07 Feb

Why it’s time to add more layers to your standard IT security and to protect WITHIN

By Witold Stanislawski, Technology Solutions Advisor.











No business with Internet access is immune from the threat of compromised passwords, unauthorized electronic resource access, data breaches and other activities performed INSIDE the network.

Statistically, more than 70% of cybercrime incidents target the Small Business space. 60 – 65% of those business will close their doors within 6 months from such breaches. Most attackers tend to “watch” the network activities and e-mail communications for a few weeks before they strike. During that time their activities are usually undetected.


You mostly likely already have some layers of security like firewall, anti-virus, web browsing protection and anti-spam filters. Those are ‘must have’ 1st layers of defense against modern cyber-attacks.


Firewalls, anti-virus, and anti-malware software are an equivalent of a perimeter protection at an organized event, where attendees must go through metal detectors and randomly show their IDs. The layers above do just that for computer networks.


However, until now, there hasn’t been a practical and inexpensive way to know if any of the security policies were being breached from INSIDE of the network. Economically, it was out of reach for the Small Businesses. NIE MSSP Total Proactive Network Protection technology provides the missing layer of internal network security. Don’t hesitate to contact us to get the conversation about network security started.



How can you tell if you are receiving poor or substandard IT service?
How do you know if your computer guy is doing everything possible to secure your network from downtime, viruses, data loss, or other frustrating and expensive disasters?
Could your current technician actually be jeopardizing your network?
These are some common question most SMB owners ask themselves. Sign up below and get your questions answered.

By submitting this form, you are granting: Network It Easy, Inc., 5400 Patton Dr., Lisle, IL, 60532, permission to email you. You may unsubscribe via the link found at the bottom of every email. (See our Email Privacy Policy (http://constantcontact.com/legal/privacy-statement) for details.) Emails are serviced by Constant Contact.
Share this
04 Dec

Ransomware: BIG Threat for Small and Medium Sized Businesses

Most small and medium business (SMB) owners do not yet realize the level of threat and potentially devastating results associated with ransomware.

Ransomware is literally the act of somebody holding your data, software, PC or computer system hostage until you pay them a ransom to get it back. What happens is that you suddenly have no access to a program or file and a screen appears announcing your files are encrypted and that you need to pay (usually in bitcoins) to regain access.

Recent studies that explored the frequency, impact, cost and other factors associated with ransomware attacks in the SMB arena showed more than one-third of businesses have experienced a ransomware attack in the last year. For roughly one in six impacted organizations, a ransomware infection caused more than 20 hours of downtime, with some organizations reporting an outage of more than 100 hours.

SMBs tend to most frequently get infected with ransomware via phishing emails (either in an attachment or a link) and shared USB drives.

Several steps can help minimizing the risk of getting ransomware, including staff education and awareness.  Train your staff to be cautious of suspicious messages and files, even if they come from a trusted source.

Ransomware also most frequently infects computers running older operating systems (i.e. Windows XP) that Microsoft no longer supports or updates. By upgrading to a newer, completely supported operating system (i.e. Windows 10), an ongoing stream of updates respond proactively to new security threats.

Work with a reputable Managed Service Provider (MSP).  For a fraction of the cost of a full-time employee, SMBs can outsource network support and avail themselves of the latest endpoint monitoring tools, data back-up and recovery solutions and a full team of people available to fully support their computer system.

Here are some ransomware tips for SMBs and their customers to provide some level of protection against cyber-attacks:

  • Always keep your security software up to date, since new ransomware variants appear on a regular basis.
  • Keep your operating system and other software updated – Software updates usually include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
  • Be wary of unexpected emails, especially the ones containing links and/or attachments.
  • Backing up important data is essential, it is the single most effective way of combating ransomware infection. In case of cyber-attack, if company has backup copies, its files can be restored once the infection has been cleaned up. However, organizations should ensure that backups are appropriately protected or stored offline so that attackers can’t delete them.
  • Using cloud services could help mitigate ransomware infection.


Share this
06 Nov

We are covered! And so are our customers

Please note that Webroot customers are protected from the Bad Rabbit – malware that is affecting computers across some Eastern-European countries, as well as Russia, Ukraine and Japan.

