Dan’s Tech Support LLC has proudly received an A+ rating from the Better Business Bureau (BBB), highlighting our dedication to client satisfaction, security, and quality solutions. This prestigious rating reflects our commitment to providing reliable and efficient Managed IT Services and Support tailored to each client’s unique needs. With a strong emphasis on security, we ensure that all client data is protected, offering peace of mind alongside top-notch service. Our continuous pursuit of excellence and adherence to industry best practices sets us apart as a leader in the Managed IT and Technical Support industry.
Founded with a mission to provide reliable and efficient tech support, we continuously prioritize our clients' needs and concerns. Our team of skilled professionals are not only experts at resolving technical issues but also excel at delivering personalized solutions tailored to each client’s unique requirements. This client-centric approach has fostered a loyal customer base and garnered numerous positive reviews. We could not have achieved this rating without our amazing customers!
Furthermore, security is a cornerstone of Dan’s Tech Support LLC’s operations. We implement robust security measures to protect our clients’ data and ensure that all solutions are both effective and secure. Among these measures is our human-operated Security Operations Center (SOC), which ensures our customers' protection 24x7x365. This focus on security reassures clients that their information is in safe hands, further enhancing our company’s reputation for trustworthiness.
Quality is another hallmark of Dan’s Tech Support LLC. We continuously strive to improve our services, staying ahead of the curve with the latest technological advancements and industry best practices. This commitment to excellence ensures that clients receive top-notch support and solutions that meet the highest standards.
Our newly awarded A+ rating from the BBB is a testament to our unwavering commitment to these core values. Our unwavering commitment to these principles sets us apart as a leader in the tech support industry.
If you are interested in working with us, or receiving a free evaluation, please use the button below to fill out our form and we will get in touch as soon as possible!
A few weeks ago we posted an article regarding the recent addition of a new service, Firmware Security Now Included! At Dan's Tech Support LLC, we provide our managed customers with top-notch security and reliability for all IT systems. Our company prides itself on providing best-in-class technology and personalized services to ensure your business is secure and runs efficiently. As of today, our new stack addition is now available!
24/7/365 SIEM Protection is Now Included for Free!
Today marks the official launch of our managed SIEM offering for all endpoints. What effect does this have on our customers? Let's take a step back and see what we currently provide as part of all Managed IT contracts.
With our current offering, we provide proactive support through remote monitoring, management, automation, and security services. Every single customer receives not only computer monitoring, but also monitoring for their Microsoft accounts and mobile devices from the software level all the way down to the firmware that runs the computer at the lowest level. With this, you can sleep well at night knowing that your technology and data are protected at all times. When we set up your computer, we do so in a way that follows current cybersecurity best practices defined by the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA). Thanks to these standards and our Security Operations Center (SOC), we're able to offer these incredible services to all of our customers 24 hours a day, 7 days a week.
Combined with the newly added firmware protection, we place our customers in one of the best security positions.
Despite these top-notch security practices, nothing is 100 percent secure, especially as attackers become more sophisticated.
SIEM is an acronym for Security Information and Event Management, which provides security teams with the ability to collect, aggregate and analyze large volumes of events and activities across the business.
A SIEM is extremely helpful for detecting hidden attacks that prefer to hide themselves within the clutter and obfuscate their intent by operating within the noise.
Traditional firewalls and antivirus are no longer enough. The time to discover incidents using these alone averages a 6 month timespan. Finding and targeting attackers quickly is only possible when you have the entire picture to analyze as a whole, rather than one or two parts of it. SIEM systems create a birds eye view of all log data sources, including the firewall and antivirus, to quickly allow analysts to identify an attackers digital footprint and correlate that data to map an attack surface.
Traditionally, SIEMs are complex, costly, and designed for individuals with a lot of resources.
Running a SIEM is traditionally an expensive task that only large organizations or enterprises could afford.
Our partners and their 24/7/365 Security Operations Center (SOC) now enable us to provide a next-generation SIEM with all of our managed contracts. All of these features will be bundled within the same predictable cost structure you are familiar with, and you will be able to benefit from smart filtering, constant monitoring, and compliance assurance as well.
