Categories
Security

How To Secure Your SMB Network – Part 6 of 9 – Endpoint Security

Welcome to How To Secure Your SMB Network! This is part 6 of a 9 part series that discusses our approach to Network Security and how we secure client networks. As you will see there are many facets that go into creating a secure network. Think of it as puzzle with each piece playing an important role. The days of installing Norton Anti-Virus on your computer and thinking you are safe are over.

What is Endpoint Security

Think of Endpoint Security Software as the last line of defense in our layered approach to securing your SMB network. Endpoint Security Software is installed and runs on each of your workstations and servers. A decade ago, Endpoint Security Software was essentially Anti-Virus software (Think Norton or Symantec Antivirus). A decade ago, this type of software only had to look out for viruses involving rogue code. Fast forward to today and Anti-Virus software is just a small part of Endpoint Security Software.

Today, one can expect that their Endpoint Security solution includes Anti-Virus, Anti-Malware, and Anti-Ransomware. Many leading solutions include things such as Sandboxing (A way to safely execute suspicious applications/code), dynamic firewall and port protection (To prevent Trojans and/or Ransomware from downloading payloads), Email protection (Anti-Spam, Anti-Virus. Anti-Phising), Browser Protection and URL Blocking, USB Protection, the list goes on and on.

How does Endpoint Security Software Work

There are two main approaches that Endpoint Security Software takes. One is Signature or Definition based, the other is Behavior Based.

Signature Based Endpoint Security

Signature based software is very effective against known viruses, ransomware, and malware. This is the approach your classic Anti-Virus Software takes. It works by inspecting files for patterns that match known threats. Malicious code is almost always using a random file name, so inspecting the contents of the files is a must. However, what happens when a brand new threat is rapidly spreading across the internet? This is where a Behavior Based approach shines. Think of a Signature based approach as stereotyping. It’s comparing an application against known bad applications. If they look similar then the security software will flag it. Often, legitimate programs such as network IP Scanners, Wireshark, and others will lead to an alert because they “look” like malicious programs.

Behavior Based Endpoint Security

Behavior Based Software looks at what the potentially malicious application is attempting to do. This is especially effective against encrypting Ransomware variants (Cryptowall, Cryptolocker, CTB-Locker, Locky, etc) that can normally bypass traditional Signature based security. Behavior Based Security Software is constantly looking for applications that may attempt to encrypt your files, it’s looking for network traffic to Tor networks that are used to download malicious payloads anonymously. The big advantage of Behavior Based over Signature Based, is that Behavior Based approaches can protect against malicious code that it has never seen before. While there are thousands upon thousands of Malware and Virus variants, they all utilize a relatively small number of behaviors to do their damage. Look for those behaviors and you can prevent it.

What to look for in Endpoint Security Software

Choosing an Endpoint Security Software package can be daunting. There are so many options and so many different “reports” and “studies” that claim to be the best. Most of the leading solutions are very similar in their capabilities and pricing. Most solutions are also combining both Signature Based and Behavior Based security into one package.

Overhead

An important metric to look for is the resource overhead of your Endpoint Security Software. If a solution blocks every threat it ever encounters, but slows your computer to a crawl because of the CPU and Memory resources it requires, it’s worthless. The goal is to combine low overhead with fantastic threat protection.

Cloud based Endpoint Protection

Cloud based Endpoint Protection is a growing trend. These products merge detected threat data from across their user base to increases the level of protection. When one agent encounters a new threat, it can immediately make that information available to other agents around the world, increasing the effectiveness of the product.

How To Secure Your SMB Network – E-Book

How to Secure Your SMB NetworkThis is the sixth part of a nine part series that details How To Secure Your SMB Network. Every Wednesday we will post a new section that gives details and examples on how Banks Technology Services secures out client’s networks. We have compiled all of this information into into an EBook which you can download for free. The E-Book contains additional information, real world examples, and is updated as new technology emerges. To receive your FREE copy, head on over to the [intlink id=”7985″ type=”page”]How To Secure Your SMB Network[/intlink] page.

