6 Ways to Combat the Threat of a Cyberattack

The best way to defend your organization against a cyberattack is to take proactive steps now, before an attack ever occurs. That way you’ll be prepared if your organization is targeted.

Attacks often begin with phishing schemes. Typically, someone within your organization would receive an email from someone posing as a trusted or well-known source. The employee lets their guard down and clicks on a link in the email. That may automatically provide the scammer with the employee’s log-in information, or prompt them to enter a user ID or password, or both. This allows the criminal to access financial or personal information that can then be used to commit crimes.

Although your organization may not hold the same treasure trove of information as a bank or other financial institution does, the information you store can do plenty of damage if it falls into the wrong hands. Many times, a cybercriminal will be looking to steal individuals’ identities through their Social Security number or other sensitive data.

Finally, hackers are constantly devising more sophisticated ways to invade your organization’s system. One recent innovation is the use of ransomware that may be downloaded to a system through a phishing expedition. This enables the phisher to block an organization’s access to its own information unless it pays a healthy ransom.

Taking Action

Although every situation is different, following are six steps you can take that will help fight cybersecurity attacks:

1. Install a security solution on each device used by top administrative employees who have access privileged information. This will isolate an attack to a single user. Otherwise, all devices might be infected in one fell swoop.

2. Encrypt data. If intruders obtain data, it will be virtually unusable. For servers, set different levels of permission, such as blocking lower-level employees from payroll records. Partition or “silo” information so that access to it doesn’t also grant automatic access to all authorized users.

3. Keep extremely sensitive data on a server that is separate from the network. If an employee is fired or otherwise leaves the firm, the network administrator should disable that employee’s access immediately.

4. Install the latest firewall and antivirus software. However, be aware that these measures aren’t foolproof and the criminals are often one step ahead of the good guys. 

5. Establish parameters about using , including sites employees are permitted to access. Not much good can come from workers viewing pornography or using gambling sites, for example, and these are often ripe for malware or ransomware.

6. Educate your employees. Convey to employees the importance of being vigilant. Even though workers might be attuned to avoiding potentially dangerous emails, there are still those who don’t realize the damage they can cause by clicking on just one link. Learn how to easily train your employees to think before they click with security awareness training

Make it clear to your employees that cybersecurity is a top priority and that errors, omissions and exhibiting poor judgment will not be tolerated. Such actions may even be subject to disciplinary measures. Create a culture that makes it difficult for invaders to pierce your defenses. 

It can be costly and time consuming to recover from a cyberattack and devastating to your business overall. Although insurance protection is available, premiums may be cost-prohibitive, or insufficient to meet your needs. Focus instead on preventing damage in the first place.

© 2018

Several popular Microsoft products are scheduled to reach the end of support on October 13, 2020. The time to prepare for this deadline is now.

Microsoft states that the end of support means security updates and technical support will no longer be provided for these products, and it is recommended that users upgrade to the latest cloud or on-premise version to remain secure. The following are among Microsoft products reaching the end of support in October. Click to learn more about the recommendations for each.

* Eligible for Microsoft’s Extended Security Update Program.

What does End of Support mean for me?
Unsupported systems and programs turn environments into security and compliance risks. If a security flaw is found in these Microsoft applications after the end of support date, no patches for security updates will be released. If you’re still using these programs beyond the end of support date, your company will be at risk for security vulnerabilities, putting your data and your clients’ data at risk.

Time is running out – plan now!
Organizations that have not yet scheduled upgrades should begin doing so immediately. The longer you wait, the more potential there is for missing the deadline and running into costlier problems later. Plan now so you can consider your budget as well. Please reach out to YYTECH to discuss scheduling, even during the coronavirus pandemic. Many software upgrades can be done remotely. 

Contact YYTECH if you are using any of these products – we can help you evaluate and upgrade your systems as painlessly as possible.

The recent anniversary of the General Data Protection Regulation (GDPR)’s implementation commemorated the first full year that businesses dealing with EU resident data have spent operating in this new regulatory environment. One year in, GDPR looks less like an outlier and more like a global trendsetter. While the EU may have led the way, consumer data protection conversations have shifted to the forefront in the United States, both at the state and federal levels and in countries around the globe.

Businesses aren’t the only ones that have begun educating themselves on all things compliance; thanks to a GDPR-related uptick in regulatory content in the media and other public spaces, consumers are increasingly better informed on their digital personas and the rights that do (or do not) accompany them. With that knowledge comes increased expectations for the businesses they choose to interact with and more awareness of those that may be using their personal data without consent. The bar has been raised, and it’s hard to think that consumers will accept less protection than they now see represented on a global stage.

There is a broadening recognition and acceptance that privacy regulations aren’t going away. In a recent Gartner survey, executives named accelerating privacy regulation as their top concern of Q1 2019, with 64% of respondents citing it as a key risk facing their organizations.

Businesses must be prepared for ongoing and elevating compliance standards in the years ahead — standards that may vary greatly by region, country or state. GDPR spurred great strides in data governance, causing companies to take note of what data they have, where is it, who has access, etc. as well as make significant improvements in the timeliness of breach notifications. However, better data governance and reporting isn’t the end of the compliance story. While improving procedures in these areas is important for companies and consumers alike, these first steps are just that — a beginning.

