The Hottest New Self-Awareness Craze That You Need To Try

Sure, yoga teaches the flexibility that is key to adapting to your surroundings. But in practicing daily self-awareness, the saying “A team is only as good as its weakest player” is rarely truer than in the world of cybersecurity. How does your team stack up?

Cyber Attacks

Target knows. Sony knows. Ashley Madison definitely knows. That’s the bad thing – an organization may only realize how strong — or weak — their cybersecurity position is once there is a successful cyberattack. The nature of the attack doesn’t matter, nor does the overall effect. The damage is done, and the organization goes into clean-up mode. In the days immediately following, the phrase heard most is “How did this happen” when the real question should be “How can we prevent this from happening again”?

Subtlety isn’t the goal of a hacker, nor is it their strongest attribute. The modus operandi of any hacker is singular: find a cybersecurity vulnerability and exploit to their advantage. The rest doesn’t matter. You likely disagree, but we think you’ll realize this is exactly the case. After all, we want to help you beef up your security and prevent a vulnerability rather than shift into defensive mode upon clean-up from an attack. The latter is going to shift your focus for up to a year of reactivity, while a little extra focus now will prolong your proactive position. An ounce of prevention is worth a pound of cure, especially in this type of situation.

At the most basic level, your organization’s cybersecurity is based on your team’s awareness level – which can easily be assessed and addressed in training. Data breaches caused by hackers are one thing, but the simplest way for a hacker to gain access is by finding a weak link – a human operator – and using sneaky tricks to exploit weakness from that angle. A hacker can use pretty low-tech approaches in this way, like phishing.

Does your cybersecurity awareness training still include exercises and tips on old-fashioned tricks like phishing? It’s amazing the simple tactics some of these hackers will resort to – but the reason is that these tricks still work on us. A 2017 study by Google reported that phishing was still one of the most effective tactics used for hacking a user account.

  • Phishing is the practice of sending emails pretending to be from a reputable company, like Google or Apple, to get recipients to reveal personal information like passwords to the sender.

Perhaps it’s because we don’t see ourselves as targets anymore, thinking hackers only target the “big fish” for the bigger reward – a unique tactic called “whaling” – but the reality is that everyone is a target There are no exceptions. Any computer user can be an access point for a cyberattacker because any computer can serve a greater purpose for a cybercriminal.

  • Why does phishing still work? Because we let it. We start to shift our focus to the newer or more sophisticated methods hackers use, and we don’t maintain vigilance on the basic approaches in cybersecurity awareness training.

One click is sometimes all it takes to turn a user into a victim – and for a hacker to wreak havoc on a network. One click can lead to a malware installation, identity theft, or worse, ransomware. That click could cost an organization into the millions of dollars.

  • Ransomware is like a virus, where a hacker accesses a computer or network and places a file or code that blocks user access, and requires the user to pay money – a ransom – to the cyberattacker to regain access to the computer or network.

Remember when we said all it takes is one click? It’s true. In 2017, hackers sent emails to staff at Chipotle and managed to trick someone into one click, compromising the point-of-sale (POS) machines at locations that enabled the hackers to gain access to the credit card data of millions of customers. The worst part is that even end users who are in the tech industry have been tricked; Google and Facebook have both been affected to the tune of $100 million each because of successful phishing attempts.

  • Did you know that some companies hire former (“rehabilitated”) cybercriminals as cybersecurity specialists – true experts – to help mold technology teams in charge of cybersecurity and oversee cybersecurity awareness training programs? These are probably among the most solid and effective programs in existence!

One way organizations have used to test the awareness of their team is by executing an internal phishing campaign. This is a campaign where the company has total control of the phishing attempt but tests the staff to see where the weaknesses are. The results only help improve overall training and cybersecurity.

This approach is wildly successful in getting an accurate picture of your team’s awareness. Who fails the test? How far will some employees allow a hacker to get before realizing they are being phished? Where does your training lack focus that the attempt was successful?