Here is what we know about Bad Rabbit thus far:

  • it is a well-made piece of malware that uses a lot of clever tricks to spread; in many aspects, it is similar to NotPetya, which affected customers across the globe this summer;
  • it has been successful as it has worm-like behavior, using embedded usernames and passwords to move laterally through the network;
  • attackers used compromised websites, most of which are news sources local to the APAC/Eastern European region, as watering-hole infection vectors;
  • When Bad Rabbit tries to restart your machine and encrypt data, Webroot SecureAnywhere, will prompt you with a warning about unauthorized Master Boot Record alternation. Webroot also blocks the files responsible for Bad Rabbit through the BrightCloud Threat Intelligence Platform.

Although Webroot customers are protected against Bad Rabbit, all users are recommended to maintain good cyber hygiene, including:

  • limit Admin account usage to only employees who need it;
  • don’t use easily guessable passwords;
  • update Windows – Ransomware authors take advantage of unpatched systems;
  • backup your data – Ransomware is crippled entirely if you have a backup copy of your data.

Source: http://tinyurl.com/ybu7arlt

Share this
19 Oct

Is malvertising the newest threat?

As you may remember, in May 2017 Equifax, a provider of consumer credit reports, said it experienced a data breach affecting over 140 million US consumers after hackers exploited a vulnerability on its website. That’s about 44 % of the US population! The data exposed in the hack included names, Social Security numbers, birth dates, addresses, and, in some cases even driver license numbers. Unfortunately, this wasn’t the last time Equifax’s website was breached. The site was maliciously manipulated last week, this time to deliver fraudulent Adobe Flash updates. Visitors who clicked the link had their computers infected with adware, which only three out of 65 antivirus providers managed to detect.

If you come to think of it, this is really worrying; the site which previously lost personal data of so many US citizens with a credit history was once again attacked, this time to trick visitors into installing malware, called by Symantec Adware.Eorezo. Usually, in order to avoid being caught, attackers provide malicious downloads only once to just a select number of people. Surprisingly, this time the bogus Flash download links were served to the same visitor at least three times in a row. The Equifax site was redirecting users to the centerbluray.info page which delivered MediaDownloaderIron.exe file. Sometimes browser was redirected to at least four domains before finally opening the Flash download file.

Unfortunately, only Panda, Symantec, and Webroot were able to detect the file as adware. Luckily for our customers Webroot is part of our Managed Services Provider package, so we know we keep you safe. Malwarebytes flagged the centerbluray.info site as one that pushes malware, while both Eset and Avira provided similar malware warnings for one of the intermediate domains, newcyclevaults.com.

It’s not yet clear how the Flash download page got displayed. Researcher Kevin Beaumont in his twit suggested that Equifax was working with a third-party ad network or analytics provider that’s responsible for the redirects. This could mean that the breach isn’t on the Equifax site and may be affecting other websites as well.

Source: https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/

Share this
11 Oct

Disaster recovery vs. security recovery plans: Why you need separate strategies

Many enterprises blend their disaster recovery and security recovery plans into a single and easy-to-implement package. But such an approach not necessarily makes sense. Undoubtedly security and disaster plans are related but not always the same things. Disaster recovery and security recovery have inherently different objectives: the former is more about business continuity and the latter about information asset protection. With disaster recovery plans we tend to focus on data quality in the first place and with security plans we rely on capability of protective control, we focus on “protecting forward”.

Many SMBs combine their disaster and security strategies as a matter of convenience, lured by so many similarities of those plans. Both types of plans include procedures to minimize the impact of a malicious event, that are followed up by procedures to recover from that event, as well as procedure to test and return to business as usual operations. Furthermore, both disaster recovery and security plans have an option that allows to minimize the possibility of a similar event occurring once again.

But if we dive deeper, we will find that the disaster recovery and security plans are fundamentally different:

  • Disaster recovery plans focus on recovering IT operations and business continuity,
  • Security plans focus on preventing or limiting IT interruptions.

Security recovery strategies need to be revisited and updated more frequently than disaster recovery plans. Events such as fires, floods or blackouts are unpredictable but we generally understand their nature. Security threats are also unpredictable, but their nature is often hard to be understood. Nowadays new external cyber threats are mushrooming, they become more and more technically developed and harder to detect, that is why it’s more difficult to keep a security recovery plan up to date. The number of natural or man-made disasters that can possibly threaten our business is relatively static. Keeping that in mind, all SMBs should implement separate disaster recovery and security plans for best protection.

