RIA Workspace

Blog

  • A closer look at fileless malware

    A closer look at fileless malware

    To avoid detection by antimalware programs, cybercriminals are increasingly abusing legitimate software tools and legitimate programs to steal data or ruin its integrity. They use fileless malware to infiltrate trusted applications and issue executables that blend in with normal network traffic or IT/system administration tasks while leaving fewer footprints. Ultimately, your RIA could be at risk. Let’s see why.

    What is fileless malware?

    Fileless malware is stored in random access memory (RAM) instead of on the hard drive. In a typical fileless infection, payloads can be injected into the memory of existing software or applications by running scripts within whitelisted or authenticated applications such as PowerShell, which is designed to automate system administration tasks such as view all USB devices, drives, and services installed in the system, schedule a series of demands, or terminate processes (i.e., Task Manager).

    Because there are no files to trace, fileless malware escapes detection from most antimalware programs, especially those that use databases of precedents. Furthermore, most automated sensors cannot recognize illicit scripts, and cybersecurity analysts who are trained to identify them usually have a difficult time establishing where to start looking. Fileless malware isn’t as visible compared to traditional malware. They employ a variety of techniques to stay persistent, and can adversely affect the integrity of a business’s process and the infrastructures that run them.

    Fileless malware by the numbers

    Cybersecurity firm Kaspersky Lab first discovered a type of fileless malware on its very own network a couple of years ago. The final verdict was that it originated from the Stuxnet strain of state-sponsored cyber warfare. The high level of sophistication and government funding meant fileless malware was virtually nonexistent until the beginning of 2017.

    In November 2016, attacks using fileless malware saw an uptick of 13% according to a report. In the same quarter, attacks surged 33% compared to the first quarter. During the first quarter of 2017, more PowerShell-related attacks were reported on more than 12,000 unique machines.

    Kaspersky Lab uncovered over 140 infections across 40 different countries. Almost every instance of the fileless malware was found in financial institutions and worked towards obtaining login credentials. In the worst cases, infections had already gleaned enough information to allow cyberattackers to withdraw undisclosed sums of cash from ATMs.

    In 2018, cybersecurity firm Trend Micro detected a rising trend of fileless threats throughout the first half of the year.

    Is your RIA at risk?

    It is unlikely your RIA would have been targeted in the earliest stages of this particular strain of malware, but it’s better to be safe than sorry. Businesses should practice defense in depth, where multilayered safeguards are implemented to reduce exposure and mitigate damage. But apart from cultivating a security-aware workforce, what actionable countermeasures can organizations do?
    While your business might not be in immediate danger, you should employ solutions that analyze trends in behavior. It is also wise to invest in a managed service provider that offers 24/7 network monitoring, proper patches, and software updates. Call today to get started.

    Published with permission from TechAdvisory.org. Source.

  • Why should your RIA use private browsing

    Why should your RIA use private browsing

    You may think that you’re not online enough to risk your safety, or that you never visit unsafe sites. However, the world wide web is a vast network where the exchange of information is often difficult to track. Here are some good reasons to “go incognito”.

    With the headlines about data breaches and cyberattacks greeting you every time you go online, it seems impossible to have a sure-fire, foolproof way to keep your information secure. Sometimes cyber predators are relatively harmless, but oftentimes, their goal is to steal identities and financial information. Virus scanners and firewalls can definitely help, but here’s an added layer of protection when you go online.

    What is private browsing?

    Your web browser — whether it be Chrome, Edge, Firefox, Safari, or Opera — stores the addresses of the sites you visit, cookies that track your activity, passwords you’ve used, and temporary files you’ve downloaded.

    This can be convenient if you frequently visit certain pages, can’t remember your login details, or if you’re trying to recall a website you visited a few days ago. But if someone else uses or gains access to your computer, your most private internet activities are exposed for anyone to see.

    With private browsing — also called Incognito Mode in Chrome and InPrivate Browsing in Edge — all the information listed above does not get recorded. In fact, all the websites and information you accessed during a private browsing session is discarded without a trace as soon as you close the browser. This can come in handy when you’re using a public computer because you’re instantly logged out of all the accounts after closing the window.

    Private browsing also prevents cookies from being stored on your computer. In a normal browsing session, sites like Facebook will inundate you with highly targeted ads based on the sites and pages you’ve visited. But in private browsing mode, your internet activity won’t be used against you by marketing companies.

    Another benefit of private browsing is you can use it to log in to several accounts on the same site, which is useful if you need to log in to two different Google accounts at the same time.

