Wanna Cry Virus - What you need to know!

Cyprtolocker Variances such as the recent "WannaCry" have been around for years. The main reason this hit the news headlines is of big outbreaks across the NHS and other global organisations.

Per below we've put together a list of things you can do to mitigate this for this strain and other strains : 

http://www.response-it.co.uk/news/2016/10/27/ransomware-the-small-business-guide?rq=Cryptolocker

Install the MS17-010 update that patches the vulnerability in Windows

Done with finding out the version? Here are the links to the updates for all of the Windows versions for which it has been released. Note that if you aren’t sure if you use 32-bit or 64-bit version of Windows, you can simply download both patches — one of them will work for you; trying to run the wrong one will bring up an error box but will do no harm.

 

 

You can also be extreme and disable SMB 1 totally from your network however careful with this as things such as VCentre use this for domain authetnication! 

Microsoft have put together a full list here thats uses SMB1

https://blogs.technet.microsoft.com/filecab/2017/06/01/smb1-product-clearinghouse/

 

 

 

The Cloud is helping us get rid of Software Asset Management

Part of Response IT's duties for our customers is to help with their Software Asset Management and Licenses. Find the most cost effective solution for their needs and make sure this is kept in a way to produce to Software Vendors if ever the need for Audits. One of the benefits from buying software from Us is that this happens automatically for you.

Game Changer ....

Salesforce was a close creator of the vison of Software being a service instead of a product. The solution would be paid for in a subscription which would let you use it and have access to all the future updates instead of a once off purchase. Some people like paying for things outright as they can see the final price , however when things get more expensive due to celeverer functionality, the cost goes up and this doesn't become viable. Some key companies who have followed : 

Microsoft

The whole microsoft license sheme has changed from a direct one purchase now to a monthly per user model, no more software assurance rules like MDOP, VDA, per device. And the upgradability on these licenses are mearly a flick switch so computers can be upgraded to be joined to the domain , and functionaly for 365 Users can be changed by changing their price plan ( per user not for the whole group !) 

Adobe

They have been on the front runner for this for sometime, and probably due to the cost of their product its been a great welcome. Initial outlays from Adobe Creative Suite where a big hit for one company , and change thing between users where complex and needed software for auditing. Now this is managed in a central dashboard for all the companies products that can be switched around when needed and activated by email straight to the user.

 

Pluses

Self Audits and Costings

Employee's sometimes in a rush were forced to buy software and or hardware themselves which would get them up and running however to check if they had purchased the correct version E.g. Home instead of a professional version of Windows to Join to the domain and Audit the purchase for future SAM Adutis and expense the purchase under the right cost center!

Instant meaasurments

Companies can now check their monthly spendature on Software and Software Vendors can see in realtime companies use which means auditing can be done efficently without SAM Consultants or Software

No Wastage

As instant measurements are so easy , licenses can be re-assigned in realtime making sure no license is doubly users and users who have left the firm do not leave with it on their personal device

 

All in all , this helps everyone , simplier equals easier to manage which reduces the overall costs ! Microsoft are even stopping SAM

https://www.theregister.co.uk/2016/04/13/microsoft_we_have_a_bullet_ready_for_12_competencies/

Microsoft 365 Intune with EMS

If your organisation has Office 365 with Enterprise Mobility Suite (EMS), you’re probably already familiar with Intune, Microsoft’s solution for mobile device and application management.


You can use EMS as a Single Sign on Solution to over 1200 Software as a Service Cloud Applications such and salesforce and box across devices and browsers

Active Directory Premium gives you full Active Directory into the cloud so you don't need local servers for management of Active Directory , see here for a full list of differences

Group membership can be requested by users to the groups Owner and this can be approved from the cloud

User Password resetting can be done in the cloud and automated to be self service to reduce the time for users to fix their issues and load on helpdesk staff

Intune is also your go-to solution for managing shared tablets in limited-use mode. With Intune, you can bulk provision, secure, and centrally manage shared tablets configured to run in limited-use mode.

 

This makes IT’s a job a lot easier: you don’t have to configure settings on individual tablets, and you don’t have to do anything differently than you would for devices not in limited-use mode. With Intune, your transactions, inventory, and other information are protected, no matter what your tablets are used for.

What is Azure Information Protection (AIP)

Azure Information Protection (AIP) allows you to classify and add security directly to your sensitive data so that it's always protected and identifiable.

Example : 

Admin creates policies for data classification, labeling, and protection. Sally, an accountant, creates a document that has customer PII, including credit card numbers.

