How to Install Microsoft Launcher on Android Devices

June 12th, 2019 by Julie Lough

If you haven’t looked lately at what Microsoft’s mobile offerings, it’s time to look again. Microsoft’s first forays into the iOS and Android mobile spaces (circa 2010) were underwhelming to say the least, but in recent years the company has turned things around in an impressive fashion. One of these recent developments, Microsoft Launcher, is an immensely powerful tool and an Android exclusive. We’ll review what Microsoft Launcher is and then walk you through the installation and setup process on your Android device.

Microsoft Launcher Android

What Is Microsoft Launcher?

Microsoft Launcher is an app available on the Google Play store, but it doesn’t operate in the way most apps do. In the Android ecosystem, launchers are essentially replacement interfaces for your home screen. When you select a launcher besides the default one that comes with your phone, you gain access to whatever functionality is built into that launcher.

I’m an iPhone User and I’m Confused

It’s OK; we understand. There’s not really any parallel to this on iOS. Android phones offer far more customization on the home screen than iPhones do. It’s a difference in philosophy: Android users who customize effectively benefit from a polished, streamlined home screen. Those who don’t end up with a mess. Apple prevents both extremes by providing their own polished home screen and limiting what users can modify.

What Microsoft Launcher Can Do

Microsoft Launcher gives you system-level integration with your Microsoft accounts. This is powerful stuff if your business is using Microsoft 365. Integrate your contacts, calendar, documents, and more at the system level. Once installed, swipe right for deep Microsoft interactions, or swipe two fingers down to access Launcher settings.

How to Install Microsoft Launcher

To install and configure Microsoft Launcher, first download the app from the Google Play store. Next, choose Microsoft Launcher as your new home screen. In most versions of Android you’ll tap the square soft key from the home screen to bring up a “select launcher” pane. If that doesn’t work, try opening the app from your “all apps” menu.

When you choose Microsoft Launcher as your new launcher, you’ll get a system warning about setting the app as default. Click OK.

What Just Happened?

When you clicked OK, your home screen changed, perhaps drastically. Congratulations, you’re now running Microsoft Launcher! Customize your home screen with your favorite apps (Microsoft apps encouraged, of course), and be sure to sign in to your Microsoft account in settings.

Swipe Right

When running Microsoft Launcher as your home screen, you can swipe right for all sorts of Microsoft interactions. See your calendar, task list, and recent OneDrive documents. You can interact with these here, and changes will update across all your devices. You can even send a photo directly to your PC, similar to Apple’s Airdrop feature.

Conclusion

Microsoft Launcher is a powerful tool for Android users who use Microsoft 365 at work. We recommend downloading right away!


How to Find the Right IT Services Company

June 12th, 2019 by Julie Lough

If your business has made the decision to contract with an IT services company for IT support, you’ve made the right choice. However, you’re not done yet. You still need to choose the IT services company that’s best for your business. In most markets, you’ll have choices — maybe too many choices. Use these criteria for how to find the right IT services company to narrow down your search.

IT Services Company

1. Size Matters

IT services firms come in all shapes and sizes, from boutique outfits with just a few employees to massive firms with multiple physical locations. Make sure you evaluate the size of an IT services company compared to the size and needs of your business. The right IT services company will be transparent about how many employees they have in various roles or departments, and it will have sufficient capacity to meet your needs.

2. The Right Competencies

IT services companies are generally quite competent. If not, they go out of business pretty fast. So “Are they competent?” is the wrong question. The right question to ask is whether they have the right competencies. Create a comprehensive list of your business’s hardware and software use. Don’t just ask whether the company can support what you’re using. Ask for proof that they have already successfully done so with other businesses.

3. Industry Familiarity

Along the same lines, ideally, you want an IT services company that already understands your industry. Throwing industry jargon at your IT vendor is unavoidable, so it’s important that they understand that jargon. Ask how many companies in your industry the firm has worked with previously. The more, the better.

4. Location, Location, Location

In general, we recommend giving preference to local firms. If you need on-site service, local firms can handle this directly. A distant IT support company has to find a local vendor and hope for good availability.

