What Are PBX Cloud Phones, and How Do They Work?

Modern businesses thrive when they master communications. To do this, they need the right technology. Traditional legacy phone systems are restrictive and limited, but moving phone communications to the cloud enables mobility and flexibility. If you’re considering upgrading your phone system, you’ll want to know about a PBX cloud phone system.

What Are PBX Cloud Phones?

PBX stands for a Private Branch Exchange. PBX phones have been around for some time, and they create a private telephone network within one organization. In a standard PBX, the ability to use the system is only on-premises. Such a setup requires expensive servers on-site.

What’s different about PBX cloud phones is that they use VoIP (voice over internet protocol), which means they don’t need phone lines, only an internet connection. A cloud PBX lives in the cloud, sitting in a secure and remote data center. You still have all the same features for routing and management, just without the costly equipment.

How Do PBX Phone Systems Work?

As noted, the internet is the basis of cloud PBX platforms, not phone lines. With a connection, users can make and receive calls in many ways. You can use a desk phone that plugs into a router, similar to conventional PBX phones. Additionally, you can use an application on your desktop or mobile phone. Using cloud-based phones offers true versatility to take and place calls from wherever, which means they are ideal for remote or hybrid work.

The application itself and the data acquired from usage (i.e., voicemails) reside in the cloud. To leverage such a solution, you’ll engage with a provider that delivers the software and hardware. It simplifies phone system billing and management.

Why Move Phone Systems to the Cloud?

In the past year, businesses experienced tremendous change due to the pandemic. Remote work became the norm; however, this was a trend already in the making. COVID-19 accelerated it. This shift caused many companies to rethink their internal and external communications and migrate everything to the cloud.

Converting to the cloud for applications across the enterprise offers freedom from a centralized work location. While the return to the office is already occurring, that doesn’t mean you still don’t need to provide flexibility to your team regarding communications.

When you move to the cloud, you can have confidence that it’s secure, cost-effective, and scalable.

Ready to upgrade your phone system? Contact us today to discuss how the cloud can support your growing business.

Information used in this article was provided by our partners at Intermedia.

I’ve noticed a new administrator on my network but don’t know who it is.

If you’ve checked around the business and no one has created the new administrator account, speak to your IT support partner immediately. This may be a sign that you have an intruder in your network waiting to launch an attack.

A really important document has disappeared from my network. Can I get it back?

Hopefully, you have a working daily or continuous backup in place? If so, it’s simply a case of retrieving a copy of your document. If you don’t have a backup, then it may be trickier. First, you may want to establish how the file has disappeared. A good IT support partner should be able to guide you through this (also, get them to sort out your backup).

Teams notifications are distracting me from my work. Can I stop them?

Yep, just turn them off! You can set your status to Do Not Disturb, which will stop anything bothering you. Alternatively, you can now make yourself invisible by appearing offline when you want to get your head down and work.

The threat landscape continues to evolve and expand rapidly. As attack vectors multiply, from endpoints to networks to the cloud, many enterprises address each vector with a best-in-class solution to protect those specific vulnerabilities. However, these point tools don’t connect the dots across the entire technology stack. As a result, security data is collected and analyzed in isolation, without any context or correlation, creating gaps in what security teams can see and detect.

Extended Detection and Response (XDR)

Extended Detection and Response (XDR) is the evolution of Endpoint Detection and Response (EDR). XDR automatically collects and correlates data across multiple security vectors, facilitating faster threat detection so that security analysts can respond quickly before the scope of the threat broadens. In short, XDR extends beyond the endpoint to make decisions based on data from more products and can act across your stack by acting on email, network, identity, and beyond.

As XDR is gaining traction and emerging as a critical next-generation security tool, here are five questions you should consider while looking at an XDR solution.

1. Does the XDR Solution Provide Rich, Cross-Stack Visibility with the Ability to Seamlessly Ingest from Multiple Data Sources?

A robust XDR platform enables enterprises to seamlessly ingest structured, unstructured, and semi-structured data in real-time from any technology product or platform, breaking down data silos and eliminating critical blind spots.

2. Does the XDR Solution Provide Automated Context and Correlation Across the Different Security Layers?

Many EDR solutions require (human) security teams to conduct investigations. But given the volume of alerts generated, many security teams are not resourced to dwell into every incident. A robust XDR solution should be augmented with AI and automated built-in context and correlation.

3. Does the XDR Solution Auto-Enrich Threats with Integrated Threat Intelligence?

As new threats emerge, a lack of external context makes it difficult for analysts to determine whether an alert or indicator represents a real threat to their organization. Threat intelligence provides up-to-date information on threats, vulnerabilities, and malicious indicators freeing security teams to focus on what is most important. A well-built XDR solution enables threat intelligence integration from multiple sources to help security teams prioritize and triage alerts quickly and efficiently.

