Posts

Workplace remote work.

Workplace: What You Should Know

Software-as-a-service companies are more and more common these days. With many industries seeing the benefits of SaaS, there is growing interest in these types of services. However, finding the right service is the key. Of all hosted services, Workplace_ is among the best.

Workplace promotes remote team collaboration and improves employee productivity for your company. A cleaner, user-friendly interface allows you and your co-workers to find, access and share files, websites and apps easier than ever before.

What’s more, Workplace’s key upgrades assure its users better security and regulatory compliance, as well as make the platform a tool for remote workers and organizations who care about keeping their data safe.

So, what are the main changes that will transform your Workplace_? 

Makeover of the Workplace Web App in Windows and Mac

On Windows, you are able to resize the app as big as you wish, even entering full-screen mode in your computer. You could also minimize it as small as you want so it doesn’t take the entire screen if you’re working with multiple applications or browser windows.

On Mac, Workplace works perfectly with the OS version, Mojave. Upgrades were installed, fixing an issue that previously affected users: the inability to see some virtual graphics products. Developers working on improving this app went above and beyond not only fixing what users weren’t able to see or the app wasn’t able to display, but also enabling Workplace to function on multiple monitors.

Pin Any File or Folder to Your Launch Page

Workplace has a feature that allows users to “star” websites, applications, folders and files that you can open directly from the Launch page with just a simple click.

Workplace’s Feature: Websites

You are able to see all the websites you visit and work with on a daily basis in a section dedicated specially for that! You can “star” (or pin) a website to your Launch page and see the Websites section there, or you can visit the sidebar menu on the left to see all of your featured and frequently visited sites.

Also, you can save websites with or without including login credentials and set up your username and password without depending on a company manager to do so. And let’s not forget about the feature that allows you to share bookmarks and websites with your colleagues, increasing collaboration and team productivity levels.

Find All Your Hosted Apps in One Place

Talking about simplifying workflows and increasing productivity, Workplace gives Citrix (“hosted”) applications their very own section. Click on “Hosted Apps” on the app sidebar and you will find all your hosted applications, or “star” the apps you use the most appear in your Launch page for quick and easy access.

Streamline device management, business continuity, & consistency of your remote operations with our Workplace cloud solution.

See If You Have Compliance Issues

All apps in the Workplace desktop platform have a feature that perfectly aligns with the company’s mission of keeping our customers’ data safe and improving security compliance. “Compliance Status”, the latest feature on Workplace, is implemented on both Windows and Mac machines. It checks your devices to see how your compliance level compares to the industry’s best practices.

What’s more, if you have compliance issues, recommendations will be made to fix the problem and get you to 100% compliance.

Run your Firm from the Cloud

Workplace provides a comprehensive solution that combines cybersecurity and compliance needs. The all-in-one, cloud based platform delivers and intuitive experience that reduces risk of data leakage.

You can protect your firm’s most important data by ensuring that all applications run only from this unified cloud environment. There is also improved continuity and disaster recovery features so your operation stays fully functional through any event.

Multi-Factor Authentication Keeps Your Firm Secure

Workplace also reduces the risk associated with logins and passwords. Employees access customized applications with one-click access. It also comes with multi-factor authentication that conforms to NIST (National Institute of Standards and Technology) guidelines.

Furthermore,  Multi-Factor Authentication enforces authentication methods required by regulation.  These methods are supported by both iOS and Android as well so employees can use them, regardless of device.

 

For more information on the cloud, cybersecurity and more, visit our website.

 

Nerds Support Contact Us Leaderboard

MGM Resorts Phishing Hack Data Breach Thumbnail

MGM Resorts Hack Exposed the Data of 10.6 Million Guests

Hackers leaked the personal information of over 10 million MGM hotel guests this week on an online hacking forum.

The data was obtained last summer after hackers accessed MGM servers.

Victims of the data dump include government officials, CEO’s, celebrities among others. Also, the leaked information included personal information like full names, phone numbers, dates of birth and emails.

Data Breach

The majority of stolen data is considered “phonebook information”, information available to the public even before the breach. Additionally, The information that was obtained by hackers could be used conduct other types of cyber-attacks.

‘Phonebook Information’ is NOT useless

A hacker can turn this trove of seemingly useless information into a valuable asset through spear-phishing. The more detailed the information available the easier it is to compose an email designed to trick someone.

Spear phishing attacks only work if they’re detailed enough to fool the victim into clicking on a link or the attachment. Hackers could use the phonebook data to craft a scam involving the IRS or a digital subscription.