    Limitations of private browsing

    Although private browsing does prevent your web browser from storing your data, it doesn’t keep your online activities 100% private. If your computer is connected to the company network, system administrators can still keep track of what you’re browsing, even if you’re in Incognito Mode. Also, if spyware or keylogger malware is installed on your computer, hackers will still be able to see what you’re doing online.

    A keylogger malware records every key you punched in and may send this information to a predefined email address without you knowing. This means passwords, answers to verification questions, account numbers, credit card details, or even the words you type in a chat can be emailed to someone spying on your online activities.

    Even though private browsing has quite a few benefits, you shouldn’t solely depend on it for online privacy. Your computers and mobile devices must be equipped with Virtual Private Networks that encrypt your internet connection and prevent anyone from intercepting your data. And don’t forget to scan your computer for viruses with a strong anti-malware program to keep spyware and other malicious web monitoring software at bay.

    If you want to know where you can get these solutions or learn more about web browser security, call us today. We have the tools and expert advice you need to prevent anyone from snooping on your internet browsing.

    Published with permission from TechAdvisory.org. Source.

  • What is single sign on and who is it for

    What is single sign on and who is it for

    An average enterprise uses over a thousand cloud services. Even if your RIA is only using a few dozen apps, securely managing account logins is still a huge problem for both users and administrators. Single Sign-On (SSO) is an excellent solution, so let’s dive into how it works.

    What is SSO?

    Single Sign-On solutions allow you to create one username and one password that thousands of websites will recognize. If you’ve ever clicked “Login with Google” on a non-Google website, you’ve already enjoyed the benefits of SSO. It’s faster, simpler, and more secure. Now, small and midsized RIAs can accomplish the same level of efficiency between their employees and cloud platforms.

    Instead of asking everyone in the office to track separate accounts for Office 365, Slack, Quickbooks, Salesforce, and whatever other cloud apps your company relies on, you can give them one set of credentials and manage what they have access to remotely. Employees come to work, enter their designated username and password, and they’re all set for the day.

    Why is SSO more secure?

    There are a number of ways to set up a small business SSO solution, but most of them focus on removing login information from your servers. Usually, you’ll provide your employees’ logins to an SSO provider (sometimes referred to as an Identity-as-a-Service provider) and each employee will receive a single login paired with a secondary authentication — like a fingerprint or an SMS to a personal device.

    Every time one of your employees visits a cloud platform, such as Office 365 or Google Apps, the SSO provider will verify the user’s identity and the security of the connection. If anything goes out of place, your IT provider will be notified.

    Should your network or any of its devices be compromised, hackers would find nothing but logins to your SSO accounts, which are meaningless without fingerprints or mobile devices.

    How to get started with SSO

    The first step when setting up a Single Sign-On solution is making sure you have a healthy and responsive IT support system in place. You need a team that is constantly available to review suspicious alerts and troubleshoot employee issues. If you don’t currently have that capacity, contact us today and we’ll help you out!

    Published with permission from TechAdvisory.org. Source.
  • The dangers of autocomplete passwords

    The dangers of autocomplete passwords

    Hackers have found a new way to track you online. Aside from using advertisements and suggestions, they can now use autocomplete passwords to track you down. Feeling unsecure? Here are some ways to keep you out of harm’s way.

    Why auto-fill passwords are so dangerous

    As of December 2018, there are 4.1 billion internet users in the world. This means users have to create dozens of passwords, either to protect their account or simply to meet the password-creation requirements of the platform they’re using. Unfortunately, only 20% of US internet users have different passwords for their multiple online accounts.

    Certain web browsers enable usernames and passwords to be automatically entered into a web form. On the other hand, password manager applications have made it easy to access login credentials. But these aren’t completely safe.

    Tricking a browser or password manager into giving up this saved information is incredibly simple. All a hacker needs to do is place an invisible form on a compromised webpage to collect users’ login information.

    Using auto-fill to track users

    For over a decade, there’s been a password security tug-of-war between hackers and cybersecurity professionals. Little do many people know that shrewd digital marketers also use password auto-fill to track user activity.

    Digital marketing groups AdThink and OnAudience have been placing these invisible login forms on websites to track the sites that users visit. They’ve made no attempts to steal passwords, but security professionals said it wouldn’t have been hard for them to do. AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold the information they gathered to advertisers.

    One simple security tip for today

    A quick and effective way to improve your account security is to turn off auto-fill in your web browser. Here’s how to do it:

    • If you’re using Chrome – Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords.
    • If you’re using Firefox – Open the Options window, click Privacy, and under the History heading, select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
    • If you’re using Safari – Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

    Consider Single Sign-On Instead

    Single sign-on technology lets you simplify how your users access their online cloud apps. They get a single set of credentials that logs them into everything they’re authorized to use. This is just one small thing you can do to keep your accounts and the information they contain safe. For managed, 24×7 cybersecurity assistance that goes far beyond protecting your privacy, call us today.