Some organizations used GDPR as a catalyst to establish broader data protection strategies, while others have yet to implement technologies that will actually have a meaningful impact on consumer data security. Data governance and reporting satisfy a number of tasks on the compliance checklist, but they do little to prevent sensitive consumer data from being breached or stolen. With the GDPR’s first year behind us, it’s time to shift our collective focus to ensuring the personal data businesses use and possess is truly locked down.

Establishing a data-centric approach to security and focusing on securing the data itself rather than just the networks, servers and applications it resides on is one of the most effective ways to deal with variable and accelerating regulations. If a company’s security strategy is built around protecting data at all times, the business will be better prepared to prevent breaches and misuse no matter what regulatory environment it finds itself operating in.

Data must be secure wherever it is within an organization, whether at rest on the file system, moving through the network or while it’s actually being used or processed. This is a protection strategy I refer to as the “Data Security Triad,” the three components of which include:

• Data at Rest: Categorized as inactive data stored in any digital form, data at rest resides on the hard drive or in databases, data lakes, cloud storage or other locations and is commonly protected by perimeter-based, access control and user authentication technologies. Additional security measures such as data encryption are commonly added depending on the level of sensitivity.

• Data in Transit: Data is vulnerable as it moves through a private network, public/untrusted space or a local device, and it is, therefore, standard practice to protect it using transport encryption. If businesses adhere to proper protocols, this is an efficient and effective defense strategy for data in transit.

• Data in Use: Data in use has become the point of least resistance for increasingly sophisticated attackers, as it is the most commonly overlooked segment of the Data Security Triad. Technical methods for securing data in use include homomorphic encryption, secure enclave and secure multiparty compute.

Access management is important for ensuring protection for data at rest, in transit and in use, but when it comes to locking down data to prevent a breach or misuse, one of the most effective technical solutions is encryption. While encryption itself does not prevent interference, without access to the keys, encrypted data is useless to an attacker, and data breached in its encrypted state is not subject to regulatory penalties. Limiting encryption to only a portion of the Triad is a dangerous oversight. If there is data of value at stake, attackers will find a way to reach it, so every point of entry needs to be protected.

GDPR has proven that regulations can spur real change in the commercial market — change that many consumers view in a positive light. When referring to businesses’ ongoing battle with compliance, as highlighted in its Emerging Risk Trends Report, Gartner’s Matt Shinkman described GDPR as the “starting gun in this process, and not the finish line.” While that seems to be an accurate summary of the market, where businesses perceive that finish line is also critical.

Compliance just to avoid regulatory penalties is not enough to impress an increasingly informed consumer base. In GDPR’s second year, let’s drive action geared more specifically toward what the law was intended to accomplish: Protecting the privacy of consumers by ensuring the security of their data.

Content provided by Microsoft and Forbes.com. 

If you haven’t already upgraded to Windows 10, add the task to your to-do list.

Microsoft Windows 7 support has ended. Going forward, consumers won’t receive updates of any kind, including critical security patches, for the 10-year-old platform, potentially putting their computers at increased risk for viruses and other forms of malware.

The company had been urging PC owners for five years to move to Windows 10, which it claims is the most secure version of the operating system ever developed. But many refused, countering in online forums and on social media that Windows 7 is “the best version of Windows ever.”

From July 29, 2015, to July 29, 2016, Microsoft offered the Windows 10 upgrade to Windows 7 and 8 users free of charge. It now costs $140 on the company’s website.

Despite the fee, it’s a good idea to make the shift to Windows 10 to protect your privacy and security. Here’s more on the pros and cons of performing the upgrade.  

Why is Support for Windows 7 Ending?

Supporting the software behind an outdated operating system has become too costly, even for a company as large and rich as Microsoft.

Operating systems require “constant maintenance,” says Bogdan Botezatu, director of threat research and reporting at the Bitdefender cybersecurity firm. “It’s difficult to maintain code from several years ago while at the same time trying to maintain code for the latest operating system. Companies will do everything in their power to try to migrate customers to the new version.”

To Microsoft’s credit, the cutoff date for Windows 7 support was announced with the release of the operating system in October 2009.

Microsoft also points out that the 10-year life span for Windows 7 is longer than what’s offered by its competitors.

For instance, the oldest operating system to receive updates from Apple within the past year is macOS Sierra, released in 2016; it was last updated in September 2019. It’s worth noting that macOS upgrades are free as long as your hardware is compatible. Catalina, the latest version of macOS (released in October 2019), supports laptops released as far back as 2012.

The ultimate goal for Microsoft is to commit fewer resources to Windows 7 and focus more on making Windows 10 (released in 2015) as secure as possible against today’s threats.

“We’d still be supporting DOS if we never dropped support for an operating system,” says Kevin Haley, director of security response for Norton LifeLock, the Symantec-owned cybersecurity company. 

What Does ‘End of Support’ Actually Mean?

