Ulistic Projects Blog

September 20, 2022October 7, 2022

Microsoft Teams Client Stores User Authentication Tokens in Unsecured Text Format

Key Points

A new Microsoft Teams exploit could allow attackers to access sensitive user data.
Microsoft Teams saves auth tokens as cleartext on Windows, Linux, and Mac computers.
Businesses can protect themselves from this exploit by taking some security precautions.

A security vulnerability has been discovered in Microsoft Teams that could allow an attacker to gain access to a user’s account and data. The issue lies in that Teams stores authentication tokens in cleartext, meaning that anyone with access to the application’s installation directory can easily steal them. This issue affects Windows, Mac, and Linux users.

Microsoft has acknowledged the flaw, but there is no indication that a patch will soon be released. In the meantime, users are advised to exercise caution when using the application and to avoid accessing it from untrusted devices or networks. It is also advised to avoid using the Microsoft Teams desktop client altogether until this issue has been fixed. Using the web client in a browser is a more secure option.

Security Alert: Microsoft Teams Vulnerability

The flaw was discovered by the cybersecurity firm Vectra. A Vectra team assisted a customer in removing a disabled account from the Teams settings. Upon further review, Vectra found public tokens that provided access to Skype and Outlook. Vectra determined that the access tokens were active and gave them access to the Outlook and Skype APIs.

The biggest concern is that this flaw could be exploited by malicious actors to steal Microsoft Teams authentication tokens. This would allow them to remotely log in as the user and bypass MFA, gaining full access to the account. Information thieves use similar methods to steal data from other applications, such as Google Chrome, Microsoft Edge, Mozilla Firefox, Discord, and many more. By using malicious extensions, they can collect user data and send it to remote servers without the user’s knowledge.

How Does the Exploit Work?

Microsoft Teams is a browser-based app that uses the Electron framework. This makes it easy to develop and use, but it is not as secure as other options since it doesn’t include features like encryption or protected file locations. Vectra found that Microsoft Teams stores access tokens in an ldb file, which is not as secure as other methods.

Microsoft requires users to be logged in to uninstall Teams, so Vectra began their research by reviewing the local account configuration data. The Vectra team intended to remove the links to the account they were logged into, but when they searched for the username in the application files, they found public tokens that provided access to Skype and Outlook. Every token they found was active and could grant access without the two-factor authentication process being enabled.

They also found that the “Cookies” folder contained valid authentication tokens, account information, session data, and marketing tags. To prove their concept, Vectra created an exploit that loads the SQLite engine into a local folder, uses it to scan Teams’ local storage for authentication, and then sends a high-priority message with its own token text to the user. This exploit would allow hackers to access sensitive user data without going through the proper channels.

Microsoft Responds to Flaw Discovery

Microsoft has responded to the discovery of a flaw in Microsoft Teams by stating the Vectra exploit “does not meet our immediate service requirements”. Microsoft believes that Vectra’s exploit will require other vulnerabilities to penetrate the network. Microsoft will consider releasing a fix that could be delivered as a future update. However, the software giant has not yet provided a timeline for when that might happen.

The Potential Implications of the Exploit

If left unpatched, this flaw could have major implications for users of Microsoft Teams. While phishing users with their own tokens is one of the potential attack vectors, it is not the only one. An attacker could also use this flaw to brute force their way into an account or carry out other actions that could lead to data loss or theft.

If the Microsoft Teams client is installed and used in its current state, anyone who does so will still have the credentials needed to do any action through the Teams user interface, even when Teams is turned off. Attackers could modify SharePoint files, Outlook mail, calendars, and Teams chat files. They could also carry out more damaging actions, such as selectively destroying data, hijacking communications, or engaging in targeted phishing attacks.

What Can Businesses Do to Protect Themselves?

Fortunately, some steps businesses can take to protect themselves from this exploit. First and foremost, it’s important to ensure that all users have unique passwords for each account they use. Additionally, businesses should consider implementing two-factor authentication for all accounts. Finally, businesses should keep their software up-to-date with the latest security patches. By taking these precautions, businesses can help mitigate the risk posed by this exploit.

Here are some additional security measures businesses can take:

Do not store sensitive information in Teams chat conversations
Monitor process activity for unusual command line arguments related to your chat application (in this case Microsoft Teams)
Implement network detection and response to quickly identify and block malicious traffic associated with lateral movement within your environment
Switch to the browser version of Teams

Vectra recommends using Microsoft Edge to load the app, providing additional protections against token leaks. If you’re a Linux user of the Microsoft Teams app, you may want to switch to the browser version or a different collaboration suite. This is because Microsoft has announced plans to stop supporting the app for Linux by December.

Final Thoughts

This exploit’s discovery highlights the importance of security in the business world. Businesses can help protect themselves from potential attacks by taking some simple precautions. However, it’s also important to stay up-to-date on the latest security threats so that you can be prepared if another exploit is discovered.

September 20, 2022September 29, 2022

Progressive Web App (PWA) Replaces Microsoft Teams Linux Client

Microsoft has announced that it will replace the Teams desktop client for Linux with a Progressive Web App (PWA) by December 2022. The company has not clarified when it will be offering the PWA, but it is expected to have it released before December.

The company released the Linux app for Teams in 2019. It has been serving the market for the last three years and is expected to retire for something better. This CLIENT will stop working when the new app comes into play.

Messages on the retirement of the desktop client were sent to Microsoft customers in late August in the Microsoft 365 message center notification MC412007. The company has not sent customers any other messages regarding the same. There has also been no news regarding the topic. However, given the nature of the communication, it is thought that the company is introducing a platform that it can use to provide additional features to its customers.

When Microsoft introduced the app in 2019, it touted it as a Microsoft 365 app for Linux desktops. It was distributed to the client in .rpm and . deb formats. However, most users complained that the app lacked parity with other clients, especially regarding the background effects for calls and meetings.

Over the last three years, the company has pushed various updates on the client. However, it has not impressed users as much as other Microsoft-based clients. The company may be looking for an app with which to provide feature parity and engage its customer base.

What Customers Did Not Like about Linux Teams Client

While the Microsoft Teams client has offered Linux users the ability to use Microsoft tools on Linux, it has several issues that make it less appealing. Here are some of them.

