Google+ Changes: What you need to know

In December 2018, Google announced that the consumer version of Google+ is shutting down in April 2019.  As the usage lines between the consumer and business versions of Google+ have often been blurry, we want to clear up some of the confusion following the notices you may be getting from Google.

What is happening?
  • The consumer version of Google+ is going away.
    • If employees have setup Google+ accounts or communities not using their G Suite account, this content will be deleted.
    • If you have a Google+ circles or communities with “consumer” members, these users will be removed along with their content
  • You will no longer be able to create public communities outside of your G Suite domain.
  • The business version of Google+ is changing. You will no longer have pages, events, or the “tagline” profile field within the Google+ service.
  • If you cancel your G Suite service, all content in Google+ will be removed
What should you do?

The first step is to ask your users if they are using Google+ and, if so, how they are using the service.  If Google+ is not in use, no action is required.  If Google+ is in use, your next steps are determined by how you are using the service.

Google is updating the download tools for Google+ in March to include author, body, and photos for every post.  Once this is available, plan to download and save content you want to keep …

  • Posts from Google+ communities outside your G Suite Domain owned or managed by your users
  • Google+ Pages and Events of any type
  • Your Google+ tagline (download your profile)

In addition, you will want to:

  • Upgrade the Google+ Android app between Feb 22nd and March 7th.  After March 7, 2019, the current versions of the app will be unsupported.
  • Remove any Google+ gadgets from any classic Google Sites you may have
  • Have users opt out of the Google Play Services Public Beta Program to avoid issues with other Google apps, such as Email and Hangouts

As always, feel free to contact us with any questions.

 

Uncertainty

For 2019: Focus on Outcomes

UncertaintyAs we close out 2018, we reflect on a year that has been a bit of a wild ride.  For our customers, we clearly are leaving a period of sustained growth into more uncertain economic times. At the macro level, the economy shows competing signs of growth and contraction. Our political climate is less certain and predictable.

We Live in Uncertain Times

Economies and business climates vary by region. Taking a look at a non-scientific survey of businesses in central New England (Worcester Business Journal, Central Massachusetts Economic Forecast 2019, December 24, 2019), we get a pulse of where are are and where we may be going. We also see a new way forward for small and midsize organizations looking to weather whatever stormy or calm seas may be in our future.

  • Only 35% see the economy improving in 2019, while 65% see the economy stagnating or declining in the coming year.  This is a significant change from a year ago when 65% expected the economy to improve.
  • While the number of business leaders who believe the economy has improved over the past year is at 77%, the number of those uncertain of our current economic health more than doubled from 7% for 2018 to 15% for 2019.
  • On the positive side, the number of business leaders expecting to hire additional staff in 2019 jumped to 49% from 40% a year ago.
  • At the same time, 72% of those surveyed are “very concerned” about finding qualified talent to hire, a major increase from only 50% of hiring employers a year ago.

In short, we see the economy as having improved over the past year, but are uncertain what course it will chart in 2019.  Many of us plan on growing but are concerned about being able to find, hire, and retain the right people.

Charting a Course

Economic uncertainty can, and sometimes should, cause us to pause and re-evaluate our plans. We often see businesses reacting quickly and pulling the plug or delaying technology projects and changes. Often, these decisions make it more difficult for you to manage changes you want or need to make in order to adapt to a changing business climate. Here are some thoughts on evaluating technology decisions during changing or uncertain times.

  • Understand What is Possible
    2018 is the year in which Machine Learning, AI, and Bots came into the mainstream. These technologies can, when deployed properly, can improve operations, expand the productivity of your workforce, and mitigate operating costs.
  • Remember the Cloud
    Most small businesses have not yet fully adopted a cloud computing strategy. Cloud computing is a means to scale IT resources and costs to the size of your business without sacrificing features, capabilities, or security.
  • Focus on Outcomes
    Don’t worry about the technology, focus on the outcome. What do you want to achieve? What do you need to happen? How do you want things to be different after making a change? Understand and clearly define the endpoint, as this will drive how you define and manage the projects and changes that will get you from Point A to Point B. Let the outcome guide priorities and, subsequently, the technologies and changes needed to make a difference.
  • Balance the Quantitative and Qualitative
    Not all outcomes will have a specific dollar value.  When deciding on outcomes, consider the near-term and long-term value to your business. Employee engagement and satisfaction improves retention. Automating repetitive tasks improves productivity. Training and support improves morale and fosters innovation.
  • Consider All Opportunities
    “Cut to Survive” rarely works.  Look beyond quick hits and savings. Look for opportunities that: (1) reduce operating expenses; (2) improve team and individual productivity; (3) simplify your IT services; (4) differentiate your business in your markets; (5) help employees do their jobs better; (6) improve customer service and engagement; (7) empower team collaboration and innovation; and/or (8) help you better understand your business and the metrics that measure success.

