according to IBM Security. With most company processes and data now being cloud-based, login credentials hold the key to multiple types of attacks on company networks.
Not protecting your user logins with multi-factor authentication is a common mistake and one that leaves companies at a much higher risk of falling victim to a breach.
MFA reduces fraudulent sign-in attempts by a staggering 99.9%.
Shadow IT is the use of cloud applications by employees for business data that haven’t been approved and may not even be known about by a company.
Shadow IT use leaves companies at risk for several reasons:
Employees often begin using apps on their own because they’re trying to fill a gap in their workflow and are unaware of the risks involved with using an app that hasn’t been vetted by their company’s IT team.
It’s important to have cloud use policies in place that spell out for employees the applications that can and cannot be used for work.
No matter how small your business is, a simple antivirus application is not enough to keep you protected. In fact, many of today’s threats don’t use a malicious file at all.
Phishing emails will contain commands sent to legitimate PC systems that aren’t flagged as a virus or malware. Phishing also overwhelmingly uses links these days rather than file attachments to send users to malicious sites. Those links won’t get caught by simple antivirus solutions.
You need to have a multi-layered strategy in place that includes things like:
A majority of companies around the world have had employees working remotely from home since the pandemic, and they’re planning to keep it that way. However, device management for those remote employee devices as well as smartphones used for business hasn’t always been put in place.
If you’re not managing security or data access for all the endpoints (company and employee-owned) in your business, you’re at a higher risk of a data breach.
If you don’t have one already, it’s time to put a device management application in place, like Intune in Microsoft 365.
An astonishing 95% of cybersecurity breaches are caused by human error. Too many companies don’t take the time to continually train their employees, and thus users haven’t developed the skills needed for a culture of good cybersecurity.
Employee IT security awareness training should be done throughout the year, not just annually or during an onboarding process. The more you keep IT security front and center, the better equipped your team will be to identify phishing attacks and follow proper data handling procedures.
Some ways to infuse cybersecurity training into your company culture include:
Don’t stay in the dark about your IT security vulnerabilities. Schedule a cybersecurity audit to uncover vulnerabilities so they can be fortified to reduce your risk.
This Article has been Republished with Permission from The Technology Press.
Digitalization has forced businesses to alter their operations and make IT a huge part of their day-to-day affairs. Still, some owners can't cope with the change effectively, so they hire a managed service provider, or MSP, to take care of the work.
But what exactly is an MSP?
Simply put, this is a third-party company you can collaborate with to help manage parts of your business, such as your IT or cloud needs. It provides technology and expertise to boost your organization’s scalability.
Working with MSPs can have tremendous benefits for your enterprise.
For instance, their profound understanding of cutting-edge technology can help you improve performance, operations, and security while reducing overheads. In addition, they can offer several creative solutions to help you navigate the evolving landscape of the big data world.
But the strongest suit of any MSP is usually their ability to deliver tailor-made solutions that fit your company perfectly.
Their expertise allows them to analyze your business thoroughly and render their services according to your strengths and weaknesses. Plus, they consider the regulatory environment and compliance to safeguard against legal issues.
Another great thing about MSPs is that they can support your business even after hours.
They offer support measures and staff to maintain and protect your organization 24/7. MSPs can even tap into your system to resolve issues and deploy updates without going to your office using remote technology.
Overall, MSPs can help take your company to the next level. However, you can't work with just any service provider. You need to select the right team for your enterprise, and this article will show you how.
Hiring an MSP shouldn't be a hasty decision. Instead, you want to take a variety of factors into account.
Here are the six important factors to keep in mind:
Prospective MSPs should provide case studies and success stories to demonstrate they're suitable for your business. You can also look for testimonials, references, and endorsements. These will help you determine if the team has been operating for a while and if their reputation is solid.
Working with a reputable MSP can give you peace of mind with the knowledge that your system will be appropriately managed. Moreover, you'll feel confident that the MSP will do all in its power to preserve its name.
The MSP's success hinges on yours in some respect, which is why they'll view you as a valuable partner.
MSPs offer a wide array of services. Some teams are full-service companies, meaning they address your cloud and IT needs comprehensively. In contrast, others may help you with different pieces of your tech puzzle.
Therefore, consider your needs carefully and ensure your MSP can meet them.
Regardless of your service package, the MSP needs to keep up with the latest technology trends. Otherwise, numerous security issues may compromise your company and allow the competition to prevail over you.
