Enhancing Computer Security: Key Recommendations

In today’s fast-paced digital world, cybersecurity is a top priority for businesses of all sizes. As technology continues to evolve, so do the threats that compromise data integrity and business operations. TMD Technology Services understands the importance of safeguarding digital assets. Here are some essential computer security recommendations to keep your systems secure.

1. Implement Strong Authentication Methods

Multi-factor authentication (MFA) adds an extra layer of security beyond just usernames and passwords. Implementing MFA ensures that even if credentials are compromised, unauthorized access is still prevented. Additionally, consider adopting passkeys as a modern, password-less authentication method to enhance security and reduce the risk of credential theft.

2. Keep Software and Systems Up to Date

Outdated software is a prime target for cyberattacks. Regularly updating operating systems, applications, and antivirus software helps protect against vulnerabilities. Automated update scheduling can simplify this process.

3. Educate Your Team on Cybersecurity 

Human error remains one of the most significant security risks. Conduct regular training sessions to educate employees about recognizing phishing emails, using strong passwords, and following best practices for data protection. Implement phishing tests to assess employee awareness and identify areas for improvement, helping to build a proactive security culture.

4. Back Up Data Regularly

Frequent data backups minimize downtime in the event of a ransomware attack or system failure. Employ both on-site and cloud-based solutions to secure critical information. Additionally, consider cloud-to-cloud backup solutions for services like Microsoft 365 and Google Workspace to ensure continuous data availability and protection against data loss.

5. Utilize Network Segmentation

Implementing DNS protection can further secure network boundaries by blocking access to malicious websites and preventing data exfiltration. Integrating DNS protection into your cybersecurity strategy helps reduce the risk of phishing and malware attacks.

Segmenting your network reduces the risk of lateral movement by attackers. Separating sensitive data from other parts of the network creates isolated environments that are harder to infiltrate.

6. Monitor and Respond to Threats in Real-Time

Invest in advanced monitoring tools that detect unusual activities. A robust incident response plan will help mitigate damage during a security breach.

Utilizing advanced threat detection tools like SentinelOne can significantly enhance real-time monitoring capabilities. SentinelOne’s AI-driven endpoint protection continuously scans for suspicious activities, providing rapid response and containment.

Final Thoughts

Proactively managing computer security is essential for staying ahead of evolving cyber threats. TMD Technology Services can leverage these recommendations to enhance client protection and maintain trust in today’s competitive tech landscape. Contact us to learn how we can help implement these strategies for your business.

The need for Cloud-to-Cloud Backup for Microsoft 365

Many small businesses do not understand the need for backup and recovery services for their Microsoft 365 deployments.  They beleive Microsoft is backing up their systems but this is not accurate.  Microsoft does not provide the tools needed  to fully protect your Microsoft 365 environment from malicious, accidental or intentional data loss.  This lack of understanding comes from two issues:

  • Customers are not familiar with the distinction between email archiving and data protection
  • Customers believe that Microsoft’s highly resilient software-as-a-service (SaaS) offering protects all data and applications

Email archiving

Email archiving provides e-discovery, regulatory compliance, and legal protection of your email data.  Put simply, it captures every email that has been sent and received by your organization and ensures that these messages can be found and retrieved.  A good archiving solution also has the following qualities:

  • The archived emails and attachments cannot be changed or manipulated.
  • Items can be retrieved by using clever searches grouped together or complex searches called tags.
  • Search results can be placed into legal hold so that they are not purged and can be easily retrieved as needed. This feature is most often used for compliance audits, litigation, or related reasons.
  • End users are able to search an retrieve their own messages as needed, according to the policies configured by the system administrator.

We recommend that  businesses have a good email archiving solution in place to protect the company from potential compliance and legal incidents.  The risk of not having an archiving solution in place leaves a company wide open and exposed to any legal ramification that relies on email evidence.

Email archiving is not a backup

Even if you have email archiving services in place, you should still maintain a backup and recovery solution for Microsoft 365. Archiving can hold and retrieve specific messages, but it cannot restore a complete mailbox and all of its contents to a single point in time.  Imagine the following scenarios:

  • Somebody hacks your Microsoft 365 account, deletes everything in your mailbox, and empties the recycle bin. This type of deletion is common during account takeover attacks, so that there is less evidence of the attack left behind.
  • You accidentally delete a sub folder containing important work email and various documents (attachments). You may not notice this straight away as often you have lots of sub folders in your mailbox, and this type of thing is easy to do by mistake on your phone.
  • A former employee’s account was deleted, and you realize you need to restore the mailbox. Using an email archiver for this task would be tedious and require multiple steps outside of the archiver.
  • A cyberattack, a human error, or a catastrophic event has caused data loss in OneDrive for Business, SharePoint Online, Microsoft Teams, or Microsoft Entra ID. Email archiving does not store this content.

