Microsoft not only builds robust productivity solutions for its customers, but it also prioritizes their security above all else. This year, the company invested a lot of money to protect Office 365 subscribers from increasingly sophisticated phishing scams. Read on to learn more about what they did.

Effective anti-phishing solutions must be able to recognize the key elements of a phishing attack, which includes spoofed (or forged) emails, compromised accounts, unsafe links, and harmful attachments. In April 2018, Microsoft upgraded Office 365’s Advanced Threat Protection (ATP) features so it can better detect these elements and prevent a wide variety of phishing scams. These enhancements include:

  • Anti-impersonation measures –ATP will now look for potential phishing indicators in an email, including the sender’s address, name, and links, to identify whether the user is being impersonated. You can specify high-profile targets within your organization, such as managers and C-level executives, so Office 365 can protect these users from email impersonation. Office 365 also utilizes machine learning to analyze a user’s email patterns and flag suspicious contacts that have had no prior correspondence with your company.
  • Anti-spoofing technology –This feature reviews and blocks senders that disguise their true email address. You can even enable safety tips that flag certain email domains that have strange characters. For instance, if your real domain is Acme.com, a spoofed domain could be Acḿcom.
  • Email link scanning –Office 365 launched Safe Links, which scans emails for fraudulent links and redirects users to a safe page in case it does contain harmful materials. This feature also applies to email attachments, ensuring you’re protected against all types of phishing scams.

 

Due to these improvements, Office 365 had the lowest phish rate among other well-known email services between May 1 and September 16, 2018. The company has stopped over five billion phishing attempts and protected users against seven billion potentially malicious links. If you’re looking for a secure email platform, Office 365 is the best option for your business.

That said, it’s not a substitute for good security awareness. No matter how secure Office 365 is, employees still need to be adequately trained to recognize a phishing email when they see one. Hackers are constantly changing their tactics to evade Office 365’s detection systems, so it’s important that everyone is alert at all times.

If you need a well-fortified email service, we can implement and manage Office 365 for you. We even offer practical security advice to make sure your business, employees, and assets are safe and sound.  If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Office 365 comes with different storage and sharing options to make
business owners more productive. Two of these are OneDrive and
SharePoint, both of which have a long list of features and benefits.
Which option is best for you? Keep reading for the answer.

Looking
for a secure platform to manage your files? Where do you go for help?
Should you choose SharePoint or settle for OneDrive instead? If any of
those terms sound Greek to you, don’t worry. You don’t need a degree in
computer science to figure it out. This article will give you the
lowdown on what to expect from these services.

Both SharePoint and
OneDrive are cloud-based services from Microsoft that allow you to
store, share, and sync files across different devices. SharePoint was
released in 2001 and reportedly has over 190 million users. OneDrive, on
the other hand, was launched in 2007 and has more than 250 million
users.

SharePoint is marketed mainly as a document management and
storage system, but it can be configured to do much more than that.
OneDrive, which was previously known as SkyDrive and Windows Live
Folders, is part of the Office suite of online services.

What the two have in common
For starters, both platforms make use of Office 365 to help companies
organize information and share this with others. To keep things secure,
documents go to a cloud drive, so employees can easily track changes in a
single file that is stored in one central location. One of the main
reasons these platforms are so popular is because users can add comments
and notes using real-time collaboration. Since data can be synchronized
and is readily available, everyone sees the most up-to-date information
regardless of how they view the document.

With OneDrive, it’s personal
OneDrive makes use of a SharePoint backdrop to work. This connects the
two programs. The difference is that OneDrive is made for an individual,
and the user remains in control even if the file is shared to different
people. This means multiple teams can collaborate simultaneously as
long as the original owner shares the document via a secure link. That
person determines who can edit and view the file.

There’s more to SharePoint
With SharePoint, employees throughout the company can view and edit the
stored file. Changes are tracked and higher-ups will know who is
working on the document. This is ideal for human resource surveys or
updates that need the attention of other team members.

With
SharePoint and OneDrive, businesses can improve the way they work. If
you want to learn how online document sharing programs can improve your
company’s visibility and productivity, get in touch with us now. We’re
here for you.

To learn more about how to safeguard your business,
or if you are looking for an expert to help you find the best solutions
for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Anglers catch fish by dangling bait in front of their victims, and hackers use the same strategy to trick your employees. There’s a new phishing scam making the rounds and the digital bait is almost impossible to distinguish from the real thing. Here are the three things to watch out for in Office 365 scams.

