Is Your Hospital Stuck In The Dark Ages?

Bring your healthcare practice into the future with cloud computing technology.

healthcare cloud computing

As the demand for better healthcare rises in the U.S., more healthcare organizations are utilizing cloud computing. There’s been an increase in demand for healthcare services due to aging populations and the growing prevalence of chronic diseases. Healthcare providers are experiencing cost pressures from the need to do more along with expectations for better outcomes that deliver increased value. This demand has driven healthcare providers to depend on cloud computing because it provides a cost-effective, on-demand resource for them to access the information they need to make important decisions.

Healthcare providers have quickly realized the potential benefits of cloud computing to automate management and provide for:

  • Security and Disaster Protection,
  • Real-time business intelligence,
  • IoT augmented patient care,
  • Big data analytics,
  • Cognitive assistance,
  • Economies of scale, and
  • Flexible payment models.

Cloud computing plays an important role for both providers and patients.

It has replaced traditional healthcare operations with digital alternatives that help to lower costs and allow for data integration and analysis, resulting in higher efficiency and effectiveness. Cloud services provide computing solutions at a lower cost than buying or licensing them and facilitates the information sharing and collaboration physicians and patients rely on today.

With cloud computing, IT resources can be accessed on demand and paid for as an operating expense. Healthcare organizations are benefitting from:

  • Software as a Service (SaaS) solutions,
  • Infrastructure as a Service (IaaS) virtualized computing resources, and
  • Platform as a Service (PaaS) that allows them to develop, run, and manage applications without the complexity of constructing and maintaining an infrastructure in-house.

With SaaS specifically designed for the healthcare industry, barriers to entry have disappeared. Cloud Solution Providers (CSPs) deliver higher levels of service for applications, along with disaster recovery for a lower cost when compared to using on-premises solutions. They also provide improved responsiveness with decreased administrative overhead.

Cloud solutions offer scalability and the ability to adjust as demand for healthcare services increase or decrease – and they provide web access to data without the need to store information on computer devices.

Cloud services allow clinicians to search vast amounts of data to produce the best treatment plans. Patients can also access these services to learn about their medical issues and collaborate with their doctors.

Regarding patient privacy and HIPAA regulations, cloud services use data centers that are typically more secure than in-house solutions. They protect against threats with both physical and technical methods and are maintained by expert IT staff. Additionally, they employ sophisticated security controls and data encryption. CSPs now offer HIPAA-enabled offerings in accordance with the HITECH Act.  

With traditional IT, the healthcare organization is responsible for security. With cloud services, the responsibility is shared between the cloud provider and the healthcare organization.

There’s no need to hire IT employees because cloud services come with all the needed IT skills required. The costs for these experts is spread across many customers.

Many CSPs offer services with an upfront financial commitment for a multi-year term, or on a subscription basis. This flexibility enables organizations to optimize financial treatment of cloud services to meet their unique needs.

Cloud-based healthcare IT systems allow for broad interoperability and integration of other systems and applications like EHR/EMR solutions. They offer the ability to share information easily and securely.

Cloud services provide secure remote access to applications and data, and they support access from mobile devices via the Internet. They offer access to a much larger ecosystem of information and a wide range of services.

Cloud security is a priority for CSPs. Security systems and tools are integrated with the cloud-based services they provide. They come with controls for access and authentication, firewalls, encryption services, monitoring and intrusion detection. Plus, CSPs offer government-certified services through initiatives like FedRAMP, FISMA, and FIPS.

Backup as a Service (BaaS): Healthcare organizations outsource their backup and recovery services to an online data backup cloud service provider. This allows for complete data backup sets that are always available and useable.

Disaster Recovery as a Service (DRaaS) is available via the cloud in the face of IT failure or data loss. With DRaaS, healthcare organizations don’t have to invest in or maintain their own disaster recovery environments. The DRaaS provider can implement the plan and ensure timely availability of IT systems with minimal loss of data.

Sophisticated analytic capabilities can be used with business intelligence solutions to improve both patient-specific assessment and management. Intelligent business process management suites (iBPMSs) and case management frameworks (CMFs) provide healthcare staff the capabilities they need to mitigate medical mistakes and minimize patient adverse events (PAEs).

Cloud services facilitate personal health maintenance, improve diagnoses, obtain better case outcomes, and optimize healthcare delivery. Hospitals and healthcare practices are increasingly relying on cloud-based practice management, medical records and medical image archiving solutions. They offer cost-effective benefits and the ability to offload tasks from hospital IT departments so that they can support other operational and clinical support systems.

Cloud services allow healthcare organizations to take advantage of storage services at a fraction of the cost of housing them internally. This results in reduced capital expenses and reduced staffing needs as well.

Cloud computing promotes patient compliance. Patients are now sharing vital information with their providers to help them when making decisions and dealing with differential diagnoses. The increase in cloud computing has led to the replacement of health IT systems with new capabilities that allow patients to play a greater role in their healthcare. Cloud computing is at the center of this change – it supports the collaboration and information sharing that consumers demand today.

Patients are using the cloud to take a more active role in maintaining their health via their computers, smartphones and wearable devices that track their activity, exercise, diets and vital signs. Cloud computing also helps patients find the best, most appropriate health services in their area.

Cloud computing provides the connectivity channels required for telemedicine and eliminates the need to install complex technologies.

It allows for a connected model where healthcare can seamlessly be delivered from multiple providers. Furthermore, it offers the opportunity for patients to communicate and collaborate with medical staff and be part of the management of their care.

Cloud computing leverages emerging technologies to enable care outside of the physical hospital or doctor’s office, through the use of wearable devices that connect to cloud-based smart healthcare systems. The Internet of Things (IoT) devices provide near-real-time data and convey vital signs from anywhere in the world. It allows providers to monitor a patient’s health while giving them the flexibility to live their life.

Mobile computer applications, the IoT and wearable devices that are supported by cloud applications are becoming more commonplace. This has helped to change the doctor-patient culture from a “fix-it” mentality to one that is prevention-based. Cloud systems also make it easy for patients and providers to benefit from registration to support of IoT communication protocols and the management of IoT device data.

Due to the benefits it provides, adoption of cloud computing solutions in healthcare is anticipated to accelerate in the coming years.  It’s important to identify which applications and services should be migrated to the cloud. Migration isn’t always easy and should be managed by an IT professional that is experienced in cloud migration services. Furthermore, to fully benefit from cloud computing, healthcare organizations should develop a strategy that complements its business goals. Cloud solutions for healthcare organizations will continue to provide new and improved patient care capabilities as more advances are accomplished.

Become A Microsoft Excel Superstar Overnight!

With the 2016 version of Excel, Microsoft has really upped the game for people who aren’t great with numbers. You can now easily use one-click access that can be customized to provide the functionality you need.

This is the first of a three-part series about using Microsoft Excel 2016 to help you identify trends, construct helpful charts, and organize information to maximize the value of your data.

You can use Excel Worksheets and Workbooks in conjunction with programs like Microsoft Access and PowerPoint. Excel 2016 possesses many capabilities that aren’t readily apparent. That’s why we’re providing this three-part series for you.

What is Excel and how is it organized?