Finding a provider close by isn’t always possible, and it’s not feasible if you’re a multi-site organization. Still, smaller companies will benefit from choosing a local provider.

5. Service Providers Have Rules, Too

Many IT services companies have their own rules about which businesses they will take on. Before a company makes it onto your short list, make sure your business is actually qualified. For example, some service providers have upper or lower limits for the number of workstations supported, meaning if your business is too large or too small, they won’t serve you. Others may refuse to support specific hardware or software types, or they may narrow their field of clients to specific industries.

Conclusion

These are a handful of the areas you should consider when choosing the right IT services firm. If you want to ask us these or other questions, let’s get a conversation going.


Critical Update From The NSA

June 11th, 2019 by Julie Lough

The NSA Is Urging To Patch Remote Desktop Services On Legacy Versions of Windows

The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats. Recent warnings by Microsoft stressed the importance of installing patches to address a vulnerability in older versions of Windows.

NSA Windows Security Warning

Microsoft has warned that this flaw is potentially “wormable,” meaning it could spread without user interaction across the Internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.

CVE-2019-0708, dubbed “BlueKeep,” is a vulnerability in Remote Desktop Services (RDS) on legacy versions of the Windows® operating system. The following versions of Windows® are affected:

  • Windows® XP
  • Windows® XP
  • Windows Server® 2003
  • Windows® Vista
  • Windows Server® 2008
  • Windows® 7
  • Windows Server® 2008 R2

What Is A Wormable Virus?

This means that the virus can get into your system without you doing anything like clicking a malicious link. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights without your knowledge.

Any future malware that uses this vulnerability could propagate from one vulnerable computer to another. This is how similar malware like WannaCry spread around the world. Experts are worried that this flaw could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

Another Problem

Although Microsoft has issued a patch, potentially millions of machines are still vulnerable. This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability.

For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation tools are widely available for this vulnerability.

NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.

What Should You Do?

Microsoft has released a critical update for their Remote Desktop Services that impacts multiple Windows versions. The patches are for devices and systems that are both in and out-of-support, which is rare for Microsoft to do. This shows the importance of these patches.

The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. To apply the patches, go to the Microsoft Security Update Guide for in-support systems and KB4500705 for out-of-support systems.

Microsoft recommends that customers running one of these operating systems download and install the update as soon as possible.

Does This Mean Even Systems Without Support Can Get The Patch?

Yes, Microsoft is aware that some customers are running versions of Windows that no longer receive mainstream support. This means that you wouldn’t have received any security updates to protect your systems from the CVE-2019-0708 virus.

Given the potential impact to customers and their businesses, Microsoft decided to make security updates available for platforms that are no longer in mainstream support. All Windows updates are available from the Microsoft Update Catalog.

What Should You Do Before We Apply The Update?

It’s recommended that you back up all of your important data first. If you have a reliable backup, and if the patch creates problems, you can still access your data. You should do this before you install any patches.

What If You Can’t Apply The Patches?

If you can’t apply the patch for your system there are other things that you can do:

  • If you don’t need the Remote Desktop Services, you can disable it.
  • Block the TCP port 3389 (this prevents unauthorized requests from the Internet).
  • Enable NLA (Network Level Authentication) for Windows 7 and Windows Server 2008.

Of course, the best thing to do is to contact us. We’ll know exactly what to do.

What Else Should You Know?

If you had updated from Windows 7 to Windows 10 or from Windows servers 2008/2008 R2 to Windows 2016 or 2019, you wouldn’t need to worry. This is why it’s essential to keep your systems up to date.

Soon, on January 14, 2020, support will come to an end for all Windows Server 2008, 2008 R2 equipment and the Windows 7 operating system.

If you’re still using these servers or operating system, it’s crucial to replace them now so that there’s no disruption to your daily operations or loss of data.

Any hardware or software product that reaches its end of life is a potential gateway for hackers to enter through. In addition to the security hazard, there are other reasons why it isn’t a good idea to keep using old equipment such as unresolvable outages.

