Blog

Don’t Be Fooled by Rising Extortion Emails

There has been a recent rise in extortion email scams purporting to have an embarrassing video of the recipient. The scammer threatens to send the video, or other embarrassing evidence, to contacts from your email address book unless you pay a fee to the scammer, usually with BitCoin. The truth is, in most cases, the scammer is just out for the money and has not actually hacked your computer or captured any information.

Image result for email

This trend is not new and is just the latest chapter in online email scams. However, there are some new aspects to this latest threat. The scammers are using publicly available databases of leaked information from high-profile data breaches such as LinkedIn, Yahoo, Equifax, and others. Private information including email addresses and passwords are out on the dark web and are now being included in these email scams to give the impression of credibility. If you see your password in an email threatening you, the hope is that you will react quicker. Don’t be fooled!

To read more about this, visit https://www.bleepingcomputer.com/news/security/beware-of-extortion-scams-stating-they-have-video-of-you-on-adult-sites/

Backups: Are you as safe as you think?

by Nick Volpe

Your data is only as good as the backup that protects it. Ransomeware, phishing, and user error are all risks to your data. We care about your business network, and we want to make sure that you are checking data backups daily. It is critically important that an appointed individual in your business is checking the backups daily and alerting your IT designee when issues arise. Backups are often the only means of recovery, specifically in the event of server failure, virus infection, accidental deletion or lost data, etc.

3-2-1 Backup Strategy

The 3-2-1 backup strategy is a key element in understanding a well-planned backup solution. It involves three functions: 3 copies of your data, 2 different mediums, 1 offsite.

3 Copies of Your Data

You should have no less than 3 copies of all of your data at any one time. One is the original data and the other two are backup copies.

2 Different Mediums

Keep your backups on different mediums such as a cloud-based backup and a local NAS storage device. That way, if the NAS dies, you have the cloud-based copy or vice-versa.

1 Offsite

Always keep atleast 1 copy of the data offsite at all times in the event there is a fire, flood, theft, or disaster, you have a copy somewhere else. The best option is cloud-based backup but even a NAS drive that is stored in another location is sufficient.

 

Contact US

Please take a moment now to find out how your backup is monitored and contact us to discuss your needs. If you are not 100% sure of where you stand or need a new strategy, call us.

Happy New Year

Happy New Year from all of us at IT Edge! We wish you success in 2018 and beyond.

What You Need to Know About Email Phishing

by Nick Volpe

Email phishing attacks are largely on the rise. We want to give you more information so you can protect yourself and your business.

What is it?

Email phishing is a method used by bad-guys to trick and bait email users into sharing confidential information or downloading malware to their computer. Usually, the email looks like it is from a legitimate or trusted sender in order to gain your trust in tricking you into action. In the earlier days, the most common phishing attempts were Microsoft emails and emails from package tracking companies informing you of an upcoming delivery. More recently, however they are using more sophisticated methods to tricking you into trusting the emails.

Spear Phishing

This type of phishing is a targeted attack. Generic phishing scams will send out thousands or millions of unsolicited emails to anyone and everyone. With spear phishing, the scammers will use more sophisticated methods to get specific information from a specific group. For example, a scammer may have gotten your email address from a compromised banking database. They can then use that information to send an email and spear phish your banking log-in information.

CEO Fraud

This is one of the biggest growing and dangerous threats. CEO fraud is a type of spear phishing where a scammer will spoof the email of a business leader or someone of authority in your company. They will request that someone else in the company, usually in accounting, wire money to a fraudulent bank account under the guise of a legitimate business transaction.

Ransomeware

Not so much a type of phishing, this is often the goal of a phishing scam. Often a scammer will send an email with an attachment or link to an infected file. That file will download, usually in the background, a ransomeware variant with the intent of encrypting data. A common example is a fake resume sent to an HR department. The HR rep downloads the Word document or fake zip file which then runs a macro infecting the computer/network with ransomeware.

What does it look like?

Here are some common phishing email examples:

Image result for phishing email    Image result for phishing email

What can I do?

