Well folks, that time has come again: The biggest shopping days of the year are just around the corner. No doubt that even as you read this, you’re strategically planning your routes and timelines to reach every store to get all the best deals for during Black Friday (or maybe you’re going with our preferred method and planning exactly what leftovers to eat while shopping online on Cyber Monday – after business hours, of course).
As exciting as all of this consumerism is let’s remember there are people trying to make off with your hard-earned money and will use the excitement of the holiday season, when your guard is down and your spending is up, as cover. So here are a few helpful tips to keep in mind as you prepare to shop ‘til you drop:
Wifi has become such common convenience that we’ve come to expect to use in our daily lives – even when out shopping. But do you really know who is running the wireless network named “Starbucks Wifi” you connected to before pulling up Amazon.com or making a banking transfer while you stopped for coffee during your shopping marathon?
It’s pretty easy for less than honest folks to set up a wireless network that looks legitimate and set up camp in a coffee shop or a crowded mall. Logging into your account while connected to one of these networks will send your username and password right to their laptop.
How do you combat it? Steer completely clear of unsecured public wireless networks. You just never know who might be watching the traffic that goes across them. If you must do something online, the safest bet is to wait until you get home or use your data to browse. A ding from the cell phone company for going over your data limit is better than having your accounts cleaned out by the hacker because you just had to check Facebook on the free wireless.
We all know that the closer Black Friday and Cyber Monday get, the more ads and promo emails you get from retailers advertising the enormous discounts and specials that are happening. Promises of coupons or mail-in rebates will flood your inbox and junk folders from now until New Year’s.
These deals are enticing, but let’s make sure to check a few things off of our security checklist before getting click-happy and ending up with an infected computer or an empty bank account – or both. There are always a few giveaways to the emails that are real and the ones that are bogus attempts to steal your data:
Poor spelling and grammar is a tell-tale sign of emails from spammers, hackers and phishers. The email from “Macie’s” instead of “Macys” and “Azamon” rather than “Amazon” that look like they were written by a first grader are not the ones you want to click on.
These are phishing scams hoping that you won’t be paying enough attention to notice that the email didn’t come from Amazon.com in hopes of stealing your login to go on their own shopping spree, at your expense. This doesn’t, however, mean that a perfectly spelled email is going to be safe.
Another point to remember is the old adage, “If it sounds too good to be true, it probably is.” The email promising $600 off of a TV that costs $800 is begging to be opened but think before you click. Do not, under any circumstances, submit your confidential information to a web page that you opened from an email. This is an all too common mistake that hackers love to exploit to gain personal information.
If you have a question regarding an email that was sent to you from a company call and verify its authenticity. Isn’t a 45-minute phone call to find out an email is or is not real, better than spending hours on the phone with the credit card companies trying to figure out how you just bought a TV, a crock pot, a sectional sofa and a new suit in 3 different states when you haven’t left the house?
The best thing you can do for yourself is to be vigilant and err on the side of caution – this applies on and off line.
Don’t keep your credit card in your hand while waiting in line. The person behind you who appears to be talking on the cell phone may just be waiting for the right time and angle to snap a picture of your card and go home to buy themselves a present or twelve with your money.
Keep an eye on your bank account during this time of year. Make sure that you know that the purchases that show up on your accounts are ones that you actually made. Small charges that you didn’t make are telltale signs of someone who has compromised your card number and is testing it to make sure that it works before really running up the balance.
Enjoy yourselves out shopping and busting doors – just be cautious about it.
Having a strong password is your first line of defense in data security. Keep your data on lockdown with these Do’s and Don’ts of Secure Passwords (click to expand):
Remember – there is never a 100% guarantee when it comes to data security. But having a strong password and using these password best practices is the first step in getting close.
Technology is a large part of what gets us up every morning here at PTG (shocking, I know!). Given our propensity to get excited about new phones, laptops, or apps, it’s probably no surprise to you that the roll-out of Office 2016 has us pretty excited.
But, why should you care? You may not get as excited as we do, and that’s okay. There are a few good reasons to check out Office 2016 even if you aren’t an avid technologist.
It’s part of Office 365
If you are using an Office 365 subscription that includes the Office client download, you get it for free (E3, Business Premium, Midsized Business and Office Pro Plus plans). Hopefully, you already know that if you are using these plans you get the full install of Office on up to 5 PCs/Macs and 5 mobile devices. If not, start downloading.
