Blog

Social engineering tactics let hackers take cyber attacks to a whole new level by focusing on a specific target. This kind of special attention and extra detail can often be just enough to fool users into clicking, downloading, or otherwise helping a hacker get exactly what they want.

Here are 5 of these scams you should know how to spot and avoid.

• Phishing – The most common type of social engineering scam, phishing is typically done through email. By posing as a financial institution or government agency, hackers send out urgent-seeming emails that contain malicious attachments or embedded links that when clicked release malware onto your system.
• Baiting – Like phishing, these emails often appear to come from a legitimate source. Rather than relying on scare tactics these emails instead offer the target some sort of incentive to open attachments or click on links, like a free gift card or a free mobile phone or tablet.
• Tailgating – This low-tech tactic is still surprisingly common. By pretending to be a fellow employee who forgot their badge or a delivery person, a scammer will ask you to open a door for them that will allow them access to workstations or restricted areas.
• Pretexting – Another form of phishing, this has a hacker pose as a C-level employee or a supervisor from another department and send an email asking for sensitive information like passwords. They might also send an attachment that contains a hidden malicious payload.
• Quid Pro Quo – Much like baiting, this tactic has hackers pose as someone who can help the target with a task in exchange for information. Typically this ruse involves the hacker pretending to be IT support, offering to fix a non-existent problem in exchange for login credentials.

Contact InfiNet Solutions at [email protected] or (402) 895--5777 to learn more about social engineering scams, and the steps you can take to protect your business from this type of cybercrime.

Learn to run Microsoft Office 365 reports.  Use step-by-step instructions to create reports of data reflecting your company’s network user behavior and more.

Joe, tech newbie at the Something, Inc. company, is aware of an intriguing-sounding data-generation and reporting platform called Office 365.  But, it’s mysterious.  Counter-but, Jane, senior tech admin across the hall, insists the platform offers astounding insights into critical company systems usage, reflecting every sort of enlightening information about employees email usage, about licenses employees, are actually using and which are just lying idle, unproductively gathering cyber dust, and triggering fee accruals for no apparent reason, and about potentially emerging network security threats.

What Office 365 Can Do

Microsoft Office 365 supplies reporting to administrators reflecting how, and how much, your business is utilizing Office 365 services.  The reports filter data, identify potential cost, performance, and spend issues, as well as security issues including rule detection, malware, and spam, among others.  Report data is downloadable to Microsoft Excel and, users can create their own reports, with the Office 365 reporting web services.

Updated Office 365

Jane further pushes the point to Joe and other network admin types around the proverbial water cooler that Office 365 has recently undergone a revamp.  She just won’t let it go.  “Office 365 is now much simpler,” yammers Jane, “simpler to navigate, to view reports in, and to download reports from.”

Joe investigates.  He’s a self-starter, and he also recognizes the fascinating and impactful possibilities inherent in employee behavior data-mining?  So do the CEO, CFO, and all of the other C-suite people now buzzing about it.

Competitive Edge

In fact, Jane and all of the other tech wizards around Joe’s cutting-edge company are further yammering about companies who neglect to take advantage of their own available data on internal activity short-changing themselves in terms of opportunities to increase margins by simply being informed on facts that can drive everything from device-buying decisions, to team configurations across departments from R&D, to sales, to fulfillment.

Office 365 Dashboard

People with Office 365 global administrator roles can access Office 365 reports.  (Ideally, these roles are kept to a select few in any company, to minimize security risk.)  Admins for Exchange, Skype, SharePoint, and Skype for Business are authorized for access.  Reports reader-only roles can be afforded limited access to view reports as well.

First, Joe just peeks into the Office 365 portal.  But, he doesn’t want to leave.  Why would he? The dazzling Office 365 reports dashboard really is a rather spectacular sight to behold, with all of its colorful populated graphs and cool real-time gauges.  All very Trekky indeed.

Hmm.  But, which report to select?  There are more than 40 internal licensing and user behavior reports offered in Office 365 Reports, across 11 information categories, including Licensing, Group, Invoice, Lync, Mail Traffic, Mail Size, Mail Boxes, Mobile, Partner, Security, Sharepoint, and Users categories, each with multiple report options in its class.  A tantalizing proposition for a tech-savvy data diver like Joe, with an eye to optimizing systems admin efficiency.