When Sally saves the document, it’s automatically classified CONFIDENTIAL and encrypted with permissions

When she emails the document to her team, she accidentally includes two unauthorized users. Sally’s team are able to open the file, but cannot print, save, copy text, or forward the file. The two unauthorized users are unable to open the file or forward the email.

Sally and IT can view successful/unsuccessful attempts to open the file. Sally or IT can quickly recall the document from unauthorized users.

Requirements 

Microsoft Azure Information Protection is included in the Office 365 Enterprise E3 and above plans.

Extra Licenses can be found here


You need to install the client Manually ( AzInfoProtection.exe )

You should then have the task bar and can change categories

The next tech is here - Hyper-Convergence

Hyper-converged infrastructure (HCI, also called a hyper-converged integrated system. HCIS) refers to integrating virtualization of storage, computing and networking in a data center into a single appliance.

Why is the industry moving towards this?

Compatibilty out the box : Storage, Networking and Computing providers have come together with their products to offer something out the box that has been thoroughly tested together. No more searching three providers on compatibility when updating a single firmware for a device.

Support ; Single point of support for all of your hardware 

Management : Again single management interface for all your virtulised hardware

Faster setup : You can have new infrastructure setup to expand your ERP system or increase your VDI seat count in less than one hour!

There are multiple hyper converged providers at the moment , but we've had great Demo experience with HP's solution per below

 

Companies will tend to expand on their existing infrastructure due to their already inhouse expertise on existing technologies and human nature of staying the same however this can unnecessary increase costs and manageability by not looking at all solutions at the time of expansion.

Legal E-discovery in 365

Discovery is the process of finding search terms in your organisations data. Searching your who organisations files for keywords can be difficult and duanting task unless all of it is in a collaborated cloud system such as 365.

 For example if you need to trace a client named "client 1" due to a legal case you can use the below method to search your company Documents stored in Sharepoint, Company Emails in Exchange Online and User Data stored in One Drive for Business

You can also Upload Old larges PST's to 365 to Exchange and or sharepoint giving you discovery of all your archived email and mailboxes

Windows Vista support is ending - Good Riddance

After April 11, 2017, Windows Vista customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft. Microsoft has provided support for Windows Vista for the past 10 years, but the time has come for us, along with our hardware and software partners, to invest our resources towards more recent technologies so that we can continue to deliver great new experiences.

If your running Windows Vista , you won't be one of our customers , but please upgrade to a new version of windows or contact us to help you!

https://support.microsoft.com/af-za/help/22882/windows-vista-end-of-support

Bye Bye Exchange 2007 End of Life Today - Users of Small Business Server 2008

Exchange 2007 has officially now been dropped by Microsoft today

https://blogs.technet.microsoft.com/exchange/2016/04/11/exchange-server-2007-t-1-year-and-counting/

A great product which was the base for Exchange 2010 and up helping with DAG setups and using powershell , it will be sad to see it go!

This was bundled in with Small Business Server 2008 so if you are using this version you will need to look at migrating your users elseswhere! 

What are your migration paths?

1) Upgrade and Migrate to the Cloud e.g. Office 365 (using their FastTrack service if you have a Minimum of 50 Users Seats) 

2) Upgrade and migrate your server to Exchange 2013 ( Can only do one jump so no Exchange 2016 ! ) 

Office 365 - Advanced Threat Protection (ATP)

Advanced Threat Protection (ATP) similiar and complimented well with Exchange Online Protection (EOP) , is a service that helps you prevent zero-day malicious software attacks in your email environment. It does this with clever analytics, the same as webroot antivirus uses, where it puts attachements into sandboxed enviroments and tests what they do before forwarding them to you once they know it's safe

Safe Links

It also uses Safe Links technology to rewrite each external link through 365 ( acting like a web proxy ) to block any Phishing sites or websites that have been marked as unsafe due to malware or blocked file extensions. This means that even home users will get the protection they need via Webmail or via their Mobile device

Protect against unsafe attachments

All suspicious content goes through a real-time behavioral malware analysis that uses machine learning techniques to evaluate the content for suspicious activity. Unsafe attachments are sandboxed in a detonation chamber before being sent to recipients. The advantage is a malware free and cleaner inbox with better zero-day attack protection.

Reporting

A rich reporting dashboard gives you realtime stats to see what user clicked what link and where milianious links where sent from enabling you to stop future attacks and mitigate risks of existing attacks

This service comes bundled with the E5 Package in Office 365 and can be purchased as an add on for 1.50/User/Month

What is Microsoft Azure Rights Management Services (RMS)?

