A common question we get from customers is: “Where do I stick my stuff in Office 365 – Where do I store my files and how do I share with others?” With all the options for places to store things and communicate in Office 365, it’s a fair question and, unfortunately, there isn’t a straight forward answer.
Every business will be different. The important thing to do is to set the parameters for your company, share those with your team, and then stay consistent!
To set the baseline, let’s first define the different places to store and share in Office 365:
Yammer: Yammer is Microsoft’s social media platform. Most people describe this as Facebook for your office.
OneDrive for Business: OneDrive is cloud storage included in Office 365. Every user gets 1TB of space to store their files (documents, PDFs, photos, music, videos, etc). This is similar to DropBox and Google Drive.
SharePoint: SharePoint is a web portal that can store documents and lists (among other things). The easiest way to think of SharePoint is like your company file share or your company’s network drive. This barely scratches the surface of what Sharepoint can do, but shared storage and company portals are the most common usage.
Office 365 Groups: Groups are a mashup of several different technologies: email, file shares, calendars, even shared notebooks. It’s not exactly the same, but a good comparison is Slack.
Got it? Let’s get into recommendations for where to house files and communications in Office 365. Remember, these are just recommendations and you may find what’s best for your company is a little different.
When to Use Yammer
Yammer as a great replacement for distribution groups in Outlook. It’s a place for company announcements, asking questions (via Polls), and to engage around a certain topic. While you can post files into Yammer, we generally recommend against it. It’s better to post a document in SharePoint and then promote it via Yammer by clicking the Post button.
Examples of Yammer Content:
Type of Post
401k enrollment is next Tuesday!
I am meeting with Acme and Company on Tuesday. If you have any contacts there, please let me know!
There’s birthday cake in the break room!
Post (and who doesn’t love this one?)
Acme and Company called today to say that John did a great job on their assessment! Way to go John!
|We are thinking of expanding our footprint. What location do you think would be best? A) Florida, B) Alabama or C) Washington
When to use OneDrive (for Business)
When we say OneDrive in this article we are referring to OneDrive for Business – not to be confused with Microsoft’s consumer offering OneDrive.
Every user on a Small Business or Enterprise Office 365 plan gets 1TB of OneDrive for storage. The best way to use OneDrive is for storing all of your personal work files. These might be reports, performance reviews, financial documents, etc. Occasionally these files may require some input from someone else – but not at massive scale. It’s with maybe one or two users.
The intent of OneDrive is for it to be the place where you store all of your files, replacing your “My Documents” folder. The beauty of this approach is that your files are available across all your devices (PCs, phones, tablets) and in the Cloud.
OneDrive is built right into Office so you can File->Save As right to OneDrive. You can also sync your files down from OneDrive to your PC using the Sync Client. Because Office 365 uses Azure Active Directory, your files are secure. You can share files using just a link (similar to DropBox’s offering) or share it so that a user ID and password is required.
When to use SharePoint
There are two unique use cases for file storage in SharePoint: ‘static’ information and ‘dynamic’ (or collaborative) information.
Examples of static information include your Employee Handbook, SOPs, employee benefit information, etc. – the documents that generally don’t change often and need to be accessed by many people in your organization.
We recommend creating a SharePoint site collection for each major department (HR, Legal, Sales, Marketing, R&D, etc.) and placing the appropriate static documents in these site collections. Put them right on the homepage so that they are really visible to your team.
This is where SharePoint can really shine. For many years, the main selling point of SharePoint was ‘Team Sites’. While SharePoint has grown into many things over the years, Team Sites continues to be the most heavily used feature by high performing organizations. Team Sites are made up of Lists and Libraries.
Lists are exactly what they sound like – lists of information. Examples might include contacts, tasks, calendars or even custom lists you create.
Libraries are where documents are stored. Much like OneDrive, the documents can be synced to your PC. They can also be checked in/checked out for control, include versioning, automated change updates, and co-authoring.
Team Sites are the place to store files that require heavy collaboration or version control. Good examples of Team Sites are RFP sites, Product Launch sites, Contracts, etc. Much like OneDrive, sites and documents can be shared externally, making Team Sites a great place for people from multiple companies to collaborate.
So if you’re planning to have several people work on a set of documents collaboratively, have workflow requirements, or versioning control, SharePoint is the right place for your documents and files.
When to use Office 365 Groups
This is the big one. Office 365 Groups is a mash-up of almost all of the items above into a single platform. With Office 365 Groups you get:
- Group mailbox (think of it like a chat room)
- Shared OneNote Notebook
- Office 365 Planning space (in Planner)
- Shared document storage location (it’s technically a SharePoint document library – but without any of the bells/whistles)
- Shared calendar
The intended use for Office 365 Groups is to be a hub for complex projects that may require file storage, calendars, and team notebooks (something a Team Site gives you as well).
