Category Archives for Knowledge Base

O365 Encryption Blog Featured Image

How to encrypt emails in Office 365

Office 365 now offers the ability to send encrypted emails, which is a fantastic way of securely sending any sensitive or confidential information via email. Here is how you enable the feature and start sending out encrypted emails in only a few steps.

What is email encryption?

Email encryption is a way of protecting the contents of an email message. This utilises technology such as TLS (Transport Layer Security) to achieve the encryption.

Why would I want to use it?

Email encryption is not necessarily required for every email that you send (although this is possible to configure), this functionality is particularly useful for sending out sensitive information such as passwords, login details, sensitive company information, intellectual property and finance details. The email encryption protects the contents of the email and prevents the recipient forwarding the email on or copying the contents out of the email.

How do I send an encrypted email in Office 365?

The process of sending an encrypted email in Office 365 is actually very simple and doesn’t require any particular technical knowledge. Here is the process of how to send your first encrypted email.

Outlook Web App

If you access your Office 365 email via the browser using the app, follow these steps.

Make sure you have the Outlook open and click on New to compose a new email.

 

 

As long as email encryption has been enabled for your tenant, you should see a Protect button.

 

A grey bar will appear informing you that the email is now protected. If you wish to change the level of protection, click on the Change Permissions link.

 

 

You will have various options for protection, including Encrypt. If you simply want to encrypt the email, this option is fine. However, if you require additional security in addition to the encryption such as stopping the recipient forwarding the email on, these options are also available.

 

 

Here is a useful guide on the differences between the various settings: http://www.slashadmin.co.uk/exploring-the-new-office-365-email-protection-and-encryption-options/

Outlook 2016

Users of the Outlook 2016 application will need to go through a slightly different process. Again, encryption will need to be enabled by your system admin or these options will not be visible.

Start by clicking on New Email to compose a new email.

 

 

In the window for the new message, click on File and Properties.

 

Step 2a

 

Click on Security Settings…

 

Step 3a

 

Tick the checkbox for Encrypt message contents and attachments.

 

 

Compose and send the email as usual.

 

How do I enable email Encryption for my company’s Office 365 account?

As mentioned, this functionality will need to be enabled in your Office 365 admin settings. Not all versions of Office 365 offer this functionality. According to Microsoft, these versions are eligible:

“Office 365 Message Encryption is offered as part of Office 365 E3 and E5, Microsoft E3 and E5, Office 365 A1, A3, and A5, and Office 365 G3 and G5.”
https://docs.microsoft.com/en-us/office365/securitycompliance/ome-faq

If you are unsure if you are covered under your subscription, consult your MSP or pop us an email and we can point you in the right direction.

To enable email encryption for your Office 365 account, you will need to sign into your Office 365 admin portal as a Global Administrator. From here, you need to enable the Azure Rights Management. This is straightforward and the steps can be found here.

Note that if you signed up for your Office 365 subscription from February 2018, this may already be enabled by default.
https://docs.microsoft.com/en-us/azure/information-protection/activate-service

Once the above has been completed, all of your Office 365 users should be ready to go. Happy encrypting!

iPhone-X

The first look at the iPhone X – the 10th anniversary iPhone from Apple

The iPhone X – the biggest product launched by Apple this year. It celebrates the 10th anniversary of Apple’s iPhone, with the ‘X’ being pronounced as 10.

The new iPhone has an 5.8 inch OLED screen, a glass front and back which is said to be the strongest used yet, as well as being waterproof and having the ability to wirelessly charge. The OLED screen fills the majority of the front of the device excluding a small black slither at the top. This is a bar that includes the front camera, the speaker and microphone, an infrared camera for face recognition, proximity sensor and a floor illuminator as well as an ambient light sensor and a dot projector. These are all in the very small section at the top of the iPhone X. There is no longer a home button just a simple swipe up to access the home screen. The improved cameras have a 12Mp sensor and a new telephoto camera with Optical Image Stabilization (OIS).  As well as OIS the rear cameras have a fast lens which creates incredible photos and videos, in any light.

The phone can now be unlocked with Face ID, a facial recognition software that recognises your features and unlocks the phone. Face ID is enabled by the TrueDepth camera, it maps your face with over 30,000 invisible dots so that it can recognise you in any lighting or style. You can also use the Face ID for Apple Pay and customising the new animoji.  A new feature in Portrait mode is the Portrait Lighting. Get studio-quality lighting effects. Animoji combines animations with emojis. It captures your facial expressions and muscles and portrays them on an emoji. So you can simply turn yourself into an emoji. Another development with the iPhone X is that it has been tuned for Augmented Reality. This has been done by Apple specially designing the cameras to be optimised for the technology. Augmented Reality is the technology that uses a phone or tablet’s camera and a specific software to put virtual images on top of the real-life images.

The phone is powered by the A11 Bionic, This is the ‘most powerful and smartest chip ever in an iPhone’ as stated by Apple. There is a neutral engine which is capable of up to 600 billion operations per second. There is a 70% faster CPU and two 25% faster performance cores. Machine learning powered by the A11 Bionic, enables to Face ID to adapt to physical changes over time. The A11 chip was also designed to improve the performance of the AR apps.

If this phone takes your fancy then you will have to wait a little while until you can get your hands on one. With the official pre-order date being the 27th of October and the official release date being the 3rd of November. Expect to be set back $999 for the 64GB version and $1149 for the 256GB version.

https://youtu.be/K4wEI5zhHB0

Virus-image

Our top 5 tips to ensure you are protected against the WannaCry ransomware attack

You would have to have been living under a rock to be unaware of the latest news in IT.

Last week, many worldwide systems were victims of the malicious “WannaCrypt” (also known as “WannaCry”) ransomware attack. This attack locks the machine, encrypting all the files and asking for a ransom to be paid.

This has had wide-reaching and devastating consequences. According to Europol, there a have been a reported 200,000 victims of the attack across over 150 countries. This is easily one of the largest scale virus or malware attacks in years, if not ever.

The aforementioned victims have been varied. One of the highest profile casualties has been the NHS in England. This has affected 47 NHS trusts in England and 13 in Scotland, which equates to one in five.

As expected, this has resulted in considerable disruption due to the reliance on the NHS IT systems and patient data. This included several operations being cancelled and appointments and schedules severely affected.

Any disruption certainly was not limited just to the UK as organisations across the globe have been affected. Renault had to “shut down factories across Europe” in the wake to the attack. Hitachi are another who fell victim to the cyberattack, along with US global courier FedEx.

What is ransomware?

Ransomware is a particularly nasty form of virus or malware.

The reason it gets its name is that once infected, all files on the machine in question are locked and held to ransom. A message is displayed on the screen asking for payment – either in real currency or in bitcoin – for the files to be unlocked.

There have been a number of different examples of ransomware, just one example being the Cryptolocker virus.

All of these exhibit the same characteristics, with the virus preventing access to the machine and asking for a ransom to remove it. The message displayed will also issue a countdown timer threatening immediate action or all files will be deleted. This is a legitimate threat and one to be taken seriously.

Wana Decrypt0r screenshot

Is it also worth noting that, like any virus infection, this can spread very quickly throughout a network and infect other machines.

The current situation

As it currently stands on Monday 15th, there have been a reported 200,00 victims of the attack across more than 150 countries since Friday when the first reports of the infection started to surface.

There is still a concern that this number will increase with people returning to work and switching on their computers to find they have been infected.

It has been established that a vulnerability in certain versions of Microsoft Windows (Windows XP in particular) has been targeted by this virus. Microsoft have now released a security update to resolve this.

Microsoft have released the following information.

“Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.

 Details are below.
• In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
• For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.”

The major anti-virus providers such as Webroot, BitDefender and Webroot have issued statements that they provide protection against the virus so if people have updated anti-virus software, they will be protected.

Another recent revelation is that a “kill switch” has been identified in the software, which has effectively halted the spread of the virus. A UK malware expert @malwaretechblog managed to investigate the malware and found that registering a particular domain would initialise the kill switch.

How you can stay protected

We have the following advice to ensure you are protected:

• Always ensure your Antivirus software is up to date – you can usually force a manual update as well, rather than waiting for a scheduled update.

• Always ensure your computer has the latest updates – whether that is Windows Updates, or MacOS updates. Again, if you are unsure when the last updates check/installation was performed, run a manual check.

• Ensure your servers are up to date – for Coretek clients, our ServiceDesk team have been working overtime to make sure this was done over the weekend, and we continue to ensure updates are deployed.

• Ensure any firewalls are switched on and have the latest updates installed.

• Don’t click on any rogue or suspicious links – whether they are on a web page or in an email sent to you. If you are in doubt, DON’T CLICK IT!

• Bonus Tip: Check your backups – hopefully you won’t have to resort to this final step but in the event of an infection, it is likely that you will need to restore from your backups. Don’t wait until getting the infection – check your backups now to make sure these are current. We also recommend carrying out test restores on a regular basis.

If infected, should I pay the ransom?

All advice suggests against paying the ransom. The main reason being that there is no guarantee that the files will actually be decrypted, even after paying the ransom.

Ransomware image

Coretek’s position

As yet we have had no reported infections of this ransomware but you cannot be complacent and as such we will be going round each server, client machine and network to ensure the software and firmware patches are to the very latest levels.

We have strong security in place to protect systems for this very reason but we would ask you to please remain vigilant and be aware that most infections will come in through unsolicited email or bundled with downloaded software. If you unsure of anything please log a call with support for further investigation.

Our partners have issued statements relating to WannaCrypt/WannaCry informing that they offer protection against the attack.

SonicWall have released the following information:
“SonicWall Capture Labs identified this attack in mid-April and immediately published protection which was automatically downloaded to all SonicWall firewall customers with active security subscriptions. This occurred well in advance of today’s latest attack.

SonicWall firewall customers with active and properly installed Gateway Anti-virus security subscriptions (either standalone or as a subset of our Comprehensive Gateway Security Suite (CGSS) or Advanced Gateway Security Suite (AGSS)) are safe and are protected from WannaCry ransomware attacks.”

Our recommend Anti-virus solution, Webroot, have confirmed that they provide protection against this attack:
“As a Webroot customer, are you protected?  YES. Webroot SecureAnywhere  does currently protect you from WannaCry ransomware.”

Future discussions and lessons learned

This situation has brought up a considerable amount of debate and lots of questions have been asked on where blame should be apportioned.

Amid claims that the original tool was developed by the NSA, the chief legal offer of Microsoft stated “we need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”

One positive of this situation is opening up a dialog on the importance of security. The virus targeted older operating systems, such as Windows XP which is now out of support. This shows the importance of keeping IT hardware up to date. It also highlights the importance of keeping Windows and anti-virus software updated.

laptop-enter-password

How to securely remember all of your passwords

A Password Manager is a software that will store all of your login information for the websites that you use. If you want to keep your favourite sites safe from any security breaches, then a password manager is the way forward. Generally you would repeat your password across different sites, right? Well, with a Password Manager you are able to create the safest Password with no worry of remembering them.

Key features

Password Manager

Password managers will remember all of your login in credentials and will take you directly to your favourite websites. All you need to remember is just the one ‘master password’. The use of the Password manager makes your experience online easier and more secure.

Password Generator

Now that you do not need to remember your numerous login details, you no longer need a password that happens to be the same for all of your sites. You can choose a very secure password with no worries. If you have trouble coming up with a secure password, a password manager can help. The password generator will create you a secure password containing a mix of numbers, letters and punctuation at a length of your choice.

Password Sync

When you install a password manager onto your computer you essentially have a browser add-on. This makes it applicable to be used on multiple devices when installed to use on the majority of browsers and devices.  All of your login credentials will then be synced on all of your devices.

Form Filler

The form filler will enable you to fill in long forms with the click of a button. You can enter your details into the setup and then when you are on a site where  you need to fill out a form, you simply select the  correct button and all the details will be automatically filled in.

Secure notes

A  Password Manager can create secure notes so you can save highly important details such as your credit card details. By saving tehse details, you will then be able to make purchases with a click of a few buttons.

Multiple accounts

If you have multiple accounts under the same site, there  is no need to worry. You can save up to however many accounts you need. This makes it perfect if you have multiple Gmail or WordPress logins.

Which Password Manager software should I choose?

There are many types of Password Managers out there. Two of our favourites are RoboForm and LastPass. Both are password management tools, but they have a few differences. RoboForm is a password manager and form-filler that is usable everywhere with guaranteed security. RoboForm does come at a price at $19.95, currently on sale at a bargain $9.95. If you want to find out more about more about RoboForm, take a look here.

LastPass is also a password management tool that takes the effort out of managing your passwords. LastPass offers a similar set of features to RoboForm such as: securely saved passwords, secure notes and password generator. The main difference between the two products is that LastPass offer a free version. This is an excellent, fully featured edition of the software. The advantage of the premium version is that your password vault will sync between all of your devices.

Online or Offline?

The other option to consider is whether to use an online password manager like RoboForm or LastPass or to go with an offline password manager. The difference is that local password managers are installed locally on your computer. This is a good option if you don’t feel comfortable saving your passwords to an online password vault. Good options for a local password program include 1Password * ($64.99) and KeePass (Free). If you decide to only save locally, the disadvantage is that your passwords will only be accessible in one place.

*1Password offers local and online options

Are my passwords secure?

All of the password managers mentioned above securely encrypt your passwords. This means that the chance of these being decrypted by a hacker is extremely unlikely. The weak point in any password manager is the master password. So make sure this is as secure (i.e. complex) as possible including: lower, upper, numerical and special characters. Many of the above solutions also offer two-factor authentication – which means you will need the master password AND another separate piece of information to gain access. This offers another level of security and additional peace of mind for you.

Microsoft-HoloLens

Introducing the first ever Microsoft HoloLens

Just over a year ago, Microsoft introduced  the Microsoft HoloLens. It is now ready for sale as of the 30th of March.

‘The Microsoft HoloLens is the first fully untethered, holographic computer, enabling you to interact with high-definition holograms in your world.’ –  https://www.microsoft.com/microsoft-hololens/en-us

Through the use  of ‘goggles’ you can see  whole  virtual world standing right in front of you.  The holograms let you visualise and work with your digital content in relation to your real world. You can teach, collaborate, learn and  create so much more with the Microsoft HoloLens. You can shape and create holograms with gestures. You can communicate with apps through using your voice and you can navigate with just a glance. With a built in camera, you are able to record and capture your holograms to share them with those who do not have a HoloLens.

This is the only device in which there are no wires, no external cameras, no phone or PC required. This is also a Windows 10 device, meaning ‘the interface is familiar, and connected by the power of a unified ecosystem of Windows devices.’ – https://blogs.windows.com/devices/2016/02/29/announcing-microsoft-hololens-development-edition-open-for-pre-order-shipping-march-30/

Find out more about the Microsoft HoloLens here.

dell-sonicwall

Dell SonicWALL SuperMassive beats the competition!

Dell SonicWALL Supermassive E10800 beats the competition as validated by NSS LABS.

NSS Labs are the ‘world’s leading information security company’. They focus primarily on IT security and hold one of the world’s leading security product testing laboratories. They provide ‘in-depth security product test reports, research and analyst services.’ Many of the largest businesses in the world rely on the NSS Labs to get the very best out of their security investments.

Dell SonicWALL network security products provide a secure barrier between your networks and cyber space. When out on the internet, you are constantly sending and receiving information that can be intercepted.

The Dell  devices use deep packet inspection technology in combination with multi-core specialised security microprocessors to deliver application intelligence, control, and real-time visualisation and intrusion prevention. Adding this layer of network security helps to protect your organisation from malicious attacks, identity theft and money loss.

The latest NSS LAB’s report has proved the Dell SonicWALL Supermassive E10800 delivers twice the performance and ‘scalability’ of Palo Alto Networks, at a quarter of the price of Cisco.

For any information on Dell SonicWALL’s range of products or if you would like any advice regarding your network security, please contact Coretek!

classroom-ipad

Apple’s iOS update for Education

The newest Apple iOS update is deemed to be significant within Education. There is specifically new features for classroom use. Teachers are now able to create profiles for all of their pupils, and these profiles are accessible from every iPad.

The login process has been simplified for those of a younger age. When a pupil logs into the iPad, they simply just need to click on an image of themselves. Then when they return back to their account, they can pick up where they left off.

Another feature that the new update holds, is for staff to have the ability to be able to look at an overview of what apps the students are using. Additionally, teachers are able to load up apps, books or the web to appear on every iPad throughout the class. They also are now able to lock specific apps to ensure that the students do not come out of that app.

Also, teachers will now be able to project the students work onto the interactive whiteboard for the class to see. Learn how to do this here.

‘Apple School Manager, a web-based feature, is designed to give admins a central location for creating Apple IDs, building courses, and managing accounts for students, teachers, and admins. It allows administrators to make volume purchases of books and apps and distribute the content quickly.’

You will even be able to reset the students password right form the classroom.

Apple has been working for a while now on the improvements of Education within the iPad. The update of iOS 9.3 is now available for developers. It is bound to be a success! If you would like to know more about apps to enhance your students learning experience check out our blog.

Hacked-website

Top Tips: How To Protect Your Website from Hackers

Having one of your clients phone you up to say their website has been hacked over the holidays, is not something any IT support company wants. However, just that thing happened only this last week to a client who has a website hosted by another IT provider. Following on from this act of destruction, we thought we should put together an article on website security and hacking.

You are probably already aware of what hacking is. But for those who don’t –  hacking is the action of somebody, generally referred to as a ‘hacker’, gaining access to your website/social media profile etc. without authorisation. They could be doing this for a number of different reasons – to steal personal information, to take down the website or to control the site, or even just for fun.

Hackers have many different ways which they use to hack into operating systems. To name a few; Cross Site Scripting (XSS), Clickjacking and SQL Injection. Hackers create code that they ‘inject’ that will have affect on the site. They can hack through spam email and pop up windows.

Unfortunately there is no way to completely protect your website, however there are steps that you can take to make it as difficult as possible for the hackers. Below are some things that you can do to secure your website from these hackers. We have chosen a few of our favourite top tips!

 

Username and Password Strength

Hackers are able to get into your system by using a downloadable program that can guess your usernames and passwords in seconds. To help to prevent hackers from guessing your username/password you should change it regularly and it should be a very strong username and password. A strong username/password is a word that includes letters, symbols and numerical characters. You should keep this to no less than 8 characters. You can use the below link to run through a few words to see how secure they are. But DO NOT use your own current passwords!

https://howsecureismypassword.net/

 

Two-Factor Authentication

Two-factor authentication is based on the principal of a) something you have, and b) something you know. So when a user enters a password, they are then asked to complete a second verification step such as entering a code sent to them by text, via an automated phone call, or by using a “soft token” which is an app which contains a code to verify the password.

This is becoming increasingly more popular with companies for logging in, especially with the likes of banks or other companies which store a lot of your data such as Google.

 

Update your Software

One of the best ways to protect your website, is by keeping all of the software up to date. Always ensure that you check for updates, patches and new versions of programs and plugins. Once you have verified the update is genuine and is not going to cause issues to your website, install the updates.  If you are running plugins, only download them from websites that you trust.

 

Security Plugins

There are some plugins that you can purchase in order to provide higher levels of security. A plugin called ‘SiteLockis useable for both HTML pages and CMS-managed sites. This plugin provides daily monitoring for everything, including vulnerability identification, virus scanning and malware detection.

 

Web application Firewall

A web application firewall (WAF) sits between your website server and data connection. It reads every bit of data passing through it and can be either a software or a hardware facility.

The WAF works by blocking all hacking attempts and filtering out any unwanted traffic. Many WAF’s nowadays are seen through the form of a ‘Cloud’ based service.

 

Back-Up

You should always keep your files and data backed-up. Always keep a back-up just in case your website does get hacked –  you have a second copy of everything. If you don’t know how to back up, take a look at our blog on what backing up is and how to do it.

