Categories
Industry Insights IT Solutions Managed IT Services

Microsoft 365 Accounts Hit by Millions of Password Thefts

Microsoft 365 accounts hit by millions of password thefts due to phishing emails disguised as tax-related alerts.

These cyber-attacks tricked users into handing cyber criminals their usernames and passwords.  These phishing attacks aim to trick users and steal their passwords by disguising malicious emails.

The disguise can include notifications from the IRS or Revenue Canada, reset Microsoft 365 passwords from Microsoft, and many others.  The end result is they are after password thefts.

Recently, Barracuda Networks detected a cyber-attack attempt to steal user passwords. This specific threat was designed for Microsoft 365 users and to lure victims claiming to be tax forms or other official documents.

If unsuspecting users clicked the link, they would download and open the malicious document.  Once the document opens, a macro PowerShell would launch in the background while the victim views the document.

Tens of millions of people have been affected by these phishing emails and password theft is increasing as hackers are constantly shifting their goals and strategies.

Ransomware is still a large threat as well as password stealers that are appearing in phishing emails, and browser extensions.

Your security is only as strong as your weakest link.  For a quick security review, feel free to watch our Security Awareness User training video.

Our video will cover phishing, malware, complex password, two-factor authentication, secure connections, and public WiFi.

Our complimentary network and security assessment can put your IT infrastructure and business to the test.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry-leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Categories
Industry Insights IT Solutions Managed IT Services

Quick Security Awareness User Training

Your security is only as strong as your weakest link therefore we are offering a quick security awareness user training video.

In this quick security awareness user training, we will be touching on the following areas:

  • Phishing includes email messages, websites, and phone calls that are socially engineered to steal money and other private information. Cybercriminals may email you, call you on the phone, or convince you to download something from a website.
  • Malware is malicious software including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.
  • Password and the importance of using strong complex passwords. The use of strong passwords can slow and stop various cyber-attack methods.
  • Two Factor Authentication is an extra layer of security that requires not only a password and username but also something that the user has on them including a text verification code.
  • Secure Connections includes browsing the internet. If you browse the internet, you should be aware of HTTPS as it shows secure communications between your browser and the website are encrypted.
  • Public WIFI is great but they are also a very desirable spot for hackers as it requires no authentication to establish a network connection and can give unfettered access to your device.


365 iT SOLUTIONS is committed to providing our clients with the latest technology and security solutions.  This quick security awareness user training video will help organizations and users stay safe however it should be part of an ongoing user training awareness policy.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry-leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Categories
Industry Insights IT Solutions Managed IT Services

Stolen Data Increased by 164 Percent Within Six Months

According to the global Breach Level Index, stolen data increased by 164 percent within six months. This should be an eye-opener for organizations regarding security.

A large portion of the breached data came from the 22 largest data breaches and involved over one million records. Over 59 percent of all breaches had an unknown or unaccounted number of compromised data records.

That is alarming since more than 9 billion data records have been exposed since 2013 of publicly disclosed data breaches.  The number will be much higher considering what was not registered.  Another major concern is that less than 1 percent of the compromised data used encryption to protect the data.

The Breach Level Index (BLI) is a global database that tracks data breaches.  The BLI measures severity based on multiple factors including the number of records compromised, the type of data compromised, the source of the data breach, how the data was used by hackers, and whether the data was encrypted.

Here are some of the numbers when considering your network security against data breaches:

  • Cybercriminals made up 74 percent of data breaches
  • Only 13 percent of the breaches were compromised of stolen, compromised or lost records.
  • Inside threats made up 8 percent of all data breaches
  • Over 74 percent of all data breaches involved accounting files

What industries are affected the most?

According to the Breach Level Index (BLI), Education was one of the largest increases in breaches as it was up 103 percent in 2017 compared to 2016.  Healthcare came in at a close second with a 423 percent increase in stolen, lost or compromised data records.

Our complimentary network and security assessment can give you the whole IT picture and how to protect your business.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry-leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Categories
Industry Insights IT Solutions Managed IT Services

365 iT SOLUTIONS voted ‘Top IT Service Provider of 2018 in Greater Toronto Area’

365 iT SOLUTIONS has been awarded the ‘Top IT Service Provider of 2018 in Greater Toronto Area’ honour by Top Choice Awards for excellence in its industry.

Collecting reviews and opinions of thousands of customers annually, Top Choice Awards taps into its social media channels to help power the survey and to reach a wide demographic audience.