    Published with permission from TechAdvisory.org. Source.
  • Office 365 updates to make your life easier

    Office 365 updates to make your life easier

    In the software industry, continuous improvement is the name of the customer retention game. Microsoft consistently churns out Office 365 updates, many of which are powered by artificial intelligence (AI). Here are some of the new and upcoming ones most likely to be useful in your business.

    Office

    Write and draw with digital ink

    Typing is easy on desktops and laptops, but when you’re on touch-enabled devices, keyboards are cumbersome to use, whether they are extra hardware or as space invaders on your screen. Now, the Draw tab is available on your favorite Office programs so you can use your finger, a stylus, or a mouse to doodle and write. You can automatically convert your handwriting to text in Word or OneNote by implementing the handwriting input function of your Windows 10 touch keyboard.

    Chat with colleagues right inside the app

    Now available exclusively to Office 365 subscribers, the chat function lets team members message one another within a Word document, PowerPoint presentation, or Excel spreadsheet as they work on it together.

    Word

    Write with your voice

    Ever wished you had a personal assistant who could type dictation for you? As an Office 365 subscriber, you won’t need one. Sign into your account, turn on your microphone, then go to Home > Dictate (in Outlook, go to Message > Dictate instead). Once the Dictate icon turns red, you can start writing your document just by speaking. It’s that easy! Now available in Word for Office 365, Outlook for Office 365, PowerPoint for Office 365, and OneNote for Windows 10.

    Edit documents with natural gestures

    With your handwriting and voice digitized into standard text, editing your document is easy, thanks to natural gestures. It’s like using a pen to insert or cross out words on printouts, but immediately seeing your edits afterward! Other magical things you can do include inserting spaces and paragraph breaks, stringing broken-up words together, and circling text to select it. Now available in Word for Office 365 and Word Mobile.

    PowerPoint

    Transform your scribbles

    Sometimes you need to draw or write by hand to get stuff down quickly. Using digital ink can be the quickest way to communicate but turning scribbles into editable text or easy-to-manipulate shapes for a slideshow presentation later on is time-consuming.

    Or rather, that was the case, because now Ink to Text and Ink to Shape can convert your handwriting and hand drawings into standard text or shapes, respectively. Now available for PowerPoint for Office 365, PowerPoint for iPad, and PowerPoint for iPhone. Ink to Shape is also available exclusively to Office 365 subscribers on Excel for Office 365, Word for Office 365, Excel 2016, Word 2016, and Visio Online Plan 2.

    Excel

    “Ideas” literally let you work smarter

    Pie charts, bar graphs, scatter diagrams — with so many ways to visualize data, it can difficult to choose the right graph. Thankfully, the upcoming Ideas will let AI come up with the most apt graphs for you. Just click on a cell in a data table, click the Ideas button on the Home tab, then voila! Excel comes up with charts for you to choose from. It can even set trend lines, recognize outliers, and create summaries for you — all without having to write an unwieldy formula! Coming soon to Excel for Office 365, Excel for Office 365 for Mac, and Excel Online.

    A picture is worth a thousand data points

    Since optical character recognition software is already a couple of decades old, it’s about time we’re able to extract data tables from pictures. Soon, the Insert data from picture function will let us do things like encode ingredients lists from recipes and digitize printed receipts by taking their photos. Coming soon to Excel for Android tablets and Excel for Android phones.

    One formula, many values

    For so long, Excel users had to enter a formula and copy it to get multiple values (known as an array) from their data tables. With dynamic arrays, however, all you have to do is write a formula once, press Enter, and you’ll get values for entire columns or tables instantly, which means faster processing with fewer errors. To illustrate, you can use a dynamic array to fill up entire multiplication tables, and when you change or add more factors, the array will recalculate and resize automatically. Coming soon to Excel for Office 365 and Excel for Office 365 for Mac.

    Outlook

    Quickly create tasks

    Outlook now lets you create tasks and to-do lists the way you write emails. Just click Tasks > New Tasks, type the name of the task in the Subject box, and add task details in the body. You can also set its priority, start and due dates, and even a reminder for it.

    Additionally, you can create tasks out of emails by dragging an email to Tasks on the navigation bar. This is faster than copy-pasting email contents onto the body of a task, though keep in mind that email attachments aren’t carried over to the newly made task.

    Make the most out of Office 365! If you’re already a subscriber or are currently looking into it, let us help you configure and implement it for maximum productivity.