Step 1 – Invitation to collaborate email

The first thing victims receive from hackers is a message that looks identical to an email from Microsoft’s file sharing platform SharePoint. It says, “John Doe has sent you a file, to view it click the link below…”

In most cases, the sender will be an unfamiliar name. However, some hackers research your organization to make the email more convincing.

Step 2 – Fake file sharing portal

Clicking the link opens a SharePoint file that looks like another trusted invitation from a Microsoft app, usually OneDrive. This is a big red flag since there’s no reason to send an email containing a link to a page with nothing but another link.

 

Step 2 allows hackers to evade Outlook’s security scans, which monitor links inside emails for possible phishing scams. But Outlook’s current features cannot scan the text within a file linked in the email. Once you’ve opened the file, SharePoint has almost no way to flag suspicious links.

Step 3 – Fake Office 365 login page

The malicious link in Step 2 leads to an almost perfect replica of an Office 365 login page, managed by whoever sent the email in Step 1. If you enter your username and password on this page, all your Office 365 documents will be compromised.

Microsoft has designed hundreds of cybersecurity features to prevent phishing scams and a solution to this problem is likely on the way. Until then, you can stay safe with these simple rules:

  • Check the sender’s address every time you receive an email. You might not notice the number one in this email at first glance: johndoe@gma1l.com.
  • Confirm with the sender that the links inside the shared document are safe.
  • Open cloud files by typing in the correct address and checking your sharing notifications to avoid fake collaboration invitations.
  • Double check a site’s URL before entering your password. A zero can look very similar to the letter ‘o’ (e.g. 0ffice.com/signin).

 

Third-party IT solutions exist to prevent these types of scams, but setting them up and keeping them running requires a lot of time and attention. Give us a call today for information about our unlimited support plans for Microsoft products.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

Making the decision to migrate from an on-site system to a cloud-based Office 365 is easy, but the migration process itself presents numerous security challenges. By covering these essentials, you’ll minimize security breaches and ensure you can enjoy the benefits of Office 365.

Identify your company’s sensitive data…
Most files housed within your servers contain sensitive commercial and personal data that must be properly identified and protected. Do this by conducting a security audit before you undertake your migration.

Your audit should identify the types of data stored in the various parts of your company network, including which specific information needs extra safeguarding. Be sure to consider everything from trade secrets and contract details to the personal information of your clients.

…and then restrict access to it
Once you’ve worked out where your most precious data lies, you can check who currently has access to it and whether their access is appropriate. After all, it’s not necessary for everyone to be able to get at all the data your company owns.

Ensure that each of your employees has access only to the data that’s necessary for them to perform their duties. The great thing about Office 365 is it lets you conveniently set different levels of permissions based on user roles.

Watch out for insider threats
It’s wise to consider everyone in your organization when it comes to auditing data access permissions – and that includes system administrators who may have master access to every element of your network infrastructure.

A rogue administrator is the stuff of nightmares, since their elevated position gives them much greater leeway to siphon off valuable data without being noticed – or even to allow others to conduct questionable business and bypass the usual built-in security precautions. You can mitigate this risk by monitoring your administrators’ data usage and activities.

Use machine learning to foresee security breaches
Every action performed by your staff within Office 365 is automatically logged, and with relative ease you can create detailed activity reports. But the sheer number of events taking place within Office 365 in the course of your business’s normal operations means that even attempting to identify questionable behavior will be akin to finding a needle in a haystack.

That’s not to say it’s unwise to be on the lookout for anomalies in normal usage – the export of unexplainably large volumes of data, for instance, could suggest that a member of your team is leaking intelligence to a competitor, or that they’re about to jump ship and take your trade secrets with them.

To make things easier, machine learning technologies can identify potential breaches before they happen by analyzing large swathes of data in seconds. Graph API is incorporated into Office 365, and allows for the integration of machine learning tools into your security environment to achieve just that. The same tools can also help you avoid being caught unawares by hackers, by identifying system login attempts from locations that are out of the ordinary.

By following these tips, you’ll be able to enjoy the powerful collaborative features of Office 365 while ensuring the robust security your business demands. To find out more about how we can help your Office 365 migration run smoothly, just give us a call.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

 

Published with consideration from TechAdvisory.org SOURCE

To bolster users’ safety, Microsoft recently added security features to Office 365. These enhancements give home and business users peace of mind whenever they send an email, share a link, or forward an attachment. There’s no such thing as being too secure, so we recommend staying abreast of them now.