This also means that you don’t have to pay for the upgrade to 2016 — you get it no matter what. We’ve written, in more detail, about the differences between Office 2016 stand alone and as part of Office 365 before.
It’s mobile friendly
Microsoft has upped their mobile game – and not just on Windows Phone. Microsoft was definitely a laggard on the mobile front. Android makes up the vast majority of mobile users today with over 1.3 billion Androids in the world. To put that into perspective, there are 1.4 billion PC users in the world.
Microsoft recognizes this and the mobile versions are as full-featured as their desktop counterparts. You can compose and format a document in Word (or a presentation in Powerpoint, a spreadsheet in Excel, etc) from your phone. You can send that doc to a co-worker and your formatting, comments and annotations will be carried over to him or her.
(Outside of Office 2016, Microsoft has a few other mobile apps we love – like Outlook and Office Lens).
It’s cloud friendly
The new Office is also cloud friendly. You can now co-author in most of the desktop applications. This has long been a feature of the Web versions but is making its way to the desktop versions too. This means that multiple people can work on the same document (like a proposal) without having to compile several versions down the road. We like to call it “one version of the truth.”
Office 2016 also makes files easier to share than 2010 or 2013 with a sharing button is in the upper right-hand corner. Any files you share are automatically posted into OneDrive and available on all your devices and to your colleagues. And while OneDrive is included with 1TB of storage in your subscription, if you prefer to use Dropbox, there is direct integration with Office 365 and Dropbox.
These are just some of the exciting features of Office 2016 that will help make you more productive. If you aren’t sure if you have Office 2016 included in your subscription or would like to add it to your subscription, just let us know!
It’s impossible to go more than a few days without hearing about another business getting hacked or a new virus or malware that could hold your files hostage. It seems like threats are everywhere – and you’re vunerable even as a small business.
But, ultimately the biggest threat to your company isn’t an outside attacker – it’s your employees. No, we don’t mean your employees are stealing your data to sell on the black market or anything like that (though a disgruntled current or former employee can be a big risk if they still have access to any systems).
But most data breaches are caused by human error: someone opening a malicious email or clicking a bad link or losing their phone or getting a virus on their work laptop while working at home and bringing it inside your network… the possibilites go on and on
Here’s what you can do it address it:
Train your employees on data security best practices
It’s vital that all employees are trained on security best practices. All it takes is one employee clicking on a malicious link that looks legitimate for your whole business to be compromised. Teaching employees what to watch out for and what basic data security rules to live can greatly reduce the risk of that happening. Work with your IT company to create a training plan for your current employees and make this a part of your new employee training.
Implement policies and technologies to protect you
It’s likely you already have a firewall and password on your computer, but this alone isn’t enough. Putting data security policies and systems in place can go a long way to protect you. What’s best for you will depend on your line of business and your users.
Some to consider are:
- Dual-factor authentication: Dual-factor authentication combines something you know (like a password) with something you have (like a phone app or a keyfob). This makes it much harder for an attacker to access your information if your machine is ever lost or stolen.
- Encrypted Email: Encrypting your email ensures that the only person who can read it is the intended recipient. If you’re regularly emailing client data or sensitive information, talk to your IT company about getting this implemented for all employees. If you email this information to people outside your organization (like a client), make sure they can still access the information.
- Data Loss Prevention: Data Loss Prevention is a set of policies to allow organization to monitor email communications for sensitive material. Once turned on, these rules scan all emails to and from an organization looking for information like credit card numbers, SSNs, Taxpayer Identification Numbers, and Passport numbers. Depending on your email service, you should have the ability to decide what to do with a message once an email is deemed out of compliance with your Data Loss Prevention policies – like not sending the message, CC’ing the employee’s manager, or to warn the employee the email may contain sensitive content, etc.
- Outbound Internet Monitoring: Services like OpenDNS can monitor your outbound internet connections. This isn’t so you can spy on your employees – it just makes sure your internet traffic is going where it should, and a not being re-directed to a vicious site or server.
Keep your systems up to date
An old firewall and an antivirus program that hasn’t been updated in two years aren’t protecting you. Hackers and threats to your data security are constantly evolving – and your protection needs to evolve with it.