There are a few different ways you could create and manage groups. The two most common ways are by department and by project. How you organize Groups will really come down to how your employees need to communicate (be aware, there are limitations to the number of groups and group members – there is no external sharing at the moment).
But honestly, unless your company is already set up to communicate using a platform like this, it may not work very well for you. Office 365 Groups offer so much functionality, but it doesn’t seem to integrate well with the way most teams work. We work with a lot of customers on Office 365 and, so far, we haven’t found one where Groups worked well or significantly improved their communication or productivity. The biggest hold back right now is that Groups cannot be shared externally. If this changes, it could significantly increase the value of Groups.
We’re keeping an eye on it, though, and hoping that changes.
The short version
To break it all down into a single chart – here’s our recommendation:
|Idea sharing and feedback
|Personal file storage
||OneDrive for Business
|Group file storage and collaboration
||SharePoint Team Sites
|Complex projects requiring calendaring, message threads, file collaboration, and notebooks
||Office 365 Groups
One of our favorite features in Office 365 is Clutter. It’s an awesome tool for cutting down on the amount of email (and distracting email notifications) you get in your inbox every day.
Unfortunately, a lot of people, especially new Office 365 users, don’t know what Clutter is or how helpful it can be.
What is Clutter in Office 365?
Clutter is a feature in Outlook in Office 365 that moves non-urgent and low priority emails to a separate folder (called “Clutter”). It uses machine learning to figure out what emails you read regularly and what emails you tend to delete or pass over and makes decisions about what to move based on that. It uses this information to make decisions about what to move.
How does Clutter filter emails?
Clutter looks at a few different parts of the message to determine if the message should be sent to the Clutter folder: the sender, if you’re the only recipient (or if you’re part of a larger group), its importance and whether it’s part of an email chain you’ve replied to already.
There are few people it will never filter emails from including you, anyone you report to, and anyone who reports to you.
It will continue learning, so if your email habits change, it will adapt and change with you.
How to “train” Clutter
From our experience, Clutter is pretty good at learning what you are and aren’t reading. But it may not always be perfect. If you want to help it learn a little faster, you can.
Just manually move emails you want to go to Clutter from your Inbox to the Clutter folder (either drag and drop it or right click and select “Move to Clutter”). Soon, it will learn to move these emails on its own.
You can also do the reverse – move email from Clutter to your Inbox if you want to train it to send those emails to your Inbox. The only time we’ve really had to do this was for email notifications that needed to come to our Inbox but didn’t actually need to be read.
We recommend checking your Clutter folder every so often to see if any emails that may have gone there without you wanting them to.
How is it different than spam/junk mail filtering?
One of the most common questions we get about Clutter in Office 365 is “How is it different than spam or junk mail filtering?”
The short answer is spam/junk mail filtering is the unsolicited email you don’t want to be getting at all (and could potentially be dangerous). Email going to your Clutter is the email you still want to be getting but are lower priority.
If you have an email in your Clutter folder (or Inbox!) that you’d rather not get at all, see if you can unsubscribe from it (if it’s an automated marketing email, by law it should have an unsubscribe link somewhere around the bottom).
How do I turn Clutter on/off?
Clutter is turned on by default in Office 365. If you’d rather get all your emails in your inbox, you can turn Clutter off.
To do this, in Outlook, right-click on the Clutter folder and select “Manager Clutter.” A new window will open. In this window, uncheck the box that says “Separate items identified as clutter” (you may have two options to select from instead of a check box – if so, select “Don’t separate items identified as clutter”). Hit save.
If you have Clutter turned off, and want to turn it back on, just go through the same process and make sure the “Separate items identified as clutter” option is checked or selected and save.
You can also get to the options screen in your Office 365 dashboard page by going to Mail > Settings > Options > Mail > Automatic Processing > Clutter.
We’re big fans of Clutter. Email can be a huge time suck, so it’s nice to have a feature that helps you sort through it and focus on what needs your attention right now.
If it ain’t broke, don’t fix it. In most cases, we agree – but not when it comes to running your business on operating systems and servers that have reached end of service. Even if it doesn’t seem to be giving you issues right now, it’s a bad idea – and flat out dangerous. Even running older software can sometimes be dangerous. Windows users are being advised to remove Quicktime from their computer because of dangerous vulnerabilities that won’t be patched.
Unfortunately, outdated systems still have a pretty large foothold. Two years after reaching the end of service, Windows XP is still installed on more than 180 MILLION computers. Many companies are still running on Windows Server 2003 (which reached end of service in 2015) or SQL Server 2005 (which reached end of service April 12, 2016).
