Enhancing Cybersecurity with CrowdStrike Identity Protection

Enhancing Cybersecurity with CrowdStrike Identity Protection

/in ,

By Eric Egolf, CEO

In the realm of cybersecurity, staying ahead of threats is crucial. Organizations require comprehensive solutions that not only detect but also preemptively prevent potential breaches. CrowdStrike, recognized for its top-tier Endpoint Detection and Response (EDR), goes above and beyond by offering additional value-added modules. Among these is the CrowdStrike Identity Protection Module which stands out as a game-changer in the evolving landscape of digital risks.

Unveiling the Power of CrowdStrike Identity Protection

The allure of CrowdStrike isn’t merely its best-in-class EDR; it’s the supplementary capabilities like the Identity Protection Module that truly elevate its effect. This module is a force multiplier, offering functionalities akin to a Security Information and Event Management (SIEM) system at a fraction of the cost, especially when integrated with sources like Active Directory (AD).

Exposing Hidden Threats through Identity

This module broadens an organization’s detection capabilities, unveiling identity-related risks and abuse that traditional EDR systems overlook. For instance, it can identify anomalies like simultaneous logins from multiple locations using the same user account, a telltale indication of a high-security risk. With over 80 other detection capabilities, it ensures comprehensive coverage of identity-related threats.

Seamless Integration and Enhanced Visibility

CrowdStrike’s Identity Protection Module seamlessly integrates with common identity sources such as Azure AD and Active Directory, boosting detection capabilities and enhanced visibility into user account activities. This integration enables rapid identification of potential risks post-detection.

Leveraging Machine Learning for Proactive Defense

Another standout feature is the profiling function—facilitated by cutting-edge machine learning technology. Over a 60-day period, the module constructs user behavior profiles and promptly alerts administrators when any deviations are detected. This proactive approach enables swift response to potential breaches or unauthorized activities.

Combatting Dormant Threats and Unforeseen Usage

Additionally, the module can flag dormant or ‘stale’ accounts, like legacy service accounts, that suddenly attempt to log in. This is invaluable. Being alerted to these types of potential risks ensures your organization can take a proactive stance against unauthorized access attempts.

Empowering IT Departments with Cost-Effective Defense

CrowdStrike’s Identity Protection Module is more than a supplement to a powerful cybersecurity tool; it’s a necessity. It equips IT departments with an additional layer of detection and prevention capabilities, previously unattainable without traditional, more expensive SIEM solutions. Building on the CrowdStrike EDR platform, the Identity Protection module’s robust design, powerful features, and cost-effectiveness make it an indispensable choice for any organization seeking comprehensive cybersecurity solutions.

Strengthening Cyber Defenses with CrowdStrike Identity Protection

In the ongoing battle against cyber threats, CrowdStrike’s Identity Protection Module emerges as a force multiplier, empowering organizations to fortify their defenses, mitigate risks, and safeguard their digital landscapes efficiently and economically.

Are you a current client of CIO Solutions? Talk to your vCIO to continue the conversation!

Not a client yet, but wondering how to improve your business’s cybersecurity? Let’s talk!

Business-IT Alignment – The Secret to Propelling Your Business to New Heights

Business-IT Alignment – The Secret to Propelling Your Business to New Heights

/in ,

The Secret to Propelling Your Business to New Heights

By Sean Gill, Director of Client Strategy

IN THIS ARTICLE: 

For every business leader, the ultimate goal is not just to survive, but to thrive and achieve success. For any organization that depends on technology to operate, there is a crucial aspect that can significantly impact that journey- how well you align IT with your business objectives. 

“Business-IT Alignment” is a cool sounding buzzword, but what does it really mean?  

True alignment is not all that exciting or fancy. It’s not about adopting the newest, shiniest new tool or jumping on the latest buzz-worthy tech trends. Don’t get me wrong, we love exploring new tech and keeping an eye on what’s emerging as much as (well, more than) the next guy.  

But the real magic happens when your IT strategy is thoughtfully aligned with your business vision. In simplest terms, it’s about crafting a tailored IT roadmap that complements, supports, and enables your specific goals. 