Your best option is data security as a service – this treats data security services (like firewall and virus protection) as an always-on, constantly monitored service (generally paid for with a monthly fee) rather than something you do every few years. When looking for a vendor, there are a few things to consider:
- Does it include firewall, antivirus and web security? Email configuration? How often are these updated?
- Are they monitoring your network for suspicious activity?
- Are they checking your outbound internet traffic to make sure your web traffic is going where it should be going and not to a malicious site that’s been made to look legitimate?
Unfortunately, there is never a 100% guarantee when it comes to data security. But having the right systems in place and a well trained workforce will go a long, long way to preventing a data security breach that could bring your business down.
If you have any questions about data security, or just want a checkup of what you have in place now, please contact us.
We’ve all been there – stuck in a chain of Reply All emails that’s gone on far too long and is clogging your inbox. Either the chain started innocently enough with an FYI email to a group that’s spun out of control. Or you’re stuck on a chain you shouldn’t have been copied on in the first place.
Luckily, if you’re using Outlook, there are a few things you can do to get out from under the mess. If you’re the sender, you can stop your recipients from using the Reply All button in the first place. If you’re a recipient, you can opt out. Using these two tricks should help you cut down on the number of unnecessary emails you get from reply all button abuse.
How to prevent people from using Reply All
To prevent recipients from replying all to your email, you’ll need to create a custom form in Outlook (all recipients must be using Outlook for this to work). This seems like a lot of steps, but you’ll only need to set up the form once.
Go to “Design a Form.” If you’re using Outlook 2013 or later, this is on the Developer tab. If you’re using an earlier version, it’s on the Tools tab (if you don’t have either, you’ll need to add the tab first using the Customize Your Ribbon option). If you’re using Office 2016 or Office 365, you can get it to by typing “form” in the “Tell me what you want to do…” box in the ribbon.
Once you click the “Design a Form” button, you’ll get a box that looks like this:
In the “Look In:” drop down, choose “Standard Forms Library.” Then, select “Message” and click “Open.” A message window will open that looks like a lot like a normal new email message – but with very different options. This is the developer view. For this form, you’ll need to go to the “Actions” tab:
Once you’re on the “Actions” tab, you’ll see these options you can customize. To customize the use of Reply All, double click on that line:
A new box will pop up. Uncheck the box next to “Enabled” and hit “Ok.” After the box closes, you’ll need to go to the “Properties” tab (right next to the “Actions” tab).
Once you’re on the “Properties” tab, you’ll need to check to box next to “Send form definition with item.” (You’ll get a pop-up box saying this isn’t a recommended action – hit Ok.)
Then, you need to publish the form. To do this, click the “Publish” button in the main ribbon on the message window, then select “Publish Form As”
When the “Publish Form As” box comes up, change “Look in:” to “Personal Forms Library”:
Change the “Display Name” to something you can easily remember, like “No Reply Alls”. In the “Form Name” box, enter a unique name (no spaces), like “noreplyalls”. Hit Publish. You can close the Form Editor window that looks like an email message now (you don’t need to save changes – you saved them by Publishing them).
Now you can use this form to send emails that won’t let people reply all! To use it, you’ll need to write your email using the form you just created.
On the Tools/Developer tab, click “Choose Form” and in the box that pops up, select “Personal Forms Library” in the “Look In:” drop down. Select the form you just created and hit open. A new message window will pop up. Use this to write and send your email.
The email will appear completely normal to your recipients. But, if they try to Reply All, they will get a pop-up message saying “That action is not available for this item.”
How to Opt Out of Reply All conversations
If you are stuck in a Reply All chain you didn’t start, there is still hope for you: the “Ignore Conversation” button. You can use this to ignore all future communications in an email chain.
To ignore an email chain/conversation, select a message in the email chain, and click the “Ignore” button (right next to the deleted button). This will send all future replies directly to your “Deleted Items” folder.
Use with caution, though (especially if you habitually clean out your deleted messages folder). It will also delete the messages in the chain you’ve already received.
If you need to stop ignoring a conversation, and it’s still in your Deleted Items folder, select a message and click the Ignore button again. The emails will be restored to your Inbox and future replies will go to your Inbox.