  1. Check out this quiz from our partner to get some good practice with spotting common email phishing techniques.
  2. Make sure you change your email account password regularly with a very secure password using the following guidelines:
    • 12+ characters in length
    • combination of uppercase and lowercase letters
    • use multiple numbers
    • use multiple symbols
    • refrain from the use of dictionary words or guessable words or numbers like your birthday or dogs name
  3. Do not click on links in emails. Any reputable company will allow you to call them to confirm or type in their website address manually versus clicking a suspect link in an email.
  4. Do not reply to or compose emails with any confidential information.
  5. If an email looks legitimate but asks for something sensitive such as credit card information, social security information, or money wiring instructions, contact the person via other means. Email spoofing is a common tactic used to trick users into thinking the information is being sent in a safe and secure manner.
  6. Make sure your business or organization has an ongoing security awareness program for employees so that they are always on the look out for the newest threats.

Office 365: 4-step migration process

by Nick Volpe

Last time, I discussed the benefits of implementing Office 365 in your organization. In this article, I will explain the migration process to Office 365 from various mail system types.

Step 1: Planning and Scheduling

To have a successful migration, we need planning and a timeline. This is not typically something that can happen in 1 day. It takes a few days of planning and strategy. Not all migrations are the same and some have personality. However, we can generally plan around unexpected or unique cases.

To start, we will figure out exactly how many mailboxes need to be moved over. Then, we’ll get an idea of what devices need to be setup for email to calculate how much time the process will take. Exchange migrations are simplest. POP/IMAP migrations involve manually uploading through Outlook to the new account(s).

Step 2: Making Domain/DNS Changes

Once we have the timing figured out, we’ll login to the domain name registrar or DNS host to make the needed changes and “flip the switch” so to speak. This will start routing emails to Office 365 instead of your old mail system. The internet propagation takes a bit of time so we then typically wait a few hours. This is the quickest part of the process but is the most crucial.

Step 3: Migrate Emails

Coming from Exchange, we would have already begun this step in tandem with Step 2 but typically we would do a final push of data to the new service.  Coming from other mail systems, we would at this point, login to your computers and upload email data to Office 365 manually. This step also involves various tweaks so you don’t notice the difference. This includes setting email signatures, auto-complete history in Outlook, and adjusting Outlook settings appropriately.

Step 4: Wrap Up

In the final step, we will work with the client to get mobile devices configured for the new system and work on any follow-up tasks.  We will also evaluate if there are any new features that can be implemented to increase productivity and convenience like shared calendars or cloud file storage with OneDrive.

Office 365: The best way to do email in business

by Nick Volpe

Office 365Email is still a very important business productivity tool. Most businesses rely on it heavily for communication. In some cases, it’s an archive of information and interactions. Although it is a very old technology, the wheel is still being refined. IT Edge has been migrating clients to new and better email solutions to fit their needs since the 90’s. Office 365 is Microsoft’s cloud platform and software subscription service. We will discuss what the benefits are to moving your email service to it. In a future article, I’ll explain how the process works.

Benefits

Approximately 50,000 small businesses move to Office 365 each month. The numbers, and our experience, show that it is a very reliable and robust email solution. If you are currently on a basic POP or IMAP email service, the benefits should will be significant.  Are you using Microsoft Outlook or syncing your email to your iPhone or Android device? Exchange is a powerful mail system that will keep everything in sync.  It can handle gigabytes and gigabytes of emails and calendar data.  Plus, it is Microsoft hosts the service in its vast datacenters so you don’t have to worry about security and redundancy.

Exchange was designed around Outlook. Everything you love to do in Outlook will work, and in many cases, work better for you.  If you are one of the many companies that has an in-house Small Business or Exchange server, you will no longer have to worry about email outages when your server goes down or power outages.  With Office 365, if your internet or power goes out, hop over to your neighborhood Panera Bread or Starbucks and you are back in business.

Next Steps

Now that you know some of the benefits, give us a call to discuss more. Next time, I will explain the process of migrating. It’s not as bad as you think!

Recent Remote Access Security Concerns

Many of you use Microsoft VPN and/or Microsoft Remote Desktop products to connect directly with your PCs or servers. We have seen a dramatic increase in hacking attempts targeting both styles of connection. In light of these events, we are recommending that you take certain steps to safeguard against these attacks, thereby increasing your network’s security.