Office 365 Reports

Joe is practical.  He embarks on just a brief overview of several reports, then takes himself on a sample walk-through the process of viewing Office 365 pre-configured reports, and extracting information from the various O365 data report categories.

Not a time-waster, Joe mills around briefly, perusing the many interesting reports featured in the most common report categories available to typical O365 subscriptions—Email activity, Mailbox usage, and Office activations.  Some that catch his eye include:

• Unused Services Report (under the Licensing Reports subdirectory) — A report of licensed users with unused services.
• Mailbox Item Count Report (under the Mailbox Size Reports) — A report of mailboxes by the number of items.
• Mailbox Forwarding Report (under Security Reports) — (A report of all mailboxes that are forwarded outside of your organization.
• Outgoing Mail Traffic (under Mail Traffic Reports) — (Top Mail Senders)
• Incoming Mail Traffic (under Mail Traffic Reports) — (Top Mail Receivers)
• Devices By Mailbox (under the Mobile Reports) — All ActiveSync devices by mailbox
• Group Reports (under Group Reports) — List and export extended group details.
• Invoice (under Invoice Reports) — 365 Command Invoice

Office 365 Reports Dashboard

It’s Joe’s moment.  It’s a new day.  He takes a few minutes to now try his hand at running a few reports.  He simply follows the intuitive little process of logging in, selecting reports, executing the few prominently displayed command options, and hitting the big green Generate Report button.  Here’s how it went down.  First, he followed these supremely easy instructions for logging into Office 365 and accessing the collection of O365 Reports:

1. To access the Office 365 dashboard, log in using your Office 365 administrator’s account at https://portal.office.com/adminportal/home.
2. In the Office 365 administrative center, select Reports from the horizontal main menu bar along the top of the page, to view the primary categories of reports.
3. Select Usage.

Generating Reports in Office 365

Next, Joe plunges into Office 365 report generating functions.  (Wait till you see how easy this is.)  He shops around in the Mailbox Traffic Reports category and learns how to generate a couple of reports there.

Mailbox Traffic Reports

Reports in this category allow you to analyze your company’s Office 365 mailbox activities. These reports reveal the amount of spam passing in and out of your employees’ mailboxes, which users send or receive the most email, who are receiving a lot of spam or malware, among other information.

Such information can zero in on anomalies in emailing activity across the organization.  For example, it allows easy identification of mailboxes that originate suspicious activity or that are being targeted by it, from external or internal source email accounts before a user’s routine is disrupted.

Anyway, let’s just run a couple of reports along with Joe and see how it goes using these simple instructions.

1. See the menu of primary report categories along the left margin of the page.
2. Click Mailbox Traffic Reports accessing the drop-down sub-menu of reports in that category.
3. See the Mailbox Traffic Reports main menu along the left page margin. Interesting and useful reports in this category include these, among others:

• Mail Traffic Summary
• Email Activity by User
• Top Sender
• Top Recipient
• Top Spam Recipients
• Top Malware Recipients
• Detailed Mail Traffic
• Spam Traffic Summary
• Domain Traffic Summary
• Malware Detections
• Spam Detections
• Mail Traffic Policy Match Summary
• Email Activity By Group
• User-to-User Email Activity
• Mail Activity by Connector

Email Activity by User Report

Joe decides to first run the Email Activity by User Report.

This report is packed with fascinating data on email interactions.  All of your users’ email account addresses appear on the report, along with the number of emails each user has sent internally, received internally, sent externally, and received from external email correspondents.

Continuing the report selection and generation process in progress:

1. Click the Email Activity by User report.
2. See the Email Activity report launch page. This page is your command module for setting the report parameters.  In the Email Activity report, you can click the tiny Delete Columns icon to the top right of the data fields section, to delete unwanted columns of data.  The standard data columns included are:

• Date
• Mail Address
• Inbound
• Outbound
• Internal Sent
• External Sent
• Internal Received
• External Received

1. Delete unneeded columns before generating the report.
2. Select the big green “Generate Now” button to run the report.
3. Just view the report and leave (or go view other reports as desired), or…
4. Select the red “Download” button on the toolbar at the top of the page, or select “Export As”, and follow the commands for exporting the report file to your desired target application.

Notice the fascinating data. All of your users’ email addresses appear on the report, along with the number of emails sent and received internally and how many each user sent to and received from their external email correspondents.