Generally, this is because the server isn’t actively screwing up or causing any issues and it can be pretty expensive to replace a server. But the potential is there for it cost you a whole lot more to NOT replace it.
So, what does End of Service mean?
End of service (also called end of life or end of support) for both operating systems and servers means the system is no longer being supported by the manufacturer. This mean no support from a customer service standpoint when something goes wrong (your local IT company may still support it though).
It also means you won’t get any new updates. On the surface, this doesn’t sound bad. Not getting access to new features may not be a big deal – but not getting any new security updates is.
If you’re in a business that must meet regulations like HIPAA, running on outdated equipment also means you’re probably out of compliance, which means hefty fines and a loss of customer and patient trust.
Why is it dangerous?
Servers and operating systems that have reach end of life aren’t getting new security patches, which is where the danger comes in. Your system is completely open to any vulnerabilities found after the system reached end of service and you won’t have a way to close the holes.
On top of that, with every new round of patches that comes out for newer operating systems/server, hackers are basically given a list of vulnerabilities they can use against anyone using an out of date OS or server.
If you think your business is too small to be a target for hackers, you’re wrong. Hackers know small businesses don’t have nearly as much money to spend on data security as the big guys and use that to their advantage.
What should you do?
Keep your machines (whether it’s servers, PCs, phones, etc) up to date. No, we don’t mean go out and updated to the latest operating system as soon as it comes out. But be aware of what machines you do have and be prepared to update them before end of service. If you have machines that have already reached e
If you have machines that have already reached end of service, migrate to new machines ASAP. Be aware of what’s installed on your company’s computers, too (and if any Windows computers are running Quicktime, remove it ASAP!) and uninstall older programs as they stop being supported by the manufacturer.
PCs running outdated Operating Systems
Before updating operating systems, make sure any line of business applications you use will be compatible with whatever you’re upgrading to. You’ll also need to check to make sure the computer you’re updating can support the new operating system. You can check the system requirements for Windows 10 here.
Unfortunately, if you’re running Windows XP (or earlier) and want to move to Windows 10, there isn’t a direct path to do it. You’ll need to upgrade to Windows 7 first, then from there, update to Windows 10.
Moving off of an outdated server is a much bigger, and more expensive, animal than just updating an operating system. You have three options: purchase and migrate to a new physical server, move your systems to the cloud or a hybrid solution that moves some systems to a physical server and some to the cloud.
All the options have their advantages and disadvantages, which we won’t get into too much here. The biggest difference, though, will be cost. Physical servers are typically a large one-time cost (until you need to upgrade again) and cloud storage is usually a low monthly fee. Hybrid solutions, unsurprisingly, have a mix of both upfront costs and on-going monthly fees.
Whichever direction you decide to go in, make sure any line of business applications are compatible with what you move to. Otherwise, you’re in for some headaches.
Updating operating systems and servers can be a pain, but it’s nothing compared to the problems that come with getting hacked. If you need help updating your old equipment, please let us know!
If you spend any time around us (or reading our blog!), you’ll hear us talk about security. Security is so critical to us because it transcends the idea of our job as your IT solution provider. It actually starts with you – the end user – who is interacting with data on a day to day basis.
One of our favorite new features, designed specifically to help you as the end user, is Advanced Threat Analytics from Microsoft. This is available as an add-on to existing Office 365 subscriptions or as a stand alone license.
What is Advanced Threat Analytics?
Advanced Threat Analytics (ATA) is a service added to Office 365 to detect suspicious activity and prevent malicious attacks from hitting your network. It combines the typical ‘analysis’ that happens with security products (such as anti-virus) with machine learning – meaning that over time, it actually gets smarter.
You’ve probably heard a lot about artificial intelligence (AI) in the last few months and while this isn’t technically AI, it does analyze the behavior of a company (or user) over time to determine what is normal vs irregular. By knowing what is normal versus irregular behavior, ATA can help identify potential security issues earlier in the process.
Why We Love It
While the machine learning stuff is cool, the reason we’re loving ATA so far is what it does to protect you at one of your most vulnerable points – email.
The most common way malware spreads in organizations today is via email. Most commonly, this is done via links embedded in emails that look legitimate or via attachments. This service adds a layer of protection for each:
Safe Links: Safe Links scans inbound emails to make sure that the links that are shown in the email are actually redirecting users to the places where they need to go. If the links are unsafe, they are removed from the email before being sent to the recipient.
Safe Attachments: Safe Attachments actually opens unknown file types in an environment separate from your environment to detect potentially malicious activity. If the attachment is unsafe, the message is delivered to the recipient without the attachment. This is especially useful since a very large percentage of malware/ransomware is delivered via malicious attachments (most commonly documents and PDFs).
ATA blocked 8 malicious files from entering our organization in less than two weeks after implementation – pretty good when you consider we already have a pretty restrictive rule in place about what kind of files can enter our organization.