4. Does the XDR Solution Automate Response Across Different Domains?

Of course, incident detection and investigation need to trigger an effective response to mitigate the incident. The response needs to be pre-defined and repeatable to make remediation more efficient and intervene at any step in an attack that is in progress. The response should distinctively define both short-term and long-term measures that can be used to neutralize the attack. It is also essential to understand the cause of the threat to improve security and prevent attacks of a similar manner in the future. All necessary steps must be taken to ensure that similar attacks are not likely to happen again.

5. Does the XDR Solution Let You Easily Integrate with Leading SOAR Tools?

As you may have other security tools and technologies deployed in your SOC, your XDR solution should let you utilize your existing investments in security tools. Key features would be built-in integrations, including automated responses and integrated threat intelligence.

XDR is the Future of EDR

Specialized security products must work together to defend against an intensifying effort to overrun the digital barriers that protect our now technology-dependent lives. As with any new technology entering the marketplace, there is a lot of hype, and buyers need to be wise. The reality is, not all XDR solutions are alike. YeoDefense, powered by SentinelOne, unifies and extends detection and response capability across multiple security layers, providing security teams with centralized end-to-end enterprise visibility, powerful analytics, and automated response across the complete technology stack.

If you would like to learn more about YeoDefense, contact us.

Information used in this article was provided by our partners at SentinelOne.

In the past, to configure security policies, teams were required to use group policies, System Center Configuration Manager, or Microsoft Endpoint Manager. Essentially, they were using the IT management tool to set up and maintain security. Therefore, even when an organization had security administrators, they depended on the IT team for any required change.

Today’s Security Challenges Require a Different Approach

While it might have worked in the past to have the IT team manage security controls, modern enterprises are at the stage where that is no longer scalable. Today, we aren’t just configuring a legacy antivirus and a password policy. We need to consider different attack surfaces and tune our preventative controls accordingly. The time when a security administrator could raise an IT ticket and then sit and wait is long behind us.

How Can an Organization Improve Its Cybersecurity?

1. Implement Role-Based-Access-Control (RBAC)

The security team deals with a lot of sensitive information. Therefore, the principle of least privilege is critical. The bottom line is that only people with an apparent business reason should have access to specific information. For example, security administrators should see the endpoint configuration, manage agent update cycles, and configure device policies and the firewall. Still, they may not need access to forensic capabilities or access to active incidents. With Role-Based-Access-Control (RBAC), this can be achieved.

2. Lock Down the Network and Devices

Reducing the attack surface is a critical task for security administrators. Often, the first step is to configure device restriction policies and the firewall. Consider who should have access to information and whether that access should be restricted to read-only. When managing firewalls, also consider:

• if rules should apply across Windows, macOS, and Linux
• if there should be an Allow or Block rule
• if rules should apply for a specific protocol, port, application, etc.

3. Consider an XDR Security Solution

Extended Detection and Response (XDR) Security solutions monitor an organization’s entire infrastructure, including endpoints, the cloud, mobile devices, and more. These systems actively search and respond to threats in real-time to protect organizations from advanced cyberattacks.

The increasing complexity in today’s threat landscape makes it clear that waiting several days to make a change to preventative controls is no longer acceptable. Security technologies have evolved and provided integrated security management capabilities that empower security administrators to make informed risk-based decisions.

YeoDefense XDR, powered by SentinelOne, provides integrated security management capabilities that are truly designed for enterprises. Businesses benefit from multi-tenancy and Role-Based-Access-Control (RBAC), which enable the principle of least privilege. If the security administrator needs to configure a device restriction policy or firewall rules, or optimize Endpoint Platform Protection (EPP) or Endpoint Detection and Response (EDR) controls, they can do that all within the SentinelOne management console in just a few clicks.

If you would like to learn more about how YeoDefense can help secure your organization, Contact Yeo & Yeo Technology.

Information used in this article was provided by our partners at SentinelOne.

Stop Hackers from Stealing Your Data

When you think about it, the very nature of email makes it the weakest point of any security setup. For many of us, it’s both our greatest tool and most hated nemesis.

You have lots of staff, accepting hundreds of emails every day. And even the best email filters in the world can’t stop clever hackers because they’re constantly inventing new ways to get in.

All they need is one member of your staff to click one dodgy link. And that can give hackers enough access to start monitoring what the business is doing. From there, they can spot ways to access business funds.

In this eBook, we will follow the story of a business that was compromised by an email attack and explore ways that the attack could have been prevented.

We discuss:

• Common Email Scams and Hacks
• 9 Layers of Email Security You Can Implement
• Moving Forward After an Attack

If your business isn’t yet fully protected with the correct layers of security for your specific situation, Yeo & Yeo Technology can help.

After November 1, 2021, only Outlook 2013 Service Pack 1 (with latest fixes) and later will be able to connect to Microsoft 365 services.