Now that support for Windows 7 has ended, Microsoft will no longer produce updates for the operating system. That means you won’t receive new features, such as, say, a faster search bar or improvements to Microsoft’s Alexa-like digital assistant, Cortana. But more to the point, it means you’ll be cut off from security updates, which puts you and your data at greater risk.

“When someone is using an outdated version of the operating system, this increases their risk of being attacked through an exploit: a program, piece of code, or even some data designed to take advantage of a bug in an application,” says Vyacheslav Zakorzhevsky, head of antimalware research at the Kaspersky Lab cybersecurity firm. “Whenever a new vulnerability is discovered, the operating-system vendor usually delivers security patches only to the supported versions.”

And so, as of today, Windows 8.1 and 10 will be the only versions supported by Microsoft. If your laptop runs Windows 8.1 (a free upgrade from Windows 8), you’ll continue to get updates until January 2023. Windows 10 users should receive at least five more years of support, based on Microsoft’s history.

And while antivirus software can protect you from malicious software, a Microsoft spokesperson says it may still leave you vulnerable to “sophisticated attacks, like phishing and ransomware” if your operating system no longer receives updates.

“That’s the risk,” says Hale of Norton LifeLock. Because there’s no knowing how a virus or malware will interact with an operating system, there’s no guarantee an outside security company can fully defend you against it.

Will Your Computer Continue to Function?

Yes, your Windows 7 laptop will continue to operate largely as it does today. You can browse the web with Google Chrome and create and edit documents in Microsoft Word or Excel. Your printer won’t suddenly stop working. In fact, not much of your day-to-day computing will change.

“Windows 7 will still work just fine,” says Adam Kujawa, director of Malwarebytes Labs, the research and development division of the Malwarebytes cybersecurity company. “I mean, I can still use Windows XP on a system and it’ll still work just fine.” (Microsoft ended support for Windows XP in 2014.)

But just because your laptop will power on and let you print your child’s book report doesn’t mean that’s a smart move.

Ideally, you should move to Windows 10. 

How Do You Move to Windows 10?

You can download Windows 10 from the Microsoft website or buy the software on a thumb drive from a retailer such as Amazon, Best Buy, or Walmart. Either way, the upgrade will cost you $140.

The installation is fairly simple. Using the detailed instructions provided by Microsoft, you reboot your PC and follow the on-screen prompts. The process takes about an hour depending on the age of your computer, the company says.

Before you begin that process, though, be sure to do a backup, preserving the contents of your computer on an external drive or in cloud storage just to be safe.

You’ll need at least 8GB of free space to download Windows 10 from Microsoft. You might consider loading the software onto a blank DVD or a USB thumb drive to start.

Microsoft also recommends that you consider buying a new PC. While clearly a more expensive proposition, it will be faster and more secure, according to a Microsoft spokesperson. It might even have a fingerprint reader and webcam that you can use to log in to Windows, security features that were rare just five years ago.

And a computer like that is less expensive than you might think. You can find laptops from well-known companies such as Asus and HP in our ratings for less than $500. You can even find a few good options for less than $300.

They might not be powerful enough for gaming and video editing, but if you’re looking for a Windows 10 laptop that lets you safely browse the web, watch a few video clips, and balance the family budget in Excel, then they’ll do nicely. 

Article provided by ContentMX and Consumer Reports.

The risk that a hacker will breach your manufacturing company’s data is already high — and rising. Forbes recently reported that 4.1 billion records were breached in the first six months of 2019, which is more than 50% over the same period in 2018.

Businesses in every industry and of any size are vulnerable to data hacking. But the manufacturing sector is victimized more often than many other industries. Over 50% of manufacturers suffered at least one data breach over the previous 12-month period, according to a recent survey. 

A single attack can hobble operations, lead to lawsuits and cost thousands, even millions, of dollars. IBM has calculated that the average cyberattack on a U.S. company costs $8.19 million. Then there are harder-to-quantify costs such as damaged relationships with customers, supply-chain partners and others. So, even if your company has some cybersecurity protocols in place, you owe it to stakeholders to ensure you’re doing your utmost to fend off cybercriminals.

Avoiding Assumptions 

Data hackers are creative and constantly adapting their schemes to security technology changes and as new opportunities arise. Hackers also come in many different guises. You shouldn’t assume, for example, that data breaches can only be launched from the outside by criminals in remote locations. Working from the inside, a disgruntled employee can just as easily (if not more easily) breach your network’s defenses and exact costly damage.

Also, whether you’re starting fresh or updating an existing cybersecurity plan, know that there’s no such thing as one-size-fits-all. Your company’s existing IT protections, products, customers and other factors will help determine the best plan for protecting vital digital assets. 

4 Steps

To design a cybersecurity plan that works for your company, consider taking the following four steps: 

1. Identify major risks. What do you want to protect? This may sound like an unnecessary question, but specifics matter and your resources are limited. For example, could someone hack the system behind your automated machinery and interrupt critical operations or cause malicious damage? Can customers safely make purchases on your website without fear of credit card theft? Is payroll data, including employee Social Security numbers, as secure as it could be? Work with department managers, internal IT staffers and outside professionals to address each issue separately and then include them in your larger cybersecurity plan. 