Our SOC experts are simplifying the lifecycle and enabling us to add a next-generation monitoring service that will provide deeper insights into anomalies for more accurate and faster attack detection. The smart filtering technology is described as "an industry game-changer, filtering out the fluff and only capturing what matters." It allows faster detection rates without sacrificing security for our customers. Additionally, all logs are handled securely, making it easy to search and map them to regulators without worrying about compliance.
In this case, our clients will be able to reap the benefits of a SIEM system to enhance their security without experiencing the hassle of a traditional SIEM system. With our system, we capture the information that matters while uncovering hidden attacks in the midst of the clutter. Furthermore, our system provides proof to regulators, third parties, and insurers that our customers' security demands are met. The best part is that we can now offer this service to our customers at no additional cost, so this is a win-win for everyone.
Under our new SIEM offering, we are able to provide all of our managed clients with the following additional protections for free!
With all of these new monitoring and security capabilities, we're able to ensure the security of our customers even more. It is our mission to ensure your IT needs are met so you can focus on your core business.
At Dan's Tech Support LLC, we provide our managed customers with top-notch security and reliability for all IT systems. Our company prides itself on providing best-in-class technology and personalized services to ensure your business is secure and runs efficiently. We have a big announcement to make today!
Today is the official launch date of our firmware protection suite for all managed endpoints. How does this affect you? Let's take a step back and see what we currently provide as part of all Managed IT contracts.
With our current offering, we provide proactive support through remote monitoring, management, automation, and security services. Every single customer receives not only computer monitoring, but also monitoring for their Microsoft accounts and mobile devices. With this, you can sleep well at night knowing that your technology and data are protected at all times. When we set up your computer, we do so in a way that follows current cybersecurity best practices defined by the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA). Thanks to these standards and our Security Operations Center (SOC), we're able to offer these incredible services to all of our customers 24 hours a day, 7 days a week.
All that said, there is one piece of the puzzle that our team has not been able to fully safeguard, the firmware that runs your devices.
Most people are familiar with two components that make up their computer. In general, people understand that computers are composed of hardware, the physical components that power the machine, and an operating system, such as Microsoft's Windows OS. In between these two well known components lies a critical component called the BIOS (or UEFI BIOS on newer hardware). The BIOS stands for Basic Input/Output System and UEFI stands for Unified Extensible Firmware Interface, which is a firmware package that enables the computer's operating system to interact with its hardware. Using this connection, data can be transferred from the Operating System to the attached hardware components, such as the hard drive.
By now you might be wondering, why should I care? The US government's cybersecurity agency, CISA, has issued warnings throughout the year regarding BIOS/UEFI firmware-based malware attacks that are affecting the country's IT landscape more frequently. This newer attack vector allows attackers to gain persistence on a compromised machine, allowing them to maintain access and control despite Operating System security protections. As the malware sits lower in the stack than the Operating System, these attackers are able to avoid detection.
We are now able to monitor, manage and secure the lowest layer of software on a machine with the help of our new vendor. As mentioned previously, this is an often overlooked component in an MSP/MSSP's offering that has been exploited more and more by attackers.
All of our managed clients will now receive the following additional protections at no additional cost!
With all of these new monitoring and management capabilities, we are even more capable of guaranteeing the security of our customers every single day. It is our mission to ensure your IT needs are met so you can focus on your core business.
P.S. Stay tuned, we have another great security addition coming soon to our stack!
Advanced AI is a new buzzword in cloud computing. The launch of tools like ChatGPT and Google Bard have made big waves. Developers are now racing to introduce the next level of features to apps. Features that do part of your work for you. Such as writing emails or making follow-up checklists based on contact data.
These AI-based applications do much more than automate processes. People are using them to write business correspondence, create websites, and write scripts. AI is also quickly transforming the everyday office workflow.
Microsoft is one of the biggest players in the office application field. It’s at the forefront of introducing transformative technology. The company is about to transform Microsoft 365 in a huge way with its new Copilot tool.
Microsoft 365 Copilot is a new tool designed to help users get the most out of their Microsoft 365 apps. This revolutionary tool is an intelligent, personalized assistant. It's designed to help users navigate and use M365 more efficiently.
