Blog

Companies today operate under strict regulatory conditions. Complying with those regulations can be daunting, but failure to do so has serious implications. Managing compliance, therefore, is imperative. Microsoft offers Compliance Manager, a unique cross-Microsoft-Cloud tool, that allows organizations to manage and navigate the complex terrain of regulations. Here is how Compliance Manager works to help your company comply with the law and applicable regulations and standards.

Who is Compliance Manager For?

Compliance Manager is for any company or organization that needs a comprehensive and proactive tool to assess, track, verify regulatory compliance and assign tasks related to the same. Anyone who must comply with regulations or standards like the following would benefit from this tool:

• EU General Data Protection Regulation (GDPR)
• Health Information Portability and Privacy Act (HIPAA)
• International Organization for Standardization (e.g., ISO 27001 and ISO 27018)
• National Institute of Standards and Technology (NIST)

Essentially, the tool allows you to protect data and meet regulatory requirements via Microsoft cloud services.

What are Compliance Manager’s built-in features?

Compliance Manager features various tools to help your organization comply with regulations and standards pertinent to data protection and security. Here are three specific capabilities featured:

1. Assessment. The tool allows you to assess compliance from one place. Risk assessments are conducted on an ongoing basis.
2. Protection. Users can protect data across all devices, applications, and cloud services by using encryption, controlling access, and implementing information governance.
3. Response. Users can respond to regulatory requests through the incorporation of eDiscovery and auditing tools that allow you to locate relevant data for meaningful responses.

Through these features, Compliance Manager works to help you stay in and proactively manage compliance.

How does Compliance Manager Work?

Compliance Manager works by utilizing a single dashboard to see compliance stature. The dashboard provides summaries of your company’s assessments and action items. From those summaries, you can access controls and tools like exporting data to Excel.

You create assessments for the regulations and/or standards that matter to your company using Office 365, Azure, or Dynamic 365.

From these assessments, you receive actionable insights and detailed information about what Microsoft does to secure your data and help you comply with regulations.

Assessments

On the Assessments page, you are provided snapshots of your company’s compliance with specific regulations and standards — like those listed above — assessments of each.

For instance, compliance snapshots of your company will identify your company’s overall compliance with regulations like GDPR or standards associated with NIST or ISO. Each category is provided a “Compliance Score,” and the higher the score, the better your compliance stature.

On the same page, you are also provided with snapshots of assessments for each of these same categories. An Assessment Status is provided to let you know the status of the current assessment (e.g., in progress).

Under each of these snapshots, whether it is for compliance or assessment, you are additionally informed of:

• The created date;
• The modified date;
• The number of customer-managed actions and the number of those actions that have been addressed; and
• The number of Microsoft managed actions and the number of those actions that have been addressed.

Action Items

This page provides guidance on actions that could or should be taken to increase your Compliance Score. These are recommendations and are up to the company to implement.

Controls

Controls are the core of how Compliance Manager works. There are two controls: Microsoft and Customer.

Microsoft managed controls is a family of controls that align your company assessments with the standards and regulations. They are managed controls used to implement the assessment and assess compliance. Customer-managed controls, on the other hand, are controls that you as an organization manage. Here, you can implement actions recommended by Microsoft to increase your Compliance Score.

Compliance Manager is a tool to simplify compliance for organizations. It offers real solutions to a complex problem.

It doesn’t matter whether you are a 10-person team or a Fortune 500 conglomerate, relocating your office is going to take some planning and forethought. The last thing you want is to be forced to close up shop for an extended period, stalling your business due to unexpected issues.
Moving your office should signal growth to your client base; not chaos. So how can you take your business to the next level – and the next address? The key to a successful transition is preparation. You have a marketing strategy … a client care strategy … and a business building strategy … so why not a moving strategy?

Creating a Plan

It is never too early to start planning your big move. This means devising a plan for individual departments as well as the business as a whole. Remember, time is of the essence when it comes to moving an office. The faster you can get your new digs up and running, the faster your team can get back to work.
The first thing you need to do is to appoint a moving manager. This is the point man designated with coordinating the entire office relocation. This includes everything from packing up all necessary files and ordering new stationery to make sure every department has what they need to work on the go for a few days.

More than just a packing or moving expert, the relocation manager knows exactly what is necessary to get your office from point A to Point B with as little downtime as possible. Once you have a moving manager in place, it is time to begin assigning teams to handle individual aspects of the move.

Hire Professional Movers

Not every commercial moving company is equipped to handle large office relocations. Be sure to choose a company that understands the nuances of relocating a business. Remember, they will not be simply moving your desks and chairs from one place to another; they will also be responsible for securing sensitive files and making sure everything makes it to the new location safely.

Equip the IT Department Properly

One of the trickiest parts of moving an office is disconnecting and reconnecting quickly and efficiently. This can only be accomplished if your IT department has what they need to succeed. Here are some tips to create a hassle-free environment for them to work in:

• Give the IT department at least three months to plan the transfer. This will include developing a step-by-step outline for the move.
• Evaluate the new space well in advance of the move
• Order upgraded equipment weeks before moving day to ensure everything has arrived
• Coordinate all installations for several days before the actual office move
• Make sure that all cabling is installed and tested prior to moving day
• Move the IT department first. This will allow them to work to get the rest of the office up and running while boxes are still be brought to the new site.
• Install and test all work stations prior to the first scheduled workday in the new office.