We’ve already started contacting our current customers about implementing ATA – if you’d like to jump the line, please let us know!
Moving to the cloud can be a big decision for any business. While moving to a cloud-based system like Office 365 has some major advantages, it’s not going to be the right system for everyone. A quick way to see if it’s right for you is to look at the major pros and cons:
Pros of Office 365
One of the biggest advantages of Office 365 is the ability to work from anywhere as long as you have an internet connection. Because it’s entirely cloud-based, you can access your email, files and Office programs (Word, PowerPoint, Excel) from any location and any device. If you have a plan that includes desktop version of Office, they can be installed on up to 5 devices per user.
This is especially helpful for companies with remote employees, multiple locations and companies with employees who travel often.
If working in teams is at all a part of your company, you’ll appreciate the collaboration features of Office 365. The biggest advantage of this? You get one version of the truth.
Everyone who needs to contribute to or edit a document (or spreadsheet, or presentation, etc), can work on the same version (and get real-time changes) rather than having multiple version floating around that have to be combined.
You can also share direct access to your files, rather than send files as attachments. This means people can make changes to one file rather than having multiple copies. Versioning is included in case you need to go to back to an older version.
Always Have Access to the Latest Versions of Programs
With Office 365, you’ll also have access to the latest versions of Office at no additional charge. You’ll get the latest and greatest features without having to uninstall and reinstall Office on everyone’s machines. In addition, Microsoft is constantly making upgrades to features across programs – you’ll get access to those, too. Check the Office Blog to get an idea of what kind of upgrades you get with an Office 365 plan.
Mix and Match Plans
There are several different Office 365 business plans available with different programs and features. Not everyone in your company is going to need the exact same thing. You can mix and match plans so you don’t have to pay for more than you need. It’s pretty easy to switch between plans, too, if you find that an employee needs more or less than what they have now. You can check out a breakdown of the different plans here.
Office 365 is a subscription-based service, meaning you pay a low monthly fee (per user) rather than a large lump sum up front. This can be helpful from a cash flow perspective. Plans are typically paid month-to-month (though some places will do yearly subscriptions, sometimes for a discount), so you turn off what you’re not using to save money.
One of the biggest misconceptions about the Cloud is that it’s not safe. In reality, it isn’t necessarily any more or less safe than an on-premise system. It’s all in how you use it and what security measures you put in place. Office 365 has a lot of built-in security features to keep your company’s data safe. Some of our favorites include:
- Encrypted email: This keeps anyone other than the intended recipient from reading your email
- Data Loss Prevention: This is a set of policies that checks and prevents sensitive information (like social security numbers) from leaving your organization via email. We’ve broken it down a little more in this post.
- Mobile Device Management: These features allow you to control Office on your employees phones to protect company information. If an employee’s phone is lost or stolen, it can be remotely wiped to prevent anyone who shouldn’t have access from getting to company data.
- Advanced Threat Analytics (ATA): ATA uses analytics and machine learning to detect and alert you to suspicious behavior on your network. Our favorite part of this? It will scan emails as they come into your network for malicious links and attachments and if it detects something fishy, it’ll prevent the malicious attachment from getting in. Your employees will still get the email, but will get a message explaining why the attachment isn’t there. This can go a long way to preventing a data breach due to human error.
These certainly aren’t all the security features available in Office 365 – just a small sample. Please note, these aren’t available on all plans. To have everyone in your organization covered, you’ll need to get them all on plans that include it or purchase it as an add-on.
Cons of Office 365
If the internet is down, you may not be able to access work.
Since Office 365 is a cloud-based service, if you don’t have an internet connection, you may not be able to access your files. If your company has an unreliable internet connection (or a very slow one), it’s probably not the best option for you.
There are options to overcome some of this if you have an expected downtime. You won’t be able to access email, but you can sync your files to your desktop and use desktop versions of Office programs (if your plan includes them).
Yes, we’re putting this under both pros and cons – for this, it really comes down to preference. If you’d rather just spend a large sum every few years for your Office programs and server and not have to worry about it every month, Office 365 isn’t going to be a great option for you. Yearly subscriptions could be a happy medium, though – often you can get a discount for going this route.
Compatibility with Line of Business Applications
The problem with always having access to the latest versions of Office programs is that your line-of-business applications may not always be compatible. If you are on Office 365, though, you are able to use some older versions of Office programs. Always make sure you check compatibility with critical applications before upgrading Office (or Windows, or any other technology it may interact with).
Can be hard to keep up with changing feature set
The features in Office 365 do change fairly frequently. On one hand, you always have access to the latest and great versions. On the other hand, it can be hard to keep up sometimes if you use some of the lesser known programs like Delve and Yammer.
