Posts

Follow These Tips to Prevent Data Loss on O365

Does Your Company Use Office 365?

Make Sure You Follow These Tips to Prevent Data Loss

There’s a lot of buzz surrounding the use of the cloud in recent years. Cloud computing increases a business’ efficiency, it helps reduce overhead costs, enables companies to be more flexible and it supports collaboration as well as communication. But what about data loss in the cloud?

With a reliable cloud-based solution in place, it means employees don’t necessarily have to be physically present in the office to be productive. Teams can be scattered all over the world and still be able to work as efficiently as they would if they were in the same brick-and-mortar office.

With all this functionality, it’s almost surprising to find out that there’s one aspect of enterprise cloud solutions that remains especially vulnerable–data loss.

Take the popular Software as a Service (SaaS) platform, Office 365, as an example. Being one of the more prominent cloud collaboration tools, you would assume that any data that gets deleted on it–for whatever reason–can be easily retrieved. But you’d be wrong. Unfortunately, Office 365 doesn’t protect users against data loss due to malicious attacks or user error. This is particularly worrying given that a study conducted by Aberdeen Group clearly illustrates the rise of cloud adoption among businesses. According to their research, 80 percent of respondents say that some form of SaaS application is now being used in their companies. And 32 percent say that they have experienced SaaS data loss in their own organization in some form. In fact,  CSO from IDG notes that data breaches and accidental deletion are among the top 12 cloud security threats for 2017.

With these in mind, implementing actionable measures to reduce your vulnerability is essential. Because the reality is, the convenience comes at the expense of your data. Protecting your data–whether from malicious attacks or admin carelessness–is in your hands. And it starts by knowing what actionable steps you can take–


With that in mind, here are 5 ways you can avoid data loss in Office 365.

1. Ensure all mobile devices that access the platform are secure

It’s likely that your company uses both company-issued and personal devices to access work email, contacts, calendar, and other important data. In fact, MarketsandMarkets surveyed bring-your-own-device (BYOD) trends for 2017 and notes a 36 percent rise at the start of 2017.  This number is even expected to jump to 50 percent at the start of 2018.

Given this, make sure that your team is able to implement and follow the company’s security policies carefully. Adding a feature that allows you to remotely protect proprietary information from malicious deletion or attacks is critical given how often data breaches happen today.

2. Implement multi-factor authentication for users

Malicious attacks today are getting more and more sophisticated. A single password—even one that uses a mix of upper and lower case letter, punctuation marks, and numbers—won’t be enough to keep data stored in Office 365 safe. It’s always better to be safe than sorry, so it’s best to enable multi-factor authentication to make it more difficult for hackers to access your account.

3. Avoid anonymous calendar sharing

One of the most useful features of Office 365 is its ability to share calendar information easily.

While it may seem like an innocuous feature unrelated to data breaches or loss, publicly sharing data can expose critical information about your business that would leave your company vulnerable to attacks. Hackers can use your schedules to determine how your company operates and identify which users are most vulnerable.

4. Establish role-based controls

Accessibility is one of the key advantages of Office 365. Be sure however to limit access to critical data. Carefully determine which users should and shouldn’t have access to specific files and features in your company. Talk to each department and coordinate with them to determine who should have access to what to minimize potential data leaks or loss.

5. Automate backups for your system

Office 365 unfortunately still only relies on the trash bin for data recovery. If someone hacks into your data, accidentally empties the bin, or maliciously destroys data, all your important data is gone forever. Implementing online data backups and disaster recovery will ensure that you have an archive of all your data, which you can recover if the need arises.

Office 365 has proven to be an essential tool for businesses today. But being responsible for the security of your company’s data means you have to be aware of the security risks you face while using it. To make sure that you protect your data from potential data loss, so get started with your free trial.

How to Protect from Malware Attacks

How to: Protect from Malware Attacks

Protect from malware attacksProtecting your company data is the most critical task your IT department has. This team of specialists works tirelessly to keep out intruders only to have their coworkers inadvertently let them differently. While your business may have many safeguards in place to catch and clean up these mistakes, there are ways to prevent malware attacks before they happen. Protect from malware attacks ? How?

Additional Layers of Security

You may think your employees are the most vigilant in the world, and they may very well be. However, without a layered security system in place, cyberattacks can still break through. Your business needs an extensive security suite of antivirus, firewalls, and antimalware software to help keep out unwanted visitors.