If you’re still running older versions of Outlook – including Outlook 2007, 2010, and Office 2013 versions earlier than 15.0.4971.1000 – please start working on a plan to upgrade by November 1.

Why is it important to upgrade now?

• Older versions of Outlook are incompatible with upcoming Microsoft service changes, including authentication upgrades.
• Clients using older versions of Outlook may encounter performance or reliability issues, as well as increased security risks.
• Updated versions have new features to help improve efficiency and performance.

For Outlook upgrade guidance, visit Microsoft’s website.

Contact your YYTECH account executive at 989.797.4075 if you have questions about these minimum requirements.

HR leaders have found themselves dealing with an increase in both admin and strategic work. According to a recent Sage survey, “60% of HR leaders said their workloads have increased dramatically in the last year.”

The right HR solution can alleviate some of this added work by automating processes and providing actionable insights. Here are five telltale signs that you’re ready to upgrade your HR system.

1. Spreadsheets aren’t meeting your needs

While spreadsheets may have served you well in the past, over time, the data contained in them becomes overly complex, outdated, and open to data breaches. Compiling reports can take hours, if not days, which eats into valuable time you could spend on more strategic tasks. 

A robust HR system can create one central record by automating manual data entry. In other words, your records are up-to-the-minute accurate, giving you real insights at your fingertips in an instant.

2. Your HR workload is too admin-heavy

With increased demands being placed on HR’s time, freeing your team up from time-consuming admin is a no-brainer. A modern HR system can automate core HR processes and workflows. This massively reduces the amount of time spent on HR admin. Your HR can move away from being a purely transactional function toward being more of a strategic people-focused team.

3. You’re going international

The difficulties and complexities of global and local employment policies can take up a lot of HR’s time. From statutory working hours and sick leave to data compliance, pensions, and health care, the laws, regulations, and policies vary country by country. HR and People leaders need a solution that effortlessly manages and maintains global practices and local rules.

4. HR analytics: You can’t report on what you need

A reliance on outdated software can make compiling reports and analyzing the data an impossible and thankless task. A modern HR system can enable you to reel off any people management figures the c-suite requires in just a few clicks. It acts as one source of truth for collecting, reporting, and analyzing data, enabling you to track and predict trends. With access to the data you need, you can provide reliable workforce insights to help inform swift business decisions.

5. You want to drive better experiences and give managers more autonomy

Your people are your biggest asset, so building great workforce experiences that keep employees engaged, motivated, and enhances their well-being is vital. The right HR system will allow you to create employee self-service portals where your workforce can access and manage their own data. They can submit requests such as vacation leave or expenses – taking it off your HR team’s plate to free up their time to focus on more strategic tasks. It also gives managers autonomy by enabling them to directly sign off on their team members’ requests and create a portal for managing employee appraisals and feedback all in one place.

Technology is mission-critical 

Recent events have shown that if you’re behind in driving digital transformation, it’s time to upgrade. Acknowledging a need for HR tech investment is simply the first step. Yeo & Yeo Technology can help you determine what systems are best for your business based on your needs and budget. Contact us today.

Information used in this article was provided by our partners at Sage.

I’ve lost my phone, and it’s on silent

Not a problem. Use another device to find it. For iPhones, log in to iCloud.com, and you should be able to see all your devices and their location. You can make the iPhone play a sound to help you locate it. If you’re using Android, go to android.com/find to do the same.

The screen on my laptop keeps freezing

Don’t worry. Nine times out of 10, this can be remedied by turning your laptop off and on again. However, it may be an issue with the device’s memory or corrupt files if it’s something that keeps happening. Run a system check and a malware scan to see if they offer a solution. Better still, get an IT professional on the case.

Pop-ups on my phone are driving me mad. Can I get rid of them?

Yes! On an iPhone, go to Settings, Safari, and turn on ‘Block pop-ups.’ On Android, open Chrome and the settings on the right-hand corner. Select settings, then site settings, and make sure pop-ups are blocked.

A feature-rich video conferencing solution can empower your teams to be productive no matter where they are located. It can help your company better connect with clients and other stakeholders. It can also make it easier to collaborate, problem-solve, and hold effective meetings in real-time.

Here is a look at the key features that can help your video users have the best experience possible.

1. Screen Sharing

For interactive meetings and webinars, screen sharing is vital. You want to be able to share your entire screen as well as individual apps on your desktop during a meeting. This makes it easier for your video conference participants to follow what the presenter is explaining.

2. Multiple Webcam Capabilities

During a video conference, it’s more impactful if you can see the face of the individual who’s doing the talking. If your business has a lot of remote workers or if you regularly hold meetings with employees on the go, look for dynamic webcam features. Ideally, your video conferencing solution will support multiple webcams so everyone can be seen – and understood – during the meeting.