Congrats.  You did it.  You’re as good a user as Joe now, and he’s a tech hire.

Top Spam Recipients Report

Let’s say you’re still logged in.  You can move on to generate other reports, like this exciting spam report, by yet another just extremely simple process.  Here’s how this one goes.

1. At the top of the Office 365 dashboard, select Reports, to view all of the report categories.
2. See the menu of primary report categories along the left margin of the page.
3. Click Mailbox Traffic Reports accessing the drop-down sub-menu of reports in that category.
4. Select the “Top Spam Recipients Report” from the Mailbox Traffic Reports menu along the left margin of the page.
5. See the Top Spam Recipients Report launch page. (In this Top Spam Recipients report, you can use the date range command box in the middle of the page to access the pop-up calendar.
6. Click on the pop-up calendar, and select dates to create the date range across which you want to capture spam recipient data. Data columns included are:

• Date
• Direction
• Domain
• Event Type
• Message Count

In this report, you can click the tiny icon to the top right of the data fields section to Delete Columns of data.

1. Delete any unwanted columns before generating the report.
2. Select the big green “Generate Now” button to run the report.
3. Just view the report and leave (or move on to view other reports), or…
4. Select the red “Download” button on the toolbar at the top of the page, or select “Export As”, and follow the commands for exporting the report file to your desired target application.

Sweet.  Another successful report generation for you and Joe.  What a happy 5-out-of-5-stars user experience.  Score Office 365.

VERY COOL NOTE:  You can click the small Schedule icon to the center-right of the launch page for a given report, to access a set of commands for scheduling the report to run at set intervals. You can order the reports to be emailed to administrators, and/or exported to XLS (Microsoft Excel), PDF (Adobe Acrobat), CSV, or HTML formats.

ANOTHER GOOD NOTE:  While you’re creating reports, you can access the Office 365 user Help menu by clicking the “?” icon at the top right corner of the page, at the right end of the toolbar. There are additional functions in the report modules, including commands to access Office 365 settings

Office 365 Features

Joe, now satiated and barely caring that he just cut 12 minutes into happy hour, muses at the abundant yield of information acquired in the pair of remarkable internal reports he’s just generated in those few minutes.

He marvels at the vast newly opened potentialities for company program and project benefits from the immense store of knowledge available from the information found in the elemental data underlying the internal world of his company, and every team, program, and project within it.  He sees…

Office 365 is transformative.  No question about it.  With Office 365:

• Data metrics updates trigger directly from internal users’ device profiles and real-time activities.
• The array of reports available in Office365 ideally fills a new business need.
• It’s a powerful information tool for gleaning from reports, to add value to teams and projects.
• As Joe has confirmed, first-hand, the freshly updated 365 is now supremely simple to use.
• The cloud-based reporting system is incredibly bleeping convenient.
• In fact, the platform offers abundant other premium data collection and user conveniences.
• And, with the array of access-friendly support services, admins can have greater peace of mind during integration and regular operations.

Such streamlining of a data-based reporting and analytics software platform is enough to leave the data-adoring financial analyst and Office 365 admin like Joe momentarily speechless.  He may tear up a little.

Office 365 Benefits

As Joe, and every other managerial and admin type, quickly discovers upon peeking in Office 365 access portal, there’s a lot going on in there that companies bent on staying out in front of the pack in their consumer and employment markets do need.

Relevant reminiscence:  Back in the day, before Microsoft recently unveiled Office 365 upgrades, users were at the mercy of their own scripting skills to perform cumbersome feats of tech brilliance in the O365 Power Shell—all to accomplish what are now the easy little reporting tasks we’ve just zipped through here in under 10 quick steps each, per the easy instructions above.  It’s a great time to be alive.  That’s why there’s so much excitement among the network admin crowd, around the now completely painless and ultra-user-friendly, enhanced Office 365 functionality.

For More Information

Microsoft Office 365 is a transformative technology, provided to give small businesses and mega-internationals alike the unparalleled benefit of information on internal activities, to optimize roles, maximize engagement and productivity, and minimize wasted spending across their organizations.  For more information on Office 365 functions and integration.

The three Titans, Google, Microsoft and Apple address security issues with KRACK.  