Moreover, the hacker who dumped the information is still unknown but experts believe they’re associated with the group GnosticPlayers. GnosticPlayers is a hacking group that dumped over a billion user records all through 2019.

Gnostic Players

Gnosticplayers gained fame after publishing data from several hacked companies, like Canva and Zygna, among others. The group was comprised of two individuals, Nclay and DDB. Nclay would hack and DDB would sell.

Furthermore, once groups like Gnostic players gets the sought after data, they sell it in a darkweb marketplace like Joker’s Stash or Dream Market. At that point, other people can freely buy that information for their own purposes.

Marriot Hack

Although the hack in MGM is quite large, it isn’t the first hotel chain to get hacked. In November 2018, 500 million people had their personal information stole in a hack that lasted four years.

Marriot’s a good example of how breaches aren’t easy to spot. Sometimes, breaches can happen without any sign that anything is wrong.

Luckily the breach in MGM wasn’t as severe but it could have been. MGM Resorts is publicly traded and has 80,000 employees spread throughout 29 hotel and casinos.

MGM said in a statement to ZDNet that it was “confident” no financial information was taken.

Although the majority of the leaked data was phone-book information, some guests had more sensitive data exposed online.

1,300 guests were informed that information like passport numbers were gained from the breach.

However, most US states don’t require companies to inform their customers if public data has been exposed through a hack.

MGM Resorts Phishing Hack Data Breach Leaderboard

2020 Top Security Concerns Thumbnail

How to Resolve Your Biggest Cyber Security Concerns

Businesses face all types of issues. However, advances in technology have made a handful of concerns more pertinent than others.  In a poll conducted by Nerds Support, we discovered the top concerns businesses had related to data loss, compliance and security. As a result, we’ve addressed just a few ways your business can resolve these problems from most important to least.

Nerds Support Polls Cyber Security Concerns

1) Data Loss Prevention

Data is the most important currency any successful business has today. Furthermore, if you’re in a heavily regulated industry like financial services, data security is everything. That means data, and how companies manage it, often comes to define them. Losing Data can completely disrupt, and in many cases, destroy a company. Here are few ways you can prevent data loss in your business.

Back Up Data

Backing up your data is simple, not easy. Businesses often neglect to back up information when they’re busy or prioritize other tasks instead. Creating an effective backup strategy is the best way to commit to scheduled backups. You probably have data with varying levels of importance. Data that is critical to your business and data that is less so. Therefore, you should designate what data to back up daily, weekly, monthly, etc., in your plan.

Encrypt Your Data

Many organizations collect personal data from their clients. This data can come in the form of names, social security, financial information and more. If this data is stolen or leaked, the organization responsible for keeping the data safe would be in jeopardy. Potential lawsuits, investigations and the backlash from a data breach could destroy a business’s chances of recovery as a result.

Invest in a service that encrypts backups automatically to secure your data against anyone looking to steal, abuse, or access it. Cloud back-up services does just that.

The More (Backups) The Merrier

If you have important data back it up as often as possible. Backup all data imperative to your business in multiple formats to ensure its safety. Three backups are the standard for particularly important data. Moreover, backups on a cloud server and a hard-drive prevents data loss if your physical office is damaged or if there’s an outage.

Be Smart About Where You Work

Bring-your-own-device culture is more popular than ever. With cloud computing, employees can use their own laptops and mobile devices to work outside the office when they’re sick or on the road. Although this is good for productivity, they can also leave your data vulnerable if misused or misplaced.

Make sure to avoid public Wi-Fi networks as they can be exploited by a hacker to gain access to your device. If you’re going to use a mobile device or personal computer, purchase a VPN to encrypt your information. Using personal hotspot are also a good option since they’re private and cannot be accessed as easily.

Work With Professionals You Can Trust

If you do lose your data for whatever reason, trying to recover it yourself might worsen the damage. That is why it’s important to confide in experts that can keep your data safe and facilitate recovery when it occurs.

2) Maintaining Compliance

Regulatory changes, managing costs and meeting deadlines make maintaining compliance a struggle for businesses. The cloud, however, could resolve those issues and simplify compliance work dramatically.

Compliance Work Made Easy

Companies are often reluctant to leave paper filing and in-house storage behind. Trusting a third-party cloud provider to store important data seems daunting and unreliable, but that couldn’t be further from the truth. In reality, the cloud allows for quick and accurate data analysis that can cut down costs associated with compliance.

