Phishing Email Compromises Client’s Office 365 Email Account

By |2018-05-09T11:39:36-04:00May 9th, 2018|Office 365 & G Suite, Uncategorized|

Last week one of our client’s LinkedIn account and Office 365 email account was compromised by a phishing scam. An email was then sent from this user’s compromised Office 365 email account with the subject ‘John Smith has shared “CEO Emails” with you’ with a PDF attached containing a link to log into a Dropbox account to view this document. This email went out to all contacts this compromised user has ever emailed from their Office 365 email account.

Image 1

image 2

Some recipients who received the email and felt it was suspicious replied to the user’s email address, and the recipients received one more email confirming that in fact ‘It is legit. Please proceed to view in Dropbox’ from the user’s compromised mailbox. The hacker gained access to the user’s email and sent out reply emails confirming the Dropbox email to try and trick people to get more credentials. The hacker also added a rule to move all incoming emails to the delete folder. If you entered your information into the Dropbox screen it would tell you ‘please try again later, the services are down’.

image 2

image 4

One of these phishing emails were also sent to our E-Tech Helpdesk Ticketing System and we were in contact with the client right away. We reset the user’s compromised mailbox password and the user changed their LinkedIn Password. We increased the security and compliance to the next level, by enforcing two-factor authentication and enforcing password policy. We scanned this user’s computer for malware and viruses, but nothing was found. We confirmed that the malware/virus is quarantined at Office 365 cloud by generating anti-malware, anti-virus, and spam reports from Office 365 and confirmed no other mailboxes were compromised.

The best tips to avoid this type of Phishing scam are to:

  • Enforce password policy every 42 days
  • Enforce Password complexity (using symbols, capitals, numbers etc.)
  • Enforce Two-step Factor Authentication on both your personal and work emails
  • Open only Microsoft documents (Word, Excel, PowerPoint), and Adobe (PDF)
  • If you receive PDF or word document attachment, make sure it’s making sense to you and relates to your work (hover over the link first to see where it will take you, example: if its Dropbox it should say https://www.dropbox.com LinkedIn should be https://www.linkedin.com)
  • Avoid opening social media links attached in the email or inside PDF, or word document files
  • Pay attention to the sender email address that is in the ‘From:’ address box, and the domain that the email was sent from (hover over the email address, see if its legit, example: if its Dropbox it would say someone@dropbox.com if its LinkedIn it would say someone@linkedin.com)
  • Pay attention to the content of the email. If you see grammar mistakes, please confirm with the sender and mark this email as spam (instead of replying to the email you’re not sure about, call the user or email them in a new email thread)

Here are some links for more information on Phishing Hacks:

https://www.microsoft.com/en-us/wdsi/threats/support-scams

https://blogs.technet.microsoft.com/office365security/how-to-deal-with-ransomware/

https://dev.etechcomputing.com/how-to-identify-phishing-emails/

https://dev.etechcomputing.com/beware-phishing-scam-for-office-365-users/ 

Feel free to Contact Us for more information.

Recent Windstorm and the Importance of Having a Business Continuity Plan

By |2018-05-09T10:44:56-04:00May 9th, 2018|Uncategorized|

On Friday, May 4, 2018 there were major power outages due to the windstorm that hit Ontario and Quebec. Power outages and road closures continued for days after the storm. Gusts of wind between 90 – 110 km/hr knocked down many hydro lines, trees, damaged thousands of homes[1], and caused 3 unfortunate deaths[2]. As of Friday evening, Toronto Hydro reported 30,000 customers without power, Hydro One reporting 126,000 customers without power[3]. Even flights were grounded at Toronto Pearson International Airport and Billy Bishop Airport. No flights were allowed to land and no flights could take off[4].

This caused huge impact for some businesses that were operating last Friday. Some businesses were forced to shut down early and close its doors to customers. Whether they had no power or had part of their roof torn off, business was impacted for the day[5][6].

Every business must prepare for the worst. Those that don’t may never fully recover from a disaster. But not all disasters are created equal. And not all businesses are at risk for every kind of disaster but as we saw here in Toronto last week, severe windstorms do happen. It’s important to have a Business Continuity Plan in place for any kind of disaster including but not limited to: flood, fire, wind or thunder storm. Last Friday’s major windstorm didn’t impact any of our customers because of the redundancy of our managed services, we had ZERO outages.