As previously indicated, MSPs can work round the clock to ensure your business is compliant and maintained adequately. However, they should also increase their support quickly and adjust staff schedules as your company grows.
That's why you should consider an MSP that offers training for your employees.
It lets them understand the necessary changes and encourages them to train other team members as they join your business. But if your employees are too busy, you can instruct the MSP to carry out all the training.
Your network can go down for any number of reasons, preventing your employees from working and your clients from reaching you. This situation can even cripple your reputation, customer base, and revenue. In the worst-case scenario, it can even make you shut down your business.
Fortunately, a high-quality MSP can help you avoid this scenario. They can identify threats to your system and neutralize them before hurting your company.
Moreover, if an incident takes place, they should respond immediately. They need to mitigate the risks as soon as possible to keep your organization from crumbling.
One of the most important duties your MSP should perform is to shield your data from cyberattacks. This is critical to protecting your company and customers. Besides, safe data storage might be mandatory in your industry, which is why your IT department could use all the help they can get.
Once you work with an MSP, they should recommend robust security solutions and endpoint protection to combat harmful software. And throughout their engagement, they should consider compliance to help prevent legal issues.
Another major part of their mission should be the implementation of backup software. It enables you to retrieve your data in case of a breach. Such implementation may involve automation, a restoration plan, and a no-downtime policy.
With a failproof backup and security strategy in place, you should be able to run your company more confidently. The risk of downtime will be drastically lower, allowing you to operate smoothly, maintain high sales, retain customers, and preserve your brand.
Your MSP shouldn't just deal with cybersecurity – they should also suggest adopting the best practices across the entire tech landscape.
For example, they should advise you on various CRM solutions and project management applications. They should also help you revamp your approach to workflow and data to create efficiency in all departments.
The fact is, you can yield tremendous results from their guidance. Your team can work faster, collaborate in real-time, and be more tech-savvy.
While price is important when selecting an MSP, it pales in comparison to all the factors listed above. Be sure they're a perfect fit for your enterprise, even if you need to pay more.
With high expertise, customized services, and an understanding of threats, a reputable team can help you stay ahead of your competitors.
If you need more assistance choosing your MSP, get in touch with our experienced team. Let's schedule a quick 15-minute chat and figure out the ideal MSP for your company.
This Article has been Republished with Permission from The Technology Press.
Our customers are extremely important to us, their continued support allows us to thrive and provide high-quality services. We assure every new or existing client that they will receive the highest level of service at a fair market price when they hire us. Our company was established to help people, not to rip them off as some of our competitors do. Dan's Tech Support LLC is focused and committed to providing the local community with quality work, outstanding customer service, security, reliability and overwhelming value for their services.
Please enjoy our newest Small Business support video, which highlights some of our accomplishments over the past few months. Remember, if you can #SupportSmallBusiness!
Please drop us a follow, and leave a comment under our video!
Dont forget to contact us today if you need any support! We are here 24/7 for you.
Working with an IT provider can be beneficial to your business. However, it is important to avoid a few key mistakes when selecting your provider.
Spending time trying to figure out the technology you use in your business can be costly. As a result, you cannot focus on your business needs, which will affect customer satisfaction.
An IT provider can help with this. Dan's Tech Support LLC is a local Managed IT Service Provider offering a range of services, including fully managed IT services and an on-call helpline!
Outsourcing hardware and computing-related services such as managed IT security and cloud computing is possible with IT providers. A robust IT infrastructure can also enable you to focus on revenue-generating activities.
Although there are many IT providers to choose from, not all of them will fit your company's needs. Integration with the wrong team can cause you to incur more costs due to irrelevant services, recurring security problems, and data backup problems.
Therefore, you need to be extremely careful when selecting your team. The only way to avoid disappointment when choosing an IT provider is to avoid these eight common mistakes. To learn more about what we can do for you, contact us now!
Many advertisers want to trick you into believing that the latest technology will resolve all your issues. While the newest virtualization or cloud offerings can boost operations in many enterprises, they might not suit your business.
Hence, don’t let the hype surrounding new products dazzle you.
Carefully consider the results you want your IT provider to help you achieve and determine if the investment enables you to fulfill them. Your provider shouldn’t confuse you with state-of-the-art features – they should guide you and allow for seamless integration.
Determining the response times of your prospective IT providers is essential. You need to ask them how long they usually take to reply to queries and resolve problems. Be sure to gauge their onsite support efficiency, too.
Not inquiring about their availability is another grave error. Your IT team should provide round-the-clock services, including specialists that will monitor your system.