A few things to keep in mind with this approach:

  • While internal phishing campaigns are helpful, don’t shift your training focus to only weaknesses discovered in this process.
  • Be careful not to call out any one particular team member or access point; the goal isn’t to embarrass team members but to improve your team’s awareness overall.
  • Don’t aim for only those team members you consider to be the weakest when it comes to cybersecurity knowledge; you’d be surprised at where an organization may discover vulnerabilities
    • On this note, it’s helpful to provide one-on-one level training catering to these team members, but you can still do so as a company by offering exercises aimed at specific weaknesses without placing blame.
  • Keep the phishing exercise as realistic as possible, so the teachable moments that result are valid and credible

When your exercises and training give you enough insight to update your training, keep the training outline simple with a few target areas that are comprehensive enough to be thorough but straightforward enough to be digestible:

  • Form a baseline for where your team is currently, regarding cybersecurity awareness.
  • Devise goals for where your team should be, and target dates to achieve these goals.
  • Outline a plan to meet these deadlines.
  • Develop a maintenance process for ongoing support.

Organizations can also take steps to protect themselves internally, too. Limit access to all computer equipment to authorized personnel only, install up-to-date antivirus software at each workstation and update all programs on a regular basis – especially security updates. Having a contingency plan in place for any vulnerabilities might seem like overkill, but it never hurts to be prepared.

Self-awareness is just the first step in achieving the ultimate level of cybersecurity protection – don’t wait until an attack happens before you start defending yourself and your organization!

Are We Learning Anything From All These Cyber Attacks?

So many big, expensive cyber attacks have taken place in the last few years that it’s hard to remember them all – when will we learn our lesson?

Cyber Attacks

Cyber attacks are common ground these days. There was the Chase Bank breach of 2014, which exposed the financial information of 76 million Chase customers. This attack was set to target 10 major financial institutions in total, but only one other company reported that data had been stolen. This company was Fidelity Investments. Though the attack caused serious repercussions for Chase Bank, the damage could have been much worse. Four hackers (two from Israel) were eventually arrested.

Hacking Isn’t Just About Stealing Data

In the Sony Pictures data breach of 2014, over 100 terabytes of data was stolen by North Korea. This attack was about more than just getting the personal information of consumers. The attack occurred because of a movie that Sony Pictures was set to release called “The Interview”.

The movie, starring Seth Rogen and James Franco, was a fictional story about two journalists who go to North Korea to interview Kim Jung Un. The two men actually work for the CIA and are planning to assassinate the very well-known but unpopular leader. It was believed that North Korea’s leader ordered the cyber attack on Sony Pictures to show his displeasure and disapproval of the film. In addition to the personal information of Sony executives and other employees, hundreds of photos and emails were released to the public. These highly personal items caused a massive amount of embarrassment to Sony’s top executives.

No One Is Safe from Hackers

Proving that no one is immune from cyber hackers, Equifax, one of the nation’s largest credit reporting agencies, was infiltrated by hackers in mid-2017. The company estimated that approximately 143 Americans were affected. In addition, an unknown number of consumers from Canada and the UK were affected by this breach.  Were there any signs that an enormous data breach like this might occur?

A report issued in October of 2017 by Motherboard, found that Equifax had certain vulnerabilities due to an online portal created for employees. Researchers discovered that the Equifax website was highly susceptible to a basic forced browsing bug. A researcher from Motherboard said that he didn’t even have to do anything special to infiltrate the system. It was far too easy to get in.

“All you had to do was put in a search term and get millions of results, just instantly—in cleartext, through a web app,” the researcher said.

In spite of this information being available to Equifax, it took them six months to close the portal and shut down these vulnerabilities. In this day and age, it’s unthinkable that organizations as sophisticated as Equifax might be so lax in their data security.

The Final Cost of Cyber Breaches

Target Stores lost millions of dollars when they had to reimburse customers for their losses after their 2013 data breach. In addition to that, a class action lawsuit was settled for roughly $10 million. As if that wasn’t enough, 20-30 percent of Target shoppers said they were worried about shopping online at Target stores after the breach.

Are We More Vulnerable Than We Believe?

Many data security experts believe that cyber weaknesses like this are far more common than the public believes. In an era when everyone should be fully aware and taking every precaution to prevent a data breach, numerous large corporations remain at risk.