Share this
22 Sep

Your Small Business Isn’t Invisible to Hackers or Immune to Attacks

Did you know that businesses with fewer than 250 workers have become a prime target of cybercriminals? The worst misconception any SMB can have, is that they are too small to be noticed by cybercriminals. Even businesses with less than a dozen employees have become a growing target.

Hackers see SMBs as being more susceptible to security breaches since they typically lack solid security. Instead of attempting one risky “big score”, today’s cybercriminal targets thousands of small businesses at once and uses malware to collect stored credit card information that they use to extract money. Additionally, SMBs are often seen as a gateway to the data of their high-end B2B clientele.

3 Ways to Enhance Security Without Breaking the Bank

Budget isn’t an excuse when it comes to security. Here are 3 security-enhancing fixes that don’t require big investments:

  1. Take Inventory:Many businesses have overcomplicated computer systems that are outdated, poorly secured, and not even business critical. Identify these.
  2. Talk Security:Employees are your greatest security threat. Talk to them about averting phishing email threats, frequently updating passwords, and staying safe while working at the office or remote.
  3. Don’t Fear the Cloud and Managed Services:Don’t let paranoia keep you from moving email, backup, and file sharing to the cloud. It saves money and is often safer. A managed services provider can also take over both routine and complex security tasks.

Don’t Be Forced Out of Business By Cybercrime

According to the National Cyber Security Alliance, one out of every five small-and-medium sized businesses is hit by cybercrime each year. Roughly 60% of these SMBs are out of business within six months of an attack.

Today’s cybercriminal doesn’t discriminate by business type or size. They look for exposed security cracks and vulnerabilities that are rife with opportunity. Don’t be the type of ignorant and defenseless SMB they typically feed on.

Share this
25 Aug

Office 2007 End of Life roadmap – Part I

On October 10, 2017, Office 2007 will reach End of Life. If you haven’t already begun to upgrade your Office 2007 environment, we recommend you start now. It is high time. Being Microsoft Certified Partner, Network It Easy can provide useful deployment benefits for cloud migrations and for on-premises upgrades.

So what does End of Life mean?

Office 2007, like almost all Microsoft products, has a support lifecycle during which company provides new features, bug fixes, security fixes, and so on. Such a lifecycle typically lasts for 10 years from the date of the product’s initial release, and the end of this lifecycle is known as the product’s End of Life. When Office 2007 reaches its End of Life on October 10, 2017, Microsoft will no longer provide:

  • Technical support for issues
  • Bug fixes for issues that are discovered
  • Security fixes for vulnerabilities that are discovered

In addition, as of October 31, 2017, Outlook 2007 will be unable to connect to Office 365 mailboxes, which means Outlook 2007 clients using Office 365 will not be able to receive and send mail. Because of the changes listed above, we strongly recommend that you upgrade as soon as possible.

This is a good time to explore your options and prepare an upgrade plan. You can:

  • Upgrade to Office 365 ProPlus, the subscription version of Office that comes with many Office 365 plans.
  • Upgrade to Office 2016, which is sold as a one-time purchase and available for one computer per license.
  • Upgrade to an earlier version of Office, such as Office 2013.

If you think you cannot manage that process on your own, contact us and will be happy to help. In our next post, we’ll show you what Office 365 ProPlus is, so stay tuned.

Share this
14 Aug

The Importance of Regular Network Security Assessments

We often forget that periodically assessing our IT security is an important part of our organization’s preventive maintenance plan. Security is mostly an invisible attribute, we tend to set it up and then forget about it. But each of us has our blind spots, causing us to miss things. Our infrastructure changes over time, possibly opening it up to new vulnerabilities. And new methods of attack are invented daily, so what was secure yesterday may not be secure today. Think of your company as of your car with a list of scheduled maintenance tasks and create a similar list of security features to be checked on a regular basis. Undoubtedly you can perform some of them yourself, but nothing can replace an independent expertize.

An increasing number of organizations are bound by governmental regulations that dictate what security measures you should have in place and how they should be audited. HIPAA, PCI, FISMA, Sarbanes-Oxley, and Gramm-Leach-Bliley all dictate how to secure different types of data and the systems that manage it. They also require regular security posture assessments, though they vary on specific requirements and time frames.

There are many benefits to doing periodic assessments beyond simply complying with government regulations. Undertaking regular assessments can help you to:

  • Find out whether your security has already been compromised. According to FBI there are two kinds of companies; those that have been hacked and those that don’t know they were hacked.
  • Stay on top of the latest security threats — with new attacks coming on the scene every day, you could become vulnerable even if nothing has changed since your last assessment!
  • Educate your employees – increase their awareness and understanding of security issues.
  • Let your customers know that security is important to you and that you care about them and their data.