Azure Rights Management Services (RMS) is the solution to the problem of protection documents after they have left you organisation as they move across different platforms such SharePoint, Exchange, and OneDrive, and maintains permissions while saved online and offline.

Rights management doesn't just encrypt files; it encrypts them so only specific people can open them (rather than anyone with the password) and works on all Microsoft Office documents including Word, Excel, PowerPoint and even email within Outlook. Full list of growing applications here :

https://docs.microsoft.com/en-us/information-protection/get-started/requirements

The RMS sharing apps for Android and IOS can open protected versions of .TXT, .XML, .JPG, .PDF, .PNG, .TIFF, .BMP and .GIF files (with the usual variations like .JPE and .JFIF). 

Previously you would of needed a standalone server and trust to other Active Directoy domains, however now with Office 365 any size company and use this service

To make sure the viewers of the file are the correct recipients ..

This is done by the collection and monitoring the following information about the file

  • What device it’s accessed from

  • What device it’s sent from

  • What device it’s sent to

  • What application accesses it

  • Whether it’s accessed online or offline

Uses

Look no further than the recent US elections of how this solution could of saved some embarrassment! 

http://www.theblaze.com/news/2016/05/25/trump-spokeswoman-accidentally-sends-email-to-a-reporter-instead-of-her-coworker-heres-what-it-said/

Limitations

If you send an RMS protected email to a Gmail account then the recipient will not be able to open it using the browser-based Gmail interface.  Instead they will see an error that reads: “This message uses Microsoft Information Protection solutions. Open this item using an email application that supports protected messages, such as Microsoft Outlook.”

You can block printing and screen capture, but if someone with enough time can capture an image of the open document with print screening or they can just pull out a phone and take a picture. 

It is recommended that before purchasing this solution you sit down and test this with a provider to make sure this is the right solution for you!

Cost

£1.50 / User / Month

Give your employees the tools they need to work so they don't have to burden you...

 A 2014 report, showed more than 80% of employees use non-approved software-as-a-service (SaaS) applications at their jobs. The reason for this and what we find is they are looking for services to make their job easier instead of a service not to do their job. If you find tools that can do all these service in house , it leads to easier management of single apps through the business as well as shared expertise of Company Apps throughout the business

Some examples of this are below

Installation of Dropbox for sending and receiving large files and having a realtime document sharing platform

The old method we see of this is using email to transport documents between third parties to a central store at either end. Dropbox changes the way this happened by bringing a simple to use consumer product which was hosted in the cloud. Methods for companies to leveraging this technology have been to purchase dropbox for business for better auditing and security of files or use One Drive for business which is free on select Office 365 plans to bring the same functionality. Once either of these where setup and training dropbox for home was not being used anymore

Messaging - For communicating to Third parties and internal employees in real time

Again for the above this was used for real-time communication usually matching with the dropbox service for getting immediate group feedback for changes or discussion to file changes. Services being used for this were Facebook, Skype, Whatsapp and iMessage. It seemed uses where after a mobile way to always be in communication with their team especially as deadlines got closer. Skype for Business again free with Office 365 plans adds all of the above however enables history tracking into the users Outlook for searching for previous chats and also governance to make sure all communication is audited. It also adds the functionality of Video and Audio calls and mobile worker Phone Services.

 

Meraki now introducing Video Camera's to their great portfolio

Response IT are a big believer in Meraki brand, the way it's simple, stable and most easy to manage. We are really excited to know they have now added Video Camera's to their portfolio.

Having helped setup existing customers with security solutions for their Offices, DataCenter and remote sites we bundle this into out wide offerings of services.

Dream of eliminating servers and video recorders? Looking to spend less time on complex security camera deployments and maintenance? Look no further. 

Cisco Meraki is bringing the magic of Meraki cloud management to MV Security Cameras. Like all Meraki products, MV cameras provide zero-touch provisioning, allowing IT admins to add a serial number to the dashboard and begin configuring before hardware even arrives on site. 

On top of that, MV security cameras feature:

  • intelligent motion indexing with search engine
  • ability to export and share historical video
  • secure encrypted control architecture
  • video walls with up to 12 cameras per layout
  • remote monitoring and troubleshooting from anywhere in the world 

Device encryption - Why it's important and sometimes necessary

You might of read in the news recently about a Secret Service Laptop being stolen out a car with Plan's of the U.S. presidents home on it

http://www.bbc.com/news/world-us-canada-39310793

The laptop was encrypted so the chances of anyone else apart from the Secret Services being able to read the files on this laptop are zero.