After all is said and done, most people would expect any organization that has experienced a cyber theft to drastically improve their cybersecurity. Large, expensive data breaches leave an organization open to legal action, plus they’re embarrassing. Consumers say that they are less likely to do business with any company that has been a victim of a cyber breach.

But has that really happened? A new study performed by CyberArk reveals that 46 percent of all companies who have experienced a cyber breach have not substantially updated their security policies.

This failure to learn from past mistakes has the public truly baffled. In some cases, IT professionals have been interviewed and asked why they haven’t greatly improved their cybersecurity. Over 30 percent of these pros said that they did not believe it was possible to prevent all cyber-attacks. This indicates that even security experts aren’t sure what to do to stop future attacks from occurring. But, should we simply make the decision not do anything at all?

New Report Sheds Light on the Problem

A 2018 report from CyberArk called, “Global Advanced Threat Landscape Report”, indicates that at least half of all businesses and organizations have only taken the basic security measures required by law. Though their public relations department may say they are taking every precaution to protect customer data, this is probably not true. In addition, 36 percent of respondents in the report said that administrative credentials were currently being stored in Excel or Word docs. These documents would be easy to obtain by any hacker with average skills.

The Global Advanced Threat Landscape Report also reveals that the number of users with administrative privileges has jumped from 62 percent to 87 percent over the past few years. This points to the fact that many companies are opting for employee convenience over data security best practices. This is an alarming statistic given the soaring cost of cyber breaches.

Moving Into the Future with Better Cyber Security

The new AT&T Global State of Cybersecurity highlights many of the critical gaps that remain in our cybersecurity strategies. IT infrastructure and critical data must be fully protected, including credentials and security answer keys. In most organizations, those in higher positions are given greater access and authority to online data and this equates to heightened risks of a cyber breach.

According to Alex Thurber, Senior Vice President and General Manager of Mobility Solutions, “If 2017 has taught us anything, it is that every device needs to be secured because any vulnerability will be found and exploited”.

The company is set to sign a deal with Punkt Tronics to install better security on smartphones, Blackberry devices, and other electronic devices. With consumers spending more and more time browsing on their cell phones, all mobile carriers are searching for ways to better protect their customers from hacking.

What Consumers Can Do

A great increase in the sale of anti-virus software and password managers demonstrates a strong resolve by consumers to incorporate stronger security measures into their everyday lives. Innovative technology is producing a new generation of security software that combines threat defense techniques and other more conventional means of cybersecurity. Though some of these techniques are having an impact, experts believe there’s much more to be done.

As our society becomes more aware and more prepared, even stronger security for IT systems will be developed. Until then, security experts urge the public to be more cautious about clicking on links. Employees at any company need regularly scheduled security meetings where they are educated and reminded to utilize best practices when using smartphones and computers. All programs should be updated regularly with software updates and fixes to known bugs. Create difficult passwords and change them every 90 days. These are just a few of the ways that consumers can stay safe while surfing on the internet.

Tired of Sending Marketing Emails That Go in the “Trash”?

Here Are The 10 Things You’re Doing Wrong

Email Marketing

Email is a very effective marketing tool. However, it’s also tough to execute properly. If you don’t plan correctly, understand what you’re doing wrong and how to remedy this, you’re simply wasting your time and money.

You aren’t getting new subscribers.

If you can’t entice new subscribers, you are simply spinning your wheels. Without an ever-increasing pool of subscribers, your open rates will suffer. If you want to grow your email list, you must clearly state the benefits of subscribing to it. Clearly state what you can offer, and how you can address people’s concerns. Your prospects need to know why they should sign on. Consider offering something for free that you believe will be of value to them like a free trial, sample product or document with relevant information.

Your subscribers keep leaving.

The best way to ensure that your current subscribers stay with you is by sending out relevant emails to the right audience. You must correctly identify your target audiences and segment your email list accordingly – this way you can address the various pain points for different subscribers. By segmenting your list, you can not only retain more subscribers but increase your click-through rates as well. All too often, an email strategy is more focused on the company’s needs rather than the customers’. Receiving too many irrelevant emails is the main reason subscribers opt out. If you want to keep subscribers, stay focused on your target audience and their needs, rather than yours.

Your email subject lines aren’t eye-catching.