Here are some categories that you need to pay attention to, if you want to make sure that your network security assessments are done diligently:

  • Check out in which ways your security can be compromised from the inside or outside, from both internal and external sources of attack. It is not enough to audit your firewall rules, you need to know if hackers can gather information through a company directory posted on the Internet.
  • Check how well have you been keeping up with patches? These are areas you need to pay attention to: operating systems on servers and workstations; infrastructure services such as email and DNS; enterprise applications including Web applications and databases; and desktop productivity applications. So, are you following your patch policies?
  • Assess and re-assess how your network is defended at its perimeter, and how well it is segmented internally to limit the damage that can be caused by prying eyes or errant applications. Audit both your device configurations and your update procedures and policies.
  • Write down your security policies to give your employees guidance and you a benchmark with which to compare your performance.
  • Use encryption to secure internal and external communication, including between layers of software.
  • Viruses can come from practically anywhere: from an employee’s home laptop, from visiting a malicious Web site, from an infected USB drive. How well is your antivirus software working, and how prepared are you to stop viruses if your countermeasures fail?
  • Develop a policy that dictates how complex user passwords must be and when users are forced to change them. Make sure you are auditing it periodically by running password-cracking software.
  • Assess how well your organization works, how well your procedures are documented, and how well your staff members keep up to date with their field.
  • Remember that backups are important part of your security strategy; verify that they work by actually restoring your data.
  • You may be bound by governmental regulations dictating how you secure and manage your business data and your customer information. Whether your organization falls under HIPAA, FISMA or PCI DSS you need to do a risk assessment. Self-assessment is surely a good thing, but in order to prepare for a full compliance audit it’s important to get an independent outside consultant to perform this critical assessment.


Share this
03 Aug

Introducing Microsoft 365

Last month at Inspire, Microsoft unveiled Microsoft 365, which brings together Office 365, Windows 10 and Enterprise Mobility + Security, delivering a complete, intelligent and secure solution to empower employees. It represents a fundamental shift in how we will design, build and go to market to address our customers’ needs for a modern workplace.

With more than 100 million commercial monthly active users of Office 365, and more than 500 million Windows 10 devices in use, Microsoft is in a unique position to help companies empower their employees, unlocking business growth and innovation. To address the commercial needs from the largest enterprise to the smallest business, the company is introducing Microsoft 365 Enterprise and Microsoft 365 Business.

Microsoft 365 Enterprise is designed for large organizations and integrates Office 365 Enterprise, Windows 10 Enterprise and Enterprise Mobility + Security to empower employees to be creative and work together, securely. Microsoft 365 Enterprise:

  • Unlocks creativity by enabling people to work naturally with ink, voice and touch, all backed by tools that utilize AI and machine learning.
  • Provides the broadest and deepest set of apps and services with a universal toolkit for teamwork, giving people flexibility and choice in how they connect, share and communicate.
  • Simplifies IT by unifying management across users, devices, apps and services.
  • Helps safeguard customer data, company data and intellectual property with built-in, intelligent security.

Microsoft 365 Enterprise is offered in two plans—Microsoft 365 E3 and Microsoft 365 E5. Both are available for purchase as of August 1, 2017.

Microsoft 365 Enterprise is built on the foundation of the highly successful Secure Productive Enterprise, which grew seats by triple digits in the last year. Going forward, Microsoft 365 Enterprise replaces Secure Productive Enterprise to double-down on the new customer promise of empowering employees to be creative and work together, securely.

Microsoft 365 Business is designed for small- to medium-sized businesses with up to 300 users and integrates Office 365 Business Premium with tailored security and management features from Windows 10 and Enterprise Mobility + Security. It offers services to empower employees, safeguard the business and simplify IT management. Microsoft 365 Business:

  • Helps companies achieve more together by better connecting employees, customers and suppliers.
  • Empowers employees to get work done from anywhere, on any device.
  • Protects company data across devices with always-on security.
  • Simplifies the set-up and management of employee devices and services with a single IT console.

Microsoft 365 Business is available in public preview starting August 2, 2017. It will become generally available on a worldwide basis in the fall (CYQ3) of 2017.