3. VoIP

For remote teams, communicating with video should be as easy as connecting by phone or chat is.  With video conferencing through VoIP, communicating is seamless. Users can switch from voice calls to video calls or group meetings by pushing a button. There’s no need to establish a new connection or pause communication to change channels or add participants.

4. Chat Features

Whether you’re broadcasting to a group of leads with a marketing webinar or holding a meeting with employees, your users will get more out of the experience if they can interact. This is why a robust chat feature is so valuable. Look for chat capabilities that allow your video conference users to share messages, including text and emojis, during a meeting or online event.

5. Remote Control

For collaborative meetings, this video conferencing feature is something you don’t want to miss. It allows participants to have direct control over your computer’s keyboard and mouse, making it possible to edit and make changes to shared documents in real-time.

6. Unlimited Recording

Most video conferencing platforms make recording easy, but you want to look for a feature that will offer unlimited storage in the cloud, as well as easy sharing capabilities. You should be able to record a meeting or webinar and share it with one click.

7. HD Video

For an even better meeting experience, HD video can make a huge difference. With high-quality video, everyone can see who’s speaking, making it feel like everyone is right there in the same room.

8. Branding Features

This is an important feature if you’re creating video content for customers, such as webinars or educational presentations. You’ll want to be able to include your company logo and any other branding, which will make your webinar content look more professional.

9. Dynamic Presentation Features

For complex presentations, you’ll want to have certain features to rely on. Ensure you can upload various file types, including MP4 videos, PPTs, and PDFs. This gives you the flexibility to add rich media to the presentation to keep your participants’ attention. Another advanced video conferencing feature that can empower better presentations is note sharing. You can capture a series of steps or a specific presentation segment and send it to participants as notes during the meeting or webinar.

10. Performance Reports

Performance metrics are important for evaluating how well received your presentations are, which parts are the most engaging, and how many people are attending your event. Look for a platform with both attendance and chat reports so you can get adequate feedback from your meetings and webinars.

It’s worth it to ensure you have all the right video conferencing features for your business. Advanced features make it possible to hold dynamic and effective meetings from anywhere in the world, at any time. Explore how Yeo & Yeo’s video conferencing tool, powered by Elevate, can empower your business.

Information used in this article was provided by our partners at Intermedia.

Once considered a leading-edge technology, blockchain is now an innovation and customer experience enabler in many industries.

But what is blockchain, exactly, and what role does it play in digital transformation? Here’s a look at blockchain, how it works, and how it delivers value to manufacturers and retailers.

PODCAST: On episode 10 of Everyday Business, host Jacob Sopczynski, principal in the Flint office, is joined by Robert Konsdorf, CEO of EOS Detroit. Listen in as Jacob and Rob discuss the basics of blockchain. 

What is blockchain?

Blockchain is a mutually distributed ledger of transactions that everyone involved can see, but no one can alter after the fact. Because of the security and transparency it enables, especially when dealing with threats like cybercrime, blockchain is considered an architecture of trust that allows various parties to do business with one another confidently.

When two or more parties use a blockchain to permanently record shared transactions, each of them possesses a copy. They cannot edit a previous transaction—they can only add a new transaction.

Every time someone records a new transaction, a timestamp is automatically added to it, and all the other parties subsequently receive that update. This decentralized framework makes it much easier to validate the authenticity of transactions, creating the foundation of trust necessary for fruitful business relationships.

How can manufacturers and retailers take advantage of blockchain?

Blockchain increases supply chain visibility. In light of the global supply chain problems caused by the pandemic, this should be of great interest to manufacturers.

For example, manufacturers can create a blockchain to track materials quickly and accurately as they move throughout the supply chain, recording when and where they arrived in specific locations. Additionally, they can also track who handled them at the time they were received.

This improves traceability and compliance, reducing business risk. It also increases operational efficiency, enhances customer service, and can boost revenue growth.

Blockchain powers innovation for manufacturing and retail

Manufacturers and retailers that haven’t implemented blockchain should consider its business advantages and its value as a digital transformation enabler.

Manufacturers and retailers can use blockchain to accelerate key supply chain processes and improve compliance. They can also tap blockchain to enhance the customer experience, increasing their competitive prospects in a dynamic market. With all of the benefits that blockchain offers, there’s never been a better moment to explore this technology’s innovative potential.

Information used in this article was provided by our partners at Sage.

BYOD (bring your own device) refers to the practice of employees using their personal devices—such as smartphones, laptops, PCs, tablets, and other gear—on the job for the sake of convenience and comfort.

But there are downsides. Whenever someone accesses business data on a device that you don’t control, it opens windows of opportunity for cybercriminals.

Here are three questions you should consider when implementing a BYOD policy.