This is one of the biggest challenges you’ll face. People are overwhelmed with the amount of email they receive and will only open the messages that catch their eye. You must grab their attention in the subject line. Craft a message that is short and to the point. Personalizing the message in your subject line and keeping your message to fewer than 30 characters should help. A carefully written subject line will entice recipients to read the rest of your email.

You’re understaffed.

Performance always suffers when resources are limited. If you’re understaffed and “burning the midnight oil” just to stay afloat, your quality will suffer. Streamline your email process and look for bottlenecks and obstacles that slow your workflow. Take advantage of software automation tools that help your email team design and code emails more quickly. If necessary, you may need to hire more staffers, both full-time and part-time, or contract with freelancers. Freelancers can also offer expertise that your team may lack.

Your deliverability suffers.

You may have the best emails and subject lines, but if they are being sent to the junk inbox, you’re doomed to failure. Your emails must get through any spam filters. When your deliverability rate suffers, you can get blocked altogether by Internet Service Providers (ISPs). How do you fix this? Don’t use spam words in your subject lines. Phrases such as “make money,” “earn cash,” “save $” will go directly to spam mail. And, of course, ensure that your prospects’ email addresses are accurate. Consider asking people who visit your website to re-confirm their email address when signing on to your list. This way you can make sure you have their correct email address from the start.

You need a new ESP.

You need an Email Service Provider that works for you. Some focus more on larger enterprises or certain verticals like e-commerce. You need an ESP that fits your brand. Try using more than one to see if this is the problem. Measure your success rates with each one. You can employ analytics tracking with multiple ESPs. Some businesses use up to four different ones to increase the odds that their emails will be delivered. Use the ones that provide you the best rates for delivery.

You need to cull your list.

You may need to remove contacts that have been inactive for a long time or those who never open your emails or go to your website. If you know that a lot of the emails on your list are no longer active, delete them. They just cost you money. You must maintain your list. You can also do this by letting subscribers manage their preferences (to opt-out if they want). Set up a way for them to change their communication preferences like what kind of information they want to receive or how often they want to receive them. This helps to build the sense of trust that they require to stay with you.

Your team is sabotaging your efforts.

You may be doing everything right, but other departments aren’t. If customer service is lacking, you’re sure to lose subscribers. If your website or mobile application isn’t easy to use, subscribers will get frustrated and go to a competitor. Keeping customers happy requires teamwork. Get together regularly with other departments in your company to share experiences, concerns, successes, and insights. Ensure your team members are onboard with your email strategy, measure your results and work together to fix what’s broken. Set up read-only access to your marketing emails for team members so they’re kept apprised. Everyone must be on the same page and working in unison.

You’re not measuring results and adjusting your strategy accordingly.

Measuring the performance of email campaigns is imperative. Unless you know what works and what doesn’t, you’re leaving money on the table. Implement a closed-loop marketing strategy to achieve the results you’re looking for. This means following a subscriber from the initial point of contact to their conversion as a paying customer. Be sure to leverage the available data from your ESP and feed your data back to them to get more visibility into your results. When making adjustments based on data, do so in increments and prioritize your changes. This way you can continue to measure the results of your changes one by one until you get it right.

You aren’t using the right process.

Not having a plan will make your job so much more difficult. Your email process should be designed to speed up your email production and improve quality control. You need an extensive pre-sending plan. Here’s one to go by. You fill in the blanks according to your goals.

  1. Plan your marketing strategy
  2. Collect data on your target audience
  3. Construct your database
  4. Define your email plan
  5. Define your content
  6. Setup your emails
  7. Send your emails
  8. Measure your results

Goal setting is crucial to your email marketing success. It will help to guide the direction of your campaign, make it easier for you to measure results, and increase the odds that you’ll ultimately succeed in the end.

Microsoft Is Calling Every Single User For Feedback

Are you an expert at using Microsoft products? Microsoft wants to hear from you — and wants to make your feedback part of an update — but first, they need to know what you think. How can they find out?

Microsoft Feedback

How often do you use a Microsoft product? Are you a daily Microsoft Word user? Is your primary email client Microsoft Outlook? What about SharePoint? The list goes on (Teams, Flow, you get the idea). And those are just the software products! Maybe you have a Surface Book, too? Or a Surface Book 2?!