2. Get industry specific. Depending on what you manufacture, your company might face additional security obstacles. For example, the data storage practices followed by makers of health and beauty products generally are different from those of electronics manufacturers. Familiarize yourself with any relevant regulations and best practices that apply to your industry niche. 

3. Be ready with a backup. How important are system and data backups? Their existence can mean the difference between getting things back to normal within 24 hours and going out of business. Back up your data in multiple locations. This may seem like overkill, but you’ll be glad you have an extra backup if one set is lost or destroyed. 

4. Integrate parts into the whole. Assign individuals to be responsible for each piece of your cybersecurity plan. Also designate one person to execute the overall plan. This leader should keep other team members on track and monitor their progress toward meeting goals. 

Make It a Priority

Cybersecurity shouldn’t be relegated to the back burner — no matter how busy your business is right now. The stakes are too high. If you don’t have the internal IT personnel to develop and put in place a cybersecurity plan, find an experienced and reputable vendor to do it for you. Your professional advisors and fellow business owners should be able to provide recommendations.

Each second, more than 77 terabytes of internet traffic takes place online. As such, the internet has become a digital Silk Road that facilitates nearly every facet of modern life. And just as ancient merchants were sometimes beset by bandits on the actual Silk Road, today’s entrepreneurs can easily find themselves under attack from cyber malcontents working to derail companies through theft and disruption.

In recent years, headlines have spotlighted crippling cyberattacks against major corporations. While each corporate cyberattack resulted in millions of dollars in damages, most stories fail to mention the many data breaches that affect much softer targets: small businesses. According to Verizon’s 2019 Data Breach Investigations Report, 43% of breaches impacted SMBs.

You may not know when the next attack could occur, but taking proper precautions can hamper or completely stymie a hacker’s attempt at gaining access to your network. To help you avoid the mistakes of Target and, most recently, more than 20 government agencies, we’ve compiled info on why your SMB could be at risk and how to avoid a similar fate.

Why cyberhackers go after small businesses

When it comes to starting a small business, new owners have many decisions to make and often leave cybersecurity measures by the wayside. Unless they focus on shoring up their defenses, they may inadvertently end up leaving points of entry wide open for hackers. That can be a major problem. A report by the U.S. National Cyber Security Alliance estimated that 60% of all SMBs fail within six months of a cyberattack.

According to Towergate Insurance, SMBs often underestimate their risk level, with 82% of SMB owners saying they’re not targets for attacks. They believe that, researchers said, because they feel they “don’t have anything worth stealing.”

Stephen Cobb, a senior security researcher at antivirus software company ESET, said that SMBs fall into hackers’ cybersecurity sweet spot since they “have more digital assets to target than an individual consumer has but less security than a larger enterprise.”

Couple that with the costs associated with implementing proper defenses, and you have a situation that’s primed for intrusions. Since security breaches can be devastating to a SMB, owners are more likely to pay a ransom to get their data back. SMBs can merely be a steppingstone for attackers to gain access to larger businesses.

Cybersecurity attacks to look out for

Regardless of their target, hackers generally aim to gain access to a company’s sensitive data, such as consumers’ credit card information. With enough identifying information, attackers can then exploit an individual’s identity any number of damaging ways.

One of the best ways to prepare for an attack is to understand the different methods hackers generally use to gain access to that information. While this is by no means an exhaustive list of potential threats, since cybercrime is a constantly evolving phenomenon, business owners should at least be aware of the following types of attacks.

  • APT: Advanced persistent threats, or APTs, are long-term targeted attacks in which hackers break into a network in multiple phases to avoid detection. Once an attacker gains access to the target network, they work to remain undetected while establishing their foothold on the system. If a breach is detected and repaired, the attackers have already secured other routes into the system so they can continue to plunder data.
  • DDoS: An acronym for distributed denial of service, DDoS attacks occur when a server is intentionally overloaded with requests until it shuts down the target’s website or network system.
  • Inside attack: This is when someone with administrative privileges, usually from within the organization, purposely misuses his or her credentials to gain access to confidential company information. Former employees, in particular, present a threat if they left the company on bad terms. Your business should have a protocol in place to revoke all access to company data immediately when an employee is terminated.
  • Malware: This umbrella term is short for “malicious software” and covers any program introduced into the target’s computer with the intent to cause damage or gain unauthorized access. Types of malware include viruses, worms, Trojans, ransomware and spyware. Knowing this is important, because it helps you determine what type of cybersecurity software you need.
  • Man in the middle (MitM) attack: In any normal transaction, two parties exchange goods – or in the case of e-commerce, digital information – with each other. Knowing this, hackers who use the man in the middle method of intrusion do so by installing malware that interrupts the flow of information to steal important data. This is generally done when one or more parties conduct the transaction through an unsecured public Wi-Fi network, where attackers have installed malware that helps sift through data.
  • Password attack: There are three main types of password attacks: a brute-force attack, which involves guessing at passwords until the hacker gets in; a dictionary attack, which uses a program to try different combinations of dictionary words; and keylogging, which tracks a user’s keystrokes, including login IDs and passwords.
  • Phishing: Perhaps the most commonly deployed form of cybertheft, phishing attacks involve collecting sensitive information like login credentials and credit card information through a legitimate-looking (but ultimately fraudulent) website, often sent to unsuspecting individuals in an email. Spear phishing, an advanced form of this type of attack, requires in-depth knowledge of specific individuals and social engineering to gain their trust and infiltrate the network.
  • Ransomware: A ransomware attack infects your machine with malware and, as the name suggests, demands a ransom. Typically, ransomware either locks you out of your computer and demands money in exchange for access, or it threatens to publish private information if you don’t pay a specified amount. Ransomware is one of the fastest-growing types of security breaches.
  • SQL injection attack: For more than four decades, web developers have been using structured query language (SQL) as one of the main coding languages on the internet. While a standardized language has greatly benefited the internet’s development, it can also be an easy way for malicious code to make its way onto your business’s website. Through a successful SQL injection attack on your servers, sensitive information can let bad actors access and modify important databases, download files, and even manipulate devices on the network.
  • Zero-day attack: Zero-day attacks can be a developer’s worst nightmare. They are unknown flaws and exploits in software and systems discovered by attackers before the developers and security staff become aware of any threats. These exploits can go undiscovered for months, or even years, until they’re discovered and repaired.

