Category: Cloud Solutions

Posted on

The Question You Never Want to Have to Ask

Why MFA Shouldn’t Be Optional

“Do you offer any help for decrypting files due to ransomware?”

This is a question we are asked with more frequency than ever before. And, sadly, it is often followed up with the information that their files were on “an internal server that was missed in the backup protocol by IT”.

Email phishing and brute force attacks are the most common methods cyber criminals use to get into your business network where they can set up to initiate ransomware attacks. The ransomware (malware) encrypts your data, which becomes unrecoverable without the decryption key. Usually, the only way to recover from a malware/ransomware attack is to rebuild systems and restore data from backups. If you have backups.

A “brute force” attack is typically used to get personal information such as passwords or passphrases, usernames, and Personal Identification Numbers (PINS). Scripts or specialized apps are used to carry out a string of continuous attempts to get the information desired. Cybersecurity researchers at Coveware analyzed ransomware attacks during the second quarter of 2021 and found that phishing and brute force attacks on unsecured desktops (remote and local) are among the most popular entry points for starting ransomware attacks. This is at least partly because it is relatively cheap and can be highly effective.

Phishing attacks are when cyber criminals send emails containing a malicious file attachment or hyperlink directing to a compromised website that delivers ransomware. Attacks against desktop logins include methods where cyber criminals use brute force to leverage weak or default usernames and passwords – or even get access because they got legitimate login credentials via a phishing email.

Software vulnerabilities and web-based application services are also among the popular vectors for delivering ransomware or exposing corporate networks to cyber criminals. While this type of attack is somewhat less frequent than the others, they are often leveraged by some of the most sophisticated and disruptive ransomware groups and nation/state bad actors.

  • Sodinokibi – also known as REvil – is responsible for some of the most high-profile ransomware attacks this year, including the massive ransomware attack on customers of Kaseya.
  • Contij – one of the most high-profile attacks by the group was the attack against the Irish healthcare system. Healthcare services across Ireland remained disrupted for months.
  • Avaddon – ransomware distributed via phishing emails.
  • Mespinoza and Hello Kitty are new forms of ransomware recently identified.

All of these have a common purpose in that they take advantage of weaknesses in security and exploit phishing tactics to lay the foundation for an attack on your network and possibly others.

Keeping systems updated, applying security patches and application software updates is an important aspect to keeping things secure. Known vulnerabilities can be exploited to gain access to the network, so keeping up with updates as the vendor supplies them has become more important than ever.

To help protect networks from being compromised, businesses should also apply multi-factor authentication (MFA) to desktop and applications.

MFA is an important tool to help stop intruders from breaching accounts and gaining access to the corporate network, and it can be the difference between keeping your data safe and working or discovering your files are digitally encrypted and completely unusable. Data encryption changes the data into code, and only the decryption key can read the code and return the data to a useable form. If you don’t have the key, the data typically cannot be decrypted.

Cyberattacks continue to evolve in their sophistication and frequency, and consequences of such attacks are growing. Private companies and public agencies alike must adapt their security techniques and embrace new security technologies while providing more end-user education and training.

Mendelson Consulting and NOOBEH Cloud Services take security very seriously and we have the experience and expertise to assist businesses with transforming their operations to be more efficient and effective. Our cloud team works exclusively with private tenant accounts on Microsoft Azure, and offers MFA security and other solutions to protect local and remote resources, helping keep your valuable information safe and available when you need it.

“How can we get started?” is the question you should be asking.

jm bunny feetMake Sense?
J

Posted on

Considering Cybersecurity as Cloud Work Expands

When the pandemic forced many business users to move to remote work, it also forced the network security “boundary” to expand greatly and with great speed. Companies quickly adapted their tools and work so that it could be done somewhat effectively even as the employee working environment changed.  But new security models to match with new working models have not as quickly been adopted.

Business cloud workloads grew, by some estimates, as much as 20% just in the first 6 months of 2020. Yet many of those businesses electing to bring cloud working models to their business also made of the mistake of not expanding their security as they expanded the cloud network. This leaves systems and information vulnerable. Phishing, ransomware, credential theft and web app attacks have increased, catching businesses in their vulnerable states.

