Recent Data Breach May Affect Hotmail And Outlook Users

Microsoft recently confirmed that the login credentials of one of its customer support agents was compromised.

This allows unknown third parties to log in and gain access to data contained in an unspecified number of users’ Hotmail and Outlook email accounts. The exposure occurred between January 1 and March 28 of this year (2019).

When news of the breach first emerged, the company issued a statement that read, in part, as follows:

“We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account. This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your email address, folder names, the subject lines of emails, and the names of other email addresses you communicate with), but not the content of any emails or attachments…it is important to note that your login credentials were not directly impacted by this incident.”

In our view, the last line is the most important in the formal statement.  The hackers were able to glean some information from an unknown number of accounts, but they did so by proxy through the lens of a compromised support account, and not by stealing actual login credentials of users.

Since the company’s announcement, there have been conflicting reports that suggest the breach may have been more serious than Microsoft is currently claiming.  As such, our recommendation is that if you have a Hotmail or an Outlook.com account, the best course of action would be to exercise an abundance of caution and change your password right away.  It’s far better to be safe than sorry.

Also be aware that since hackers may have gleaned your email address as a result of their snooping, you are somewhat more likely to be on the receiving end of phishing emails in the weeks and months ahead.  Be on your guard against that.

Get the “FAQ’s” On Two-Factor Authentication

Data security has to be a core consideration of the modern business, so every small effort you can take to protect your business is important. One such effort is the implementation of two-factor authentication. However, your employees may not initially feel entirely comfortable with some facets of two-factor authentication.

The two-factor authentication platform, adds a valuable layer of security to your existing solutions by requiring an additional credential beyond just your typical username and password. This can be a PIN that is generated by an application or even a physical token like a key fob that provides access.

To make a long story short, your employees may not feel entirely comfortable with your organization requiring them to keep an application on their phone as they may value the autonomy they have over what they do and don’t keep on their personal device. As a result, they are bound to have questions that you will need to answer.

To assist you with this, we’ve compiled a few questions you may have to field, and how to answer them truthfully and diplomatically if you choose to implement two-factor authentication for your business.

What is it?
Two-factor authentication is another way to improve data security and prevent threats from infiltrating business network’s access points. Picture your network as a house that your data lives in, with the front door being the access point. The lock that you find in the doorknob is your usual access credentials, username and password. 2FA adds a deadbolt to that door.

In other words, 2FA is the added security that can keep many threats out, at the cost of a tiny bit of convenience.

Why do I have to do this?
This line of questioning is indicative that an employee is resistant to change–unfortunately, information technology is built on change. Threats to a business’ security are always improving so they have the best chance of creating the most impact. To counter this, a business must acknowledge the risks inherent in powerful technology platforms and do everything they can to control access to their network. 2FA is just one of many ways to do that.

It is also important to remember that a chain is only as strong as its weakest link, so the entire business could be made vulnerable if one person doesn’t have the same dedication to organizational network security as the rest of the team. By implementing 2FA as a team, the business is better protected by the team.

Why do I have to do it on my personal phone?
This answer has two parts to it, one being of best interest to the business, the other being for the employee’s benefit. First off, economics. Does your business have the capital to spare to distribute mobile devices for the singular purpose of enacting 2FA? Typically, this isn’t the case.

Furthermore, which device is an employee more likely to favor? Their personal device that they have conditioned themselves into bringing everywhere, or the new, unfamiliar device they were just given for work?

What happens if I lose or forget my phone?
There are ways to get around a forgotten or misplaced device. In many cases, an organization can adjust an employee’s 2FA settings to allow them access via a new 2FA code, but this will require the employee to change their credentials. If the phone is lost, the company is still safe, as the Mobile Device Management platform that the 2FA implementation was likely part of will allow network administrators the requisite authority to handle the situation.

Can you see my personal stuff?
This question will likely come up. You should ensure your employees that the privacy of their personal data will not be betrayed, and that the authenticator will only be used to access their company materials.