 


3 Reasons to Regularly Test Business Systems

June 11th, 2019 by Julie Lough

Business Computer Systems

Protecting your business requires more time, effort and energy from your technology team than ever before. Business systems are increasingly complex, requiring staff members to continually learn and adapt to changing conditions and new threats as they emerge. It’s not unusual for a single ransomware incident to wreak havoc on carefully balanced systems, and this type of attack can be particularly damaging if you do not have the backup and disaster recovery procedures in place to regain critical operations quickly. From checking for system vulnerabilities to identifying weak points in your processes, here are some reasons why it is so important to regularly test your business systems.

1. Business System Testing Helps Find Vulnerabilities

The seismic shift in the way business systems work is still settling, making it especially challenging to find the ever-changing vulnerabilities in your systems. Cloud-based applications connect in a variety of different ways, causing additional steps for infrastructure teams as they review the data connectors and storage locations. Each of these connections is a potential point of failure and could represent a weakness where a cybercriminal could take advantage of to infiltrate your sensitive business and financial data. Regular business system testing allows your technology teams to determine where your defenses may need to be shored up. As the business continues to evolve through digital transformation, this regular testing and documentation of the results allow your teams to grow their comfort level with the interconnected nature of today’s systems — which is extremely valuable knowledge to share within the organization in the event of a system outage or failure. Experts note that system testing is being “shifted left”, or pushed earlier in the development cycle. This helps ensure that vulnerabilities are addressed before systems are fully launched, helping to protect business systems and data.

2. Business System Testing Provides Valuable Insight Into Process Improvement Needs

Business process improvement and automation are never-ending goals, as there are always new tools available that can help optimize the digital and physical operations of your business. Reviewing business systems in depth allows you to gain a higher-level understanding of the various processes that surround your business systems, allowing you to identify inefficiencies as well as processes that could leave holes in your cybersecurity net. Prioritizing these process improvements helps identify any crucial needs that can bring significant business value, too. This process of continuous improvement solidifies your business systems and hardens security over time by tightening security and allowing you to review user permissions and individual levels of authority within your business infrastructure and systems.

3. Business System Testing Allows You to Affirm Your Disaster Recovery Strategy

Your backup and disaster recovery strategy is an integral part of your business. Although you hope you never have to use it, no business is fully protected without a detailed disaster recovery plan of attack — complete with assigned accountabilities and deliverables. It’s no longer a matter of “if” your business is attacked but “when”, and your technology team must be prepared for that eventuality. Business testing allows you to review your backup and disaster recovery strategy with the parties that will be engaged to execute it, providing an opportunity for any necessary revisions or adjustments to the plans. Whether a business system outage comes from a user who is careless with a device or password, a cybercriminal manages to infiltrate your systems or your business systems are damaged in fire or flood, your IT team will be ready to bring your business back online quickly.

Regularly testing your business policies and procedures and validating your disaster recovery plan puts your organization in a safer space when it comes to overcoming an incident that impacts your ability to conduct business. The complexity of dealing with multi-cloud environments can stymie even the most hardened technology teams, and the added comfort level that is gained by regular testing helps promote ongoing learning and system familiarity for your teams. No one wants to have to rebuild your infrastructure or business systems from the ground up, but running testing procedures over time can help promote a higher level of comfort within teams and vendor partners if the unthinkable does occur.


Size Doesn’t Matter: 7 Ways Small Businesses Should Think Big

June 10th, 2019 by Julie Lough

Small Business Tips

You may be a small business, but there’s no reason you have to think or act small. Today’s technology innovations offer small businesses all sorts of powerful tools that just a decade ago weren’t available or were only affordable to large firms. Technology can help small businesses think like big ones in all sorts of ways. Here are 7 ways small businesses should start thinking bigger.

1. Embrace the Cloud

There are numerous cloud-based technologies that can help your small business punch above its weight. By embracing the cloud, you can save money, improve your staff’s productivity, and expand or contract IT operations far easier than you could without the cloud.

Entrust things like email and calendar hosting, file storage, and video chat to cloud-based software and infrastructure solutions. Most small businesses will pay less for a cloud solution than they would to purchase and maintain servers and software. This is due to the economy of scale: your cloud provider is operating at a very large scale, so the cost of adding just a bit more server space is negligible. Without cloud services, your small business shoulders all the unique setup and maintenance costs all your own.