Excel is an electronic spreadsheet program that’s used to store, organize and manipulate data. You enter data into Workbooks that are made up of individual Worksheets. In the Worksheets, you enter data into cells that are organized into rows and columns. Excel data can consist of text, numbers, dates, times and formulas.

Why would you want to use Excel?

If you or your employees work with financial data, it’s a great tool to use for:

  • Basic mathematical operations like adding, dividing, and multiplying.
  • Finding values like profits or losses.
  • Calculations like averages, percentages and number counts.

Performing calculations in Excel is only the tip of the iceberg. There’s much more you can do like creating charts and graphical layouts to make it easier to recognize trends and more easily analyze data.

Navigation

What’s great about Excel is that it has the same set up as other Microsoft products you’re familiar with. You have tabs across the top, where each tab has a corresponding ribbon with many functionalities to choose from.

The Quick Access Toolbar

The Quick Access Toolbar is a drop-down menu where you’ll find functions that you commonly use like Print and Save. You can also customize the Quick Access menu with other functions you use on a regular basis.

The Formula Bar

This is located underneath the ribbon next to the Name Box that shows you where your cursor is located on your Worksheet. The Formula Bar is important because it’s what calculates the math for you. Excel does the calculation and displays the answer in the cell you choose. The Formula Bar also shows you the contents of the particular cell you’re in.

Adding Data

There are three ways you can add data to your Excel Worksheet. You can:

  1. Type in the data,
  2. Copy and Paste data, or
  3. Import data from other sources.

This is great if you have a large amount of data. For example, if you have customer lists in a database, you can even pull this into Excel.

You can enter data into only one cell, into several cells at the same time, or even on more than one Worksheet at once. And, as mentioned, the data can be numbers text, formulas, dates, or times.

On your Worksheet, simply click a cell and type in the information that you want to enter. Then hit ENTER or TAB. If you typed in a date, Excel will recognize this and format it the way you’ve specified in your default settings.

Formulas

Excel computes the correct answer when you enter a formula into a cell. Once you’ve done this, it recalculates whenever you change any of the values. The way Excel knows that you’re entering a formula is by starting with an equal sign. Then you follow the equal sign with a SUM or AVERAGE.

For example, C2: =A2+B2 means that the number in C2 is what occurs when you add the numbers in A2 and B2.

You can type this in manually, but now Excel has great functionalities to help you do this. The simple way is to put your cursor in cell C2, hit = and type in A2+B2. The numbers in A2 and B2 will be added, and the SUM will be entered in cell C2.

Note: You always want to calculate using the actual cells rather than typing in numbers like 1 + 2, etc. The reason for this is so you can go back at any time and change the values in cells and the formula will calculate with the new numbers.

Let’s say you want to add a bunch of numbers together in your Worksheet. You can type = sum (a1:a5) in the cell where you want the answer to appear. Or you can do this and drag your mouse across the cells you want to add. Type =sum ( and drag your mouse across the cells and hit ENTER. The sum will appear in the cell without you having to typing in all the numbers! When you put your cursor on the cell, you will see the actual formula you just created.

There are many ways to do the same thing in Excel. It’s like this across all Microsoft products. You can go to the Ribbon at the top to “Auto Sum” to do the same calculation. Select a cell next to the numbers you want to add, click AutoSum on the Home tab and press Enter. Do what works best for you.

Once you create a formula, you can copy and paste it into another cell. You can also copy and paste formulas into different Worksheets as well. This can save you a lot of time.

Formatting Worksheets

With Excel 2016, you can format your Worksheets much more easily than you could before. You can use document themes throughout the Worksheets in your Workbook to present a professional and consistent appearance. You can also apply predesigned formats as well.

Let’s say you have a Worksheet with many rows that are hard to read. You can go in and create fill colors and more to differentiate the rows, columns, and headers to make reading much easier.

You have options to create borders around cells, rows or columns from the drop-down menu. You can also shade cells with a solid background. Don’t forget that you can change the style and types of fonts. Right-click the text, and a drop-down menu will appear where you can make these and other selections easily.

Creating Charts

If the data isn’t complex, you can easily read it, but if you have a lot of data, creating a chart will help you better analyze it. You can select specific cells, rows, and columns for your chart. One way to do this is to highlight the data and go to the top ribbon to select the type of chart you want to create.

With Excel 2016, you have a “recommended charts” option. Excel will help you choose the chart that best suits your data.

You can then go in and further customize your chart in the “Chart Tools”. You can change the color scheme, 3D effects, shading and more. If you change the data in the cells in your Worksheet, your chart will reflect the changes.

Some of the new charts in 2016 include:

  • Waterfall
  • Tree Map
  • Box and Whiskers
  • Sunburst

Creating Tables

You may be used to creating tables in Word or PowerPoint. Some people think the format in Excel is already in a table, but it’s not; at least until you tell it to do so. If you want to do this, select your data, go to “Insert” and select “Table.”

Similar to other Microsoft products, tabs will appear to help you format your table.

Viewing Worksheets

When dealing with lots of information, it can get unruly trying to work around various rows and columns. This is where Viewing Worksheets can be helpful. You can freeze a portion of your worksheet with “Freeze Panes” to more easily view it.

You also have the ability to “split” the data to view different parts of your Worksheet. You can compare two Worksheets in the same Workbook or even in different Workbooks by viewing them side by side.

Saving and Printing

If you have Worksheets that are so large they won’t fit on one page, go to “Save As” and decide on the name, where it gets saved, and go to “Print” where you can save the file to a pdf that you can send.

You can select options for printing the entire sheet, part of it, resizing it, and more to suit your needs. Going to “Page Setup” will allow you to shrink the entire Worksheet down to a size that’s more manageable for printing.

Sharing & Security

In Excel 2016 you can share Workbooks and Worksheets with others and password-protect them. The people you send them to need to know your password to open them, whether you send them via email, share them on your network, or via the cloud. From within Excel, you can designate who can access your Worksheets and Workbooks, and also whether they can edit them or not. There are a variety of parameters you can set within a Worksheet.

For example, if you want to hide employees’ salaries, you can hide this section when you share it. Or, you can let people see your data but lock it down, so they can’t change it. You can also protect your Worksheets and Workbooks to keep them secure from non-authorized users.

The Quick Analysis Tool

When highlighting data, click on the Quick Analysis button to create a chart, highlight specific cells, and much more. It doesn’t give you the functionality you’ll find in the Ribbon, but you can get things done quickly and easily with this tool.

3D Power Maps

This is another new tool in Excel 2016 that lets you look at information in ways you might not have seen in the two-dimensional format. This helps you strategically create your data on a 3D map. You need latitude and longitude data to do this. You can also import your own maps into 3D Power Maps.

PivotTables

PivotTables help you analyze your Worksheet data. You can summarize, analyze, explore and present your data in just a few clicks. They are very flexible and can be adjusted to your unique needs. Note: Your data should be organized without blank rows or columns for this to work properly.

The good news is that Excel 2016 will also help you pick the best format for your PivotTables!

PivotCharts

PivotCharts are another great way to add visualizations to your data. You will first need a PivotTable to create a chart. Now, your PivotTable will behave like a PivotChart. When you change the information in your PivotTable, the PivotChart will also reflect this change. The PivotTable is connected to the PivotChart.

