Many business owners using Microsoft 365 (formerly Office 365) believe that their data is totally secure. The reality, however, is a different story. Although Microsoft offers many benefits in productivity, efficiency, and collaboration with Microsoft 365, the company does not provide users with a comprehensive backup system for their underlying data.

Mechanical malfunctions and physical damage, hacking and theft, user error, and power outages all put user data at risk in the cloud. While companies do their best to prepare for these problems, no plan is foolproof, and stories of data loss are far from rare, with the average data breach costing small businesses $120,000. About 32% of companies get hit by data loss in the cloud, with the most common cause being deletion. Although nearly two-thirds of data loss is accidental, 20% is lost to malicious intent, including hackers.

Cloud Backup Saves Data, Time, and Money

Cloud backup can be the difference between a slight blip and a disaster, and it can offer end customers a way to mitigate these risks. Advantage, a managed service provider (MSP) in the U.K., had one customer that did not think it needed backup besides Microsoft 365. That was until an employee inadvertently deleted 50,000 files in the accounting department’s SharePoint library.

The information was recoverable in the recycling bin, but this would have had to have been done file by file, which was going to take an estimated six days. Luckily, Advantage had been backing up SharePoint files with SkyKick's Cloud Backup. So, the entire folder and all the files were restored within hours — a significant improvement in efficiency. After that, Advantage’s client requested backups for its entire Microsoft 365 tenant as well.

Ransomware is another issue facing SMBs across the globe. Although it has become more sophisticated, many schemes are still simple and catch users off guard. A client of U.S.-based MSP BOAB IT was hit with ransomware in 2016, and the perpetrators wanted $6,000 for the key to unlock the data. Luckily, BAOB IT had deployed Cloud Backup a few months before the attack. So instead of paying the ransom or wasting hours recreating 44,000 encrypted files, the service provider was able to restore all the customer's files, including every pre-attack version.

The fact is that having only one copy of important data is asking for trouble, whether it is stored in the cloud or elsewhere. If your data isn’t backed up, you could be facing not only a loss of productivity as you scramble to rebuild, but also a loss in revenue and reputation.

Microsoft 365 is an excellent service that gives you access to your data from virtually any place at any time — and across many devices. As a software-as-a-service (SaaS) built on the industry-leading Azure public cloud, Microsoft 365 offers users high reliability, geographic redundancy, and secure connectivity.

This should not, however, be confused with a comprehensive data protection solution. Microsoft does not back up M365 user data, so it recommends that customers use third-party solutions. Furthermore, Microsoft does not protect data from common issues like file corruption or everyday human error. Nor does it offer a way to easily revert to older versions if something goes wrong beyond their normal data retention policy.

Red Clover Technologies can help you evaluate your options in addressing these shortcomings and specifically discuss how implementing a backup solution can be cost-effective and seamless and offer peace of mind.

Cloud Backup Should be Easy to Use, and Recovery Should be Fast

Not all backups are created equal, however. When looking into a solution that can protect your data stored in the cloud, there are a few fundamental questions:

• What data is actually being backed up?

• How is the backup data being stored and protected?

• How often is data backed up, and how long is each backup version kept?

• How easy is the data restoration process?

RCT’s Cloud Backup is a flexible, agile, and reliable solution that offers comprehensive data protection across the full Microsoft 365 tenant, unlimited storage and retention of user data, and a hassle-free setup and run experience. And data recovery, when needed, happens fast, which gets your company up and running with minimum downtime.

What exactly is going on?

Phishing emails and themed ransomware attacks are masquerading as the WHO, CDC or the HHS in an attempt to lure people into visiting malicious websites, providing personal information, stealing login credentials or accept donations.

Some phishing attempts are as simple as trying to portray as a legitimate online web store, but once you click through they may attempt to steal credentials. Sometimes there is also a risk for the attacker to place ransomware on the computer, locking the user out of the system.

Other styles of phishing pretend to be from the Dept of Health and Human services, and even seemingly will bring you to the hhs.gov website at first glance. However on closer inspection we see that the URL redirects you to a malicious website instead.

This example takes it up a notch and is randomly sent to a person’s cell phone as a text message, with the goal of luring them to receive free supplies.

More targeted attacks may be pretending to be from an internal person at a company, or a specific department utilizing vague and generic phrasing. Attackers are taking advantage of organizations implementing new rapidly changing policies surrounding COVID-19 that need to be understood by their staff in an urgent fashion.

The attachment in this example leads the victim to a website that attempts to steal Office 365 credentials.

Where can I report fraud?

The federal government is aware these attacks, and has posted several resources online as well. The Dept of Justice has a page with information on how to report fraudulent emails, along with the Cybersecurity and Infrastructure Security Agency’s page with further reading.

What can be done to help protect my employees and my business?

We offer employee training, along with various mitigation methods to help keep these attackers from being successful and damaging your business. The average industry estimate for a ransomware attack is $713,000 per incident which includes downtime, lost revenue, legal fees and more. (Not to mention if you paid the attacker the ransom, that constitutes a federal charge of money laundering!)

If you are interested in having a risk assessment performed and an action plan put in place, we’re available to help. You can use the contact form below, or give us a call at (833) 733-2587.

Microsoft released a patch for its Windows 10 desktop operating system, and Windows 2016/2019 server operating system yesterday to address a severe bug in its Windows CryptoAPI. The bug was discovered by the NSA, and released in a press conference by Director of Cybersecurity Anne Neuberger.

The excerpt from the Microsoft vulnerability report best describes the scope of this bug:

An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source.
The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.
A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.

What does this mean in layman’s Terms?

An attacker can spoof the credibility of software, or even secure connections you or your computer establishes.

Typically this credibility is verified by trusted entities online such as Microsoft, VeriSign, etc. These trusted entities are like a State’s Department of Motor Vehicles in the sense that they issue identification, after vetting your identity.

However with this vulnerability left unpatched, an attacker could issue their own identification and fake the credibility of the issuer (which is the DMV in this example). This is sort of like someone using a really, really, really good fake ID - however instead of trying to get into a bar while underage, they’re running malicious programs on someone’s computer or listening to secure communications, such as online banking.

How Can I Stay Safe?

Our clients are audited for the presence of security patches, or lack thereof on their systems. If a system is not properly patched, we will apply our automated measures to install the patch.
The name of the patch will look something like this “2020-01 Cumulative Update for Windows 10 Version xxxx for x64-based System” (xxxx = build number of Windows, i.e. 1909)

When’s the last time you updated your operating system for security fixes? Likely several times within the past few months, at least we hope so. But what about your wireless keyboard or mouse?

A three year old proof of concept hack still poses a threat to Logitech wireless peripherals in a new form. (source: The Verge)

Within the past week it was discovered these devices are vulnerable to a series of new attacks, allowing someone to take remote control of the computer. The saving grace here is that you would need to re-initiate the pairing process, and inside of that small amount of time they can grab control.

It’s not just Logitech devices that are affected - the original vulnerability from 2016 can grab control of keyboards and mice from other manufactures as well from HP, Lenovo, Dell and Microsoft. Devices utilizing the same hardware in the dongle are at risk.

Logitech has provided a support page containing links to update software to address the vulnerability.

As security is one of Red Clover Technologies’ primary concerns, we strongly encourage anyone with these devices to update the firmware on them as soon as possible. If you have questions, don’t hesitate to reach out to us, and we’d be happy to help.