Constant monitoring and availability can help ensure you can detect IT issues early. With this, the provider can immediately administer patches and updates to safeguard against disasters. Here at Dan's Tech Support LLC we have 24/7 monitoring to proactively solve problems in your environments, before they become user facing issues.
Furthermore, your IT provider should offer simple access to their helpdesk support. You should be able to contact them via email, phone, and chat for instant guidance.
Disregarding the security features of your IT provider might be the most severe mistake. Teams with improper defense mechanisms can’t shield your system from cyber attackers, increasing the risk of losing data and access to resources.
To avoid this, look for IT providers that can protect you from malware and other threats. They also need to prioritize protecting your business’s confidential data, like trade secrets and customer information.
When it comes to specific security measures, your IT provider should have features that prevent data intrusions instantly upon detection. The list includes phishing attacks simulations, web content filtering, DNS security, endpoint protection, mobile device management, and dark web protection.
In addition, responsible teams should eliminate point-of-sale and network intrusions before they compromise your system. Making sure they abide by security compliance and government regulations is also paramount.
Many IT companies operate under pay-as-you-go pricing schemes. Although this helps you minimize upfront investment, adopting a large number of technologies simultaneously without considering the recurring costs can cripple your finances.
Thus, think twice before signing on the dotted line.
Research your providers thoroughly and draft your budget with professional assistance. These steps can prevent considerable frustration down the line. A monthly unlimited bundle is often the better pricing option, which we offer at Dan's Tech Support LLC!
One of the biggest impediments to growing your company is choosing an IT provider with poor scalability.
By contrast, scalable IT teams allow your business to evolve and grow. They can continually extend their services to accommodate your company’s goals, even if these goals change.
Service level agreements (SLAs) hold IT providers accountable for their services. It establishes standards for responsibilities, quality, scope, and delivery time in writing. Without it, you’ll have no way of ensuring transparent collaboration.
When selecting your IT provider, find one with a responsive agreement. It can help guarantee the SLA scales with their services while rendering continual improvement.
The story doesn’t end once you’ve found and partnered with a trustworthy IT provider. New technologies won’t magically increase your bottom line and decrease outputs.
To accomplish your goal, your employees will still need to understand how to use your new tech solutions. But bear in mind that not every team member may be able to grasp new tools easily. Some may even prefer the existing platforms.
Fortunately, you can hire IT experts to train them. These professionals should simplify any complex steps and advise your staff on making the most of your new investment.
Also, some enterprises set up regular training but fail to monitor their team’s performance. This is a huge mistake, as it keeps you from assessing your employee’s response to new technologies.
So, conduct questionnaires and other forms of feedback collection to determine and address any weaknesses.
Choosing an IT provider is similar to buying standard products and services. Failure to check user reviews can lead to disappointment.
To get a clear picture of your IT team’s capabilities, analyze their current and previous clients from similar industries. Look for reviews, testimonials, and ask the provider for a list of projects and references.
After doing your due diligence, you should be able to tell whether an IT provider is an ideal match for your company.
However, keep in mind that every IT team is different. For instance, they might be well-versed in the healthcare industry but have no experience working with retailers. That’s why as mentioned, stick to IT providers servicing your industry to get the best results.
Nobody wants to end up with a poor IT provider that can’t deliver great results, leaves your company open to cyberattacks, and causes other vulnerabilities. Your investment goes down the drain, and your operations suffer.
Luckily, we can show you a way out.
Let’s arrange a quick, 10-15-minute obligation-free chat. We can discuss more ways on how to find the right IT provider for you and ensure you get your money’s worth.
Article used with permission from The Technology Press.
The reality is, mobile devices are less safe than desktop computers. Boosting security on such devices is essential if you use them in business. The experts at Dan's Tech Support LLC are ready to assist you in protecting all of your business assets.
Technological breakthroughs have streamlined your operations in several ways. Primarily, you can now use mobile devices to make your communication and data sharing more convenient.
But this technological advancement also means that information on your team members' mobile devices is no longer limited to just phone numbers and contacts. They now contain much more significant data, such as emails, passwords, and other account details.
That’s why keeping those mobile devices secure is key to shielding your reputation and minimizing the risk of losing money.
Unfortunately, the protection of tablets and smartphones against cyberattacks isn't as robust as that of desktops and laptops. Anti-malware applications may be present, but they’re not as powerful as their computer counterparts. In addition, many devices don't support certain measures and applications that companies develop to enhance business security.