Information can be a touchy subject, and its security is of paramount importance. Reach out to us at Net Activity for more help with your company’s data security.

6 Warning signs your Computer has Been Attacked by Malware

With the rise of eCommerce and online banking, cybercrime has evolved. Like criminals who pull smash-and-grab jobs, they go where the money is. However, unlike bank robbers, cybercriminals do their best to avoid detection by letting malware do the work for them. Viruses and ransomware sneak into PCs to quietly steal passwords, financial credentials, and other personal information to be sold on the black market for profit. Not all malware is stealthy though. Here are 6 of the telltale signs:

Slow computer

Are your operating systems and programs taking a while to start up? Is your data bandwidth suspiciously slow? If so, your computer may potentially have a virus.

However, just because your PC is running slower than usual doesn’t necessarily mean that it’s infected, as there could be other causes to your computer slowing down. First, check if you’re running out of RAM. For Windows, open task manager (press Ctrl + Shift + Esc) and go to the Performance tab and check how many gigabytes of RAM are used up under the Memory section. For Mac OS users, you can open the Activity Monitor app and, under System Memory, you should be able to find out your RAM usage.

Other causes could include lack of space on your hard drive or even damaged hardware. Once you’ve ruled out other possible causes, then malware may have infected your device.

Blue screen of death (BSOD)

If your PC crashes regularly, it’s usually either a technical problem with your system or a malware infection. You might not have installed the latest drivers for your device or the programs you’re running could possibly be incompatible with your hardware. If none of these problems are apparent in your PC, then a virus could be clashing with other programs and causing your crashes.
To check what caused your last BSOD, go to Control Panel > System and Security > Administrative Tools > Event Viewer and select Windows Logs. Those marked with “error” are your recorded crashes. For troubleshooting solutions, consult forums or your IT department to figure out what to do next.

Lack of storage space

There are several types of malware that can manipulate and corrupt the files saved on your computer. Most tend to fill up your hard drive with suspicious files. Ransomware, for example, is a notorious type of malware that denies you access to your data until you pay a so-called ransom. There are more aggressive forms of ransomware, like NotPetya, known for exploiting security holes to infect computers without needing to trick users.

If you find any unknown programs that you have never installed before, notify IT personnel in person immediately (do not email them) and have them handle the situation for you. Your device might not be the only one in your network that is infected with suspicious programs.

Suspicious modem and hard drive activity

Combined with the other warning signs, if your hard disk is working excessively while no programs are currently running or if you notice that your external modem is always lit, then you should scan your computer for viruses.

Pop-ups, websites, toolbars, and other unwanted programs

Pop-ups come from clicking on suspicious pages, such as those where users are asked to answer survey questions to access a website’s service or install free applications. While they’re inherently harmless, they could be downright annoying. Refrain from clicking pop-up pages and just close them instead. Run malware scans and update your browsers.

You might think that downloading free applications is harmless, but the installation process can inject malware into your device. When you’re installing a program from the internet or even app stores, it’s easy to just skim over the terms and conditions page and repeatedly press next. This is where they get you. In the process of skipping over certain installation steps, you might have agreed to accepting a new default browser and opening unwanted websites and other programs filled with viruses. Be cautious when downloading something for free.

You’re sending out spam

If your friends are telling you that you’ve been sending them suspicious messages and links over social media or email, you might be a victim of spyware. Warn your friends not to open anything that appears to be spam and make sure to reset your passwords across all your devices and enable multifactor authentication.

Knowing how malicious software affects your computer can help you take the necessary precautions and steps to rectify the situation as soon as possible. Regardless of whether or not your system has experienced these symptoms, it’s always smart to perform regular malware scans to ensure your business is safe. To find out more about malware and IT security, contact Net Activity today.

Are YOU Prepared For the End Of Windows 7?