The cloud makes auditing easier. With its automated data backups and file sharing capabilities, auditors and employees can keep track of and review electronic files effectively. That also means the business becomes more transparent on the cloud.

Tracking Proper Documents

Compiling all the necessary documentation is half the battle. Internal Auditor Magazine recommends using applications that multiple users can review and edit. You also need a reliable IT department to monitor where the records are stored. As alluded to above, downtime and outages can be a real nightmare if your data isn’t properly backed up or stored in multiple formats.

If your IT department is overloaded with work or is too small properly manage record storage, then a co-managed IT department might be your best option. A co-managed contract with a managed service provider allows you to bulk up your IT department and delegate tasks to that your own department can’t do on its own. Co-managed solutions are great for growing financial firms, for example.

For smaller companies, outsourcing tech responsibilities means securing all necessary data without having to hire more individual techs.

3) Social Engineering & Ransomware

Social engineering is an issue impacting every industry. That’s because social engineers attack individual users with deceptive emails. Individual users are usually employees. If a cybercriminal can get one employee from your company to click on a link, they can access their machine. If they can access their machine, they can access the company’s systems.

Once in, a cyber-attacker encrypts data with malware and holds it ransom until the company pays a large fee.

Training

When employees recognize a potential phishing email in their inbox, it’s harder to trick them. Whenever you receive a dubious email containing a link or an attachment, send it over to your IT department to analyze. Even if it seems harmless, send it over.

Social engineers tailor scams to specific individuals and they’ll use personal information to get a click. It could be a message from your bank asking you for payment card information. It might be a store the user shops in offering online deals.

Investing in anti-phishing software helps protect employees from email scams.

Monitor Your Systems at All Times

MSP’s are a good option for companies looking to increase security as well. They monitor activity 24/7 and are available to answer questions and concerns a user might have about potential threats. Nerds Support, for example, trains and informs users on social engineering red flags, working with the user to review emails and files they’re unsure about.

A culture of healthy skepticism will improve an employee’s chances of avoiding a ransomware attack. However, employee awareness is not enough. Having updated cyber security software and dedicated cyber experts to assist in dealing with threats should be part of any business’s cyber security plan.

I’ve briefly touched upon the biggest concerns businesses have, but if you want more in depth articles on these topics visit our blog.

If you’d like to talk to real cyber experts about your biggest business concerns contact us and we’ll be happy to answer any questions about the cloud computing, cybersecurity and MSP’s.

2020 Top Security Concerns Leaderboard

What Should Concern Businesses About the New Orleans Cyberattack

The city of New Orleans experienced a cyberattack so severe Mayor Latoya Cantrell declared a state of emergency.

The attack occurred on Friday, Dec. 13 and caused the city to shutdown government computers. Officials announced the shutdown via social media posts.

City Shutdown Government Computers

The attack started at 5 in the morning, according to the city of New Orleans. At around 11 a.m., employees noticed what they considered suspicious activity. As a result, the city’s IT department ordered employees disconnect from Wi-Fi and close down their computers.

Fortunately, an investigations into the attack is currently underway as Federal and State agencies gather more information. As of now, nothing is known about the malware used during the attack and the Mayor said no ransom demands had been made yet.

Louisiana’s Third Cyberattack

This ransomware attack is the third to affect Louisiana in five months. In November, another attack prompted Louisiana’s Office of Technological Services to shut down multiple state agencies. And in July, cyber criminals attacked several Louisiana school districts, shutting down their networks for ransom.

As a result of the schools attacks, Governor John Bel Edwards declare a state of emergency that allowed state agencies to help local governments recover from the attack.

What’s the Damage?

Unfortunately, it’s always difficult to tell the extent of the damage. It could take months and, in some cases, years to truly understand what information was stolen.  Furthermore, hackers could have stolen government employee information, financial information and more from New Orleans.

Moreover, they will have to contact financial institutions and implement new procedures to address cyberattacks like this as well as increase security on their networks.

This begs the question, if State governments have to shut down entire systems and declare a state of emergency to deal with a cyberattack, what will it cost a small business?

Since the attack in November, The National Governors Association (NGA) has urged states to develop a formal continuity plan for responding to cyber threats. Additionally, cyber forensic experts will need to be brought in to investigate the breach.

New Orleans Government Cyber Attack Statistics

 

Cyber Response Plan

The NGA released a State Cyber Response plan in July, that governments are developing and 15 states have made their plans public.

Without a doubt, the impact of ransomware attack is nothing to scoff at and governments are learning the hard way. Ultimately, having a continuity plans in place ensures recovery from a breach runs as smoothly as possible.