How to secure your networks

Just as more companies continue to grow their businesses online, so, too, will the need for robust cybersecurity measures. According to Cybersecurity Ventures’ 2019 Cybersecurity Market Report, worldwide spending on such products will increase from $3.5 billion in 2004 to an estimated $170.4 billion in 2022.

For small businesses looking to ensure that their networks have at least a fighting chance against many attacks, that generally means installing any number of basic types of security software available on the market, each with varying levels of efficacy.

A hardware- or software-based firewall can provide an added layer of protection by preventing an unauthorized user from accessing a computer or network. Most modern operating systems, including Windows 10, come with a firewall program installed for free.

Along with those more surface-level tools, Cobb suggests that businesses invest in three additional security measures.

  • The first is a data backup solution so that any information compromised or lost during a breach can easily be recovered from an alternate location.
  • The second is encryption software to protect sensitive data, such as employee records, client/customer information and financial statements.
  • The third solution is two-step authentication or password-security software for a business’s internal programs to reduce the likelihood of password cracking.

As you begin considering your options, it’s generally a good idea to run a risk assessment, either by yourself or with the help of an outside firm.

Cybersecurity best practices

In addition to implementing some sort of software-based solution, small businesses should adopt certain technological best practices and policies to shore up vulnerabilities.

  1. Keep your software up to date. Hackers are constantly scanning for security vulnerabilities, Cobb said, and if you let these weaknesses go for too long, you’re greatly increasing your chances of being targeted.
  2. Educate your employees. Teach your employees about the different ways cybercriminals can infiltrate your systems. Advise them on how to recognize signs of a breach and educate them on how to stay safe while using the company’s network.
  3. Implement formal security policies. Putting in place and enforcing security policies is essential to locking down your system. Protecting the network should be on everyone’s mind since everyone who uses it can be a potential endpoint for attackers. Regularly hold meetings and seminars on the best cybersecurity practices, such as using strong passwords, identifying and reporting suspicious emails, activating two-factor authentication, and clicking links or downloading attachments.
  4. Practice your incident response plan. Despite your best efforts, there may come a time when your company falls prey to a cyberattack. If that day comes, it’s important that your staff can handle the fallout that comes from it. By drawing up a response plan, attacks can be quickly identified and quelled before doing too much damage.

Content provided by Microsoft and Business News Daily. 

The following has been excerpted from doc.microsoft.com.

This article applies to both Office 365 Enterprise and Microsoft 365 Enterprise.

On October 13, 2020, Exchange Server 2010 will reach end of support. If you haven’t already begun your migration from Exchange 2010 to Office 365 or Exchange 2016, now’s the time to start your planning.

What does end of support mean?
Exchange Server, like almost all Microsoft products, has a support lifecycle during which Microsoft provides new features, bug fixes, security fixes, and so on. This lifecycle typically lasts for 10 years from the date of the product’s initial release, and the end of this lifecycle is known as the product’s end of support. When Exchange 2010 reaches its end of support on October 13, 2020, Microsoft will no longer provide:

  • Technical support for problems that may occur;
  • Bug fixes for issues that are discovered and that may impact the stability and usability of the server;
  • Security fixes for vulnerabilities that are discovered and that may make the server vulnerable to security breaches;
  • Time zone updates.

Your installation of Exchange 2010 will continue to run after this date. However, because of the changes listed above, we strongly recommend that you migrate from Exchange 2010 as soon as possible.

What are my options?
With Exchange 2010 reaching its end of support, this is a great time to explore your options and prepare a migration plan. You can:

  • Migrate fully to Office 365. Migrate mailboxes using cutover, minimal hybrid, or full hybrid migration, then remove on-premises Exchange servers and Active Directory.
  • Migrate your Exchange 2010 servers to Exchange 2016 on your on-premises servers.
  • Recommended: If you can migrate your mailboxes to Office 365 and upgrade your servers by October 13, 2020, use Exchange 2010 to connect to Office 365 and migrate mailboxes. Next, migrate Exchange 2010 to Exchange 2016 and decommission any remaining Exchange 2010 servers.
  • If you can’t complete the mailbox migration and on-premises server upgrade by October 13, 2020, upgrade your on-premises Exchange 2010 servers to Exchange 2016 first, then use Exchange 2016 to connect to Office 365 and migrate mailboxes.