Slow and Buggy

Several customers complained that the client was slow and buggy, especially regarding video chatting. Some users had issues getting the mic and screen sharing problems to work in some browsers. Besides, the WebGL platform on which it was designed is unavailable on some browsers. The software fallback may take over 30 seconds to load, which is really slow compared to other streaming tools.

Meeting Numbers Came Late

The Teams Linux client invitation system was a problem until the company upgraded it late last year. Earlier, the URLs were gnarly and long, unlike other tools that use a meeting number. It also had a “context” feature that changed based on the person attending the video conference.

Besides, users couldn’t join as guests. They must sign up and use their names and email addresses when they are invited to a virtual meeting. This is very tasking for some users and may lead to issues like phishing and other scams.

Search and Export Features

Exporting or saving an active chat to a file is impossible. There is also a feature that allows you to copy and paste the entire chat for future reference. In addition, the client did not allow users to search within the current chat. These two features were only possible with the administrator. It means users cannot refer to the conversation they had earlier with the rest of the team or search for specific information.

Enter the Teams Web App

The Teams Webs app should be fully operational before the end of November. It promises to revolutionize interactions between Linux and Microsoft users. According to Microsoft, the Teams app contains rich features that enhance user experience.

Among the key features are background effects, gallery view, and reactions. Besides, the app bridges the gaps between the Teams client on Windows and the Linux platforms. Users can also raise their hands during meetings and notify the administrator. They can also blur their backgrounds, insert custom ones, and access all the client features in an easy-to-use layout.

Other great features of the app include a system notification for chat and channel dock icons, each with controls, an auto-start feature, access to system permissions, and the ability to search messages. The app interface has also been redesigned so users can easily access features. It is less crowded, and all the links to the major features are on the main page.

In addition, the company called the Teams PWA an evolution of its Linux web experience, which offers the best of the web with the key functions of any good client. It does not require any installation; it is lightweight and full of features.

How will the Announcement Affect You?

If you use or manage the Microsoft Teams Linux desktop client, you will be required to set up the Teams PWA or use the web app to continue conducting your business. Getting started with the new tool is easy, but you should consider doing it before the cutoff date for the current client.

This involves informing all the users of the change and having them switch to the new platform when it is available to the public. It is also good to try it while the other client is still available. This allows them to learn at their own pace before the alternative is removed.

Microsoft has yet to provide all the details required for a successful transformation. However, most people can already use the publicly available PWA. Once Microsoft publishes a detailed guideline, it will be easy for people to make the proper switch.

The Microsoft Teams PWA is only available on Chrome and Microsoft Edge. Other browsers cannot run it. It is expected that Microsoft will make the app available as a full app on Linux to make communication a lot easier. The company has a Team client for the Mac that is simple to use and has the same features as the Windows platform. It will be interesting to see what the company plans for the future now that there are several competing applications such as Meet and Zoom. All-in-all, the new platform is expected to be a lot better and provide an awesome user experience.

September 19, 2022October 12, 2022

How To Make Microsoft Teams Your Default For Meetings

How To Make Microsoft Teams Your Default For Meetings

Key Points

You can make Microsoft Teams your default application for online meetings by following a few simple steps in Outlook.
Changing your default settings will ensure that all your meetings are created in Teams.
Meet Now is another way to join a meeting without scheduling it in advance.

Microsoft Outlook is a great tool for managing your email, calendar, and contacts. However, many organizations prefer to use Microsoft Teams for online meetings. There are a few reasons why organizations prefer to make Teams their default for online meetings.

First, Teams offers a more robust set of features than Outlook. This includes video and audio conferencing, screen sharing, and instant messaging. Teams also integrate with other Microsoft products and services, making it a more comprehensive solution for online collaboration. Finally, Teams is designed specifically for online meetings, while Outlook is primarily an email application. Thankfully, making Teams your default application for online meetings is easy.

Here’s how to make the switch:

First, open Microsoft Outlook and click on the File tab. Next, click on the Options button in the left sidebar. Click on the Calendar tab at the top in the Outlook Options window. Then, under Calendar options, select the checkbox next to “Add online meeting to all meetings.” Once you’ve done that, make sure to save your changes.

When you create a new meeting in Outlook, it will automatically be created in Teams. Also, when you join a meeting scheduled in Outlook, you’ll be taken to the Teams app, where you can participate in the video or audio call. We highly recommend it if you’re not already using Microsoft Teams for your team’s communication needs. It’s a great way to stay organized and connected.

Create a Microsoft Teams Meeting From Outlook Calendar

If you’re using Microsoft Teams for your business communication needs, you may wonder how to schedule a meeting using the Outlook platform. The good news is that it’s easy to do!

Here’s how:

Open the Outlook calendar and click on the New Teams Meeting button.
Invite your attendees by adding their names or email addresses.
Add your meeting details, such as the subject, location, and start and end time.
Create your message.
When you’re finished, click on the Send button.

Your invitees will now receive an email with all the details about the Teams meeting. When it’s time to start the meeting, they can click on the email link to join. It’s that easy!

The Meet Now Feature in Microsoft Teams

Microsoft Teams has become one of the most popular business productivity apps in recent years. One of the key reasons for its success is its robust feature set, which includes a wide range of features designed to make it easier for team members to collaborate. Sometimes teams need to meet on short notice, and that’s where the Meet Now feature comes in.

The Meet Now feature in Teams allows users to start an impromptu meeting with just a few clicks. If you need to meet with someone immediately, you can simply click on the Meet Now button in the Teams app. This will start an audio or video call with the person or people you’re trying to reach. You can also use the Meet Now button to start a meeting with someone who isn’t already using Teams.

How to Use the Meet Now Feature

Click into the Calendar app with Microsoft Teams.
Click on the “Meet Now” icon in the top right-hand corner.
Click “Join Now” in the window that appears.
Invite others to join the meeting.
If you want to invite someone not currently using Teams, you can enter that person’s cell phone number.
To end the meeting, click on the “Hang Up” button.

The “Meet Now” feature in Microsoft Teams is an incredibly valuable tool for team members who need to collaborate on projects or tasks. It’s simple to use and makes it easy to stay in touch with other team members, even if they’re not part of your organization.

How to Make the Most of Microsoft Teams and the Meet Now Feature

If you are looking for a more engaging and efficient way to hold meetings, you should consider using Microsoft Teams. Teams can help you make the most of your meeting time with its many features and benefits.