On January 14, 2020, the world will bid a fond farewell to the beloved Windows 7 operating system. Well, sort of. Microsoft has declared that, after that date, it will no longer update or support the system. It’s the final nail in the coffin for a trustworthy, oft-touted software package that’s been running on fumes since newer versions hit the scene. And, as with any funeral, there are some arrangements to be made for the millions of businesses that have stuck it out to the end. Here’s everything you need to know about the coming changes – and what you should do now to prepare.

The End Of An Era

The news of Microsoft closing down Windows 7 support may come as a surprise to some of us, but the operating system has been on its last legs for a while. In fact, Microsoft stopped adding new features and honoring warranties for the platform back in 2015. When 2020 comes, it will cease releasing patches and updates for good.

This doesn’t mean that Windows 7 PCs will suddenly stop working in January; you’ll still be able to boot up in the operating system if you keep it installed. But if you value your privacy, your data and your sanity, it’s time to upgrade.

Those Microsoft updates that pop up from time to time don’t exist just to annoy you; they patch security vulnerabilities and protect you against new viruses and malware. Without that ongoing support, Windows 7 users will become fish in a barrel to sophisticated cybercriminals looking for a quick buck.

That’s why it’s essential that you call in the professionals to prepare your business for the switch to Windows 10 – or an alternative operating system – now, not later.

It’s A Requirement, Not A Choice

Upgrading your operating system well in advance of the Windows 7 end-of-life date may seem like a decision you should make for your peace of mind, but it’s even more critical than that. Of course, as time leaves Windows 7 behind, it’s certain that pieces of software will steadily become incompatible with the OS. Programs your company uses day-to-day suddenly becoming unusable will present serious headaches, but the real problem lies in the security of your network.

Windows developers are in a constant arms race with cybercriminals looking to exploit vulnerabilities in their platform. Each patch brings a host of bug fixes and security upgrades, but cybercriminals almost always find a new way in. Thus, the developers hastily put together a new patch, and the cycle continues.

When an operating system loses support from these developers, its users are left completely vulnerable to hackers. Like fruit flies drawn to a rotting apple, they flock to the abandoned platform and dig into the networks of those stubbornly clinging to the outdated OS. This process is expected to be especially nasty after Windows 7’s end of life, since so many businesses still use the OS and likely will forget (or refuse) to upgrade.

If you value your business at all, it’s not a choice. You need to upgrade before time runs out.

Avoid The Crunch

Not only should you enlist your IT experts to facilitate the upgrade, but you should do it ASAP. As the clock ticks down on Windows 7, tech companies are expecting a flood of upgrade requests as businesses scramble to leave the OS behind before it’s too late. Many of these IT providers will have a lot on their plate later in the year as they hurry to upgrade hundreds, if not thousands, of individual PCs. If you wait it out, you’re likely to find yourself at the back of a long, long line, potentially to the point that you breeze past January 14 without a solution. If you do, you’re almost certain to regret it.

Every day, the need for an upgrade becomes more urgent. Give the task the ample time required, and avoid needless stress. Reach out to Net Activity below to start the upgrade process today.

Millions Of Facebook Usernames And Passwords Stored By Accident

Are you a Facebook user? If you are, it may be time to change your password. KrebsOnSecurity recently reported that it found hundreds of millions of Facebook user account names and passwords stored in plain text and searchable by more than twenty-thousand Facebook employees. At present, there is no official count, but Facebook says the total number of records was between 200,000 and 600,000.

That’s a big number, which makes this a serious incident, but in truth, it represents only a fraction of the company’s massive user base.

Although there’s no indication that any Facebook employee abused their access to the information, the fact remains that it was accessed regularly. The investigation to this point has revealed that no less than 2,000 engineers and developers made more than nine million internal queries to the file.

Facebook software engineer Scott Renfro, interviewed by KrebsOnSecurity, had this to say about the issue:

“We’ve not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data.