2. Improve Your Website

Sometimes the difference between a successful small business and a failing one is as simple as the quality of their website. Your website is your digital storefront, but it’s also your digital billboard, white pages, classified ad, and more. If it looks terrible or doesn’t function well, you’re sending a poor message to your customers and prospective customers.

If revamping your website is more than your business can do well in-house, consider contracting with a vendor for this crucial task. Many managed service providers offer this service or can contract with qualified vendors who do.

3. Leverage Social

Your business needs a social presence, even if it’s small. This is true of all small businesses, but the smaller your business, the more important grassroots tools like social become. Share content regularly (including photos and videos) and encourage your most loyal customers to do the same.

As your brand’s social presence grows, it’s important to keep an eye on your reputation. What are people saying publicly about you? Is there anything you need to intervene on? Social can be a great avenue to see what challenges your customers are facing.

4. Use CRM Software

Customer resource management (CRM) software is the way big businesses keep in contact with customers in an organized fashion. CRM software isn’t limited to large firms, though. Affordable cloud-based options that work well with small business are available.

5. Big Data Isn’t Everything

Big data helps big companies win, right? That’s what we’re always hearing, and there’s truth to it. That said, we’ve all seen plenty of examples of big data leading companies astray, like “targeted ads” that miss completely or hyper-local campaigns that come off as fake or out-of-touch.

As a small business, you have access to something big businesses don’t: real, interpersonal data. Call it “small data” if you like. You likely know your customers much better than large firms do. Write down the things you learn. Better, input that information into your CRM software. You have the ability to send more personal notes than your large, faceless competitors. Capitalize on this.

6. Plan to Plan

You have a business plan in place, but as you grow, does your business plan grow with you? Your small business runs the risk of losing focus as it grows. Employees and leadership get so focused on daily tasks that they don’t keep their eyes on the overall plan. In other cases the overall plan becomes outdated and less applicable. Schedule time each year to review your business plan and goals, just like the big guys do.

7. Don’t Go It Alone

Lastly and most importantly, don’t go it alone as a small business. Your business is unique, set apart by some feature, product, or ethos that your competitors don’t have. Focus as much of your energy as possible on that thing, on your core competencies. As much as possible, divest yourself from other things.

One of those other things, for most businesses, is IT. Partnering with a managed service provider (MSP) to implement and support your IT infrastructure can save you money and increase productivity. You’ll also gain access to a deeper bench of IT professionals than you could afford to keep in house. If you’re ready to explore what we can do as your MSP, contact us today.


How Much Should A Company Invest In Information Technology?

June 10th, 2019 by Julie Lough

Business IT Budgets

The rapid increase in technology use in businesses has affected every industry. Across all businesses, the need to keep up with the competition means paying attention to what technologies are available and incorporating the right tech tools as they become viable. Whatever your business, you know that you need to invest in information technology to excel in your industry. But how much should you invest, exactly? To determine your IT budget, you need to look carefully at your industry, your business goals and most importantly, what you can reasonably expect information technology to do for you on your path towards those goals.

Putting Technology Investment in Context

Depending on what stats you read, it appears that businesses spend anywhere from 3% to 6% of their budget on IT. The average spend on tech is expected to go up in the coming years, but no one is quite sure how much it will increase. It makes sense to expect an increase, of course, given the drastic increase in tech adoption across all facets of daily life and business. But the amount of increase is hard to be certain of because no one is sure exactly what the future holds.

What is clear is that an IT budget is necessary for building and maintaining a business. However, the size of that budget can vary considerably depending on the business and the industry that business is part of. In a study conducted by Deloitte, it was found that banking and securities spent 7.16% of their budget on IT—the most of any industry—while construction spent the least at 1.51%. Other industries spent somewhere in between. Such a large difference in spending is indicative of a spectrum of need for IT that differs significantly depending on the business. Those differences make it impossible to define a one-size-fits-all budget percentage for IT for all businesses. There are simply too many variables to consider.

How to Determine How Much Your Company Should Spend on IT

Guidelines on how to determine your own IT budget can be much more useful than a blanket statement about how much you should spend. By knowing what questions to ask, you can get the answers you need to form your own ideas about what your company needs as far as IT goes.

