Migrating to Windows 10: Should you let go of your hardware

Migrating to Windows 10: Should you let go of your hardware

While you can purchase and install Windows 10 in your existing PCs–the ones currently on Windows 7 OS–it is not recommended. According to Microsoft, Windows 10 has the following minimum requirements

  • Processor: 1 gigahertz (GHz) or faster processor or SoC.
  • RAM: 1 gigabyte (GB) for 32-bit or 2 GB for 64-bit.
  • Hard disk space: 16 GB for 32-bit OS 20 GB for 64-bit OS.
  • Graphics card: DirectX 9 or later with WDDM 1.0 driver.
  • Display: 800×600

If your existing PCs don’t meet the above requirements, it’s time to move on. The above list are minimums. The market today has PCs with better specs that will help you get the most out of Windows 10 and make the switch to the new OS more productive and efficient.

Windows 7 was one of the most loved, user-friendly and efficient versions of Windows. This switch sure won’t be easy. It also entails quite a bit of investment in terms of money, downtime and training. Reaching out to a Microsoft-licensed managed services provider (MSP) can help make this transition faster, more efficient and certainly, smoother.

Advertisements

Windows 7 End of Life: What options do you have

Windows 7 End of Life: What options do you have

As Microsoft stops supporting Windows 7 from January 2020, what choices do you have as a Windows 7 user? While Windows 7 will work after January 2020– it won’t just “shut down”–as a business, you cannot afford to use the older version because it makes you vulnerable to security threats. That leaves you with only 2 options.

Option 1: Purchase extended support

Microsoft is offering the option to purchase extended support for Windows 7 until 2023. Though the exact price of the extended support option is not known, it is estimated to be around $350 per device for 3 years.

But, one thing for you to think about before investing in extended support for your existing Windows 7 devices is that after 3 years you will have to migrate to a newer OS no matter what. In the meantime, your newer software programs or apps may not be compatible with Windows 7.

Option 2: Ring out the old and bring in the new–UPGRADE!

If you choose not to opt for Windows 7 extended support, you can upgrade to Windows 8.1 or 10. But, 8.1 was probably the worst-received Windows OS–barring Vista, of course–so tech experts suggest opting for Windows 10 instead. But, you need to be prepared for a few things if opting for the newer Windows version.

For one, Windows 10 has a very different look and feel compared to 7. It will take some time to get used to this newer version of Windows. Plus, it may not be compatible with all the software programs that you currently run on, using Windows 7. Though most of the applications, personal PC settings and data from Window 7 OS is expected to be supported by Windows 10, there is a chance that some of these may not work as well. Experts estimate antivirus software is most likely one among them.

The migration from Windows 7 to 10 is not really rocket science, but for a business, it can be a headache and a major transition. Consider bringing a Microsoft licensed MSP onboard to help you make this switch.

Ransomware emails: How to identify

Ransomware emails: How to identify and steer clear of them

Ransomware attacks have suddenly become more prevalent. Each year sees more of them. Hospitals, NPOs, shipping giants, etc., have all been victims of ransomware attacks. Your business could be too! Did you know that emails are one of the most common gateways for ransomware to get into your systems? In this blog, we tell you how you can stay safe by following a few tips.

If you think something is amiss, it probably is

Does that email seem unfamiliar? As though you weren’t meant to get it, or it doesn’t quite sound like your colleague wrote it? Perhaps it’s not. Malicious email senders often try to mask actual email IDs with something similar. For example: An email you believe to have come from billing@yourvendor.com might actually be from billing@yourvemdor.com. So take a good look at the email ID if you spot something ‘phishy’.

Attachments and form fills

Does the email contain an attachment that you are being asked to save to your computer? Or an executable file that you are asked to run? Perhaps you are asked to submit your personal details at an authentic looking website. Before you do any of these, check the authenticity of the email and the message. Were you supposed to receive it? Were you expecting an attachment? You might even want to call the sender and confirm if you are unsure.