Here are some best practices that help ensure your IT is on the same wavelength as your business objectives: 

  1. Share Your Vision 
    • Start by revisiting your business goals and vision. Share these with your IT team and service provider (that’s us!). Understanding your objectives lays the foundation for a powerful IT strategy. 
  2. Communicate Continuously 
    • Business-IT Alignment is a team effort. We recommend forming an IT steering committee that gets your key stakeholders, IT team/provider, and leaders involved. Decisions for your IT strategy can’t happen in a vacuum, they need to involve the valuable insights of these different company stakeholders to shape an effective IT roadmap. 
  3. Identify Pain Points 
    • Pinpoint IT challenges that are preventing your progress. Recurring problems can’t be solved unless they’re identified, and until they’re solved, they’ll keep holding you back and wasting time and money. Whether it’s outdated software or process bottlenecks, recognizing these pain points helps your IT partner tailor effective solutions. 
  4. Prioritize Security 
    • A strong cybersecurity framework is the backbone of any well-aligned IT strategy. Will an upgrade improve your security posture and protect your data? That should be a priority. Whether it’s upgrading outdated machines, implementing MFA on critical applications, or a focused push around anti-phishing employee education, security should always be part of the conversation and is often a good place to start.  
  5. Embrace Flexibility and Agility 
    • As we’ve seen in recent years, the business landscape can change rapidly. Your IT should be agile enough to keep up with the changing world AND the changes in your business. Ensure that your IT infrastructure is scalable and adaptable to accommodate expansion and new opportunities without disrupting your operations. 

These practices help ensure that you and your IT provider are on the same page when designing your IT future.

Sharing your business objectives with your IT team empowers them to give you expert advice and experiential insights about what will work best to get you where you want to go while solving for current pain points and accounting for other business considerations that might influence the timeline.  

It all starts with a conversation that includes key internal stakeholders and goes beyond the nitty gritty of IT. If done right, these conversations will lead to a deliberate technology roadmap that focuses on getting you to your goals.  

Sean-Author

ABOUT THE AUTHOR

Sean has been shaping the IT strategies of businesses across a wide range of industries and sizes for over 10 years. As a vCIO at CIO Solutions, he works with business leaders every day to create a clear IT vision, mature technology solutions, and ultimately, enhance business productivity and security through technology.

He and the rest of the Strategic Client Services team at CIO Solutions are constantly evaluating important trends in the industry and advising clients on best practices and long-term IT strategies for success.

Are you a current client of CIO Solutions? Contact your vCIO to continue the conversation! 

Not a client yet? Contact us to see how we can help get your business where you want to be! 

Safeguarding Your Business Beyond Device Security: The Rising Importance of Identity Protection

Safeguarding Your Business Beyond Device Security: The Rising Importance of Identity Protection

/in , ,

By Eric Egolf, CEO

IN THIS ARTICLE:

In today’s digital landscape, IT security is a hot topic of discussion, and for good reason. Security is a constantly changing and complex field and while it may seem repetitive, as we rely on technology and digital interactions more for core business operations, companies have more to lose when their security posture is lacking. Staying ahead of the curve and paying attention to the emerging trends of IT security is now vital to keeping your business safe. 

In terms of priorities, securing individual endpoints (computers, laptops, servers, etc.) should be the initial step. If your organization hasn’t addressed this yet, that should be first and foremost. If you have this covered (maybe you have already implemented a solution such as CrowdStrike EDR), we can start to look ahead toward the next important concept on the rise: securing corporate user identities.  

User Identity- Who’s Who & What They Can Access 

A “user identity” is the digital version of who you are online. It includes things like your credentials (username and password), and other personal information that you use to access and control what you do on different websites and systems.

For our purposes, we will focus specifically on the corporate user identity (the usernames and passwords used to access your corporate data and applications) and how to secure it. Note that this does not include consumer user identity i.e., the credentials that employees use for personal online activity. 

When a user’s credentials are stolen, devastating credential abuse happens every day on devices without any security software. If your endpoints have powerful prevention, detection, and response capabilities, then the impact of this breach won’t be as disastrous as it would be on endpoints that aren’t secured.  

But considering how much power is associated with corporate user identities, it only makes sense that now, in addition to securing the endpoints, the next important security technology on the rise is identity protection- securing and detecting anomalies in the user identities accessing your business’s data.   

In the coming years, we see Identity Protection tools becoming equally as important as Endpoint Protection ones.  

On The Rise: Identity Protection Solutions 

Identity protection needs to be considered separately from securing a workstation. Endpoint security is done via software that is installed on the individual device or workstation (such as antivirus (AV) and Endpoint Detection Response (EDR) solutions).  

User Identity, on the other hand, is secured by monitoring databases of the corporate identities that access your business data. Identity Protection solutions catch risks in configuration and detect anomalies in credential usage.  

Some examples include: 

  • Someone logging in with a stale user account (user account that hasn’t been used in 90 days). 
  • Using a user account from a machine that doesn’t normally use it – different than baseline behavior.
  • Using an account from two geographically distributed locations, North and South California in the same hour.  

Identity Protection tools are an emerging technology that show incredible potential for increasing a business’s ability to detect and prevent user identity (specifically credential) abuse that they would have otherwise been blind to. 