One of the great things about Microsoft is they love user feedback. Software updates are often based entirely on suggestions from users on what features they’d like to see, what improvements can be made, and how to make daily use easier for users in general. The main goal is to increase efficiency with the Microsoft product while increasing productivity at the end user perspective. This is a win-win-(win). That last “win” was in parentheses because it’s silent – Microsoft sees increased dependence and therefore long-term customer loyalty, which translates into an ongoing revenue stream. That’s understandable.

What’s often less clear is how Microsoft tries to collect user feedback. No, they don’t really call users at home. Well, actually, they might – but in this case, the most effective way to communicate a suggested feature is through the Microsoft Excel Community, a forum of over 16,000 members in which to communicate about all things Microsoft Excel. If you’re in search of a feature, this is the place to peruse. Formula got you flummoxed? Need help with a pesky pivot table? Is a macro making you crazy? You’re most likely to find your answers here. The best part is that this community has super users, and we don’t mean users who wear capes. One such super user has over 400 posts, and these users can be found under “Experts” – a clear indicator they know what they’re talking about in Microsoft Excel!

There is also an active Blog, where Microsoft posts content about Excel. Content ranges from posts aimed at beginners, like how to use general features for newbies, to content focusing on new features released to satisfy the needs of super users (“experts”). These Blog posts are great for deeper insights and step-by-step instructional processes, but the forums are the better space for finding tips and suggestions for specific needs.

Microsoft loves to hear from users about what’s working and what can be improved and encourages engagement through a custom portal on their Community page. Roughly halfway down this page, on the right-hand side, users will see a vivid green box — the green will be instantly recognizable as “Excel” green — with “Submit your ideas”. Clicking on this will open a dialogue menu for users to submit as a digital version of a suggestion box.

Trust us when we say, Microsoft listens. This is their way around getting you on the phone for a personal interview. Recent updates have been made that actually result from feedback in this manner. Users can submit ideas, and other users can “vote up” suggestions. The recent features that have been added to Microsoft Excel have gotten anywhere between 200 to over 1,000 votes from users supporting the suggestion. This is one of the most effective ways to communicate directly with Microsoft – because they’re watching this forum closely.

Stalker Level: Microsoft

Based on user feedback, Microsoft recently updated Excel to include features expanding the use of foreign languages. Before the update, users would attempt to import a CSV file that included text strips that did not contain traditional Latin characters, like Arabic. Users would then get an error message that this information would be lost in the text encoding process upon opening the file. Users affected by situations like this need no longer worry as CSV UTF-8 file formatting is now permitted.

  • This error dialogue used to pop up all the time in situations like this, no matter how many times a user followed the same process. Excel now allows you to select “Don’t Show Again” to disable this warning for the same user. But even if a user only accidentally clicks the “Don’t Show Again” option, this can be toggled on again. Microsoft is trying to allow users to cater their Excel experience to their custom preferences, and it’s starting to show.

Another feature that came into existence through user feedback via the Community is the improved pivot table experience. Users can now alter pivot table settings and then establish these as the default settings for pivot tables at the user level. No more re-formatting pivot tables with each file! Users can even create a pivot table in a new worksheet and import the settings from the existing table data, to save time. Microsoft realized how big of a time saver this would be, and jumped at the opportunity to satisfy a huge community user base with this update.

A cool feature Microsoft just released for Excel Online is an improved search experience. Remember when you would open the “Find” dialogue box, enter your search parameter, and then Excel would show you the next location? And then to find the next location, you had to repeat the process? Well – good news! The search window no longer disappears with each search query. BONUS: users can search within the pivot experience, as well! These filters work on Excel Online just like in the desktop version.

When Microsoft makes an update to any of their products, the goal is to improve efficiency and productivity, as already stated. That’s why they began including the Quick Access icons in the toolbar at the top of the application window several versions of Microsoft Office ago.

  • Did you know the Quick Access toolbar is customizable? Users can change the icons that live in this section, at the very top of the document window. This is where your magical “undo” button is, by default. If you select the drop-down arrow just to the right of the last icon, there is a short list of actions you can include, and an option for “More” under these. Imagine the possibilities!