Relocating an office can be exciting, but that doesn’t mean the process is always easy, or that it will run smoothly. A lot of things can go wrong if you don’t plan properly, so be sure to follow the guidelines here to ensure that your staff isn’t stressed and your clients don’t feel abandoned during the move. When handled properly, you should be able to move the entire office and have everyone back to work within a day or two.

Moving soon? Contact InfiNet Solutions to arrange a complimentary consultation on how we can assist in the technology side of your office move.  Call (402) 895--5777 or drop us an email.

If you’re like most people, you’ve got valid concerns about your personal privacy while browsing the internet. After all, Facebook and other organizations with a huge online presence have recently been caught dropping the ball regarding protecting the privacy of their users, so it’s only natural to wonder if your privacy is being further compromised and how it’s being done, which leads us to the primary question: What measures can the average internet user take to help ensure that the details of their browsing histories are limited to anyone who may be keeping tabs?

Fortunately, you’re not helpless in this situation. However, if you’re like many current users, you may be already using the “Do Not Track“ option in your browser and possibly gaining a false sense of security by doing so. Unfortunately, all this option really does is convey to the websites you visit that you don’t want them to log your browsing history, but it doesn’t prevent them from doing so, and many completely ignore the request. In fact, this option will probably be removed in the near future.

Fortunately, your browser offers other ways to help ensure your privacy. Following are several browser-specific tips and tools designed to help keep your history safe from the prying eyes of cyberspace.

Firefox

Firefox’s privacy controls are found under the Privacy & Security tab in the Options menu. You can block third-party cookies from there, accessing Content Blocking and selecting Private Mode. You can also choose to have your cookies automatically erased each time you end your browsing session. Firefox also allows users to customize this option on a site-by-site basis under the Settings menu, which results in pop-prompt requesting permission the first time you access individual websites. You can also specify and limit the kinds of data that you allow the browser itself to collect and store, such as technical details about Firefox’s performance and various extensions you’ve installed on your computer.

Safari

If you’re running Safari, you’ll be glad to know that the browser already does some of the work for you when it comes to protecting your privacy — disabling third-party cookies is Safari’s default mode. It also gives you the option of blocking all cookies, but users often consider that a pain because it creates a situation where auto-login doesn’t work, and they must log in every time they visit their favorite sites, including email and social media. Like Firefox, Safari has a private browsing mode that deletes cookies and history once the browser has been closed.

You can also access Safari’s Manage Website Data tab to see what websites have already logged and to delete that data if you want. Under the Preferences setting, you can click Websites to control which apps and sites you want to allow to access your computer’s microphone and camera.

Chrome

Chrome provides users with the capability to adjust their privacy settings using Content Settings under the Advanced Settings option. You’ll be able to disable cookies here, but that will leave you with the inconvenience of losing auto-login. Some people find the extra layer of protection worth the hassle, but cookies aren’t really a major culprit when it comes to privacy breaches because regular cookies can’t be seen by apps or other websites.

Third party cookies, on the other hand, are those used by advertisers to track the overall browsing activity of users for the purpose of creating targeted ad campaigns. You can easily disable these in Chrome by simply switching the “block third-party cookies“ option to ON in the Content Settings permissions. You can also limit access to your location, camera, microphone, and USB devices.

Edge

Microsoft Edge functions as a part of Windows, and its user-friendly interface makes customizing privacy controls easy. Under the Privacy & Security tab in Settings, there are options allowing users to allow all cookies, disable all cookies, and disable only third-party cookies. Edge also offers a private browsing mode similar to those of the other browsers mentioned above. Under the Advanced tab in the Settings menu, you can access Manage Permissions to control who sees your location and can access your microphone or camera.

However, the browser options given here are just a part of a bigger, more complex picture when it comes to online privacy. Google still records user activity and even saves all of your search history. You can delete this by going to your My Activity page on Google, selecting Search History from its dropdown menu, and clicking on Delete. To stop it for good, you can access Activity Controls and turn off tracking for Web & App Activity. Google also saves all of your voice searches, but you can remove them by going to their Voice & Audio page and clicking on Manage Activity.

Some users opt to use a VPN when browsing the internet because it generates proxy IP addresses, so although activity is tracked, it can’t be traced back to the user. Others install various ad blockers for even more protection, and the super-vigilant often opt for the added security of using a private browser. No matter what your privacy concerns, there’s a workable cocktail of tools and strategies that can provide you with a customized solution.

Unfortunately, all good things must come to an end — and on January 14, 2020, Microsoft will be stopping mainstream service for their highly popular Windows 2008 Server. If you are one of the millions of organizations who are still using this secure and highly stable solution, it may be time to look for other options before maintenance becomes an even greater challenge. The current Windows Server 2019 was released in November 2018 and since this is the fifth software release since Windows Server 2008, it’s not surprising that Microsoft has finally decided to deprecate mainstream support. Here are the answers to your burning questions about Windows Server 2008 end of support transitions.