 

 

 

 

[content_band style=”color: #333;” bg_color=”#f3f3f3″ border=”all” inner_container=”true”] [custom_headline style=”margin-top: 0; align:center;” level=”h3″ looks_like=”h3″ ]How To Secure Your SMB Network Blog Series[/custom_headline]
Part 1 – Network Security Principles
Part 2 – UTM Gateyway
Part 3 – Content Filtering
Part 4 – Software Restriction Policies
Part 5 – Spam Filtering
Part 6 – Endpoint Security
Part 7 – Patching
Part 8 – Administrative Rights
Part 9 – Conclusion[/content_band]

Categories
Windows OS

Is Microsoft Forcing Users To Upgrade To Windows 10?

Are you receiving an error message stating, “Your PC uses a processor that is designed for the latest version of Windows…”? Recently Microsoft has taken steps to block Windows Updates from installing on computers with certain Processors that are running Windows 7 or Windows 8.X. The processors affected are 7th generation Intel i3, i5, and i7 along with Ryzan processors from AMD and the 8996 processor from Qualcomm. These are not older processors that are being phased out; that might be understandable. These are current generation mainstream processors. If you buy a new PC with an Intel processor, it will most likely have a 7th Generation iX processor in it.

Microsoft has added a document to their website which covers the error message users are receiving:

[promo]“Your PC uses a processor that is designed for the latest version of Windows. Because the processor is not supported together with the Windows version that you are currently using, your system will miss important security updates.”[/promo]

The document lists the affected processors and finally gives a resolution….upgrade to Windows 10.

Why?

Why is Microsoft blocking these updates and almost forcing users to upgrade to Windows 10? There are several reasons which we’ll outline below.

People love(d) Windows 7, even more than they love(d) Windows XP. It’s a stable operating system and users, that are already familiar with it, see little reason to change. Windows 7, as of this writing, still enjoys a sizable market share advantage over Windows 10, despite Microsoft’s aggressive upgrade campaigns.

Windows 10 was released on July 29, 2015. As of this writing, almost two years later, you can still order brand new PC’s with Windows 7 Professional licenses. Remind you, Windows 7 is now 3 Generations behind (Windows 10, Windows 8/8.X, Windows 7). The fact that Dell is still offering Windows 7 PC’s shows the popularity of the operating system. I would imagine that Microsoft’s move will stop major PC manufacturers from selling Windows 7 with PC’s that have affected processors installed. I can’t see a scenario where Dell would sell me a brand new PC that is unable to receive Windows updates.

Microsoft has planned for Windows 10 to be the “last” version of Windows. No, Windows isn’t going away, but Microsoft is shifting to a perpetual upgrade model instead of releasing new versions every few years. Microsoft claims this makes for a more stable and secure environment. The idea is that if Microsoft only has to support one environment, then the user experience will vastly improve. Right now, Microsoft is supporting Windows 7, 8, 8.1, and 10. Fast forward 10 years, Microsoft will be supporting Windows and Windows only. There won’t be other versions that people are hanging on to.

With this new plan, updates are applied across Microsoft’s entire installation base. Everyone gets the same updates, everyone is on the same version. I can certainly see how this would be easier to support than the current model. Currently, computers may have infinite combinations of Operating System versions, critical updates, important updates, and recommended updates. To take this one degree further, software developers, who currently have to account for that infinite number of OS and Update combinations, will likely welcome this development. It creates a much more consistent environment for their software to run. Instead of working with several Windows OS versions and a constant onslaught of updates, they can simply develop software for “Windows”.

Reaction

How will people react to this? There’s already plenty of uproar about Microsoft forcing updates on their users and the “Your PC uses a processor that is designed for the latest version of Windows” error message. My point of view is that it will go like most change today, there will be vocal opposition at the start, it will gradually fade away, and this model will become common and accepted. We shall see.