That’s it for now! For more information on using Excel 2016 like a Pro, feel free to contact the Microsoft Experts at {company}! {phone} {email}

Microsoft Is Calling Every Single User For Feedback

Are you an expert at using Microsoft products? Microsoft wants to hear from you — and wants to make your feedback part of an update — but first, they need to know what you think. How can they find out?

Microsoft Feedback

How often do you use a Microsoft product? Are you a daily Microsoft Word user? Is your primary email client Microsoft Outlook? What about SharePoint? The list goes on (Teams, Flow, you get the idea). And those are just the software products! Maybe you have a Surface Book, too? Or a Surface Book 2?!

One of the great things about Microsoft is they love user feedback. Software updates are often based entirely on suggestions from users on what features they’d like to see, what improvements can be made, and how to make daily use easier for users in general. The main goal is to increase efficiency with the Microsoft product while increasing productivity at the end user perspective. This is a win-win-(win). That last “win” was in parentheses because it’s silent – Microsoft sees increased dependence and therefore long-term customer loyalty, which translates into an ongoing revenue stream. That’s understandable.

What’s often less clear is how Microsoft tries to collect user feedback. No, they don’t really call users at home. Well, actually, they might – but in this case, the most effective way to communicate a suggested feature is through the Microsoft Excel Community, a forum of over 16,000 members in which to communicate about all things Microsoft Excel. If you’re in search of a feature, this is the place to peruse. Formula got you flummoxed? Need help with a pesky pivot table? Is a macro making you crazy? You’re most likely to find your answers here. The best part is that this community has super users, and we don’t mean users who wear capes. One such super user has over 400 posts, and these users can be found under “Experts” – a clear indicator they know what they’re talking about in Microsoft Excel!

There is also an active Blog, where Microsoft posts content about Excel. Content ranges from posts aimed at beginners, like how to use general features for newbies, to content focusing on new features released to satisfy the needs of super users (“experts”). These Blog posts are great for deeper insights and step-by-step instructional processes, but the forums are the better space for finding tips and suggestions for specific needs.

Microsoft loves to hear from users about what’s working and what can be improved and encourages engagement through a custom portal on their Community page. Roughly halfway down this page, on the right-hand side, users will see a vivid green box — the green will be instantly recognizable as “Excel” green — with “Submit your ideas”. Clicking on this will open a dialogue menu for users to submit as a digital version of a suggestion box.

Trust us when we say, Microsoft listens. This is their way around getting you on the phone for a personal interview. Recent updates have been made that actually result from feedback in this manner. Users can submit ideas, and other users can “vote up” suggestions. The recent features that have been added to Microsoft Excel have gotten anywhere between 200 to over 1,000 votes from users supporting the suggestion. This is one of the most effective ways to communicate directly with Microsoft – because they’re watching this forum closely.

Stalker Level: Microsoft

Based on user feedback, Microsoft recently updated Excel to include features expanding the use of foreign languages. Before the update, users would attempt to import a CSV file that included text strips that did not contain traditional Latin characters, like Arabic. Users would then get an error message that this information would be lost in the text encoding process upon opening the file. Users affected by situations like this need no longer worry as CSV UTF-8 file formatting is now permitted.

  • This error dialogue used to pop up all the time in situations like this, no matter how many times a user followed the same process. Excel now allows you to select “Don’t Show Again” to disable this warning for the same user. But even if a user only accidentally clicks the “Don’t Show Again” option, this can be toggled on again. Microsoft is trying to allow users to cater their Excel experience to their custom preferences, and it’s starting to show.

Another feature that came into existence through user feedback via the Community is the improved pivot table experience. Users can now alter pivot table settings and then establish these as the default settings for pivot tables at the user level. No more re-formatting pivot tables with each file! Users can even create a pivot table in a new worksheet and import the settings from the existing table data, to save time. Microsoft realized how big of a time saver this would be, and jumped at the opportunity to satisfy a huge community user base with this update.

A cool feature Microsoft just released for Excel Online is an improved search experience. Remember when you would open the “Find” dialogue box, enter your search parameter, and then Excel would show you the next location? And then to find the next location, you had to repeat the process? Well – good news! The search window no longer disappears with each search query. BONUS: users can search within the pivot experience, as well! These filters work on Excel Online just like in the desktop version.

When Microsoft makes an update to any of their products, the goal is to improve efficiency and productivity, as already stated. That’s why they began including the Quick Access icons in the toolbar at the top of the application window several versions of Microsoft Office ago.

  • Did you know the Quick Access toolbar is customizable? Users can change the icons that live in this section, at the very top of the document window. This is where your magical “undo” button is, by default. If you select the drop-down arrow just to the right of the last icon, there is a short list of actions you can include, and an option for “More” under these. Imagine the possibilities!

Microsoft also likes to share lesser-known features with users to make sure they are getting the most out of their Microsoft products. One of their recently-highlighted features was the Document Location Information, where users can toggle on the ability to see the full address for the location of a file, should the user need to access the file, perhaps for sharing.

  • One cool workaround for file sharing is that you can click on the icon next to the file name at the very top of the window on the desktop version and use a drag-and-drop feature this way to attach a file to an email or to cloud storage platforms.

Visit the Community to check out all the top features that are packed into Microsoft Excel to see how to simplify your day-to-day tasks, automate reporting processes, and improve overall efficiency. And remember – if you think of something else, tell Microsoft. You never know, the next Microsoft Excel feature that gets announced may be your suggestion!

How Much Is Your Life Worth?

With cybersecurity efforts increasing and becoming more sophisticated in approach, cybercriminals are resorting to extreme tactics. What measures can you take to protect yourself and your identity?

Healthcare Technology

Healthcare is a hot topic these days. Costs are skyrocketing, and fewer skilled workers are entering the medical profession. There are often more questions than answers to any health situation. Time can be critical and limited to successfully diagnose a patient and begin treatment, and the care process is expedited with increased risks from this hurrying.

To get a clear picture of the patient as a whole, medical professionals ask for a full patient history before treatment, including vaccinations, surgeries, allergies, and other pertinent details for the current situation. This is all incredibly helpful for both the patient and the provider. Doctors rely on transparency and communication to diagnose and treat.

All of this information is stored in a patient “chart”. The word “chart” is not as applicable today as it was 20 years ago, when folders or binders with prongs and dividers, etc., held paper copies of test results, physician notes, reports, and anything related to a patient’s health, as well as medical history forms and basic information forms filled out by the patient with personal information like full name, address, and contact details.

A recent trend, begun in the last decade, is the conversion of this data to electronic records. The brilliance of this transition is the ability for a provider to access a patient’s medical records and information from any location – especially in case of an emergency. Gone are the days when a doctor will need to request a patient’s chart from another provider to aid in making a diagnosis and care action plan, possibly delaying treatment for a week or more. The ability to access electronic health records gives care providers a wealth of patient records at their fingertips for more accurate diagnoses and treatment plans and expediting care.

As with anything digitally maintained and transmitted, security is a concern. The healthcare industry seems always to be playing catch-up since its very nature is reactive. Preventive medicine is the ultimate goal, but predicting illnesses like sinus infections or the flu is a near-insurmountable challenge. Patients can minimize the likelihood of symptoms and risks with daily multivitamins, a balanced diet, moderate exercise, and maintaining optimal conditions, like taking an antihistamine for allergies in the case of preventing a sinus infection. Preventing the flu comes down to environmental factors, like ample hand washing and clean surroundings – and, of course, getting your vaccination (the “flu shot”) each year.