 

Switch to HTTPS

Hyper Text Transfer Protocol Secure (HTTPS), is a secure communications protocol that is used to transfer sensitive information between a user, website and the web server. The way that this protects the website is, for example, when a user fills in a ‘subscribe’ form on your site, HTTPS protects this personal information. Data sent using HTTPS is secured via ‘Transport Layer security’ protocol which provides three layers of protection.

 

Public Wi-Fi

You can never really have any idea of how secure public Wi-Fi spots are. This being in hotels, the airport or your local coffee shop. If you do need to use these public Wi-Fi spots, then there are two ways around this. You can set up a hotspot on your smartphone using your mobile data. To find out how to set up a hotspot for your android check it out here, and for an iPhone here. Another way to avoid interruption into your online roaming, is Virtual Private Networks (VPNs). These encrypt traffic so that the Wi-Fi network is unable to see what you’re roaming.

Wireless Charging Pad

How does wireless charging work?

So what is wireless charging?

Wireless charging is a way of charging your devices, this being a tablet, a laptop, a smartphone or even devices as large as an electric car, without the use of cables or adapters.

How does wireless charging actually work?

Wireless charging is extremely popular as you are able to just place your device on a wireless charger and it will begin charging, without the use of any USBs or plugs. However, the Wireless charger itself must still be plugged into the wall.

Wireless charging uses magnetism to transmit energy. It uses two coils of wire, one is in the charger, and the other is in the device. The electrical current coming from the power socket at the wall moves through the wire to the wireless charger, this then creates a magnetic field. This magnetic field then creates a current that passes through the coil that is in the charger, generating a ‘fluctuating electromagnetic field’. Then when the device is placed near or on the charger, the coil inside induces the current. This then charges the battery.

How can I get Wireless Charging?

Many smartphones come with wireless charging built into them. The most common brands are LG, Samsung, Google, Motorola, HTC and Sony. If your phone does not come with the ability to charge wirelessly, you may be able to add in the functionality by using a different phone case.

What are the Advantages and Disadvantages of Wireless Charging?

As previously stated, there is now no need for many plugs and USBs which is the biggest advantage as this reduces clutter and makes charging very easy and practically hands free. Also by not having an area full of cables, you are reducing the risk of being shocked by a faulty cable. Another advantage is that by using wireless charging, there are no connectors required which may harbour bacteria, so therefore this is more applicable for medical instruments that need to be battery powered. Lastly, wireless charging really has no health risks, ‘the charger creates a field that is no more dangerous than radio waves, and isn’t strong enough to have any effect on the human body’.

However, there are also a few disadvantages of wireless charging. The main one being that wireless charging is not very energy-efficient. This is due to the fact that it produces a lot of heat. This therefore means that it takes longer to charge your phone.

What should I look for in a Wireless Charger?

There are some features that you should look out for when choosing your wireless charger. Some devices have specific chargers for them, so it is usually best to stick to these particular ones. However, there are many wireless chargers that are usable throughout numerous devices such as the GMYLE, Transparent Acryl Disk Qi Charging Pad which is compatible with most popular smartphone models such as Samsung Galaxy S6, Google Nexus 6P etc.

Something else to bear in mind is the amperage of the charger for the wireless charging pad. The more amperage that the charger has, the faster the device’s battery will charge.

So what is the future of Wireless Charging?

At the moment the most use that wireless charging is having, is by using it at your desk at work, or in your bedroom. However, looking into the future, you could possibly be seeing these wireless pads appearing everywhere. Already, Starbucks have begun introducing this into its coffee shops across the UK after great success in the US. IKEA are even putting wireless charging pads into their furniture.

There are still many developments within Wireless Charging. One of these being to look at the potential of having a charging pad that can charge at a distance. Whereas at the moment the device needs to be touching the pad, or in very close proximity. However, it is possible that one day you could just be in the same room, and potentially be able to charge your device.

Lastly, wireless charging really has no health risks. As the charger creates a field that is no more dangerous than radio waves, it isn’t strong enough to have any effect on the human body.