Some questions you can ask include:

Do we need an IT budget?

The answer to this is an obvious “YES”, but it is worth coming up with your own reasons for having a budget to begin with. The closer you look at your circumstances, the more apparent it will be that IT is simply a part of doing business and an area that you will always have to navigate as a company. And it is not enough to put off IT decisions until you make a split-second purchasing decision financed by extra cash you have lying around—not if you want IT to generate reliable results. For long-term success, you need a specific budget.

What is the budget for?

IT investments should serve to further your business objectives. Pulling a random number out of the air is not going to achieve optimal outcomes. The budget should be set to ensure that you can use the technology you need to achieve the outcomes you desire. Of course, to answer this question, you may need to clarify your business objectives and your IT needs. The CIO, CMO and other business leaders can work together to set guidelines for what needs to be accomplished and the budget can be built from there.

Are we spending more just because?

Knowing that business spending on IT is increasing in many industries is useful, but just because others are doing it does not mean that you need to do it. Increasing spending on IT is not enough on its own to improve your business. That increased spending needs to have a purpose. Maybe you are upgrading important infrastructure. Or, perhaps you know of a new tech tool that is virtually guaranteed to make you more competitive. Just make sure that an increased budget has a purpose.

Is the budget based on current economic conditions?

Some businesses are still stuck in a recession mindset. They try to avoid any extra spending because they think it is a necessity for survival. But if the economy has picked up, it is vital to take advantage of increased revenue to bolster your technology while you can. The better you equip your company to move into the new age now, while you have the resources, the more capable your company will be of weathering any storms to come.

The reality of IT budgets is that they need to be customized to the business using them. Fortunately, the process of determining the IT budget can greatly improve your company’s understanding of where it is, where it is going and how technology will help it get there.


How to Stop Spam from Ever Hitting Your Inbox

June 6th, 2019 by Julie Lough

Spam Emails

Spam emails can be incredibly annoying. Not only that, it can be downright dangerous, considering the phishing schemes and other email scams that are prevalent today. We can’t avoid spam completely and hope to have any kind of digital life, because so many services require an email address as part of the sign-up process. These can tend to clutter our inboxes with (technically not spam) promotional emails, and the less scrupulous of these may send real spam. That’s not to mention the frequency with which these companies’ databases are breached, creating a whole new layer of spam potential.

How to Avoid Seeing Spam

All of the most prevalent email services offer some degree of spam protection. Great spam protection is one of the reasons Gmail rose to such prominence a decade ago. Most services enable spam filtering by default, but check your email service’s settings to ensure that this setting is turned on.

If you’re still seeing a lot of spam, or if you’re using a service that doesn’t offer much in the way of spam filtering, here are some other suggestions.

Create Filters or Rules

You can create your own rudimentary spam filter by setting a filter or a rule. The terminology varies based on your email service, but you should find something by a similar name. You can create rules that auto-route email based on certain characteristics. For example, you can create a rule that sends any message containing NSFW language straight to the trash. Simply insert all those explicit terms in the field “message contains” and select “move to trash” as the action that is taken.

You can use filters or rules to move less important messages to a folder, too. If you still want to know about the latest sales at a few retailers, but you don’t want to be inundated right alongside emails that are actually important, create a rule that sends these emails to a “Retail” folder that you can check when you get the shopping urge.

Block Addresses

In the same area of settings, you should also have the option to block specific email addresses or even all addresses from a particular domain. Granted, it’s rare these days for spammers to frequently reuse the same address, but this function can still help with overly persistent individuals as well as companies or domains that refuse to take you off their mailing lists.

How to Stop Spam from Ever Arriving

There are other tools available to stop spam from ever showing up in your inbox.

Use “Report Spam” Button

The spam filters from email services like Gmail aren’t static. They can actually learn from you. When a spam message leaks through, you can help the spam filter learn. Look at the menu options available on the message. You should see one that looks like a stop sign with an exclamation point. Click this button to report to Gmail that the message is spam, and you should never see a similar message again.

If Gmail recognizes that your spam message is actually from a mailing list, it will try to unsubscribe for you if you click that option.

