Home/Tag: Microsoft Office 365

Microsoft Office 365

Cybersecurity Alert: Microsoft 365 Vulnerability Leads to US Treasury Breach

State-backed hackers use Microsoft 365 vulnerability to breach US Treasury

Reuters reported over the weekend that foreign state-backed hackers have breached Microsoft 365 accounts at the US Treasury Department, using their access to secretly monitor email accounts and email exchanges between the US Treasury and the National Telecommunications and Information Administration. The attack was extremely sophisticated and was able to bypass Microsoft’s authentication controls.

Microsoft has released guidance for how organizations can bolster security to attempt to avoid these attacks, and we suggest having your IT provider take a look at this document and make sure your organization is following the recommended best practices. In addition to Microsoft’s recommendations, here are 3 tools and tips to help protect both personal and business accounts from cybercriminals:

1) Set up Two-Factor Authentication (2FA)

Two-factor authentication is the one tool that provides the highest ROI in terms of protecting your accounts from unauthorized access. Microsoft has said that 2FA can prevent 99% of automated attacks on Microsoft 365 accounts, and a recent Symantec study found that 2FA would have prevented up to 80% of data breaches (of all types). If your organization is not currently securing all employee accounts with 2FA, then implementing it should be your top priority. You can also set up 2FA for most of your critical personal accounts (like online banking) in just a few minutes. In general, we recommend using an app-based solution like Duo or Google Authenticator rather than SMS-based text messages for both business and personal accounts. If you’d like to learn more about 2FA, you can check out our One-Minute Wednesday episode on how it works.

2) Improve your password hygiene

Never use the same password twice—if your password becomes compromised in a data breach, cybercriminals can (and will) attempt to use it on all your other accounts. For personal accounts, we recommend using a password manager (like LastPass) to help you 1) keep track of all your unique passwords and 2) create highly-complex, strong passwords. Good passwords should avoid using common words, uses as many characters as possible, and includes a variety of different character types (uppercase, lowercase, numbers, and special characters).

For business accounts, the best practice would be to implement Single Sign On, which allows you to use a single master username and password to access all your business applications, and then protect it with Two-Factor Authentication. You can learn more about SSO by checking out our recent article on it.

3) Learn to spot phishing scams

If you get an email claiming that one of your accounts has been breached and you need to login immediately, it is probably a phishing scam. Phishing is a type of attack where cybercriminals impersonate a person or organization you trust in an attempt to trick you into providing personally-identifiable information (PII) like passwords or credit card numbers. Phishing emails normally include a link to a malicious website or attachment.

The best way to avoid getting compromised is to know how to spot phishing emails. They often have misspelled words, involve a slightly misspelled website like (like microsoftsupport.ru or microsft.com), or include an urgent call to take action immediately. You can learn more about how to spot phishing emails by checking out one of our One-Minute Wednesday episodes on phishing. If you receive an email that seems suspicious, either delete it or forward it to the Anti-Phishing Working Group at phishing-report@us-cert.gov.

About TechMD

TechMD is an award-winning IT services firm that specializes in managed IT services in Orange County and Los Angelesmanaged cybersecuritycloud solutions, and strategic IT consulting. We are passionate about bringing enterprise-level productivity, scalability, and security to small and medium businesses.

December 15th, 2020|

Tech Talk: Working Remotely With Microsoft Teams

In this Tech Talk, we’re going to overview Microsoft Teams. Teams is the ultimate collaboration tool for your organization, allowing you to conduct chats, video calls and more. Let’s take a look!

Collaborating Effectively

Microsoft Teams enables effective company-wide communication through a series of special features. Some of the functionality it includes are video meetings, instant messages, and multi-user document collaboration. Different conversations are conducted around Channels, which organize chats by different topics or departments.

Channels

These channels themselves have some important tabs. The first is the Posts or Conversations tab, which acts as a central component to house the history of chats across a channel. So here, you can see the full thread of messages and files that have been shared.