1. What happens if someone’s phone is lost or stolen?

What’s a pain for them could be a nightmare for you. Would you be able to encrypt your business’s data or delete it remotely? Would it be easy for a stranger to unlock the device and access the apps installed?

2. What happens if someone taps a bad link?

Lots of people read emails on their phones. If they tap on a bad link in a phishing email (a fake email that looks like it’s from a real company), is your business’s data safe? Despite what many people think, cybercriminals can hack phones in a similar way to your computer.

3. What happens when someone leaves?

Do you have a plan to block their ongoing access to your business’s apps and data? It’s the thing many business owners and managers forget when staff change.

If you haven’t already, create a cell phone security plan to go with your general IT security plan. Ensure everyone in your business knows what it is and what to do if they suspect anything is wrong.

BYOD is an excellent, if not inevitable, way to increase worker satisfaction and productivity and cut down on costs for businesses. But without carefully considered policies and security precautions in place, BYOD could become more of a nightmare than a dream for both the company and the employees.

If you need a hand, don’t forget that a trusted IT security partner (like us) can give you the right guidance. Contact Yeo & Yeo Technology today.

Fall may be the beginning of the homey season, but before you settle in for the winter, it’s essential to take a look at your technology. Are your passwords strong enough? Have you optimized your systems to improve security? We’ve put together a checklist to help you navigate “cleaning” your company’s systems and computers.

1. Check your passwords

Now is a good time to revisit your security procedures and review your password policies. It is recommended that users choose secure passwords which are at least eight characters. Passwords should be easy to remember but hard for others to guess. Refrain from using common phrases, public personal information, and repetitive passwords. Do not share passwords or give your password to anyone, even if you trust them. Below are some recommendations for acceptable-use policies for passwords in your company.

• Remove the option of using commonly used passwords.
  • You can limit the type of passwords users can have by “blacklisting” the following:
  • Passwords that appear on frequently used lists, including breach lists.
  • Repetitive and sequential characters, such as “1234” or “1111.”
  • Context-based words, such as characters in their username or the name of the service being logged into.
• Use Multi-Factor Authentication (MFA)
  • MFA requires the user to know their password and approve that they are attempting to log in. Some forms of MFA include things you “know,” “have,” and “are.”
    • Know – You must know your password.
    • Have – You must have access to your phone, or token, to approve a login.
    • Are – You must have your fingerprint (or other biometric) to approve the login.

2. Ensure Your Systems are Up to Date

When your system does not have the most current patches and updates installed, it is more vulnerable to cyberattacks. Now is as good a time as any to ensure all your systems and software are up to date.

• Check for Windows Updates on your workstations and servers: Windows does not always automatically clean up old update files. Run Disk Cleanup to remove old system files to help regain extra disk space.
• Ensure Adobe Acrobat Reader and Java license are up-to-date: Java updates roughly once each quarter, sometimes more frequently. Old versions of Java can cause vulnerabilities. Make sure, once the newest version is installed, that the old versions are uninstalled. Adobe Acrobat Standard, Pro, and Reader can all be set to download and install updates through the settings automatically.
• Check all software applications you run on your system for updates.
• Update drivers on your system: You can do this by opening Device Manager and right-clicking each device and checking for updates, or you can check with your manufacturer for a solution provided by them.

3. Implement and Use Backups

Make sure you are backing up all critical data. Many backup applications will back up only default locations unless otherwise specified. Also, make sure you are not backing up files you don’t need.

Backups are a great, simple way to recover from a disaster, be it a natural disaster or a nasty bit of ransomware. If you get hit by ransomware and have a good backup of all your data, you don’t need to pay the ransom; you can restore from a backup taken before you were infected. Having this option will save time and money.

The best backup solutions use a 3-2-1 rule.

• You should have at least three copies of your data. One live copy and two backup copies. If something happens to your live data, you want to be able to access your backups quickly. That is why it is important to have current and complete backups.
• You should store data in two different mediums. If both copies are stored on the same system, and that system has a critical failure, you no longer have access to a copy of your data. You can use a cloud-based storage solution in addition to USB-connected external hard drives.
• At least one copy of your data should be kept off-site. What would happen if your building and all of its contents were destroyed? Could you get another server and get back to business if your only backup is in a pile of rubble? That is why it is important to have access to your data from the off-site location, be it cloud-based or a remote location set up to receive the backups from your primary location.

Implementing these “fall cleaning” practices for your systems and computers will help you be more confident about your company’s data security.

In Q2, PhishLabs analyzed hundreds of thousands of phishing and social media attacks targeting enterprises, their employees, and their brands. According to PhishLabs Quarterly Threat Trends & Intelligence Report, Phishing volume in 2021 continues to outpace last year by 22 percent.