At CIO Solutions, we offer CrowdStrike’s best-of-breed solutions including EDR and CrowdStrike’s latest module: Identity Protection. These solutions combine the power of modern Artificial Intelligence, a flexible cloud-native design, and now the power of Identity Protection logs to increase your organization’s security capabilities. 

Are you a current client of CIO Solutions? Talk to your vCIO to continue the conversation!

Not a client yet, but wondering how to improve your IT security? Let’s talk!

Business Email: M365's Exchange Online vs. Exchange

Business Email: M365’s Exchange Online vs. Exchange

/in , ,

Microsoft is a dominant player in the business email market. For most businesses, the question isn’t whether to use Microsoft email solutions, but rather “which one?” While Microsoft’s Exchange server solution has been the go-to option for years, the rise of cloud-based solutions has given businesses a more flexible and cost-effective alternative: Exchange Online through Microsoft 365. 

IN THIS ARTICLE: 

The Difference between cloud (M365’s Exchange Online) and premise (Exchange) 

Exchange Online and Exchange are two business email solutions offered by Microsoft. Exchange Online is a cloud-based Software as a Service (SaaS) solution within the Microsoft 365 suite. In this subscription-based model, Microsoft owns, manages, and secures the infrastructure. 

In contrast, the premise-based solution, Exchange, requires someone to own and manage the server infrastructure that the licensing is installed on. Large enterprises may manage this in-house on their own servers. Smaller businesses often contract with a third party for email hosting services (such as CIO Solutions’ Hosted Exchange). In this case, the third party manages the solution on their own servers.  

Both solutions offer similar features but differ in one major area: who manages and secures the email infrastructure. 

Although the idea of having control over managing their own infrastructure may seem less risky and appeal to many businesses, shifting that responsibility back to the vendor can actually provide significant advantages. 

Benefits of Exchange Online 

With great control comes great responsibility. Managing Exchange servers requires both time and resources. It’s also limited to the capabilities of your business or IT provider and evolves at a slower pace. This can mean fluctuating costs, occasional downtime, and yes, even additional risks for your business.  

Alternatively, M365’s Exchange Online infrastructure is managed and secured by Microsoft. Having the vendor in control of these responsibilities means your business benefits from: 

  1. Consistent Maintenance

    Exchange Online provides built-in enterprise-level security features, high reliability, and regular maintenance, upgrades, and feature updates. This reduces the complexity and burden of maintenance for your business

  2. High Availability

    Exchange Online in M365 offers high availability and disaster recovery features. Microsoft guarantees the system’s uptime, ensuring that organizations have access to their email at all times (via the Internet). On the other hand, organizations that depend on Exchange servers may experience potential downtime and data loss in the event of a disaster

  3. Enhanced Security Features

    With Exchange Online, businesses benefit from a consistent and robust security framework. Exchange Online offers the latest security features and advancements, with Microsoft implementing advanced security measures and managing the infrastructure in accordance with industry regulations

  4. Quick Application of Security Patches

    A major advantage of Exchange Online is that Microsoft swiftly applies security patches when vulnerabilities are detected. This guarantees that your business stays ahead of the latest security threats, with the vendor efficiently and rapidly implementing patches to maintain the highest level of protection.

  5. Predictable Costs

    Exchange Online provides a cost-effective and predictable pricing model as a subscription-based solution. With monthly or annual subscription options, it’s bundled with the rest of the 365 suite and doesn’t have additional costs for managing the infrastructure or maintaining the system. By using Exchange Online, you can avoid unexpected costs such as hardware upgrades, infrastructure costs, or special projects that come with running your own Exchange environment.

  6. Scalability & Integration Capabilities

    Exchange Online plays a central role in the M365 suite. It serves as the foundation for the function and interconnectivity of the entire suite of productivity tools. Migrating email into Exchange Online is the first step for businesses looking to leverage Teams, SharePoint, and other tools in the M365 ecosystem. As businesses continue to embrace collaboration, connectivity, and flexibility, Exchange Online can be a key first step to setting up scalable productivity options in the future.

Considering your Options 

Microsoft 365’s Exchange Online offers several benefits over Exchange servers in terms of flexibility, cost-effectiveness, high availability, scalability, and enterprise-level security and disaster recovery features. As more and more organizations opt for cloud solutions for their ease of use and flexibility, it may be worthwhile to explore whether Exchange Online could be a good fit for your business. 

Are you a current client of CIO Solutions? Talk to your vCIO to continue the conversation!

Not a client yet, but curious about maturing your productivity tools? Let’s talk!

Turning your Conference Rooms into Teams Rooms

Turning your Conference Rooms into Teams Rooms

/in

By Josh Farlow, Director of Cloud Services

At the height of WFH, we all got used to virtual meetings. Most everyone has used Microsoft Teams video conferencing to some degree. But now that people are returning to the office more and more, there’s a disconnect between virtual meetings and being in physical offices.