    Published with permission from TechAdvisory.org. Source.
  • Work smarter with Microsoft’s Workplace Analytics

    Work smarter with Microsoft’s Workplace Analytics

    Did you know that Microsoft Workplace Analytics allows managers to assess the productivity of their staff using data gathered from email, documents, calendar, and other Office 365 applications? It’s an improvement over MyAnalytics, which only allowed employees to view their own data. Now managers can also access their employees’ data for evaluation.

    How it works

    A paid add-on to Office 365 enterprise plans, Workplace Analytics extracts behavioral insights from data gathered from Office 365 email, calendar, documents, and Skype. This means any data an employee types into their email and calendar — whether on the subject line or in the body itself — can be used to indicate their productivity status.

    The program has an overview dashboard that provides specific information:

    • Week in the Life provides an overall view of how the entire organization spends time and how members collaborate
    • Meetings shows the amount of time spent in meetings
    • Management and Coaching gauges one-on-one meetings between staff and manager
    • Network and Collaboration takes a look at how employees connect to colleagues

    What does it aim to do?

    According to Microsoft, Workplace Analytics addresses businesses’ most common challenges: complexity, productivity, and engagement.

    Using Workplace Analytics data, managers and human resources departments can form productivity strategies for the entire company. If most of your employees spend 60% of their time attending meetings and not enough time doing other work, managers can come up with a strategy to reduce meeting times and focus more on productive tasks.

    It also identifies how employees collaborate with internal and external parties. Suppose one of your staff frequently communicates with certain contacts. By using Workplace Analytics data, the employee’s manager would be able to determine whether this particular collaboration pattern is helping the employee hit targets or whether he or she is missing out on other more critical contacts. Based on this info, managers would also be able to determine which employees are most likely to meet or exceed their targets and set company-wide standards accordingly.

    Workplace Analytics also allows managers to determine an employee’s level of engagement (i.e., whether the organization’s collaboration patterns are good for the company), and whether workloads are fairly distributed among workers and/or departments.

    Is it useful for small businesses?

    Large corporations have been using Workplace Analytics, but small businesses can also benefit from it. The data used to provide insights are what employees generate themselves — how much time they spend on meetings, whom they frequently communicate with, and how much time they spend on productive tasks.

    Aside from letting managers examine their staff’s work behavior, Workplace Analytics also provides an overall look at an organizational level. If you want your organization to further harness the capabilities of Workplace Analytics and other Office 365 tools, give us a call today.

    Published with permission from TechAdvisory.org. Source.
  • 10 myths about moving your RIA to the cloud

    10 myths about moving your RIA to the cloud

    Free eGuide

    10 myths about moving your RIA to the cloud


    DOWNLOAD THE FULL EGUIDE NOW

    What RIAs really need to know about the cloud

    This eGuide from Microsoft, dispels some common myths RIAs have about the cloud and Office 365. It’s not simply a version of Office that’s accessed from a browser. It’s a really powerful tool that can make your RIA more agile and help you reduce costs. In fact, the Microsoft cloud helps power the cloud platform we’ve built for RIAs.

    Take some time to download the guide and learn more about these common myths:

    Myth 1: Office 365 is just Office tools in the cloud, and we can only use them online.
    FACT: Office 365 is the Office you already know, plus productivity tools that will help you work more efficiently.
    Myth 2: If our data move to the cloud, we will no longer have control over our technology.FACT: You still have total control over your technology, but your IT department won’t have to worry about constant update.
    Myth 3: Keeping data on-premises is safer than storing it in the cloud.FACT: Security and uptime come standard with Office 365 in the cloud.
    Myth 4: I have to move everything to the cloud. It is an all-or-nothing scenario.FACT: You can move to the cloud at your own pace (in fact many RIAs do), or use a hybrid cloud approach.
    Myth 5: Cloud migration is too much for my RIA to handle.FACT: We’re here to help every step of the way and we’re familiar with your industry and needs.
    Myth 6: Corporate spies, cyber thieves, and governments will have access to my data if it’s in the cloud.FACT: It’s your data. Not anyone else’s.
    Myth 7: We have to learn all new tools to manage SharePoint Online.FACT: SharePoint Online abstracts maintains the infrastructure, without changing anything else.
    Myth 8: Skype and Skype for Business are one and the same.FACT: Skype for Business is your link to hosting productive meetings, not just phone calls.
    Myth 9: Email isn’t any simpler in the cloud.FACT: With automatic updates, you don’t have to worry about email downtime.
    Myth 10: Continuously updating Office 365 will break my critical business applications.FACT: Office 365 updates won’t negatively impact your existing applications.

    DOWNLOAD THE FULL EGUIDE NOW

  • How securing your browser helps protect your business data

    How securing your browser helps protect your business data

    Securing your internet browser can help protect you and the data at your RIA from some of the dangers on the internet – including malware, scams, and hackers. Data protection is a priority at your RIA, and because employees are always online, it’s important that they go online using all the tools they can to protect themselves and your business.

    Here are a few extensions and tools for your browser that can help protect your data and your privacy.

    Prevent browser tracking

    If you don’t like the idea of a third party (reputable or otherwise) being able to track your browsing habits, try installing a tool for private browsing. These programs offer protection against tracking by blocking third-party cookies as well as malware. Some extensions also boast secure Wi-Fi and bandwidth optimization and can guard against tracking and data collection from social networking sites such as Twitter, Facebook or Google+.

    Blocking adverts

    While online ads may seem harmless, the truth is they can contain scripts and widgets that send your data back to a third party. A decent ad blocking program will block banner, rollover and pop-up ads, and also prevent you from inadvertently visiting a site that may contain malware.

    Many blockers contain additional features such as the ability to disable cookies and scripts used by third-parties on a site, the option to block specific items, and even options to ‘clean up’ Facebook, and hide YouTube comments. The major blockers work with Google Chrome, Safari, and Firefox and you’ll be able to find everything from user-friendly solutions to more advanced tools that are customizable down to the tiniest degree.

    Consider installing a VPN

    Unfortunately, browser tracking, malware, and adware are not the only internet nasties that you need to be concerned about. but the good news is that there a number of other extensions that you can download to really get a grip on your online safety. A VPN (Virtual Private Network) is something else to consider. VPNs encrypt your internet traffic, effectively shutting out anyone who may be trying to see what you’re doing.

    Commonly used in countries where the internet is heavily censored by the powers that be, a VPN allows for private browsing as well as enabling users to access blocked sites – in China’s case that’s anything from blogs criticizing the government to Facebook and Instagram. There are hundreds of VPNs on the market so do a little research and find one that suits you best.

    Finally, it goes without saying that having anti-virus and anti-malware software installed on your PC, tablet, and even your smartphone is crucial if you want to ensure your online safety.

    Is browsing at your workplace secure? Would you like a more comprehensive security system for your RIA? We can tell you all about it and help your business protect itself from online threats. Get in touch with us today.

    Published with permission from TechAdvisory.org. Source.

  • Office 365 can help stop phishing emails at your RIA

    Office 365 can help stop phishing emails at your RIA

    Phishing emails remain the most common way hackers distribute malware and steal data. In fact, there are billions of phishing emails sent every year, and millions of people continue to fall victim. However, if you’re RIA is subscribed to Office 365 there’s a good chance that you won’t see harmful messages in your inbox, and here’s why.

    An effective anti-phishing solution is able to recognize the key elements of a phishing attack, which includes spoofed (or forged) emails, compromised accounts, unsafe links, and harmful attachments. In April 2018, Microsoft upgraded Office 365’s Advanced Threat Protection (ATP) features so it can better detect these elements and prevent a wide variety of phishing scams. These enhancements include:

    • Anti-impersonation measures – ATP will now look for potential phishing indicators in an email, including the sender’s address, name, and links, to identify whether the user is being impersonated. You can specify high-profile targets within your RIA, such as managers and C-level executives, so Office 365 can protect these users from email impersonation. Office 365 also utilizes machine learning to analyze a user’s email patterns and flag suspicious contacts that have had no prior correspondence with your company.
    • Anti-spoofing technology – This feature reviews and blocks senders that disguise their true email address. You can even enable safety tips that flag certain email domains that have strange characters. For instance, if your real domain is Acme.com, a spoofed domain could be Acḿe.com.
    • Email link scanning – Office 365 launched Safe Links, which scans emails for fraudulent links and redirects users to a safe page in case it does contain harmful materials. This feature also applies to email attachments, ensuring you’re protected against all types of phishing scams.

    Due to these improvements, Office 365 had the lowest phish rate among other well-known email services between May 1 and September 16, 2018. The company has stopped over five billion phishing attempts and protected users against seven billion potentially malicious links. If you’re looking for a secure email platform, Office 365 is the best option for your RIA.

    That said, it’s not a substitute for good security awareness. No matter how secure Office 365 is, employees still need to be adequately trained to recognize a phishing email when they see one. Hackers are constantly changing their tactics to evade Office 365’s detection systems, so it’s important that everyone is alert at all times.

    If you need a well-fortified email service, we can implement and manage Office 365 for you. We even offer practical security advice to make sure your business, employees, and assets are safe and sound. Contact us now.