Laptops/Tablet and Phones when used out the box come with Zero encryption, which means if they ever get into the wrong hands there is a chance information could be captured. Even if you have a password on the device, the information from memory cards , hard drives and device storage can still be opened up on another device. If you hold customer information on devices which leave company premises the risks of this are even higher.

The following software is the top three Windows Encryption Services

  • Bitlocker
  • Disk Cryptor
  • True Crypt

How to encrypt tablets/phones?

The moment you set a passcode or enable Touch ID on the device running iOS 8 and above, the full device encryption is turned on automatically without you having to do anything.

 Lock Screen > Security > Other Security Settings. If you have a Galaxy S6 then you’ll need to head there and then tap on Encrypt phone to enable encryption.

A MDM Platform ( please see our other blog post about this ) is a good way to ensure anyone with company email has this enabled

Two top reasons to migrate to Windows 10

No New Processor Support

Intel's new 7th generation of i series chip, Kaby Lake will officially be supported only by the company’s flagship Windows 10 OS. Intel also appeared to be on board with Redmond’s decision, saying it

“will not be updating Win 7/8 drivers for 7th Gen Intel Core per Microsoft’s support policy change.”

AMD is also on the same bandwagon

"To achieve the highest confidence in the performance of our AMD Ryzen desktop processors (formerly code-named ‘Summit Ridge’), AMD validated them across two different OS generations, Windows 7 and 10,” AMD said in a statement in response to a question from PCWorld. “However, only support and drivers for Windows 10 will be provided in AMD Ryzen desktop processor production parts.”

You cannot buy Windows 7 or 8.1 anymore

As of October 31st 2016 Microsoft Ended the sale of Windows 8.1 and Windows 7 pre installed on Machines. Any new purchase of Hardware will now land your enviroment in a mixed version of Windows making it harder to : 

  • Create a standard SoE across your enviroment
  • Creat User training as this will need to be duplicated across two Operating Systems
  • Testing Company Applications 

 

There are multiple ways to roll out Windows 10 across your organisation such as Microsoft Deployment Tool , Image X and or Acronis True Image. Speak to Response IT today about solutions and time lines of a Windows 10 Deployment!

The Three Clouds went to market .... What they are and what they do

Cloud infrastructure can actually be split up into three different types

Public Cloud - These are the clouds you see being offered by Amazon, Google, Microsoft to name the big players. Services offered on Public Clouds are Office 365 on Azure , S3 Buckets on AWS and Google Code projects on Google. These are usually the cheapest but limited in regards to customizations.

Internal Self Hosted Cloud - These are servers hosted and owned by the business providing totally customizable features to the business for their software and speed requirements.

Private Cloud - This is a mixture of the above which entails a third party provider such as Response IT hosting or providing your IT infrastructure giving you ultimate customizability in your hardware and speed needs with the reduced support of hardware and network by your organisation.

What solution is right for your business?

Business Size - Most small business and startups will start off on the Public Cloud with applications like Office 365 , One Drive for Business and Skype for Business. This gives them all the services they need to start the setup their company at a small cost which can grow. More developed companies will start to use a custom applications for their industry and this will need to be hosted on a standalone server if the application provider does not provide a hosted solution. This will then leverage into Private or Internal Cloud

Latency - So applications are very time sensitive which means hosting them on the public cloud will be a non-starter to begin with. Application providers will only support the Application with SLA's in regards to round trip times from the server so an Internet Cloud will have to be used but usually backed up with a Private or Public Cloud

Data Sovereignty - Legalities on each industry and country change the rules on where your data can or can't be stored. Companies such as Goverment, Legal and Finance usually have strict requirements of keeping their data in country with proof. Other industries face Audits of proving to their users where their data is at any time. Internal clouds are the best for this , however Private and now Public clouds are making themselves full compliant with Data Sovereignty issues

Contact Response IT for Solutions in all three clouds. We see three as better than one

Office 365 for Large Enterprise Automatically creating groups

“Beginning in March 2017, managers who have 2-20 direct reports, do not already have a direct reports group, and have permissions to create groups in Outlook, will automatically have a private group created for them with their direct reports. The manager will be added as an owner, and the direct reports of the manager will be added as members by default. The group will be named "<Manager's Name>'s direct reports", but that can be edited.”