As more workers come back to the office and Microsoft Teams continues to be a useful tool, Teams Rooms are an effective tool for bridging the gap and elevating your meeting experiences.

IN THIS ARTICLE: 

What is a Teams Room 

Virtual meetings won’t be going away anytime soon. Even as more people return to the office, there’s still a significant remote workforce joining meetings virtually. Teams Rooms are Microsoft’s solution for hybrid workspaces. They create a seamless integration of virtual Teams meetings into the physical conference room setting.

By installing compatible hardware and setting up your meeting spaces in your Teams system, you can transform your conference rooms into Teams Rooms. This makes joining a meeting from the conference room as simple as walking in and pressing a button.

How Teams Rooms change your meeting experience 

If a business is using Teams already, Teams Rooms are a great way to simplify and enhance the overall meeting experience as they bring more people back into the physical office. Here are a few reasons why businesses opt to smarten up their conference rooms with this tool:

Ease of Meeting & Reduced Set-Up Time 

Say you’re at the office and there’s a Teams meeting scheduled. Some of the participants are physically present in the office, but everyone’s joining from their individual offices with their own computers and their varied cameras and microphones.

Typically, you may have to wait for someone’s laptop to update, troubleshoot someone else’s speaker issues, or remind another attendee that they’re, again, on mute. With Teams Room set up in your conference room, you can save time and frustration by gathering everyone in one place and joining seamlessly from there.  

Enhanced Audio & Video Quality 

With the rapid shift to WFH, everyone had to collectively lower the standards for what was acceptable video and audio quality. We had to work with what we had, but that’s not the case anymore.

Turning your conference rooms into Teams Rooms immediately raises the overall quality of the meeting. The meeting space hardware offers higher quality than a laptop could provide including:

  • Better cameras that can auto-adjust to center everyone who’s in the room, zoom in, and more
  • Bigger screens with higher resolution
  • Better audio from multiple, high-quality mics in the room

No one sounds too far away, everyone’s on the screen, and everything is set up to support professional, high-quality meetings.

Easy collaboration & content sharing

We’ve all gotten used to just clicking a “share screen” button during our meetings. But you might be wondering “how would I do that if I joined from the conference room?”

One of the coolest things about a Teams Room is the ability of the hardware to detect which devices are nearby. The hardware can detect your computer and you can share your screen instantly from the Teams app. No fumbling around with HDMI cords, just one seamless meeting with content sharing.  

Possible Future Applications of this Tool 

The setup of a Teams Room opens the door to all sorts of other hardware options and productivity tool additions. A few examples include:  

  • Non-Teams Content Sharing-installing a wireless presentation pod so vendors and other guests can easily cast presentations to your conference room TV
  • Content Capture- capturing and digitizing the contents of a whiteboard
  • Presence sensors – start meetings as soon as someone walks into the room! 

By modernizing your conference rooms with the powerful hardware for a Teams Room, you can enjoy an elevated meeting experience now with room to keep expanding your efficiency and productivity into the future. 

Exploring Your Options 

CIO Solutions is constantly testing and researching solutions to meet our clients’ needs. As our clients find themselves adjusting to returning to the office and having more hybrid meetings, they’re looking for solutions that solve their challenges and enhance their experience.  

Our team has sourced some of the highest quality and cost-effective products for Teams Rooms setups, focusing on specific features and priorities that will provide the best experience possible.

Are you a current client of CIO Solutions? Talk to your vCIO to continue the conversation!

Not a client yet, but curious about maturing your productivity tools? Let’s talk!

Neglecting MFA: The Scary Reality of Your Business Risk

Neglecting MFA: The Scary Reality of Your Business Risk

/in , ,

IT security is more important than ever. Cyber-attacks and data breaches are a daily occurrence, they just don’t all make headlines. Businesses that fail to take proactive security measures put not only themselves at risk, but their customers too.

One of today’s foundational security measures is multi-factor authentication (MFA). But here’s the scary part: many businesses still aren’t using MFA, which means they’re at risk of some serious consequences.

IN THIS ARTICLE:

MFA Explained 

MFA is a security feature that requires users to provide a combination of two or more authentication factors to gain access to a system or application. This is typically something the user knows (like a password) and something the user has (like a phone or security token). These are used to verify the user’s identity. Unlike solely relying on a password for access, requiring more than one authentication method adds an extra layer of security. If the user’s password is stolen, the second authentication factor helps to prevent unauthorized access to sensitive information and systems.  

Business Consequences of Not Implementing MFA 

MFA is a relatively simple solution that can significantly increase your preventative security posture. In today’s world, it’s only a matter of time before a user’s credentials are compromised. Without a second verification method, that’s all it takes for a bad actor to get into your systems. The fallout of that can be severe.