Microsoft also likes to share lesser-known features with users to make sure they are getting the most out of their Microsoft products. One of their recently-highlighted features was the Document Location Information, where users can toggle on the ability to see the full address for the location of a file, should the user need to access the file, perhaps for sharing.

  • One cool workaround for file sharing is that you can click on the icon next to the file name at the very top of the window on the desktop version and use a drag-and-drop feature this way to attach a file to an email or to cloud storage platforms.

Visit the Community to check out all the top features that are packed into Microsoft Excel to see how to simplify your day-to-day tasks, automate reporting processes, and improve overall efficiency. And remember – if you think of something else, tell Microsoft. You never know, the next Microsoft Excel feature that gets announced may be your suggestion!

Problems with Two-Factor Authentication in Office 365?

We noticed that some people are having problems using Microsoft Office 365 with two-factor authentication (2FA) (also known as multi-factor authentication).

Office 365 Two Factor Authentication

 

We have a few tips for you here.

First: It’s important to know that when your admin sets up 2FA for your Office 365 users, they must enable Modern Authentication (MA) for Exchange Online if users are accessing Exchange using Outlook 2016. (The versions of Microsoft Outlook before 2013 don’t support Modern Authentication.)  For details on how to enable MA for Exchange Online tenants, see Enable Modern Authentication in Exchange Online.

Second: You shouldn’t have any problem using 2FA with Microsoft’s mobile Office apps, Outlook Groups, Office 2016 desktop apps, and OneDrive for Business in Windows 10. However, other applications may be incompatible, so make sure you test all the apps in your organization before enabling 2FA.

How to Connect to Office 365 Security & Compliance Center PowerShell Using 2FA.

If you set up 2FA for tenant administrator accounts, they can’t sign in to Office 365 using PowerShell. Instead, you must set up a specialized account for administrators. To do this, you must install the Exchange Online Remote PowerShell Module and use the Connect-IPPSSession cmdlet to connect to Security & Compliance Center PowerShell.

Important note from Microsoft: You can’t use the Exchange Online Remote PowerShell Module to connect to Exchange Online PowerShell and Security & Compliance Center PowerShell in the same session (window). You need to use separate sessions of the Exchange Online Remote PowerShell Module.

This is what Microsoft recommends you do:

  1. Open the Exchange admin center (EAC) for your Exchange Online. See Exchange admin center in Exchange Online.
  2. In the EAC, go to HybridSetup and click the appropriate Configure button to download the Exchange Online Remote PowerShell Module for multi-factor authentication.
  3. In the Application Install window that opens, click Install.

Windows Remote Management (WinRM) on your computer should allow authentication by default. If basic authentication is disabled, you’ll get an error message. Now you should be able to sign into the Security & Compliance Center PowerShell by using 2FA.

After you sign in, the Security & Compliance Center cmdlets will be imported into your Exchange Online Remote PowerShell Module session and tracked by a progress bar. If you don’t receive any errors, you’ve done this successfully.

If not, and you receive errors, check the following requirements:

  • Limit your open remote PowerShell connections to three. This prevents denial-of-service (DoS) attacks.
  • Make sure the account you connect to the Security & Compliance Center is enabled for remote PowerShell. For more information, see Enable or disable access to Exchange Online PowerShell.
  • The TCP port 80 traffic must be open between your local computer and Office 365. It may not be if your organization has a restrictive Internet access policy.

How to Enable 2FA in the Office 365 Admin Portal

Two-factor authentication (multi-factor authentication) can be enabled for individual users or in bulk. Before continuing, be sure to install Microsoft Authenticator on your user’s mobile devices, (not Authenticator, a similar app from Microsoft but without support for push notifications).  Here’s what Microsoft says to do to enable 2FA one user at a time:

  • Log in to the Office 365 admin portal using an administrator account.
  • In the menu on the left of the portal, expand Users and Active users.
  • In the list of users, click the user for which you want to enable 2FA. Note that only licensed users can use 2FA.
  • In the user’s pane, click Manage multi-factor authentication under More settings.
  • On the multi-factor authentication screen, select the user account to enable, and then click Enable under quick steps on the right.
  • In the About enabling multi-factor auth dialog box, click enable multi-factor auth.