Using Updates and Plugins

One of the easiest ways for a hacker to attack your infrastructure is through holes in your company’s software. Whether it is the operating system, internet browsers, or mobile devices, keeping titles up to date is one of the most important things you can do to protect corporate data.

Browsers, operating systems, and plugins often receive regular security patches from their manufacturers. It is easy for you to push them off and let them wait until a more convenient time for your employees. However, by doing so, you are cracking a door for intruders to exploit. Once the updates roll out, act immediately to ensure the best coverage. Immediate action is doubly true for mobile devices which often get up off due to low storage or battery power.

On web browsers, ensure all employees enable the click-to-play plugin. Many attackers use the ads to install their viruses on to unsuspecting computers. These ads autoplay and often found on well-known sites. The click-to-play plugin stops Java or Flash ads from running, unless the user clicks on them, helping to reduce the chance of accidental infection.

Safe Browsing

Companies often restrict their employees online browsing abilities. However, even sites that your business has deemed okay for workers to visit need to be used with caution. Employees should do the following every time they go on the internet.

  • Log out of websites when finished: It does not matter if it is a social media site you regularly use to update information for the company or a banking site you use to check your balance during lunch, always log out. Hackers with the right skills can use your browser’s cookies to gain access to places you remained logged into.
  • Use Secure Connections: Sites with padlocks to the left of the URL provide a secure connection between your system and the website server. This added encryption helps to protect against intrusions in the data stream.
  • Strong Passwords: Don’t use passwords that are easy to guess such as birthdates, pets’ names, or anniversaries. Passwords should contain upper and lower cases letters as well as numbers and special characters. For optimal protection, you need a different password for each site you log into.

Other Important Tips

Most employees defer to their local IT department in the event of a computer malfunction. It is the best practice because you know that the gurus of IT are going to clean the system without infecting it further. However, for employees who work from home, having access to the local IT department might not be a feasible option. These workers are more likely to be taken in by fake tech support numbers that may appear on the screen when their system gets infected. Corporations can help by making sure all employees, home-based and onsite, have access to the correct contact for software and hardware support.

Also, educate your workers on phishing and spoofing scams that may appear in their inboxes. It is essential that you remind them never to call the institution the message is from to verify authenticity before using links. Learning how to spot phony messages can protect both your company and individual workers from data loss.

Malware attacks can happen to any business, big or small. Taking steps to protect your infrastructure and training your employees on safe practices can curtail any malicious intrusions. Even the most secure systems can still be successfully attacked, so in addition to education and layered security, you should also backup your data. CloudAlly offers complete backup and recovery solutions for Office 365, G Suite and Salesforce, allowing you to quickly recover data in the event of a malware attack.

Microsoft Video: Malware Attacks

GDPR – Do you need to worry about it?

GDPR – General Data Protection Regulation EU’s New Standard for Consumer Privacy

In April 2016, the EU decided it was time to update their current Data Protection Directive which became the standard in 1995. The outdated policy did not offer residents the level of protection so desperately needed in a world where information is available at the click of a button. The new General Data Protection Regulation (GDPR) sets a stricter guideline and stiffer penalties for those in non-compliance.

New Requirements

GDPR’s requirements change significantly from the outdated directive of the 1990’s. The new rules focus on getting companies to follow stricter handling practices for customer data collected, specifically the following areas.

  • Removal: In the past, customers did not have the right to require companies to remove and delete their information. GDPR requires businesses to remove any consumer records upon their request. Corporations must wipe all personal information from their systems.
  • Portability: In addition to being able to request a removal from company databases, consumers have the right to ask their personal data be transferred from one company to another. Corporations must comply with the request.
  • Accessibility: EU residents have a legal right to request access to the information collected by companies with which they do business. Corporations must provide copies of all data collected upon request.
  • Transparency: Gone are the complicated end user releases used by companies. GDPR requires that businesses make their language easy to understand and detail exactly how they use personal consumer data.

In addition to these areas, companies must adopt stricter breach notification policies. In the event of a data breach, corporations must notify their customers within 72 hours of the intrusion.

Increased Fines – GDPR

Under the new GDPR system, companies found in non-compliance with the regulations face stiff fines. While the penalties are tiered, it still costs a significant amount for those affected. Companies who do not keep their paperwork in order may see a penalty 2% of their annual global turnover. However, if a company experiences a security breach, they see fines of up to 4% of their annual worldwide turnover or €20 Million, whichever is greater.

