Latest IT Solutions News | Wizard IT | It Services Auckland https://wizard-it.co.nz/ Keeping Your IT Solutions Real Sun, 19 May 2019 22:58:21 +0000 en-US hourly 1 Protect Against Email Phishing https://wizard-it.co.nz/protect-against-email-phishing/ Sun, 19 May 2019 22:54:46 +0000 http://wizard-it.co.nz/?p=771 What is e-mail phishing? Phishing is when someone tries to get personal information (like bank account numbers and passwords), from a large audience, so they can use it to impersonate or defraud people. These emails can look very real, and...

Countinue Reading

The post Protect Against Email Phishing appeared first on My CMS.

]]>
What is e-mail phishing?

Phishing is when someone tries to get personal information (like bank account numbers and passwords), from a large audience, so they can use it to impersonate or defraud people. These emails can look very real, and some will even use the branding and logos of a legitimate organisation to make the email seem genuine.

Phishing scammers will contact a large number of people in the hope that some of them will fall for the scam. These scams can seem like they’re being sent just to you, but in reality the same scam is being sent to hundreds, if not thousands of people at the same time.

Phishing scammers will often claim to be from a legitimate organisation, or to have some kind of ‘deal’ to be claimed. For example, a scammer may send out an email telling people they have won a lottery, and to claim the winnings they need to provide some details. Other phishing scams use scare tactics, where the scammers pretend to be lawyers or employees of the government and threaten legal action if you don’t give them information or money. We’ve also heard of scam emails claiming that online accounts or memberships have been cancelled, have expired or have details that need updating.

 

As has always been the case, the best defense against scammers is User training. No matter what protection you put in place, if a user doesn’t read emails, and clicks on links within them, blindly following the prompts, they are in effect “over-riding” any security in place to protect against this.

The next best solution is 3-fold;

  • a strong password policy, (don’t use simple passwords, and change them occasionally)
  • the best anti-virus software,
  • and Multi-Factor authentication.

What is multi-factor authentication?

  • Multi-factor authentication is a simple way of protecting user profiles by requiring users to provide more than just their username and password when attempting to log in.
  • In Office 365, multi-factor authentication adds a second layer of protection that requires users to provide proof of their identity before they are granted access to a profile.
  • For example, if someone managed to crack or steal your password but doesn’t have the device you associated with your profile, they won’t be allowed to log in. So that second factor—the mobile or office phone—will protect your account from unauthorized logins.

How multi-factor authentication works in Office 365

Microsoft offers three different ways you can use multi-factor authentication to prove your identity from your phone:

  1. Use the Microsoft Authenticator app. This app provides you with a one-time password (OTP) or a push notification. You can either use that device as a software token that provides OTP or you can use it as a push notification hub that will get notifications from the central multi-factor authentication service.
  2. Receive a phone call on your registered number. If you select this option, you’ll receive a call on either your mobile or landline phone and will be asked to press the pound sign (#) to confirm your identity.
  3. Receive a text message at your registered number. You’ll receive an OTP through a text message sent to your mobile. You then simply enter the OTP on the screen where you’re trying to log in.

 

These policies can be set so that the OTP is valid for a set time before requiring it again, so it doesn’t prompt the user every time they open outlook.

Logging in with multi-factor authentication enabled

The user will visit the Office 365 portal (https://portal.office.com), or open their email app like outlook, enter their email, and click Next.

The user will enter their password and click Sign in

The user will be prompted to complete the second factor for authentication.

either by the system calling the number assigned

or by the system sending a txt message to the mobile number assigned to that users account.

  1. After the user completes this step, they will be allowed to sign in to Office 365 or any of its services.

If you would like more information or would like this set up for your organisation, please contact Wizard IT on 09-9735509 or email support@wizard-it.co.nz

The post Protect Against Email Phishing appeared first on My CMS.

]]>
Office 2010 End of Support https://wizard-it.co.nz/office-2010-end-of-support/ Thu, 17 Jan 2019 22:03:22 +0000 http://wizard-it.co.nz/?p=761 Office 2010 end of support   Office 2010 will reach its end of support on October 13, 2020. If you haven’t begun to upgrade your Office 2010 environment, we recommend you start now. What does end of support mean?  ...