Conclusion

It will be interesting to see over the coming weeks and months if Microsoft sticks to its guns or if they back off their current stance. I’m certain we’ll see lots more reaction in the days ahead. If Microsoft can deliver on the promised stability and usability enhancements, it will likely be a good long term move. Although, intentionally withholding security patches and updates on brand new computers will be an uphill battle for the Microsoft PR department. Do you have a computer that is receiving the “Your PC uses a processor that is designed for the latest version of Windows” error message? Please let us know in the comments section below.

Categories
Applications

How To Setup Out Of Office Message In Office 365

How To Setup Out Of Office Message In Office 365

Good afternoon, folks. On today’s Banks Tech Tip, we’re gonna take a look at how to set up your out of office message in office 365. [00:00:15]

All right, we’re going to go ahead and set up the auto response message in Office 365. So, here we’re logged into the dashboard, and we’re going to [00:00:30] click on Mail. This will open up the Outlook web app. Okay, now that Outlook’s open, we’re gonna go to the upper right hand corner, click on Settings, and then we’re gonna click on [00:00:45] Automatic Replies. Okay. On the Automatic Replies screen, you can see here it’s currently set to not send any automatic replies. That is how it is set by default.

The first option you see here is to send the automatic replies. [00:01:00] In this section here, we can schedule when these replies will be sent. So, you can do this ahead of time, you can have this start on a Monday or on a Friday or something, if you’re gonna be out of town. A couple of calendar options here. [00:01:15] This check box here will block off your calendar for the entire time that your auto response message is enabled. This option here automatically declines new invitations for events. If you receive any incoming calendar [00:01:30] invites while your auto response message is on, that will automatically decline those invites.

And finally, the Decline and Cancel Meetings During this Period, if you already have meetings scheduled during this time, this option is gonna go ahead [00:01:45] and send a notice out that you’ve declined or canceled that meeting, just to let everyone know that you will not be attending.

Here we get down to where you actually can specify the message that will be sent. There’s two boxes here, you can see. [00:02:00] The first box specifies the message for users that are inside your organization. So, this message here would go to your coworkers and people that are that are on your same e-mail domain. So you can type a [00:02:15] friendly message there, “I’m out of the office all week. Hope you have fun at work.”

All right, so your coworkers will receive that message. [00:02:31] And then down here, this is where you enable the messages for outside of the organization. You can also set this to only send the replies to people that are in your contact list or to send the replies to everyone. [00:02:45] So, we can we can put a message here. [00:03:00] All right, so we’ve got our outside-of-organization message set up. We have our inside-the-organization [00:03:15] message set up. And we’re going to go ahead and decline any new invitations that come in. And we’re gonna set this until April 1st. We hit the OK button. [00:03:30]

That’s how you set up your out of office message in office 365. I hope you found the video helpful. If you did, please give the video a Like. As always, if you have something to add to the video [00:03:45] or if I left something out, please let us know in the comments section below. And finally, if you’d like to see more of this content go and subscribe to our channel. We would greatly appreciate that. That’s all for today, folks. Until next time, I’m Philip Banks with Banks Technology [00:04:00] Services.

Resources

How To Setup Out Of Office Message in Office 365

Categories
Security

How To Secure Your SMB Network – Part 5 of 9 – Spam Filtering

Welcome to How To Secure Your SMB Network! This is part 5 of a 9 part series that discusses our approach to Network Security and how we secure client networks. As you will see there are many facets that go into creating a secure network. Think of it as puzzle with each piece playing an important role. The days of installing Norton Anti-Virus on your computer and thinking you are safe are over.

What Is Spam Filtering

Spam Filtering is essentially separating the “good” email from the “junk” email. It’s the same thing you do when you get home from work; stand over the trash can with that day’s mail. You filter the junk into the trash can and you keep the important items.