In this situation, what we’ve found is these passwords were inadvertently logged but that there was no actual risk that’s come from this. We want to make sure we’re reserving those steps and only force a password change in cases where there’s definitely been signs of abuse.”

This is just the latest in an ongoing series of security-related issues Facebook has found itself in the midst of. While the company is wrestling with making changes to prevent such incidents in the future, that’s small comfort to the millions of users that have been adversely impacted over the last year.

According to the official company statement, unless you receive a notification from them, there’s nothing you need to do and no need to change your password. But given the importance of data security, if you’d rather be safe than sorry, it certainly couldn’t hurt.

Planning For Catastrophe: Business Continuity & Disaster Recovery

80% of businesses suffering a major natural disaster go out of business within three years.  Your business runs 365 days a year; your systems run 24/7 and your data is needed in real-time. To ensure that your business continuity is protected, you must take a proactive approach that ensures that everything is protected. This means all of your systems, data, and files are protected against all types of disastrous events. Business continuity planning should be the number one priority when preparing for a catastrophic disaster.

So, what types of disasters-exactly-should your business be prepared for? Let’s take a look:

• System Disasters. This is your hardware, software, all systems and data centers; when they fail, you want to make sure that your business doesn’t have to. The 2018 Cyber Resilience Report found that 67% of companies in 61 countries experienced at least 1 cyber incident in the last year, caused primarily by phishing & social engineering, malware, spear phishing, denial of service, and out-of-date software, rendering the organization’s own network either contaminated or inoperable.
• Natural Disasters. Due to global climate change, natural disaster occurrences have increased and intensified. Since 2010, we have suffered 2,018 natural disasters (averaging 336 per year). The US is second only to China for the number of natural disasters. Natural disasters have cost the global economy $2.5 trillion since 2000. 80% of businesses suffering a major disaster go out of business in three years.
• Human Error Disasters. The most frequent, most common, and often most detrimental cause of disasters that can disrupt business continuity is unintentional human error. 70% of the successful attacks on businesses came from internal threats like employees and contractors. Even small data losses – those with fewer than 100 files lost – cost between $18,120 and $35,730. A single poor choice by a single employee can lead to catastrophic data loss.

Any one of these disasters could destroy your business, or at the very least, cost you thousands of dollars.

Your business continuity planning is essential; one key component in that planning is thinking big picture and covering all your bases.

What does that mean?

Ensure employee well-being. Communication during and following an emergency presents a variety of challenges. So, crafting an employee safety and communication plan that works is absolutely essential. Obviously, email is the easiest way to reach a large group of employees, but if your company’s email server is down, you are out of luck. A call tree, sometimes referred to a phone tree, call list, phone chain or text chain, is another popular method for distributing important information to employees during and following an event.

Keep customers in the loop. Managing customer relationships is obviously critical to the ongoing success of your business. As such, it is important to craft a plan for distributing information to your customers during and following a disaster event. The scope of your customer communications plan will vary widely depending on the nature of your business.

Enable IT uptime. To understand the IT piece of disaster recovery and business continuity today, it helps to look at the not-so-distant past. It really wasn’t very long ago that backup meant daily incremental and weekly full backups to tape or a dedicated disk backup target. Disaster recovery from offsite tapes were-and are-painfully slow and bring considerable downtime. Your IT disaster recovery plan should be built around two concepts; your recovery time objective (RTO) and recovery point objective (RPO). RTO is the amount of time that it takes to get a system restored following a failure or disaster event, and RPO is the point in time to which your data can be restored.

A better way to enable your IT uptime is to run applications from image-based backups of virtual machines. This capability is commonly referred to as “recovery-in-place” or “instant recovery.” Recovery-in-place dramatically improves RTO because operations can continue while primary servers are being restored. RPO is reduced as well—snapshot-based, incremental backups at 15 minute intervals are a common practice.