Just when everyone thought Wi-Fi was safe, that illusion was recently shattered.  Security researcher Mathy Vanhoef has discovered a vulnerability that he’s calling “KRACK.”  The flaw is in the WPA2 protocol, and everyone’s Wi-Fi network is at risk of being hacked.  The vulnerabilities include HTTP content injection, packet replay, decryption, TCP connection hijacking and more.  Hackers could gain access to credit card numbers, photos, passwords, and emails. The WPA2 woes will have an impact on both home users and business users.

Apple, Google, and Microsoft

Microsoft was the first Titan to respond to the news. “We have released a security update to address this issue, says a Microsoft spokesperson in a statement to The Verge.  Customers who apply the update, or have automatic updates enabled, will be protected.  We continue to encourage customers to turn on automatic updates to help ensure they are protected.  Microsoft says the Windows updates released on October 10^th protect customers, and the company withheld disclosure until other vendors could develop and release updates.”  Apple is also on top of its game.  Patches and fixes for tvOS, watchOS, macOS, and iOS are in beta and will be released in a software update shortly.  Google is scrambling to fix the issue and will do patches on any affected devices over the next few weeks.

The new security flaw has been described, innovative and unprecedented, and it’s really up to the Titans to properly address the problem.  Apple, Google, and Microsoft are fully aware that once they fix this vulnerability, another one will be on the horizon.  Cybercriminals will always find and exploit vulnerabilities.  It’s always an endless cycle.

Other smaller tech companies have also responded to the KRACK security bug.  “Cisco also said it had published a security advisory to detail which products are affected, and a blog to help customers better understand the issue.  Fixes are already available for select Cisco products, and we will continue publishing additional software fixes for affected products as they become available,” a spokesperson said.  “Intel confirmed it was working with its customers and equipment manufacturers to implement and validate firmware and software updates that address the vulnerability.  It also released an advisory.”

What Consumers Should Do About the KRACK Security Bug

All Wi-Fi users should take steps to protect themselves and their devices. They must manage their router patches and settings.  In addition, consumers should avoid using public Wi-Fi networks.  Any security updates provided by Apple, Google, and Microsoft should be installed on both routers and devices. Norton offers a Wi-Fi vulnerability alert and privacy.  It will encrypt traffic and protect against identity thieves.  Your information will be invisible to hackers.

Public Wi-Fi is a top target for cybercriminals.  It’s important to note that these Wi-Fi access points aren’t well secured.  Airports, coffee shops, shopping centers, and hotels are prime hunting ground for hackers trying to steal personal information.  KRACK is just another tool in the cybercriminals arsenal.

For consumers whose smartphones, PCs and routers don’t yet have updated solutions, there are still some steps that can be taken to protect online privacy.  VPN software can offer protection since it encrypts all traffic.  Although changing a Wi-Fi password won’t specifically prevent a KRACK attack, it’s still advisable.

How do attackers implement KRACK?  There are several conditions that must be met.  First, the cybercriminal must be within physical proximity of the user. Second, the user’s device must be wirelessly enabled.  Third, the cybercriminal executes a man-in-the-middle to intercept traffic between the user’s device and the wireless access point.

Decades to Uncrack KRACK

It will take decades to uncrack KRACK.  The challenges go way beyond a mere patch and are not limited to just tech devices.  For example, the company Netgear took immediate action after the KRACK attack.  Fixes were available for dozens of router models.  But, the company makes over 1,000 router models.  Each needs to be tested, and the company will need partners to do a full fix.  How long will that take?  These challenges aren’t unique to Netgear either.  It just underscores how ill-prepared the industry is in this type of calamity.  This just covers routers, too.  What about Wi-Fi IoT devices?  The KRACK vulnerability could affect security cameras, garage doors, and even appliances.

Keep in mind that “There is no evidence that the KRACK vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections, read a statement published by a Wi-Fi industry trade group.  This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users.  Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.”  That should keep consumers and businesses from panicking.

All around, the key to fighting a cyberattack is in the hands of the top three Titans and other major players in the technology industry.  New defensive strategies must be employed, and the public needs to be educated and updated on current threats when using technology for home or business.  However, with Google, Apple, and Microsoft at the helm, we should all be in good hands.

Is Your Charitable Organization at Risk?

If tomorrow’s headlines read your non-profit organization’s data and donor info was breached, what would be the ramifications?  Are you taking enough appropriate steps to stop cybersecurity threats?