Spam email can be overwhelming without effective filtering. Estimates indicate that spammers send over 14.5 billion spam messages daily. In addition, some estimates indicate that 73% of all email traffic is spam. These aren’t just advertisements for the next gadget or miracle pill, these messages often contain malware, viruses, or phishing scams.

Spam is also very costly to a business. Without effective spam filtering, employees can spend significant time simply identifying and deleting spam. Nucleus Research Inc. did a study that found spam costs U.S. companies over $71 billion per year in lost employee productivity.

 How Does Spam Filtering Work

Spam Filtering is the process of identifying unwanted or potentially dangerous email messages and preventing them from reaching a user’s inbox. Effective spam filters will look at many different data points and then use an aggregate score to identify spam.

Filters look for many things, for example certain key words can raise the red flag, country of origin, language, along with attachments can also cause a message to be identified as spam. Most filters now use the Sender Policy Framework Record or SPF Record. The SPF Record tells the spam filter which email servers are allowed to send email for a particular domain. For example, if the spam filter receives a message from john@example.com, the filter will check the SPF record for example.com. The SPF record will indicate the email server named mail.example.com is the only server that sends email for example.com. If the spam filter detects that this email message came from a server other than mail.example.com it would be identified as spam.

Types of Spam Filters

There are many different types of spam filters. We’re going to take a look at Cloud Based Spam Filters, Software Based Spam Filters, Anti-Spam Appliances, and Built-In or Existing Spam Filters.

Cloud Based Spam Filters

Cloud Based Spam Filters work by redirecting all mail destined for your inbox to a spam filter based in the cloud. After processing the Cloud Based Spam Filter will then pass the relevant email messages onto your inbox. The major advantage of Cloud Based Spam Filtering is that all of the processing is done outside of your network. This means the spam never even reaches your network before it is discarded by the Cloud Based Filter. Many Cloud Based Filters feature quarantines which allow you to see the detected spam and (if misclassified) release the message to your inbox. Another common feature is Archiving. If there are network interruptions that are preventing your servers from connecting to the spam filter, the spam filter will queue your email and deliver it when connectivity is restored.

Software Based Spam Filters

Software Based Spam Filters typically run on a server in your office. Incoming email is directed to the Software Based Spam Filter for processing. Mail that is deemed relevant is then passed onto your in-house email server which handles delivery to your inbox. In this case, all email enters your network, but it is processed before it ever gets to your in-house email server. Common features of Software Based Spam Filters include a quarantine and the ability to release misclassified messages to your inbox.

Anti-Spam Appliances

Anti-Spam Appliances are hardware devices with the sole purpose of identifying spam. These appliances typically look like network switches and routers that are in the network rack in your server rooms/closets. Anti-Spam Appliances are usually on the perimeter of your network (or just inside of your firewall), giving them the ability to inspect and process every incoming message before it reaches the rest of your network. Some Anti-Spam Appliances can take on dual roles of both a firewall and a spam filter. A major advantage of an Anti-Spam Appliance over a Software Based Spam Filter is that your server is not having to do the processing, this frees up resources for other jobs.

Built-In or Existing Spam Filters

Built-In or Existing Spam Filters are simply the spam filters that come with existing email products. For instance, if you have an in-house Microsoft Exchange server, there is built in spam filtering inside of Exchange. The same is true for most web based email services (GoDaddy, Google Apps, Office 365 etc). These products feature their own Spam Filters. In my experience, these filters are much less robust and less configurable than any of the other options mentioned here. A good practice would be augment your built-in/existing Spam Filters with one of the other mentioned options. Let the Cloud Based Filter, Software Based Filter, or Appliance do the “heavy lifting” then pass along the clean email to your built-in/existing spam filters.

How To Secure Your SMB Network – E-Book

How to Secure Your SMB NetworkThis is the fifth part of a nine part series that details How To Secure Your SMB Network. Every Wednesday we will post a new section that gives details and examples on how Banks Technology Services secures out client’s networks. We have compiled all of this information into into an EBook which you can download for free. The E-Book contains additional information, real world examples, and is updated as new technology emerges. To receive your FREE copy, head on over to the [intlink id=”7985″ type=”page”]How To Secure Your SMB Network[/intlink] page.

 

 

 

 

[content_band style=”color: #333;” bg_color=”#f3f3f3″ border=”all” inner_container=”true”] [custom_headline style=”margin-top: 0; align:center;” level=”h3″ looks_like=”h3″ ]How To Secure Your SMB Network Blog Series[/custom_headline]
Part 1 – Network Security Principles
Part 2 – UTM Gateyway
Part 3 – Content Filtering
Part 4 – Software Restriction Policies
Part 5 – Spam Filtering
Part 6 – Endpoint Security
Part 7 – Patching
Part 8 – Administrative Rights
Part 9 – Conclusion[/content_band]

Categories
Business Processes

Employee Offboarding Process

To Follow up on our post from last week, [intlink id=”8089″ type=”post”]Employee Onboarding Process[/intlink], we wanted to offer some thoughts on the Offboarding Process as well. Offboarding can be a stressful time for everyone involved. Especially, if you are losing a longtime employee or if someone is leaving under less than ideal circumstances. A consistent Offboarding Process will aid in situations where data may need to be protected from malicious intent or when it simply needs to be preserved for when a new employee starts.

Password Changes

The first step in an Offboarding process will be changing the passwords on the former employee’s accounts. This includes their Active Directory user account, Hosted email accounts, Software as a Service accounts, etc. Changing the user’s password will immediately disable access as long as the user isn’t simultaneously using the service.

If your business uses Office 365 for hosted email, we suggest changing the password and disabling any connected mobile devices. You can also disable sign-in after we setup an auto-response and email forwarding.

Setup Auto Response Email

When an employee leaves, it can sometimes leave vendors and, more importantly, customers in limbo, wondering who they should contact at your company. An auto-response message proactively mitigates this by letting the sender know who to contact going forward. Here is an example:

Thank you for contacting {Company}. {Employee Name} is no longer employed here. If you need assistance please contact {Contact} at {Email Address} or {PhoneNumber}.

Best Regards
Setup Email Forwarding

Once the Auto-Response message is setup, we’ll want to setup email forwarding to the appropriate person. If you have an immediate replacement ready to go, then you can simply forward the former employee’s email to your new hire and give the new employee’s contact information in the auto response. If you’re like most small businesses and have a week or two delay between employees, you’ll want to temporarily forward email to another person in the company who can handle the emails in the interim. Once the replacement is chosen, change the email forwarding to the replacement and update the auto-response.

Thirty Day Waiting Period

We suggest keeping the auto-response and email forwarding in place for thirty days. Thirty days allows customers and vendors to update their contact information and to begin working with their new contact at your company. It’s a good idea to set an appointment on your calendar for thirty days after the employee’s departure or the offboarding process can easily stall at this stage.

Backup Data

After thirty days have passed, we make a backup of the user’s data. This includes their email and files on their computer. We’ll make a new folder on the server to store this backup. More often than not, someone in the company will need to refer to this backup during the next year. Company policies differ on this, depending on their industry and regulations, but our standard practice is to hold onto the backup for one year and then delete it.

Account Deletion

After we create the backups and save them to a folder on the server, we can finally delete accounts. This includes email accounts (cloud or in-house), Active Directory accounts on your server, and local profiles on the former employee’s computer. We’ll also make sure that any cloud or Software as a Service subscriptions are discontinued or re-assigned (Otherwise you may still incur charges for these services).

Conclusion

What is your offboarding process? Do you have one? What else should be included in the process I’ve detailed above. Please comment below.


[promo style=”align:center; width:80%;”]

We’ve made available a one page PDF checklist that covers our entire Offboarding process. Simply click below to gain access to the download.