“We would like to thank all our clients for years of trust and commitment. We treat all our clients as family and their IT infrastructure is mission-critical to our tech support team. In order to deliver our clients the best-in-class service, we continue to invest in training and tools to provide proactive management of their networks,” said Razmig Sagharian, president, 365 iT SOLUTIONS.

“The Top Choice Awards recognize organizations and business leaders committed to their clients, service, and reputation. 365 IT SOLUTIONS is a leading managed IT services provider as well as a cloud-services provider in Toronto.  Our attention to detail, corporate values, and client satisfaction helps our clients navigate the ever-changing world of technology,” said Enzo Logozzo, director of sales and marketing, 365 iT SOLUTIONS.

Top Choice Awards recognize a select number of organizations who have demonstrated business excellence in delivering and helping clients.  They look at areas of client experience, business growth, and reputation within their geographical area.

For more information about Top IT Service Provider of 2018 in Greater Toronto Area, please visit Top Choice Awards.

About 365 iT SOLUTIONS

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry-leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.  We service over 75+ Toronto based organizations with worldwide presence including over 1,600+ corporate users. Out tech support and project team bring value to the table by identifying actionable items proactively.  We bring a broad range of capabilities to the SMB market including human capital, business strategy with technology, operations, innovation and technology that are aligned with our clients’ needs and business goals.  All this has resulted in business insights that can help generate a tangible and measurable impact.

Top IT Service Provider of 2018 in Greater Toronto Area

Categories
Industry Insights IT Solutions Managed IT Services

Windows 7 and Windows 10 will slow down

Microsoft has warned that many Windows 7 and Windows 10 will slow down with the recent patches and updates.

Microsoft stated that Windows 7 including Windows 8.1 systems will run slower after receiving and installing the crash updates designed for the Meltdown and Spectre security vulnerabilities.

Windows 10 systems will slow down also, but the changes will be very limited to milliseconds unless it is a newer system.

The Meltdown and Spectre security vulnerabilities affect mostly Intel processors but also some ARM and AMD chips.

Microsoft has released the security updates to fix the issue in the operating system as well as Intel released security updates for its microcode processor.

The security updates have changed the way Windows operating system accesses the system’s memory therefore affecting the user’s experience and performance depending on the age of the system.

If you have an internal IT department or managed IT services provider, these patches have or will be installed on your systems.  If you have not received the security patches already, you should check your antivirus to ensure it is not blocking the updates.

Microsoft has stated it will not deliver the Meltdown and Spectre security patches if systems are running third-party antivirus programs that are not compatible with Microsoft Windows.

Unfortunately, Windows 7 and Windows 10 will slow down.  If the performance degrades, the only option is to replace the system.

For more information on Meltdown and Spectre, see the full article – How to Protect Against New Security Flaws Meltdown and Spectre

Our complimentary network and security assessment can give you the whole IT picture and how to protect your business.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry-leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Categories
Industry Insights IT Solutions Managed IT Services

How to Protect Against New Security Flaws Meltdown and Spectre

Due to the release of Intel’s vulnerability, you need to know how to protect against new security flaws Meltdown and Spectre.

The new security flaws called Meltdown and Spectre give hackers the ability to exploit a feature of on computer processors “speculative execution.”  Speculative execution is when a CPU performs an action before it necessarily needs to be done resulting in getting things done as fast as possible.

Unfortunately, this feature will also allow hackers to run code without proper permission. This may also allow and potentially see anything your computer is doing.

The meltdown security flaw exploits Intel x86-64 processors specifically and can be protected against with operating system-level security updates and patches.

The spectre security flaw represents a complex sophisticated attack that could work on virtually all processors and may be impossible to completely protect against in software alone.

How to Protect Against New Security Flaws Meltdown and Spectre?

The meltdown security flaw will require an update to your Windows operating system.

Microsoft has pushed out emergency updates through its Windows Update system. Windows 10 operating system is available now and Windows 7 and Windows 8 updates will be available next week.

Apple has not released an update or comment on a fix for macOS.

If you work with a managed IT services provider, this should have taken place already or be scheduled to maximize uptime and security.

Ensure your browser is updated and secure.

 

Google Chrome

Google is releasing Chrome 64 on January 23rd and it will have updates to help protect against these exploits.  Good news is that Chrome already has a feature called “Site Isolation” that can help protect but it is disabled by default as it will affect performance.

If you want to turn on Google Chrome Site Isolation, please do the following:

  • Type chrome://flags/#enable-site-per-process into your Chrome browser bar
  • Select the box next to “Strict site isolation”

Firefox

If you use Firefox version 57 and up have a quick fix that reduces the ability of websites to gain access to the precise timing details that would be required to execute an attack.