As a part of Microsoft commitment to small-to-medium sized customers, they’re also announcing the preview of three tailored applications that are coming to Office 365 Business Premium and Microsoft 365 Business:

  • Microsoft Connections—A simple-to-use email marketing service.
  • Microsoft Listings—An easy way to publish your business information on top sites.
  • Microsoft Invoicing—A new way to create professional invoices and get paid fast.


Share this
30 Jun

New in Office 365 security and compliance—June update

Recent Microsoft updates for security and compliance include enhancements to Advanced Threat Protection, eDiscovery, Advanced Data Governance, Advanced Security Management and expanded support for Windows Information Protection. Read on to learn more about these updates.

Office 365 Exchange Online Protection (EOP) and Advanced Threat Protection (ATP) were designed to keep your organization protected against cyber-attacks while supporting end-user productivity. The Office 365 team continues to enhance both EOP and ATP by offering deeper insights and more flexible controls. This month, they are introducing the following new capabilities:

  • Threat Protection status report—New reporting for ATP and EOP that adds visibility into malicious emails detected and blocked for your organization. This supplements the recently introduced reports in the Security & Compliance Center for ATP Safe Attachments.
  • Enhanced quarantine capabilities—Now all emails classified as malware from both EOP and ATP are quarantined. This builds upon the existing quarantine experience by allowing administrators to review and delete emails from quarantine.

Additional details on these new features can be found in the Microsoft Tech Community, as well as on the EOP and ATP product pages. EOP is offered across the enterprise E1, E3 and E5 suites. ATP is offered as both a standalone SKU or as part of E5.

Furthermore, Microsoft has recently released several new eDiscovery and Data Governance features in Office 365 in order to help you meet legal, business and regulatory compliance requirements. These features include:

  • Optical character recognition in Advanced eDiscovery—Extracts text from image files or objects within the files, significantly reducing the amount of manual remediation work required to analyze image files.
  • Rights management (RMS) decryptionin Office 365 eDiscovery—Automatically decrypts RMS-encrypted email messages at export time when you choose the MSG Export option.
  • Unified case management—Provides a consistent user interface spanning the eDiscovery capabilities in Office 365, from core to advanced, which helps to reduce potential human errors by streamlining eDiscovery case definition and eliminating several steps in the process.

Many organizations have the need to perform supervision of employee communications. This need stems from internal security and compliance guidelines, or from regulatory bodies such as the Financial Industry Regulatory Authority (FINRA). In both cases, failure to have a demonstrable supervision process in place could potentially expose organizations to liability or severe penalties. To address this need, Microsoft has released the new Supervision feature in Office 365 Advanced Data Governance. Supervision covers not only email communications, but also third-party communications streams, such as Facebook, Twitter, Bloomberg and many more. Supervision is part of Office 365 Advanced Data Governance, which is available as part of Office 365 E5 or the Office 365 Advanced Compliance SKU.


Share this
22 Jun

New PowerPoint and Word Viewers

Last week Microsoft announced a new, streamlined web experience for instantly viewing Word and PowerPoint files in One Drive and SharePoint Document Libraries. The PowerPoint and Word Viewers are new Office 365 features and you’ll begin seeing these new features in the coming days. You’ll notice the following with the viewers:

  • they load instantly, in line with your files, just like you’re used to with popular file formats like PDF, photos, and videos;
  • as much clutter on the screen as possible has been reduced so that you can focus on reading the content;
  • you still have access to the same capabilities you use in OneDrive and SharePoint – including editing the document in your browser or Word and PowerPoint clients;
  • you can share, rename, download or see file information (using the details pane of the file you’re viewing);
  • company Shareable Links for Word and PowerPoint files are now part of this experience;
  • the viewing canvas is getting a fresher look and feel with lighter colors and more purposeful spacing that helps you focus on the content – aligning more to other Office 365 experiences.

These features will be gradually rolling out in the following days, and the roll-out will be completed by the end of July. The best part is that you don’t need to do anything to prepare for this change, but you may consider updating your user training, and notifying your help-desk.

Share this
29 May

New SharePoint and OneDrive capabilities accelerate your digital transformation

Earlier in May, Microsoft unveiled a new wave of innovations that build upon the vision they set forth last year to reinvent content collaboration and usher in a new generation of mobile and intelligent intranets. We already know that SharePoint and OneDrive in Office 365 empowers individuals, teams and organizations to share with confidence, transform business process, inform and engage the organization, and harness collective knowledge. These new announcements make it easier than ever for customers to drive such outcomes and accelerate their digital transformation.