Key Findings of the Quarterly Threat Trends & Intelligence Report Include:

• Cryptocurrency saw a 10x increase in phishing from Q1
• Social media attacks were up almost 50% from January to June
• 51% of credential theft phish targeted corporate Office 365 credentials

Phishing Attacks to Watch For

• Abuse of Free Email Accounts: The use of free email accounts by threat actors has increased. Cybercriminals most commonly use Gmail, Hotmail, AOL, and Outlook accounts.
• Social Media Fraud: Fraud-related attacks are the most common form of social-media cybercrime. These attacks include the unauthorized sale of account credentials, exposure of banking details, and other financial threats.
• Cryptocurrency Impersonation: Cybercriminals exploit the cryptocurrency industry by

impersonating cryptocurrency businesses to confuse customers and cash in on the sector’s skyrocketing growth.

How to Protect Your Business from Phishing Attacks

No matter how much money is spent on firewalls and antivirus software, phishing attacks find their way into inboxes. When all else fails, your employees are the last line of defense for your business data. Make sure they can detect cyberattacks with security awareness training.

Source:

“New Quarterly Threat Trends & Intelligence Report Now Available.” PhishLabs, 17 Aug. 2021, https://www.phishlabs.com/blog/new-quarterly-threat-trends-intelligence-report-now-available/

In the past month, we have received several reports of businesses being compromised by malicious emails. It only takes one member of your staff to click a bad link for hackers to access your network and data.

We have created a one-page info sheet to help you recognize common email scams and hacks that could be entering your inbox. Read the info sheet here. 

We urge you and your staff to take precautions when opening emails and clicking links. The first line of defense against cyberattacks is you.

Here are 9 layers of email security that you can implement to protect your business. 

1. Multi-factor authentication: The simplest and the most effective way to prevent unauthorized logins. Every time you log in to your email (or any other system), you have to confirm it’s you on a separate device. This is typically done with your mobile phone, either by receiving a code or using an app to generate a code.
2. Monitoring for unauthorized email forwarders: Hackers can play a clever, long game just by accessing your email once. An unauthorized forwarder allows them to monitor communications. It doesn’t even need to be the email of a senior member of the team. It’s surprising (and terrifying) how much we give away, bit by bit, in our daily emails.
3. Proper email backup: Unless you have bought a specific email backup, your emails are not being backed up and are not protected daily. Not many people realize this. Having a proper backup is critical, as it gives your IT support company many more options if you are attacked. They can completely reboot your email account, safe in the knowledge you won’t lose a single email.
4. Artificial Intelligence (AI) screening of emails: So you have this contact called Jon. And then one day, he signs off an email with his full name, Jonathan. You might not think twice about it. But a good AI system would pick up on this sudden behavior change and investigate the email further. These systems can be very clever at spotting potentially dodgy emails from the tiniest symptoms.
5. Improved security endpoints: Endpoint security means each computer you use to access email is locked down and protected. There are many different ways to do this. From enhanced security on each device to prevent it from being used for risky activities. To encryption of the data on the device, meaning it’s worthless to anyone that steals it. And even as far as banning USB devices (you can plug them in, but they won’t work… meaning they can’t do any damage).
6. Office 365 advanced threat protection: Robust Microsoft protection working for you behind the scenes. Your IT support company should know the correct way to implement it for your specific setup.
7. Awareness training: The weakest link in any email security setup is… the humans. Because emails can still get past all of the defenses already listed, the last line of defense (and frankly, the best) is the human looking at an email with suspicion. There are some amazing awareness training courses available. They’re delivered online, so your team doesn’t have to go anywhere. They’re not dull or techy. They’re designed to be fun, and above all, to make your staff pause when they’re sent that dodgy link to click. That pause can save you thousands of dollars and days of hassle.
8. Cyber insurance: It could be worth taking out a cyber insurance policy if only to follow the basic standards laid out by the insurance companies. Their job is to reduce their chance of having to pay out, right? That means they’re highly likely to know what ‘best practice’ currently is. So follow their advice as part of your overall email security protection.
9. Set up business processes and make them the culture: Don’t let the boss change the process on the fly! If you have an internal process for approving payments, it needs to be followed every time… ESPECIALLY by the boss. Because it’s when the boss cuts corners that the chance of fraud jumps up dramatically; the weakest link is humans, remember. When it’s the boss, and everyone wants to please them, it opens the window for fraud and encourages everyone to break the rules. Great leaders realize they need to act the way they want their staff to act… even if it’s an inconvenience.

For more information on preventing email attacks, read ­­­our Email Hijack eBook.

Spear-phishing attacks are defined by their targeted nature. Attackers will spend time researching their victims and organizations, designing attacks targeting specific individuals with a customized message.