Is Your Charitable Organization at Risk?  Cybersecurity Tips for Non-Profits

Almost weekly, we hear about an internet or computer security breach at a large retailer, bank, or recently, a major credit reporting service.  These breaches create problems for not only the companies involved but for their customers.  Personal information is often exposed, and the carefully crafted reputation a company may have built for years or decades can be destroyed.

As of yet, we haven’t heard of any major breaches at a non-profit organization.  The key words are “as of yet.”  Non-profits often store a significant amount of data about their board members, employees, volunteers, donors, corporate supporters, and more.  A security breach for a non-profit will not only be embarrassing but it could have significant adverse effects on future funding. These are some of the reasons non-profits should be proactive in taking steps to button up computers and online security.  Here are nine cybersecurity tips of which non-profits should take note.

1. Increase the difficulty of your passwords and change them at least quarterly. If your organization is using simple passwords because it is “easier”, you should keep in mind it also makes it easier for others to gain access.  Many experts agree that the most secure passwords should be a random series of eight letters and numbers with at least two capital letters included in the sequence.  With the frequent turnover in staff members and volunteers, passwords should be changed at least every three months.  Don’t allow staff to write their passwords on Post-It notes attached to their computers.    It happens.
2. Set security protocols for staff and volunteers in writing.  Don’t assume those around you know about phishing and spear phishing and the dangers lurking behind pop-up ads and downloads. Many non-profit organizations have older volunteers who may not be aware of the latest dangers and tactics being used to gain access to data.  Having staff and volunteers sign off on a one-sheeter acknowledging they understand basic security guidelines can demonstrate they are aware of the potential problems.
3. Upgrade security software. Of course, non-profit budgets are tight but they will get much tighter if there is a breach in your data and donors feel their information is not secure.  Make it a point to get security software from a major supplier that you can feel comfortable with and keep it updated.  Providing a secure firewall or malware protection after experiencing a cybersecurity attack will do little to build confidence in your organization.
4. Upgrade computers and hardware.  The older your equipment is, the more likely it is susceptible to a cybersecurity threat. Board of directors may not be willing to invest in new computer systems just because of the bells and whistles they include.  If the security of their sponsor and donor data is at risk, however, it may get their attention and provide support for new equipment.  If your non-profit has not looked into TechSoup for deep discounts on software and hardware, it should.  The application process can be a bit tedious but the savings are significant.
5. Make sure your online donation processing is impregnable.  It is critical your donors have absolute confidence when making online donations. While services like PayPal are simple and relatively easy to set up, they may not instill the confidence of a more robust payment system.  Giving donors payment options can also help facilitate more and more frequent donations.
6. Limit access to important files and data. One of the benefits of working for a non-profit is that there is often a team atmosphere, with staff and volunteers working toward a common goal.  Unfortunately, this can lead to sloppy security and over-sharing of files and data.  Computers may be left unlocked when not in use and unnecessary personnel may have access to sensitive files.  Limiting access will not only protect your information in-house but will help in limiting external access.
7. Back up data on an external drive.  How quickly can your organization restore current data and software if you had a significant hard drive crash? Computers are generally more stable than ever, but this can lead to a false sense of security and even complacency about backing up data.  Make sure data is backed up regularly and frequently and the back up is kept off-site.  This can be done in the cloud, on a CD or on an external hard drive.  If the hard drive on your computer or server were to irretrievably crash today, what would the ramifications be?  If you don’t know or if the word “disaster” comes to mind, create an off-site backup and restoration plan.
8. Get professional assistance.  If you are not confident in the steps you are taking in keeping your organization’s data secure from threats, get the advice of someone experienced in the field. Discuss cybersecurity with other profit and non-profit organizations you may come in contact with and ask for recommendations.  Cybersecurity doesn’t have to be that complicated when it is made a priority but if you are not comfortable taking it on, get the help of an expert.
9. Document the steps your organization takes to protect the security of its data. In the event of a cybersecurity attack, it won’t take long for fingers to be pointed and blame to be placed.  This is why it is important to have a security plan in place and document what is being done.  This can demonstrate, even after the fact, that your organization was aware of the possibility and was taking proactive steps to keep its computers and data safe.  This should include how your social media is handled and who is responsible for it.

Make cybersecurity a priority, get everyone involved, and document your plan and processes. Greater awareness can go a long way in protecting the data of your non-profit organization.