Contact YYTECH if you are using this Microsoft product version – we can help you evaluate and upgrade your systems as painlessly as possible.

Information excerpted from < https://docs.microsoft.com/en-us/office365/enterprise/exchange-2010-end-of-support>

The following has been excerpted from support.office.com.

Support for Office 2010 will end on October 13, 2020, and there will be no extension and no extended security updates. All of your Office 2010 apps will continue to function. However, you could expose yourself to serious and potentially harmful security risks.

Here’s what the end of support means for you after October 13, 2020:
Microsoft will no longer provide technical support, bug fixes, or security fixes for Office 2010 vulnerabilities which may be subsequently discovered. This includes security updates which can help protect your PC from harmful viruses, spyware, and other malicious software.

  • You’ll no longer receive Office 2010 software updates from Microsoft Update.
  • You’ll no longer receive phone or chat technical support.
  • No further updates to support content will be provided and most online help content will be retired.
  • You’ll no longer be able to download Office 2010 from the Microsoft web site.

What are my options?
We recommend you upgrade Office. Your options to upgrade will depend if you’re using Office 2010 at home or if your version of Office 2010 is managed by the IT department at your work or school.

Contact YYTECH if you are using this Microsoft product version – we can help you evaluate and upgrade your systems as painlessly as possible.

Information excerpted from <https://support.office.com/en-us/article/end-of-support-for-office-2010-3a3e45de-51ac-4944-b2ba-c2e415432789?ui=en-US&rs=en-US&ad=US>

The following has been excerpted from techcommunity.microsoft.com.

As revolutionary as SharePoint Server 2010 was at the time, our latest versions of SharePoint both on-premise and in the cloud through Office 365 have even more to offer. For customers who want to upgrade to the latest version of SharePoint on-premise, you will first need to upgrade to 2013, 2016, and finally 2019. Through advancements in both on-premise and hybrid cloud capabilities, SharePoint Server 2019 provides the benefits of years of cloud innovation, providing best in class IT and developer experiences, along with new user experiences that work the way users work. Customers can also choose to migrate their data directly from SharePoint Server 2010 to 2013 or to SharePoint Online.

Customers wanting to maximize their on-premise server investment should strongly consider migrating to SharePoint Server 2019 as SharePoint Server 2013 is already well into its own 10-year lifecycle.

Mainstream support for SharePoint Server 2010 ends in October 2020. SharePoint Server 2010 has been on extended support since then, which means only security updates are released. On October 13, 2020, Microsoft will completely end support for SharePoint Server 2010.

Here’s what End of Support means for you:

  • No critical updates were released in 2017 for SharePoint Server 2010 under extended support.
  • No security updates will be developed or released after end of support.
  • More importantly the operating systems supporting SharePoint Server 2010 are reaching or have reached end of support.

Lack of compliance with various standards and regulations can be devastating. This may include regulatory and industry standards for which compliance can no longer be achieved. For example, lack of compliance with Payment Card Industry (PCI) Data Security Standards might mean companies such as Visa and MasterCard will no longer do business with you. Or, the new cost of doing business will include paying catastrophic penalties and astronomically high transaction fees. In the worst case, lack of compliance can even result in lost business.

Servers running SharePoint Server 2010 are affected.
Both virtualized and physical instances of SharePoint Server 2010 are vulnerable and would not pass a compliance audit. Many applications will also cease to be supported once the operating system they are running on is unsupported. This includes all Microsoft applications, including Groove Server servers.

Staying put will cost more in the end.
Maintenance costs for aging hardware will also increase, and you will face added costs for intrusion detection systems, more advanced firewalls, network segmentation, and other security measures–all simply to isolate legacy server operating systems and SharePoint Server 2010.

Contact YYTECH if you are using this Microsft product version – we can help you evaluate and upgrade your systems as painlessly as possible.

Information excerpted from < https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/extended-support-for-sharepoint-server-2010-ends-in-october-2020/ba-p/272628# >

The following has been excerpted from doc.microsoft.com.

This article applies to both Office 365 Enterprise and Microsoft 365 Enterprise.

Project Server 2010 will reach end of support on October 13, 2020.

What does End of Support mean?
Project Server, like almost all Microsoft products, has a support lifecycle during which Microsoft provides new features, bug fixes, and security updates. This lifecycle typically lasts for 10 years from the date of the product’s initial release, and the end of this lifecycle is known as the product’s end of support. When Project Server 2010 reaches its end of support on October 13, 2020, Microsoft will no longer provide:

  • Technical support for problems that may occur.
  • Bug fixes for issues that are discovered and that may impact the stability and usability of the server.
  • Security fixes for vulnerabilities that are discovered and that may make the server vulnerable to security breaches.
  • Time zone updates.

Your installation of Project Server 2010 will continue to run after this date. However, because of the changes listed above, we strongly recommend that you migrate from Project Server 2010 as soon as possible.