The message seems to instill fear or a sense of urgency

Often, malicious email messages urge you to take immediate action. You may be asked to log onto your ‘banking website’ ASAP to prevent your bank account from being frozen, or enter your ITR details onto a webpage to avoid being fined by the IRS. Real messages from your bank or the IRS will never force or hurry you to do something.

Other things you can do

Regular data backups

Conduct regular data backups so that in the eventuality of a ransomware attack, you don’t lose your data. Cybercriminals having access to your data is bad enough–it damages your brand and business reputation and can even attract lawsuits from parties whose personal information has been compromised, but, not being able to retrieve all that data in the aftermath of an attack is even worse. Regular backups help you in that regard, plus when you have a pretty recent data backup you are not reduced to the state of helplessness where you HAVE to pay the ransom to retrieve your data.

Install an anti-malware tool

Last, but not least, invest in anti-malware tools that can detect malware attacks and alert you before you fall prey to them. Such tools scan emails, links and attachments and alert you if they are found suspicious.

No matter how big or small a business you are, ransomware attack is a reality and applies to you. It is better to be prepared than having to cough up huge sums of money to free up your data later and even then there’s no guarantee your data will be restored by the cybercriminal.

How good is your password

How good is your password?

Did you know that having a weak password is one of the biggest security risks you face? This blog focuses on the best practices related to passwords that you can follow to ensure passwords are not your weakest link.

  1. Avoid sequences and repetitions: How many times have you used passwords like dollar12345 or $$$BobMckinley. Passwords containing sequences and repetitions are just easier to hack.
  2. Avoid using your personal data: Do not make your birth date, bank account number or address a part of your password. It puts your data at stake if your personal information is stolen.
  3. Don’t repeat passwords: Make sure you pick unique passwords every time. Unique, not only verbatim, but also in combination. For example, if password one is a combination of number, symbols and letters in that sequence, password two should be letters, numbers and symbols.
  4. Manual password management is not a good idea: Invest in a good password management tool. You can even find some free ones online. But, manually managing passwords, by writing them down on a spreadsheet is a big NO.
  5. Password sharing: Discourage password sharing across the organization. Every employee should have unique access to data depending on their role and authority. Password sharing gets things done faster, but can do irreversible damage.
  6. Password policy: Have a password policy in place and enforce it. Conduct timely audits to ensure the passwords match the specified safety standards. Also, take corrective actions against employees who don’t follow your password policies related to password sharing, setting, etc.
  7. Don’t use dictionary words: Hacking software programs can guess dictionary words faster. The key is to mix things up a little bit–some numbers, some symbols, some punctuation and some alphabets.

Don’t choose passwords that are way too simple just because they are easier to remember, because, more often than not, it can get you into a lot of trouble.

Think you are too small

Think you are too small to be targeted by a cybercriminal? Think again.

When I meet with clients, especially SMBs, I often hear them say that they feel their business is too insignificant to be a target of cyber-criminals. Why would someone go after my business when there are bigger ones out there, making more money? Here are a few reasons why.

  1. Because you think so – The fact that you think you are safe makes you more vulnerable, because you are not prepared for the eventualities that arise from an attack. Most SMBs I interact with don’t have a well-defined plan in place in terms of IT security
  2. Your staff is a gateway: Smaller businesses rarely conduct formal training sessions or provide information updates to their staff about the latest cyber threats. Such sessions are never a priority when the staff is too caught up with other ‘real’ work. As a result, your staff is more likely to fall for phishing messages and unknowingly become a gateway for cybercriminals to enter your organization.
  3. You work on shoestring budget: Many of my clients claim that they are strained for financial resources and would rather invest in growing their business than on something like preventive IT measures. Well, guess what? Cybercriminals know that too. They know that large corporations have multiple IT security layers in place that are difficult to penetrate. Your business, on the other hand, is a soft target for them since your investment in IT security is negligible.

What you can do to keep your business safe without straining your budget?