Here are some tips on how to use Teams to its full potential once you make it your default for meetings:

Get everyone on board. Make sure that everyone who needs to be involved in the meeting is using Teams and understands how to use the Meet Now feature. This way, you can avoid any unnecessary frustration or confusion.
Make use of the various features. Teams offers many features that can make your meetings more efficient and effective. For example, you can use the screen-sharing feature to share documents or presentations with other meeting participants.
Take advantage of the chat feature. The chat feature in Teams can be used before, during, and after meetings to exchange messages and files. This can be a great way to stay connected with other team members and keep the meeting flowing smoothly.
Use the whiteboard feature. The whiteboard feature is a great way to brainstorm ideas or take notes during a meeting. You can also use it to share meeting minutes with other participants.
Use the recording feature. The recording feature in Teams allows you to record your meetings and save them later. This can be a great way to review what was discussed and ensure everyone is on the same page.

Following these tips, you can make the most of Microsoft Teams, and the Meet Now feature. This will help you hold more efficient and effective meetings, ultimately leading to better results for your team.

Final Thoughts

Microsoft Teams can be a great asset for any business. When you make it your default for meetings, you can take advantage of its many features and benefits to make your meetings more efficient and effective. Try these tips to get the most out of Teams, and the Meet Now feature. Your team will thank you for it!

September 19, 2022October 7, 2022

Data Classification Matters And Records Management

Why Data Classification Matters for Records Management Success

Key Points:

Records management (RM) is the administration of digital or paper records. It includes the creation, maintenance, and destruction of records.
RM aims to ensure that records are created and maintained to facilitate their retrieval and use while ensuring their authenticity, integrity, and reliability.
Data classification is a core component of records management. It organizes data into categories to manage it more effectively.

With the proliferation of electronic records, it is essential to classify and manage them in accordance with their value and legal requirements. Discussions surrounding records management and data classification often lead to debates. Stakeholders tend to have very different opinions on what should be done with an organization’s data and how that data should be managed. However, some general principles can help to guide these discussions and lead to more productive outcomes.

Records Management: A New Approach to an Old Problem

As the world becomes increasingly digital, organizations find that their traditional methods of managing paper records are no longer effective. As a result, many are turning to records management solutions that can help them manage both digital and paper records. Records management is not new, but it has changed how it is approached.

In the past, records management was often seen as a compliance issue. Organizations were required to keep certain records for a certain period, and they needed to ensure that those records were properly stored and maintained. While compliance is still an important part of records management, the focus has shifted to include a wider range of benefits.

Today, records management is seen as a way to improve efficiency, save money, and protect an organization’s data. By properly managing their records, organizations can reduce the storage space they need, make it easier to find and retrieve information, and ensure that their data is properly protected.

There are several benefits to implementing a records management solution, including:

Improved efficiency and productivity: A records management solution can help organizations more effectively manage their records, saving time and money.
Reduced risk: A records management solution can help organizations to reduce the risk of losing important records.
Compliance: A records management solution can help organizations to meet their legal and compliance obligations.
Improved decision making: A records management solution can help organizations to make better decisions by providing easy access to records.

To have an effective records management program, it is important to first establish a clear understanding of the organization’s data and its location. This can be difficult, as data is often spread across different departments and systems. Once the data has been identified, it needs to be classified into different categories. This will help to determine how the data should be managed and what level of protection it requires.

Once the data has been classified, it is important to establish management rules and procedures. These rules should be designed to ensure that the data is accessible when needed and protected from unauthorized access. The procedures should also be reviewed regularly to ensure they are still effective.

It is also important to plan how data will be disposed of when it is no longer needed. This plan should ensure that the data is securely destroyed and that no unauthorized access to the data is possible.

How Do I Get Started With Records Management?

There are four basic steps involved in getting started with records management:

Determine what type of system will work best for you. There are many different ways to organize your papers and documents, so take some time to explore your options and find what works best for you.
Identify which papers and documents need to be kept. Not everything needs to be saved forever, so it’s important to know what can be safely discarded and what needs to be kept long-term.
Store your papers and documents in a safe place. Once you’ve determined what needs to be kept, ensure it’s stored properly, so it doesn’t get lost or damaged.
Maintain your system on an ongoing basis. Implementing a records management system is not a one-time task; it’s something you’ll need to do on an ongoing basis as new papers and documents come in.

What Is Data Classification?

Data classification is organizing data into categories that can be used to manage the data more effectively. One of the most important aspects of data classification is determining how data should be categorized. Data classification schemes typically use a hierarchical structure to organize data.

However, there are many different ways to approach data classification. The best approach will vary depending on the type of data being classified and the goals of the classification scheme. In general, however, data classification schemes should be designed to meet the following criteria:

The categories should be clearly defined, so there is no ambiguity about what data belongs in each category.
The categories should be mutually exclusive so that each piece of data can only be classified into one category.

Workplace data can be classified into four primary categories: public, internal use only, confidential, and restricted.

Public data is information that can be accessed by anyone without restriction. This category includes information typically published by the organization, such as press releases, product descriptions, and marketing materials.
Internal use only data is information that is not intended for public release. This category includes employee records, financial data, and trade secrets.
Confidential data is information that must be kept secure and is only accessible to authorized individuals. This category includes supplier contracts, customer lists, and product development plans.
Restricted data is information subject to special restrictions, such as legal limitations on its use or disclosure. This category includes personal Identifiable Information (PII) and Health Insurance Portability and Accountability Act (HIPAA) data.

There is a reason why data classification is a critical component of effective records management. Without proper data classification, your records management efforts are likely to fail. Data classification provides a framework for understanding the value of data and how it should be protected. When data is properly classified, organizations can make informed decisions about how to store, manage, and dispose of data.

Increasing Records Management Compliance in Your Organization

Records management compliance is critical for any organization. Maintaining accurate records helps to ensure the safety and security of your business operations and protect your customers, employees, and other stakeholders.

There are several steps you can take to increase records management compliance in your organization, including:

Define your records management objectives and goals.
Implement policies and procedures for records management.
Educate employees on records management compliance.
Conduct regular audits of your records management system.
Implement technology solutions to automate records management.

Data governance is critical to the success of any organization. You must ensure that your organization complies with records management regulations and best practices. Implementing these practices can help safeguard your data and improve your bottom line.