Set Up a Spam or Throwaway Account

Another savvy way to avoid spam is to set up a “spam account” that you use only for email signups, website logins, and the like. Give your main email address only to those personal and professional contacts you actually want to hear from, and sign up for everything else using your “spam account.”

If your current account is beyond hope, turn it into your spam account. Create a new main account, and let all your real-life contacts know about the switch.

These tips should help cut down on the chaos in your inbox. Got your own tips? Let us know!


Sign In With Apple

June 6th, 2019 by Julie Lough

Apple IOS 13

Sign In With Apple…Should You Use It?

Apple recently reported that its new “Sign in with Apple” feature will be part of the iOS 13 release in the fall of 2019. It promises to protect your privacy, and authentication experts say it could have an enormous impact on data privacy.

What Is Sign In With Apple?

With Sign In With Apple, you’ll be able to log into your applications. It offers a single-sign-on functionality, much like other sign-in buttons such as Facebook’s, Google’s and Twitter’s.

What Are The Benefits Of Using Apple’s Sign In?

When you sign onto apps, Apple will mask your personal information and email address. But the application will still be able to contact you.

Unlike with Google, Facebook and Twitter, your email won’t be passed on to the developer. You can opt not to allow this, but you won’t be able to use their sign-in service. If you do choose to let Google, Facebook or Twitter track your email, they will also be able to see the applications you use.

Aaron Peck from Oauth explains:

“The way most “sign in with [blank]” systems work is that the app you’re signing in to will get your username on that service and likely also your email address,” he explained. “These apps can sell your email address to advertisers, or correlate your activity between unrelated applications by matching your username.”

Apple solved this problem with its single-use anonymous email address. You’ll be able to share the information you choose with the application. Apple creates a random, anonymous, single-use email address for each application. Apple then forwards emails sent to that address on to you. You have the option of deactivating the single-use email address whenever you want.

By using Sign in with Apple and the single-use email address, your true email address won’t be tracked. Apple is offering this to provide a more private option for use. And they are offering developers a way to provide a fast one-step login without forwarding their user’s data to another company. Apple’s button will also work on websites.

Can You Use Apple’s Sign In With Any Application?

No… only applications that integrate their systems with Apple’s Sign In button. Some may opt not to because they won’t be about to use your information for marketing purposes.

What Phones Can Use iOS 13 & Sign In with Apple?

These are the devices that will be able to use iOS 13:

  • iPhone XS
  • iPhone XS Max
  • iPhone XR
  • iPhone X
  • iPhone 8
  • iPhone 8 Plus
  • iPhone 7
  • iPhone 7 Plus
  • iPhone 6s
  • iPhone 6s Plus
  • iPhone SE
  • iPod touch (7th generation)

Is There Anything Else To Consider When Using Sign in with Apple?

If you are a developer, there may be. There are some concerns surrounding Apple’s terms and conditions for application developers. If they offer Google, Facebook or Twitter’s sign in, they must also offer Sign in with Apple.

And there’s more. According to Reuters:

Apple will expect developers to place their login button above Google’s or Facebook’s.

Apple Inc will ask developers to position a new “Sign on with Apple” button in iPhone and iPad apps above rival buttons from Alphabet Inc’s Google and Facebook Inc, according to design guidelines released this week.

The move to give Apple prime placement is significant because users often select the default or top option on apps […]

Apple’s suggestion to developers to place its login button above rival buttons is part of its “Human Interface Guidelines,” which are not formal requirements to pass App Store review. But many developers believe that following them is the surest way to gain approval.

This means that some app developers won’t have an incentive to actually add the Sign in with Apple feature. But Apple is getting around this by mandating that if developers what to place their app in the Apple App Store, and they already offer a third-party sign in, they must offer Apple’s.

Apple’s terms and conditions don’t require this for applications with a dedicated login system, and those that don’t use third-party buttons from Google or Facebook.

What’s The Benefit For Apple?

Sign in with Apple will improve users’ privacy and provide a far better experience than others.

Will LaSala, director of security services and security evangelist at OneSpan, tells us more:

Apple is going one step further than traditional single sign-on, they are forcing their users to use stronger authentication, such as Apple’s FaceID and TouchID,” he said, noting that Sign in with Apple will ask mobile app users to use the biometrics functions.