With an archiving solution, you could search and retrieve specific email items from the archive, but even if you knew what to retrieve from the archiver, do you have the time to reconstruct your inbox structure and contents?

Can you remember what your mailbox looked like last night or last week? How long would this take if you have lost your calendar items, contacts, tasks, journal items, etc.? And as noted above, email archiving doesn’t protect everything in Microsoft 365.

Disaster recovery — who does what?

Microsoft has a highly resilient infrastructure that rarely suffers an outage, which is good, because Microsoft is responsible for making sure your Microsoft 365 environment is always available. This makes it easy to assume that you should not have to provide a third-party disaster recovery service for Microsoft 365.  Disaster recovery appears to be Microsoft’s responsibility.

Unfortunately, that is not the case.  Microsoft is only responsible for the Microsoft 365 infrastructure that supports your data.  It is not responsible for the data in your Microsoft 365 environment. Microsoft calls this out in their Managed Services Agreement — Section 6B — “We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps.”

Recycle bin is not a backup

Microsoft provides a recycle bin for Exchange Online, SharePoint Online, and One Drive for Business — so even without an archiver there is some native protection for these items.  However, the recycle bin is not a backup.  Similar to a PC recycle bin or a Mac trash can, the Microsoft 365 recycle bin is just a folder that contains items that you have deleted. You cannot do a point-in-time recovery from your deleted items folder because this folder only holds items that were deleted and would not contain the good emails or files that you need to restore. Additionally, the maximum extended retention of the Recycle Bin is 93 days, and your items may be purged and unrecoverable after that time.

Cloud-to-Cloud Backup

That’s whereour cloud-to-cloud backup solution comes in.  It can restore your whole mailbox or individual emails, contacts, and other items back to any daily revision (recovery point) very easily. We work with several vendors to ensure your data is backed up fast, reliably and without your intervention. It’s a complete backup solution for Microsoft 365 that operates entirely in the cloud.

How To Make Your Business Hurricane Ready

hurricane prep for business

Employers and business owners should consider the impact a hurricane could have on their facilities and their relationships with customers, their own employees and their bottom line.

Through continuity planning, businesses can assess how the company functions, both internally and externally, to determine which staff, materials, procedures and equipment are absolutely necessary to keep the business operating. Taking small steps now could help ensure business continuity and employee preparedness.

General Business Preparedness Tips

  • Anticipate water, electricity, telecommunications and other utility disruptions. Speak with service providers and identify backup options.
  •  Make sure your facilities are in working order and meet local hurricane building code specifications.
  • Develop a preparedness program to help identify ways to protect facilities, physical assets and electronic information. Be sure to engage people with disabilities and access and functional needs in your emergency planning.
  • Create a communications plan to keep in contact with customers, suppliers and employees during and after a storm. Be prepared to provide employees with information on when, if and how to report to work following an emergency. Consider those instances where telecommuting would be an option.
  • Determine what parts of your business need to be operational as soon as possible and plan how to resume those operations.
  • Check insurance policies to ensure you have enough damage coverage. Additional business disruption insurance could help cover loss of income after a storm.
  • Go to FEMA’s Map Service Center, enter your address and choose “Interactive Map” to see your flood zone. Speak to your insurance agent about how to protect your home and/or business with flood insurance.
  • Keep copies of important records such as building plans, insurance policies, employee contact information, bank account, computer backups and other priority documents in a waterproof container. Store a second set of records at an off-site location.
  • Develop professional relationships with more than one company in case your primary contractor cannot service your needs.
  • Identify and prepare for any support your employees, clients and communities may need.
  • Businesses interested in joining the National Business Emergency Operations Center to share information and situational awareness during hurricane response activities should contact fema-privatesector-4339-pr@fema.dhs.gov for additional information.
  • Stay informed by listening to local officials.
  • Download the FEMA App at fema.gov/mobile-app to receive severe weather alerts, safety tips and much more. Stay updated with weather-related alerts from the U.S. National Weather Service.
  • Business continuity planning can help your business keep moving forward and recover faster from any disruption. Businesses interested in participating in FEMA’s Continuity of Operations workshops (COOP), may email their request to fema-privatesector-4339-pr@fema.dhs.gov. COOP is a United States federal government initiative that ensures state/federal agencies are able to continue performance of essential functions under a broad range of circumstances. For more information on Puerto Rico’s recovery and hurricane business preparedness, visit www.ready.gov/business

Hurricane System and Office Protection Suggestions

Hurricane Office Protection
Hurricane Office ProtectionHurricane Office Protection Suggestions include some of the following based on severity.
HURRICANE WATCH
  1. Verify that vital record’s are in a safe storage area. Files, records, and storage cabinets may be wrapped in plastic for moisture protection. If necessary, temporarily relocate records to a safe storage facility off-site.
  2. Inventory equipment and secure a copy offsite. Take Pictures & Video.
  3. Create a Full Backup and take drive offsite storing in a secure watertight location such as inside a sealed protective bag off the ground in a safe. This Location should be at least 25 miles away. We highly recommend using a cloud based backup service in addition to this procedure.
  4. Store a hard copy of all staff’s addresses and phone numbers Home and Cell so people may communicate after the storm passes.

