Back to Top

Tech, Web, Cloud & Cabling Services

Category: Security

Security Category

What You Need to Know About the Big Chip Security Problem

According to Intel Corp.,most of the processors running the world’s computers and smartphones have a feature that makes them susceptible to hacker attacks. The chipmaker, working with partners and rivals, says it has already issued updates to protect most processor products introduced in the past five years, but the news sparked concern about this fundamental building block of the internet, PCs and corporate networks.

The revelation of the so-called Meltdown and Spectre vulnerabilities spurred a scramble among technology’s biggest players, from Apple Inc. to Amazon.com Inc., to enact fixes and reassure customers they were on top of the problem.

1. What’s the problem?

Modern processors guess what they’ll have to do next and fetch the data they think they’ll need. That makes everything from supercomputers to smartphones operate very fast. Unfortunately, as Google researchers discovered, it also provides a way for bad actors to read data stored in memory that had been thought to be secure. In a worst-case scenario, that would let someone access your passwords.

2. How bad is it?

The vulnerability won’t stop your computer working and doesn’t provide an avenue for hackers to put malicious software on your machine. Though it could put important data at risk, there’s been no report so far of anyone’s computer being attacked in this manner. More broadly, though, the new fears could undermine longtime assurances that hardware and chip-level security is more tamper-proof than software.

3. How was it discovered?

The weakness was discovered last year by folks Google employs to find such issues before the bad guys do. Usually, solutions are developed in private and announced in a coordinated way. This time the news leaked before the companies involved had a chance to get a fix in place.

 

 

4. What’s being done to fix it?

Chipmakers and operating system providers, such as Alphabet Inc.’s Google and Microsoft Corp., are rushing to create software patches that will close the potential window of attack. Intel said that it expects to have issued updates for more than 90 percent of recently introduced processor products. Amazon.com Inc. said “all but a small single-digit percentage” of its servers have already been protected. In a blog post, Google said its security teams immediately “mobilized to defend” its systems and user data. Some customers of Android devices, Google Chromebook laptops and its cloud services still need to take steps to patch security holes, the company said. Patches for Windows devices are out now and the company is securing its cloud services, Microsoft said in a statement.

5. Is this just an Intel problem?

No, though that seems to be what panicky investors initially thought. Intel says it’s an issue for all modern processors. But rival Advanced Micro Devices Inc. stated that its products are at “near-zero risk.” ARM Holdings, which has chip designs that support all smartphones, said that, at worst, the vulnerability could “result in small pieces of data being accessed” and advised users of its technology to keep their software up to date. Google fingered all three companies. Apple said all Mac computers and iOS devices — including iPhones and iPads — were affected, but stressed there were no known exploits impacting users and that steps taken to address the issue haven’t dented performance.

6. What will the fallout be?

Some computers, mostly older ones, could be slowed down by the software patches that will make them more secure. Intel said that in common situations software might be slowed down by as much as 3 percent or not at all. But in other rare situations, performance might be reduced as much as 30 percent. The company doesn’t expect any financial impact and said it thinks customers will keep buying. As the fixes haven’t been widely deployed yet, it’s unclear whether anyone will even notice or whether computer slowdowns will be widespread. Intel has only done lab tests.

10 Tips for CyberSecurity Recommended By The FCC

Cybersecurity is of paramount importance in today’s digital age as it plays a crucial role in safeguarding sensitive information, ensuring the privacy of individuals, and maintaining the integrity of critical systems and infrastructure. The Federal Communications Commission (FCC) in the United States recognizes the significance of cybersecurity and has provided recommendations and guidelines to help individuals, businesses, and organizations protect themselves from cyber threats. Here are some key points highlighting the importance of cybersecurity along with recommendations from the FCC:

 

  • Train employees in security principles – Establish basic security practices and policies for employees, such as requiring strong passwords, and establish appropriate Internet use guidelines that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data. We offer Security Awareness Training as an option for continuous security training for staff.
  • Protect information, computers, and networks from cyber attacks – Keep clean machines: having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available. We offer Managed Services & Support as an option for preventing cyber-attacks.
  • Provide firewall security for your Internet connection – A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall. We offer a Managed Network Services & Support as an option for firewall security.
  • Create a mobile device action plan – Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password-protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment. We offer Mobile Device Management as an option for a mobile device action plan.
  • Make backup copies of important business data and information – Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud. We offer various Backup & Recovery Solutions as an option for business continuity & disaster.
  • Control physical access to your computers and create user accounts for each employee – Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel. We offer Multi-Form Authentication Solutions as an option for computer login security.
  • Secure your Wi-Fi networks – If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router, so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router. We offer Managed Network Services & Support is an option for Wi-Fi security.
  • Employ best practices on payment cards – Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet. Risk Intelligence is an option we offer to identify potential vulnerabilities.
  • Limit employee access to data and information, limit authority to install software – Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission. We offer Network & Security Assessments that can scan data repositories for user permissions, security and much more.
  • Passwords & authentication – Require employees to use unique passwords and change passwords every three months. Consider implementing multi-factor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data to see if they offer multi-factor authentication for your account. We offer Cloud Security Assessments which are used to ensure proper password & security practices are in place.

Download the 10 Tips Below

SJT-QR-CyberSecurity-10 Tips

If you have any questions, please email us at support@sjtechies.com or call us at (856) 745-9990.

Quick Reference CyberSecurity Guide

In today’s digital age, cybersecurity is at the forefront of technology, both at the workplace and in our personal lives. With the increasing frequency and sophistication of cyber threats, it is essential that we all play a role in protecting sensitive information both business and personal.

 

To help you stay informed and vigilant about cybersecurity best practices, we have created a Quick Reference Guide for Cybersecurity to be shared with your users as a courtesy to better protect themselves from cyber threats and contribute to a safer digital environment.

Please Download Our Quick Reference Cyber Security Guide Below

Quick Reference CyberSecurity Guide

If you have any questions, please email us at support@sjtechies.com or call us at (856) 745-9990.

What Terms You Need to Know to Get Your Business GDPR-Ready

 

What Is EU GDPR? 

The EU GDPR is a law designed to protect and empower residents of the EU by guiding business usage of personal data. In essence, it is reshaping the way corporations handle personal data by controlling its collection, use, and storage. It will replace the regulations and frameworks of the existing 20-year-old directive (95/46/EC).

 

Who Is the GDPR Protecting and Empowering? 

The data subject: This is any individual that can be directly or indirectly identified or uniquely singled out in a group of individuals, from any stored data.

 

What Is the GDPR Protecting? 

Personal data: This is any information relating to an individual, whether in reference to their private, professional, or public life. It includes things like names, photos, email addresses, location data, online identifiers, a person’s bank details, posts on social networking websites, medical information, work performance details, subscriptions, purchases, tax numbers, education or competencies, locations, usernames and passwords, hobbies, habits, lifestyles, or a person’s computer’s IP address.

 

Who Is the GDPR Regulating? 

The data controller: This is the person who, alone or jointly with others, determines the purposes for, and means of, processing personal data. A data controller is not responsible for the act of processing (this falls to the data processor); they can be defined as the entity that determines motivation, condition, and means of processing.

Generally, the role of the controller is derived from the organization’s functional relation with the individual. That is, a business is the controller for the customer data it processes in relation to its sales, and an employer is the controller for the employee data they process in connection with the employment relationship.

 

Who Else Is the GDPR Regulating? 

Data processors: This is the person who processes personal data on behalf of the controller. Typical processors are IT service providers (including hosting providers) and payroll administrators. The processor is required to process the personal data in accordance with the controller’s instructions and take adequate measures to protect the personal data. The GDPR does not allow data processors to use the personal data for other purposes beyond providing the services requested by the controller.

 

What Does the GDPR Consider “Processing?” 

Processing refers to any operation or set of operations performed upon personal data, whether or not by automatic means—such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure, or destruction. Processing must be fair and lawful, although transparency is significantly strengthened. The processor may not use the personal data for their own purposes.

 

What Rights Do the Data Subjects Have? 

Under the GDPR, data subjects can request the following:

  • To be informed about the data processing
  • To consent to the processing of their personal data (opt in) or object to the processing of their personal data (opt out)
  • To obtain their personal data in a structured and commonly used format in order to transfer that data, in certain circumstances, to another controller (data portability)
  • To not be subject to fully automated data processing or profiling
  • To know what data is processed (right of access)
  • To correct where any data is incorrect
  • To have data erased under certain circumstances, for example, where the retention period has lapsed or where consent for the processing has been withdrawn (referred to commonly as the “right to be forgotten”) and to register a complaint with the supervisory authority

 

Other Key Elements to Consider in Preparing for GDPR

We’re not done yet. There are four more important elements to consider with GDPR as you become ready.

 

1) Data Breach Notification

For controllers, GDPR requires that breach notice must be provided, where feasible, within 72 hours of becoming aware of a breach; processors need to provide notice to controllers without undue delay. Any data breaches must be documented.

2) Data Minimization

This requires the level and type of data being processed to be limited to the minimum amount of data necessary. This requires you to ensure that the purpose in which the data is agreed and the purpose in which the data was collected are materially similar. The processors should ensure that individuals’ privacy is considered at the outset of each new processing, product, service, or application, and only minimum amounts of data are processed for the specific purposes collected and processed.

3) Data Pseudonymization

The GDPR defines pseudonymization as “the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.” To pseudonymize data, the “additional information” must be “kept separately and subject to technical and organizational measures to ensure non-attribution to an identified or identifiable person.” In other words, it is a strategy designed to enhance protection and privacy for applicable identifying data.

Although similar, anonymization and pseudonymization are two distinct techniques that permit data controllers and processors to use de-identified data. The difference between the two techniques rests on whether the data can be re-identified.

4) Fair Processing of Personal Data

This requires the processing of personal data to be fair and lawful. Generally, only the level and type of data collected should be limited to the minimum amount of data necessary (see data minimization above). There are a number of methods in which the data may be processed, including: express consent (which may be withdrawn at any time), legitimate interest basis (the subject of which legitimacy may be challenged by the data subject), honoring obligations under the agreement with the data subject, or any other legal basis that may apply.

 

What We Can Do to Help

We know this information can be overwhelming, but taking the proper steps now will save you headaches later. SolarWinds provides products that can help you with getting ready. Our Risk Intelligence software is one of them, providing you with hard data on:

  • A business’ quantified financial risk
  • Personally identifiable information (PII)
  • Protected health information
  • Payment information located in storage
  • Access permissions for sensitive data

Search your ‘data at rest’ for risk areas and start the data mapping you need to get ready for GDPR.

National Cyber Security Awareness Month Tips

360px-US_Department_of_Homeland_Security_Seal.svg

October is National Cyber Security Awareness Month by Department of Homeland Security.

National Cyber Security Awareness Month encourages vigilance and protection by sharing tips and best practices in regard to how to stay safe.

Small businesses are a large target for criminals because they have limited resources dedicated to information system security.  Cyber criminals look for access to sensitive data.

Create a cyber security plan

The Federal Communications Commission offers a Cyber Planner for small businesses.  The planner guide allows specific sections to be added to your guide, including Privacy and Data Security, Scams/Fraud, Network Security, Website Security, Email, Mobile Devices, Employees, Facility Security, Operational Security, Payment Cards, Incident Response/Reporting and Policy Development/Management.

Generate a personalized Small Biz Cyber Planner Guide.

Establish Rules and Educate Employees

Create rules and guidelines for protecting information.  Educate employees on how to post online in a way that does not share intellectual property.  Clearly explain the penalties for violating security policies.

Network Protection

Deploy and update protection software, such a antivirus and antispyware software, on each computer within your network.  Create a regularly scheduled full computer scan.

Manage and assess risk

Cyber criminals often use small businesses that are less-protected to get to larger businesses.  Being a victim of a cyber-attack can have a huge impact on any business including financial issues, loss of possible business partner(s) and many more issues.

Download and install software updates

Installing software updates from vendors can protect your network for unwanted viruses and malware.  Vendors frequently release patches/updates for their software to improve performance and fine-tune software security.  (Example:  Adobe Reader, Adobe Flash and Java updates are critical for protection.)

Backup important business data and information

Create a backup plan for all data including documents, databases, files, HR records and accounting files.  A regularly scheduled backup can be a full, differential or incremental.

  • Full Backup:  Backup of all data.
  • Differential Backup:  Backup of all data that has changed since the last full backup.
  • Incremental Backup:  Backup of all data that has changed since the last full or incremental backup.

Control physical access

Protecting physical property is a very important role in protecting intellectual data.  Create a physical security plan to prevent unauthorized access to business computers and components. 

Secure Wi-Fi

Securing your Wi-Fi network consists of a few configurations.  Configure a device administrator password for your wireless access point (WAP) or router, require a password for Wi-Fi access and do not allow the WAP or router to broadcast the Service Set Identifier (SSID), also known, as network name.

 

Research: Apple rated highest for security on mobile devices

Mobile devices are almost universal in the enterprise in 2016. Tech Pro Research conducted a survey to see what devices employees are using for work, and how safe these devices are.

In new research conducted by Tech Pro Research, 98% of respondents said they use mobile devices for work. Smartphones and laptops were the most common, with 94% of respondents who use mobile devices using them. 74% of mobile device users said they work with tablets. Wearables haven’t found a widespread usage base in the workplace, with only 14% reporting using them. When users rated the security of devices based on vendors, Apple got the best ratings in all categories.smartphones

For smartphones Apple’s high ratings could be partially attributed to familiarity since 67% of respondents said employees at their company use iPhones. Only Samsung was close to Apple in terms of prevalence, and the company was way behind Apple in security ratings.

tablets

Apple also had the largest share of tablet use, and the highest security rankings, among respondents. 53% said they and their colleagues use iPads and 46% of users ranked security as very good or excellent.

laptops

Dell was the most popular brand among respondents, in terms of use for work, but it got third place in security ratings.

wearables

Security on wearables appears to still be developing, based on the mediocre security ratings among all brands, and the fact that security feature usage isn’t the norm for wearables yet.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

APPLE WARNS OF WI-FI HACK: Could wipe out iPhones, issues fix

If you use Wi-Fi on your iOS device, get this security update

The tech giant says there is a new cyber threat, but has taken steps to thwart the attack.  According to the reports, “Apple has now issued a critical security patch for all iOS devices and for Mac computers against a potential hack that could come remotely via Wi-Fi.”


The virus is being considered a potentially serious threat, so the company is urging users to install the updates to protect their devices.

The latest cyber threat is also a risk to Android device users, but Google has taken steps as well to block the virus.

“The vulnerability also has the potential to attack Android devices, but Google issued its own security patch earlier this month.”

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

How to avoid ransomware attacks: 10 tips

As ransomware increasingly targets healthcare organizations, schools and government agencies, security experts offer advice to help IT leaders prepare and protect.

Nigerian princes are no longer the only menaces lurking in an employee’s inbox. For healthcare organizations, schools, government agencies and many businesses, ransomware attacks—an especially sinister type of malware delivered through spear phishing emails that locks up valuable data assets and demands a ransom to release them—are a rapidly-growing security threat.

“We’re currently seeing a massive explosion in innovation in the types of ransomware and the ways it’s getting into organizations,” says Rick McElroy, security strategist for cyber security company Carbon Black Enterprise Response. “It’s a big business, and the return on investment to attackers is there—it’s going to get worse.”

While ransomware has existed for years, 2015 saw a spike in activity. The FBI received 2,453 complaints, with losses of over $1.6 million, up from 1,402 complaints the year before, according to annual reports from the bureau’s Internet Crime Complaint Center. And the numbers are only growing in 2016, the FBIreports.

“The Dark Web and Bitcoin allow almost anyone to sell stolen data without identification—cyber criminals understand they can make easy cash without the risk of being jailed,” says Ilia Kolochenko, CEO of web security company High-Tech Bridge. And hackers—most of which are located in developing countries—are growing more sophisticated, even developing downloadable ransomware toolkits for less-experienced hackers to deploy, according to the 2016 Institute for Critical Infrastructure Technology Ransomware Report.

“The days of grammatically incorrect, mass spam phishing attacks are pretty much over,” says James Scott, senior fellow and co-founder of the Institute for Critical Infrastructure Technology, and co-author of the report. Hackers can now check a victim’s social media accounts, and create a fake email address pretending to be a friend or contact in order to get them to click on an infected link or attachment. “It’s much more targeted, and will exploit a particular vulnerability in a device, application, server or software,” Scott adds.

A typical ransom demand is $300, according to a report from security firm Symantec.

Health threats

The healthcare sector is highly targeted by hacker attacks, due to antiquated or misconfigured computer security systems and the amount of sensitive data they hold, says David DeSanto, director of projects and threat researcher at Spirent Communications.

The large number of employees at most hospitals also makes cyber security safety training difficult, DeSanto says. Experts commonly see attacks occur through spear phishing—targeted emails with attachments with names such as “updated patient list,” “billing codes” or other typical hospital communications that employees may click on if not warned.

In 2015, over 230 healthcare breaches impacted the records of 500-plus individuals, according to data from the U.S. Department of Health and Human Services Office for Civil Rights.

A February ransomware attack launched against Hollywood Presbyterian Medical Center in southern California locked access to certain computer systems and left staff unable to communicate electronically for 10 days. The hospital paid a $17,000 ransom in bitcoin to the cybercriminals, says CEO Alan Stefanek.

Following security best practices can help healthcare organizations protect themselves. “The best way is to make regular backups of all systems and critical data so that you can restore back to a known good state prior to the ransomware being on the system,” DeSanto says.

Without security best practices, healthcare organizations may be left with few options to retrieve information. In these cases, healthcare organizations may choose to pay the ransomware fee. Some make enough money that paying the ransom for a few infected computers is low compared to the cost of maintaining the infrastructure to protect these attacks, DeSanto adds.

Schools and businesses

Hackers are gaining traction and using new methods across other industry verticals as well. In 2014, a large European financial services company (whose name was not disclosed) discovered with the help of High-Tech Bridge that a hacker placed a back door between a web application and a data set.

For six months, the hacker encrypted all information before it was stored in a database, undetected by company staffers. Then, they removed the encryption key, crashing the application, and demanded $50,000 to restore access to the database.

However, the company did not end up paying, thanks to mistakes made by the hackers, Kolochenko says.

Other victims are not as lucky, says Engin Kirda, professor of computer science at Northeastern University. “If the ransomware hacker does the encryption well, once the data is encrypted it’s nearly impossible to decrypt,” he adds.

Such was the case for South Carolina’s Horry County School District this February, when hackers froze networks for 42,000 students and thousands of staff. District technology director Charles Hucks tried to shut down the system, but within minutes, the attackers immobilized 60 percent of Horry County’s computers. The district paid $8,500 in Bitcoin to unlock their systems.

Tips for IT leaders

To prevent a ransomware attack, experts say IT and information security leaders should do the following:

  1. Keep clear inventories of all of your digital assets and their locations, so cyber criminals do not attack a system you are unaware of.
  2. Keep all software up to date, including operating systems and applications.
  3. Back up all information every day, including information on employee devices, so you can restore encrypted data if attacked.
  4. Back up all information to a secure, offsite location.
  5. Segment your network: Don’t place all data on one file share accessed by everyone in the company.
  6. Train staff on cyber security practices, emphasizing not opening attachments or links from unknown sources.
  7. Develop a communication strategy to inform employees if a virus reaches the company network.
  8. Before an attack happens, work with your board to determine if your company will plan to pay a ransom or launch an investigation.
  9. Perform a threat analysis in communication with vendors to go over the cyber security throughout the lifecycle of a particular device or application.
  10. Instruct information security teams to perform penetration testing to find any vulnerabilities.

Mitigating an attack

If your company is hacked with ransomware, you can explore the free ransomware response kit for a suite of tools that can help. Experts also recommend the following to moderate an attack:

  • Research if similar malware has been investigated by other IT teams, and if it is possible to decrypt it on your own. About 30 percent of encrypted data can be decrypted without paying a ransom, Kolochenko of High-Tech Bridge says.
  • Remove the infected machines from the network, so the ransomware does not use the machine to spread throughout your network.
  • Decide whether or not to make an official investigation, or pay the ransom and take it as a lesson learned.

“There is always going to be a new, more hyper-evolved variant of ransomware delivered along a new vector that exploits a newly-found vulnerability within a common-use application,” Scott of ICIT says. “But there are so many technologies out there that offer security—you just have to use them.”

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Now Microsoft Office 365 tackles ‘fake CEO’ email spoofing attacks

Microsoft is rolling out a host of new email security features for Office 365 later this quarter, as it looks to thwart hackers and criminals.

‘Insider spoofing’ or faking the CEO’s email address to trick the CFO into transferring millions to criminal bank accounts is big business. Now Microsoft is using big data and reputation filters to try and squish the threat.

According to the FBI, between October 2013 and August 2015, 7,066 US businesses have fallen prey to ‘business email compromise’, netting criminals an estimated $747m.

Non-US victims lost a further $51m over the period, with the FBI estimating a 270 percent increase in identified victims since January 2015, when it first released figures about the threat category.

As Microsoft notes, when a corporate email domain is spoofed, it makes it hard for existing filters to identify the bogus email as malicious.

However, Microsoft reckons it has achieved a 500 percent improvement in counterfeit detection using a blend of big data, strong authentication checks, and reputation filters in Exchange Online Protection for Office 365.

It’s also rolling out new phishing and trust notifications to indicate whether an email is from a known sender or if a message is from an untrusted source, and therefore could be a phishing email.

The company is also promising a faster email experience as it vets attachments for malware and new tools to auto-correct messages that are mis-classified as spam. The aim is to boost defences without impairing end-user productivity.

Malicious email attachments remain a popular way for attackers to gain a foothold in an organization and, as RSA’s disastrous SecurID breach in 2011 showed, a little social engineering can go a long way to ensuring someone opens it.

Microsoft’s new attachment scanner, called Dynamic Delivery of Safe Attachments, looks to reduce delays as it checks attachments for potential threats.

Currently it captures suspicious looking attachments in a sandbox with a ‘detonation chamber’ where it analyses it for malware in a process takes five to seven minutes.

Microsoft hasn’t figured out a faster way to analyse the attachment, but instead of holding up the email as it conducts the scan, it will send the body of the email with a placeholder attachment. If the attachment is deemed safe, it will replace the placeholder and if not, the admin can filter out the attachment.

The feature is part of Microsoft’s Office 365 Exchange Online Protection and Advanced Threat Protection services.

The company is also tackling false-positive spam, or legitimate messages that are mis-identified as spam, and vice versa, with a new feature called Zero-hour Auto Purge, which allows admins to “change that verdict”.

“If a message is delivered to your inbox and later found to be spam, Zero-hour Auto Purge moves that message from the inbox to the spam folder; the reverse is true for messages misclassified as spam,” Microsoft notes.

Microsoft is testing this approach with 50 customers and says it will be rolled out for all Exchange Online Protection global clients in the first quarter of 2016.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Cyber Security

Intuit Cyber Alert

We have been alerted to a new Phishing scam that effects Quickbook and Intuit customers. Recently, Intuit published a security notice on their website warning customers of a Phishing scam which appears to be a direct email from Intuit’s customer service department using the domain of “intuit-solution”.  This sender is not associated with Intuit nor is it an authorized agent of Intuit. If you receive an email from this domain or any other email that appears suspicious, do not click on any links or attachments, do not reply to the email and do not forward it to anyone. It is recommended that you delete the email. If you mistakenly click or have already clicked on a link or downloaded something from the email, immediately (1) delete the download (2) scan your system using an up-to-date anti-virus program and (3) change your passwords. If you experience any issues and are worried you may have fallen subject to this scam, contact South Jersey Techies for immediate support.

Phishing is a cybercrime aimed to lure individuals into revealing personal information or expose them to downloads of malware that will infect their computer and networks. Phishing baits will impersonate real companies. The imposters are getting harder to spot and not all phishing scams work the same way.  You should never enter your username or password into a Login if you are not 100% confident of the source.  These scams are designed to retrieve sensitive information such as SSNs, credit card information and user names and passwords.

Following basic safety tips can help you keep your information safe:

  • Protect your computer with anti-virus software.
  • Keep your browser up to date and install any updates as they are pushed.
  • Contact your bank and any other financial institutions you use if you are a victim of identity theft. Check with your credit reporting agencies often and spot check for any inconsistencies.
  • Report any suspicious emails to your technology provider or third-party vendor so they may be tracked and logged.

If you have any questions, please email us at support@sjtechies.com or call us at (856) 745-9990.

CALL US NOW!