Files Restore in OneDrive

Previously available only to Office 365 business users, Files Restore allows users to conveniently recover files in OneDrive within the last 30 days. Home and personal users can now easily retrieve and restore all their files at a specific point in time, which is useful in instances where files are accidentally deleted, corrupted, or compromised by ransomware or other malware.

Ransomware detection notification for Office 365

You receive notifications and alerts for a variety of things on your PC or mobile devices, but rarely for something as immensely important as a ransomware attack. Office 365’s ransomware detection and recovery feature sends desktop notifications, email alerts, and mobile alerts in case of any possible ransomware attack on your system so you can act fast.

Aside from being notified about a detected ransomware, you’ll also be guided on how to recover your files before they were infected, based on the timestamp recorded by Files Restore.

Password-protected link sharing in OneDrive

Whenever you share a link — whether to a file or folder — in OneDrive, there’s no guarantee that it won’t be shared to unauthorized users. A password-protected feature solves this dilemma by giving you an option to set and require a password for every file or folder you share.

Email encryption in Outlook

Intercepting email has become many cybercriminals’ preferred method of stealing critical information, so it’s more crucial than ever to ensure email safety. With Outlook’s end-to-end encryption, users can rest easy knowing that the email they send won’t be easily intercepted after all.

Email encryption works by requiring non-Outlook email recipients to choose between receiving a single-use passcode or re-authentication to open an email from an Outlook email sender. On the other hand, an Outlook-to-Outlook email exchange — whether Outlook on desktop, mobile (iOS and Android), or Windows Mail app — doesn’t require any further action for the email to be opened.

Prevent Forwarding

This function restricts email recipients (both Outlook and non-Outlook users) from forwarding or copying email. It also provides an option to prevent certain recipients from opening an attachment from a forwarded email, which will come in handy when a person needs to send an email to more than one recipient, but wants to restrict access to an attachment to just a few recipients.

These new capabilities greatly reduce the effort to secure your files and communications, and Microsoft is sure to roll out a few more soon. If you want to optimize these Office 365 security features or explore other productivity tools’ security features, call us today. To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Microsoft never fails to announce exciting new features for their products. In an effort to improve support for small- and medium-sized businesses, they introduced a series of new apps and enhancements for Office 365 during the Inspire conference in July. Some of the most notable upgrades include:

Microsoft Connections
Email marketing campaigns are a great way to build relationships with contacts and increase sales, but they’re often difficult to manage. With Microsoft Connections, you can easily launch a campaign in minutes using pre-designed templates for newsletters, referrals, and promotions.

As you acquire more contacts, Connections allows you to segment your mailing list so you can target different customers. For instance, you can send product promotions to clients who have stayed with your business for more than six months.

After firing off your emails, performance charts track important metrics like open rates, clickthrough rates, new sign-ups, and canceled subscriptions that can be used to improve future campaigns.

Microsoft Listings
Microsoft Listings helps you seamlessly manage your online presence. Whenever you update your business profile, Listings automatically publishes those changes across your Facebook, Google, Bing, and Yelp accounts, allowing you to keep important information like business hours up to date.

What’s more, Listings includes a web dashboard where you can monitor page-views, reviews, and likes, helping you assess your company’s online reputation.

Microsoft Invoicing
Another useful addition is Microsoft Invoicing, a tool that helps you generate price estimates and invoices. When combined with enterprise resource planning (ERP) software, you can program workflows that automatically redirect invoices, pending payments, and estimates to the right accountant. This application works for credit, debit, and PayPal transactions.

Office 365 Business Center
The Office 365 Business Center brings Connections, Listings, and Invoicing all under one roof. This means information listed on one application is automatically registered onto another, saving you from inputting data multiple times.

The main hub also features a unified dashboard where you can track an email campaign’s performance, Facebook impressions, and any outstanding invoices, giving you full visibility into your accounting and marketing processes.

According to Microsoft, these powerful features will be generally available for Office 365 Business Premium subscribers in the coming months. But if you want to get early access, consider Office 365 Insider program.

Office 365 will likely have even more surprises for SMBs this year, so make sure to keep in touch with us to get the latest rundown on feature releases and Microsoft news.