What are my options?
If you are using Project Server 2010, you need to explore your migration options, which are:

  • Migrate to Project Online
  • Migrate to a newer on-premise version of Project Server (preferably Project Server 2019).

Contact YYTECH if you are using this Microsoft product version – we can help you evaluate and upgrade your systems as painlessly as possible.

Information excerpted from <https://docs.microsoft.com/en-us/office365/enterprise/project-server-2010-end-of-support>

The following has been excerpted from microsoft.com.

Windows has long been a leader in powering dedicated devices. Many of the ATMs, cash registers, and airport kiosks around the world run Windows Embedded 7. That operating system is based on Windows 7 (support for it ended January 14, 2020) and, similarly, Windows Embedded 7 extended support will end soon.

Microsoft offers Windows 10 IoT as the modern migration path for these devices, which includes the same security improvements, excellent application compatibility, and management flexibility as the rest of the Windows 10 family. It also has many advanced features like machine learning along with built-in cloud readiness. In addition, the latest Windows 10 IoT releases from October 2018 will be supported for 10 years, until 2028.

The affected devices range from the previously mentioned types to devices in industries such as healthcare, manufacturing, digital signage, and many more. Windows 10 IoT lets users leverage their existing skills in software development and management. Similarly, most current applications and peripherals can also continue to be used.

There have been many changes since Windows 7 was released almost 10 years ago. Some of the most significant for dedicated devices include information security and privacy, manageability, artificial intelligence (AI)/machine learning, and cloud computing. Windows 10 has countless advances in these areas. Here are a few highlights*:

Security—Trusted Boot, device encryption, and Device Health Attestation
Manageability—Azure IoT Hub, Microsoft Intune, and Device Update Center**
Deployment—Azure IoT Hub Device Provisioning Service and Windows Autopilot
AI/machine learning—Windows machine learning and cognitive services
Cloud computing—Azure IoT Edge support

In September Microsoft announced that they will offer paid Windows 7 Extended Security Updates (ESU) through January 2023. This also applies to the Windows Embedded 7 family of products. These updates are sold through our embedded partners, so interested customers should contact their device manufacturer.

Now is the time to migrate to Windows 10 IoT and move to modern.

Contact YYTECH if you are using this Microsoft product version – we can help you evaluate and upgrade your systems as painlessly as possible.

*Some of these services require an additional subscription.
**Device Update Center only applies to Windows 10 IoT Core.

Information excerpted from <https://www.microsoft.com/en-us/microsoft-365/blog/2019/01/14/move-to-modern-windows-10-iot-safer-smarter-cloud-ready/>

Yeo & Yeo Technology is proud to announce its achievement of Fortinet Gold Partner status. Fortinet is a leading network and cybersecurity provider.

Fortinet Gold Partner“Our partnership with Fortinet reflects our shared values, providing high-quality security solutions,” says Jeff McCulloch, President. “Achieving Gold Partner status allows us to continue to grow our partnership and offer a broad range of services for new and current clients.”

YYTECH partnered with Fortinet in 2010, offering next-generation firewalls, endpoint protection, network security, and secure access switching and wireless networks. To become a Gold Partner, YYTECH had to achieve proven success with Fortinet solutions and demonstrate commitment to the continued adoption of future Fortinet technologies. YYTECH technical and sales staff had to complete additional training and certification as part of the Gold Partner requirement.

Fortinet Gold Partners deliver the full spectrum of Fortinet’s solution set and retain certified staff to assist with any variety of implementation needs. They are recognized for their superior customer service and support capabilities.

“We are proud to have Fortinet as a strategic partner, offering some of the best-performing security devices on the market for our clients,” said McCulloch. “Fortinet’s solutions are a complement to our other strategic partners in offering complete security solutions.”

Scaling up a corporate security department can be an exercise in futility. These organizations need to cover multiple areas of expertise, from classic IT security to physical security, compliance, regulations, secure coding, incident handling and legal/privacy, all while facing the need to run lean.

The reality is that security is becoming more than an engineering exercise. Culture and education of security is a necessity in a modern organization. Without it, we are bound to fail. Over the past year, I have focused on keeping a small and lean security organization, all the while evangelizing a security champion program to spread and, most importantly, live the mission.

Through this program, we channel our champions into “front-line support” on everything related to security. These advocates know their businesses better than any of my security engineers could, and they are deeply embedded in their organization’s culture. And, as a result, they can provide the best context for security decisions. Our role is to equip them with our services and security expertise.

I’ve been on the front lines running (and also challenging) security organizations for years. During this time, I’ve experienced firsthand how the push and pull of scaling a security team manifests itself. Pull toward one side (try to focus your resources on an “emerging” or “critical” issue), and you end up exposing the other (less pertinent issues or technologies). Hiring more security staff doesn’t scale, as the areas that need coverage will almost always be exponentially larger.

Equip Your Teams

However, what if more of that “uncovered” area had appropriate security expertise in it? What if you could lower the attack surface in a systematic manner across the organization — not through buying more tools and products, but through going deeper into the root cause of those problems and addressing them by creating champions out of the resources and people at your disposal?