One of the best solutions available is Sonicwall’s SSL VPN client. The Sonicwall appliance handles the VPN authentication tasks, instead of your server. Your PC, laptop, iPad, iPhone, Android, Apple computer, etc. connects using a small, locally installed software client . Not only do you benefit from a more secure version of VPN encryption, but you also take advantage of multi-factor authentication by means of a separate user account and password for the VPN connection. SSL VPN credentials are separately maintained on the Sonicwall appliance and we encourage the use of unique passwords for a higher level of security. The Sonicwall router also allow us to restrict certain inbound traffic to commonly used business ports, by identifying a source address or source network. A good example of this is an on-premise Exchange server. We disallow all traffic inbound on port 25, unless the source of the traffic is coming from our SPAM and virus filtering solution.

Another way to address this issue is to move away from Microsoft VPN / Remote Desktop, and to a 3rd party service like GoToMyPC or LogMeIn. Experience has shown that most individuals prefer Remote Desktop over these products for a variety of reasons, including the speed of access to their business network. Ultimately, our goal is to increase security while maintaining functional access to business technologies that you currently use. If you do not own a Sonicwall, we can work with you to replace the existing firewall/router in your office to achieve these goals.

We’d encourage you to reach out to your account lead to discuss the particulars of your setup so we can accurately advise on the best way to handle your unique situation.

Client is Back in Business in Less Than 24 Hours After Major Ransomeware Attack

Client is Back in Business in Less Than 24 Hours After Major Ransomeware Attack

A small customer with a peer-to-peer server calls in on Wednesday 12/27 to advise he opened a virus and all of his data is encrypted and inaccessible. We connect remotely into the machine immediately and determine that he has not been checking his onsite backup and the last backup is from October 2015. On the same day, we get the server & backup drive back to our shop and install a new hard drive.  We then restored from the old 2015 full image backup so the system looks like it did back then. Luckily, the customer had done a backup of their accounting software recently and we were able to restore from the previous week. After carefully examining the infected drive, we were able to find the Outlook data file somehow did not get encrypted. We were at the customer’s location first thing Thursday morning to deliver the good news and had him fully operational by 9 AM.

It’s important that your IT provider can get you back up and running quickly when disaster strikes. We have the experience to support you quickly when needed most.

Keeping QuickBooks Enterprise in Tip-Top Shape

by Nick Volpe

Keeping QuickBooks Enterprise in Tip-Top Shape

If you are a user of QuickBooks Enterprise software, we suggest that you take a couple of quick steps on a regular basis in an effort to avoid data corruption issues. We have found over time, that QuickBooks data can become corrupt. By running the “Rebuild” function, you are having QB repair itself. The preferred steps are as follows:

  1. Get all other users out of QB
  2. Switch to Single User Mode
  3. Go to File > Utilities > Rebuild
  4. It will force you to make a backup, so please do so.
  5. When it’s done, go to File > Utilities > Verify Data

If that comes back with no errors, you are done. If you get errors, repeat the Rebuild and Verify functions. We have seen it take 2 rebuilds in some instances to fix things completely. We recommend running this weekly or worst case, monthly.

If you would like assistance, or have any questions, let us know and we’ll get it scheduled.

Set Up for Remax in Newtown

by Bob Kwiatkowski

Set Up for Remax in Newtown

IT Edge just finished the installation of a new file server and Active Directory domain controller for REMAX Properties, LTD. in Newtown, Pennsylvania. We’’ve been supporting this office since 1998 when we met Doug and Chris Terry for the first time. They are a terrific group to work with. Today, many of the software programs in use by the company are cloud-based solutions. However, there is a new SQL-based on premise application that required a significantly faster server than the office previously employed. Chris and I worked together to purpose-build a new Dell server that will fulfill the need over the next 5-6 years. In addition to the new program, QuickOffice, the new server took the place of the old, as the network’s Active Directory domain controller, Quickbooks server, and file server. We worked within time and budget constraints to complete the project and deliver and solution that adequately fulfilled a business’ need. All primary goals were met, including a tangible increase in performance for all network access to the server, specifically within the QuickOffice application. During the installation close-out, we installed a 48 port gigabit Netgear switch and 2TB Buffalo NAS to improve the overall speed of the network and provide in-house backup solutions, respectively.