Are you ready to embrace the cloud with a solution like Office 365? Give us a call, and talk with us about a cloud migration today.

Published with consideration from TechAdvisory SOURCE

Pairing your business with the right productivity-enhancing tool is a challenge. Fortunately, you can choose between two popular options: Office 2016 and Office 365. But which is right for you? Here are three main differences that may help you decide.

How they’re paid for
Office 2016 is a stand-alone suite, and regardless of the quantity purchased, is described by Microsoft as a “one-time purchase.” You pay a single, upfront cost, meaning the entire purchase price must be paid before receiving the license to legally run the software for life.

By contrast, Office 365 is a subscription service requiring monthly or annual payments. Office 365 allows users to run applications only if payments are made. If you stop, you will have 30 days to continue operating after the previous payment’s due date before the license expires.

How they’re serviced
Another aspect to consider is the service and support offerings. Microsoft provides monthly security updates for Office 2016 applications, and these updates fix non-security bugs. However, you don’t get upgrades for improved features and functionality. If you wish to run the latest edition, you’ll have to pay another upfront fee.

Office 365 users, on the other hand, get the same security patches as Office 2016 and also additional feature and functionality upgrades twice a year.

How they sync with the cloud
Microsoft announced a major change this April: As of October 13, 2020, Office 2016 applications acquired through an upfront purchase are required to be in the “Mainstream” support period (the first five years of the decade-long commitment) to obtain cloud connectivity. Office 365 subscriptions won’t experience this problem.

In order to achieve measurable results and enjoy business growth, it’s imperative that your business is working with the right Office solution. Give us a call and let our team of experts assess your needs and determine the better option.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Microsoft understands the value of your business’s data and the costly repercussions of losing it. That’s why they’ve released a slew of security and compliance tools for Office 365 subscribers. But given the increasing sophistication and frequency of data breaches, Office 365 cloud security solutions won’t be enough to protect your files. You’ll need to follow these seven security tips to truly avoid data loss in Office 365.

Take advantage of policy alerts
Establishing policy notifications in Office 365’s Compliance Center can help you meet your company’s data security obligations. For instance, policy tips can warn employees about sending confidential information anytime they’re about to send messages to contacts who aren’t listed in the company network. These preemptive warnings can prevent data leaks and also educate users on safer data sharing practices.

Secure mobile devices
With the growing trend of using personal smartphones and tablets to access work email, calendar, contacts, and documents, securing mobile devices is now a critical part of protecting your organization’s data. Installing mobile device management features for Office 365 enables you to manage security policies and access rules, and remotely wipe sensitive data from mobile devices if they’re lost or stolen.

Use multi-factor authentication
Because of the growing sophistication of today’s cyberattacks, a single password shouldn’t be the only safeguard for Office 365 accounts. To reduce account hijacking instances, you must enable Office 365 multi-factor authentication. This feature makes it more difficult for hackers to access your account since they not only have to guess user passwords but also provide a second authentication factor like a temporary SMS code.

Apply session timeouts
Many employees usually forget to log out of their Office 365 accounts and keep their computers or mobile devices unlocked. This could give unauthorized users unfettered access to company accounts, allowing them to compromise sensitive data. But by applying session timeouts to Office 365, email accounts, and internal networks, the system will automatically log users out after 10 minutes, preventing hackers from simply opening company workstations and accessing private information.

Avoid public calendar sharing
Office 365 calendar sharing features allows employees to share and sync their schedules with their colleagues. However, publicly sharing this schedule is a bad idea. Enabling public calendar sharing helps attackers understand how your company works, determine who’s away, and identify your most vulnerable users. For instance, if security administrators are publicly listed as “Away on vacation,” an attacker may see this as an opportunity to unleash a slew of malware attacks to corrupt your data before your business can respond.

Employ role-based access controls
Another Office 365 feature that will limit the flow of sensitive data across your company is access management. This lets you determine which user (or users) have access to specific files in your company. For example, front-of-house staff won’t be able to read or edit executive-level documents, minimizing data leaks.

Encrypt emails
Encrypting classified information is your last line of defense to secure your data. Should hackers intercept your emails, encryption tools will make files unreadable to unauthorized recipients. This is a must-have for Office 365, where files and emails are shared on a regular basis.