Typically, the changes aren’t huge, so it’s unlikely any update will mean having to relearn the programs. More likely, you just won’t always know what the changes are.
Most people only use 20% of the functionality
This isn’t really a con of Office 365 itself, but worth noting. A majority of users don’t use Office 365 to its full advantage. Most people use only Office 365 for email, file storage and access to Office programs, even though it has so much more to offer.
There certainly isn’t anything wrong with this – but it may mean you’re paying for more than what you need. If you do move to Office 365, it’s a good idea to do a gut check every few months to see what parts are actually being used. You may be able to move some employees down to a cheaper plan to without losing functionality.
Want to try it for yourself? Start a free trial of Office 365 using the link below. Then, check out this blog post covering 7 things you should try during your Office 365 trial.
Attack email trying to trick someone into sending a wire transfer
Transitioning to a paperless office in the cloud can be a great move for your business, cutting costs and making it easier to access your files from anywhere. But it can present an increased risk of sensitive data leaving your organization via email or online attack.
More and more attackers are targeting businesses and trying to trick employees into wiring money or sending personnel files through CEO impersonation attacks. These are a type of spear phishing attack, meant to look like they are from the CEO (or another high-level employee) sent to a lower level employee (more on phishing on this blog). These attacks are usually highly targeted and rely on the fact that lower level employees don’t always have direct contact with the leadership team and wouldn’t ask too many questions if asked to send information to them.
A common scenario is an email that looks like it’s from a high-level employee to an HR employee asking for personally identifiable information for employees – like a copy of a W2 or for payroll information for employees. Snapchat recently fell victim to this.
These files can then be used to steal the identity of these employees or sold on the black market (so someone else can steal their identity).
What to watch out for
There are a few questions every employee should be asking when they get an email requesting some sort of action (whether it’s to open a file or to send information). Answering these questions can potentially raise a red flag and let you know there is something wrong.
Do you really know who is sending the email? Do you recognize the sender and their email address? Is it the correct email? Is the From: name formatted correctly?
Is the message consistent with what you would expect from the sender? Is the tone consistent with the way they normally speak and write? Does it look like emails from that sender (fonts, colors, signature, etc)
Is the sender asking you to open an attachment or access a website? Hover over the link to see the URL – does the URL match what you’re expecting? Is the domain in the URL or file name of the attachment related to the content of the message?
Please note, even if you don’t immediately see something amiss, this doesn’t guarantee the email is legitimate. It is possible for more advanced (or more dedicated) attackers to spoof a legitimate email address. If someone is targeting your company very specifically, they have a spent the time to learn enough about your company and leadership team to imitate their emails pretty convincingly.
What to Do to Protect Your Files
There are some steps you can take to mitigate the risks of your company falling victim to CEO impersonation attack:
Train all employees on data security best practices and what to look out for: This the biggest key to data security. Everyone in your company regardless of role should be trained in data security – and regularly retrained as threats evolve. Even outside of CEO impersonation attacks, it only takes one employee accidently clicking on a bad link or opening a malicious attachment to put your whole company at risk.
Limit who has access to personnel files: The more people who have access to sensitive data, the bigger the risk. Store files in a location where you can restrict access based on the employee. If you’re using Office 365, Sharepoint has some nice functionality for this.
Implement Data Loss Protection: Some email services (like Office 365) have the capability to implement data loss protection. These are basically a set of customizable rules that check emails before they’re sent to make sure sensitive data isn’t being emailed out. We’ve written more about it in this blog.
Implement a good spam filter: A a good spam filter will stop the more obvious phishing emails. This isn’t 100%, though – just as legitimate messages can be caught by a filter, well-crafted, malicious messages will pass through a spam filter. Employees need to be trained that an email making it through a spam filter doesn’t automatically mean it’s legitimate.
As an Individual
- Never give out passwords or other sensitive data over email.
- Do not click on links in email, especially from unknown sources. Pull up your browser and go to the website there rather than clicking. For example, a user who receives a message from LinkedIn should open a new web browser window, navigate to LinkedIn, and log in, rather than clicking on the email link. If the email is legitimate, the notification will be in the LinkedIn notification system.
- Trust your gut and double check everything – if something looks funny or just doesn’t feel right, don’t open it and don’t respond to it. It’s better to take the extra few minutes to double check with the sender to make sure it’s real.
- Follow basic data security best practices in and outside of the office. Here’s a short guide to get you started.
Don’t let CEO impersonation attacks dissuade you from considering the cloud or a paperless office from your business – and don’t think you are safe just because your information is stored on a server at your office or in paper form. Any company can be a target. With the right security measures in place and a well-trained staff will go a long way to keeping you safe.
Our friends at Propel HR have written more about transitioning to paperless offices. Read their blog here.