The use of adaptive authentication is what should be celebrated – the ability to prevent login tracking or protect a user’s information is a secondary benefit. Any way that we can get users to move to adaptive authentication that is easy and portable across many sites and platforms is a security win for the internet.

Apple is positioning themselves as the privacy provider. So when we want more privacy, Apple hopes we’ll choose to use their technology. It’s a great marketing strategy…something that Apple excels at. We think many people will want to use Sign in with Apple due to its privacy features.


Top Challenges Facing CEOs (How to Solve Them)

June 6th, 2019 by Julie Lough

CEO Retaining Employees

If you’re a CEO — whether your company is big or small, new or old, successful or working on it— there’s no doubt certain problems do a great job of keeping you up at night.

These are the challenges you just can’t seem to master. They plague you day-to-day, quarter-to-quarter, year-to-year. Yet try as you might, there seems to be no getting around them.

The good news is, yours are likely the same problems that all CEOs face. In other words, you’re in good company.

Below, we take a look at a few of these common CEO challenges and offer up some useful tips for tackling them once and for all.

Top Challenges CEOs Face

#1 – “How do I hire the best talent (and keep them motivated)?”

Attracting the best employees is certainly a leading cause of concern among CEOs. As a CEO, your team is the engine that drives your business. You may be the “ideas man” or “ideas woman,” but you need great talent to bring your concepts to life.

The Solution: Top employees can definitely hard to find, but it’s important to take your time. Quality hiring is doable if you know where to look, what to look for, and how to entice the right people.

First, make sure you’re clear about your job descriptions. Don’t be wishy-washy with prospective candidates.

Next, know where to look. Job fairs, sites like LinkedIn, and open job searches are good places to start. Still, you should always thoroughly review applications and prescreen candidates with a tight checklist before narrowing your best options.

Be thorough about checking your candidates’ references, backgrounds (job and education history), and experience. After you’ve made a short list, hold in-person interviews to get a feel for each candidate’s interest level and how they behave.

Lastly, when you find the right candidate, make sure you have a stellar hiring package ready to show them. Make it one they won’t be able to say no to. Budget restraints are certainly a challenge here, so if your resources are tight, find ways to promise pay and benefit increases with improved performance and company success. This shows your investment in your company — and in your employees as members of the larger company family.

#2 – “How do I retain my talent?”

Keeping employees motivated is certainly essential for extending and prolonging the flow of unique, creative ideas and hard work. Still, if you’re not taking care of your employees in other basic ways, some of them will walk away. Of course, this won’t necessarily be because they want to … they simply might have to.

The Solution: To ensure a consistent, long-lasting team of the best talent in your industry, you have two jobs:

1. Find ways to keep your employees motivated to do well.

2. Reward them for their hard work.

Many CEOs have trouble grasping the fact that their best employees won’t necessarily hang around just for the love of the work. This is often because, as CEOs, they’ve turned over their own life over to their business.

But remember that your employees — no matter how similarly passionate they are about your company — have lives of their own. Many have mouths to feed at home, student loans to pay, and second mortgages on their homes. If you’re not providing for them (as you said you would when you hired them) and incentivizing them to continue doing amazing work … you can probably expect their two weeks’ notice sometime soon.

In order to motivate employees, you’ve got to have a great idea that’s worth working for. Of course, it helps if you’ve hired a team that’s passionate about the same things you are.

Team-building is another great way to keep employees motivated. Organized company events, fun incentive programs, a comfortable work space, and opportunities for self-development within your company are key.

# 3 – “How do I make my product (or service) stand out?”

Yes, your company solves “problem A” … but so do six other companies. What you have to decide upon and sell is how you solve your problem better than anyone else.

Easier said than done, right?

The Solution: For the most part, the key answer here is creativity. Unfortunately, whether you like it or not, there are a lot of creatives out there doing awesome work. You’re probably creative too. But you have to be more creative than your competitors.

The good news is you have some options.