Office 2016 was released on September 22nd. Did you know that this is the last major release of Office? You read that right – Microsoft is moving away from releasing big upgrades every 3 years and moving to a more rapid form of development. You can (and should) expect to receive new features and updates rapidly (like every month!).
If you manage, or are part of, a small team that shares files, notes, emails, or meetings – then Groups are for you! One of the features that has been part of Office 365 for a few months is Office 365 Groups. Up to the release of Office 2016, Groups was only accessible in Outlook Web App. Since most of us work in the Outlook Rich Client (the desktop version of Outlook) – very few of us even noticed it.
Here are our ‘stand out’ favorite features:
- Conversations (these are really just emails) are stored in a threaded view in Groups. If you think about most project communications, aren’t they emails that live in your inbox? What happens when you bring a new team member into the fold? They don’t have access to the history of the communication. Groups changes this – as the conversations are fully searchable and saved in the Conversations section.
- You can choose to have Conversations show up in your inbox or only in the Conversations section. This is great for keeping your inbox clean.
- Groups are self-service. This means you don’t have to involve IT to set up a group.
- You don’t have to worry about permissions. Your notebooks, files, conversations, and calendars are all protected.
With the release of Outlook 2016, Groups is now available in Outlook on your desktop – not just through the web. You can expect Microsoft to release iOS and Android apps for Groups soon (there is already a release for Windows Phone).
To access Groups in Outlook 2016, click “Groups” on the left ribbon (towards the bottom, under your other folders). See image to the right.
Groups can be public – so everyone in the organization can join and participate. Or they can be private – so that only those who are invited have access to the conversations, calendar, files, and notebook.
Give Office 365 Groups a try. And, of course, if you have questions about Groups, please reach out to us!
One of the most commonly believed myths among small business owners (SBOs) is that they don’t need to worry about data security because they aren’t going to be a target. It’s easy to see why SBOs think this way. After all, going after a small business doesn’t seem like it would be nearly as profitable to hackers as going after a big company, like the Target breach from a couple of years ago.
But the unfortunate reality is, small businesses are often easy targets for hackers. The hackers in the in the 2013 Target attack actually got in through a small HVAC company. Hackers know that small businesses don’t have a lot of resources to dedicate to data security – certainly not as many as enterprise organizations. And they will use that to exploit you.
Don’t believe us? Take a look at these two stats from August 2015:
- 78% of spear-phishing attacks targeted businesses with < 250 employees (Spear phishing is an email that appears to be from someone you know but is actually from a hacker).
- 1 in every 162 emails sent to companies with <250 employees was malicious.
Scary stuff, right?
So what can you do about it?
Get the right systems in place and keep them up to date
At a MINIMUM, you should have a firewall, an antivirus program on all computers, passwords on all computers and programs containing company data, and a system that monitors your outbound internet connections.
But a firewall and an antivirus program installed 2 years that hasn’t been touched since isn’t doing much to protect you from the latest threats. Hackers and threats to your data security are constantly evolving – and your data security needs to evolve with it. Your data security programs need to be regularly updated and constantly running to keep you protected.
If this sounds too expensive and too cumbersome to manage on your own, you may want to talk to your IT company about security as a service. This treats data security services as an always-on, constantly monitored service, generally paid for with a monthly fee. This means your systems should be protected against the newest threats – and a monthly fee is usually more affordable for small businesses than the large expenses that come with replacing your firewall.
Educate your employees
Ultimately the biggest threat to your company isn’t an outside attacker – it’s your employees. No, we don’t mean your employees are stealing your data to sell on the black market.
But most data breaches are caused by human error: someone opening a malicious email or clicking a bad link or losing their phone or getting a virus on their work laptop while working at home and bringing it inside your network.
It’s vital for all employees to be trained on data security policies and best practices. Employees must understand what they need to watch out for and why. All it takes is for one employee to click on a bad link for your company’s information to be compromised.
There is never a 100% guarantee when it comes to data security (any vendor who tells you differently is either lying or doesn’t know what they’re talking about) – but with up to date systems and a vigilant workforce, you can get much, much closer.
If you have any questions about data security, please contact us!
 Symantec Intelligence Report: August 2015
 Symantec Intelligence Report: August 2015
October is National Cyber Security Awareness Month. In recognition, we’re rounding up some of our top security blog posts and tips from the past few years. There is never a 100% guarantee when it comes to data security. But following the advice in these posts, along with implementing the right system, will certainly get you a lot closer.