Wrapping Up

When it comes to records management, there is no one size fits all solution. The best approach depends on the organization’s specific needs and the type of records being managed. Many different records management systems and software are available, so it is important to research to find the one that best suits your needs. Whatever system you choose, it is important to ensure that it is properly implemented and regularly reviewed to meet your organization’s needs.

September 19, 2022October 12, 2022

Will Your Cybersecurity Insurance Claim Be Denied?

Cybersecurity Insurance: Will Your Claim Be Denied?

Key Points:

Cybersecurity insurance is an important tool to help protect businesses from the financial costs of a data breach. Still, it’s important to understand your policy’s limitations and ensure you have the right coverage.
Not every cyberattack will be covered by insurance; in some cases, claims may be denied.
It’s important to keep up-to-date with regulation changes, work with your insurance broker or provider to ensure you have the right coverage, and understand the terms of your policy.
Proactive risk management practices are also important, as is having a plan in place in case of a data breach.

If you believe that every cybersecurity insurance claim will be approved, you may be surprised to learn that many claims are denied. When your insurance provider reviews your claim, they will assess your due diligence in maintaining cybersecurity for your organization. Your claim may be denied if it is determined that you could have prevented the data breach or incident. While having cybersecurity insurance is a must-have for businesses, there is no guarantee that your claim will be approved.

Why Is It Important to Comply With Cybersecurity Insurance?

You likely agreed to certain terms and conditions when you signed your insurance policy. One of these was likely a duty to take reasonable care to protect your property from loss or damage. This means you must take reasonable steps to protect your business from a data breach or cyber attack. If you have not taken reasonable steps to protect your business, your insurance company may deny your claim. This is why it is so important to have strong cybersecurity measures and keep up with the latest cyber threats.

Why Are Some Cybersecurity Insurance Claims Denied?

As we mentioned, one of the reasons claims are denied is a failure to take reasonable steps to protect your business. However, there are other reasons claims may be denied as well. Some insurers will only cover certain types of cyberattacks or data breaches. For example, they may not cover phishing attacks or social engineering. Check with your insurer to see what is and is not covered under your policy.

There are several reasons why cybersecurity insurance claims are denied. Here are some of the most common:

You Did Not Have Adequate Cybersecurity Measures in Place

Your claim might be denied if you did not have adequate cybersecurity measures in place at the time of the data breach or incident. Your insurance provider will want to see that you took reasonable steps to protect your data and systems. This includes things like having a firewall, using strong passwords, and having up-to-date anti-virus software.

You Failed to Take Reasonable Steps to Prevent the Data Breach or Incident

Even if you had cybersecurity measures in place, your claim may still be denied if it is determined that you could have prevented the data breach or incident. For example, your claim may be denied if you failed to patch a known security vulnerability.

You Did Not Notify Your Insurance Provider Promptly

If you did not notify your insurance provider of the data breach or incident promptly, your claim might be denied. It is important to contact your insurer as soon as possible to begin the claims process.

Your Policy Has Exclusions

Some cybersecurity insurance policies have exclusions that may prevent your claim from being approved. For example, many policies exclude claims from certain cyberattacks, such as ransomware. Review your policy carefully to see if any exclusions could apply to your claim.

You Did Not Cooperate With the Investigation

Your claim might be denied if you did not cooperate with the insurance company’s investigation into the data breach or incident. The insurance company will want to interview you and review your records to determine what happened.

You Made Material Misrepresentations in Your Application

Your claim might be denied if you made material misrepresentations on your insurance application. For example, your claim may be denied if you failed to disclose a previous data breach or incident. Be sure to disclose all relevant information on your insurance application to avoid denying your claim.

The Incident Occurred Outside the Policy Period

Your claim might be denied if the incident occurred outside of the policy period. For example, if your policy has a one-year term and the incident occurred two years after the policy was purchased, your claim will be denied.

What Are the Impacts of a Cybersecurity Insurance Claim Denial?

If your cybersecurity insurance claim is denied, you may be left to pay for the damages out of pocket. This can be a significant financial burden, especially for small businesses. In addition, a denial can damage your reputation and leave you vulnerable to future attacks. If you are denied coverage, you can appeal the decision. Many insurance companies have an appeals process that you can follow.

Here are two real-life examples of companies that had their claims denied:

P.F. Chang’s China Bistro vs. Federal Ins. Co

Computer hackers stole nearly 60,000 credit and debit card numbers from P.F. Chang’s China Bistro restaurants in 2014. P.F. Chang’s had a cybersecurity insurance policy with Federal Insurance Company. Federal reimbursed Chang’s for nearly $1.7 million in costs under the policy, including conducting the investigation and legal fees. However, Bank of America Merchant Services(BAMS), Chang’s merchant services provider, imposed assessment fees totaling $1.9 million.

A federal district court ruled that Chang’s had no cyber protection company for the assessment fees. The court found that the insurance policy’s “Privacy Injury” coverage did not apply to the claim because the policy’s definition of “Privacy Injury” required the compromised confidential records at issue to be the claimants. In this case, the payment card information taken in the breach belonged to Chang’s customers and the card-issuing banks, not the acquiring bank that sought reimbursement.

The policy also did not include Payment Card Industry coverage, a coverage option for restaurants, retailers, and other businesses that handle debit or credit card information. Without this coverage, Chang’s was not insured for the amounts assessed by the card company.

Family and Children’s Services of Lanark, Leeds and Grenville vs. Co-operators

According to FCSLLG(a Canadian not-for-profit organization), an unidentified hacker accessed the organization’s website and stole sensitive information in 2016. The stolen data was later shared on multiple Facebook pages. As a result, a class proceeding was filed against FCSLLG, seeking damages of $75 million. FCSLLG filed a claim against the company it hired to revamp its website.

FCSLLG had two policies with Co-operators during the breach, but Co-operators denied coverage for both policies. Co-operators also denied coverage to the third party. The policy excluded any loss from the distribution or display of data utilizing an internet website.

These are only two examples of many companies that have had their cybersecurity insurance claims denied. As you can see, even with insurance, there is no guarantee that you will be covered in a cyberattack. It is important to carefully read your policy and ensure that you are aware of any exclusions.