While Office 365 offers users the ability to share data and collaborate flexibly, you must be aware of the potential data security risks at all times. When you work with us, we will make sure your business keeps up with ever-changing data security and compliance obligations. And if you need help securing your Office 365, we can help with that too! Simply contact us today.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Security is, by far, the biggest issue concerning most businesses today. Although safeguards like firewalls and antivirus software are necessary, they’re no longer sufficient in dealing with increasingly sophisticated cyberattacks. Today, companies require multiple layers of security to steer clear of cyberattacks and compliance woes. To help companies with this process, Microsoft has released threat intelligence, advanced threat protection, and data governance features.

Threat Intelligence
Threat Intelligence for Office 365 gathers data from Microsoft security databases, Office clients, email, and other recorded security incidents to detect various cyberattacks. This feature gives users in-depth knowledge about prevalent malware strains and real-time breach information to analyze the severity of certain attacks.

What’s more, Threat Intelligence comes with customizable threat alert notifications and easy-to-use remediation options for dealing with suspicious content.

Advanced Threat Protection (ATP) upgrades
In addition to Threat Intelligence, Office 365’s ATP service now has a revamped reporting dashboard that displays security insights across a company. This includes a security summary of what types of malware and spam were sent to your organization, and which ones were blocked. According to Microsoft, these reports will help you assess the effectiveness of your current security infrastructure.

ATP also has a new capability called “Safe Links” which defends against potentially malicious links in emails and embedded in Excel, Word, and PowerPoint files. If suspicious links are discovered, the user will be redirected to a warning page to avoid an infection.

Advanced Data Governance
The newly released Advanced Data Governance feature is also a much needed enhancement for highly-regulated companies. It classifies files based on user interaction, age, and type, and recommends general data retention and deletion policy recommendations. If, for example, your business has retained credit card data for longer than necessary, Advanced Data Governance will alert you of the possible data governance risks.

Data loss prevention enhancements
Last but not least, the Office 365 Security & Compliance Center is also receiving data loss prevention upgrades. With it, you can easily access and customize app permissions and control device and content security policies. So if someone in your company attempts to leak sensitive customer information, Office 365 will notify your administrators immediately.

Although all these features are available only for Office 365 Enterprise E5 subscribers, security- and compliance-conscious companies definitely need these upgrades. Get the right Office 365 subscription by contacting us today.

Are you ready to embrace the cloud with a solution like Office 365? Give us a call, and talk with us about a cloud migration today.

Published with consideration from TechAdvisory SOURCE

Software developers and hackers are in a constant game of cat and mouse. When cybercriminals find new security bugs to exploit, tech companies have to quickly release a solution that secures those vulnerabilities. Just this month, Microsoft released a patch to eliminate a Word exploit designed to steal user information. If you’re an avid Microsoft Word user, here’s what you need to know about the bug.

The attack
On April 10, cybersecurity firm Proofpoint discovered scammers running email campaigns to trick people into clicking malware-ridden Word attachments. The fraudulent emails, simply titled “Scan Data,” included attached documents that were named “Scan,” followed by randomized digits.

Although the emails seem harmless, clicking on the documents triggers a download for Dridex malware, a Trojan virus designed to give hackers direct access to your banking information. From there, they can simply log in to your online account and make unauthorized transactions under your name.

In 2015, the distribution of Dridex allowed cybercriminals to steal approximately $25 million from European accounts. And if your business fell victim to this malware, there’s a possibility your company might not be able to recover from the loss.

The solution
Fortunately, two days after the discovery of the bug, Microsoft released a security update to disable the dangerous documents, urging users to install the patch as soon as possible. But even though Dridex was inoculated relatively quickly, employees continue to be the biggest problem.

Like most malware attacks, Dridex was distributed via phishing campaigns that preyed on a victim’s trust and curiosity. Hackers added barely any text to the email, yet people were still fooled into clicking on dangerous links.

To make sure Dridex never reaches your company, you must provide comprehensive security awareness training. In your sessions, encourage employees to practice safe computing habits, which include being cautious of online links, setting strong passwords, and avoiding downloads from untrusted and unknown sources.

Much like updating your software, keeping your staff’s security knowledge up to date on the latest threats is also imperative. Ultimately, your goal is to have employees with a security-focused mindset when browsing the web.

Of course, if security training and cybersecurity solutions are not your company’s specialties, you can always rely on a trusted managed services provider like us to protect your business. We can update and secure your systems regularly, and make sure your staff are actively doing their part to reduce security risks.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE