Category: Uncategorized

New Office app is a scheduling game-changer for managers and employees

If there’s one thorn in the side of every business, it’s mastering an efficient and functional schedule for the whole team. Between various levels of employees, diverse job types and differing time allotments, making a consistent and easy-to-access schedule can be a huge challenge.

Of course, in the increasingly tech-based work world, countless companies are arriving on the scene claiming to have the newest and best scheduling solution that your company MUST take advantage of. Listen, there are some great stand-alone solutions out there, but often the big promises offered don’t measure up. Even worse, what good is a scheduling solution if it isn’t integrated with all the other applications you already use for calendar tracking and communication?

That’s why business professionals of all kinds are excited about the latest app from Microsoft, called StaffHub. StaffHub is truly changing the game for scheduling in the workplace and the best part is, the application is designed with Microsoft’s familiar and functional signature touch.

Tell Me More: What Exactly is StaffHub?

StaffHub is the latest productivity application released for Office 365. The application is designed specifically to better connect staff and managers to the critical scheduling data they need each day. The application is all about easy access, easy modification and easy communication to ensure that the team is always on the same page and scheduling conflicts are put to rest.

Check out some of the BEST features that StaffHub provides:

Easy Schedule Creation and Sharing

Managers are able to easily create schedules and share the content with their employees seamlessly. The StaffHub app and its data can be accessed from any mobile device through the Office 365 app. Gone are the days of the printed schedule on the wall of the office. With StaffHub, workers can simply open the app to see their upcoming scheduled shifts.

Supreme Schedule Display and View Options

Not only is the schedule easier to create and access in the app, StaffHub makes it look better too! Say goodbye to scratched out times and names on your paper schedule. The StaffHub schedule appears on an attractive and organized grid that can be color-coded for ease. There are also many different viewing options. Users are able to switch between monthly, weekly, or daily views and tapping on an individual shift shows more details. There’s even an option to view the total scheduled hours for each employee.

Streamline Shift Switches

Ah, a manager’s worst nightmare. You spend hours creating a schedule only to get three different employees at your door requesting changes. With StaffHub, this nightmare ends now. When scheduling conflicts come up, StaffHub makes it easy for workers to request a switch. Simply tap the shift in question, select the person to switch with and voila! A request is sent directly to the manager for final approval. This way, you stay in constant control of your schedule while keeping your team happy and organized.

Integration and Communication

As mentioned, there are a lot of stand-alone apps that promise a revolutionary scheduling solution. However, StaffHub is unique in that it is entirely integrated and compatible with Office 365 apps – making communication and collaboration a breeze. Employees can exchange messages and access other content through the StaffHub app. Even better? StaffHub is compatible with Azure Active Directory, meaning managers can add and remove team members as necessary.

Streamlined Success: StaffHub Makes for Happy Managers and Content Staff

Overall, StaffHub is a great tool for streamlining processes and keeping your entire team on the same page. When team members are able to easily understand what is expected of them and access the critical data that they need, jobs get done quicker and employees are more motivated to work. While countless providers are on the market claiming to be the productivity powerhouse, it’s a good idea to peek at what you may already have included in your Microsoft Office 365.

By taking a look at your existing infrastructure before you commit to any applications or solutions, you’ll have a better idea of what specific features you need and how to revamp your tech solutions accordingly. Microsoft has been on the scene for decades – working constantly to keep up with the times and give business users the solutions they truly need.

For Office 365 users, StaffHub is hands down, the no-brainer solution for scheduling. Integration, ease of use, productivity and presentation—what more could a scheduling manager ask for?

Looking to get on top of your scheduling practices? Tired of shift-change nightmares and hardcopy schedules taped up in the breakroom? Reach out to a local team of IT experts for consultation on your best options for schedule management. A team of professionals can help get you on the right path to choosing apps that work better for you and your team.

Taking Data Visualization and Collaboration to the Next Level: Excel and Power BI Integration

Data visualization tools are all about helping to make it easier for people to work with their data. An even more important aspect of data visualization is to be able to get real actionable insights into the data you’re working with. The more easily a tool can satisfy both aspects, the better it is for both data handlers and data consumers.

Microsoft Excel is king in this regard. For most users, no other tool comes close to Excel as far as data management is concerned.

If you’re using Microsoft Office 365, you have access to yet another gem: Power BI. This suite of business analytics tools allows you to analyze data, and obtain and share insights in ways that no other tool can.

In essence, this suite of tools is designed to provide users with a 360-degree view of data, with the most important metrics all in one place. Even more amazingly, Power BI updates information in real time and makes it available across all devices.

If you’re using this tool, you can explore the data behind your dashboard with just a single click. Everything is intuitive and guides you to find the answers you need with ease.

Pooling the strength of Excel and Power BI together

While most people think they have to choose whether to use Power BI tools or Excel, the two can be used together to create a powerful combination for any range of data visualization needs.

Notice that the whole idea of Office 365 is to enhance collaboration within the organization. A complete cycle of content creation and collaboration would typically look something like:

1. Get data,
2. Analyze the data,

• Visualize the data,

1. Publish the data, and;
2. Collaborate with other teams based on the data.

Normally, teams that use Excel tend to only involve Power BI when it comes to publishing their data. In essence, you can choose to work in the tool you love when using Excel and Power BI together. You can build your data or models, analyze and visualize them using either Excel or the Power BI tools – whichever works better for you – then publish out to Power BI where you can then build really beautiful reports to share with everyone in your enterprise.

Modern BI with Office 365

The modern BI available on Office 365 provides for efficient integration of Excel and Power BI Pro and Power BI Desktop. Different interactions between Power BI Desktop, Power BI Service, Excel Online and Excel Desktop exist that bring all these together in a common interface.

Each component in this interface has a function that complements that of the other.

Excel allows for data analysis in a familiar environment

Unlike most Power BI tools, the majority of the people within organizations are familiar with Excel functionalities. As such, Excel provides not only the flexibility and freedom to connect, shape, and model your data to fit your business needs, but also the familiar interface with which to visualize data for your organization’s teams.

Power BI Pro allows for publishing of reports

These are the BI tools available online that allow you to publish your reports securely to your organization while ensuring their accessibility from anywhere on any device.

Power BI Desktop is handy in building advanced models

This is the desktop-based interface of Power BI that lets you build advanced models, queries, and reports that help visualize your data in a way that can be consumed easily by anyone in your organization. Power BI Desktop is designed to enable visual data exploration and interactive reporting capabilities powered by a freeform canvas for drag-and-drop examination.

With this interface, you can build data models, create reports based on them, and share your work by publishing it out to the cloud-based BI services.

Office 365 brings everything together

This Microsoft service provides the platform that glues all these tools together into a single fabric and makes these interactions possible. On a broader scale, Office 365 allows solid team collaboration at the enterprise level; with real-time teamwork and compliance.

Here’s a sample demo showing a typical flow of data across this Excel- Power BI interface on BI Office 365.

The essence here is to see where each of the tools: Excel, Power BI Service and Power BI Desktop come in – with the SharePoint management tool as a necessary addition.

So, from the demo, different sales teams are working directly on various excel files, putting them together. Analysts then pull in all that data and add their input (behind the scenes/including adding data from other sources) before publishing it to Power BI where the data model will sit.

From there, a designer uses Power BI desktop to create final, typically actionable reports out of the model from the cloud.

Wrap Up

Well, as you can see, this is just a sample demo of what you can achieve by integrating Excel and Power BI tools together. Nonetheless, the key takeaway is the demonstration of just how using these tools in combination can serve to enhance collaboration within your organization.

Have you ever been in a position where you are supposed to work on an assignment or important document but you forgot your laptop or cannot access your desktop? That can be frustrating, but thanks to Microsoft, as long as you can access the internet on your phone or even tablet, you can easily resume working on your assignment. Microsoft 365 is an excellent business tool that provides you with lots of options when trying to access a saved document on another device.

A closer look at Microsoft Office 365

Office 365 is Microsoft’s global offering designed to provide users with access to the company’s top-of-the-line cloud-based tools for collaboration and productivity. The service is complete with web conferencing and high definition (HD) video, calendars, business-class email, online Microsoft office suite, as well as file storage and sharing.

When you stay connected to the Microsoft Cloud, you can be sure that all programs are up-to-date and available for users on a 24/7 basis. Below is a simple outline of just a few of the Microsoft 365 apps that enable us to work from any location or device.

Using Outlook App on your phone to work on the go

When you open your Outlook Application, you will see a calendar function, a file function, and a mail function. When you tap on the calendar function, you can see how similar it is to the one that is on the desktop, which means it will be easy for you to use. The files function will help you view all recently accessed documents on OneDrive and even some of the recently shared files—very convenient!

When accessing the mail function, this is where you are able to see all files, documents, and links shared with you. You can also share a file via OneDrive.

Accessing information shared via a link

Simply click on the link and it will open into SharePoint, which will allow you to view the file. If you need to edit the file, open it in the word App and as soon as you start editing, anyone who has access to the file will see your edits right away. Such an incredible feature! This is great because, after editing, you don’t have to keep sending final copies of the same document to everyone on your team. Documents are updated in real time, which is a real time saver!

Accessing the same information on different devices

It’s frustrating to lose devices such as phones, tablets, and even your laptop. If you travel a lot, you may even damage your laptop or phone. Though this can be expensive, it’s also devastating to lose important documents. Retrieving data from a damaged phone or computer usually requires an IT expert. Data retrieval used to be such an expensive ordeal and sometimes unsuccessful. The good news is that on Microsoft 365 you don’t have to worry if you find yourself in any of the above predicaments. Here is a simple outline of how you can access your information from any device.

Open any browser and type the words office.com, then log in. A page will come up with various Microsoft 365 Applications such as Word, Excel, Outlook, and services such as OneDrive. Click on the OneDrive service, which will immediately take you to all files located on OneDrive. You will then be able to access all files that have been saved to OneDrive.

These files are all live so this means that any changes made, such as editing by anyone on your team, will be there. You can view, share, or edit these files. Let’s say you wish to edit a file that you recently shared with someone. Just open that file and you will see an editing option on the top right. You can do all your editing in the browser. This works with all files including Word, Excel, PowerPoint, and other Microsoft applications. All updates will immediately show up on any shared documents.

There are so many other noteworthy features in Microsoft 365 that can help make your work easier. If you want to learn more about these helpful features, just visit this page: www.Microsoft.ca/GetItDone

Wrap Up

Losing or damaging your phone or laptop is always stressful, but you don’t have to lose any of your important documents when you work with Microsoft 365. You may be home sick for a few days, but you don’t necessarily have to get behind on your projects. It’s possible to work from anywhere using any device with Microsoft’s helpful range of products.

Remember that you can work from home and even share updates in real-time with your colleagues. As long as documents are stored to Microsoft’s OneDrive, they’ll always be right at your fingertips. That’s the epitome of convenience!

 

eFail flaw leaves encryption users on guard and encryption providers in ‘patch’ mode

Security researchers announced this week that a significant flaw exists among popular encryption tools that are used for encrypting correspondence and digital signatures. Any and all email encryption services that use OpenPGP standard and rely on GnuPG to encrypt their data and create digital signatures are subject to this wide-reaching security flaw.

Break Down: How the Encryption Security Hole Leaves Users Vulnerable

After a nearly month-long investigation, researchers have publically announced a series of security holes that have been dubbed ‘eFail.’ The eFail flaws were identified in PGP and S/Mime encryption tools and the glitches give cyber criminals the ability to uncover encrypted correspondence. The overall scope of this security flaw is hard to estimate, as most mainstream email providers – including Outlook, Apple Mail, and Thunderbird – have been impacted by the eFail glitches.

Even worse? The investigation revealed that eFail includes an input sanitization vulnerability, dubbed SigSpoof by software developer Marcus Brinkmann. This particular vulnerability allows hackers to forge digital signatures with stolen user ID data. Again, the impacts of these vulnerabilities are wide-reaching, affecting countless popular encryption applications including GnuPG, Enigmail, GPGTools, and python-gnupg. All of these providers have included patches for the vulnerability in their latest software updates.

According to experts, the vulnerabilities were made possible thanks to an OpenPGP protocol. Regularly, when a message arrives to the intended recipient, decryption occurs by separating the information and verifying a valid signature. This process occurs through the strategic separation of information using a file name system.

However, the investigation led by security researchers uncovered that the file name entry port allows for up to 255 characters, meaning it doesn’t get adequately sanitized in the decryption process. This makes it easier for cyber criminals to modify and alter file names and fraudulently gain access to confidential data. Once they’re able to gain access, cyber criminals can read encrypted messages in plain text and send fake messages via the application in hopes of spoofing digital signature verifications.

Patch Mode: Providers Scramble to Patch Flaw and Avoid Disaster 

This widespread loophole can have hugely devastating impacts on affected users. Besides the obvious risks of data breach and forgery, the investigation uncovered that the flaw holds the potential to maliciously infect enormous parts of a user’s core infrastructure. In addition to email encryption, GnuPG tools are used for backups and software updates; the extent of negative consequences is difficult to estimate.

The investigation wasn’t just speculation either. Researches demonstrated three pieces of evidence to establish just how easily encryption and signature data can be hacked and forged thanks to the loophole. So far, the best and only solution is for affected users to immediately implement the latest available software updates. Since patches have been created, updating to the latest software versions is the only concrete strategy for ensuring the loophole doesn’t continue to leave users vulnerable.

Check out this list of platform-specific update prompts:

• Upgrade to GnuPG 2.2.8or GnuPG 1.4.23
• Upgrade to Enigmail 2.0.7
• Upgrade to GPGTools 2018.3

Navigating the Digital Business Force: Vigilance and Proactivity are Critical

The bottom line is that operating as a business professional in an increasingly digital workforce means having to think about countless potential threats to data security – even in places one wouldn’t expect. It seems a new story is making headlines every week about some scary security flaw or devastating hack. But the reality is, with a proactive and level-headed approach, maintaining strong IT security standards for your organization doesn’t have to be a long and painful battle.

The first step, however, does involve accepting that there are simply some things out of your control. Hacks happen. Security holes happen. What matters most is that you and your team are prepared to respond and that you have a detailed plan for responding efficiently and effectively. It’s no secret that the worst time to think about cybersecurity planning is when you’re already in the midst of an attack. Proactivity is the key.

Being proactive involves more than reading about the latest hacks and telling your team to be on the lookout. It means getting emergency response plans on paper and providing detailed security awareness training for your team. It also may mean upping your network monitoring and management tools and delegating some IT responsibility to the professionals.

Does your team rely on some of the encryption tools mentioned in this article? Has your team updated all software with the latest patches? Do you often wonder about the vulnerabilities that are lurking in your company network? Are you overwhelmed trying to stay on top of seemingly endless cyber threats?

Stop thinking and take action. Maintaining a secure network doesn’t have to be expensive or overwhelming. Reaching out to a team of IT security veterans is the first step in taking control of your cybersecurity efforts. Today is the day to empower your business by reinforcing your security network instead of becoming the next victim of cybercrime.

Cyberattacks in Atlanta likely to be the most damaging in US municipal history

It was only this past March that the city of Atlanta was hit by a massive ransomware attack. However, city officials are claiming an additional $9.5 million dollars is required for the ongoing recovery effort. As the city struggles to restore normal and secure operations, many are wondering how high the total bill for the restoration will get.

When the city first took action in April, costs very quickly reached nearly $3 million. A recent Reuters report called the attack “the worst cyber assault on any US city” and noted the following implications:

• Over 30% of software programs used by the municipality were uninstalled or disabled by the attack.
• Countless municipal applications and government services were stolen, with nearly a third of affected data related to critical services like police and court departments.
• The loss of over 70 municipal computers and the loss of over a decade’s worth of legal court documents.
• An undisclosed amount of lost dash-cam footage from Atlanta PD.

Worse Than It Seemed: Additional Time and Money Required for Atlanta Restoration

However, with the recent request for an additional $9.5 million in recovery funding, it’s becoming quite clear that the scope of municipal government services implicated in the attack is far larger than these earlier reports suggested. According to city officials, the additional funding will be used to rebuild applications and restore services disabled or destroyed by the ransomware catastrophe. Not to mention, this $9.5 million request is in addition to the $35 million allotment the municipal IT department will be making in the annual budget.

Funding allotments have yet to be finalized and decided, and Atlanta’s 2019 municipal budget process was postponed in light of the massive cyberattack. Atlanta Mayor, Keisha Lance Bottoms announced her administration’s commitment to determining the root cause of the attack, as well as its overall impact on municipal operations. However, with such a large attack and a new fiscal year beginning on July 1^st, the city is still struggling to respond strategically.

Maybe the Worst, But Not the First: Municipalities Increasingly Hit by Cybercrime

Atlanta isn’t the only municipality to be struck by cybercrime in recent memory. Though the scope of the Atlanta attack may be record-breaking, attacks on US cities aren’t a singular phenomenon. Just in the last two years, government departments in Rhode Island and North Carolina have made headlines. Not to mention countless attacks on emergency service departments in cities across the country.

So, the question becomes: if municipal and governmental departments are struggling, how can business professionals ensure their own data isn’t sitting prey for cybercriminals? Staying proactively informed is a great first step. Communicating with your team and developing cybersecurity best practices is even better. But even with these best intentions leading the way, cities, governments, and businesses are still at risk for data loss.

Full Throttle Response: Why Consulting an IT Security Expert Makes All the Difference

More and more, IT partners and managed security service providers (MSSPs) are playing a vital role in helping businesses – and governments – stay secure and protected. In fact, two award-winning MSSPs – Secureworks and EY – have been at the forefront of Atlanta’s recovery effort.

However, in an age of cost reduction, professionals are often wary about hiring external partners to do jobs they think they can manage themselves. This is understandable, and to some extent, business professionals do have resources available to help mitigate cyber risk on their own. The problem is, cybercrime is incredibly unpredictable. Standalone automated solutions simply don’t measure up to the reliability and expertise offered by IT security trade professionals.

Partnering with a managed IT security provider offers countless benefits, including:

• Strategic planning – Partnering with an experienced MSSP is one of the best ways to implement strategic planning. An experienced and reliable partner will perform network evaluations, identify and fix vulnerabilities, and help develop detailed and customized plans for responding to threats and attacks.

• Informed expertise – One of the most useful benefits of partnering with IT security professionals is the wealth of knowledge and experience they bring with them. Managed security experts know how to identify and properly handle all kinds of attacks including ransomware and other malware infections. Simply put, it helps to have someone on your team who truly knows the nuts and bolts.
• Best practice development – If you’re looking to get concrete procedures and best practices on paper, an IT security partner can help spearhead the process. Using their experience and expertise, IT partners can help you create strategies and best practices to continually mitigate risk at all endpoints.
• Proactive monitoring, management, and updates – Another key benefit of partnering with an IT security team is the reliability and consistency they bring. Having an IT security partner in your corner ensures there is a constant eye on your systems. Your IT partner ensures things are continually monitored and managed. Including everything from software and hardware updates to access controls and user permissions.
• Employee education and empowerment – Perhaps most importantly, the right IT security partner is the best way to get your team more informed, prepared and vigilant. A managed security provider can help educate your team about different attacks and strategies for effective response. This way, even the weakest links in your security chain are taken care of.

Making Moves: Take Action Before Cybercrime Hits Your Company

Overall, partnering with an expert increases the chances of keeping business networks and servers unpenetrated. Partners provide a wealth of information and resources that help business professionals stay focused and productive while remaining vigilant in the face of cybercrime. This helps team members better identify threats as they occur and respond accordingly to keep them from escalating out of control.

Looking to tighten your cybersecurity effort but not sure where to get started? Desperate to avoid the potentially massive costs of ransomware restoration? Reach out to a team of IT professionals today. A team of experts will do whatever it takes to ensure your data is as secure as possible. Even better they’ll make you feel empowered to be your own cyber security hero.

Exploring best practices for the management of AUSkey data and access

It was just last year that the Australian Taxation Office (ATO), reported that the online ATO portals of countless Australian businesses had been targeted by malicious cybercriminals. The ATO quickly notified all businesses to review AUSkey access control after identity thieves gained unauthorised access in hopes of forging or changing business banking information.

For a little bit of business-tax background, an AUSkey allows businesses to securely access a central hub of government and tax services. In addition to ATO access, AUSkey data allows businesses to access Australian Securities and Investments Commission (ASIC) and Australian Business Register (ABR) portals.

ATO Warning: Maintain High Standards for AUSkey Access Control

It was on Monday 30 January 2017 that the ATO issued a warning to AUSkey holders that fraudulent activity has been detected. The ATO issued a formal statement and gave key recommendations for internal risk management and mitigation. The ATO also emphasised the immense risk to businesses impacted by fraudulent AUSkey activity.

“Once an AUSkey has been allocated,” the ATO statement reads, “access is gained to the Business Portal so that fraudulent Business Activity Statements can be lodged and bank details updated to accounts that are not controlled by the entity.”

The ATO offered one leading strategy for internal mitigation: AUSkey protocols must be stringent and well understood among the staff with access. The ATO went on to advise that businesses regularly document the team members who have access and ensure old employees no longer have functional login credentials. The overall extent of the 2017 ATO hack is impossible to know. However, the incident continues to serve as a reminder for businesses to better mitigate risk in today’s cybercrime climate.

A History of Attacks: ATO Frequent Target for Cybercrime Hits

In fact, this wasn’t the first time ATO portals had been subject to fraudulent AUSkey activity. The ATO reported similar attacks in both 2013 and 2015. Andrew Gardiner, a representative from the National Tax and Accountants Association told SmartCompany that the 2017 attack solidifies the true risk involved in an increasingly digital tax environment. Simply put, the financial risks to businesses are high, and professionals must be vigilant.

“Now that we deal with the ATO online on such a regular basis, people do become complacent,” Gardiner said. “People just need to be diligent – and businesses that are diligent treat their AUSkey like their credit card.”

Best Intentions Aren’t Enough: Creating A Well-Rounded Cybersecurity Approach

However, creating rigid internal standards and procedures isn’t the be-all-end-all solution to AUSkey cyber risks. Cyber-attacks happen and very often under conditions outside the control of impacted professionals. So, it’s critical to fully understand the scope of threats facing professionals in an increasingly digital finance environment. After all, these risks have the potential to impact every company’s most critical asset – their clients.

This means doing more than managing internal access and keeping track of AUSkey holders. Businesses must remain one step ahead of the increasingly sophisticated network of cybercriminals in the digital marketplace. The good news is, implementing thorough cybersecurity strategies and best practices aren’t as hard as it seems.

So, in addition to treating AUSkey data the same way as credit card data, here’s a list of strategies for keeping your team prepared and vigilant in the face of cybercrime:

• Stay in the loop – Knowing what threats you are up against really is half the battle. Staying in touch with news of the latest and most dangerous cyber-attacks allows you to remain proactive and stay informed. Knowledge is power.
• Communicate with your team – Make sure you’re talking to your team – especially those with AUSkey access – about the potential risks and cyber threats that exist. Create an environment where your staff feels comfortable to ask questions or report suspicious activity of any kind.
• Make a plan – No matter what, be sure to put down your cyber security efforts on paper in some way. Maybe you’ll schedule regular meetings to check-in on cybersecurity missions and update staff. Perhaps you’ll create a list of cybersecurity standards that all staff members must be aware of. No matter which approach you take, planning ahead is critical.
• Partner with an expert – If you’re struggling to get a concrete plan in place, reach out to experts. The initial step of asking for help can be tricky, but once you partner with a tech expert, cyber security challenges become much less daunting.

Many Australian IT service providers have extensive experience in providing cybersecurity services across Australia. They work alongside clients from Melbourne to Brisbane to ensure their networks stay secure and well-monitored.

Instead of just wondering if your business’ ATO protocol is powerful enough to stop cybercrooks, find out. Work with a professional managed IT provider and you can expect regular system check-ups. They will identify your company’s weakness and recommend security solutions designed to provide optimal protection for your network, servers, computers, and mobile devices.

Most companies today are not doing everything possible to stop cyber-intruders but if you’re ready to step up your game, then work with the best Outsourced IT services provider in your area.

Remember! Australian businesses are at risk! Don’t wait for disaster to strike. Most IT professionals offer free assessments of your current network in terms of the types and severity of cyber-attacks that might occur. Once you partner with an excellent IT services provider, they will work hard to make sure your systems are fully protected. They will also perform regular backups to all data so that if something does happen, you can quickly reinstall your programs and files and keep working.

Hackers Discover New Way to Bypass Microsoft’s Office 365 Security Protocols

Hackers have discovered an innovative method of getting those malicious URLs in their emails past Office 365’s security protocols. This was first revealed by Avanan, a company that deals in internet security. Avanan says that cybercriminals are now using a <base> tag in the HTML header employed with a URL to by-pass security and infect a computer with malware.

Officials at Avanan explained further. “At one time, email clients did not support the <base> tag, so every link needed to be an absolute URL. Support for relative URLs in email is a recent development and the behavior is client dependent. Older email clients will ignore the <base> tag, but web-based email clients, recent desktop clients and most mobile apps will now handle the <base> tag and recombine the URL into a clickable link.”

How Microsoft Safe Links work

Office 365’s Advanced Threat Protection provides a feature called “Safe Links” that compares a link found in an email against those on a blacklist. This feature was designed to catch and stop a malicious link. It was working well for all MS products until hackers discovered this workaround.

The new technique has been dubbed “baseStriker” and it’s aimed at those using Microsoft Outlook. Malicious messages can now bypass the filters included in Microsoft products using the <base> tag.

The new baseStriker program splits the malicious URL so that Microsoft’s product, Safe Links, cannot detect that it points to a malicious URL. Safe Links checks the base domain, ignoring the rest, thereby allowing the user to move on to the phishing site. A few security solutions do protect users against these new cyber-threats, including Mimecast and Proofpoint.

As part of Microsoft’s Office 365 Advanced Threat Protection (ATP), Safe Links was designed to provide a strong layer of protection against malicious links embedded in documents and emails. Microsoft diligently updates the software so that it consistently protects against the latest cyber threats. The software works by determining if a link is malicious, then replacing the bad link and alerting the user. Up to now, ATP has been considered state-of-the-art protection against phishing scams.

Microsoft investigation underway

Officials at Microsoft were contacted by Security Week and they issued a brief statement that said, “We encourage customers to practice safe computing habits by avoiding opening links in emails from senders they don’t recognize.” They also said they were investigating the claims about the new hack.

In the meantime, all security experts discourage users from clicking links found in emails—even if they seem to be from a reliable source. Best Practice for internet security is to always navigate to a web page the old-fashioned way. Open a new browser page and type in the web address. Get in the habit of glancing up to the browser line and making sure it says what it should. Periodic security awareness training is also recommended. This is a good way to remind users about the many phishing scams and malware that constantly threaten users.

Other email clients may be vulnerable

The baseStriker hack may be used in other email programs as well. This has caused all email service providers to begin checking to make sure their security protocols are still intact and working as expected. This is a timely reminder to everyone that crooks are constantly searching for any vulnerability they can take advantage of. New types of malware, worms, viruses, and ransomware are developed each year. Experts believe that Gmail, along with a few other email clients already have built-in protection for splitting the URL and will not be at risk.

Better security training for employees

Though all software developers are now working toward shutting down cybercriminals, every type of cyber defense utilizing technology has its weaknesses. The best methods of cybersecurity usually involve training employees about what to look for and remind them often that hackers never take a break from their work.

Second Chance

A new product called Second Chance offers users a way to “roll back” a decision to click a suspicious link. If the user thinks they may have clicked a bad link in a phishing email, now they can stop the process from moving forward. The software checks out any potentially unsafe link the moment you click on it. Then it informs you that you may be navigating to an unsafe website. You can then abort your actions and return to safety. While products like this do help, there are a flood of new worms, ransomware, malware, and phishing scams developed each year by cybercriminals.

Why hackers always seem to be ahead of the game

Many hackers are now backed by governments the size of China or North Korea, so they have unlimited resources to work with. A Newsweek article[1] reports that Chinese hackers have stolen billions of dollars’ worth of secrets and data from businesses and individuals all over the world. Russia and North Korea are in second and third place when it comes to cyber-theft.