Conversations Tab

Secondly, we have the Files tab, which lets you upload and collaborate on different documents without having to switch between individual apps or windows.

Files Tab

The Wiki tab is a place where you can store information or links that are relevant to the Channel.

Wiki Tab

You can also add custom tabs to each Channel, which combines both Microsoft and third-party apps. Customizing a tab means you’ll have the best apps on hand for even better communication and workflows for your different channels.

Custom Tabs 01

Custom Tabs 02

Lastly, Teams houses several tools in its sidebar menu. The Calls tab replaces your company’s phone system, allowing you to make internal and external calls from within Teams.

Calls

The Chat feature is a great way to have 1 on 1 discussions without the need for sending emails back and forth.

Chats

You also have the power to schedule and conduct meetings inside Teams with the Meetings Tab as well.

Meetings

And finally, the Files tab lets you quickly find and access files from OneNote, OneDrive, and SharePoint.

Files Tab

So overall, Microsoft Teams gives your organization the productivity boost it needs by centralizing all your communication and collaboration needs into one package. Thanks for checking out this Tech Talk and reach out to us if you have any questions about how to get started with Teams!

About TechMD

TechMD is an award-winning IT services firm that specializes in managed IT services in Orange County and Los Angeles, managed cybersecurity, cloud solutions, and strategic IT consulting. We are passionate about bringing enterprise-level productivity, scalability, and security to small and medium businesses.

July 20th, 2020|

Tech Talk: Five Reasons To Consider Microsoft 365

In this Tech Talk, Sebastian Igreti explores the top five features within Microsoft 365 that your business needs to know to defend itself from growing security threats and improve its productivity. Let’s dive in!

  • #1 – Online Protection With Exchange Online Protection, you get an email filtering service that guards you from malware hiding in emails and attachments. This also comes with ATP or Advanced Threat Protection, a cloud-based solution that monitors and pinpoints cybersecurity threats lurking in your inbox.
  • #2 – Mobile Device Management Mobile Management is a feature that contains a Bring Your Own Device Policy, which lets your employees use their own devices to access company data. Your team members can work on their personal phones, laptops, or tablets while connecting to company files without the worry of getting breached. This gives your company the convenience to work flexibly while getting a robust security perimeter.
  • #3 – Built-In Security Features With Azure Information Protection, you can control who can access sensitive content housed in documents and emails, while blocking outside users. Also, files like spreadsheets or Word docs containing information like credit cards and social security numbers are kept from being shared with Data Loss Prevention.
  • #4 – Windows 10 Pro Windows 7 is approaching its end of life, which means that in 2020, support will be lost and it’ll be time to move to the latest system. So included with Microsoft 365 is an upgrade to Windows 10 Pro. This also gives you Windows Autopilot which ensures that new devices are business-ready right out of the box and contain apps installed from the cloud.
  • #5 – Microsoft Teams Finally, Microsoft 365 for Business comes with Microsoft Teams, a communication tool that allows you to collaborate with coworkers via phone calls, meetings and individual or group chats. It’s available on PC, Mac, phones, and tablets, giving you the convenience to connect and collaborate from wherever you are.

In conclusion, Microsoft 365 is packaged with all the applications you need for effective IT security and helps your company’s success with great productivity tools. So feel free to reach out to us as you explore how Microsoft 365 can benefit your organization!

About TechMD

TechMD is an award-winning IT services firm that specializes in managed IT services in Orange County and Los Angeles, managed cybersecurity, cloud solutions, and strategic IT consulting. We are passionate about bringing enterprise-level productivity, scalability, and security to small and medium businesses.

June 30th, 2020|

Tech Talk: Windows 7 End of Life

Microsoft has recently announced that support for the widely-used Windows 7 will be coming to an end in January 2020. Join us on today’s Tech Talk as we dive into the steps your business will need to take to prepare for these upcoming changes.