Countinue Reading

The post Office 2010 End of Support appeared first on My CMS.

]]>
Office 2010 end of support

 

Office 2010 will reach its end of support on October 13, 2020. If you haven’t begun to upgrade your Office 2010 environment, we recommend you start now.

What does end of support mean?

 

Like all Microsoft products, it has a support lifecycle which they provide bug fixes and security fixes. This lifecycle lasts for a certain number of years from the initial release date. For Office 2010, the support lifecycle is 10 years. When Office 2010 reaches its end of support on October 13, 2020, Microsoft will no longer provide the following:

  • Technical Support Issues
  • Bug Fixes for issues that are discovered
  • Security fixes for vulnerabilities that are discovered.
  • As has already happened to Office 2007 – new email servers wont be compatible with “expired” versions of office shortly after that.

What is Office 365?

 

Office 365 provides subscription plans that include access to Office applications and other cloud services, including Skype for Business, Exchange Online, and OneDrive for Business.

There are several different subscription options, from email hosting only, through to email hosting, a full office license and file storage like SharePoint and OneDrive. Each user can have office apps installed on up to 5 devices.

What is Office 365 ProPlus?

 

Office 365 ProPlus is the version of Office that comes with most Office 365 Enterprise plans. Office 365 ProPlus includes the full versions of Word, PowerPoint, Excel, Outlook, OneNote, Publisher, Access, and Skype for Business installed on your computers.

Office 365 ProPlus is a user-based licensing model that allows people to install office on up to 5 pc’s or Macs and on their mobile devices.

NOTE:

Before upgrading to Office 365 ProPlus make sure computers, application compatibility, infrastructure and environment meet or exceed the minimum system requirements.

For help with any of the above call Wizard IT on 09 973 5509.

 

The post Office 2010 End of Support appeared first on My CMS.

]]>
Scam emails https://wizard-it.co.nz/scam-emails/ Tue, 03 Jul 2018 03:17:43 +0000 http://wizard-it.co.nz/?p=754 Office 365 users are now being targeted in a pretty convincing looking phishing attack. Phishing attacks, a common tactic used by cyber criminals to try to trick you into giving them your information, are nothing new. In fact, it’s likely if...

Countinue Reading

The post Scam emails appeared first on My CMS.

]]>
Office 365 users are now being targeted in a pretty convincing looking phishing attack.

Phishing attacks, a common tactic used by cyber criminals to try to trick you into giving them your information, are nothing new. In fact, it’s likely if your company has already been targeted by phishing (and if you haven’t been, it’s a matter of when – not if) and it’s getting harder and harder to spot the malicious emails.

The Office 365 phishing attack is a perfect example. The email appears to be an automated alert email from Microsoft saying the user’s Office 365 account has been suspended and asks them to sign in to reactivate your account. While the email does look realistic, there are some major red flags.

  1. The From address was not from a Microsoft domain. Alerts from Microsoft will come from an @email.microsoftonline.com address.
  2. This is meant to scare you. It’s to try to get you to click and log in to the fake sign in screen before having a chance to think about it too much.
  3. They are attempting to get you to sign in. This will direct you to the fake sign in screen.
  4. You can’t see it here, but if you hover over the link, it doesn’t direct you to Office 365. It directs you to a non-Microsoft site.
  5. The privacy and legal links are just text – not actual links. Real Microsoft emails will actually link to the legal information on their site.

If you were to click on the link in the fake email, you’d be taken to a pretty convincing looking Office 365 log in page. But it has it’s own red flags:

  1. This is not a Microsoft.com domain. This is your biggest and most important red flag. Always check the URL before you log in to any site to make sure you’re actually on the site you think you’re on.
  2. Company names do not appear on the real Outlook Web App page.
  3. These radio buttons are meant to scare you. These do not appear as options on the real Outlook Web App page.
  4. The email address is pre-filled in and cannot be changed.
  5. This is the only area you can input data. They are attempting to steal your password.

Once you put your password in, it redirects you to a Google doc. At that point, it’s pretty easy to figure out that something is wrong. But before that, you may not know.