Share with confidence

OneDrive lets you share files securely with anyone—inside or outside your organization. Its deep Office integration, which powers rich co-authoring, allows you to collaborate on these shared files with others in real time. And it lets you access all your Office 365 files, including your individual work files and files shared with you by individuals, teams and the organization—regardless of whether you’re on a PC, Mac, an iOS or Android device or a Windows phone.

See all your files in File Explorer with OneDrive Files On-Demand

Files On-Demand enables you to work with all your files in Office 365—both work and personal, across OneDrive and SharePoint—right from File Explorer, without having to download them and use storage space on your device.

 Share files directly from File Explorer on Windows and Finder on Mac

Starting this summer you will be able to share Office 365 files directly from File Explorer on PC and Finder on Mac. The sharing experience has been simplified, so you can share a file or folder with specific people or send a link that enables anyone who needs access, inside or outside your organization. In addition, you can now control how long a link provides access, and you can easily view and modify the permissions you have granted.

Connect SharePoint team sites with other Office 365 content and services

Over the last year, SharePoint team sites were modernized and connected with Office 365 Groups. Some additional enhancements—coming later this year—will further unify collaboration experiences in Office 365, including:

  • The ability to connect existing SharePoint team sites to Office 365 Groups, so you can augment existing sites with shared conversations, calendar and Planner.
  • Support for adding SharePoint pages as tabs in Microsoft Teams so you can add a tab with a news article or your team site’s homepage, for example. This builds upon the existing ability to add tabs for SharePoint document libraries in Teams.

Transform business process

SharePoint enables you, your team and your organization to streamline tasks, automate workflows and integrate processes seamlessly into your work—on any device and from anywhere you work.

Create custom SharePoint forms and digital experiences with PowerApps

Starting this summer, you will be able to use Microsoft PowerApps to easily create custom forms and rich digital experiences that surface right in the context of a SharePoint list or library. Users can then create, view and interact with data using your custom form or experience, rather than default SharePoint forms.

Inform and engage employees

An intranet lets you communicate to people—keeping them informed of news and information. And it enables you to communicate with people—to engage employees and foster open conversation. It is this engagement that is fundamental to driving digital transformation and culture change.

 Find people, expertise and content faster with powerful, personalized search

When you click in the Search box on SharePoint home in Office 365, recommendations appear instantly. You’ll see recent files, making it easy to get back to your work, as well as relevant content, sites and news. When you’re searching for knowledge, it may be found in content such as files, sites and news. And it might also be found through your colleagues. Now, your search results will include people whose skills, interests and projects—part their Office 365 profile—are relevant to your query.

Search results activate people cards, so you can learn at a glance about a person and the content they work on. One more click activates an extended view with richly detailed information from the user’s profile. These enhancements to search will roll out over the next few months.

Share this
25 May

New OneDrive and SharePoint sharing experience

Microsoft has improved the sharing UI on the OneDrive for Business and SharePoint Online websites and sync clients to provide easier collaboration and better security.

Share command

The Share command now sends shareable links by default rather than granting permissions to specific people like the old Invite people tab. This better matches user expectations that links sent in email can be forwarded to others by default. In other words, Share does the same thing as Copy link except it enables users to send the link immediately to recipients via email.

Both the Share and Copy link commands are now default to the same permissions and use the same link settings.

Users can change settings on sharing links to one of three possible permission levels:

  • Anyone with this link – this shareable link can be forwarded to others or people might be added to the thread. This option does not require recipients to sign-in and hence is the most convenient for recipients. It can be used for sharing content with others, including people outside your tenant.
  • Only people in [tenant] – users who open the link must sign-in or be signed-in to a non-guest account in the tenant. It can be forwarded to others or people might be added to the thread, as long as these people are inside your tenant. If any external user gets a hold of the link, they will not be able to use it. It can be used for sharing internal-only content.
  • Specific people – this link will only work for people who were granted permission (and others who already have access to the item). If recipients want to send this link to anyone else, they need to ensure those recipients have been granted permission to the resource, otherwise the link won’t work. This option produces behavior similar to the “Invite people” tab in the old sharing UI.

Tenant admins who wish to change the default link permission can do so in the OneDrive Admin Center and the SharePoint Admin Center. Users who want to explicitly grant permissions to an item without sending a link can do so by selecting “Manage access” and then selecting “Add people”.