The MULTI-FACTOR AUTH STATUS should change to Enabled. Close the browser window and sign out of the admin portal.  

How to Enroll an Account for 2FA

Once the feature is enabled, the user must now enroll for 2FA, and sign into Office 365 with their username and password, and then click Set it up now on the sign in screen and follow Microsoft’s instructions below:

  • On the Additional security verification screen, select Mobile app
  • Select Receive notifications for verification
  • Click Set up
  • Open the Microsoft Authenticator app on your phone and click Scan Barcode.
  • Use the camera on your phone to scan the barcode in the Configure mobile app You’ll then need to wait a couple of seconds while the app activates the new account.
  • Click Finished in the browser window.
  • Back on the Additional security verification screen, click Contact me.

The user will receive a notification on their phone. They should open it, and they’ll be taken to the Microsoft Authenticator app.

  • Click Verify to complete the sign-in process.
  • Click Close in the Microsoft Authentication app.
  • In the browser window, they must enter a number to receive verification codes in case they lose access to the Microsoft Authenticator app and click Next.

Web-based and mobile apps can use Microsoft Authenticator app verifications for 2FA logins, but Office desktop apps require an app password.

This final step provides the user with an app password for these apps.

  • They should copy the app password by clicking the copy icon to the right of the password and paste it somewhere safe. Click Finished.
  • They’ll be prompted to sign in again, this time by verifying the login using the Microsoft Authenticator app.

Important note from Microsoft:  If you want to use only Multi-Factor Authentication for Office 365, don’t create a Multi-Factor Authentication provider in the Azure Management Portal and link it to a directory. Doing so will take you from Multi-Factor Authentication for Office 365 to the paid version of Multi-Factor Authentication.

We hope this helps. It can be complicated to implement the proper settings for two-factor authentication in Microsoft Office 365.  If you have any problems doing this, feel free to contact our Microsoft Experts.

Will The (Cloud) Storage Wars Draw Blood?

Modern professional relationships require digital processes, like email, collaborative software, and file sharing. The cloud has opened up incredible possibilities beyond imagination a mere decade ago, but which is the right choice?

Cloud Storage

The competition is seriously fierce in cloud storage. The Internet of Things has fueled a data addiction for which traditional storage can’t physically support. We love our devices – I mean, we are straight-up addicted to our smartphones, our iPads, our Kindle Fire tablets, all of them. And there’s a reason we back up our smartphone content: we’d be absolutely lost if we lost it. Our contacts, our notes, our apps, our calendars, and everything we depend on for day-to-day use is on that tiny computer. Where do you back up your data? It’s probably safe to assume there is a cloud location you connect to that saves your backed-up data. It’s safe to assume because we would overwhelm traditional storage options.

Traditional storage hasn’t been able to meet expectations and needs for performance, availability, management, or the cost impact in comparison to growing demand. Everyone has an opinion on who their favorite cloud storage solution is, and it’s usually one of the Big Three players in the cloud game: Dropbox, OneDrive, or Google Drive – and not in that order.

Technically speaking, the first cloud storage solutions launched well before today’s modern providers. Consumers had access in the early 1980’s through CompuServe, and AT&T launched a platform in the 1990’s to support small business solutions. Amazon Web Services introduced AWS S3, their cloud storage offering, in 2006 and functions as the storage provider for Dropbox, Pinterest, and many other large digital enterprises. The only thing that has changed is file size, file type – but mainly adoption.

Cloud storage is increasing in adoption for every professional environment – and is the only solution for distributed workforces! Managing resources for storage needs to be agile, and limited solutions also limit agility. The cloud is merely an accessible extension of your data storage center. Review your full data storage needs, and consider the advantages the cloud offers your business and daily operations.