How to Navigate Compliance for Cybersecurity Insurance

While it may seem daunting to keep up with all the different compliance regulations, there are a few key steps you can take to make it easier:

Keep up-to-date with regulation changes. This can be done by signing up for newsletters or following industry news sources.
Work with your insurance broker or provider to ensure you have the right coverage.
Make sure you understand the terms and conditions of your policy.
Be proactive in your risk management practices. This includes having strong security measures and being aware of the latest threats.
Have a plan in place in case of a data breach. This should include who to contact and what steps to take.

Cybersecurity insurance is an important tool to help protect businesses from the financial costs of a data breach. However, it’s important to understand your policy’s limitations and ensure you have the right coverage in place. Cybersecurity insurance is not a cure-all, and it’s important to complement your policy with strong risk management practices.

September 16, 2022October 7, 2022

Raising Awareness of Digital Risks

Raising Awareness of Digital Risks: What Businesses Need to Know

Key Points:

Rapid technological advancement has led to new risks that businesses must now face.
There are many steps businesses can take to mitigate these risks, but they need to be aware of them first.
Ignoring these risks can lead to serious business consequences, including financial loss and reputational damage.

In today’s business world, technology is constantly evolving. This rapid change can be both a blessing and a curse for businesses. On one hand, new technology can provide businesses with new opportunities to grow and improve their operations. On the other hand, it can also lead to new risks that businesses must learn to manage. One of the most significant risks businesses now face is digital.

What Is Digital Risk?

Digital risk is the risk of loss or damage caused by technology. It includes risks such as cyberattacks, data breaches, and system failures. When your business scales, the attack surface area also increases. The larger your business, the more likely you are to be a target for criminals. However, this does not mean small businesses are immune to digital risks. Small businesses are often targeted. After all, they are seen as easier targets because they usually have fewer resources to dedicate to security. Digital transformation has changed how all businesses operate and has created new risks that need to be managed. Businesses must learn to manage these risks or be left behind.

What Are the Types of Digital Risks?

The complex nature of the digital risk landscape can make it difficult to identify all the risks your business faces. However, there are some common types of digital risks that businesses should be aware of, including:

Cybersecurity risks: Cybersecurity risks can be caused by weaknesses in your cybersecurity measures. This includes poor password management, unpatched software, and phishing attacks.
Data security risks: Data security risks can be caused by poor data security measures. This includes poor data management, insecure data storage, and data breaches.
Network security risks: Network security risks can be caused by weaknesses in your network security. This includes unsecured Wi-Fi networks, Denial of Service attacks, and man-in-the-middle attacks.
Compliance risks: Compliance risks can arise from not complying with regulations or industry standards. This includes GDPR compliance, PCI DSS compliance, and HIPAA (US) compliance.
Cloud security risks: Cloud security risks can be caused by weaknesses in your cloud service platforms. This includes insecure data storage, cloud service outages, and account hijacking.
Resiliency risks: Resiliency risks can be caused by failures in your ability to recover from an incident. This includes things like extended downtime, data loss, and reputational damage.
Third-party risks: Third-party risks can be caused by the actions of your business partners or vendors. This includes things like data breaches, system failures, and service outages.
Privacy risks: Privacy risks are risks to the privacy of your customers or employees. This includes things like identity theft and data leaks.

How to Manage Digital Risks

There is no one-size-fits-all solution to managing digital risks. The best approach will vary depending on the specific risks faced by your business. However, there are some basic principles that all businesses should follow when managing digital risks.

Define what digital risks are relevant to your business.
Assess the potential impact of each digital risk.
Put in place controls to mitigate the impact of digital risks.
Monitor and review digital risks regularly.
Communicate with all stakeholders about digital risks.
Be prepared to respond to incidents arising from digital risks.

By following these principles, you can ensure that your business is well-prepared to manage its digital risks. Digital risks are an increasingly important part of business in the modern world. Understanding and managing these risks can protect your business from potentially devastating impacts.

How to Mitigate Digital Risks

Given the complex nature of the digital risk landscape, businesses must take a holistic approach to manage these risks. Some steps that businesses can take to mitigate digital risk include:

Implementing strong cybersecurity measures: This includes things like two-factor authentication, data encryption, and intrusion detection.
Improving data security: Ensure adequate security measures are in place to protect your information.
Securing networks: Install proper security measures on your networks to protect them from outside threats.
Complying with laws and regulations: Familiarize yourself with the data security laws and regulations that apply to your business. Make sure you are taking steps to protect your customers’ data.
Improving resiliency: This means having a plan in place in case of a data breach or other incident, such as a power outage. You should have a backup plan for how you will keep your business running.
Working with trusted third parties: When you work with other businesses, make sure they have adequate security measures in place to protect your data.
Raising privacy awareness: This includes things like training employees on data privacy and implementing security controls.

There are different controls that businesses can put in place to mitigate digital risks. These can include technical controls, such as firewalls and intrusion detection systems, and organizational controls, such as policies and procedures.

What Role Do Risk Assessments Play in Digital Risk Management?

Risk assessments are an important part of managing digital risks. They help businesses identify their risks and implement appropriate controls to mitigate them. The most effective risk management strategies will usually involve a combination of both technical and organizational controls. There are several approaches to risk assessments, but all share some common elements.

Firstly, businesses need to identify the assets they need to protect. These include customer data, financial information, intellectual property, and company secrets. Once these assets have been identified, businesses need to identify their threats. These can come from external sources, such as hackers, or internal sources, such as employees who may accidentally or deliberately leak information.

Once the threats have been identified, businesses need to assess the likelihood of them happening and the potential impact they could have. This will help businesses prioritize the risks and put in place controls to mitigate them. Digital risks are constantly evolving, so businesses must regularly review their risk assessments and update their controls accordingly. This will help ensure that they are prepared for the latest threats and can continue to protect their assets effectively.

Wrapping Up

Digital risks are an inevitable part of doing business in the digital age. However, many businesses are still unaware of the potential risks they face. From data breaches and cyberattacks to reputational damage and loss of customer trust, digital risks to businesses are real and should not be ignored. Businesses must understand their digital risks and take appropriate measures to protect themselves. This includes ensuring that their data is secure, their online reputation is managed effectively, and their customers’ trust is not compromised.

While there are steps you can take to mitigate these risks, it’s important to remember that there is no single silver bullet. The best approach is to take a comprehensive and proactive approach, implementing multiple layers of security and constantly monitoring your systems for vulnerabilities. Now is the time to start if you’re not already taking steps to protect your business from digital risks. Cyberattacks are becoming more sophisticated and widespread, and the consequences of a breach can be devastating. Don’t wait until it’s too late – take action now to protect your business.

