Even minor outages are unacceptable. With data as their lifeblood, your customers need a failsafe disaster-recovery solution that ensures constant, uninterrupted access. Azure Site Recovery delivers with automated replication of your customers' virtual machines, based on policies that they set and control. By integrating with existing technologies, including System Center and Microsoft SQL Server Always On, Site Recovery coordinates and manages the ongoing replication of their data--so it's always available.

Take productivity to the next level. The #Surface family of tools and devices empowers your customers with a game-changing software + hardware ecosystem to push the boundaries of their digital transformation. It's never been easier to sync with teams, meet deadlines, and keep projects on track, because the Surface family extends the power of Microsoft software and tools for real-time collaboration and interaction. Stand by for true transformation of the productivity landscape.

Take productivity to the next level. The #Surface family of tools and devices empowers your customers with a game-changing software + hardware ecosystem to push the boundaries of their digital transformation. It's never been easier to sync with teams, meet deadlines, and keep projects on track, because the Surface family extends the power of Microsoft software and tools for real-time collaboration and interaction. Stand by for true transformation of the productivity landscape.

What’s the biggest risk to an organization’s information security? Hint: it has little to do with the technology. Rather, it is the action—or inaction—of their employees.

Human error has become a major weak point today; one that is easily exploited by cyber criminals. In fact, almost 90 percent of cyber attacks are caused by human error or behavior. Therefore, it’s vital that businesses have some form of cyber security training in place to educate employees on the importance of protecting sensitive information and what malicious threats to look out for.

As an IT services provider committed to protecting your business, the task of security education and training falls into our hands. Keep reading to discover which essential elements we cover when providing security awareness training.

Generally, a solid security awareness training program should cover the following topics:

• Phishing and Social Engineering
• Access, Passwords and Connection
• Device Security
• Physical Security

Let’s dive into how you can best educate clients and end-users on each of these topics.

Phishing and Social Engineering

Social engineering is typically defined as an attack that’s based on deceiving users or administrators into divulging information. Phishing, an attempt to acquire sensitive information (passwords, usernames, payment details) from an individual through email, chat, or other means, is a common type of social engineering attack. 

The reason phishing and other social engineering attacks are so successful is because they’re disguised to look like they come from credible, trustworthy sources—forcing a sense of falsified trust. But, there are some tell-tale signs to help spot a phishing attempt, such as typos and misspellings, links containing a string of random numbers and letters, the email relying on a sense of urgency, or feeling like something if off about the information they’re requesting.

Pro Tip: Tell end-users to look out for these seven red flags!

How to Avoid Phishing and Social Engineering Attacks
What should your clients do if they think they’ve come across a phishing scam? Here are some best practices:

Don’t click! Users should never click on a link, attachment, or reply with the requested information if they feel like something is not quite right.
Inform the IT team or MSP. If it’s a legitimate scam, informing the right people and passing along that knowledge may help prevent it from spreading company-wide. Encourage your clients to forward the email to you to investigate, or turn to you for next steps.

Access, Passwords and Connection
Use this time to go over the different aspects of the network; from access privileges and passwords, to the network connection itself. 

Your clients should be able to distinguish general users from privileged users, those who have elevated rights or access above that of a general user. Generally, privileged access is given to users who need to perform administrative-level functions or access sensitive data. Every employee should know which level of access they have—meaning which information, applications or functions they can and cannot perform and have access to.

On a similar note, employees should be thinking about the passwords they’re using to access the IT environment; keeping in mind length, complexity and whether or not they’re sharing those passwords or using them for multiple apps. There are a few best practices around strong passwords, including the length being at least eight characters, containing letters and special characters, and staying away from obvious information such as names and birthdays. Additionally, it’s wise to think about changing and/or updating their passwords every six months or so.

What’s sometimes least obvious to employees is that they should also be wary of the network connections they’re using outside of their home or work. Although the data on their device may be encrypted, it’s not necessary that the connected network transfers that data in an encrypted format—opening all sorts of vulnerabilities. What’s more, there’s always risk of the public network being tapped, which puts the data being exchanged over that network at risk. You should encourage end-users to only use trusted network connections or secure the connection using appropriate VPN settings.

Device Security
In the era of Bring Your Own Device (BYOD), more and more mobile devices are entering the workplace, connecting the corporate network and accessing company data. However, this creates even more entry points for threats to come through. Therefore, it’s important for employees to ensure their mobile devices are securely connected to the corporate network and always in their possession. 

The same threats that lurk over desktops and laptops are applicable to mobile devices. Arguably, tablets and smartphones could be seen as less secure because they lack pre-installed endpoint protection. Users should always be mindful of which websites they’re visiting, which apps they’re installing and which links they’re clicking on.