What Does End of Service Mean for Windows Server 2008?

While the end of support period (EOS) for Windows Server 2008 is looming, that doesn’t mean the platform will stop working on January 14, 2020. It simply means that Microsoft will no longer be required to provide support and patches unless your organization has a specific contract in place to maintain support. All software and hardware have an effective lifecycle and Windows Server 2008 has been in a period of maturity for many years. This planned EOS period means that non-security updates, free support options, online technical content updates and free security updates on-premises will be halted by the Microsoft support team. Microsoft recommends that organizations immediately review options to shift to cloud-based options such as Microsoft Azure as this allows businesses an additional 3-year window of updates that are classified as Critical or Important by the Microsoft support teams. There are also options that allow customers to purchase Extended Security Updates at a premium to provide additional time to perform a migration.

What Are the Dangers of Windows Server 2008 Being Unsupported?

The security vulnerabilities alone should be reason enough to drive your business to make a decision to shift to a new solution. Cybercrime accounts for over billions of dollars of expenses and lost revenue for businesses each year, and a lack of security updates and patches can provide hackers with a door directly into your most valuable digital systems and information. With Accenture estimating that cybercrime could cost businesses over $5.2 trillion in the next 5 years, creating a secure environment for the backbone of your business is more crucial than ever before. That staggering statistic is based on the possibility of losses primarily to major health and life sciences organizations such as pharmaceutical companies. The potential for industrial espionage is significant when you consider the value of pharma knowledge and the capture of personally identifiable information.

What Happens to My Business When Windows Server 2008 Support Ends?

System vulnerabilities are nothing new for technology professionals, but many security-minded teams recommended freezing technology at Server 2008 as a stable and reliable solution for their business in years past. Now that the support is due to be deprecated, data managers are looking for ways to upgrade their server solutions or move directly to the cloud. Cloud-based solutions provide you with the flexibility and scalability that is needed for today’s modern organizations while offering a high level of security to combat the continual threats to your systems and data.

What Steps Should I Take Before Windows Server 2008 End of Support Date Arrives?

It’s not unusual for server upgrades to take quite some time, so it’s prudent to begin researching alternatives immediately. Begin with an audit of all the servers that are being used to determine the scale of the upgrade as well as any possibilities for consolidation. Server migration can cause a significant impact not only to your budget, but also to your users. If you do not already have a server migration strategy in place, now would be the time to map out those recommendations with a trusted technology partner. Finding a partner with a great deal of experience in Windows Server 2008 migrations or upgrades can help you avoid many of the land mines that might otherwise have a negative impact on your project.

What Are Best Practices for Windows Server 2008 Upgrades or Replacement?

While some organizations choose to go directly to the cloud for their server needs, there are other options for your business. You could decide to simply upgrade to a newer, stable version of Windows Server on-premise or utilize a private cloud or other hybrid solution to meet the needs of your business and stay within your budgetary requirements. Working with a technology solutions provider gives you the added firepower of external backup and recovery mechanisms in case something goes dramatically wrong during your transition period or in the event of a cyberattack.

Whether you decide to push forward with a full migration using your internal team or decide to work with a technology solutions partner, it’s crucial that you complete your investigations and make a plan of attack to migrate away from Windows Server 2008. There is an extremely high-risk factor when you stay with an unsupported software platform, making it all too easy for cybercriminals to infiltrate your weakened digital defenses.

There’s a new scam targeting highly-trafficked Instagram accounts, and anyone with several thousand followers on their account — including businesses and clients — are fair game to the fraudsters. The scheme masquerades as a false claim of copyright infringement, according to Kaspersky Labs, who first noticed the new way influential and popular users are being cajoled into giving up their credentials to attackers.

How can you tell if your company or a client is in the crosshairs? The first sign of attack comes in the form of an official-looking email, seemingly from the team at Instagram.

“Your account will be permanently deleted for copyright infringement,” the email threatens. Tripwire reports in a recent article that the scam then requires action in the next 24-48 hours that involves “addressing the claim” and “verifying credentials.” This is where the user is required to type in the account’s password, which hands over the keys to the social media account to the attackers. It doesn’t end there, though — Tripwire warns that an “email verification” is required in addition to the credentials verification, where the user is asked to choose their email provider and give up the username and password for that login as well.

Kaspersky warns the false emails from Instagram are extremely similar to actual Instagram addresses. They include “[email protected]” or “[email protected].” Protecting your business or your clients from giving up the information in the first place is paramount — once the information is handed over, scammers can then demand ransom to return the account, spread malicious content across the page, and of course, change the information required to assert control over the account, like passwords and security questions. Tripwire encourages managers of popular Instagram accounts to enable two-factor authentication to make it significantly more difficult for attackers to gain access to the account. Kaspersky advises staying up-to-date on best practices, like avoiding suspicious links and only logging into Instagram through the official app.