According to security vendor Barracuda’s latest report, Spear Phishing: Top Threats and Trends, organizations are experiencing far more convincing campaigns, focusing on a broader range of roles in the organization than ever before:

• 1 in 10 attacks are Business Email Compromise (BEC) attacks
• The average CEO receives 57 targeted phishing attacks each year
• IT staff receive an average of 40 targeted phishing attacks in a year 
• Microsoft remains the top impersonated brand, with WeTransfer in at number two

Barracuda identified four distinct categories of phishing attacks that exploit social engineering:

• Business email compromise (BEC): A hacker will impersonate an employee, usually an executive, and request wire transfers, gift cards, or money sent to bogus charities. 
• Phishing impersonation: Cybercriminals will create emails posing as a well-known brand or service to trick victims into clicking on a phishing link.
• Extortion: Hackers threaten to expose sensitive or embarrassing content to their victim’s contacts unless a ransom is paid out.
• Scamming: Hackers create malicious links ranging from claims of lottery wins and unclaimed funds or packages to business proposals, fake hiring, donations, and more.

The roles cybercriminals target within an organization extend well beyond the CEO or IT, making every employee a potential target.

This is the very reason why it’s so important to ensure that every user – regardless of role – continually takes part in your Security Awareness Training program. By doing so, they will remain updated on the latest scams, campaigns, social engineering tactics, etc., and be able to quickly identify malicious email content and avoid being the person responsible for a successful cyberattack.

Information used in this article was provided by our partners at KnowBe4 and the report “Spear Phishing: Top Threats and Trends” from Barracuda.

View the Recording

In today’s hybrid work environment, it’s imperative to have a reliable, cost-effective, and secure communication platform that promotes collaboration and reduces unnecessary downtime.

But with issues like lag, poor scalability, and hidden fees, your existing, on-premise phone system could be holding your business back.

A sustained future starts with implementing a communication system that facilitates a modern work environment for your employees and strengthens connections between you and your customers.

In this webinar, we will discuss how cloud-based, unified communication (UC) systems, like Elevate, allow you to:

• Increase workplace productivity by as much as 50% by boosting employee collaboration across multiple channels
• Share information quickly and easily, how and when you want
• Improve connections with customers in the “remote work” world
• Secure business flexibility and continuity in times of disaster or difficulty

Join Yeo & Yeo Technology’s Matt Ruhlig and Elevate’s Amy Byrd on September 16 as they discuss how a UC platform can make your business better.

This webinar has concluded.

According to a report by Vade, phishing attacks increased in Q2 2021, including 4.2 billion phishing emails in June alone.

“Overall phishing increased dramatically in Q2 2021, with a significant spike (281 percent) in May and another 284 percent increase in June, for a total of 4.2 billion phishing emails detected by Vade for the month,” the researchers write. “The increase in May can be attributed to spambot activity, as well as an increase in Amazon and SMBC phishing.”

Vade adds that the sophistication and quality of attacks are also increasing.

“H1 saw a surge of advanced phishing attacks featuring sophisticated automation techniques and abuse of high-reputation domains,” the researchers write. “Due to the high level of targeting and automation we have seen in the first half of 2021, we should place less emphasis on the total number of unique URLs detected and more on the nature and quality of the threats received.”

Vade discovered a phishing campaign that used automation to create phishing pages that were tailored to their victims.

“In late June, Vade detected a sophisticated Microsoft phishing attack featuring an automated rendering of public logos and background images on Microsoft 365 login pages,” the researchers write. “When a victim clicks on an email phishing link, they are taken to a waiting page, the purpose of which is to determine if the user is the intended target. If the user is not the intended target, the phishing page is not shown. If the victim is the intended target, the hacker then makes an HTTP post request for the logo and background image of the victim’s corporate entity. The victim is then redirected to a custom Microsoft 365 login page with their company’s corporate logo and background image.”

Additionally, 2021 is already primed to go down as one of the worst years on record for ransomware attacks. According to a report by SonicWall,  attempted ransomware attacks skyrocketed in the first half of 2021, with 304.7 million attempted attacks seen by the company. SonicWall researchers saw a record number of attempted attacks in both April and May but both months were beaten by June, which had a record 78.4 million attempted ransomware attacks.

Ransomware attacks in 2021 have already surpassed the 304.6 million recorded in 2020. 

Yeo & Yeo Technology can help train your employees to identify social engineering and cyberattacks with our security awareness training and testing.

Looking to educate your human firewall? Contact Yeo & Yeo Technology.

Information used in this article was provided by our partners at KnowBe4 and the article “Ransomware attempt volume sets record, reaches more than 300 million for first half of 2021: SonicWall” from ZDNET.

Effective communication is a key driver for business productivity across all industries. Today’s business environment makes unified communications nearly an operational necessity.

What is Unified Communications as a Service (UCaaS)?

With the advent of cloud computing, many businesses have turned to hosted services for managing IT resources that include network topology, servers, data storage, and even complete data centers.