Change, particularly in uncertain times, often come with increased risks. Deciding to invest or make changes is more difficult. Not doing anything, however, is a decision.  It is a decision to NOT actively manage how your business moves forward; it is a decision to let external forces determine your future. How you move forward may require more thought and analysis, but continue to move forward.


We are here to help!  Wondering how you can get more value from your current IT services, cloud solutions, or emerging technologies?  Contact us to schedule a complementary Cloud Advisor session. 


Drive-by Downloads

This post is part of our Cyber Threat Series.

The Challenge:

Drive-by downloads are exploit kits that download invisibly from infected websites. These websites may be malicious sites built for malware distribution or trusted sites infected by hackers. Many of these attacks take advantage of weaknesses in popular software and tools, including video players, Java, and Adobe Reader.

Downloads may install and run other malware or may themselves be malicious. Many drive-by downloads install cryptoware, or ransomware, that encrypts files and holds them for ransom.

What to Do:

User education and web protection are the best protection from drive-by downloads. Cyber-aware users understand the risks and can avoid malicious links and sites. Web protection can prevent unexpected downloads and malicious behavior from reaching your systems and users.

DNS protection and secure DNS services provide additional protection by preventing impersonation, hijacking, and domain level attacks.

 


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

Phishing and Spear Phishing

This post is part of our Cyber Threat Series.

The Challenge:

Cyber criminals prefer Phishing attacks. Phishing and Spear Phishing remain the primary vector for Malware attacks. Hackers evenly distribute attacks between two variants: Malicious Email Attachment (39.9%)  and Malicious Link (37.4%).

Leveraging human nature, phishing attacks look and feel like legitimate emails. Recipient often miss the cues that the email is fraudulent. We respond by clicking links to malicious websites, opening pictures or videos with hidden downloads, or opening infected attachments.

Advanced phishing attacks correlate public information from social media and pirated information from compromised systems to further personalize the attacks. These advanced attacks do a better job of hiding the malicious intent. As such, even savvy users fall prey.

What to Do:

The best protection is multi-level and multi-vector:

  • Teach your users about the risks and how they can help prevent attacks. User awareness leads to smart decisions on when to trust and when it’s safe to click.
  • Protect your devices with “Next Gen” endpoint protection. This includes your desktops, laptops, and mobile devices. Phishing attacks are usually platform independent and, therefore, trigger from most any email client or application.
  • Protect your email with an independent advanced threat protection (ATP) service. ATP covers inbound and outbound traffic.  ATP uses pre-analysis and testing of links and attachments for mismatched domains, copycat content, and malicious behavior. This “sandboxing” lets the ATP service block attacks from reaching your inbox.
  • Add a DNS and Web Protection solution to your environment.  Web protection blocks infected or fraudulent web sites, including blocking malware on infected sites we trust. DNS protection prevents hackers from corrupting and using your domain identities.
  • Deploy backup/recovery and continuity services that protect your on-premise and cloud data. Should an attack make it through your protections, you should be able to keep your business running while you clean up the damage.

Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

Brute Force Attack

This post is part of our Cyber Threat Series.

The Challenge:

Hackers use Brute Force Attacks to target a single service exposed to the Internet, including Remote Desktop, Outlook Web Access, and email services. Brute Force Attacks gain access by trying every viable access method or password.

Hackers use these attacks to access your data or to install other malware within your systems. Patient hackers space out attempts; they are difficult to notice or detect. When hackers rush, the impact can be similar to a DDOS attack.

Hackers can launch Brute Force Attacks externally or from malware-infected systems on your network. Internal attacks often target specific systems and vulnerabilities, such as SQL Server and SQL Injection vulnerabilities.

What to Do:

Require robust passwords; they are your first protection from Brute Force Attacks. Put controls in place to enforce best-practice password structure and expiring passwords can thwart an attack.

Deploy Multi-Factor Authentication. MFA creates and additional level of protection since a compromised password is not sufficient for access.

To protect against internal attacks, ensure systems run current operating system versions. Keep all systems current with patches and updates.

Deploy “Next Gen” protections to keep Brute Force Attack malware from making it onto your servers and clients:

  • Advanced threat protection (ATP) for email
  • Endpoint and mobile device protection
  • DNS security and protection
  • Web protection and filtering

 


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

Distributed Denial of Service Attacks

This post is part of our Cyber Threat Series.