The Newsweek article states that Chinese cyber-aggression toward the United States has evolved rapidly over the last few years. Chinese hackers represent a growing threat to world economies due to their disruptive nature. Today’s battlefield is no longer on actual ground using weapons and artillery. The war is being fought online—on the internet where everyone’s data is sometimes exposed to vast criminal enterprises.

[1] http://www.newsweek.com/chinese-hackers-cyberwar-us-cybersecurity-threat-678378

Many people usually turn to Microsoft’s online productivity suite, Office 365 because of the apparent breadth and depth of its features, which allow them to accomplish what they are unable to do with other similar products on the market.

However, the business environment is always changing and organizations increasingly put a premium on agility, as staying competitive means being able to do more with less. Time is increasingly more valuable as well. Organizations need technology that requires very little training to reduce onboarding expenses for new employees.

With this understanding, Microsoft is rolling out updates to its Office 365 and the Office.com environment to simplify tasks and take the user experience to a higher level. Once this rollout is complete, users will be able to enjoy a much better experience across Word, Excel, PowerPoint, OneNote, as well as Outlook.

While these user experience updates are set to roll out slowly over the next couple of months, many of them are already available for Office.com users to experiment with. Microsoft has deployed new designs to a select customer group. These will be released in phases and carefully tested, so the tech giant can learn as they go.

A user centric approach

According to Microsoft, every change they are making on the user experience is focused on three key things: incorporating customer input, considering the context under which the feature will be best and most easily applied, and giving people control over their experience.

It is actually because of this user-centered approach that Microsoft is rolling out these updates gradually to allow room for incorporating the new feedback they obtain from customers during the process.

Shadow and depth on Office

As you scroll over the items on Office.com, you will notice that they pull forward with shadow and depth. This is because Microsoft is bringing its Fluent Design system to the web and to Office 365.

More importantly, Microsoft has rebuilt Office on a modern platform to be much faster and far more efficient than ever. So you’ll notice that every item you tap, such as a Word document, opens much faster than ever.

Simplified ribbon

Once you open your document, you’ll notice an updated, simplified, and better version of the ribbon. The new ribbon design will help users focus on their work and collaborate with others in a more natural and informal way.

For those who prefer to dedicate more screen space to showing commands, there is the option to expand the ribbon into the classic three-line view. This option will continue to be available to users so that everyone can choose the experience they prefer.

The simplified ribbon is first rolling out on the web version of Word. It will then become available to select consumers on Office.com and to Select Insiders in Outlook for Windows later on in July.

The simplified ribbon will not be available on Word, Excel, and PowerPoint for Windows yet. Microsoft intends to gather enough feedback from a broader set of users before implementing any changes that could disrupt people’s work. Upon rolling out the ribbon on these products however, users will still be able to revert back to the classic version of the ribbon with just a single click.

New animations

As part of the Fluent Design system, the ribbon has been improved with new animations. The user experience is improved with better speed and velocity to improve the overall look and feel. All these have been designed to be inclusive and accessible so that the user experience is streamlined.

New icons and color in the right places

Along with the new animations, users will enjoy a fresh array of new colors and icons. These will help people find the commands they’re looking for more easily. These new features were developed as scalable graphics. They render with precision on any screen size or type.

Users will be able to see the new icons and colors first in the web version of Word for Office.com. Select Insiders will see these new features in Word, Excel, and PowerPoint for Windows in late June. The new icons and colors will then roll out to Outlook for Windows in July, and ultimately to Outlook for Mac in August.

Personalized intelligent Search

Microsoft is also rolling out a new personalized, intelligent Search feature across its products. This will provide access to commands, content, and people in a more enhanced manner. This feature makes suggestions on actions you can take, the content you may be looking for, and people that you may want to connect with – all based on your past work patterns. For those who love Office 365 and even for those who may not yet be fans, these new updates promise a world-full of new possibilities.

All you have to do is place your cursor in the search box and all these recommendations powered by machine learning and the Microsoft Graph will show up.

This experience is already available to commercial users in SharePoint Online, Office.com, and the Outlook mobile app. Commercial users of Outlook on the web will also start seeing this experience in action in August.

Wrap up

These updates are a sign of Microsoft’s commitment to making its products more useful to its customers. Against this backdrop, we can expect nothing but the best user experience from these products as the tech giant continues to roll out innovative modifications.