Healthcare technology has focused on advancements in diagnosis and treatment rather than recordkeeping and billing, and as such the industry lags behind others, like banking, retail, and entertainment. Unfortunately, the combination of struggling technology and personally identifiable information (PII) speaks to a weakness in cybersecurity. It’s vulnerabilities like these that cybercriminals — hackers — seek to exploit for personal gain.

Why would hackers target medical offices or hospitals for health records? For the same reasons, hackers target any cybersecurity vulnerability: to exploit a weakness for personal gain. Stop and think for just a moment what your health records contain. Aside from your home address, forms likely include your employer, your social security number, the names and details of your family members, and very personal information that someone else could use to completely duplicate your life for illicit purposes.

Have you ever had your credit card used for a fraudulent transaction? Have you ever had your bank account compromised? Have you ever been notified that your personal information was affected by a security breach? These are all fundamental elements of identity theft, but in each situation, there is a credible party whose responsibility it was to protect you and your information with a security guarantee. Think back to what we said about healthcare technology. If security breaches can happen to financial institutions, where maximum cybersecurity protocols are deemed essential for day-to-day operations, it’s scary to think of healthcare data being electronically stored. You can change your bank, and a credit card company can re-issue you a card with a new number to protect your account, but you can’t exactly just change your medical records. It’s a scary thought.

One major issue causing the healthcare industry to lag when it comes to cybersecurity is that professionals in the medical field are focused on technology primarily as it relates to healthcare. Those in charge of records and billing tend to have representation in smaller numbers than doctors, nurses, and others that provide patient care – since the purpose of their profession is patient-centric. The industry has yet to fully carve out a niche for top IT talent, much less define their role. The added complication is that healthcare professionals by their very nature must share information with each other about patients to serve in the patients’ best interest. Comparing this to financial institutions isn’t an apples-to-apples comparison since banks keep information securely buttoned up, leaving healthcare IT professionals to explore completely new territory and make up the rules as they go along.

So, what is your life worth to hackers? Did you know your health information can be used to fraudulently obtain prescriptions that are then sold on the black market at a significant profit? The inherent value of this type of information is much higher than the value of a single credit card number with accompanying information. Some reports say that the value of a patient’s health record is exponentially higher than the value of an active and usable credit card number, and this number can’t be truly measured financially until we know more about how the information is used – and isn’t something we hope to be able to determine.

The cost impact of cybersecurity breaches grows each year, and new players are targets due to their lack of experience. The newness of electronic health records compared to the established processes of other tech players translates into confusion and communication challenges and a resistance to change – a “deadly” combination for the life of a patient. Medical professionals are open to change when it comes to the medical field, but much of the processes for patient data and payments haven’t changed in decades. Dated networks and systems are one hurdle; economic considerations and budget allocations are another. The financial impact of simultaneous updates for staffing and systems, and the confusion by the many changes potentially occurring together only add to the complications. Are you picturing a medical office with all the nurses and staff bumping into each other, running into walls, dropping instruments, and just chaos in general? That is a bit extreme – but you get the idea. Now imagine if a hacker suddenly blocks access to all of these medical records until a fee is paid to release the records – a cyber attack with ransomware. Not a huge deal if someone needs treatment for that sinus infection or a flu shot, but imagine if this impacts a dialysis treatment for failing kidneys, or chemotherapy treatment for cancer, or worse.

All of this reinforces the need for the healthcare industry to get up to speed – now. What can you do to bring your practice up to speed? Take the first step today!

Problems with Two-Factor Authentication in Office 365?

We noticed that some people are having problems using Microsoft Office 365 with two-factor authentication (2FA) (also known as multi-factor authentication).

Office 365 Two Factor Authentication

 

We have a few tips for you here.

First: It’s important to know that when your admin sets up 2FA for your Office 365 users, they must enable Modern Authentication (MA) for Exchange Online if users are accessing Exchange using Outlook 2016. (The versions of Microsoft Outlook before 2013 don’t support Modern Authentication.)  For details on how to enable MA for Exchange Online tenants, see Enable Modern Authentication in Exchange Online.

Second: You shouldn’t have any problem using 2FA with Microsoft’s mobile Office apps, Outlook Groups, Office 2016 desktop apps, and OneDrive for Business in Windows 10. However, other applications may be incompatible, so make sure you test all the apps in your organization before enabling 2FA.

How to Connect to Office 365 Security & Compliance Center PowerShell Using 2FA.

If you set up 2FA for tenant administrator accounts, they can’t sign in to Office 365 using PowerShell. Instead, you must set up a specialized account for administrators. To do this, you must install the Exchange Online Remote PowerShell Module and use the Connect-IPPSSession cmdlet to connect to Security & Compliance Center PowerShell.

Important note from Microsoft: You can’t use the Exchange Online Remote PowerShell Module to connect to Exchange Online PowerShell and Security & Compliance Center PowerShell in the same session (window). You need to use separate sessions of the Exchange Online Remote PowerShell Module.

This is what Microsoft recommends you do:

  1. Open the Exchange admin center (EAC) for your Exchange Online. See Exchange admin center in Exchange Online.
  2. In the EAC, go to HybridSetup and click the appropriate Configure button to download the Exchange Online Remote PowerShell Module for multi-factor authentication.
  3. In the Application Install window that opens, click Install.

Windows Remote Management (WinRM) on your computer should allow authentication by default. If basic authentication is disabled, you’ll get an error message. Now you should be able to sign into the Security & Compliance Center PowerShell by using 2FA.

After you sign in, the Security & Compliance Center cmdlets will be imported into your Exchange Online Remote PowerShell Module session and tracked by a progress bar. If you don’t receive any errors, you’ve done this successfully.

If not, and you receive errors, check the following requirements:

  • Limit your open remote PowerShell connections to three. This prevents denial-of-service (DoS) attacks.
  • Make sure the account you connect to the Security & Compliance Center is enabled for remote PowerShell. For more information, see Enable or disable access to Exchange Online PowerShell.
  • The TCP port 80 traffic must be open between your local computer and Office 365. It may not be if your organization has a restrictive Internet access policy.

How to Enable 2FA in the Office 365 Admin Portal

Two-factor authentication (multi-factor authentication) can be enabled for individual users or in bulk. Before continuing, be sure to install Microsoft Authenticator on your user’s mobile devices, (not Authenticator, a similar app from Microsoft but without support for push notifications).  Here’s what Microsoft says to do to enable 2FA one user at a time:

  • Log in to the Office 365 admin portal using an administrator account.
  • In the menu on the left of the portal, expand Users and Active users.
  • In the list of users, click the user for which you want to enable 2FA. Note that only licensed users can use 2FA.
  • In the user’s pane, click Manage multi-factor authentication under More settings.
  • On the multi-factor authentication screen, select the user account to enable, and then click Enable under quick steps on the right.
  • In the About enabling multi-factor auth dialog box, click enable multi-factor auth.

The MULTI-FACTOR AUTH STATUS should change to Enabled. Close the browser window and sign out of the admin portal.  