“To help managers collaborate more effectively with their employees, we will automatically create Office 365 Groups containing the manager's direct reports. Managers can easily update, delete, or modify the group at any time.”

https://support.office.com/en-gb/article/Manage-automatic-creation-of-direct-reports-group-Admin-help-8387f129-19cc-4426-9911-e36fa0a01043?ui=en-US&rs=en-GB&ad=GB

How to Opt out:

https://support.office.com/en-gb/article/Manage-automatic-creation-of-direct-reports-group-Admin-help-8387f129-19cc-4426-9911-e36fa0a01043?ui=en-US&rs=en-GB&ad=GB

How to sell MDM ( Mobile Device Management )

Mobile device management is software to be able to manage a fleet of mobiile devices used by your workforce for security, monitoring and deployment. Mobile devices can be provided by a company or BYOD ( Bring your own Device ) is used where people use their existing devices.

Some example MDM products we use and support at Response IT : 

  •  Office 365 Mobile device management 
  •  Vmware airwatch
  •  Mobile Iron
  •  Blackberry Enterprise server

What does and doesn’t work in a communications plan to get users to enroll in an MDM? 

Are there incentives you have used that have helped to get user buy in to enrollment?=

What types of communications have been most effective?

See some below reasons why Users should enroll in company MDM Platforms : 

  • Full Vision of Polices applied to devices to the User 
  • Users get a VPN back to work to access work Files 
  • Users get Work Email for working outside and on the way to the office
  • Restricting limits such as Data useage and Apps to save shock personal bills
  • MDM platforms actually can reduce bandwidth bills
  • MDM can Automatically manage patching for you , weather it being forcing a security fix or stopping one
  • Compliance, having your own device is fine , however we need to make sure we meet out statatutory obligations to protect company data
  • Back out plan ( Easy to remove policys )
  • Easy Location of Device
  • Support of Device

Contact Response IT for support of an existing MDM platform or the creation and adoption of a new one today!

Test your Employee's - Internal Company Phishing Exercise

You can email out to the whole company explaining things such as Spear Phishing:

 http://www.response-it.co.uk/news/2016/10/23/spear-phishing-how-to-mitigate-risks?rq=phishing

and Ransomware explanations and examples: 

http://www.response-it.co.uk/news/2016/10/27/ransomware-the-small-business-guide?rq=cyp

But do these go unnoticed? It's difficult to tell until this is put to the test.... A short test could be to wait until you get infected or breached and diagnose the attack and seal the hole, but a better proactive test is to test your employees before the attack happens.

We have worked recently with a few companies after Management approval to create a test Phishing site's to monitor how many people would fall for the above attacks which give great insights such as

1) How many people and who opened the email
2) How many people entered credentials
3) How many people clicked a link
4) How many out of dated devices opened the link

After the above is found, user training can be employed to fix all the below and the whole process can be repeated on occasion automatically.

Contact us today about pricing for the service.

The cost of outdated Technology for Business'

Per the microsoft article here https://news.microsoft.com/en-gb/2017/01/19/people-spend-day-every-year-waiting-old-computers-boot/#sm.0000012c2ze3vacu5rmyddvyd145k

'People in Britain spend a day every year waiting for old computers to boot up'

Yes this is a marketing from Microsoft to sell it's Windows 10 Operating System , but it does bring out some interesting true facts ..... Computer shelf life or Out of the Box warranty is usually supplied for 3 years depending on what it is used for, and Microsoft OS is usually around every 3 years as well.

Below we would like to share of reasons to keep your Hardware and Software Up to Date

  • Not getting the new features new software and hardware gives you such as Virtualisation ( Multiple servers on a single box ) or leveraging the cloud with means no server!
  • New technology is usually built with less parts, thus less to go wrong and cheaper to buy and greener to run !
  • Out of Date software leaves you open to security problems, e.g. Microsoft not releasing anymore security patches for your operating system
  • Increased costs and time in fixing problems with your old hardware / software. Yes it usually can be done by sometimes by a quick fix instead of a long term fix
  • System Downtime due to Security problems or reliability problems
  • Cost of Warranty Extensions -> Usually manufacturers or Software and Hardware will rapidly increase the warranty cost extensions which means buying new can be cheaper!
  • Stress! (two-thirds of Brits with computers aged between 5 and 10 years admitted to hitting or shouting at them, with a further 6% being reduced to tears)
  • Legal risks of being audited depending on your business with can lead to fines due to unsupported software

Call us today to help us get you into the new!