Physical Security
Cyber threats aren’t the only ones employees need to look out for. Physical security also plays a role in keeping sensitive information protected. Leaving a mobile device or computer unattended is a common mistake most end users end up committing unintentionally. If someone were to swipe an employee’s phone or log into their computer, all of the data and information that’s accessible via that device is put at immediate risk.

Below are a few best practices to help your clients increase their physical security in and out of the office:

Lock your device before you leave your desk. For Windows users, press and hold the Windows key, then press the “L” key. For Mac users, press Control + Shift + Eject (or the Power key) at the same time.
Store documents in a locked cabinet. Employees should avoid having sensitive information floating around on their desk. At the end of the day, or before they leave their desk unattended, it’s always a good idea to stow company documents and the like into a lockable safe or cabinet.
Properly discard information. When it comes time to get rid of those documents or files, be sure to properly shred and discard them.

Email hacking is one of the most common forms of cyber attacks today. It takes place every day and throughout the world. You may be familiar with the email attack that occurred in 2016 during the Presidential Election. John Podesta fell for a phishing attack, which led to the release of a decade’s worth of emails. The hacker posed as Google and alerted Podesta to change his password because of suspicious activity on his account. By clicking on the link within the email, hackers were granted full access to his inbox.

Situations like this happen to businesses of all sizes, and the rate of these cyber attacks is only increasing. As an MSP, our goal is to protect your business against these attacks, which can be difficult if the employees are not properly trained to identify potential threats. People are tricked into giving hackers information because they are not aware of the warning signs to look out for. However, here is a list of seven red flags to look out for and include in your security training for your users:

1. “From” Line

The first thing to pay attention to is the address you are receiving the email from. Pay close attention to the sender because the person may appear to be someone you know but in reality, it could be a spoof. Hackers know that people are more likely to trust an email from someone they can recognize, which is why they make the email address appear to be from an existing contact. Let’s look at a quick example of this.

Real Email: amanda@wellsfargo.com
Spoofed Email: amanda@welsfargo.com

Notice that an “l” is missing from “wellsfargo” in the spoofed email, therefore it appears legitimate but the domain is not accurate. 

2. “To” Line

Sometimes, the hacker will send an email to many different people. If you do not personally know the other people in the “to” line or you are being cc’d on a strange email, that should be a red flag. This is the second aspect of an email to pay attention to in order to detect email fraud and prevent email hacking.

3. Hyperlinks

Always be cautious of clicking on embedded links within an email unless you are sure it is from a trusted source. Before you click on a link, you can hover over it with your mouse to see the destination URL before you click on it. If the URL does not match what the text says, it’s not a good idea to click on the hyperlink.

4. Time

Consider the time you receive an email and compare it with the normal time you receive similar emails. Do you generally get an email from the CEO of your company at 2 a.m.? If not, this is an indication of a potentially spoofed email.

The same goes for the specific time of year. Be extra cautious around holiday or tax season, as cybercriminals typically increase phishing attempts when financial information is being shared or online shopping is heightened. 

5. Attachments

Attachments may seem harmless, but some can contain malicious viruses or another form of malware. So, as a rule of thumb, do not open attachments that you are not expecting. If a sender does not normally send you attachments, this is a sign that it could be a fraudulent email. In addition, if the attachment has a strange file type such as .exe or a duplicate file type such as .xls.xls you should not download or open it.

6. Subject

Phishing attempts usually try to trick you with scare tactics or immediate action. If the subject line seems fishy, such as “Need wire transfer now” or “Change password immediately”, validate the source before you take any action. The subject may also be irrelevant or not on topic with the rest of the email content, which can be another red flag.

7. Content

The sender may be urging you to update your information or change your password in order to avoid a consequence, which instills fear and prompts action. This is another method to look out for as hackers use this to trick you. In addition, if the grammar or spelling are incorrect and the email seems out of the ordinary, confirm the legitimacy before you click on links or download any files.

So there you have it, seven simple red flags to look out for when examining an email. Never click on links, download files, or transfer money unless you are sure the email is legitimate. We recommend a two-step verification process to establish validity. For example, if you receive an email from your CEO requesting a wire transfer, we recommend you also confirm via phone or in person. This two-step verification process validates the sender through multiple mediums, which helps avoid falling for scams.

It is important for all businesses to take email hacking seriously. Hackers attack corporations and individuals, so understanding social engineering methods is crucial in addition to having proper spam filters and firewalls installed. Lack of employee education is what makes it difficult for businesses to properly secure an environment. However, you can use these tips to educate employees within your company to reduce the risks of a cyber attack.