Email is a huge source of distraction in most businesses. That’s probably not a shocking statement considering that the average worker sends and receives 121 emails every day. That’s a new email every 4 minutes in an 8-hour work day. Here are a few things you can do both as an organization and as an individual to cut down on the distraction that is email.
Today’s post is a preview of our Productivity Email Course. Sign up now to get more tips and tricks just like these to cut the distractions, boost your productivity and get time back your day.
1. Reduce reply-all madness.
Here’s a common scenario: You get CC’d on an email (along with several other people) that you don’t really need to be on. Thirty minutes and six emails in the chain later, you’re ready to scream.
Unnecessary CC’ing and the overuse of the “Reply All” button are huge contributors to email clutter. There are a couple of things you can do to lessen the madness:
Change the expectation: Being unnecessarily copied on emails is usually the result of someone trying to cover themselves. To combat this, set the expectation with your employees for the best way to keep you informed – whether that’s setting a time to talk to you about it in person or just changing the subject line to call out specifically when action is required.
Ignore the conversation: Changing the expectation unfortunately won’t get you out of every annoying email chain you don’t need to be copied on. For worst-case scenario email chains, go with the nuclear option: the “Ignore Conversation” button. If you’re using Outlook, you can use this to ignore all future communications in an email chain (they will go directly to your “Deleted Items” folder). Beware, though: It will also delete the messages in the chain you’ve already received.
To ignore an email chain/conversation, select a message in the email chain, and click the “Ignore” button (right next to the deleted button).
2. Cut down on email newsletters.
Even if you read them every day, getting multiple industry newsletters and discount offers from that store you shopped at once and a newsletter from your kids’ school can quickly clog up your inbox.
There are a few options for how to streamline:
- Triage your newsletters: Take a few minutes one day to assess the email newsletters you get and which ones you actually read. If you don’t read it on a regular basis, unsubscribe from it. All emails newsletters should have an unsubscribe link somewhere near the bottom.
- Send them to a “Newsletters” folder: If you can create rules in your email client (directions for Outlook are here, and Gmail here), create a “Newsletters” folder in your inbox, then create rules to send your newsletter there automatically. If you’re subscribed to newsletters from different companies/senders, you may have to create multiple rules.
- Use UnRoll Me: Unroll Me is a free service that aggregates your email newsletters into a daily email and lets you easily unsubscribe from the newsletters you don’t want to receive. Unfortunately, it doesn’t currently work with Exchange so if you’re using Outlook on the desktop, Office 365 or Exchange Online you won’t be able to use it (As Office 365 users, we’re hoping that changes!). It’s compatible with Outlook.com (including Hotmail, MSN, & Windows Live), Gmail, Google Apps, Yahoo! Mail, AOL Mail, and iCloud.
3. Use an internal social network to reduce company-wide emails.
Another huge source of unnecessary email is company-wide emails (and the reply-all madness that can follow). A great solution for reducing this is to implement and use an internal social network. Suggesting a social network to combat productivity issues sounds crazy, but stick with us.
At PTG, We use Yammer. All company-wide announcements are posted here, rather than being sent out by email. We post everything from “It’s time to make any changes to your health insurance” to “There are donuts in the kitchen” to Yammer.
By posting these in a social network instead of emailing, we’ve cut down on dozens of emails each month – and their replies. Employees know to use it to post any announcements they may have and to check it to keep up with what’s going on in the company (and there are optional daily digest emails for those who prefer not to visit the actual site).
4. Use instant messengers to turn email into conversation.
Another cause of email clutter: email chains that could be eliminated by just having a short conversation – you know the ones we are talking about.
The solution? Just have the conversation. Pick up the phone or use an instant messenger and just talk to the other person.
We use Skype for Business for this purpose (we actually use it as an instant messenger and our phone system), giving our employees an easy way to communicate outside of email. It’s especially helpful when employees are out of the office and can’t talk face to face. (There is even an app for mobile devices and tablets.)
Giving employees another way to communicate – like an instant messenger – for short conversations can seriously cut down on the one and two sentence emails and help drastically resolution time. When you don’t have to fight through the noise that is someone else’s inbox, you can get an answer much, much faster.
Encrypted email is a great way to beef up your data security (and necessary if you need to meet certain regulations like HIPAA). We’ve covered it in more detail on this blog post. But it can make emailing with people outside of your organization a hassle sometimes. One of the most common questions we get from customers is “How can people I email see my encrypted emails if they aren’t on Office 365?”
If you are not using Office 365 and want to view an encrypted email you received from an Office 365 account, follow these steps.
After getting an encrypted email like the one above (see the note at the bottom about encryption by Microsoft Office 365? Look for that to make sure these steps will work for you), you’ll need to open the attachment.