A windstorm, of course, can force a business to have to relocate all its operations temporarily or be forced to shut down a few days. Below we have outlined the 3 Key Principles of a Business Continuity Plan:

  1. Get employees involved. Business Continuity Plans only work if everyone understands them. Employees are also a great source of ideas and insights about how your business might be affected by a disaster. Business must communicate Business Continuity Plans to employees regularly.
  2. Keep customers in the loop. Customers are the lifeblood of every business. They should be treated as such even during a disaster. Alerts on the company website, email broadcasts, social media and text messages to key contacts’ mobile phones are all good ways for a business to express concern about the impact of a disaster on its customers. That level of service can even help transform a disaster into an opportunity for greater long-term customer loyalty. Collaborate with suppliers. Businesses increasingly work in tightly interdependent networks of suppliers and partners. By working collaboratively with these third parties, businesses can make themselves even more resilient and well protected against disasters large and small.
  3. Periodically test and update Business Continuity Plans. It’s not enough to formulate a plan once and put it on paper. Assumptions about a plan should be validated with real-life testing. Plans also must be updated continuously to ensure that they accommodate changes in the business’s products, services, relationships, size, geographic reach, etc.

In conclusion, data backup is not enough. Many businesses think they’re safe just because they’ve backed up their critical files. The problem is that those files depend on applications and systems to be of any use to the business. That’s why, in the event of a disaster, it’s essential to be able to run applications on-demand from virtual machines backed up in the cloud.

Feel free to Contact Us for more information.

Total Data Protection Means Security

By |2018-04-06T13:13:27-04:00April 6th, 2018|Office 365 & G Suite, Uncategorized|

It turns out that Total Data Protection solutions have a “side effect”: they’re the ultimate security solution, too.

But don’t be too surprised. Total Data Protection platforms were conceived with laser focus on the challenge of ensuring your business data is always protected and continuity is always guaranteed. Malware, hacker attacks, and (most commonly) human error are simply three of many “disasters” they defend against.

Several technical factors come together to enable a Total Data Protection solution to be the fastest, safest way to return a breached environment to normal operation.

• It requires image-based backups that include all the business data plus your IT environment. • It combines use of on-site or virtual appliances and a purpose-built, secure cloud, always storing backup images in an archival format (ZFS) that is essentially invulnerable to malware. • It includes tools that let you pinpoint the moment of attack or infection • By using Inverse Chain Technology TM, it ensures that backup images stored before the attack are wholly uncorrupted End-to-end 256-bit AES encryption safeguards data in transit and at rest. • Security features such as encryption simplify compliance with regulations (e.g., HIPAA and PCI)

Thus, we address virus, ransomware and other attacks by rolling back your entire environment to the last uncorrupted backup image. A bare metal restore from our Total Data Protection platform guarantees a clean result.

While Total Data Protection is primarily for backup and business continuity, it also functions as a failover or secondary security backup. The way it functions, you’re able to turn back time. Which is a lot easier than relying on any other application or software to get back your uncorrupted data.

With E-Tech, Total Data Protection Means a New Level of Security. With us, you can:

• Implement image-based backups as often as your need dictates – and include your business data plus your IT environment • Pinpoint the moment you suffer an attack or infection • Roll back your entire environment to the last uncorrupted image • Enable rapid return to normal operations with only limited loss of productivity and downtime • Encrypt data in transit and at rest • Simplify compliance with regulations such as HIPAA and PCI

We Keep Your Business Safe!

Feel Free to Contact Us for more information.

>

Top 8 Google Drive Document Tips

By |2018-04-06T12:55:22-04:00April 6th, 2018|IT Support, Uncategorized|

Google Docs may not yet be the same class of word-processing heavyweight as Microsoft Word, but GDocs has a lot more functionality under the hood than most users suspect. Below, we outline eight secret word-processor weapons hiding within Google Docs.

  1. Take Cloud Files On-the-Go

Google Drive has made it easy to instantly pull up any files within your Drive from your Android or iPhone or tablet device. Just install the Drive app and anything in Drive on your desktop will also be available from your handheld device. The app allows you to view, move and edit documents, spreadsheets and presentations even when you’re offline. To set offline access up, simply download a local copy of any file in Drive to your smartphone with the Keep On Device setting.

  1. Protect Every Version of Any File

Google Drive maintains a version history of all the files in which you upload or create within the app—but only to a point. Older file versions are automatically deleted after 30 days or 100 revisions. This can be troubling for many business users. For example, what if you have a sales spreadsheet that is updated by multiple staffers every day? The way Drive is currently defaulted, you can easily lose a recent version of a document in short order.

Fortunately, there is a setting to fix this. You can mark individual Google Drive files to keep all the versions, no matter how old it is. This, of course, will have an impact on how much storage space you have in Google Drive. For this reason, you won’t find a global Drive setting to “keep all revisions forever”. For something like that, you need (ahem) a nice Google Drive backup product.