The new sharing UI will be rolling out in late Spring on the following endpoints:

  • OneDrive for Business on the web
  • SharePoint Online document libraries on the web
  • Windows File Explorer context menu for sync’ed files (“Share” command)
  • Mac OS Finder context menu for sync’ed files (“Share” command)
Share this
16 May

The Cloud means no more stormy weather

The Cloud means no more stormy weather?,

Many small firms are pretty busy handling their own business, and don’t give much thought to what they would do if a natural disaster from a bad snowstorm to much worse hit their physical location and cut power, or physical access to the building. What if the equipment storing all of your data and software needed to run day to day operations became inaccessible? What would happen to your ability to continue to serve your clients or customers?

Though we call it the cloud, with images of gray skies and rain, the cloud can be a ray of sunshine. It is an excellent and cost effective resource for smaller firms to make sure they maintain 24/7 access even in bad weather. Because everything is maintained off site, you can (1) bypass disruption or damage that may have occurred at your physical site, and (2) access what you need to keep your business functioning from any remote location.

Small firms need to realize they are most vulnerable to business disruptions, as they have less capital and fewer resources to carry them through a bad period. The cloud represents a simple and value driven resource to address business continuity issues that could turn a small firm’s business upside down.

Share this
02 May

NPO’s and volunteer security nightmare

NPO's and volunteer security nightmare,

Not-for-profits have an unusual issue regarding security. Firms that have trained, paid full-time employees have a strong level of control over the actions of their workers. NPOs, however, may rely heavily on volunteers whose time in the office may be minimal and sporadic. You may feel grateful for their dedication and be less likely to subject them to rigid security training. Also, a threat of punishment for those who make inadvertent errors that create security risks isn’t going to be acceptable in the “volunteer” environment.

Though it may seem a waste of precious volunteer time, you need to consider implementing ongoing training and reminders to all volunteers about what they can do to protect your data and digital infrastructure. The 2 most common human errors are falling for phishing scams and bringing storage devices to your office and introducing them to laptops and other devices. Think of the volunteer who creates a brochure for you in their home office, then downloads it to your office PC. This is an excellent backdoor for a virus or malware to break into your infrastructure.

Remind your volunteers on a consistent basis that no outside storage devices are to be brought into the office for use on the NPO’s equipment. Secondly, provide training on how to recognize phishing scams and the risks of opening unfamiliar emails and links. Finally, for volunteers who work from home, consider using safe shared software platforms like Google Drive or Microsoft 365.

Share this
14 Mar

IT Defense in Depth Part II

In our last blog we started talking about the different layers of security necessary to fully defend your data and business integrity. Today we will look at the human aspect of it, and network defenses. The human layer refers to the activities that your employees perform. 95% of security incidences involve human error. Ashley Schwartau of The Security Awareness Company says the two biggest mistakes a company can make are “assuming their employees know internal security policies: and “assuming their employees care enough to follow policy”.

Here are some ways Hackers exploit human foibles:

  • Guessing or brute-force solving passwords
  • Tricking employees to open compromised emails or visit compromised websites
  • Tricking employees to divulge sensitive information

For the human layer, you need to:

  • Enforce mandatory password changes every 30 to 60 days, or after you lose an employee
  • Train your employees on best practices every 6 months
  • Provide incentives for security conscious behavior.
  • Distribute sensitive information on a need to know basis
  • Require two or more individuals to sign off on any transfers of funds
  • Watch for suspicious behavior

The network layer refers to software attacks delivered online. This is by far the most common vector for attacks, affecting 61% of businesses last year.

Share this
07 Mar

IT Defense In Depth Part I

In the 1930s, France built a trench network called the Maginot Line to rebuff any invasion. The philosophy was simple: if you map out all the places an enemy can attack, and lay down a lot of men and fortifications at those places, you can rebuff any attack. The problem is, you can’t map every possible avenue for attack.

What does this have to do with IT security? Today many business owners install an antivirus program as their Maginot Line and call it a day. However there are many ways to get into a network that circumvent antivirus software.

Hackers are creating viruses faster than antivirus programs can recognise them (about 100,000 new virus types are released daily), and professional cybercriminals will often test their creations against all commercially available platforms before releasing them onto the net.