This evolution in technology now extends to communication infrastructure, allowing providers to offer sophisticated functionality without the acquisition, maintenance, and management expense that goes along with building such systems in-house.

Benefits of Unified Communications

Today’s mobile workforce presents many challenges for businesses, from remote training and onboarding to geographically dispersed teams. Technology is the enabler that meets each of these challenges head-on. It provides the capabilities needed to manage these business requirements with sophisticated tools, such as live chat, video conferencing, and remote access to critical business applications.

Why Should Your SMB Adopt UCAAS?

Integrated unified communications offer many advantages for both large enterprises and small business owners:

• Reduce the demand on existing IT staff. UCaaS providers manage equipment configuration, installation, and upgrades.
• Cloud-based architecture ensures access from any location, leveraging the power of the internet.
• Scalability – pay only for what you need, with ease of expansion as your business grows or needs change.
• Financial advantage – UCaaS can often be funded as an operating expense, without the up-front cost of purchasing equipment or periodic upgrade costs.
• Security – cybersecurity is a critical concern for most businesses. UCaaS providers provide a secure environment with continuous updates for subscriber protection. Many are also compliant with regulations such as SOX, PCI, and HIPAA.
• Reliability – redundancy is built into UCaaS offerings, providing consistent access to business systems, phone connectivity, video conferencing, and internet services.
• Reduced time to implement – providers handle planning, installation, and support, accelerating deployment time.

Small businesses (SMBs) may feel such use of technology is limited only to larger enterprises with huge IT budgets. However, UCaaS is a technology that offers a strategic advantage to businesses of every size.

Yeo & Yeo Technology’s unified communication solution, YeoVoice powered by Elevate, is a cloud-based collaboration platform that enables users to be more mobile, more productive and share ideas and content through a single platform. Contact Yeo & Yeo Technology to learn more.

Information used in this article was provided by our partners at Intermedia.

I know I just saved a document, but I can’t find where it went

This is more common than you think. You click ‘save,’ and when you try and reopen your file, it’s not in the folder you thought you’d saved it to. Don’t worry, open up a folder, click on ‘recents,’ and your document should be there. Look at the file information, and it will show you where you’ve saved it.

I clicked a link in a phishing email. What do I do?

First, do not enter any data. Disconnect your device from the internet. If you’ve got malware, this will stop it from spreading. Run a full malware scan. And then consult an IT expert. They’ll advise how safe your backups are and whether you need to change any passwords.

My apps keep crashing. What’s wrong?

Have you tried turning your device off and on again? If it’s still happening, try deleting the app and reinstalling it. If it’s still happening, you may be low on storage space.

In Q2 2021, KnowBe4 examined thousands of email subject lines from simulated phishing tests and in-the-wild emails. See the full infographic with top messages in each category for the last quarter or read a summary of the results below.

The Top 10 Most Clicked Simulated Email Subject Lines Include:

1. Password Check Required Immediately
2. Vacation Policy Update
3. Important: Dress Code Changes
4. ACH Payment Receipt
5. Test of the [[company_name]] Emergency Notification System
6. Scheduled Server Maintenance — No Internet Access
7. COVID-19 Remote Work Policy Update
8. Scanned image from MX2310U@[[domain]]
9. Security Alert
10. Failed Delivery

The Top 10 Most Common In-The-Wild Email Subject Lines Include:

1. Zoom: Important issue
2. IT: Information Security Policy Review
3. Mastercard: Confirmation: Your One-Time Password
4. Facebook: Your account has been temporarily locked
5. Google: Take action to secure your compromised passwords
6. Microsoft: Help us protect you – Turn on 2-step verification to protect your account
7. Docusign: Lucile Green requests you to sign Mandatory Security Training documents
8. Internship Program
9. IT: Remote working missing updates
10. HR: Electric Implementation of new HRIS

Key Takeaways

HR Phishing Clicks are Spiking

There has been a significant rise in phishing email attacks related to HR topics, especially those regarding new policies that would affect all employees. Standard phishing emails include:

• Reminders to update and check passwords.
• COVID-19 policy and procedure updates.

LinkedIn Still Draws the Most Social Media Subject Clicks

LinkedIn phishing messages have dominated the social media category for the last three years. Users may perceive these emails as legitimate since LinkedIn is a professional network, which could pose significant problems because many LinkedIn users have their accounts tied to their corporate email addresses. Top-clicked subjects in this category also include Facebook and Twitter notifications, message alerts, and login alerts.

Think Before You Click

These days, it is essential for all end users to take a moment to double-check a link or attachment and to question whether the email is expected or unexpected. Employees are an organization’s last line of defense. They can be the difference between a successful attack and an unsuccessful one with proper security awareness training and testing.

Looking to educate your human firewall? Contact Yeo & Yeo Technology.

Information used in this article was provided by our partners at KnowBe4.