Tag: small business

Posted on

The Question You Never Want to Have to Ask

Why MFA Shouldn’t Be Optional

“Do you offer any help for decrypting files due to ransomware?”

This is a question we are asked with more frequency than ever before. And, sadly, it is often followed up with the information that their files were on “an internal server that was missed in the backup protocol by IT”.

Email phishing and brute force attacks are the most common methods cyber criminals use to get into your business network where they can set up to initiate ransomware attacks. The ransomware (malware) encrypts your data, which becomes unrecoverable without the decryption key. Usually, the only way to recover from a malware/ransomware attack is to rebuild systems and restore data from backups. If you have backups.

A “brute force” attack is typically used to get personal information such as passwords or passphrases, usernames, and Personal Identification Numbers (PINS). Scripts or specialized apps are used to carry out a string of continuous attempts to get the information desired. Cybersecurity researchers at Coveware analyzed ransomware attacks during the second quarter of 2021 and found that phishing and brute force attacks on unsecured desktops (remote and local) are among the most popular entry points for starting ransomware attacks. This is at least partly because it is relatively cheap and can be highly effective.

Phishing attacks are when cyber criminals send emails containing a malicious file attachment or hyperlink directing to a compromised website that delivers ransomware. Attacks against desktop logins include methods where cyber criminals use brute force to leverage weak or default usernames and passwords – or even get access because they got legitimate login credentials via a phishing email.

Software vulnerabilities and web-based application services are also among the popular vectors for delivering ransomware or exposing corporate networks to cyber criminals. While this type of attack is somewhat less frequent than the others, they are often leveraged by some of the most sophisticated and disruptive ransomware groups and nation/state bad actors.

  • Sodinokibi – also known as REvil – is responsible for some of the most high-profile ransomware attacks this year, including the massive ransomware attack on customers of Kaseya.
  • Contij – one of the most high-profile attacks by the group was the attack against the Irish healthcare system. Healthcare services across Ireland remained disrupted for months.
  • Avaddon – ransomware distributed via phishing emails.
  • Mespinoza and Hello Kitty are new forms of ransomware recently identified.

All of these have a common purpose in that they take advantage of weaknesses in security and exploit phishing tactics to lay the foundation for an attack on your network and possibly others.

Keeping systems updated, applying security patches and application software updates is an important aspect to keeping things secure. Known vulnerabilities can be exploited to gain access to the network, so keeping up with updates as the vendor supplies them has become more important than ever.

To help protect networks from being compromised, businesses should also apply multi-factor authentication (MFA) to desktop and applications.

MFA is an important tool to help stop intruders from breaching accounts and gaining access to the corporate network, and it can be the difference between keeping your data safe and working or discovering your files are digitally encrypted and completely unusable. Data encryption changes the data into code, and only the decryption key can read the code and return the data to a useable form. If you don’t have the key, the data typically cannot be decrypted.

Cyberattacks continue to evolve in their sophistication and frequency, and consequences of such attacks are growing. Private companies and public agencies alike must adapt their security techniques and embrace new security technologies while providing more end-user education and training.

Mendelson Consulting and NOOBEH Cloud Services take security very seriously and we have the experience and expertise to assist businesses with transforming their operations to be more efficient and effective. Our cloud team works exclusively with private tenant accounts on Microsoft Azure, and offers MFA security and other solutions to protect local and remote resources, helping keep your valuable information safe and available when you need it.

“How can we get started?” is the question you should be asking.

jm bunny feetMake Sense?
J

Posted on

It’s Not Easy Being Small – Thoughts on the Disruption and Rethinking Business Priorities

The global pandemic has been the source of disruption to business and personal lives for over a year now and businesses have found that, regardless of the challenges they face, business must continue.

With operations and supply chains strained and positive cash flow at a premium, companies everywhere are focusing on the fundamentals while enabling work-from-home and distancing mandates. COVID-19 has, in many ways, become the event that is forcing many businesses (and entire industries!) to rethink how they operate, and to look to transform their global supply chain models.

A fact that can’t be argued with is that the pandemic has exposed where many businesses are vulnerable, being heavily dependent on supplies of raw materials or finished products that are no longer readily available.

What’s also been exposed is the lack of agility in business I.T. infrastructure, as operations struggle to find ways of continuing operations with reduced personnel or users working from various locations and finding that their systems aren’t really helping in those efforts.