If you know for sure that your company is just like another company, for example, look for ways to differentiate by:

  • Unique branding
  • Varied size, shape, or level-of-service options
  • Amazing discounts and sales
  • Bonuses for loyal customers
  • World-class customer service
  • Added, unique features
  • Exceptional marketing *

* This is key. By investing in your marketing strategies, you’re tinkering with the first thing potential customers and clients will see — and that’s the right place to begin.

It’s true, if you can get someone to your website to read about your unique product features or see your amazing discounts, you might be able to turn them on to your product or service. But if you can “have them at hello,” you’re going to see a much higher and more immediate rate of success. Smart marketing will also give you one of the highest returns on your investments.

Generally speaking, all CEOs will face the above challenges at one time or another. The key to overcoming them is two-fold: First, try to anticipate whatever key issues you’ll have before they become serious dilemmas. Second, using the advice above, don’t be afraid to face these issues head-on. When something doesn’t work, don’t give up — simply try a new tack.


Watch Out: File Hijacking and Malware Possible Through Slack Bug

June 5th, 2019 by Julie Lough

Software Bug Slack

On May 17, 2019, security firm Tenable announced that one of its researchers, David Wells, had discovered a Slack bug affecting Slack’s Windows desktop client. The bug affects version 3.3.7 of the Slack desktop app, which was just last week the most current version. Read on to learn more about this bug: how it was discovered, what it can do, and how to protect yourself.

Discovery and Reporting

Wells discovered the Slack vulnerability and reported it via HackerOne’s bug bounty program. This program allows white hat hackers to receive financial compensation for disclosing previously unknown vulnerabilities so that companies can address them before serious damage is done.

Under the terms of this program, the bug was not disclosed publicly until Slack had the opportunity to release a fix. Slack has since released that fix, but the segment of its 10 million active users that haven’t yet updated may remain vulnerable.

What the Bug Can Do

Wells discovered that slack’s protocol handler, “slack://”, can do quite a bit. It even has the ability to modify sensitive application settings. Attackers could abuse this protocol by creating a “slack://” link that reroutes the user’s download location. The powerful “slack://” protocol even allowed rerouting to an attacker-owned location.

The result of that action would be that files downloaded from Slack would actually be saved to the attacker’s server. The attacker would even be able to modify those files before the reviewer had a chance to open them.

The attack can also be hidden fairly well. Slack’s “Attachment” feature allows users to change the text that displays with a hyperlink, meaning the malicious link could be disguised as “Account Report 004.docx” or any number of realistic-looking files.

Lastly, an attacker with sufficient skill could inject malware into an Office file (like a Word document or Excel spreadsheet) using this exploit. This is a real danger, because Office files are tossed around as attachments all the time. Office warns users that downloaded files can be unsafe, but users will nearly always ignore this warning when they think they’ve downloaded a document from a trusted colleague.

The Danger Level

A bad actor gaining access to all downloaded documents isn’t good, of course, but how dangerous is this bug, actually? Tenable reports that it has scores 5.5 on the CVSSv2 scale, which is a medium score. We see two reasons the bug doesn’t score higher.

One, exploiting this vulnerability requires user involvement. If you don’t click the link, the attacker gets nothing.

Two, exploiting this vulnerability in a convincing way requires compromising the credentials of a Slack group member. It’s difficult if not impossible to send a message to just anyone using Slack. You have to first be a member of the same channel. This means that this exploit is more or less limited to disgruntled channel members and attackers who’ve hacked or stolen a channel member’s credentials.

How to Protect Yourself

The good news on this vulnerability is that Slack has already patched it. All you need to do to protect yourself and your organization is ensure that anyone using Slack for Windows has updated to version 3.4.0 or later. You can check yours by looking at the “About” window in the program. If you don’t have the access needed to update your application, contact IT right away.

IT Administrators looking to update a Microsoft Install deployment should check out these instructions provided by the Slack team.

More Good News: No Real-World Impact, Yet

There’s more good news about this bug and associated exploit. Because Tenable reported the bug to Slack through HackerOne, Slack was able to address the vulnerability before it became publicly known. According to the company’s reporting on its own research, they find no evidence that the vulnerability has been exploited in the real world yet.

Conclusion

Exploits like these are discovered every day. Are you protected? If you’re not sure, give us a call. We stay up to date and we keep our clients safe.