“In April to June of 2020 alone, security incidents increased by 188%.”

Even more than on-premises systems, it was the external cloud-based data and applications that were under attack because so many companies expanded their use of cloud services without enhanced security as part of the plan. Any expansion to include the cloud as network also significantly increases security risks. One report found that 35% of businesses made their cloud storage openly accessible to the public, allowing anyone to access it via the internet.

Don’t let your critical information be exposed or put at risk. When you begin using a cloud service, make sure to also address security for the new working mode or it could lead to lost or leaked information or a system breach.

Mendelson Consulting and NOOBEH cloud services take security very seriously. We help our clients keep their applications and data working properly and have a focus on methods to keep information safe regardless of what cloud you work on.

jm bunny feetMake Sense?

J

1 ( https://duo.com/blog/growing-security-safely-in-canada )

Posted on

It’s Not Easy Being Small – Thoughts on the Disruption and Rethinking Business Priorities

The global pandemic has been the source of disruption to business and personal lives for over a year now and businesses have found that, regardless of the challenges they face, business must continue.

With operations and supply chains strained and positive cash flow at a premium, companies everywhere are focusing on the fundamentals while enabling work-from-home and distancing mandates. COVID-19 has, in many ways, become the event that is forcing many businesses (and entire industries!) to rethink how they operate, and to look to transform their global supply chain models.

A fact that can’t be argued with is that the pandemic has exposed where many businesses are vulnerable, being heavily dependent on supplies of raw materials or finished products that are no longer readily available.

What’s also been exposed is the lack of agility in business I.T. infrastructure, as operations struggle to find ways of continuing operations with reduced personnel or users working from various locations and finding that their systems aren’t really helping in those efforts.

“Supporting small manufacturers has probably never been more important that it is now”, said a panelist at the “National Conversation with Manufacturers” session hosted by the National Institute of Standards and Technology’s Hollings Manufacturing Extension Partnership (NIST MEP). While larger companies are certainly impacted by what’s happened this year, small manufacturers face the challenge of running a company with a smaller available base of resources, technology and supporting tools.

“The conversation’s participants represented very small manufacturing companies with fewer than 20 workers. They all recounted a mad scramble over the past six months. First, they had to figure out whether their operations were essential enough to stay open under their state-mandated shutdown orders.

Then began the efforts to keep their workers safe, implement cleaning regimens, source protective materials, respond to public health protocols that evolved during the pandemic, determine what emergency support they qualified for, and go through the steps to access funds. All of this was being done with a small staff that needed also to continue getting product out and deal with obstacles to normal operations. Hurdles included delays and disarray in the supply chain, disruption in cash flow, with both account receivable extensions and overnight changes in credit terms, shipping impediments and customers still expecting on-time deliveries.”

https://www.nist.gov/blogs/manufacturing-innovation-blog/sometimes-its-not-easy-being-small-manufacturer?utm_medium=email&utm_source=marketingcloud&utm_campaign=

To add to the troubles, disruptions in global trade with China have created significant impact in supply chains worldwide. Companies who rely on direct and secondary suppliers in China are currently experiencing significant disruption, and this is likely to continue. But it isn’t just China… countries around the globe are experiencing challenges with having enough personnel, materials and technology to deliver their goods.

For so many years, businesses have focused on optimizing their supply chains to minimize costs, reduce inventories, and increase asset utilization. This streamlining has also removed the buffers and the flexibility to absorb disruption. COVID-19 has shown that many companies aren’t aware of their vulnerability when supply chains suffer from a global shock of some type.

So, how can organizations respond to the immediate challenge?

There are steps that businesses can take to help address the changing conditions facing businesses today, and a major item that should be addressed is the alignment of IT systems and support to evolving work requirements. Further, enhancements in operational systems should be made to illuminate the extended supply network and enhance inbound materials visibility, and a new focus on production scheduling agility as well as evaluating alternative outbound logistics options should be approached.

NOOBEH’s cloud solutions have been the foundation for business continuity and operational support throughout these difficult times.