September 16, 2022September 26, 2022

Introducing the Microsoft Teams Schedule Send Feature

Introducing the Microsoft Teams Schedule Send Feature

Key Points

Microsoft Teams will introduce a new feature in the coming weeks that will enable users to schedule messages to be sent later.
Schedule Send will allow users to choose a specific time and date for their message, giving them greater control over when it is delivered.
This new feature will be valuable for organizations looking to improve productivity and communication.

In today’s business world, we are increasingly relying on chat apps like Microsoft Teams to communicate with our coworkers. While this is a great way to stay in touch, maintaining a sensible workflow can also be difficult if you and your team constantly send messages back and forth. Fortunately, Microsoft is introducing a new feature to Teams that will help address this issue.

According to Microsoft’s product roadmap, Microsoft Teams users will soon benefit from a delayed send feature. This will allow users to schedule when their messages will be sent, giving them more control over their communication.

What Is Schedule Send?

Schedule Send is a new feature in Microsoft Teams that will allow users to delay the delivery of messages. This can be useful if you need to coordinate with team members in different time zones or if you want to make sure that your messages are received during normal business hours.

How to Use Schedule Send

To use the Schedule Send feature, simply compose your message as usual and then long press the send button to schedule the message. A window will appear where you can select the date and time you want your message delivered. Once you have selected a date and time, click on the “Send at scheduled time” button, and your message will be sent at the specified time.

Schedule Send is a great way to stay organized and smoothly flow your chat conversations. By taking advantage of this feature, you can ensure that your messages are always received by your team members at a convenient time.

The Benefits of Delaying a Message in Microsoft Teams

Sometimes it is beneficial to not have a message sent immediately. This could be for several reasons, such as:

You are in a different time zone, and the person you are messaging is likely to be asleep
It is out of normal work hours for the person you are messaging
You don’t want to interrupt the person you are messaging if they are busy
You want to make sure the person you are messaging sees the message as soon as they wake up/start work

How Will This New Feature Impact Your Organization?

Every user within your organization will have the ability to schedule messages to be sent at a later time. Users can schedule messages as long as the scheduled date is no longer than 7 days in the future. Scheduled messages can also not be flagged as important or urgent, and any attached files and inline images will only be accessible once the message has been marked as delivered.

While Microsoft may state that this feature was designed for organizations that employ people in different time zones, this feature can have several applications within your organization.

Here are 5 ways that your organization can make use of the Schedule Send feature in Microsoft Teams:

Time Zone Coordination

If you have team members in different time zones, scheduling messages can help ensure everyone is on the same page. You can avoid any confusion or miscommunication by sending messages at a convenient time for all team members.

Keeping the Conversation Flowing

If you and your team are constantly sending messages back and forth, the Schedule Send feature can help keep the conversation flowing smoothly. By scheduling messages in advance, you can avoid any disruptions or delays in the conversation.

Planning Ahead

The Schedule Send feature can also be used to plan ahead. If you know you will be unavailable at a certain time, you can schedule messages to be sent while you are away. This way, you can still participate in the conversation even when you cannot be online.

Avoiding Distractions

If you are working on a project and do not want to be interrupted, you can use the schedule send feature to delay the delivery of messages until you are finished. This way, you can focus on your work without being distracted by incoming messages.

Following Up

The Schedule Send feature can also be used as a follow-up tool. If you need to follow up with a team member about a task or project, you can schedule a message to be sent after the task is completed.

What Impact Does the Digital Age Have on the Schedule Send Feature?

In the digital age, we are always connected. With the click of a button, we can send a message to anyone, anywhere in the world. With instant messaging apps like WhatsApp, Facebook Messenger, and iMessage, we can converse with someone on the other side of the globe in real-time.

While this instant gratification can be great, it can also be overwhelming. We are constantly bombarded with messages and notifications from friends, family, and co-workers. As a result, we often feel like we should always be available and on-call. The Schedule Send feature can help alleviate some of this pressure.

By allowing you to schedule messages in advance, you can control when and how you want to communicate with your team. This can be a great way to establish boundaries. The Schedule Send feature can be a great tool for managing your time and communication in the digital age. In a world where everyone is connected 24/7, the Schedule Send feature can help you take a step back and think about the best time to send a message.

September 15, 2022October 7, 2022

iOS 16 Is Finally Here: What Should You Know?

Key Points

After months of anticipation, iOS 16 is finally here!
If you’re using an iPhone 8 or later, you can update to the newest version of iOS right now.
New features include Messages, Maps, and more improvements.

iPhone. One word. So many different meanings. For some, it’s a status symbol. For others, it’s a life-saving tool. For many, it’s a way to stay connected to the people and things we love. With that being said, there is always a sense of excitement when a new iOS update is released because it has the potential to improve the way we use our iPhones. Now that iOS 16 is here, let’s look at some new features and changes it brings.

Widgets Galore

One of the biggest changes in iOS 16 is the addition of widgets to the Home screen. With iOS 14, Apple introduced a new way to view and customize your widgets, but you still couldn’t put them on your Home screen alongside your apps. Now, with iOS 16, you can add widgets to your Home screen and stack them on top of each other. Plus, new Smart Stack widgets use on-device intelligence to surface the right widget at the right time based on your usage patterns.

Notifications Have Moved

Another change you’ll notice in iOS 16 is that notifications are no longer displayed at the top of the screen. Instead, they appear at the bottom. While many did not have a problem when notifications were displayed at the top, some people felt it was disruptive to have them in such a prominent position. With notifications being displayed at the bottom, you can still see your notifications, but they’re not right in your face. For those who prefer the old way, you can simply tap up on the notification stack to return it to its original position.

What’s New in Maps?

If you use Apple Maps, you’ll be happy to know that there are some new features in iOS 16. One of the most useful is multi-stop routing. This allows you to add multiple destinations to your route, and Maps will give you the best way to get there.

Live Text in Videos

Another new feature in iOS 16 is Live Text in Videos. This lets you select text from a video and perform actions like copying, looking it up, or sharing it. This is a handy feature if you come across an interesting quote in a video or want to share something you saw with a friend. Also, data detected in photos using Live Text can be used in other apps, so you can quickly find more information about something you see in a photo.