Let’s consider Verizon’s “2019 Data Breach Investigations Report (DBIR),” which analyzed 41,686 security incidents (among them, 2,013 were confirmed data breaches). The report shows that web applications are the top breach target for hackers. This means that addressing vulnerabilities and exposure in web applications brings a significant return on investment compared to other areas of focus.

Equipping development teams with the knowledge and skills to identify and address security issues through the application development life cycle has been around for decades — secure software development life cycle (SDLC) methodologies. Yet, it is still a major investment.

Consider Your Code Quality

I’ve yet to see an SDLC implementation that was simply taken “off the shelf” and applied to an organization. It takes time, an understanding of how development works in your organization and collaboration from the development teams. However, more than anything, it’s about code quality, not just a pure security play. Less breakable code, no matter if it is security-focused or performance-focused, is better code. Period.

In every implementation of an SDLC that I’ve had a chance to work through, I’ve always partnered with development stakeholders to ensure that, at the end of the day, developers get more tools and knowledge to improve their code. And they end up more receptive to those efforts because it’s about the work they do, and not a security measure forced down their throats. Take a hard look at how your development outputs affect your attack surface and the impact that a code improvement can make to your risk exposure.

Before throwing expensive “it was on the best-practice list of tools to deploy” products into your budget or hiring another couple of security engineers, consider how a strong security champions program and a reframing of the problem at hand can deliver the most return on investment.

Article provided by Partner On and Frobes.com.

As you compile your organization’s IT budget for 2020, a familiar concern will likely top the list: security. According to a survey by TechRepublic, security and cloud services are the two top priorities heading into the new year, but other priorities are gaining in importance. 

While priorities have changed, IT budgets still comprise an average of 10% of total budget spending heading into 2020. We have identified some considerations for planning your organization’s IT budget for the coming year.

Software and Hardware Updates
Making room in your budget for software security upgrades is critical. While some, such as Microsoft Office 365, automatically push out updates and patches, it’s important to stay on top of third-party patching for your Windows devices. Third-party patches from Adobe, Google Chrome or Flash should be easy but can be a hassle. Investing in patch management software will help keep you secure while saving time and resources.

Going into each new year, it’s important to consider the state of your hardware to ensure efficiency, effectiveness and security. Consider the following:

  • Do your PCs and servers still have enough storage space?
  • How old is your current hardware?
  • Are your devices running slow?
  • Is your network running slow?

Consider investing in a Managed Services package to cover all hardware and software management.

Cybersecurity Monitoring and Training
Ransomware and malware continue to be major threats for business owners and IT professionals. Incorporating a 24/7/365 cybersecurity monitoring solution allows trained professionals to act on threats to your network in real time. This keeps your organization safe from cybercrime while staying compliant at the same time.

Education is a key factor in prevention and Security Awareness Training is a cost-effective way to train employees to notice warning signs and stop an attack before it strikes. Data shows employees who are tested show a drop in phish-prone percentage from an average of 15.9 % to 1.2 % in just 12 months.

Microsoft End-of-Support Applications
Several of Microsoft’s applications, including Windows 7  will no longer be supported. Any applications that are being used after their end-of-support date immediately become a threat to your network since they will no longer be patched for vulnerabilities. Additional Microsoft products reaching end-of-support in 2020 include:

  • Hyper-V Server 2008 (January 14, 2020)
  • Windows Server 2008 (January 14, 2020)
  • Internet Explorer 10 (January 31, 2020)
  • Office 2010 – Including Outlook, Word, Excel, and PowerPoint (October 13, 2020)
  • SharePoint 2010 (October 13, 2020)

Additionally, Windows 10, versions 1809, 1903 and Systems Center, version 1807, will move into retirement in 2020. Upon retirement and end-of-support, these products will no longer receive new security updates, non-security updates, free or paid assisted support options or online technical content updates.

If you would like to learn more about planning your IT budget or YYTECH’s suite of services, contact us today.

Sources

TechRepublic Premium: 2020 IT Budget Research Report

ZDNet: 2020 IT Budgets Increase as Priorities Grow

Yeo & Yeo Technology welcomes Matt Ruhlig to the company as sales manager. Ruhlig will be responsible for overseeing the day-to-day sales functions for the organization while managing a team of inside and outside sales professionals.

“We are excited to welcome Matt to YYTECH,” says Jeff McCulloch, President. “He brings a fresh perspective and approach to our sales group and is a great addition to our leadership team.”

In addition to leading the sales staff, Ruhlig will advise management on ways to maximize business relationships and enhance client service.

Ruhlig has more than 10 years of sales and account management experience and is a graduate of Central Michigan University. He holds a Master of Science in Administration and a Bachelor of Applied Arts in Recreation Administration and Facility Management.

 

Ask yourself: What is the point of the efficiency and mobility advantages technology has provided us if they can be canceled out by burdensome security required to battle the constant threat of attack?

At Yeo & Yeo Technology, we know we can do better. That’s why we believe in Microsoft 365 E5. The versatile, holistic security it provides is the key to making technology work for us, not cybercriminals.

Learn how Microsoft 365 simplifies user access.