“Supporting small manufacturers has probably never been more important that it is now”, said a panelist at the “National Conversation with Manufacturers” session hosted by the National Institute of Standards and Technology’s Hollings Manufacturing Extension Partnership (NIST MEP). While larger companies are certainly impacted by what’s happened this year, small manufacturers face the challenge of running a company with a smaller available base of resources, technology and supporting tools.

“The conversation’s participants represented very small manufacturing companies with fewer than 20 workers. They all recounted a mad scramble over the past six months. First, they had to figure out whether their operations were essential enough to stay open under their state-mandated shutdown orders.

Then began the efforts to keep their workers safe, implement cleaning regimens, source protective materials, respond to public health protocols that evolved during the pandemic, determine what emergency support they qualified for, and go through the steps to access funds. All of this was being done with a small staff that needed also to continue getting product out and deal with obstacles to normal operations. Hurdles included delays and disarray in the supply chain, disruption in cash flow, with both account receivable extensions and overnight changes in credit terms, shipping impediments and customers still expecting on-time deliveries.”

https://www.nist.gov/blogs/manufacturing-innovation-blog/sometimes-its-not-easy-being-small-manufacturer?utm_medium=email&utm_source=marketingcloud&utm_campaign=

To add to the troubles, disruptions in global trade with China have created significant impact in supply chains worldwide. Companies who rely on direct and secondary suppliers in China are currently experiencing significant disruption, and this is likely to continue. But it isn’t just China… countries around the globe are experiencing challenges with having enough personnel, materials and technology to deliver their goods.

For so many years, businesses have focused on optimizing their supply chains to minimize costs, reduce inventories, and increase asset utilization. This streamlining has also removed the buffers and the flexibility to absorb disruption. COVID-19 has shown that many companies aren’t aware of their vulnerability when supply chains suffer from a global shock of some type.

So, how can organizations respond to the immediate challenge?

There are steps that businesses can take to help address the changing conditions facing businesses today, and a major item that should be addressed is the alignment of IT systems and support to evolving work requirements. Further, enhancements in operational systems should be made to illuminate the extended supply network and enhance inbound materials visibility, and a new focus on production scheduling agility as well as evaluating alternative outbound logistics options should be approached.

NOOBEH’s cloud solutions have been the foundation for business continuity and operational support throughout these difficult times.

We’ve helped companies around the country implement Microsoft Azure cloud servers where they are able to run their entire operations. From order entry, manufacturing, inventory management, pack and ship, and through to accounting and finance – businesses run their applications, integrations and services that allow them to keep the business operating even with reduced personnel or as their users are forced to work from home. OneDrive and SharePoint file storage, and TEAMS for closer collaboration and simplified access to information, helps hybrid working models and distributed workgroups stay in step with projects and business goals.

As a Microsoft Cloud Solution Provider, Mendelson Consulting and NOOBEH provide and administer Microsoft 365 and Azure services, enabling us to more closely manage the licensing and computing platform to make sure it works in the best possible way for your business. With NOOBEH managing your services, you get predictable performance at predictable costs, allowing your business to operate without interruption or subscription overages.

As the past year has proven, life is unpredictable. Let Mendelson Consulting and NOOBEH help your business implement the cloud services and technologies that will give your organization the ability to adjust to changing conditions because you’ll have the most agile IT platform available.

jm bunny feet

Make Sense?

J

Posted on

Building A Solid Foundation for Business Cybersecurity

The cybersecurity threat landscape has changed dramatically in the last few years. No longer primarily a big-business concern, cybersecurity has become a key focus of businesses small and large. Attacks on SMBs are on the rise, perhaps because they represent a plentiful and often easy target. And the cost of damage and disruption to business just keeps going up.

Cybersecurity is not a problem you can simply throw a bunch of money and tools at to fix.

No matter how much great software or fancy systems you implement, the people will always be a big part of the equation. The root cause of over half the data breaches reported is a result of negligent employees or contractors.

That means that nearly half of all attacks are being executed through phishing or social engineering. The only tool you can apply to this problem is education. Efforts should be focused on security awareness and training workers to be more cautious to the point of almost being paranoid. Better to be safe than sorry in this case.

Training workers to be more careful as they work with emails, documents and websites is part of it, but there is much more to making sure the business is addressing the entire cybersecurity issue. NIST (National Institute of Standards and Technology) offers a wide variety of information and guides that businesses can use to learn more about and implement cybersecurity practices. Among these resources is the Cybersecurity Framework.

According to NIST, “the Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes.” It is a highly useful tool in helping the business align and prioritize activities with business requirements, risk tolerances and resources. The standard framework includes elements that are consistent and common across sectors and critical infrastructure, so it can be oriented to any business.