This post outlines basic data security best practices. We hope you’re already following the advice covered in this post! But we get it – if you’re not thinking about it every day, like we are, it can be easy to forget about data security. Read this as a refresher post and make it a goal to follow the tips every day. Read Now
In the post, we cover common security threats you face while out in public and what you can do to keep your data safe. Read this one if you travel for work or if you ever work outside the office (or if you connect to public Wi-Fi in your private time!). We cover threats like rogue access points and safety tips like two-factor authentication (also called dual factor authentication). Read Now
Like the name suggests, this post is about staying safe on vacation – but if you travel frequently for work, this advice applies to you, too! Read Now
If you’ve created a new password anytime recently, you were probably required to use a combination of numbers, letters and special characters. But that may not necessarily mean your password is secure. Read this post to find out some tips for creating a secure password and get links to test your password strength. Read Now
This is still one of our most popular blog posts. It was originally written in 2013 when the Cryptolocker malware first started getting attention and updated recently. It tells you how to block EXE file attachments (one of those popular ways to send malware) in Office 365. Read Now
Learn about some of the built-in options for customization in Office 365 that you can use to protect your sensitive data. This post covers disclaimers, blocking domains and data loss prevention. These are especially useful for companies dealing with sensitive customer data or who regularly have to email customer information. Read Now
This post covered encrypted email: How it works and what it will look like to your recipients. It’s primarily geared towards the healthcare field but if your company deals with ANY sensitive data on a regular basis (credit cards, SSNs, legal information, etc), encrypted email is something you may want to look into. Read Now
This covers a few recent data breaches on iOS and Android platforms and covers mobile device policies. If your employees are using their phones or tablets for work (they probably are, even if you issued them a phone), this one is especially important for you. Read Now
This post covers what you need to know about staying HIPAA and HITECH compliant and storing your inforamtion in the cloud. A common misconception is that the cloud isn’t safe – but it can be! We talk about that, along with business agreements – necessary to HIPAA compliance. Read Now
If an old server doesn’t sound like a security threat to you, then you need to read this post. Storing ANY information on a server that has reached end of service is a huge risk to your business. This post explains why it a risk and what the process is for migrating to a new system. Read Now
It’s important to remember that just following the advice in these posts isn’t enough to keep your business safe if you don’t also have the right system in place. A firewall you bought a couple of years ago and haven’t touched since isn’t doing much to keep you safe. Data security threats are constantly evolving and your data security should be evolving with it. If you have any questions about data security, or just want a check on your current data security set up, please contact us.
Microsoft released the latest version of the Office platform – Office 2016 – earlier this week. There are few ways to purchase it and understanding the difference can be confusing.
Office 2016 can be purchased as a stand-alone software or as part of an Office 365 subscription.
Stand Alone Office 2016
There are two stand-alone versions available for businesses:
Office Home & Business 2016
Includes Word, Excel Powerpoint, OneNote and Outlook) for $229.99 for 1 PC (or Mac – Mac users must purchase Office Home & Business 2016 for Mac)
Office Professional 2016
Includes everything in Home & Business 2016 plus Publisher and Access) for $399.99 for 1 PC (not compatible with Mac)
The stand-alone versions include the ability to save your files to the cloud, which makes collaboration easier – especially among teams not working in the same physical location.
Office 2016 as part of Office 365
If you purchase Office 2016 as part of an Office 365 plan, you have a lot more options for plans and a lot more features. ALL Office 365 plans include:
- Online versions of Office (Word, Powerpoint, Excel)
- 1 TB per user of file storage and sharing (OneDrive)
- Sway presentation creator (learn the differences between Sway and Powerpoint in this blog post)
- 99% uptime guaranteed
- World-class data security
- Active Directory integration to make user permissions
As you go up in Office 365 plans, features you can get in addition to the above include:
- Full desktop versions of Office (Word, Powerpoint, Excel plus OneNote and Publisher) on up to 5 computers per user
- Office on tablet or mobile (compatible with most tablets and phones regardless of OS)
- Outlook with 50 GB of inbox space per user
- Sharepoint (customizable intranet)
- Skype for Business instant messenger (can also be used as your phone system)
- Yammer (corporate social network)
- Compliance Protection (Encrypted Email, Data Loss Prevention, etc)
Which is right for me? Factors to consider:
There are few things to consider when deciding which version of Office 2016 or Office 365 is right for you:
Desired programs and features
Take a good look at what programs and features are important to you. If you just need the basic Office programs like Word, Powerpoint and Excel, either a stand-alone version or a lower level Office 365 plan is probably enough for you. If you’re looking for something more robust, or with access to programs like Sharepoint, you’ll need Office 365.