Here are some examples of what can happen if your business doesn’t use MFA on critical business applications: 

  1. Data Breaches

    Without MFA, hackers can easily gain access to business accounts or systems by stealing or guessing a user’s password. No one’s password policy is good enough to prevent this. Once inside, your sensitive data including customer information, intellectual property, and financial records are at risk. 

  2. Financial Losses

    Along the same lines, without MFA, stolen credentials can give bad actors all the access they need to transfer funds, make unauthorized purchases, or steal sensitive financial information. This can result in significant financial losses, legal fees, and regulatory fines. 

  3. Reputational Damage

    A breach can damage a business’s reputation quickly which is difficult to recover from. Customers may lose trust in your business and look elsewhere. Depending on the severity of the breach, it can cause prospects to think twice about choosing your company. Reputations take a long time to build, can be damaged in an instant, and may take years to recover. 

  4. Compliance Violations

    If your business has cyber-liability insurance (something all businesses should have these days), MFA is a requirement. Failing to adhere to this could risk your insurance coverage. Additionally, many industries, such as healthcare and finance, are subject to strict compliance regulations that require the use of MFA. Failing to comply with these regulations can result in legal penalties, fines, and even license revocation.

  5. Operational Disruption

    The day-to-day impact of a breach resulting from the failure to implement MFA can be damaging on its own. Bad actors who gain access to your business systems can disrupt your operations or even shut down your systems. This results in downtime, lost productivity, lost revenue, and negative customer experiences.

The scary truth is businesses that avoid implementing multi-factor authentication (MFA) put themselves at significant risk for avoidable incidents. Cybercriminals are always looking for easy targets, and the absence of MFA makes your business just that. 

It’s true that implementing MFA won’t solve all security problems; it’s just one part of a robust security posture. But failing to take this foundational prevention step can lead to catastrophic events. The consequences for your business can range from uncomfortable to completely disastrous. 

It’s crucial that businesses take proactive measures to protect themselves and their customers. Implementing MFA on your key business applications is a simple yet effective way to increase security and mitigate risks. As the old saying goes, “an ounce of prevention is worth a pound of cure.”

Are you a current client of CIO Solutions? Talk to your vCIO to continue the conversation!

Not a client yet, but wondering how to improve your IT security? Let’s talk!

SaaS Backups- Whose Job Is It Anyway?

SaaS Backups- Whose Job Is It Anyway?

/in ,

The importance of backups for Microsoft 365 

By Sean Gill, Director of Client Strategy

IN THIS ARTICLE: 

More and more, companies are relying on Software as a Service (SaaS) applications to run parts, or all, of their business. 

You’re very familiar with SaaS applications, whether you realize it or not. In the SaaS model, users access software applications over the internet. Some common SaaS services you may use regularly include Google workspace, Microsoft 365, MailChimp, and Zoom. Learn more about Software As A Service!

The Business Benefits of SaaS Solutions 

With the SaaS model, businesses can easily access effective software solutions without taking on all the management tasks. SaaS providers manage their infrastructure and security, regularly implement updates, and ensure consistent uptime of their services.  

All of this is wrapped up and accessible to users through subscription-based usage fees. Businesses that subscribe to these services gain useful and flexible Cloud-based solutions along with the peace of mind of knowing that the backend systems have experts focused on maintaining them.  

This offers incredible bang for your buck and ease of management. However, the other side of that is knowing where the business continuity responsibilities end for the vendor and where they start for your business.  

Understanding Microsoft’s Shared Responsibility Model 

One of the largest market shares for a SaaS solution belongs to Microsoft and its 365 platform. Businesses of all types benefit from the productivity tools and security features that Microsoft 365 offers.  

With all the ease and benefits of SaaS solutions, many business owners assume that their data in Microsoft 365 is backed up and easily recoverable. But is that really the case? 

The answer is yes and no. Enter the Microsoft “Shared Responsibility” model. 

SaaS providers like Microsoft do maintain backups to a degree. They store data around the world to ensure availability of service and protect against disaster. However, these recovery capabilities are limited. Microsoft doesn’t protect against things like human error (someone accidentally deleting files), malicious software, or hardware failure. 

The responsibility of protecting client data is shared with the client themselves. It’s their responsibility to back up their data above and beyond Microsoft’s native recovery capabilities. Many SaaS vendors have similar limitations like this, with the remainder of the responsibility belonging to the users.

This may come as a surprise to business owners who may assume that all recovery and backup functions are an included service with their SaaS solutions.  

Effectively Protecting Your Data 

So, what can you do to ensure that your data is protected? 

SaaS providers recommend using additional third-party solutions for backups to ensure business continuity for valuable data. If your business runs on SaaS solutions for critical functions, it’s important that these are properly backed up.

CIO Solutions offers solutions specifically designed for this through our technology partner, Datto. Datto SaaS Protection works natively with the 365 platform. This tool can capture multiple backups daily of Microsoft 365 applications including Exchange, OneDrive, SharePoint, and Teams. This allows for granular restores directly back into 365 that go well beyond Microsoft’s native backup and restore capabilities to ensure your data is protected.  

It is important to know what you’re getting with SaaS solutions and where there are gaps for your business. Knowing this, you can implement the right tools to ensure your data is secure while benefiting from the flexibility and productivity benefits of SaaS.  

Additional Resources:  

Sean-Author

ABOUT THE AUTHOR

Sean has been shaping the IT strategies of businesses across a wide range of industries and sizes for over 10 years. As a vCIO at CIO Solutions, he works with business leaders every day to create a clear IT vision, mature technology solutions, and ultimately, enhance business productivity and security through technology.

He and the rest of the Strategic Client Services team at CIO Solutions are constantly evaluating important trends in the industry and advising clients on best practices and long-term IT strategies for success.

Are you a current client of CIO Solutions? Contact your vCIO or Client Success Manager to continue the conversation! 

Not a client yet, but curious about maturing your IT? Let’s talk!

Why Blacklisting Spam May Not Work

Why Blacklisting Spam May Not Work

/in ,

From CIO Support

IN THIS ARTICLE: 

Imagine this scenario: you’re sitting at your desk and an email pings. It’s an invite to a business conference from a name that looks familiar. Glancing over it, the email itself is innocent enough and doesn’t appear phishy; the organization putting on the conference is a legitimate industry-related business.

You delete this message and forget about it. The next day you receive another message seemingly from the same sender.

You’ve decided not to attend and don’t want to receive more of these messages – you never signed up for them in the first place. So, you quickly add the email to the blacklist on your spam protection.

What does it mean to “blacklist spam”?

Your blacklist is a set of senders/IP addresses that are blocked entirely or sent automatically to your spam folder.

The list is made up of senders the spam filter has automatically designated as “spammy” based on key characteristics, or that the user has manually added.

The sender is on your blacklist now which should solve everything, right?

The following day you receive virtually the same email.

Now you’re frustrated. Has your blacklist failed you?

Looking closer at the emails, you see that in all cases, they were sent from slightly different email addresses. Sending emails from varied IP addresses and servers is a strategy that even legitimate email marketers are using to get through spam filters. To keep up, you’d have to blacklist every version of that sender’s email!

Blacklisting spam: a losing battle

Our support team at CIO Solutions sees this scenario often. Users have an annoying sender they don’t want to receive emails from anymore. So they call or email our team to get that address blacklisted. We can do this, no problem, but it won’t solve the problem long-term.

Because of this tactic of sending emails from different IP addresses to bypass spam filters, this is going to be a recurring issue. Spending time blacklisting every version as it comes in isn’t a productive use of time for anyone.

So, what are the options for stopping pesky emails from continuing to clog up your inbox?

Alternatives to Blacklisting

  • Clicking “unsubscribe”- NOT advised

Unsubscribing may seem like the obvious answer, but it’s too risky.

If it is a malicious phishing email, clicking on any links in an email could lead to a password compromise. Even if it’s a benign sender, “unsubscribes” could still go ignored or worse, confirm that you received and engaged with the message in the first place (not great practices, but it happens).

  • Increase the spam threshold- Recommended

Increasing the spam threshold is a common and free option on many spam filters. Adjusting this sets the aggressiveness of the spam filter. The more spam-like or unreputable characteristics the email has, the more proactively it will be blocked.

Unfortunately, the downside is that you run the risk of legitimate emails getting caught more often by the spam filter. However, depending on your spam filter, you can check your lists and adjust your settings to “whitelist” or approve certain senders as needed!

Making better use of your time

Increasing the spam threshold is a broader, more proactive solution than the time-consuming, frustrating, and reactive one-by-one blacklisting method. It’s true, it means you may need to do some work to allow desired emails through. But it’s much more productive to allow the things you want vs. spending time and energy trying to keep up with blocking the things you don’t!

NOTE: CIO Solutions offers additional paid tools to help flag emails based on a threshold of legitimacy. Please reach out to explore your options if this is of interest! 

Not a client yet? Let’s talk!

Understanding Office 365

Understanding Office 365

/in ,

By Josh Farlow, Director of Cloud Services

You’ve likely heard of Microsoft 365* in some form. However, what it is and what people think it is, are often two different things. Many people still think of it in limited terms. Without understanding the full value and extent of productivity benefits this tool can offer, it’s easy to miss out on what it can really mean for a business.   