Focus Mode

With iOS 15, Apple introduced Focus mode, a new tool to help you stay on task and avoid distractions. With Focus mode, you can choose which apps and notifications can send notifications and alerts. iOS 16 builds on this feature by adding the ability to schedule Focus mode. So, if you know you need to focus on a task at a certain time, you can set Focus mode to turn on automatically.

PassKeys

Another new feature in iOS 16 is PassKeys. This new way to securely log in to apps and websites using Face ID or Touch ID. With PassKeys, you don’t have to remember multiple passwords or log in with a different account each time. Instead, you can use your Face ID or Touch ID to log in with a single tap.

Lock Screen Improvements

There are also some improvements to the Lock screen in iOS 16. One of the most welcome changes is the ability to customize your lock screen. Users can now add widgets to their lock screen, choose custom fonts, and apply their favorite filters. Another welcoming change is the addition of haptic feedback when you press the Home button or the Lock button. This provides a physical confirmation that you’ve pressed the button, which can be helpful if you’re not looking at the screen.

Messages Receive a Big Update

In addition to all of the new features and changes in iOS 16, there are many new features and changes to Messages. With iOS 16, you can now go back and edit your messages after you’ve sent them. Just tap and hold on to the message you want to edit and select the “Edit” option. You have 15 minutes to edit a message after you’ve sent it. After that, the message will be locked, and you won’t be able to edit it. Sometimes we don’t realize we’ve made a mistake in a message until after we’ve already sent it, so this is a welcome addition.

Another big change in Message is the addition of the Undo Send feature. This feature has been available in other messaging apps for a while, and it’s finally arrived in Messages. With Undo Send, you can recall a message after you’ve sent it. Just tap and hold on to the sent message and select the “Undo Send” option. While you are given 15 minutes to edit a message, you only have 2 minutes to recall a message after you’ve sent it. So if you realize you made a mistake right after sending a message and need to delete it, you should quickly recall it.

iOS 16 has already shaken up the iPhone operating system with its many new features and changes. Apple has also made some changes to how Siri works. With iOS 16, Siri is now more contextually aware and can provide more useful information.

Wrapping Up

The above are just a few of the many highlights of the latest iOS update. There are many more new features and changes in iOS 16. So, if you haven’t already, update to iOS 16 and enjoy its new features! If you own an iPhone 8 or later, you can update your phone to the new software by going to Settings > General > Software Update and following the prompts. As always, be sure to back up your device before updating.

September 12, 2022October 3, 2022

How Do Phishing Scams Work?

You may have heard of the term “phishing,” but you may not be completely aware. If you operate a business or even conduct any kind of transactions online – which represents the majority of people – you may be susceptible to a phishing attack. When executed correctly, a phishing attack can leave you or your business in major personal or financial trouble.

In this post, we’ll dive deeply into defining a phishing scam, understanding the common traits, and identifying the various types of scams. Finally, we’ll look at what you can do to prevent a phishing attempt from disrupting you or your organization.

What is a Phishing Scam?

A phishing scam starts with a hacker or malicious actor reaching out to you. These individuals are looking to access information that you hold. To gain access to this, they’ll attempt to contact you (usually by email, but it can also be via phone or text) with a message prompting you to click on a link.

These scams use social engineering tactics compelling you to comply (more on those below). Once you or someone within your organization clicks the link, it may then upload destructive malware or viruses to your device, system, or network. This malware then provides them access to your personally identifiable information (PII), financial information like credit card numbers, or other information you don’t want falling into the wrong hands.

How a Phishing Scam Works

As noted above, phishing scams use social engineering tactics to trick recipients into complying with a requested action. Hackers will pose as an institution the individual knows or trusts to gain their trust.

For example, let’s say you receive an email from your bank asking you to log in to your account due to a problem. At first glance, the email may appear legitimate as it contains your bank logo and a similar font. But have your bank ever contacted you in this way before? The answer is likely no, as banks don’t ask you for information like this over email.

Everything from the email address the hacker uses to the language they use in the email might appear legitimate. That’s why it’s important to examine them carefully and err on the side of caution.

The Common Traits of a Phishing Scam

Every phishing attempt looks different, but they tend to have some traits in common across attacks. For one, email phishing attacks prompt you to click a link within your email.

Additionally, many attacks attempt to create a false sense of urgency. They’ll say there’s an issue with your account or suspicious activity that you’ll need to log in to resolve. This is, of course, a ruse meant to create a feeling of panic in the recipient. The hackers are banking on you, reacting without thinking.

Other phishing scams mimic or recreate an email address for a friend or family member. Have you ever gotten an email from a family member that contained a link but didn’t look right? It was almost certainly a phishing attempt.

You may also get an email from what you believe to be a trusted source, like your employer or healthcare provider. If the email looks suspicious, it likely is. Your default stance should always be to follow up with the sender to confirm the email’s legitimacy.

It bears repeating: if anyone asks you for any type of sensitive information over an email, text, or phone, you’re probably on the receiving end of a phishing attempt.

The Different Types of Phishing Scams

While phishing attempts happen over email, similar attacks happen over phone or text. Email phishing scams involve you clicking on a bad link. The other types of scams have different tactics with the same desired outcome for the hacker.

In the case of phone attacks (also known as vishing), you’ll receive a call from someone asking you to relay personal information over the phone. You may even be prompted to dial a specific number. These attackers often spoof numbers from trusted institutions like your bank. They might tell you that a friend or family member needs assistance to increase your feeling of urgency. They can also ask you to verify personal information to authenticate your identity to them – when, in fact, they’re stealing the information themselves.

Another common phishing scam is attacks conducted over SMS text messages (also known as smishing). These operate similarly to email attacks. You’ll receive a text from someone or some institution you trust asking you to click on a link.

How to Respond to a Phishing Scam

The first step is to be aware that phishing scams exist. Knowing what they might look like helps you know what to watch out for. If you are part of an organization, create this culture of awareness with your team. By educating your staff on what to expect, you’ll be able to prevent them from impacting your business in the future.

But what happens when you do receive a phishing attempt? The most important action you can take is this: nothing at all. Don’t interact or engage with a phishing attempt. If it’s a text or email, don’t click the link. If you’re on the phone with someone attempting to scam you, don’t engage – simply hang up as soon as possible.