When reviewing your cloud storage priorities, there are many issues that deserve a deeper consideration. Here is the “Top Ten” List we suggest using as a checklist, and in no particular order:

  • Cost
    • The financial impact of cloud storage is usually the first factor any business considers, but we disagree with this position. While your bottom line is critical to your overall operational budget, there is a multitude of factors that could have a greater impact on your day-to-day needs.
    • It’s surprising just how many decision-makers are surprised – and unprepared for – the expenses required to utilize cloud providers.
  • Sync Simplicity
    • If storing or backing up your data to a cloud solution is cumbersome, the likelihood of full adoption by your staff – and your clients, if applicable – will be a struggle, and result in decreased productivity and decreased reliability. You don’t have time for that!
  • Sync Speed
    • Just as with simplicity, speed is a factor with the ability to sync data quickly. As with any downtime, no one can afford reduced productivity due to Internet connection issues, and it’s an even larger issue if it’s due to your cloud storage provider.
  • Location
    • As they say in real estate, “Location, location, location”! Anyone who thinks it doesn’t matter where your data is stored physically is wrong. Wrong! Though there are too many reasons this matters to list, here are just a few:
    • Data stored in the U.S. is both protected by and susceptible to U.S. laws, like the Patriot Act and the Cyber Intelligence Sharing and Protection Act. Data stored in – or containing the information of – European Union nations are subject to protection by legislation passed by European Parliament enacting strict consumer data protection rules.
    • Facilities that physically house servers for cloud storage providers are just as open to impacts of weather and natural disasters as any other structure in that locale – and accessing your data will be subject to these conditions.
    • Is the physical security of the location a concern under any other circumstances?
  • Reliability and Access
    • Is the vendor reliable? The key players in the cloud storage game tend to be the best for valid reasons, but appropriate considerations, in this case, would be hardware failures, power disruptions, or even vendor disputes. Crazier things have happened.
  • Storage Capacity
    • How much data do you anticipate storing in the cloud? This is like trying to choose your favorite song. The answer changes on a regular basis, and most of the time there is no one singular answer. Obviously, you’ll want to choose a provider that is capable of offering you more storage than you think you’ll ever need, but you also don’t want to pay for storage you’re not using nor will you ever. It’s a delicate balance, and many providers allow for variable usage.
  • File Sharing
    • How many times have you attached a document to an email message, and tried to send it only to get the dreaded error message “File exceeds the maximum size of 25MB. Try removing an attachment and send again”? You are then faced with trying to reduce the file size (Word document into a PDF, etc.) or uploading the file into a cloud solution like Dropbox, Google Drive, or OneNote, and sharing the access URL instead.
  • Application Integrations
    • The number one request made by anyone accessing cloud storage and utilizing an application is to offer an intuitive user experience. Statistics show half of all users that abandon a cloud app do so due to integration issues, citing missed deadlines.
  • Support
    • If any issues arise, it’s critical that users achieve the needed help immediately from an adequately trained member of support team equipped with the right knowledge to resolve the situation.
  • Data Security
    • The cloud and data stored in cloud environments face risks, just like any other professional endeavor. A cloud storage provider that can guarantee against cybersecurity vulnerability and takes the greatest care in safeguarding your data is an excellent vendor and partner.

We’ve talked about what you need – now let’s talk about who can help you. Here is a fantastic detailed resource when comparing many of the cloud vendors at once, but let’s talk about the Big Three. The key players in the Cloud Storage Wars are Dropbox, Google Drive, and OneNote – and any one of these providers would valiantly battle to the bloody end for your business! There is a reason that these three are the best in the biz: they’ve earned their reputation with quality service, support, and every other item in the checklist.

  • Dropbox
    • Offers a free basic storage plan (2GB)
    • Paid plans and features cater to business customers
  • Google Drive
    • Offers a free basic storage plan: clarification, Google users have 15GB of free cloud storage – shared between Gmail, Google Photos, and Google Drive. If you get a ton of emails and don’t clean out your inbox often, that eats up your 15GB
    • Paid plans and features cater to business customers
  • OneNote
    • Offers a free basic storage plan (5GB)
    • Paid plans and features cater to business customers: Here is where it truly pays to use OneNote and be an Office 365 customer, as the paid plans are included with Office 365 subscriptions, either Personal or Home.

The ability to sync, share files and speed are all a focus of these teams, and the competition is pretty ruthless. In fact, Dropbox and Microsoft have formed a partnership to allow easier integration by making Office Online available to Dropbox users at no cost. Keep your friends close, and your enemies closer!

So, which provider is right for you? Only you can make that decision. Armed with this information and reviewing our checklist will hopefully help you make the right choice!