All details on how to fix it can be found here.

Apple Safari

Apple has not offered a fix to the issue nor made any comment. Until Apple addresses the issue, it is strongly recommended that you use Chrome or Firefox until Apple issues an operating system update.

Internet Explorer and Microsoft Edge

Microsoft will address these within the operating system update release.

Our complimentary network and security assessment can put your IT infrastructure and business to the test. Our tools will ensure you are safe as well as show you how to protect against new security flaws meltdown and spectre.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry-leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

 

Categories
Industry Insights IT Solutions Managed IT Services

IT Outsourcing Percentage Tops Five Year High

A recent study has found that IT outsourcing percentage tops five year high as organizations increase the amount of work they are awarding to managed IT service providers.

The study covers many different IT areas, but the overall message is that successful organizations are choosing to use certain IT outsourcing skills from third parties, so they can focus on mission-critical skills in-house.

IT Outsourcing percentage tops five year high and here are the key findings from the Computer Economics IT Outsourcing Statistics study to prove it.

  • Large sized organizations have grown their IT outsourcing budgets from 6.3% to 8.7%.
  • Medium-sized organizations have grown their IT outsourcing budgets from 4.7% to 6.5%.
  • Small sized organizations have grown their IT outsourcing from 6.7% to 7.8%.
  • Help desk or tech support is one of the largest percentage of work being outsourced to third party managed IT service providers.
  • The IT functions with the greatest potential for successfully reducing costs through outsourcing are help desk, desktop support, disaster recovery, and data center operations.
  • Managed IT services providers have the advantage of economies of scale and can offer cost savings.
  • The report has shown that IT security, disaster recovery, application maintenance, and database administration can have the largest growth over the next 5 years.

The reason behind the growth come down to that IT outsourcing offers better quality of service, access to the latest applications, and access to a team of IT specialists.

IT Outsourcing will also cover the following concerns for organizations:

  • An organization does not want the overhead of hiring In-house IT staff
  • An organization does not want all their information with one person if they leave
  • An organization wants employees to do the job they are hired for to increase ROI.
  • Networks and security are becoming more sophisticated and complicated.
  • An organization wants to leverage the latest It management and tech support tools.
  • An organization has a project that requires a more technical expertise.

Our complimentary network and security assessment can put your IT infrastructure to the test and show you why IT outsourcing percentage tops five year high.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry-leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

 

Categories
Industry Insights IT Solutions Managed IT Services

Holiday Gifts That Are the Most Hackable

Tis the season to know which holiday gifts are the most hackable.  Find out how to protect yourself from cybercriminals.

According to McAfee, they launched their third annual Most Hackable Holiday Gifts list.  This list helps consumers identify potential security risks associated with popular gifts this holiday season.

The survey also identifies consumer habits and behaviors as they get ready for the holiday shopping season.

Holiday Gifts That Are the Most Hackable 1.1

Here are the stats on what consumers think about security this holiday season?

  • 69% of consumers understand that security is a necessity for electronics.
  • 22% of consumers believe that connected toys require security to protect privacy.
  • 29% of consumers believe that drones should be protected.
  • 56% of consumers believe digital assistants need to be secured.
  • 91% of consumers understand that it is important to keep their identity safe.
  • 53% of consumers take necessary steps to implement online protection.
  • 16% of consumers believe that the manufacturer built-in security is enough.
  • 22% of consumers know they need to put security measures and precautions in place but they, unfortunately, do not how to protect themselves.

These alarming stats show the importance of consumers to conduct research into their smart and connected devices that comes with built-in security settings and not rely on the default manufacturer settings.

Holiday Gifts That Are the Most Hackable 1.2

What are the holiday gifts that are the most hackable?

Smart Devices – This includes laptops, smartphones, and tablets as these are traditional targets for hackers if they are not properly secured and protected from malicious threats.

Drones – These hot Christmas items are expected to top $1 billion in 2017 however they are a large security concern as there are drone jacking and fake Wi-Fi signals to take control.

Personal Digital assistants – Another hot item as these device-based assistants can help your household, play music, and much more but there are microphones that are always listening for a wake-up command including cameras.

Connected toys and appliances – Toys keep getting smarter and appliances keep getting more connected.  Cybercriminals are on the attack and very vulnerable to cyber-attacks who target microphones, location-based services, and leaked information.

How do you protect the holiday gifts that are the most hackable?