Even if the business is not prepared to delve into the details of a comprehensive cybersecurity policy and guideline, a basic outline and approach cannot be avoided without asking for disaster.

Putting this squarely into the Risk Management category, there is an ongoing process of identifying, assessing, and responding to risk situations or conditions. To manage the risk, businesses need to consider the likelihood that an event will occur and what the potential impact is as a result.

Knowing the acceptable level of risk for reaching the business objective is the risk tolerance. If a business understands its risk tolerance, the company can prioritize cybersecurity activities and make informed decisions about cybersecurity expenditures.

There are five key functions to consider as it relates to cybersecurity risk: Identification, Protection, Detection, Response and Recovery. How the business addresses each of these in the context of the systems and activities is essentially the business’s cybersecurity posture, a high-level and somewhat strategic view of the organization’s management of cybersecurity risk.

The key to building a solid foundation for  business cybersecurity practice is to establish a platform where all the business applications and data can be identified and access secured.

User desktops, productivity applications, operational software and business data can be hosted on private cloud servers, allowing the business to fully-manage data and application access. The server-based model reduces or eliminates the need to sync data to devices, and remote desktops keep user environments secure, patched and up-to-date.

Our consultants can’t write your cybersecurity policies or determine your risk tolerance, but we can help implement a solution that improves fault tolerance, resilience, and recovery.

Make Sense?

J

Posted on

Office 2013 Loses Support for Commercial Office 365 Services

If you’re not on a subscription for your Office desktop applications, you may lose access to your email box and other services.  Why? Because Microsoft announced that, effective October 13th, 2020, Office 365 services (like OneDrive, Hosted Exchange and more) will only support client connectivity from subscription clients or perpetual clients with mainstream support.

Basically this means that Office 2013 is about to be no fun any more.

You won’t be able to use Office 2013 Outlook to connect to your Microsoft-hosted Exchange mailbox, and your Word and Excel won’t connect to OneDrive.  If you are with a hosting provider who supplies your Office licenses as part of the service, cross your fingers and hope that it isn’t Office 2013. It will be pretty frustrating if your Outlook suddenly has problems accessing your Microsoft-hosted mailbox.

Like many other products, a lot of the functionality in the desktop software has been turned into web service and the Microsoft Office applications are a great example. With cloud connectivity being the focus, desktop solutions are more frequently leveraging online resources to extend and expand their capabilities. This also means they’re more frequently turning from one-time software purchases to subscription service.

After October, Microsoft’s ongoing investments in the Office 365 cloud services – including Exchange Online, SharePoint Online, and OneDrive for Business – will be made based on “post-Office 2013 requirements”.  Now is the time to migrate your Office 2013 to Microsoft 365 Apps (formerly Office 365 ProPlus). We highly recommend this move anyway, so businesses can take advantage of using their Office applications seamlessly on Azure servers as well as their local PC desktops and mobile devices.

Users of Office 2016 and Office 2019 have a little more time before their software no longer supports the cloud services. That end date is currently October 2023. You can find the support lifecycle site for Office mainstream support dates here.

It isn’t that Microsoft plans to actively block older Office clients from connecting to Office 365 services. It’s just that older applications may have performance or reliability issues when they try to connect to the constantly-updated cloud services.  Increased security risks are certain and users may even find that they are no longer compliant with certain requirements. The big thing is that Microsoft support will likely not be able to resolve issues related to unsupported connections.

The days of buying software once and running it forever are just about over.

Developers have recognized that cloud services can expand and enhance their solutions in ways that static local installation can’t. For many businesses, it becomes easier and ultimately more efficient to migrate to subscription service for IT platform and software. Azure cloud servers, for example, allow businesses to always have modern infrastructure that is more fault tolerant and agile than on-premises hardware.

Combing these benefits with software that is cloud-connected and always up to date means the business never faces lost productivity or revenues due to outdated systems or lost compatibility with newer solutions.

Make Sense?

J

Posted on

Cloud for Small Business: Gain Hardware Independence

Small businesses tend to approach their business IT in terms of the tangibles.. the hardware and software they can see and touch.

The desktop PCs where the programs are installed, the server in the back room where the files are stored, and the backup that goes offsite (tapes? discs? usb drives?) is the stuff most small business owners think of when asked about the computing technology they use. This view isn’t very comprehensive when it comes to considering the costs of purchasing and maintaining IT in the business, yet it identifies a major problem with the typical small business IT approach.

The problem is the dependency on the hardware and the reliance of the small business on the operation of individual computers.