To do so, simply double-click the attachment (you may have to save it to your computer first). Opening the attachment will open a web page that presents you with several options for accessing the secure email sent to you: View the message on desktop, View the message on an iOS device, View the message on an Android device, or use a one-time passcode.
If you don’t often receive encrypted messages, we recommend using the one-time passcode. Clicking on this link will send you a second email with a passcode that’s good for 15 minutes and open up a window with a place to enter the passcode.
Copy the passcode you receive in the second email and paste it into the web to view your encrypted message:
If you get encrypted emails on a regular basis, you’re better off viewing on your desktop or mobile device. This option allows you to sign in and view your message at any time, but requires you to register your email address with a Windows Live ID. You can do this at http://signup.live.com. This is the same account used for logging into other Microsoft accounts like Outlook.com and Xbox and your personal OneDrive, so you may already have one.
Registering yourself for a Windows Live ID allows Microsoft to associate your email address with a password. After you’ve registered you can use your email address and password to login and check your encrypted email at any time.
If you’re on an iOS or Andriod device, you’ll need to download an app – called the OME Viewer – to view encrypted emails. After downloading the app and creating your Windows Live ID, just click the appropriate link in the initial email to view the encrypted content.
After you’ve gone through the steps of creating an account and downloading an app, viewing encrypted emails from Office 365 should be a much faster process.
Have you ever gotten an email that sounded way too good to be true? Maybe something like an imprisoned, or exiled member of royalty who needs help getting fund out of his country and will gladly give you reward?
Or in more recent news, the email appeared to be from the IRS indicating that they fouled up your tax return from last year, and if you will simply click on the link included in the body of the email, they will gladly return the money you are so rightfully owed.
Or maybe you’ve gotten an email from the CEO (or someone else higher up) of your company saying he needs you to wire him money?
Well, friend, between you and me, the government usually only gives you back what they’re supposed to, and, unfortunately, that niece of the former advisor to Muammar Gaddafi, is a fake. You have just been the target of a phishing attack.
So what is “Phishing”? Phishing is an email attack aimed at fooling the target into thinking that the email address is from a legitimate source in order to gain access to personal or business information such as credit card numbers, account information, or passwords.
In a phishing attack, the attacker is using some communication to inject malicious software, redirect traffic, or get you to reply with your personal information. For example, the email that comes from a bank stating that something is wrong with your account and for security purposes they need to reset your PIN number on your account. This email typically has a link that will conveniently allow you to enter your account and routing number and change the PIN. Unfortunately, it didn’t really come from your bank, and the attacker now has access to your account and all of the funds.
Types of Phishing Attacks
Are there multiple types of phishing attacks? Sure there are:
Phishing is a typically undirected type of attack: A large scale email sent out to as many addresses as possible with the hopes of enough people falling for the scam to warrant the effort.
Spear Phishing is a directed attack. Typically, the attacker has done some research on his target to better tailor his attack with the hopes of a higher chance of success. For example, finding out the name of one of the Human Resources and the type of coffee that this person drinks to create an attack that appears to be an email from said coffee chain with the hopes that the user wouldn’t think anything strange and thereby increase the chances of successfully stealing the information when the user replies to that email. Or an email to a lower level employee that looks like it’s from a member of the leadership team asking them to wire money.
Whaling is a phishing attack directed at executive level users. Companies love to publish the names and contact information for their executives on their websites. Hackers love this as it takes the guesswork out of figuring out the correct email address to send their bogus emails.
How to Spot a Phishing Attack
There are several dead giveaways to spotting phishing emails:
Bad grammar and misspelled words are usually huge, glaring clues that the email isn’t legitimate. These can be in either the subject or the body of the email. The existence of special characters such as punctuation marks in the middle of a word is another dead giveaway. These errors usually occur as the result of being run through a translation program because the attacker doesn’t speak English.
A quick test is to hover over the sender’s name in the email itself. If it doesn’t show as the email address from the person or organization that it should be, it’s definitely a phishing attack. What the attacker has done in this case is spoofed the email address to disguise itself as a legitimate message in order to get past any security messages you may have in place.
The sender only has one way of contacting them, no phone number, no email address (the one used to send the email is most likely fake), and no online portal to contact the sender.
The email asked for financial or other sensitive information. Any emails that appear to be from banks, the IRS, medical institutions or other companies that handle sensitive data, can typically be ignored. Trust me, if these people want to get in touch with you, they’ll get in touch with you and it won’t be by email. If there’s a problem with your account or payments, they will get a hold of you. So please do not send out any personal information, account numbers, PIN codes, or passwords over email. EVER. Chances are these emails are being sent unencrypted and, therefore, can be intercepted by a number of means leaving you wide open to identity theft.