How to Enroll an Account for 2FA

Once the feature is enabled, the user must now enroll for 2FA, and sign into Office 365 with their username and password, and then click Set it up now on the sign in screen and follow Microsoft’s instructions below:

  • On the Additional security verification screen, select Mobile app
  • Select Receive notifications for verification
  • Click Set up
  • Open the Microsoft Authenticator app on your phone and click Scan Barcode.
  • Use the camera on your phone to scan the barcode in the Configure mobile app You’ll then need to wait a couple of seconds while the app activates the new account.
  • Click Finished in the browser window.
  • Back on the Additional security verification screen, click Contact me.

The user will receive a notification on their phone. They should open it, and they’ll be taken to the Microsoft Authenticator app.

  • Click Verify to complete the sign-in process.
  • Click Close in the Microsoft Authentication app.
  • In the browser window, they must enter a number to receive verification codes in case they lose access to the Microsoft Authenticator app and click Next.

Web-based and mobile apps can use Microsoft Authenticator app verifications for 2FA logins, but Office desktop apps require an app password.

This final step provides the user with an app password for these apps.

  • They should copy the app password by clicking the copy icon to the right of the password and paste it somewhere safe. Click Finished.
  • They’ll be prompted to sign in again, this time by verifying the login using the Microsoft Authenticator app.

Important note from Microsoft:  If you want to use only Multi-Factor Authentication for Office 365, don’t create a Multi-Factor Authentication provider in the Azure Management Portal and link it to a directory. Doing so will take you from Multi-Factor Authentication for Office 365 to the paid version of Multi-Factor Authentication.

We hope this helps. It can be complicated to implement the proper settings for two-factor authentication in Microsoft Office 365.  If you have any problems doing this, feel free to contact our Microsoft Experts.

Are You Playing The Internet’s Latest Game Of Cops And Robbers?

Make no mistake – if you show the slightest bit of weakness around a bully, they will pounce. The Internet is no different, with hackers just waiting for a cybersecurity vulnerability to seize their opportunity.

Internet Crime

 The latest form of cyberterrorism to take root and have explosive growth is incredibly dangerous. Forget about Trojan horse viruses and identity theft — well, not really, those are still a threat — but the hot topic today is cryptocurrency mining. This phrase is used in reports and articles all over the Internet, but what it means can vary.

  • Cryptocurrency is an alternative currency in a digital format that is uncontrolled by a financial authority where the authority determines the supply and value. The most widely-known type of cryptocurrency is bitcoin. The decentralized nature of cryptocurrencies is what makes them so appealing to cybercriminals, but also what makes the industry minimally regulated.

Have you ever had a virus on your computer or smartphone? We know that pain. They range from annoying to debilitating and are time-consuming to eradicate. What’s worse is when we connect our smartphones via charging cable to a computer, and we allow access to our smartphone, we run the risk of inadvertently allowing the virus to transfer. Can we ever win?

  • In 2017, a version of malware for cryptocurrency mining targeting Android devices was discovered and proved its effectiveness of physically damage a mobile device.

Why are we talking about cryptocurrencies and viruses at the same time? Because you’d be amazed at what lengths cybercriminals — hackers — will go to accomplish their goal. Have you ever heard of ransomware? It’s a type of malicious software, “malware”, and sometimes more advanced malware is involved where the victim’s files are encrypted using code deployed by the hacker, called cryptoviral extortion. These all function the same as a basic virus, where an executable program is planted on a user’s computer with the intention of restricting user access in some way. With ransomware, to remove this restriction and regain access, the user is prompted to pay whatever fee the hacker demands — their “ransom” — otherwise the user’s data is blocked entirely and permanently. This type of extortion is being used more commonly in cryptocurrency mining.

  • Cryptocurrency mining uses specialized software programs to automate the process of solving complex math problems in exchange for a small amount of cryptocurrency.

How is this possible? We mentioned that the beauty of cryptocurrency mining is in automation. A cybercriminal gains access to a computer — without the knowledge or permission of the computer’s owner — and installs the software that runs the mining file(s). Has this ever happened to you? But…would you even realize it?

How do cybercriminals access a computer to fulfill their devious plan? Through dark and devious means in a dimly-lit basement at a desk filled with candy wrappers and empty cans of energy drinks? This isn’t a Hollywood film – it’s much more likely the cybercriminal is at a coffee shop or somewhere benign. They could be next door, across town, or around the globe from the computer that they’re hacking. While proximity isn’t meaningless, it’s far less necessary than it once was. The Internet has made consumers that much more vulnerable, and that much more valuable to a hacker. The sad reality is that the devices most consumers use to access the Internet — either wireless routers or networks lacking sophisticated means of protection — are the most common culprit. Most consumers don’t realize how important it is to established layered levels of cybersecurity protection at their home, nor do they understand how to go about protecting themselves adequately. This is something best left to the experts – especially if you need to establish this protection in your office, and it’s your business!

Still wondering why a hacker targets a personal computer for cryptocurrency mining? The answer is money. We can look at this from a few different perspectives.

  • Using someone else’s computer, a hacker doesn’t need to worry about overhead, like:
    • Reliable power and resulting power bill.
    • The purchase and maintenance of the expensive hardware needed to process the thousands of complex problems that generate the cryptocurrency, though fractional portions with each solution.
  • Hacking into many computers offers the chance to increase the amount of cryptocurrency generated in the same time frame from multiple sources.
    • When one option is eliminated, another option replaces it quickly, so a hacker avoids “downtime”.
  • The goal of any hacker varies, but when it comes to cryptocurrency mining, the goal is to make money. The next step in a natural progressing — one born of greed — is to hold the hacked device hostage for ransom.

The terms “cyberterrorism” and “cyberespionage” are just fancy ways of redefining a hacking situation that is getting uglier each year. The more sophisticated any cybersecurity network is, personal or professional, the more sophisticated hackers need to become in response. Adversely, the more vulnerable a network is, the more attractive the victim is to a hacker, and the more expensive the situation the victim is likely to find themselves in – repeatedly.

The value of cryptocurrencies keeps increasing, as well. Bitcoin is valued around $9,000, meaning that the cost to buy one Bitcoin is $9,000. A newer cryptocurrency, Monero, has increased exponentially in its first year. The value of Monero is lower than that of Bitcoin, closer to $250, but its newness also makes it more discreet. There is also value in mining early. Consider the price of an ounce of gold; the weight does not change, but the value of an ounce does, so buying one ounce for $500 and keeping that ounce until the value of an ounce reaches $1,000 gives a greater return on investment It’s ironic to be reading about legal investments in the same spot as cryptoviral extortion – but it helps law-abiding citizens understand the mindset of the cybercriminal. More importantly, the process to mine these isn’t the point: where there is money to be made by little effort, those with a serious lack of ethics seize the moment. Cybercriminals are evolving with cryptocurrency paradigm shifts, including fileless miners.

  • Fileless cryptocurrency-mining malware is a newer mining method and involves deploying code into the victim’s system memory. This code is what activates the computer’s mining processes.

Yes, cybercriminals can now use wireless networks to access your computer and use your computer to mine cryptocurrencies without files. If a hacker can take over your computer entirely and require you to pay them real money to get your computer — and everything on that computer — back, how can you protect yourself?