We’ve helped companies around the country implement Microsoft Azure cloud servers where they are able to run their entire operations. From order entry, manufacturing, inventory management, pack and ship, and through to accounting and finance – businesses run their applications, integrations and services that allow them to keep the business operating even with reduced personnel or as their users are forced to work from home. OneDrive and SharePoint file storage, and TEAMS for closer collaboration and simplified access to information, helps hybrid working models and distributed workgroups stay in step with projects and business goals.

As a Microsoft Cloud Solution Provider, Mendelson Consulting and NOOBEH provide and administer Microsoft 365 and Azure services, enabling us to more closely manage the licensing and computing platform to make sure it works in the best possible way for your business. With NOOBEH managing your services, you get predictable performance at predictable costs, allowing your business to operate without interruption or subscription overages.

As the past year has proven, life is unpredictable. Let Mendelson Consulting and NOOBEH help your business implement the cloud services and technologies that will give your organization the ability to adjust to changing conditions because you’ll have the most agile IT platform available.

jm bunny feet

Make Sense?

J

Posted on

Where in The World is Your Data?

Where in the World is Your Data? Even better.. where would you like it to be? In a datacenter near you? In a datacenter far away from you? Maybe you’d like your production system nearby, but backups stored on the other side of the country. Or perhaps you want redundant systems on each coast as well as something somewhere in the middle.
With Microsoft Azure as your platform, you have all the choices in the world, literally.

Microsoft Azure is the platform of choice for businesses of all sizes, offering virtualized infrastructure and services that can be tailored and tuned to meet the unique needs of any organization. No longer tied to on-premises infrastructure, companies find that they can implement better and more comprehensive solutions because they have the agility to adapt systems to immediate needs while retaining the ability to adjust as conditions change.

With Microsoft Azure and Microsoft 365 Services, NOOBEH enables businesses to focus on transformation and improving efficiency, not the IT that supports it.

NOOBEH cloud services, part of the Mendelson Consulting team, sets up Azure infrastructure and manages it for their clients. Business users focus on getting their work done, not on the IT supporting it. NOOBEH QuickBooks on Azure services give small and medium size businesses the most flexible and resilient infrastructure available to run all their desktop and network applications.

Because QuickBooks is rarely a standalone solution, NOOBEH QuickBooks on Azure services have no limitations on what add-ons, extensions, integrations or other applications the business may need to use. All the software a business needs can be deployed on the platform, allowing the company to keep its information systems and assets secure, fully-managed and available when and where they are needed.

While NOOBEH uses Azure platform and Microsoft 365 services to continue to deliver new capability for private sector users, Microsoft is advancing innovation in the delivery of connected services and computing power for private and government sector users wherever it is needed. Azure Modular Datacenters represent a partnership that delivers computing and communications capacity anywhere in the world… and beyond.

Microsoft Azure Modular Datacenters and SpaceX

The Azure modular datacenter is basically a “data center in a box”. It comes with everything needed to deliver computing capacity anywhere in the world.

“We designed the Azure Modular Datacenter (MDC) for customers who need cloud computing capabilities in hybrid or challenging environments, including remote areas. This announcement is complemented by our Azure Space offerings and partnerships that can extend satellite connectivity anywhere in the world. Scenarios range from mobile command centers, humanitarian assistance, military mission needs, mineral exploration, and other use cases requiring high intensity, secure computing on Azure.”

https://azure.microsoft.com/en-us/blog/introducing-the-microsoft-azure-modular-datacenter/

It has power and everything else it needs, and now it also has the connectivity needed, even when there is no (zip, zero) infrastructure. Microsoft has partnered with SpaceX, using SES satellites to bring Internet connectivity to remote areas.

“We can connect via satellite links any element on the Earth to another point on the Earth..”

https://arstechnica.com/information-technology/2020/10/microsofts-new-data-center-in-a-box-will-use-spacex-starlink-broadband/

They’re calling it part of “a multi-orbit, multi-band, multi-vendor” approach to connectivity. That’s pretty cool, if you ask me.

It takes the whole bookkeeping in bunny slippers philosophy of “work when and where it works for you” to an entirely new level.