In this article, we'll take a closer look at Microsoft 365 Copilot. And tell you the key ways it's going to improve M365 apps and your business workflows.
Microsoft 365 Copilot is an AI-powered assistant. It helps users with their day-to-day tasks in M365 apps. It's like having a personal assistant right in your Office apps. Users can ask questions, get help with tasks, and receive personalized recommendations. Copilot responds leveraging the context of their usage patterns.
Microsoft 365 Copilot works across all M365 apps. This includes:
Whether you're doing any number of tasks, Microsoft 365 Copilot is there to assist you. This includes working on a document, meeting scheduling, or collaborating with a team.
Microsoft 365 Copilot uses AI and machine learning to understand users' needs. It provides personalized help. It uses data from users' interactions with M365 apps. It learns a user's usage patterns and offers recommendations based on their preferences.
For example, say you frequently use certain features in Excel. Microsoft 365 Copilot will learn this. It will offer suggestions when it detects that you're working on a similar task.
Say that you're working on a presentation in PowerPoint and struggling with design. Microsoft 365 Copilot can offer design suggestions based on your company's brand guidelines.
Microsoft 365 Copilot can also help users with common tasks. Tasks such as, scheduling meetings and managing emails. Users can simply ask Copilot for help. They can ask it to schedule a meeting or find an email from a specific person, and Copilot will take care of the rest.
Copilot is important because it can help users be more productive and efficient. By providing personalized support, the tool can save users time and reduce frustration.
Imagine you're working on a report in Word and you're struggling to format a table. Instead of spending time searching for a solution online. Or trying to figure it out on your own, you can simply ask Microsoft 365 Copilot for help. Copilot can offer suggestions. It can even walk you through the process, saving you time and reducing frustration.
Microsoft 365 Copilot is also important because it can help users get more out of their M365 apps. Many users may not be aware of all the features and capabilities of their M365 apps. But with Copilot, they can discover new ways to work more efficiently and effectively.
The capabilities of Copilot go even further. Say that you need to give your team an update on a marketing strategy. You won’t need to dig out emails, chat threads, or meeting notes. Instead, you can ask Copilot to “tell my team how we updated the marketing strategy.” The app will then search all those places for you and craft an update for your team.
Need a first draft of a meeting agenda or presentation? Just ask Copilot. It can access existing M365 documents and content and craft an initial draft for you.
Microsoft 365 Copilot provides personalized help based on users' usage patterns and preferences. This means that users get the help they need when they need it, without having to search for solutions on their own.
Microsoft 365 Copilot can help users save time on common tasks. Such as scheduling meetings and formatting documents. It can take on many information gathering tasks, like summarizing meeting notes. This saves users considerable time. Especially for manual tasks such as searching for information.
Knowledge workers spend an average of 2.5 hours per day searching for information.
Microsoft 365 Copilot can help reduce frustration. It provides solutions when users are stuck on a task. The tool can also help users struggling with an Excel chart or table. Instead of having to figure out how to generate it, they can simply give a command to Copilot to do it for them.
Microsoft Copilot handles tasks that go beyond what business apps have historically done. For example, you can use it in PowerPoint to create a presentation for you. Use a command such as, “Create a six-slide presentation based on (this) document.” You can also tell it to find appropriate Microsoft stock photos and insert them.
The sky is the limit right now for how much this tool is going to impact office productivity.
If you are interested in further improving productivity in your office or daily life, you may want to check out our earlier article about Enhancing Productivity with Google Chrome.
At the writing of this article, Microsoft hasn’t announced a release date yet. It is currently testing Copilot with a limited number of users. You will most likely see it coming out sometime soon.
Need help with security or setup in Microsoft 365? Give us a call today to talk to one of our cloud app experts.
This Article has been Republished with Permission from The Technology Press.
You’ve completed your annual phishing training. This includes teaching employees how to spot phishing emails. You’re feeling good about it. That is until about 5-6 months later. Your company suffers a costly ransomware infection due to a click on a phishing link.
You wonder why you seem to need to train on the same information every year. But you still suffer from security incidents. The problem is that you’re not training your employees often enough.