HURRICANE WARNING

  1. Move desks, files, equipment and furniture away from un-shuttered windows. Papers, drawings, etc. should be placed inside files or desks.
  2. All Electrical Devices Such as Computers, Printers & Servers should be off the floor to protect from water damage from minor flooding.
  3. Wrap all office equipment, such as copy machine and computers, in plastic to protect against water damage from leaks etc.
  4. All Servers, Computers and Network Equipment should be shutdown and disconnected from all outside lines including phone, cable, data and power.
  5. Turn off all air conditioners, disconnect electrical equipment, turn off lights.
AFTER THE HURRICANE
  1. Do not turn on computer equipment if there are indications of low voltage power fluctuations, low air conditioning output, water under raised floor, broken windows or damaged equipment.
  2. If there is any excessive moisture do not attempt to connect equipment.
  3. Equipment should not be used with a generator or without proper UPS protection.

Read more Are you prepared for a hurricane?

Are you prepared for a Hurricane?

Hurricane Office Protection

Now is a great time to evaluate your preparedness for a hurricane.  Whether or not you are an employee or an employer, it is essential to take proactive steps in preparing for unpredictable storms and other disasters.

By taking the initiative to start planning early, you can create a plan that will have you fully prepared in the event of a disaster. While securing plans for your home and loved ones, take some time to focus on the future of your business or work place.

To help, a basic Business Hurricane Survival Plan has been compiled to serve as a guide to safeguard your business. This Survival Plan provides steps to improve safety and protect property as well as important company information. It serves as an important tool to enforce your business’ emergency plan in the event of any disaster. Keep this plan handy by printing it out and ensure you have covered all the relevant steps before the Hurricane Season begins.

Using these three key steps as guidelines will ensure you are prepared for any damages following any disaster. If your business is damaged remember to assess, document, and report them to your insurance company as soon as possible.

 Step 1: Protect property

  • Invest in and install shutters or plywood in order to protect windows and doors from wind borne-debris.
  • Have the roof of your building evaluated to ensure it can withstand a storm.
  • Remove any branches or trees adjacent to your building that could potentially fall and damage it.
  • Sandbag any area that is subject to flooding.
  • Anchor and brace any large furniture (bookcases, shelves, filing cabinets) to wall studs.
  • Relocate any valuable or fragile possessions.
  • Secure all utilities including water heaters, gas tanks, and heaters and if necessary, raise them to higher locations to avoid water damages.
  • Secure electronics such as computers and other office equipment with straps or Velcro.
  • Turn off all the utilities prior to a hurricane making landfall if possible.

Step 2: Protect important documents and information

  • Designate important contacts to save that are crucial to business operations, such as employees, banks, lawyers, accountants, suppliers, etc.
  • Back-up documents that are not easily produced such as insurance documents, legal contracts, tax returns, and accounting statements to avoid water damage.
  • Seal these documents in waterproof containers onsite.
  • Save all your designated contacts and documents in an alternate, accessible off-site location.

Step 3: Keep A Preparedness Checklist

The below items should be gathered in one location at your place of business should a storm hit while you are on premises. This will help protect the safety of your employees should disaster strike during regular working hours and without ample notice.

  • Battery operated radio or television
  • Non-perishable three day food supply for you and your employees
  • Three day supply of water for you and your employees (One gallon of water per person, per day)
  • Coolers and containers for water and washing
  • Blankets, pillows, cots, and chairs
  • First Aid Kit and first aid manual
  • Flashlights, batteries, light-sticks
  • Tool kit (basic tools, gloves, etc.)
  • Camera and film for documenting damages
  • Whistle/signal flare to signal for help
  • Tarps, plastic bags, duct tape
  • Cleaning supplies, including mops, towels and garbage cans
  • Smoke alarms and fire extinguishers
  • Electric generator
  • Gas for vehicles, generators and other equipment
  • Cash, ATM cards, credit cards proper identification
  • Emergency contact information such as the nearest hospital and police, along with:
    • Life safety issues: 9-1-1
    • Small Business Administration (SBA): 1-800-359-2227
    • FEMA Tele-registration hot-line: 1-800-462-9029
    • Insurance company and agent’s contact information

For more information about your business’ survival guide, download FEMA’s Business Toolkit or visit FEMA: Plan & Prepare for tips and further examples of steps you can take to prepare your business.

If you would like a custom Computer and Technology Hurricane Prep plan please call TMD Technology and we can begin inventory and plan the specifics to further protect your critical data.