The Challenge:

Cyber criminals can cripple your business without every breaching your security. By using systems and botnets, they blast garbage Internet traffic at your public IP address(es).  The Denial of Service Attack is distributed (hence the name) across many sources, making it more difficult to block.

DDOS attacks stop your Internet traffic. They block communications and access to applications and services. In some cases, DDOS attackers demand ransom payments to halt the attack.

What to Do:

Move your computing to cloud services. Google, Microsoft, Amazon, and other public cloud providers build their networks to prevent DOS attacks.  They have multiple entry points and routes to their services and manage multiple layers of DDOS protections.

Upgrade to “Next Gen” routers with improved DDOS protections. These routers can identify attacks and help reroute your Internet traffic around the attack.

Add an alternate Internet connection.  Having a second connection can allow your network traffic to circumvent the attack or can provide a failover connection when needed.

Maintain strong endpoint protection to prevent botnet malware from being installed on internal systems.

Subscribe to hosted DDOS services that can route traffic around, and prevent, DDOS attacks.

 


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

Hostile Network Probes and Scans

This post is part of our Cyber Threat Series.

The Challenge:

Hostile network probes and scans check your network devices and systems for security holes. Hackers and bots scan specific IP address for open and unsecured ports. While most scans come from the outside, hackers use malware to infect systems and probe networks from the inside. Once they find a security hole, hackers access information, install malware, or gain control systems.  Some probes look for specific vulnerabilities, others use brute force.

What to Do:

Close as many Internet-facing ports as possible across firewalls, routers, and other Internet-facing devices. Close ports on network devices that are not needed for internal communications. If a port isn’t open, it cannot be hacked.  

Avoid consumer-grade and low-end firewalls to protect your physical network.  Low-end devices lack features needed to protect your business. With advanced protection features and tools, “Next Gen” firewalls offer better protection from modern threats. With models designed for SMBs, you fill find these new solutions affordable.

Scan your network for vulnerabilities on a regular schedule. Finding problems before an attack is worth the effort and relatively low cost.

Configure alerts, when able, to notify you of potential risks.  While you and most SMBs cannot afford and do not need a network and security management system, you can configure many devices to send basic alerts by email. These alerts give you an early warning you can evaluate and manage.

Move to cloud solutions and hosting service providers and increase your cyber security profile.  Google, Microsoft, and Amazon depend on the security of their environment to earn and maintain the trust of customers like you. They staff security teams with thousands of experts, follow best practices, and deploy the most advanced threat protection technologies.  Your risk of a network scan or probe attack when using Google Cloud Platform, Microsoft Azure, or Amazon AWS is orders of magnitude less than running systems in-house.

 


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

Cyber Threat Series Overview

Protecting your network, systems, apps, data, and people is no easy task as the scope and variety of attacks continues to multiply.  You want and need to protection, but must make smart buying and decisions. Too little or too much means higher risk or unnecessary cost.

We see your business as a target not because we know cyber criminals have you in their sights, but because most cyber attacks throw a wide net and catch those who are unprepared. Appropriate measures to prevent, protect, and respond to cyber attacks has business value and should be part of your IT strategy and plans.

As a series of blog posts, this Cyber Threat Series intends to educate and inform. We will cover the types of risks and attacks and how to prevent them. We discuss solutions. We take a pragmatic approach that respects priorities and budgets.

Topics will include


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

Partner for Productivity

Partnering for G Suite Productivity

Partner for ProductivityG Suite is more than an email, calendar, and simple file sharing service.  G Suite is a productivity suite that serves as a platform for a range of tools that helps your team, and your business, work more effectively.

9 ways your team can be more productive with G Suite:

  1. Share Files, Not Copies:
    Stop sending attachments. Stop wasting time figuring out of the copy of the file in you inbox, on your local drive, or on a shared folder is the most current. Whether you use Google Docs for creating documents, spreadsheets, and presentations or you continuing using Microsoft Office, Google Drive and Team Drives serves your files rather than just sharing them.  People share via link, so all comments, suggestions, and edits are made within a single copy of the file. Versioning keeps this orderly and gives you the ability to look back and compare.
  2. Serve Files, Not File Servers:
    Use Team Drives and Drive File Stream to provide users with “explorer” access to files from Macs, PCs, and local software. Store files under central ownership and managed permissions; avoid performance and capacity problems with unlimited storage. Allow team members to work remotely and securely on computers, tablets, and mobile devices without VPNs and remote desktop services slowing things down.
  3. Communicate, Don’t Just Text:
    Most laptops now have microphones, speakers, and Bluetooth features similar to your smartphones and tablets. Have face to face conversations using Hangouts Meet instead of long email threads, phone tag, or text messaging. Communication is 55% non-verbal. Let you employees see and hear each other, your vendors, and your customers. You can share screens to live document reviews and discussions. Why pay extra for a conferencing service?
  4. Collaboration, Don’t Just Comment:
    True, Google Docs allow contributors to comment and suggest edits. You can also collaborate in real-time or as each participant is able. Version history lets you look back at who contributed, when, and where. You can name versions to track official revisions or specific working copies of documents.
  5. Schedule Productivity, Not Just Appointments:
    Your personal and shared calendars track your time as well as project or team activities. Resource calendars let you book rooms or any scheduled resource. Integrated with Hangout Meets, automatically include voice and video conferencing for the human touch. Integrated with Chrome for Meetings and you have 1-click video conferencing with screen sharing in your conference rooms.
  6. Manage Customer Relationships, Not Data:
    Integrated CRM applications, automatically pull person and company data into your CRM records and automatically track inbound and outbound emails with your prospects. Side panel gives you “pane of glass” access and context from within your Gmail inbox.
  7. Manage Communications, Not Data:
    Integrated sales and marketing tools, empower you team to better manage marketing, sales, and service communications without leaving your Gmail inbox.  Templates, mail merge, and tracking save time and energy as you drive your sales pipeline forward.
  8. Automate Tasks, Not People:
    Automate workflows and repetitive tasks, and build simple apps to boost productivity with AppMaker. The Low-code/no-code tool means you don’t need a cadre of programmers. Free up task time for more valuable activities.
  9. Protect Your Business; Not Just Data:
    Compliant archiving and e-discovery covers your email communications and your documents. Integrated solutions provide third party backup/recovery protection from accidental or intentional damage and loss. Cloud-to-cloud backup is less costly and requires less admin effort than traditional file server protection services.

Get the most value from your G Suite platform:

  • Verify you are on the right version of G Suite, with the capabilities that best meet your needs
  • Help your team learn how to use the G Suite apps to their fullest
  • Integrate 3rd party solutions for line of business needs, such as marketing, sales, and service

Please contact us for a free Cloud Advisor session to discuss getting the most value from G Suite.


 

Dark Web Threat Alerts

When Your Identity is on the Dark Web

Dark Web Threat AlertsAs a courtesy to our existing clients and prospective clients, we have been running complementary Dark Web Summary Scans of their domains. These summary scans let us know how many email addresses from each domain currently appear on dark web and identity theft websites. We can then perform a more detailed scan and analysis to identify the specific user identities.

The results are fascinating.

Of 200 domains recently scanned:

  • 87.4% had at least one potential identity compromised
  • The average number of potentially compromised identities is 41%
  • 16% of the companies had more exposed identities than users, indicating breaches occurred from multiple sources

What does this mean?

Just because employee@yourcompany.com appears on a dark web or identity theft site does not mean that the user account on your system has been breached.

It does mean, however, that a breach is likely. And, the more exposed identities for your domain, the greater the risk.

How does it work?

Chances are, your employees are using their work email address, employee@yourcompany.com, as their login identity for other systems.  These other systems are often work related services like Uber, Dropbox, online banking, credit cards used for business expenses, etc. Studies show that about 80% of people use the same or substantially similar passwords across systems.

If there is a data leak or breach at one of these third party services, hackers will test the identity on other systems.  If you have an employee whose email and password were leaked in one of the Dropbox incidents, for example, cyber criminals will test that email address and password, along with similar passwords, across common services like G Suite, Office 365, Facebook, LinkedIn, Instagram, and others.

A compromised identity on a third party service can easily lead to a breach of your systems.

What to do:

  • Get the Details:
    Get a detailed scan on your domain to clearly identify which user identities are exposed and at risk.
  • Mitigate Your Risk:
    Work directly with identified staff to reset passwords. Run additional scans on their systems for malware.
  • Communicate:
    Educate, train, and guide users on the risk of identity breach and how to avoid becoming a victim. Provide guidance, coaching, and policies around the use of company email addresses on other systems and best practices for password selection and management.
  • Challenge:
    Periodically test your employees using “honeypot” and “sandbox” methods to determine who is following best practices and who remains susceptible to attack.
  • Monitor:
    Monitor your domain, and personal accounts of key executives, for future issues and respond accordingly.

Next Steps

Your best next step is to contact us (email or web) to

  1. Request a detailed Dark Web Scan
  2. Discuss security education and testing services
  3. Setup on-going monitoring for your domain