Keep your business moving. Some possible considerations for your organization to focus on when planning for a disaster are insurance coverage, employee training and facilities issues. In addition, knowing your downtime impact is crucial to your recovery efforts. Many organizations today have limited tolerance for application downtime and if your employees or customers do not have access to essential applications and data, there will be a direct impact on productivity and revenue. While this sounds obvious, many organizations do not consider the actual costs of downtime for a business.

To better understand the cost of downtime and how it can cost your company dollars, our Cost of Data Loss Worksheet is a great tool to begin measuring exactly where your business vulnerabilities are and how to better protect your data assets and continuity.

Would You Rather Text Than Talk? 7 Essential Tips For Business Texting

You use your iPhone or Android for everything else. Your spouse even texts you to grab some milk at the store or to tell you they’ll be gone when you get home. It’s quick, easy and gets the job done. Why not in business too?

Well here’s the thing…even though text messaging might be your main form of communication for everyday social communications with friends and family, there’s an unspoken idea that you shouldn’t text colleagues and business associates. However, business text messaging is such an easy way to stay in contact with other people on the job, as long as you avoid some awkward texting gaffes that can cause issues in the workplace. So…if you’re going to text for business purposes, follow these 7 texting tips to keep it professional:

1. Know when texting is appropriate

Despite the omnipresence of cell phones today, not all users have text messaging services enabled. This means that users can incur extra charges to send and receive messages. So before sending someone a text message, ask if it’s okay. You can also go ahead and assume it’s okay if the other party initiates the texting. Avoid texting outside of normal work hours, and especially late at night—you never know when the ‘ding’ might wake someone up!

2. Be respectful of those in your physical presence

Whether you’re in a meeting with a client, or having dinner with your future boss, show respect for their time by saving the text messages and phone calls for later. To quickly switch into meeting settings, just set your cell phone to airplane mode, and your texts will be held until you disable it.

3. Avoid relying on texting for urgent matters

Sometimes time-sensitive matters arise, such as a meeting being rescheduled. But you cannot guarantee that you will get hold of someone in time through texting. For this reason, it is best use more formal methods, such as calling or emailing if you cannot speak to a colleague in person. For truly urgent matters, you may use multiple modes of communication, but do so only when circumstances call for it.

4. Group texts should be used sparingly

Group texts may seem like a convenient way of reaching out to multiple people, but it can be really irritating to be on the receiving end of them. Responses go to everyone, which isn’t always clear to the participants. That means they can receive message after message from contacts that they may not even know. And remember the point about not texting people whose cell phone plans incur extra charges? That definitely applies here, too. Instead of a group text, opt for a meeting, conference call, or email thread.

5. Don’t send bad news via text

Text messaging is an inherently informal method of communication, and as such should not be used for more serious matters. If you need to deliver bad news to someone, it’s best to do it in person. In some circumstances, you may have to deliver it via email or phone, but try to imagine how the person on the other end of the line might react to the news first.

6. Use emojis sparingly or not at all

With smartphones came along some fun new features, such as emoticons, or ‘emojis’. But while there’s an emoji for just about any occasion, resist the urge to saturate your texts with them. Using emoticons may come across as unprofessional, so don’t go overboard if you do choose to send them. And if do so with someone you know well, stick to the classics, like simple smiley faces.

7. Structure your text in a professional manner

This means no casual abbreviations (e.g. “lol”), typing in all caps, or misspellings. Try to keep your message brief and to the point, otherwise send an email instead. Always sign your name on your initial message as well, unless you’re confident that the recipient will know who it is.

If you do text in a business environment, especially with a customer or prospect, follow these 7 tips to ensure that you are perceived as the true business professional that you are!

Keep Your Business Alive with BCP

• Cloud backups are affordable and cost much less than onsite backups Backups can be automated, therefore saving you time
• Cloud providers usually back up your data to multiple locations (so if one of their facilities goes down, your backups are still safe at another site).
• Backups can be accessed from anywhere, whether it’s at an employee’s home or at an alternate office.
• If you need to access them, backups can be restored quickly