People can’t change behaviors if training isn’t reinforced. They can also easily forget what they’ve learned after several months go by.
So, how often is often enough to improve your team’s cybersecurity awareness? It turns out that training every four months is the “sweet spot.” This is when you see more consistent results in your IT security.
So, where does this four-month recommendation come from? There was a study presented at the USENIX SOUPS security conference recently. It looked at users’ ability to detect phishing emails versus training frequency. It looked at training on phishing awareness and IT security.
Employees took phishing identification tests at several different time increments:
The study found that four months after their training scores were good. Employees were still able to accurately identify and avoid clicking on phishing emails. But after 6-months, their scores started to get worse. Scores continued to decline the more months that passed after their initial training.
To keep employees well prepared, they need training and refreshers on security awareness. This will help them to act as a positive agent in your cybersecurity strategy.
The gold standard for security awareness training is to develop a cybersecure culture. This is one where everyone is cognizant of the need to protect sensitive data. As well as avoid phishing scams, and keep passwords secured.
This is not the case in most organizations, According to the 2021 Sophos Threat Report. One of the biggest threats to network security is a lack of good security practices.
The report states the following,
“A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we've investigated.”
Well-trained employees significantly reduce a company’s risk. They reduce the chance of falling victim to any number of different online attacks. To be well-trained doesn’t mean you have to conduct a long day of cybersecurity training. It’s better to mix up the delivery methods.
Here are some examples of engaging ways to train employees on cybersecurity. You can include these in your training plan:
When conducting training, phishing is a big topic to cover, but it’s not the only one. Here are some important topics that you want to include in your mix of awareness training.
Email phishing is still the most prevalent form. But SMS phishing (“smishing”) and phishing over social media are both growing. Employees must know what these look like, so they can avoid falling for these sinister scams.
Many businesses have moved most of their data and processes to cloud-based platforms. This has led to a steep increase in credential theft because it’s the easiest way to breach SaaS cloud tools.
Credential theft is now the #1 cause of data breaches globally. This makes it a topic that is critical to address with your team. Discuss the need to keep passwords secure and the use of strong passwords. Also, help them learn tools like a business password manager.
Mobile devices are now used for a large part of the workload in a typical office. They’re handy for reading and replying to an email from anywhere. Most companies will not even consider using software these days if it doesn’t have a great mobile app.
Review security needs for employee devices that access business data and apps. Such as securing the phone with a passcode and keeping it properly updated.
Data privacy regulations are something else that has been rising over the years. Most companies have more than one data privacy regulation requiring compliance.
Train employees on proper data handling and security procedures. This reduces the risk you'll fall victim to a data leak or breach that can end up in a costly compliance penalty.
Take training off your plate and train your team with cybersecurity professionals. We can help you with an engaging training program. One that helps your team change their behaviors to improve cyber hygiene.
This Article has been Republished with Permission from The Technology Press.
As we conclude the month of May, we have another zero-day vulnerability to report. This vulnerability is a zero-click remote code execution vulnerability utilizing Microsoft Diagnostic Tool and the Microsoft Office Utilities. The vulnerability is primarily exploited by Microsoft Word documents, but can be accessed by any of the Office applications. Email-based delivery will be the main attack vector used by malicious actors to deliver this cruel code execution to their victims.
It is important to mention that this was originally posted by @nao_sec on Twitter. Our partners, Huntress, have verified and replicated this exploit, which is detailed in their technical blog post.
To summarize the vulnerability, in Microsoft Word, you are asked to select "Enable Content" or "Enable Saving" when you open the document. By selecting these options, the malicious process can be spawned. Huntress has discovered that this code can be executed upon simply opening the file without any other actions, which makes this Zero-Click that much worse. Microsoft does not yet have any mitigations that have been fully tested or verified, and there is no patch available at the time of writing this (May 31, 2022 @ 11:00AM).
We strongly advise all our clients and readers to be vigilant and not open any Word documents you receive via email (or any other source) without verifying the sender first. Please ensure that even if the person is legitimate, the document you receive is an expected attachment until we have a patch in place. We appreciate your cooperation and understanding.