Fining companies experiencing security breaches is not unheard of under old EU policy. However, a loophole protected businesses that process data to another firm. New regulations do away with this protection. According to Article 32 of the GDPR, data processors are just as liable for security as controllers. Corporations that process data receive a smaller penalty, under the new regulation with fines of 2% of the annual global turnover of €10 Million, whichever is greater.

Data Recovery and Security

All EU companies must employ a disaster recovery plan. GDPR not only requires a plan in place, but companies must also test it at regular intervals. Under these new protocols, the data recovery plans must give companies the ability to restore any information lost due to technological or physical issues.

Companies must instill policies which restrict access suppliers and staff have to consumer information. Policies are just the beginning, management technology such as multi-factor authentication, granular passwords, and role-based privileges need to be in place.

While Windows is one of the most popular operating systems, as a North American based company, EU corporations cannot rely on built-in securities to bring their business into compliance. Instead, using third-party intrusion detection systems and virtual private networks can help bring EU corporations into line with the new rules.

In the event of a breach, quick response is necessary. Regulations require not just an immediate response to fix the issue, but also a plan of action to prevent future violations. An analysis log and subsequent management assist IT personnel in locating the source of the breach. The record gives insight into why the violation occurred and is a starting point for problem resolution.

GDPR

Not Just Limited to EU

The GDPR is the new privacy policy of the EU. However, that does not mean that it does not affect contractors and providers in outlying areas. Thanks to the worldwide nature of the internet, businesses work together across the oceans. For countries outside the EU, ensuring their practices line up with GDPR regulations is essential.

EU residents expect the same protection whether their data is collected and retained by a local company or a foreign entity. Corporations outside of the EU should review data protection and privacy policies to ensure they match up with GDPR standards. Hiring a Chief Protection Officer (CPO) familiar with GDPR requirements can consult with legal counsel and help others in the company understand legal obligations to EU clientele.

GDPR is the standard for consumer privacy in the EU. However, companies still have time to adapt these protocols before they face the hefty penalties called for under the new guidelines. With a deadline of May 25, 2018 looming, it is time for businesses to complete their updates to comply and not wait until the last minute to do so.

For more information read our blog post on: The Importance of Regional Data Centers for Office 365 Backup

Google Drive Down Worldwide: Averting Problems with Google Drive Backup

Google Drive Down Worldwide: Averting Problems with Google Drive Backup

Google Drive Down WorldwideHere’s the scenario: you get to work, ready to pull up the spreadsheet you’ve been working on from Google Drive. But there’s a problem: Google Drive is down. You wait. Check again. Google drive is still down, and it stays down. For over an hour. What are you going to do now? The answer: keep waiting, even as you waste time. While there is certainly nothing wrong with using Google Drive to back up your G Suite apps, recent issues like this one prove that Google Drive alone is not reliable enough to be your only backup. CloudAlly’s G Suite/Google Apps Backup gives you the security that your data will be protected, even if Google Drive fails.

Right now, Google Drive aims to simplify G Suite users’ storage and file sharing in the cloud, but the program regularly has its snafus.

Case in point about Google Drive’s unreliability: on the morning of September 7, Google Drive users started receiving error messages from the file storage service. Users around the world could not load their files.

At 10:37am EST on September 7, 2017, Google announced that it was working to resolve the issue:

“We’re investigating reports of an issue with Google Drive.” Google Drive was down for an entire hour. By 11:38am EST, the program had been restored for some users, but it was still down for others.

Google issued another message that users could “expect a resolution for all users in the near future,” but the company could not provide a concrete timeline. Only by 12:24pm EST – nearly two hours after Google started working on the problem – was Google Drive restored for all users. The tech giant apologized for the inconvenience and said that it planned to develop “continuous improvements to make our systems better.”

Sure, Google says they’re working to make Google Drive infallible, but what if they don’t deliver on their promise, like they most likely will? If Google Drive fails when you need important data, you’re stuck, waiting until Google recovers. Without a third-party program, there is nothing you can do about Google Drive’s unreliability.

You might think, Google Drive was down for a few hours. So what? The problem speaks to a common issue of unreliability with the service. Just a few days after the first issue, on September 11, nearly 3,000 people reported issues with Google Drive again.

Sure, Google Drive is helpful. But it is by no means complete.

Google Drive’s Unreliability?

Google Drive does back up your files and data. However, the protection it provides is not enough.

Take malware and ransomware. Does Google Drive protect your files from these malicious viruses?

Nope. Even if your files are stored on the Google Drive cloud, your data could be infected. Only a third-party software like CloudAlly can protect your Google Drive files from corruption or ransom.

But, you might think, at least Google Drive will be around forever, right?

Again, the answer isn’t certain. Google Drive’s future is at risk. In early September 2017, users feared that Google Drive was shutting down altogether. While this turned out to be hype, Google is shutting down its Google Drive app for Windows and Mac, replacing it with a new backup up.

Right now, though, take a breath. Google Drive is still accessible to all users through browsers on all devices, but this replacement demonstrates Google doesn’t love Google Drive enough that they’ll never change or replace it. Google Drive may not be around forever, and while Google Drive will likely not shut down without notice, it still makes sense to have a third-party software like CloudAlly to back up all your data.

CloudAlly’s G Suite/Google Apps Backup

Returning to the interruption of Google Drive on September 7.

Google Drive users without third-party backups just had to wait. And click to see if Google Drive had come back online. And wait. And click.

But if you were using CloudAlly, you could have exported critical documents instantly. You wouldn’t have wasted any time. CloudAlly lets you export your data to any and all of the programs or devices you need using efficient zip downloads. Instead of waiting for Google to repair Google Drive on September 7, you could have kept on working like nothing was wrong.

Besides, CloudAlly’s Google Apps Backup does more than protect your Google Drive files, too. It backs up all your G Suite apps, including Gmail, calendar, contacts, tasks, and chats on an automated, daily basis.

Don’t put your data safely entirely into Google’s control; take matters into your own hands! Want to see for yourself how CloudAlly is more reliable than Google Drive? Try our free backup for 15 days.

How to Recover Missing G Suite Files

How to Recover Missing G Suite Files

It’s always frustrating to loose a file, but as a G Suite administrator, recovering and restoring missing files and emails is basic part of your job.  Users may restore their data for up to 30 days or until it’s permanently deleted, whichever comes first. However, if they permanently delete a file or email, it’s probably up to you to restore it. How to Recover Missing G Suite Files ?

Lets re track;  Of course G Suite has limitations on the restore such as the time limit of 25 days to restore permanently deleted files back to the user who created them, but it does provide basic restore functions including:

  • A date range search to locate deleted items
  • Verify restoration via inbox or Google Drive check
  • Restore data to a team drive
  • Restore a deleted team drive
  • Restore data for up to 10 users at once

Restoring Deleted Files

To restore either Gmail messages or deleted Google drive files start by signing into your Google administration console. From here you can restore information to an individual user or multiple users at a time.

Single User Restoration

For single user restoration, after you have logged into the administration console, navigate to the Users panel.

  1. Locate the user and click on their name to open the account page.
  2. Once on the users account page, click the More icon and select Restore Data.
  3. Indicate the date range for the data you wish to restore. Restoration is only possible within the last 25 days.
  4. Choose the type of data you wish to restore either Drive or Gmail. An error message appears if you do not select a data type.
  5. Click Restore Data.

Once restored, you can navigate to the user’s inbox or Google Drive to verify restoration occurred.

Multiple User Restoration

As G Suite administrator you may restore files to multiple users. As with a single user restoration, you must first log in to the administration console.

  1. Navigate to the Users panel.
  2. Put a checkmark in the box to the left of each user whose data you wish to restore. You may only restore up to 10 users at a time.
  3. On the toolbar, click the More icon and select Restore Data.
  4. Select the date range for the data you wish to restore. This field only covers the previous 25 days.
  5. Choose the data type you wish to restore, either Drive or Gmail. Leaving this criteria blank results in an error message.
  6. Click Restore Data.

You can now verify if restoration was successful.

A Complete Backup and Recovery Solution

Google restore functions are limited to approximately 30 days, so your business is at risk if data has been deleted or corrupted without detection for more than 1 month. You can protect your data an eliminate this risk by using CloudAlly’s automated  daily backup service for G suite including the ability to recover or export data from any point-in-time.

Admins can drill down through date snapshots or use the granular search function to quickly locate and restore data to the original user or another user if needed. Data can be exported in Outlook compatible .pst for onsite use, and mailboxes can be archived as needed when off-boarding employees.

Give us a try for 15 days no risk. If you like our services, G Suite backup starts at three dollars per user per month or $30 per user per year.