The solution to this reliance on on-premises hardware? The cloud.

The solution to the problem isn’t centered on using web-based applications. The real solution to this small business IT problem is cloud platform, like Microsoft Azure. When businesses deploy a private cloud server they get solution that allows them to run all their desktop and network applications and store their data on a virtual platform that isn’t tied to any particular piece of hardware in the office.

Microsoft Azure offers virtual computing resources, managed and secured on Microsoft’s hardware in Microsoft datacenters. Rather than purchasing and maintaining hardware on-premises, business can deploy virtual networks and servers on the Azure platform. This makes the systems far more versatile and resilient than would be affordable to do otherwise. Surprise server hardware failures become a thing of the past, and buying ahead for possible future needs is no longer required because the systems can be upgraded on demand.

Businesses still need desktops where users access their programs and data, but the “desktop” can be a cloud desktop rather than the local PC desktop.

Remote desktops on the cloud server keeps software licensing and business information securely stored on the cloud server rather than being resident on user computers where it is more easily compromised. Users may still browse the internet and do other things with the local PC desktop, but using the cloud desktop for business applications and data means that just about any PC could safely be used for work.

When applications and data are managed on-premises, it makes changing servers or workstations a big deal. 

Changing desktops or servers means that software must be uninstalled and reinstalled, data must be migrated and user profiles and permissions may need to be recreated. When the cloud server is where users get their desktops, computer workstations become interchangeable because nothing is really installed on them other than the connection to the cloud desktop. This is also why traveling laptops and home computers become more secure for business use, because the applications and data are really running on the cloud server and not on the local device.

The cloud platform provides what the business needs without the lock-in to on-premises hardware or SaaS/Web-based software.

Rebuilding servers due to hardware failures, upgrading systems to handle future growth or replacing aging hardware all contribute to the unpredictable cost of managing and maintaining on-premises computer systems. SaaS and web-based software solutions lock-in data and lock-out many future options, yet they don’t address user desktops and the rest of the applications and data the business needs.

Rather than risking outages and lost productivity, businesses are finding that running their systems on a managed cloud platform provides more stability and consistent performance for a reasonable and more predictable cost. Desktop and server software licensing is able to service multiple locations when installed on a cloud server, and workers at home can access the tools to be just as productive as they are in the office (maybe more).

Make Sense?

J

Posted on

Windows Server 2012/R2 Not Aging Well, Loses Support for Microsoft 365 Apps

Lots of people loved (and continue to love and use) Windows Server 2012/R2. This Windows Server release introduced several new and improved features that made it a cornerstone of business and service provider networks worldwide. Notable improvements in virtualization with Hyper-V, along with improvements in storage, networking, remote access and server administration features, made 2012/R2 a necessary upgrade from the 2003 and 2008 versions still present in many networks.

Sadly, even though Release 2 (R2) for Server 2012 was largely a new OS due to its features and capabilities, it did not receive a new lifecycle end date and instead inherited the end dates for 2012 version. And an extended lifecycle end-date doesn’t guarantee extended usefulness or compatibility.

Windows Server 2012 began with mainstream support on October 30, 2012 and that mainstream support ended in January 2018, including for R2. Extended support for 2012/R2 goes through January 2023, but that is only if you are paying for Software Assurance for your licenses.

During this period where extended support may still be available for the OS, there is no guarantee that it will remain as a supported platform for your application software. An example of this is the Microsoft Office 365 Apps suite formerly known as ProPlus. The Office 365 apps, which include Outlook, Word, Excel, Powerpoint and more, are staples of business users worldwide. These applications are no longer supported on Windows Server 2012/R2.

Microsoft 365 Apps ended support on Windows Server 2012/R2 on January 14, 2020.

Innovative features and functionality continues to be released for the Microsoft 365 Apps and Microsoft needs to know that the platforms running the applications will work properly with those innovations. As the software is improved and new capabilities introduced, stability and performance issues can plague the install when it is running on older or unsupported operating systems.

Microsoft has pointed out that any Microsoft 365 Apps updated to version 2005 or later will result with functionality and stability problems because there are changes that are specifically not compatible with Windows 8 and Windows Server 2012.

The pace of change is increasing no matter what industry you are in. With technology adoption rates rising faster than ever in all sectors, business owners cannot rely upon outdated systems if their operations are to remain competitive. Application software as well as the operating system platforms it runs on must be regularly updated in order to provide the reliable performance and useful functionality demanded by today’s business users.

jmbunnyfeetMake Sense?

J