  1. Use templates to build professional-grade Docs

There are literally hundreds of prebuilt Google Docs templates available — for free — that can give your document a professional format and layout in a matter of mere seconds. Given that Google Docs goes out of its way to hide many of its powerful formatting features (so they don’t impede your actual work of writing), pre-built templates can save you the time otherwise wasted hunting down font, size and text format options. With GDocs templates, you can almost instantly spice up your invoices, resumes, and newsletters in efficient fashion, which keeps your document management fast and simple.

  1. Personalize documents with custom styles

If you’re ready to dive in and give your Google Docs a dose of your own personal style — or you have a marketing department or client who really has a thing about obeying brand guidelines — you can customize the default Google Docs styles to make brand-compliant titles, headings, and paragraph text. Therefore, every time you apply these styles, they’ll employ the same size, font, and basic formatting (bold, italic, etc.) as you’ve specified. Instant brand consistency and professionalism (so long as you don’t use Comic Sans).

  1. Auto-build tables of contents

Google makes it crazy-easy to automatically generate a table of contents for your long-form documents. So long as you’ve employed the heading styles to mark out the major sections of your document, Google Docs will programmatically generate a Table of Contents

— and you can automatically update that table of contents after every document revision. There’s no bigger time-saver for large Google Documents.

  1. Instantly translate an entire document

Many Google fans are aware of Google Translate, which automatically converts text from one language into another. This same functionality is available within Google Docs, allowing you to translate your entire Google Doc into any of 64 languages. While the translation may get a bit rough around the edges (sometimes comically so), auto-translated GDocs are generally readable and extremely convenient.

  1. Create academically- acceptable citations

Most of us are aware that you can open a new browser tab to do a search without closing your Google Docs tab, so the built-in Google Docs Research Pane is useful for you to properly cite your sources.

The Research Pane will directly cite any included link, quote or image with a footnote formatted

in MLA, or APA. Moreover, if you need to make sure that any included material is available via a free-for-use license, you can restrict your research result to that threshold of usage rights. If your document must conform to the strict rigors of academic publication, the Google Docs Research Pane may just be your new best friend.

  1. Add high-end functionality with add-ons

It’s all well and good that Google Docs can do some nice citations or programmatically translate into Spanish, but how do you add some good, old-fashioned Microsoft Word-level management functionality? Where’s my mail merge, my clip art, or my crazy complex tables? All these features (and more!) are hiding out as Google Docs add-ons from third-party developers.

Within a few clicks of the mouse, you can build crazy tables, drop in some free clip art, or initiate a mail-merge to your MailChimp email campaign with basic add-ons, and that’s before we talk about adding electronic signatures, Avery label templates or full-on mind-maps to your Google Docs. Add-ons close the gap between Google Docs and Microsoft Word in many areas.

With integrations to the likes of MailChimp, SmartSheet and WordPress, you can even out-do the old-school installed word-processor in a few areas.

Google Docs is not Microsoft Word, and that’s not a bad thing. While Google Documents is designed to make collaboration easy and document-creation simple, Microsoft Word has an everything-but-the-kitchen-sink philosophy of feature inclusion. Both approaches have their merits, but if you’d like to bridge the gap between GDocs’ minimalist excellence and MS Word’s maximalist options, these tips, tricks and hacks can make Google Docs an excellent solution in nearly every circumstance.

Feel Free to Contact Us for more information.

>

5 Web Design Trends

By |2018-03-13T10:29:12-04:00March 13th, 2018|Uncategorized|

Over 46% of people say that the design of an organization’s website is the number one principle in determining credibility. With nearly half of the public looking at your website to judge if you’re legitimate, it’s important to make a good first impression. With both technology and users’ preferences changing constantly, that’s not always the easiest thing to do. Here are the top 5 web design trends for websites designed today:

Striking Images
As monitors get larger and internet speeds get faster, many sites have begun to take advantage of large, high definition images. A popular trend is to use these photos as the backdrop of their home page or splash page.

This trend plays right into the hands of many non-profit organizations and small businesses. Shocking images are a great tool that many organizations use at fundraising events and on advertising on social media. If the first thing that viewers see on your website is a striking image paired with a call to action or mission statement, that message is likely to stick with them for the rest of their time on your site, and possibly even after they’ve left. (more…)

Title

ABOUT US

201 Consumers Road
Suite 204
Toronto, Ontario
M2J 4G8
(647) 361-8191

EXPERTISE

HELPFUL LINKS

E-Tech. All Rights Reserved 2024.

Accessibility by WAH
Go to Top