Windows 7 Support Is Ending

The start of 2020 will mean the end-of-life for Windows 7 support, along with Microsoft Server 2008, Exchange 2010 and SQL Server 2008. The most important thing to be aware of is that software patches for all of these systems will cease. This is so important because without continued patch updates, those systems will remain susceptible to cyber security issues, increasing the chance that your organization will encounter a data breach or ransomware attack.

You might be wondering what steps to take? First, if your business has workstations running Windows 7 with computers that are three years old or less, we recommend upgrading them to Windows 10 before the deadline. For computers that are older than three years we recommend replacing them entirely.

Thankfully, the new Microsoft 365 package includes upgrade licenses from Windows 7 to Windows 10 Pro. So, if your organization is looking for a cloud solution and wants to beef up your security, you now have the opportunity kill two birds with one stone. Also, Microsoft is offering free extended support if you chose to transfer your server workload to Microsoft Azure.

With this knowledge, you can plan out to your strategy for the upcoming end-of-life for Windows 7. We at TechMD are committed to helping your organization stay up-to-date with ongoing changes and move your business forward. Feel free to contact us if you have any questions and have a great day.

April 9th, 2019|

Cybersecurity Alert: SharePoint Phishing Attack Targets Office 365 Users

New PhishPoint Attack May Be Affecting As Many As 10% of Office 365 Users

Recently we have been seeing a new phishing attack called PhishPoint that is targeting Office 365 customers. In this scam, cybercriminals are inserting malicious links into SharePoint files and then sharing them with potential victims, ultimately allowing them to steal Office 365 user credentials.

This attack is particularly insidious because it bypasses Office 365’s built-in security. Microsoft automatically scans incoming emails for malicious links and attachments, but a link to Microsoft’s own SharePoint Online platform wouldn’t raise any red flags with their system. Because the malicious phishing link is hosted in the SharePoint file rather than the email itself, is goes unnoticed by Microsoft’s email security.

How to Spot A PhishPoint Attack

In a PhishPoint attack, the target will receive an email that looks exactly like the standard SharePoint invitation to collaborate:

an example PhishPoint email

Clicking on the link will automatically open up a SharePoint file. This SharePoint file will contain content that looks like a standard request to access a OneDrive file. However, the link to “Access Document” is actually a malicious URL.

A malicious SharePoint file

Clicking on the SharePoint link to access the document takes the user to a spoofed Office 365 login page. When the victim enters their username and password, their credentials will be recorded and stolen by the hacker.

PhishPoint ultimately leads to a spoofed Office 365 login screen

How Can You Protect Yourself?

Like many phishing attacks, PhishPoint is designed to perfectly imitate aspects of the Office 365 experience in order to lull users into a false sense of security. Here are a few things to keep in mind:

  • PhishPoint emails are unsolicited and usually have a generic subject line like “
    [name] has sent you a OneDrive for Business file”. If you are not expecting a file share from someone in your office, take the time to verify the email’s legitimacy by calling the sender directly or, better yet, talking to them in person.
  • Many PhishPoint emails attempt to manufacture a sense of urgency by including words like ACTION REQUIRED or URGENT in their subject lines. Don’t let the sense of urgency put you in a hurry—take the time to look closely at emails like this before clicking on them.
  • Always check the URL when you receive suspicious links! In PhishPoint’s case, when you finally make it to the login page, you can tell that it is not associated with the Office 365 domain by looking at the address bar in your browser.

To learn more about how to spot phishing attacks, check out this helpful video. As always, make sure you stay alert and think before you click!

August 21st, 2018|

Tech Talk: Work Seamlessly with Office 365

Microsoft Office 365 includes a wide range of cloud applications that can revolutionize productivity, collaboration, and work mobility. In this Tech Talk, Sebastian Igreti tours Office 365 and discusses how it can transform the way businesses leverage the traditional Office software stack.

January 25th, 2018|