The email uses a different font, color or a different writing style than the writer typically uses. If you get an email from someone in your company that doesn’t really sound like the way they normally write or is formatted differently than their emails usually are, that may be an indication of a phishing email – especially if they’re asking for sensitive or financial information.
So what can you do?
A great spam filter will help filter out the majority of these attacks. The spam filters can analyze the message before it ever gets to you and kick out any blatant attacks. A good antivirus solution will scan emails and attachments for any malicious software or back doors that may be working to break into your system and steal personal data. Unfortunately, these attacks are getting better and better at disguising their true identity and intentions and are getting past spam filters.
If you get an email from a co-worker or boss that looks suspicious, just give them a call and ask them if it’s real before clicking or downloading anything or before sending them sensitive information. Same thing if it’s from a bank or somewhere you actually do business with.
Any links in an email that you are unsure about should NEVER be clicked on. Most of these are directing you to a website that may look like it comes from the supposed sender. Also, NEVER open any attachments on these emails. Many malicious payloads live in these attachments or on these links that when downloaded to your machine will wreak untold havoc on your system to say nothing of your finances or personal data once it is stolen.
The next time you get a suspicious email from the aforementioned royalty, a bank or credit institution that you have no account with, the government, or anything that looks suspect, give it the sniff test. A deleted email and a phone call from the sender if they actually sent it is always preferable to financial ruin. As always, feel free to call us at PTG and tell us about the message and remember the old adage: If it sounds too good to be true, it probably is.
What Regulated Industries Need to Know to Keep Data Safe
Work in a regulated industry and want more information about how you can protect your business from cyber threats (and avoid costly fines for non-compliance)? Join us for lunch On March 24!
We talk to a lot of people who use Office 365, I mean a lot. One thing that continues to amaze (and disappoint) me is the number of people who either a) didn’t know they had OneDrive or b) know they have it and don’t use it.
If you aren’t familiar with OneDrive for Business, here’s how Microsoft defines it:
“OneDrive for Business is a place where you can store files from your computer into the cloud, and access them from any device, or share them with others. As part of Office 365 or SharePoint Server, OneDrive for Business lets you update and share your files from anywhere and work on Office documents with others at the same time.”
Here’s what you need to know (For clarity, we mean the Business Version of OneDrive when we say “OneDrive” in this post. As we’ve covered in previous posts, Microsoft can be confusing with their naming):
1. You get 1TB of storage.
If you use any of the Office 365 suites (E1 or greater, Business Essentials or greater, or their education/government counterparts) then you get 1TB of storage included. This is more than enough storage for the average user.
2. OneDrive can replace your local file storage on your PC.
Again, with 1TB, that’s usually more storage than most folks have on their PCs or Macs. If you get into the practice of saving your files to OneDrive, you can access those files from anywhere.
3. There are apps for iOS, Android, and Windows.
If you get into the habit of saving your files directly to OneDrive, you can then have access to your files no matter where you are or what platform you are on.
4. Version control is awesome.
Just like a SharePoint document library, OneDrive creates versions of your documents as you save them. This has saved me more than once when I made a mistake and needed to go back to a previous version.
5. You can get one version of the truth.
If you work in a highly collaborative environment, you can share your documents from OneDrive so others can view and/or edit them. This keeps you from having to email the file and ending up with multiple versions of the same document. This recently shaved about 3 days’ worth of time off of a contract I was working on. I shared the document and kept working on it without having to wait for comments back from my colleague. They show up directly in the document, making both of our lives easier.
6. Sharing files is a cinch.
It’s extremely easy to share files. You can grant permissions directly or just generate a link for others. You can also set expiration dates on links so that they become inactive after a period of time. If you using Outlook 2016 you can also easily add OneDrive documents to your emails. (This is one of my favorite new features!)
7. You can sync files to your desktop.
Thanks to the new OneDrive Next Generation Sync Client, you can finally selectively sync files and folders to your desktop. This is a feature that Dropbox and Box have had for quite some time and I am excited that Microsoft has finally caught up. Tip: Know your limits. There are limits to OneDrive, so make sure you know them before syncing your entire computer to it.
8. If you use Dropbox as a group’s document repository, OneDrive is not a replacement solution.
This is probably the number one mistake the people make. Tons of SMBs use Dropbox as a replacement for a file server. (For the record, I am against this use case, but it does work for some people.) Lots of departments in larger organizations do the same thing. (I can get behind this.) OneDrive cannot replace that use case very well. While it can work, it usually requires a complete rework of your processes and most people can’t make that change so it doesn’t make sense to even try. The best use case is to check out SharePoint document libraries. We’ve covered more about what to store in OneDrive vs what to store in Sharepoint in this post.
Want to try it for yourself? Start a free trial of Office 365 to try OneDrive for Business.