Fortunately, you can still implement robust safety measures to protect your smartphones and tablets.
This article will cover the nine best practices in improving cybersecurity on mobile devices.
Before issuing tablets or smartphones to your teams, create an effective usage policy. Define rules about acceptable use and determine the penalties for violating them.
Your employees must be aware of the security risks and measures that can help them reduce the risks. They should know that they are the first line of defense against cybercrime.
Furthermore, be sure to develop a BYOD (Bring Your Own Device) policy if you permit your team to use a personal device for business. Your company policy can include the following:
Updating Android and iOS operating systems improve overall user experience, but their most significant role is in addressing security vulnerabilities.
Therefore, install updates as soon as the developer rolls them out to reduce exposure to cybersecurity threats. Delaying it may give criminals enough time to attack your weaknesses and take advantage of outdated operating systems. Should you wish to avoid the responsibility of managing your own updates, Dan's Tech Support LLC offers managed updates as a service.
A complex password or PIN can help prevent cybercriminals from accessing mobile devices. Besides using alphanumeric combinations, you can also use facial or fingerprint recognition, depending on what suits your employees.
If you opt for digits and letters, don't share the combination with people outside your company. On top of that, be sure that your staff doesn't store them on their phones. Unmarked folders and physical wallets are a much safer option. Dan's Tech Support LLC also offers a secure, encrypted password vault to manage your company's passwords and multi-factor authentication credentials.
Lenient download policies can allow your team members to install non-business apps. Downloading such apps might seem harmless, but they are also infamous for their harmful advertising codes and many other threats.
To mitigate this risk, tell your employees they can only download and use apps necessary for their roles.
Your team may need to use public Wi-Fi networks in emergencies to send crucial emails or schedule a meeting. However, connecting to such networks can expose confidential company information to cybercriminals using the same network.
The easiest way to minimize this risk is to provide a high-quality internet plan that features roaming services for your remote workers.
But if there's no way to avoid public Wi-Fi connections, a reputable virtual private network (VPN) or secure global network (SGN) may do the trick. It can help shield your data by creating direct, secure links from your location to the intended website. If you wish to retain complete control over your data, we can provide a free network evaluation and provide an on-premise VPN server. This will allow your employees to connect to the network from anywhere, ensuring that your business data is only ever transmitted over secure channels.
Losing company-issued mobile devices is unfortunate, but it's not the end of the world.
Enabling Android Phone Tracker, Find My Phone on iOS, or other device-tracking software can help locate your lost smartphones. Some programs also enable you to remove data on your stolen devices remotely.
Installing these apps takes a couple of minutes and gives you much-needed peace of mind. With it, even if your staff loses their mobile device, cybercriminals are less likely to get their hands on the content.
For even more security, you may want to integrate with reliable MDM. It's an excellent way to separate personal and business information while allowing your team members to set up robust security measures on their devices.
In most cases, cloud-based software is the most affordable, flexible, and manageable type of MDM. Many platforms let you check out device information, update and manage apps, configure your devices, create usage restrictions, and remove content remotely.
If possible, implement MDM software that enforces security measures across all devices. As previously mentioned, this can include data encryption, strong passwords, and setting up containers to separate personal information from enterprise data.
We suggest you take advantage of our Managed Service Plans for a more enterprise-focused approach. Your mobile devices will be protected, and you can track them everywhere they go through services such as MDM and asset tracking. Contact us today to see what we can do for you!
Cybercriminals frequently employ SMS phishing to trick your team into clicking dangerous links. They pose as someone credible, asking your staff to share confidential information.
If your employees encounter such messages, they should delete them or alert the IT department or Managed Service Provider. Another great idea is to avoid opening the SMS and block the sender.
Many threats can compromise your company due to employee errors. For example, a team member may not realize they're downloading a malicious app that allows thieves to steal data from their mobile devices.
Blocking and whitelisting can enable you to protect your employees from these risks by determining which sites and apps are safe. This is just one of the many services we offer through our Managed Services.
On one hand, blocking certain applications can give your IT department peace of mind and alert them when someone tries to access those applications.
On the other hand, whitelists can work great for highlighting the tools your team should prioritize over social media and games.
Securing your desktop computers and laptops only is a disaster waiting to happen.
Your employees may still use their mobile devices to send emails and share sensitive information. That's why shielding them from cybercriminals should be your top priority.
So, develop a strict usage policy and follow other recommended practices to make your team’s smartphones and tablets virtually impervious to data theft.
Article content used with permission from The Technology Press.