  1. Think before you click – Hyperlinks are the easiest cyber-attack to compromise your device and you should be skeptical if you receive a link or other solicitation that you are not expecting.
  2. Update your software – Another simple step, keep your software up to date. Most manufacturers are proactive to close security gaps but you have to stay up-to-date to ensure you have the latest versions.
  3. Public Wi-Fi is not safe – Cybercriminals are known to deploy fake Wi-Fi so they can be given visibility into your browsing habits and personal information. You should never use public Wi-Fi for online shopping or banking.
  4. Be smart and do your homework – It would be nice but not all manufacturers take security seriously, so it is important to research if there have been any reported security vulnerabilities before purchasing.
  5. Protect your home network – Make sure all devices in your house are connected and secure. There is always someone looks for gaps in security.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry-leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Categories
Industry Insights IT Solutions Managed IT Services

What are Whaling Attack Threats and Protection?

This is an engineered attack based on human behaviour and it is important to know what are whaling attack threats and protection.

This is extremely important as whaling attacks have been growing and it should be discussed with your team.

Whaling Attacks are considered a social engineering hack technique and rely on the human element to bypass technology.

What is a WHALING ATTACK?

A whaling attack is a targeted attack on an organization. The goal is to steal sensitive information and/or financial information. A whaling attack usually targets senior management including CEO, CFO, or other executives who have complete access to sensitive and/or financial data. The goal of a whaling attack is to trick an executive or employee into revealing information including personal data, corporate data, or financial data.

WHY ARE WHALING ATTACKS SUCCESSFUL?

Whaling attacks are engineered to use fraudulent emails that appear to be from trusted sources to try to trick victims into divulging sensitive data over email or visiting a spoofed website that mimics a legitimate business.  They tend to ask for information such as payment or account details.

Example: The real email is “asmith@20.151.77.169” and the fake email is “asmith@365itsolution.com”

What are Whaling Attack Threats and Protection (2)
What are Whaling Attack Threats and Protection (2)

What are some EXAMPLES OF WHALING ATTACKS?

Whaling attacks can be difficult to identify as many companies have fallen victim to these attacks in recent years including Snapchat. A senior employee was tricked into revealing employee payroll information. Seagate also provided requested W-2 forms for all current and former employees.

These are two tech companies and even they were not safe as once again this relies on the human factor.

How do you protect from WHALING ATTACKS?

Here are four simple ways to prevent a whaling attack on yourself or your organization.

  • Educate Staff – All team members should be educated about the effects of whaling attacks and how to spot them. The training should include common specifics such as phishing attacks like spoofed sender names, unsolicited requests and attachments, or spoofed hyperlinks.
  • Keep It Private – Executives and upper management try to keep information private including personal information, birthdays, hobbies, friends, and addresses. All this information can be used for a whaling attack and the best way to protect is to use privacy restrictions on your information.
  • Verbally Verify – This one is free and one of the most effective processes. If an employee receives an email requesting funds, they should get a verbal confirmation from the contact also. This should be a documented internal process as well as a training process for employees.
  • Protect Your Data – It is important you discuss with your IT department or managed IT services provider your disaster recovery plan. These are critical in recovering and the last line of defense against whaling attacks.

All cyber crimes should be reported to Royal Canadian Mounted Police (RCMP).

If you are asking what are Whaling Attack Threats and Protection? You should talk to your IT department or managed IT services provider to get a full scope of your risks.

Our complimentary network and security assessment can put your IT infrastructure to the test.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry-leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

 

Categories
Industry Insights IT Solutions Managed IT Services

Hackers Use TeamViewer to Gain Access to Your Computer

Does your IT department or managed IT services provider use TeamViewer?  The latest security threat is that hackers use TeamViewer to gain access to your computer.

TeamViewer has a critical security vulnerability discovered in the software that could allow hackers to gain access to a computer sharing a desktop session.  This security vulnerability will give them the ability to gain complete control of the system without permission.

TeamViewer is a popular remote-support software that allows to securely share your desktop or take full control of other systems over the internet.  The software is simple as the client (presenter) and the server (viewer) must have the software installed as well as the correct secret authentication code to access the desktop.

This security vulnerability affects all TeamViewer versions no matter what operating systems. This will include Windows, macOS, and Linux systems.

TeamViewer users are recommended to install the patched versions of the software as soon as they become available. Patches will be delivered automatically to those users who have configured their TeamViewer software to receive automatic updates.

TeamViewer acknowledges the critical security vulnerability and they will push out a hotfix as soon as possible this week. It is strongly suggested that you upgrade your TeamViewer as soon as possible. TeamViewer patches will be delivered automatically is your automatic updates setup.

Click here for TeamViewer website.

Is your organization safe from cyber-attacks? Our complimentary network and security assessment can put your IT infrastructure to the test.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.