Cybercriminals Declare Hunting Season

The FBI issued a warning in October declaring an increase of cyberattacks on “big game” targets. These are targets with money and sensitive information, willing to pay ransoms to restore their systems.

That doesn’t just mean local and state governments, municipalities and agencies. For instance, hackers often target businesses, hospitals, accounting firms and financial advisers for their data.

Additionally, businesses have to adapt and invest in security if they expect to succeed. The first of several security lessons: no one is too big or to small to get hacked.  Sensitive data is always in high demand. More importantly, dark web marketplaces, like Joker’s Stash, are always willing to sell it.

The Future of Cybercrime

Researchers warn that ransomware attacks will intensity in 2020. What’s worse, attacks are getting more sophisticated.

On the other hand,with the year coming to a close and a new one beginning, now is the perfect time to audit your IT infrastructure and verify it’s competency against these types of threats. Fortunately, 2020 will also see the rise of things like cyber insurance, AI and cloud-based security solutions.

Transitioning to a cloud-based solution, like a hybrid cloud,  might help industries across the board avoid scenarios like the ones in Louisiana.

You can read our article on how businesses can protect themselves from a cyberattack.

If you want to know more on cybersecurity news, the cloud, managed IT services and more contact us or visit our blog.

 

Top Security Tips for Safe Emailing

Not a day goes by without another phishing scam hitting the news. For many of us, these are just headlines. For the organizations and individuals affected however, a phishing attack can be disastrous. Phishing emails are increasing in frequency, sophistication and severity. How can you best stay protected?

Email threats

Criminals have realized that in order to steal money or information, you don’t need to rob a bank. A simple email will do the job just fine. Phishing emails have been used to steal huge amounts of money ($12 billion according to the FBI) and are responsible for countless data breaches, credential theft, ransomware attacks and other types of malware deployment.

What’s more, thanks to criminal activity on the Dark Web, it’s not only credit card details that are for sale – now full phishing kits are available, starting at around $25.

Most email threats fall into the following categories:

  • Simple scams
  • Phishing emails
  • Fraudulent emails

Simple scams: these range from the classic “you’ve won a competition” to “we’ve been recording you on your web cam” or “your account’s been compromised”. Generally, these are pretty harmless and easy to spot. They rely on emotions such as fear to trick a user into taking action.

Phishing emails: these are emails that purport to be from legitimate senders, yet are cleverly disguised fakes. They range from sophisticated Business Email Compromise (“BEC”) emails – where a fraudster targets someone specific in an organization pretending to be the CEO, for example – to more general emails pretending to be from Microsoft, Netflix, or any other well known organization.

These emails either get you to click a link or download a file – deploying malware onto your system – or direct a user to a fake website where they enter sensitive information.

Fraudulent emails: a subset of phishing emails, these emails target companies pretending to be from suppliers whose banking details have changed. Money is paid into the new account, and the fraudster rides off into the sunset.

Next, we’ll look at what exactly to look out for so that you don’t fall for any of these.

What to look out for

Here are the most important things to look for when checking if an email is legit:

Sender: start by looking carefully at the sender’s address. Not just who they say they are – but the actual address that the email is coming from. Check for any additional or missing letters (“@microsofts.com”), or even non-English characters that can be used to spoof well-known addresses. A common trick is the use of subdomains – don’t be confused by amazon.xyz.com.

Content: look out for anything that’s made to look urgent. Is the message addressed to you, or is it generic, like “Dear Sir” Mouse-over the links. Do they lead to the real company’s website? Asses what action the email is asking for: anything that requires you to “confirm your account” or “update your payment details” should be met with suspicion.

Be wary of any email that mentions voicemails that are waiting for you, or subscription details that need to be updated.

Advanced – header information: most popular email clients – including Gmail and Microsoft Outlook – let you see the original header information (in Outlook: File / Properties / Internet Headers). For more advanced users, going through these headers can give immediate clues as to whether an email is legitimate.

An important note: when it comes to emails, almost anything can be faked. When it comes to email phishing protection, a specific anti-phishing product is the best way to identify and stop phishing attacks. It’s also really important to stay aware, use a healthy dose of skepticism, and where possible confirm details with a phone call.

Staying Email Safe

By protecting your email, you’re taking a massive step in terms of keeping your entire organization protected against cyber threats.

A winning combination combines awareness, training, and tech-based solutions working together to keep you safe.

If you want to find out more about keeping your organization protected against cyber threats, don’t hesitate to get in touch.