Phishing Scams are Growing Increasingly More Common

In summary, phishing scams tap into sophisticated social engineering techniques, using people’s fears to gain access to sensitive information. This information can then be used to defraud the person or organization financially or steal their identity. They can be carried out over email, phone, or text message. When you get a phishing attempt, the best action is no action. Don’t engage – just block and delete.

The sad reality of phishing scams is that they aren’t going away anytime soon. You can’t prevent them from happening. All you can do is maintain awareness and constant vigilance of an attack possibly occurring. Be wary of emails that look suspicious and even those that don’t – as phishing strategies become more complex, you’ll be more likely to fall prey to one. Exercise utmost caution when communicating with anyone over email, phone, or text.

Contact us today for more on how we can help your organization navigate phishing attempts or provide other managed IT services.

September 12, 2022September 14, 2022

The Benefits of Azure Virtual Desktop Remote App Streaming

The Benefits of AVD Remote App Streaming: Why You Should Stream Your Apps

Key Points:

Microsoft Azure Virtual Desktop app streaming can help reduce latency and improve performance when using apps on a remote device.
AVD can help improve the quality of your app experience by providing a consistent connection and reducing buffering.
AVD can help you save on data usage by compressing it before sending it over the internet.

In today’s world, more and more people are working remotely. Whether you’re a freelancer, work for a remote company, or often travel for business, there’s a good chance you’ve had to access work applications from a non-traditional office setting. If you have, you know that it can often be a frustrating experience. Latency, poor internet connection, and inconsistent performance can make using remote apps challenging. That’s where Microsoft Azure Virtual Desktop (AVD) comes in.

Microsoft Azure Virtual Desktop (AVD) is a cloud-based app streaming service that allows users to access their apps and desktops from anywhere, on any device. AVD is an alternative to traditional desktop virtualization solutions. AVD can be used to deliver a virtual desktop experience to any device, including PCs, Macs, tablets, and smartphones. AVD is easy to set up and manage and provides a high-quality user experience. AVD includes several features that make it an attractive solution for organizations looking to provide remote access to apps and desktops.

What Is Azure Virtual Desktop(AVD) Remote App Streaming?

Azure Virtual Desktop (AVD) remote app streaming is a feature that allows users to access their applications remotely. The apps are streamed from a server to the user’s device, and the user can interact with them as if they were running locally. Users can use AVD remote app streaming to access their apps anywhere, on any device.

App streaming allows you to use remote apps with little to no lag, even on a poor internet connection. That’s because data is compressed before it’s sent over the internet, meaning there are fewer data to transfer and less chance of lost packets or delays. App streaming can also help reduce bandwidth usage, as only the data needed to run the app is sent, rather than the entire application.

There are many other benefits to using AVD app streaming, which we’ll explore in more detail below.

What Are the Benefits of Using AVD Remote App Streaming?

Reduced Latency

One of the biggest benefits of using AVD app remote streaming is reduced latency. Latency is the time it takes for data to travel from your device to the remote server and back again. When you’re using a remote app, any latency can cause problems, as it can make the app feel unresponsive. AVD app streaming eliminates the need for a server round-trip, which can often add several seconds of delay.

Improved Performance

Another benefit of AVD remote app streaming is improved performance. When you’re using a remote app, any inconsistency can be frustrating. Buffering, slow load times and freezing can make using a remote app challenging. AVD’s remote app streaming feature helps to eliminate these issues by allowing you to stream your apps directly to your device. This means you can enjoy a smooth, seamless experience without frustrating interruptions.

Increased Flexibility

AVD’s remote app streaming feature also provides you with increased flexibility. This feature is not tied to a single device or location. You can easily stream your apps to any device with an internet connection. This means you can use your apps on your phone, tablet, or laptop – wherever you happen to be. You’re not limited to using them just on your AVD device.

Access to More Features

You gain access to more features when you use AVD’s remote app streaming feature. Some remote apps offer limited functionality. With AVD, you can take advantage of the app’s full feature set. This includes using the app’s camera, microphone, and other sensors. You also have access to the app’s file system. This means you can save files locally on your device for offline use.

No Need to Install the App Individually

Another big advantage of AVD’s remote app streaming feature is that you only have to install the app once. With some remote apps, you must install the app on each device you want to use. This can be a hassle, especially if you have multiple devices. With AVD, you can install the app once and use it on any compatible device.

Improved Productivity

AVD’s remote app streaming feature can also help to improve productivity. By allowing users to access their apps from any location, they can get work done more efficiently. This is especially beneficial for users who need to access their apps while away from their desks. With AVD, they can stay productive even when they’re on the go.

Enhanced Security

AVD’s remote app streaming feature also provides enhanced security. This is especially important for users who work with sensitive data or need access to their apps from public Wi-Fi networks. With AVD, they can be sure that their data is safe and secure.

Reduced Costs

AVD’s remote app streaming feature can also help to reduce costs. By streaming apps remotely, users can avoid the need to purchase and install multiple copies of their apps. This is especially beneficial for users who have multiple devices or who travel often. With AVD, they can save money by streaming their apps remotely.

When Should You Opt for AVD Remote App Streaming?

There are many situations where AVD remote app streaming can be beneficial. Here are some examples:

When You Need to Use a Specific App That Is Not Available on Your Current Device

For example, if you’re using a work-issued device, you may not have access to certain apps that you need for your job. In this case, AVD remote app streaming can give you the access you need without switching devices.

When You’re Using a Public Device and Don’t Want to Install Apps

If you’re using a library computer or another public device, you may not want to install apps on that device. AVD remote app streaming can give you the same functionality without installing anything.

When You Want to Save Space on Your Device

If you have limited storage on your device, you may not want to install apps that you don’t use regularly. AVD remote app streaming can allow you to use apps on an as-needed basis without wasting valuable storage space.

The fundamental difference between AVD’s app streaming and other offerings is that AVD doesn’t require the same high-powered hardware at the app streaming destination as is typically needed to run the app natively. Remote app streaming brings you many benefits without the expense of powerful destination hardware.

Wrapping Up

AVD remote app streaming can be a great solution for several different situations. If you need to use a specific app that is unavailable on your current device, if you want to use an app that doesn’t support it, or if you simply want to save battery life, streaming an app can be a great option. As employees continue to work remotely, AVD remote app streaming can help keep everyone connected and productive.