It’s easy for us to spot these red flags, because we’re an IT company and a Microsoft partner who deals heavily with Office 365. We think about this all the time. We know the warning signs for phishing email and know what real Microsoft emails look like. For reference, here is a real Microsoft email:

There is an important thing to notice here: While this alert email has a similar message as the fake alert, it has specific account information and gives a reason for the email, rather than just saying the account is suspended or deleted with no explanation.

But for the average user, this attack would be pretty easy to fall for. Knowing the warning signs of a phishing email is incredibly important as these attacks become more and more common.

If you have entered your email in a log in screen and gotten redirected to something like a Google Doc (or anything else you aren’t expecting), it’s likely you’ve fallen victim to a phishing attack. You’ll need to change your password immediately (and the password for any account that uses the same log in information) and contact your IT company to help you make sure attacker is out of your system.

If you’re ever suspicious about an email or something just doesn’t feel right, don’t click on anything and don’t enter your information into a sign in screen that comes up if you have already clicked.

The easiest way to check these emails is as follows;

  1. Move the email to your “Junk” Folder. – this will remove the pictures and show you exactly where the links are pointed to. It will also disable the ability to open them by clicking on them.
  2. You can do this by rightclicking on the message and choosing Junk, then “block sender” –
  3. this can be undone if it is legitimate. In your “Junk Email” folder you can right-click any email message and choose Junk, then “Not Junk”

Example: here’s what a scam looks like in my inbox;

All I did was move it to my junk folder, now it looks like this;

As you can clearly see – Nothing to do with BNZ, but trying to get your banking login details.

If you are still unsure about the legitimacy of an email, reach out to your IT company if your suspicious.

It’s better to take the extra few minutes to check than to fall victim to an attack.

The post Scam emails appeared first on My CMS.

]]>
GDPR what does it mean ? https://wizard-it.co.nz/gdpr-what-does-it-mean/ Wed, 06 Jun 2018 23:57:21 +0000 http://wizard-it.co.nz/?p=744 The Problem: Having visibility and\or control over who can and can’t copy, send, attach your company’s data, and or client information to emails, or copy it to a usb drive, or even print it out and take a physical copy...

Countinue Reading

The post GDPR what does it mean ? appeared first on My CMS.

]]>
The Problem:

Having visibility and\or control over who can and can’t copy, send, attach your company’s data, and or client information to emails, or copy it to a usb drive, or even print it out and take a physical copy with them.

It also is becoming more prevalent due to the EU getting strict on GPDR rules and laws. These may be enforced in NZ at some stage but to date the govt hasn’t given any indication on this. Companies that trade with EU and or USA customers

A common enquiry we hear:

Are we able to see what a staff member has downloaded to their computer? The intent would be then getting this on USB or via personal email to take and use this information for personal use. Reason we ask is how do we protect ourselves when someone leaves, and they may take key information with them. We have someone leaving soon, and in the past an employee took client lists and contacts.

 

The Solution: DLP – Data Loss Prevention

So what is DLP?

DLP is a method of inspecting and keeping sensitive data from leaving the allowed perimeter. DLP systems are only concerned with the data passing over some kind of gateway device, such as through emails, usb drives, instant messages and Web 2.0 applications.

It can identify sensitive data like credit card info, and can be configured to monitor specific locations and\or data types.

DLP – Data Loss Prevention Agents. These are deployed to all machines that need protection and management. This means they can be controlled, restricted, and reported on.

The agent can be set to not be visible on the machine, so the end user can’t disable it.