  1. Change your mindset- No business is too big or too small for cybercriminals. In fact, a data loss or data compromise is more likely to be fatal for a smaller business than a bigger one.
  2. Train your staff: Teach your staff to identify malicious links, spam, phishing messages, etc,. Send them Day Zero Alerts regularly that keep them updated about the latest threats in the cyberworld.
  3. Consider bringing a managed service provider onboard: Having an in-house IT department can be expensive and not always worth the cost. You can benefit from having a SLA with a managed service provider (MSP). This arrangement gives you the benefits of having a dedicated IT team at your disposal minus the headaches that come with having it in-house.

Don’t forget…it is only a matter of time before you become a victim.

Keeping your data safe: Access Control

Keeping your data safe: Access Control

Cyberattacks are a commonplace today. Malwares such as viruses, worms and more recently ransomwares not only corrupt your data or hold it hostage, but also inflict irreversible damage on your brand and business. As a norm, most businesses these days do invest in anti-virus/cybersecurity systems. But, is that really enough? The answer is–NO. Because, they often overlook one important aspect–access. Ask yourself, how easy is your data to access? How can you strengthen the walls that keep your data safe? Read this blog to find out.

Role-based access

Always follow a role-based access permission model–meaning people in your organization have access to ONLY the data they REALLY need. Generally, the higher the designation, the deeper the data access permission and stronger the rights. For example, someone at the executive level may not be able to edit your MIS spreadsheet, but a manager should be able to.

Formal password controls

No matter how good your cybersecurity, you need to ensure the protocols are followed at the ground level. Enforce policies regarding passwords strictly and hold violators accountable. Examples include-

  • Password combinations – Ensure your staff follows the recommended best practices when selecting passwords so there are no ‘easy-to-crack’ passwords
  • Password sharing – Thoroughly discourage password sharing across your organization. No matter who asks for it, passwords shouldn’t be disclosed unless authorized as per the protocols.

Don’t ignore physical security

Virtual security is a must, but so is physical security. Though there is only so much physical access controls can do in keeping your data safe in the BYOD era of today, don’t overlook this aspect. Installation of CCTV cameras on-floor, biometrics/card based access to your workspace/server rooms, etc. also have a role to play in data safety from the access perspective. 

Training & reinforcement

Finally, train…train…train. You need to train your employees on the protocols for data security and access so they don’t mess up accidentally. Conduct mock drills, refresher trainings, follow up with quarterly audits, and use positive and negative reinforcements to ensure everyone takes it seriously. Because, at the end of the day, no cybersecurity software is good enough, if the best practices related to data access are ignored.

Windows 7 End of Life: How does it impact you

Windows 7 End of Life: How does it impact you

Microsoft has officially announced the “End of Life” date for Windows 7. It will come January 14, 2020. Windows 7 was introduced in 2009 and is one of the most popular versions of Windows. It is estimated that around 40% of Windows OS is 7. So, if you are one of the Windows 7 users, read this blog to understand how this end of life announcement impacts you and what you should be doing.

End of life means, beyond January 2020, users of Windows 7 will not get any updates, security patches, or any kind of support from Microsoft. Does this mean you need to scrap all your devices that run on the Windows 7 OS? Technically, the answer is no.You can still continue to use your existing computer with Windows 7 OS, but it won’t get the free security patches and updates. This makes your computer and possibly your whole IT network vulnerable to malware and other IT security threats. Plus, as a business, running Windows 7 OS without the security patches and updates is not really an option as it creates liabilities in the event of data theft. Also, you may be inadvertently violating regulations by using an OS that’s officially declared vulnerable to security threats. In short, running Windows 7 without the support is not really an option for businesses.

So, what should you be doing? First off, make sure you download Microsoft’s most recent Windows 7 update, because if you don’t run the most recent update, you will lose Microsoft support 6 months earlier–in July 2019. You can download the update here.

Apart from this, you can buy extended support for Windows 7 from Microsoft. The extended support will be available until 2023. An MSP who is an authorized Microsoft reseller or partner will be able to tell you more about this option and the pricing, in particular.

In the long run, however, you will have to migrate to a newer, supported version of Windows. Learn more about your options in the face of end of life of Windows 7, in our next blog post.