Make Sense?

jm bunny feet

J

Posted on

Update your Mac to keep getting Office application updates

Microsoft’s upcoming November 2020 update has some direct impacts to users running macOS, especially if running macOS 10.31 or earlier. As of November 10, 2020, existing Microsoft 365 for Mac users running macOS 10.13 or earlier will not receive any further Office application updates. If the machine is upgraded to macOS10.14 or later, updates will be allowed to proceed on that computer.

With the Microsoft 365 for Mac November 2020 update, users running macOS must be running 10.14 Mojave or later in order to continue to receive updates for Office applications, and any new installs of Microsoft 365 for Mac will require macOS 10.14 or later.

Word, Excel, PowerPoint, Outlook and OneNote are the applications included which will no longer receive updates – including security updates – if the macOS they’re running on is too outdated.

Among the benefits of using Microsoft 365 is that the software is always kept up to date, including enhancements and new features as well as security and safety updates that help keep the software (and the associated data) more secure. You may continue with the older version of macOS, and your Office applications will continue to work. But losing out on updates not only keeps you from benefitting from the most current capabilities of the software (and getting full value from your subscription), but it also puts your security and compliance at risk.

Microsoft 365 applications are continuously updated with new features, connected services and enhancements to security. Modern operating system platforms are necessary to support some of these improvements, requiring users to update their computer operating systems as well as the applications running on them. With the Microsoft 365 November update, Mac users need to be running one of the three most recent versions of macOS to keep their Office applications recent, too.

Make Sense?

J

Posted on

Office 2013 Loses Support for Commercial Office 365 Services

If you’re not on a subscription for your Office desktop applications, you may lose access to your email box and other services.  Why? Because Microsoft announced that, effective October 13th, 2020, Office 365 services (like OneDrive, Hosted Exchange and more) will only support client connectivity from subscription clients or perpetual clients with mainstream support.

Basically this means that Office 2013 is about to be no fun any more.

You won’t be able to use Office 2013 Outlook to connect to your Microsoft-hosted Exchange mailbox, and your Word and Excel won’t connect to OneDrive.  If you are with a hosting provider who supplies your Office licenses as part of the service, cross your fingers and hope that it isn’t Office 2013. It will be pretty frustrating if your Outlook suddenly has problems accessing your Microsoft-hosted mailbox.

Like many other products, a lot of the functionality in the desktop software has been turned into web service and the Microsoft Office applications are a great example. With cloud connectivity being the focus, desktop solutions are more frequently leveraging online resources to extend and expand their capabilities. This also means they’re more frequently turning from one-time software purchases to subscription service.

After October, Microsoft’s ongoing investments in the Office 365 cloud services – including Exchange Online, SharePoint Online, and OneDrive for Business – will be made based on “post-Office 2013 requirements”.  Now is the time to migrate your Office 2013 to Microsoft 365 Apps (formerly Office 365 ProPlus). We highly recommend this move anyway, so businesses can take advantage of using their Office applications seamlessly on Azure servers as well as their local PC desktops and mobile devices.

Users of Office 2016 and Office 2019 have a little more time before their software no longer supports the cloud services. That end date is currently October 2023. You can find the support lifecycle site for Office mainstream support dates here.

It isn’t that Microsoft plans to actively block older Office clients from connecting to Office 365 services. It’s just that older applications may have performance or reliability issues when they try to connect to the constantly-updated cloud services.  Increased security risks are certain and users may even find that they are no longer compliant with certain requirements. The big thing is that Microsoft support will likely not be able to resolve issues related to unsupported connections.

The days of buying software once and running it forever are just about over.

Developers have recognized that cloud services can expand and enhance their solutions in ways that static local installation can’t. For many businesses, it becomes easier and ultimately more efficient to migrate to subscription service for IT platform and software. Azure cloud servers, for example, allow businesses to always have modern infrastructure that is more fault tolerant and agile than on-premises hardware.

Combing these benefits with software that is cloud-connected and always up to date means the business never faces lost productivity or revenues due to outdated systems or lost compatibility with newer solutions.

Make Sense?

J