Even if you had a perfect anti­virus program that could detect and stop every single threat, there are many attacks that circumvent anti­virus programs entirely. For example, if a hacker can get an employee to click on a compromised email or website, or “brute force guess” a weak password, all the antivirus software in the world won’t help you.

There several vulnerabilities a hacker can target: the physical layer, the human layer, the network layer, and the mobile layer. You need a defense plan that will allow you to quickly notice and respond to breaches at each level.

The physical layer refers to the computers and devices that you have in your office. This is the easiest layer to defend, but is exploited surprisingly often.

Here are a few examples:

  • Last year 60% of California businesses reported a stolen smartphone and 43% reported losing a tablet with sensitive information.
  • The breaches perpetrated by Chelsea Manning and Edward Snowden occurred because they were able to access devices with sensitive information.
  • For example, Comptia left 200 USB devices in front of various public spaces across the country to see if people would pick a strange device and insert into their work or personal computers. 17% fell for it.

Next time in Part II, we will talk about the human and network layers of security.

Share this
28 Feb

Data Security: A People Problem

Phishing Scams – A People Problem

There are some things that only people can fix. There are many security risks to which your data is susceptible, but there is one method that remains a wonderfully effective hacking tool. That is the phishing scam. This is a legitimate looking email that asks the reader to click on a link. If clicked, the link can infect the user’s computer with malicious software that can steal passwords, logins, and other critical data. Alternatively, the email appears to be from a legitimate source, perhaps even duplicating a legitimate webpage. The distinction is that the phishing email asks the user to enter personal information, including passcodes. In either case, that is how hackers easily get into your systems.

What’s the best defense against this one? The single biggest defense is education. Training your people to be constantly wary of all the emails they receive. One way some firms are educating their people is by sending out their own “fake” phishing scams. Employees who click on the link inside are greeted with a notice that they’ve fallen for a phishing scam and then are offered tips how not to be fooled in the future. Think of it as the hi­-tech version of Punk’d.

You may not be ready to go that far, but it is important to provide ongoing training to all of your staff about phishing scams. Your staff are all critical factors in your data security plans.

Share this
21 Feb

What is Ransomware and How Can it Affect Your Business?

This cyberattack scheme hasn’t garnered nearly as much attention as the usual “break-in-and-steal-data-to-sell-on-the-Internet version,” but it can be even more debilitating. Ransomware attacks have begun appearing in the last few years and its practitioners are so polished that in few cases they even have mini­call centers to handle your payments and questions.

So what is ransomware? Ransomware stops you from using your PC, files or programs. The business model is as old as the earliest kidnapping. They hold your data, software, or entire PC hostage until you pay them a ransom to get it back. What happens is that you suddenly have no access to a program or file and a screen appears announcing your files are encrypted and that you need to pay (usually in bitcoins) to regain access. There may even be a Doomsday-style clock counting down the time you have to pay or lose everything.

Interestingly, one of the more common “market segments” being targeted in the US has been public safety. Police department data is held hostage, and in many cases, they have given up and paid the ransom. They had little choice. They aren’t the only ones. A hospital in Southern California also fell prey, as did one in Texas.

Ransomware can be especially insidious because backups may not offer complete protection against these criminals. Such new schemes illustrate why you need to have a professional security service that can keep you up to date on the latest criminal activities in the cyber world. Talk to an MSP about possible protections against ransomware.

Share this
14 Feb

Data Breaches are a Question of When, Not If

You hear on the news all of the time about big cyber attacks on large corporations, and even government agencies. The trouble with this news coverage is that is suggests a distorted view of where cyber attacks are taking place. These attacks are not solely hitting large organizations. Small firms represent a significant portion of those who face cyber attacks. Being small by no means keeps you immune. In fact, small firms can be used as conduits to larger organizations. That is likely what happened in the case of Target Corporation back in 2013

If  you’re a small business, then you’re a target for cyber criminals. Last year, 71% of small to medium size businesses were the victims of cyber attacks.

Today’s concern is how you would respond to an attack. 31% of small to medium businesses do not have a plan of action for responding to IT security breaches, and 22% admit that they lack the expertise to make such a plan. A data breach is disastrous.

Your response determines whether it’s a survivable disaster. You need to have a statement for customers ready, (47 states require businesses to disclose data breaches), you need to be able to quickly access backups, and you need access to professionals with experience in disaster recovery and business continuity.

Share this

© 2017 Network it Easy, Inc. All rights reserved.