Cybersecurity and protecting yourself isn’t just a case of setting a “really strong” password anymore. Some programs and platforms encourage — or even require — two-step verification processes for each login. The greatest advantage you can give yourself is teaming with the best cybersecurity partner and making all staff members aware of the risks. Let your trusted partner do what they do best — cybersecurity — and you can focus on what you do best: running your day-to-day operations.

Hiring an IT Company? Make Sure You Ask These 25 Essential Questions!

Selecting a company to maintain your technology is one of the most important decisions you can make for your business. You must find the most competent and reliable IT support provider in your area.

Hiring an IT Company

How do you know if the IT company you’re considering is right for your business?

Some technology companies call themselves the best, but they haven’t kept up their certifications. This is important because the latest certifications validate the skills that their techs learned in their training. With all the cyber threats and new IT solutions today, it’s critical that your IT provider is up to date on their skills.

Don’t just pick a company off the Internet because they’re the closest one to you. Do your research to find out if they are truly qualified to protect your data and meet your organization’s unique IT needs.

The following are some key questions that you should ask any IT provider you’re considering for your business.

  • What are your staff’s qualifications and certifications?
    The right IT company should be able to provide you with information regarding the certifications held by their staff and relay how these will meet your needs.
  • How long have you been providing technology services? They should have a minimum of three years of experience in the service, support, and solutions you require.
  • What Partner Certifications and Technical Specialties do you hold? Ask, for example, if they are certified on Apple devices and Microsoft solutions. Also, ask if they can provide you the latest hardware and software products at the best price.
  • Do you require continuous training of your IT techs? This is the only way to ensure technicians have the most recent certifications.
  • What industries have you worked in?
    Find out if they’ve worked in industries similar to yours. If not, determine if the work they’ve performed for others aligns with your needs.
  • How well do you understand the business applications we use?
    Your business may have specially-built applications to handle needed workflows. Your IT provider should understand how your business technology works and be able to support it.
  • How large is your IT company?
    If they are a small company, you’re more likely to be high on their priority list. However, larger IT companies typically offer a broad knowledge base and capabilities. Plus, their available resources may be more expansive. You must weigh the benefits of each and decide which is best for your business.
  • What kind of customer service can we expect? Do they offer 24/7 service with a live person on the other end of your call, chat or email? Is their help desk staff qualified to address your issues immediately?  If they can’t resolve your problems over the phone or online, how long will it take for a tech to visit your business?
  • Is your onsite service response time backed by a written Service Level Agreement (SLA)? A certified, professional IT company will put what they offer in writing. They should offer managed services with service-level guarantees. What is their “on-time” guarantee? Their SLA should include this as well as information about how you’ll be compensated if they continually show up late, or if they don’t meet the standards detailed in the SLA.
  • What is and isn’t covered by your service contract?In addition to what they do provide, find out what they don’t.  Do they provide fixed-fee services? Are there extra costs, and if so, what are they? Avoid using IT companies that are only interested in fixing what breaks and selling you equipment.  You deserve an IT partner who will work diligently to give you and your employees an IT infrastructure that is secure, reliable, and enhances productivity.
  • Do you offer outsourced CIO Services? Having an Outsourced CIO means your technology will meet your business needs now and into the future. Their CIO should be able to:
  • Develop an understanding of your business and technology infrastructure.
  • Provide recommendations for IT solutions that will promote your success and grow with your business.
  • Construct a Strategic Plan that aligns with your budget.
  • Conduct ongoing evaluations and provide IT performance metrics on a monthly basis.
  • Will you monitor our IT system around the clock? This prevents downtime because they will detect problems early before anything fails.
  • What security services do you offer? How will you protect my interests?Cybercrime is on the rise, and your data must be safeguarded. They must provide up-to-date cybersecurity solutions to protect your computers and network from unauthorized access, malware, phishing, viruses and other forms of cybercrime.
  • Can you monitor our network for cyber intrusions and threats? With all the security incidents today, 24/7 security monitoring is essential.
  • Do you provide Mobile Device Management? When you or your employees use your laptops, tablets or smartphones for business outside of your workplace, they are vulnerable to theft and malware from public Wi-Fi and more. You need the assurance that your data can be remotely wiped from any device if necessary.
  • Do you perform Risk Analyses and Vulnerability Assessments? Your business may require this to stay compliant with government or industry regulations. Plus, this will detect any “holes” in your computer and network security that hackers can take advantage of.
  • Do you provide Backup and Recovery Solutions? You need both an onsite removable backup solution and an offsite one (in the Cloud) to ensure you will have access to your data if it’s stolen, corrupted, accidentally deleted, or damaged due to a flood, fire or another emergency.
  • What’s included in your Disaster Recovery Plan?
    This is extremely important. Be sure to ask about site visits and audits to estimate the recovery time and the impact of a potential failure. Do they have a reliable process in place? How often do they test the disaster recovery plan? Is their staff knowledgeable and ready to react under the worst possible conditions? Also, make sure they can regularly provide the results of disaster recovery tests.
  • Will you provide ongoing Security Awareness Training for our employees? Cybercriminals are constantly developing new techniques to trick your users into downloading malware or releasing confidential information and credentials. It’s critical to conduct recurring and updated security training to ensure your employees recognize these threats and know what to do to prevent exposing your data.
  • Will your IT professionals communicate with our staff in “plain English?” They should be able to relay information in a way you and your employees can comprehend.
  • How do you stay informed about evolving technologies? Do they attend industry events to update their skillsets?
  • Will you migrate us to the Cloud and help us understand how to use cloud solutions? Make sure your IT provider can help you and your employees understand the Cloud, it’s benefits and risks. They should be able to help you find the right cloud services for your unique business needs.
  • Can you offer us different types of cloud solutions? Do they provide:
    • A Public Cloud, so you can securely share space with other clients?
    • A Private Cloud that is dedicated only to your use?
    • A Hybrid Cloud which is a combination of a private and public cloud?
  • How much will cloud migration cost? Migrating your workflows and data to the cloud can provide many benefits, including cost savings, and increased productivity. However, you should ask how much cloud migration will cost, including associated expenses such as maintenance and support.
  • Do you have any case studies or testimonials from existing clients that I can read? Can I contact them? Would you hire a new employee without checking their references? Of course not. So, you should do so with your IT provider. Contact some of their existing clients to find out what you need to know.

 

From Unaware Interns To Evil Executives: How To Say Sayonara With Skill

It’s never easy to terminate an employee. The skill of firing with flair is a sensitive but necessary process that everyone should learn!

Firing an employee

It happens to the best of us. We post an advertisement for an available position on job boards across the Internet. We scour through the thousands (and thousands) of submitted resumes. We painstakingly choose the best candidates (on paper) to bring in for an interview, and we try to pose the questions that should result in the most thought-provoking and inspired responses, giving us the deepest insight into their soul – in about 30 minutes or less. We thank each interviewee dutifully for their time, wonder if we’ll get the perfunctory thank-you note or if their manners will go remiss, and try to decide who makes the cut and gets the job offer. Fast forward to the day we discover the candidate doesn’t stack up to the promises made during the hiring and onboarding process – and it’s time for the HR team to tactfully terminate.