*There are a lot of terms thrown around with this tool (M365, Microsoft 365, Office 365, etc.). Depending on the product licensing, the naming may be different. Office 365 is the most ubiquitous, so for the purpose of this article, that’s how we will refer to it.  

IN THIS ARTICLE: 

How people think of it: Email 

Often when people refer to Office 365, what they really mean is “email”. Many people think of O365 as just another way to host their business email. When this is the case, a business may consider it solely as an email option that offers additional security features and high availability (which Microsoft offers with multi-regional data centers and locations.)  

While email is the thing that interests businesses in the O365 ecosystem in the first place, this alone is not the primary value adder of O365. Using it as simply another option for hosting email will provide significant additions to security and availability (which shouldn’t be ignored), but it isn’t going to change much as far as experience or functionality. 

Migrating email to O365 is the first piece that enables a whole new range of productivity opportunities.  

What it really is: a suite of applications  

If we stop thinking of O365 as synonymous with “email”, we can start to see the tool for what it really is. A way for a business to consolidate, access, manage and connect many of the Microsoft tools that are important to their productivity.  

At its core, Microsoft 365 is “a subscription service that ensures you always have the most modern, up-to-date productivity tools from Microsoft”.   

In other words, it is a subscription service that offers subscribers access to a suite of cloud-based Microsoft applications. Instead of licensing all these applications separately, they’re bundled under different licensing tiers.  

Your business likely uses one or a few of these applications already for some of your key business functions: 

  • Meetings & Voice (Ex: Teams)  
  • Office apps (Ex: Word, Excel) 
  • Files & Content (Ex: Teams) 
  • Email & Calendar (Ex: OneDrive, Stream 
  • Work Management (Ex: Forms, Planner) 

Each subscription level includes different combinations of applications. Businesses can choose the subscription tier that offers the tools that best fit their unique needs. Ultimately, bringing all these tools together in one place under one license.  

Business benefits beyond just email hosting 

When thinking of O365 in this broader sense, we can start to understand the benefits of the platform as a whole. Having all these applications under one umbrella not only simplifies everything but brings with it a ton of other business benefits as well.  

1) Ease of management (licensing)  

From a licensing standpoint, everything becomes easier. Businesses don’t have to license applications separately. They just need to manage one license in order to get access to all these productivity apps.  

Bundling and consolidating your tools like this makes procuring licensing, managing them, and budgeting for them so much easier. 

2) Ease of management (security)  

When you centralize applications, you bring an inherent level of security with that. You get a clearer understanding of what you have that needs to be secured.   

Now, instead of thinking about multiple different points, everything is in one place so you’re only concerned with a single identity for everything. When you have that one identity, now you can protect it much more simply with multi-factor authentication. 

3) Cost for value 

Office 365 is very cost-effective versus traditional Office licensing and email hosting. Even if it works out to be comparable in cost, you get a ton more value built in for the price.  

With a subscription-based licensing model, you get access to more features, control, and ease just due to the nature of the platform. 

4) Consistent updates 

Because it is a cloud-based platform, your applications are always up to date (which lends to added security as well). You don’t have to worry about managing updates, encountering issues if someone is running old versions, or patching any security updates. It’s all built-in.  

5) Upgrades included 

In addition to regular maintenance, you’re also at the forefront of any advancements. With the ongoing subscription model, you automatically get access to any upgrades that are released. You no longer need to purchase or implement any major software upgrades.  

Productivity Tools for the Future  

With this approach to licensing for productivity tools, your business is always able to tap into the evergreen innovation that Microsoft offers. You’re automatically at the cutting edge of new tools and enhanced ways of working instead of having to pick and choose, budget additional upgrade fees, and create an implementation plan.  

Some businesses may be skeptical of a subscription-based licensing model for their Microsoft apps. It’s a different approach to what many are used to, so there may be a fear of relinquishing control, or concern about data and backups (to learn more about this, read more in our “what to plan for when moving to M365”). But there are many options for tailoring the subscription levels and tiers to meet your needs. At this point, the benefits far outweigh most reasons for not transitioning to this model. 

Now you know a bit more about O365, what it is, and potentially what it can mean for your business. It’s important to understand that it’s not an either-or situation; it’s not just email, and it’s not just office applications. 

It’s a flexible suite of business applications that can truly help your organization consolidate your Microsoft licensing, open doors to more efficient tool management, and unlock more opportunities for collaboration, productivity, and effective work. 

Are you a current client of CIO Solutions? Contact your vCIO or Client Success Manager to continue the conversation! 

Not a client yet, but curious about maturing your IT plan? Let’s talk!