- Office 2016: Stand-alone Office 365 is the same as previous versions of Office in that you won’t get access to new features until you install a new version of Office. If you
- Office 365: Since Office 365 is a subscription service, you’ll get access to new features as they become available. You’re also going to have access to a lot more features.
If you need to access your information from multiple devices, Office 365 is the way to go. While files in Office 2016 can be saved to the cloud, Office 365 gives you a lot more options for access plus the ability to install office on multiple machines. It also gives you the ability to access online versions of Office programs from ANY device with an internet connection.
Movement between plans
Is it possible you’ll need to upgrade your plan?
- Office 2016: Since Office 2016 is a standalone software, if you need to add features or upgrade, you’ll need to purchase and install new licenses for all users.
- Office 365: Office 365 can switch between plans in the admin center at any time.
What can you afford to pay per user? Would you rather pay a large sum up front or a small monthly fee?
- Office 2016: The stand-alone version is a one-time cost per user, so it will be a large expense up front, but you won’t have to pay a monthly fee after.
- Office 365: Office 365 is a subscription plan, meaning you won’t pay anything up front, but you will pay a set monthly fee per user per month. If don’t have the capital to pay a large chunk of change up front, this may be the better option, even if you don’t need all the features.
If you want to try it out before buying, you can try Office 365 free for 30 days. The trial includes 25 user licenses of the Enterprise E3 plan so you can try it as an individual or as a team – Click here to start your trial.
Windows 10 was released in late July with much fanfare and since then, Microsoft is reporting that more than 75 million users have made the jump to the new operating system.
For some users (and for some hesitant to adopt), privacy is a concern. One of the features causing this concern is Wi-Fi-Sense, which automatically connects you to Wi-Fi. It will connect you to known open Wi-Fi networks or to Wi-Fi networks your contacts have shared with you.
The second option is what’s causing concern. Wi-Fi Sense gives you the ability to share Wi-Fi networks with your Outlook and Skype contacts and Facebook friends. Some people are concerned this will let strangers access their networks without their permissions or that it will give away their passwords.
Here is the truth about Wi-Fi Sense: If that’s all you know, it does sound a little scary, but don’t worry – Microsoft isn’t emailing everyone your password. While Wi-Fi sense is turned on by default in Windows 10, it doesn’t automatically share your Wi-Fi passwords with anyone’s system. Here’s how it works, from the Wi-Fi Sense FAQ:
“You control whether you want to share your password-protected network with your contacts using Wi-Fi Sense. You can share a network with just your Facebook friends, mutual Skype contacts, or mutual Outlook.com contacts, or with all three groups if you want. It’s up to you. After you share access to a network with a group of contacts, all the contacts in that group will be able to connect to the network when it’s in range. For example, if you choose to share with your Facebook friends, any of your Facebook friends who are using Wi-Fi Sense on a Windows Phone will be able to connect to the network you shared when it’s in range. You can’t pick and choose individual contacts.”
When you do share your Wi-Fi network with someone, the password is encrypted – meaning they’ll never know your password, unless you provide it to them yourself.
A great potential use for this would be sharing your office’s guest Wi-Fi with your network so they don’t have to type the password in every time they come by for a meeting.
If you’re uncomfortable using this, though, Wi-Fi sense can be limited or turned off completely in your settings.
You can also opt your Wi-Fi network out of Wi-Fi sense and stop sharing a network you’ve previously shared (directions can be found here). We’d recommend turning off automatically connecting to open hotspots since they aren’t secured. As always, be cautious about what you’re connecting to and what information you are sharing over an unknown network. If you’re unsure about the security of any Wi-Fi network, even one that has been shared to you by a colleague or friend, disconnect and connect to a network you trust.