We’ve all been there. The goal is always to build a team that is dedicated, loyal, and earnest – but too many times we encounter flaws with one of these characteristics, and the relationship is no longer, as the saying goes, mutually beneficial. Is your termination process thorough? What steps do you need to take to protect yourself and your business from retaliation in preparation before a potentially hostile departure? Read on to cover all your bases, but leave the exit details to the HR team.

First Things First

Once you have a full grasp of the outstanding projects and deadlines that still need to be met, you can move on to the most pressing matters.

Access: All login credentials

  • For global enterprises, there are large IT teams that oversee just logins and passwords alone – but since you’re reading this, you don’t work for IBM or Apple with a department of staff dedicated solely to current credential maintenance.
    • Network
      • Most organizations require a username and password to access anything related to the organization itself: email, file storage, etc. and this is the first of many credentials that should be addressed to ensure swift and secure measures to protect the company after a termination.
    • Email
      • First, change the password. The terminated party likely has their work email on their smartphone and thus can access their email immediately upon departure from the office. This offers the chance for damage or sabotage, such as deleting emails from their inbox or sending damaging emails to contacts.
      • Maintain the email account by having another party monitor incoming messages. Consider setting up an auto-reply feature to notify senders to the recipient that further communications should be directed to another email address for attention in the future.
      • One task that tends to be overlooked in the immediacy of a departure is the removal of the terminated party from internal distribution lists and notifications.
      • Lastly, if the individual has suspected termination was imminent, they may have deleted emails before the action taking place. There is a brief window when email recovery is still possible, but the standard time frame is 30 days.
    • VPN or remote access
      • If your company allows remote network access, likely through a Virtual Private Network (VPN) or a service like LogMeIn, a team member likely only needs to have this access set up one time and store their login and password at the remote point of access. The simplest way to prevent future access with this is by changing the affected password. If a platform like LogMeIn is the primary connection method, the administrator will need to be the one to change the user’s access settings.
    • Intranet
      • Typically, an organization uses an Intranet portal to store internal communications or Human Resources information like health insurance details, company directories, staff handbooks, forms and processes, office calendars and holiday schedules, and any other pertinent documentation related to operations. Access removal or password change to a network will often serve to prevent further access to this area, but a quick verification of settings here is still wise.
    • Cloud Storage
      • To prevent anyone from accessing files after termination, and for similar reasons as above – sabotage or deletion – change any access passwords for this portal. It’s very likely that proprietary information on projects, clients, or other sensitive information is stored here.
      • If termination is pending for an individual, it’s wise to preemptively make a back-up of these files and store them elsewhere for later access.
      • If your company uses cloud providers like Dropbox for Business, Microsoft OneNote or SharePoint, your administrator will need to lock the account for security, likely by resetting the password.
    • Data Recovery
      • Files
        • If after the termination and departure is complete you notice files are missing and suspect deletion, time is critical for data recovery.

What else can you do?

Aside from the items listed above, any organization should take every precaution possible to protect themselves in any situation. At some point, a termination is inevitable, and proper handling of the process can be what defines the outcome.

  • Enact security protocols that limit or prevent the use of external devices like hard drives or thumb drives.
  • Prevent team members from removing any proprietary data from the premises. This is almost impossible in the case of a distributed workforce, but you can require all files to be stored in a central repository to minimize risk.
  • It’s worth taking the time to review the terminated party’s outgoing email in “Sent Items” to verify if any messages were forwarded to a personal email address.
  • It’s always challenging to decide if a note to other team members is a good idea, alerting staff to the departure of an individual. Privacy policies typically protect the terminated party, and a perfunctory statement of “Sally Smith is no longer with the company as of April 1, 2018. We wish her well in future endeavors. Any questions, concerns, or communications may be directed to her supervisor, Billy Boss, moving forward” or something very similar, so long as it’s kept generic.

Handling a termination is never easy. The most important aspect of any termination is to protect the company – it sounds harsh, but it’s a fact. Preventing someone who is being fired from stealing information and using it to damage a company or sabotage a brand or person is a challenging task.

With the proper processes in place, anyone can minimize the risk to the company, ensuring survival after saying sayonara!

My IT is Compliant, So I Guess That Means It’s Secure, Right?

Short answer? No. Despite what you may have been led to believe, there’s a big difference between compliance and security.

Compliance and Regulations

IT compliance and security are not the same. IT Security refers to the best practices and IT solutions used to protect your technology assets, information, and data. It’s the process of implementing specific measures and systems that are designed to protect and safeguard your information. The right IT Security Plan utilizes various forms of technology based on your business’ unique needs to store and exchange data while preventing unauthorized access or improper disclosure.

Compliance refers to regulations imposed by a government, industry or regulatory entity to protect users’ confidential, private information. Examples of these standards include HIPAA, PCI, FINRA, and SOX.

Your IT can be compliant but not secure. “Why is this?” Compliance is a point-in-time snapshot assessment of your technology proving that you meet a minimum standard of security. You can be compliant one day, and not the next (although, you wouldn’t want this to happen).

Plus, IT compliance standards change predictably and slowly over time. These standards provide minimum guidelines for the amount and type of data protection required. IT security, on the other hand, is in a constant state of flux due to the ever-evolving, and more sophisticated cyber threats that appear on the IT landscape. Hackers are innovative and skilled at developing ways to steal your data. What happens is that compliance regulations don’t always keep up with these threats. Some require security protections and others don’t.

The main difference between compliance and security is that IT compliance is measured against prescribed controls, where IT security is defined by the ability to respond to and protect against cyber threats. IT security measures and techniques protect your data, users, networks, and assets from cybercriminals, hackers or other malicious threats.

Unfortunately, some businesses function with the bare minimum of IT security solutions they need to remain compliant. They check to make sure they meet the specific IT compliance requirements and think their data is secure when it’s not. This is a recipe for disaster. Cybercrime is growing at an explosive pace. If you restrict your defenses to only what you need to be compliant, your data and business could be at risk. To ensure IT security, your business needs a comprehensive approach to protection. The good news is that if your IT is secure, you’ll likely be compliant.

“How do I ensure IT Security?” It’s always best to consult with an IT Managed Services Provider who can assess your unique requirements and establish an IT Security Plan with a holistic, layered approach. Make sure that your provider includes the following in your IT Security Plan:

24/7 Remote IT Management and Monitoring to detect threats and block them before they affect your security posture. This includes applying patches via the cloud in real time.  

A Firewall Solution that continuously mitigates cyber-threat intrusions. This will filter the data in transit (data that comes in and leaves your network) by checking packets of information for malicious threats like Trojan viruses and worms, and other forms of malware that can steal or lock up your data. It’s best to use GEO IP Filtering whenever possible, and use a next-generation firewall with perimeter malware protection.

An Up-to-Date Antivirus Solution. Even though firewalls are an excellent source of protection from viruses, they can’t do everything. You also need an antivirus solution that constantly scans your computers to detect suspicious files, isolate and delete them before they infect your system.

A Data Encryption Solution that obfuscates data that’s stored or in transit to prevent others from accessing or reading it. The proliferation of cyber espionage has led to the need for encryption to protect your sensitive data and intellectual property from prying eyes.

A Web-Filtering Solution. This routes web traffic and applies security-filtering policies to protect your computers, laptops, and tablets from malware, botnets, and phishing.