Protect Your Data: The Difference Between Malware, Adware, and Spyware

Protect Your Data: The Difference Between Malware, Adware, and Spyware

Short for malicious software, malware comes in many varieties of forms. Viruses and worms, named because of their ability to quickly spread through your system by digging in deep and making copies of themselves, are probably two of the best-known malware types, which is why malware protection is needed.

Malware vs Ransomware

Another well-known malware is the Trojan which infects your computer secretly, coming in through a perceived safe link or website. Like viruses, this malware infects your computer sometimes to the point of having to reset the entire system.

Malware began with the dawn of the internet. In the past, software creators of this nature were a few high school computer gurus blowing off steam and playing pranks on unsuspecting visitors. However, criminals who are looking for ways to make easy money engineer today’s malicious software.

Some ways malware infects your computer are:

  • Visiting an infected website
  • Clicking on an infected pop-up
  • Opening an unknown, infected email attachment
  • Visiting an infected link sent via email
  • Downloading files off the internet without running an antivirus scan on them first

A new virus, known as ransomware, locks users out of their systems entirely. Once locked out the infected party must either pay the infector a fee to resume use of their computer or completely reset the drive, a complete reset results in loss of all data and applications that were not initially on the unit at the time of purchase. Failure to pay the ransom results in the same damage.

Adware

Adware is slightly different. While benign in comparison to other malware, this software can still be an annoying leech on your computer’s resources.

Companies across the globe use Adware to track your movements online and display ads that are relevant to your browsing experience. In most cases, adware will not do any damage to your computer nor will it steal personal information. It is merely a tool used by marketing consultants to put relevant ads where you see them.

In most cases, adware works with your knowledge. Most sites alert you to the fact they are collecting information about your interests for this purpose. However, on occasion, sites install this software without your knowledge. When this happens, the benign software has crossed into malware territory and leaves you vulnerable to further attacks.

Programmers sometimes use adware to fund their program development. They bundle ads with free software and deactivate the advertisements once the user purchases or registers the title. Use of ads is standard practice for free mobile applications.

Adware is tricky to remove. As most titles are only marketing tools, antivirus software sometimes overlooks these programs.

Spyware

A type of malware, spyware is far more insidious than most other types. While viruses and trojans are problematic and can shut down your system, spyware tracks your every move. Each keystroke and mouse click is then relayed back to a third-party without your knowledge.

The big problem with spyware is the fact it is hard to detect. Anti-virus software may be able to stop installation or remove already installed versions. However, if your anti-virus does not have an anti-spyware bundled with, it may overlook these programs.

Spyware can infect your computer many ways. In some cases, it is installed by visiting an infected website or opening an infected link or attachment sent via email. Most spyware comes from downloading software from file-sharing sites. Hackers who put free movies or music files on these websites bundle their spyware alongside so you do not know it is downloading.

Indicators that your system has a spyware infection include:

  • Searches redirect you to a different search engine
  • Random error messages during routine operations that previously worked
  • Unidentifiable or new icons appearing on the taskbar

Spyware allows the third-party owner not only to see what you are doing, but gain access to your usernames, passwords, and bank and credit card account numbers.

What You Can Do to Protect Yourself – Malware Protection !

Companies often have several layers of protection to keep malicious files out using firewalls and anti-virus software. However, from time to time, an email or website can get through the company shielding allowing malicious software through.

The first step for both large and small businesses is to educate employees on the different methods a malware, spyware, or adware infection occurs. Employees need to know how to spot a suspicious email and whom to contact within IT to prevent future attacks.

In addition to education, your company should have backup redundancies in place to protect sensitive data. Having a backup of essential files allows IT technicians to reset infected computers without worrying about losing information.

Storing files locally is one option. However, the local backups must be kept off the internal network to prevent potential corruption or infection from malicious attacks. The use of cloud storage helps protect documents while keeping them off local network which could potentially be damaged through a single computer infection. When choosing a cloud service provider, check for their security protocol to ensure the safety of your data from hackers who may use rants somewhere to attack your company in this manner.

It is also a good idea to back up your backups. If you store items locally, you should also store them in the cloud. Cloud providers should also be backed up using services such as offered by CloudAlly. Our service allows you to backup files stored in OneDrive, Box, and Google Drive. It also enables you to backup sensitive emails for those using G Suite or Office 365.

Education, protective software, and backups are essential to protecting your company from malicious attacks.