Upgrade Your Tech BEFORE the End (of Life)

Upgrade Your Tech BEFORE the End (of Life)

/in ,

Upgrade tech BEFORE the End (of Life) 

By Sean Gill, vCIO 

“All good things must come to an end”, wrote Chaucer in his poem, Troilus and Criseyde. Alas, who knew that this would be particularly true in the realm of technology today? Many of us have fond memories of long-lost operating systems (Windows XP – we see you) or our favorite firewalls. But time and progress march ever onward and for the good of our organizations’ security and relevancy, we must keep up.

It’s generally understood that keeping systems up to date is important. But the ongoing work of keeping systems patched with the latest patches is only part of the equation. The other thing to keep in mind is the system’s overall usable timeframe or “End of Life” date.

IN THIS ARTICLE: 

“End of Life” and General lifespans

The “End of Life” (EoL) date is determined by the vendor. It marks the date when they will no longer support that technology (operating system, software version, etc.), and/or release any additional feature or security updates for that system.

The length of time before a system goes EoL differs depending on the type of system. In general, plan for the following life spans:

  • 2-4 years for software/line of business applications (depending on the vendor)
  • 3-5 years for workstations or laptops
  • 5 years for server hardware
  • 5 years for network hardware (firewalls, switches, etc.)
  • 10 years for Windows Operating Systems (from original launch date)

There are two approaches to dealing with system End of Life dates:  

  1. Create a strategic plan to proactively upgrade the systems over time
  2. Wait it out and, like an old car, drive the old system until it’s dead

You can probably guess which approach we advise.

While it may seem more cost-effective to keep a system until it dies, there are a lot of risks in this approach that far outweigh the upfront costs of replacing these systems sooner rather than later. Here are a few reasons why it is always a good practice to upgrade systems before they go completely “end of life”.

Reduce Security Vulnerabilities

In today’s day and age, security is at the top of most organizations’ list of concerns. Security is one of the biggest reasons to upgrade or replace older systems before their EoL dates. When a system reaches its End of Life, the vendor stops putting out security patches and stops all support for the system. Once this happens, that system becomes more insecure day by day. Threat actors know this and keep a close eye on these dates, waiting for the opportunity to exploit them.

Two current examples of this are the Windows 7 and Windows Server 2008 R2 operating systems. These were great OS’s but went End of Life in January of 2020. They are now a potential liability to organizations still using them, as hackers work to find unpatched vulnerabilities in these systems and put out exploits to take advantage of them. Replacing these systems sooner rather than later can dramatically improve an organization’s security posture.

Avoid Unexpected Hardware Failures

Like security, productivity is another business priority that suffers when End of Life dates are overlooked. If a company is running critical systems on older hardware or servers, eventually these hardware systems will fail, grinding productivity to a halt when it does. And if “Ol’ Murphy” has anything to say about it, this will happen at the most inopportune time like during month-end or some other critical crunch-time.

Planning ahead for hardware replacements can help businesses avoid unexpected failures and prevent lost productivity. In addition, proactive planning can help identify systems that might need special attention.

For example, perhaps there is an older financial software system that is business-critical but can only run on an operating system that’s reaching its End of Life date. Determining this early can help the business plan accordingly. Maybe they determine that the system can be upgraded. If not, and the system must be kept, they can plan for security contingencies like firewalling or air-gapping the system away from the rest of the production systems.

Access More Features and Work More Productively 

Upgrading systems that are going End of Life isn’t just about avoiding disaster. Embracing current systems sooner rather than later can unlock access to new feature sets, better performance, and more capabilities that were limited in the older system. In addition to being more secure and more reliable, this can also improve productivity and user experience.

Plan Ahead & Upgrade Sooner Rather Than Later 

We all wish that everything could be backward compatible. It would be so much easier if things just lasted and kept on lasting. But that is unfortunately not the reality. Software companies build their software on the backs of new coding techniques and technologies which allows them to give us the feature sets we ask for. As those technologies advance, we need to keep up to be able to run the new system. As mentioned earlier – time and progress marches on, and so must we. Hopefully, these insights help explain why it is important to upgrade systems before their official End of Life.

Do you have any outdated systems that come to mind in your business? It may be time to put an upgrade plan in place!

Sean-Author

ABOUT THE AUTHOR

Sean has been shaping the IT strategies of businesses across a wide range of industries and sizes for over 10 years. As a vCIO at CIO Solutions, he works with business leaders every day to create a clear IT vision, mature technology solutions, and ultimately, enhance business productivity and security through technology.

He and the rest of the Strategic Client Services team at CIO Solutions are constantly evaluating important trends in the industry and advising clients on best practices and long-term IT strategies for success.

Are you a current client of CIO Solutions? Contact your vCIO or Client Success Manager to do a review of your systems! 

Not a client yet, but curious about maturing your IT plan? Let’s talk!