Regular Backups Make sure you always have reliable backups of your data both onsite in a device you can unplug and take with you in case of a disaster, and offsite in a secure cloud so you can retrieve your data remotely if necessary.

Ensure Your Mobile Devices Are Secure. With the proliferation of Bring Your Own Device (BYOD) policies, your business requires secure mobile device solutions that protect your data whether it’s deployed across multiple mobile service providers or on a variety of mobile operating systems. Mobile Device Management provides for remote wiping of data if your mobile devices are lost or stolen.

Security Awareness Training for Your Employees. This should be a formalized training on the latest threats and how to mitigate them. Security Awareness Training for your employees will reduce the risk to your organization’s data and IT systems and limit the chance of a data breach. Some compliance regulations specify the need for Security Awareness Training including HIPAA, PCI DSS, SOX, and FISMA.

Vulnerability Audits to identify security gaps in your computers, network, or communications infrastructure and develop appropriate mitigation countermeasures to protect them.

Penetration Testing. This is an analysis that focuses on where security resources are needed most. When accompanied with Vulnerability Audits they locate the weakest links in your network, identify and document weaknesses in your security, and remove them. Independent Penetration Testing and Vulnerability Audits will help you meet regulatory compliance standards like HIPAA, FINRA and PCI DSS.

Ongoing Updates to your Operating Systems and Software. Whenever there’s an opportunity to update, it’s important to do so. Rather than worrying about this yourself, your IT Managed Services Provider can include this responsibility in your overall IT Security Plan. This will safeguard your system from debilitating cyber attacks and keep your IT system running at peak performance.

There will always be overlaps between compliance and security guidelines but remember that IT security provides a more extensive assurance than IT compliance alone. For help with the unique IT security requirements your business faces, contact a certified IT Managed Service Provider in your area and ask for an assessment of your entire IT network.

Having Problems with Two-Factor Authentication for Office 365?

We noticed that some people are having problems using Microsoft Office 365 with two-factor authentication (2FA) (also known as multi-factor authentication).

Office 365 Two Factor Authentication

We have a few tips for you here.

First: It’s important to know that when your admin sets up 2FA for your Office 365 users, they must enable Modern Authentication (MA) for Exchange Online if users are accessing Exchange using Outlook 2016. (The versions of Microsoft Outlook before 2013 don’t support Modern Authentication.)  For details on how to enable MA for Exchange Online tenants, see Enable Modern Authentication in Exchange Online.

Second: You shouldn’t have any problem using 2FA with Microsoft’s mobile Office apps, Outlook Groups, Office 2016 desktop apps, and OneDrive for Business in Windows 10. However, other applications may be incompatible, so make sure you test all the apps in your organization before enabling 2FA.

How to Connect to Office 365 Security & Compliance Center PowerShell Using 2FA.

If you set up 2FA for tenant administrator accounts, they can’t sign in to Office 365 using PowerShell. Instead, you must set up a specialized account for administrators. To do this, you must install the Exchange Online Remote PowerShell Module and use the Connect-IPPSSession cmdlet to connect to Security & Compliance Center PowerShell.

Important note from Microsoft: You can’t use the Exchange Online Remote PowerShell Module to connect to Exchange Online PowerShell and Security & Compliance Center PowerShell in the same session (window). You need to use separate sessions of the Exchange Online Remote PowerShell Module.

This is what Microsoft recommends you do:

  1. Open the Exchange admin center (EAC) for your Exchange Online. See Exchange admin center in Exchange Online.
  2. In the EAC, go to HybridSetup and click the appropriate Configure button to download the Exchange Online Remote PowerShell Module for multi-factor authentication.
  3. In the Application Install window that opens, click Install.

Windows Remote Management (WinRM) on your computer should allow authentication by default. If basic authentication is disabled, you’ll get an error message. Now you should be able to sign into the Security & Compliance Center PowerShell by using 2FA.

After you sign in, the Security & Compliance Center cmdlets will be imported into your Exchange Online Remote PowerShell Module session and tracked by a progress bar. If you don’t receive any errors, you’ve done this successfully.

If not, and you receive errors, check the following requirements:

  • Limit your open remote PowerShell connections to three. This prevents denial-of-service (DoS) attacks.
  • Make sure the account you connect to the Security & Compliance Center is enabled for remote PowerShell. For more information, see Enable or disable access to Exchange Online PowerShell.
  • The TCP port 80 traffic must be open between your local computer and Office 365. It may not be if your organization has a restrictive Internet access policy.

How to Enable 2FA in the Office 365 Admin Portal

Two-factor authentication (multi-factor authentication) can be enabled for individual users or in bulk. Before continuing, be sure to install Microsoft Authenticator on your user’s mobile devices, (not Authenticator, a similar app from Microsoft but without support for push notifications).  Here’s what Microsoft says to do to enable 2FA one user at a time:

  • Log in to the Office 365 admin portal using an administrator account.
  • In the menu on the left of the portal, expand Users and Active users.
  • In the list of users, click the user for which you want to enable 2FA. Note that only licensed users can use 2FA.
  • In the user’s pane, click Manage multi-factor authentication under More settings.
  • On the multi-factor authentication screen, select the user account to enable, and then click Enable under quick steps on the right.
  • In the About enabling multi-factor auth dialog box, click enable multi-factor auth.

The MULTI-FACTOR AUTH STATUS should change to Enabled. Close the browser window and sign out of the admin portal.  

How to Enroll an Account for 2FA

Once the feature is enabled, the user must now enroll for 2FA, and sign into Office 365 with their username and password, and then click Set it up now on the sign in screen and follow Microsoft’s instructions below:

  • On the Additional security verification screen, select Mobile app
  • Select Receive notifications for verification
  • Click Set up
  • Open the Microsoft Authenticator app on your phone and click Scan Barcode.
  • Use the camera on your phone to scan the barcode in the Configure mobile app You’ll then need to wait a couple of seconds while the app activates the new account.
  • Click Finished in the browser window.
  • Back on the Additional security verification screen, click Contact me.

The user will receive a notification on their phone. They should open it, and they’ll be taken to the Microsoft Authenticator app.

  • Click Verify to complete the sign-in process.
  • Click Close in the Microsoft Authentication app.
  • In the browser window, they must enter a number to receive verification codes in case they lose access to the Microsoft Authenticator app and click Next.

Web-based and mobile apps can use Microsoft Authenticator app verifications for 2FA logins, but Office desktop apps require an app password.

This final step provides the user with an app password for these apps.

  • They should copy the app password by clicking the copy icon to the right of the password and paste it somewhere safe. Click Finished.
  • They’ll be prompted to sign in again, this time by verifying the login using the Microsoft Authenticator app.

Important note from Microsoft:  If you want to use only Multi-Factor Authentication for Office 365, don’t create a Multi-Factor Authentication provider in the Azure Management Portal and link it to a directory. Doing so will take you from Multi-Factor Authentication for Office 365 to the paid version of Multi-Factor Authentication.

We hope this helps. It can be complicated to implement the proper settings for two-factor authentication in Microsoft Office 365.  If you have any problems doing this, feel free to contact the Microsoft Experts at Alltek Services in Central Florida at http://www.alltekservices.com or call 863.709.0709.