Key Features

Complete Data Leak Prevention Covers all data leaks channels while being easy to install and operate.
Trends & Productivity Profiling Warns company management in the event of sudden changes in employee activity and shows productivity changes by department over time. Both changes are indications of possible security risks.
Activity Reporting Uncovers security breaches on many fronts by checking all user activities for signs of potential danger, even before the actual transfer of data.
E-mail DLP Ensures protected data stays out of the wrong mailbox. Records where sensitive files have been sent and stores this information for future reports.
Application Control with Time Rules Enables selected package of work related applications and blocks others for a more secure environment. Applications can be made available only for a specified time frame.
Web Filtering Easily enforces company AUP (Acceptable Use Policy) with carefully preselected categories and keyword filtering.
Print Control Limits what can be printed and by whom with quotas for individual users and departments.
Device Control Prevents employees from connecting unauthorized devices at work. Common ports can be enabled for particular devices or blocked for all of them.
Encryption Management Offers Full Disc Encryption or encrypts whole partitions and creates local or network virtual drives for secure file storage. In addition to password and key access methods, offers secured Travel Disks and an “encrypt when copying out” feature for data leaving the Safe Area.
Informative & Testing Mode Helps companies progressively integrate data protection by enabling tests for all “what-if” situations without halting business processes.
On the Fly Data Classification Protects new information immediately after a classified file is created or received.
Unified Management Console Management Console enables one-stop security management and reporting, integrates all company data protection, reporting and blocking policies.
SSL/HTTPS Inspection Checks and protect secured communication lines including websites using HTTPS protocol, IM applications with secured connections and secured email transmission.
Minimal Total Cost of Ownership (TCO) Frees users from the need to buy extra security appliances. The endpoint agents deployed also provide Data Leak Prevention features for company networks.
Flexible Use Covers any application, Instant Messaging protocol or webmail service thanks to its unique universal approach.

How it works:

 

If you’d like to know more about Data Loss Prevention, or would like to get protected, Call us today to get protected.

09-9735509 or support@wizard-it.co.nz

The post GDPR what does it mean ? appeared first on My CMS.

]]>
Office 365 Advanced Threat Protection https://wizard-it.co.nz/office-365-advanced-threat-protection/ Sun, 25 Mar 2018 22:16:47 +0000 http://wizard-it.co.nz/?p=742 Protect your emails, files and Office 365 applications against unknown and sophisticated attacks. With the ever-growing threat of hackers and phishers, trying to gain our information and getting us to click on links in our emails, we need to be...

Countinue Reading

The post Office 365 Advanced Threat Protection appeared first on My CMS.

]]>
Protect your emails, files and Office 365 applications against unknown and sophisticated attacks.
With the ever-growing threat of hackers and phishers, trying to gain our information and getting us to click on links in our emails, we need to be vigilant and educate users on how to keep your data safe.
If that link in your email sounds too good to be true, the chances are it is. Don’t click if you don’t know the sender or think it looks a little strange.
Malware attacks cause hours of lost work and money – Don’t take the attitude of it “Won’t happen to me”.
Can your company afford this risk?

Secure your mailboxes against advanced threats
New malware campaigns are being launched every day, and Office 365 has a solution to help protect your email, files, and online storage against them. Office 365 Advanced Threat Protection can help protect your mailboxes, files, online storage, and applications against new, sophisticated attacks in real time. It offers holistic protection in Microsoft Teams, Word, Excel, PowerPoint, Visio, SharePoint Online, and OneDrive for Business. By protecting against unsafe attachments and expanding protection against malicious links, it complements the security features of Exchange Online Protection to provide better zero-day protection.

Protect against unsafe attachments
With Safe Attachments, you can prevent malicious attachments from impacting your messaging environment, even if their signatures are not known. All suspicious content goes through a real-time behavioural malware analysis that uses machine learning techniques to evaluate the content for suspicious activity. Unsafe attachments are sandboxed in a detonation chamber before being sent to recipients. The advantage is a malware free and cleaner inbox with better zero-day attack protection.

Protect your environment when users click malicious links
Exchange Online Protection provides protection against malicious links by scanning content. Safe Links expands on this by protecting your environment when users click a link. While the content is being scanned, the URLs are rewritten to go through Office 365. The URLs are examined in real time, at the time a user clicks them. If a link is unsafe, the user is warned not to visit the site or informed that the site has been blocked. Reporting is available, so administrators can track which users clicked a link and when they clicked it.

Get rich reporting and track links in messages
Gain critical insights into who is being targeted in your organization and the category of attacks you are facing. Reporting and message trace allow you to investigate messages that have been blocked due to unknown viruses or malware, while URL trace capability allows you to track individual malicious links in the messages that have been clicked.

How to buy Office 365 Advanced Protection: Contact Wizard IT.

The post Office 365 Advanced Threat Protection appeared first on My CMS.

]]>