[/promo]

Categories
Applications

How To Migrate To Azure AD Connect – #BanksTechTips

How to migrate to Azure AD Connect

Good afternoon, folks. Today we’re going look at How To Migrate To Azure AD Connect, from Active Directory Sync, also known as DirSync, which is the probably third or fourth version of this program that Microsoft has released. What this program does is it takes your local active directory usernames, passwords, all that good stuff, and syncs them to your Office365 account.

When somebody resets a password in the Office, that password immediately syncs up to Office 365. So next time that they go to log in to Web Mail, that password is changed and everything works how it’s supposed to. You could say it just makes things work better. And in an organization of 10 to 20 users or more, we recommend that you do use this product.

Microsoft is depreciating the DirSync product, and they are suggesting that everyone move the Azure AD Connect product. So that’s what were going to do on this server today. Let’s go ahead and get started. I’ve already downloaded all of the files and perquisites. I’ll put links in the video description so you can download those. Let’s double click on the file, and you’ll see the installation window start to pop up here.

This is pretty standard stuff. You can go ahead and select Yes and start moving through these. And you can see it’s copying files, creating shortcuts. Go ahead and click Yes on the user account control prompt there. And this gets into the actual install. So, of course, we are going to agree to the license terms and privacy notice. We’ll click Continue. And what this is saying is it has found the existing version of DirSync and that it will be Migrated to Azure AD Connect.

So it’s taking a look at what’s already on this particular server and is going to cater the install or the upgrade to what we already have in place. [00:02:45] And this will take a few minutes to get through. Okay, [00:03:00] so now it says it’s ready to upgrade DirSync and migrate our settings. The estimated time to complete the first sync is less than one hour.

This particular server only has probably 20 users, so it’s not [00:03:15] going to take long to replicate up to Azure. So we click Next. Now it’s going through and installing a few prerequisites. Okay, and here’s where we’ll [00:03:30] enter administrative credentials for your Office 365 or your Azure AD accounts. They should be the same if you have both. But you enter these [00:03:45] admin credentials, it’s connecting in to Office 365.

And then this is the local account. So this is for an Active Directory Enterprise [00:04:00] administrator. A domain administrator will not work for this prompt. You do need to have Enterprise administrator credentials. Enter those, go ahead and click Next, and then finally we’re ready to configure here. Now you can see it’s gonna uninstall the old [00:04:15] tool and it’s going to install the new tool. We’ll enable the auto upgrade and then configure sync services on the computer.

We’ll also check the box there to go ahead and sync after the installation is complete. [00:04:30] So I went ahead and skipped through here. We’re about to finish up. As you can see, it’s going through a few different configurations, and like I said I’m kinda skipping through here. It does take about [00:04:45] 10 to 15 minutes total, that will vary based on the size of your Active Directory forest.

But like I said, this one is fairly small. It’s moving along fairly quickly. [00:05:00] And as you can see, it’s finishing up a few things here. We did have password sync enabled. So like I said those passwords [00:05:15] will sync up to Office 365 and Azure. And there we go, configuration is complete.

Guys, thanks for taking the time to watch this video on How To Migrate To Azure AD Connect. I hope it’s been helpful. Migrating to Azure AD Connect [00:05:30] is something that a lot of people are going to be doing over the next couple of months as this product is depreciating. So if the video has been helpful, please give us a like and also subscribe to the channel. That lets YouTube know that you think this content is valuable and it also lets us reach a broader audience. Again, I appreciate your time. I’m Philip Banks with Banks Technology Services.

Resources:

Microsoft Azure AD Connect

Categories
Security

How To Secure Your SMB Network – Part 4 of 9 – Software Restriction Policies

Welcome to How To Secure Your SMB Network! This is part 4 of a 9 part series that discusses our approach to Network Security and how we secure client networks. As you will see there are many facets that go into creating a secure network. Think of it as puzzle with each piece playing an important role. The days of installing Norton Anti-Virus on your computer and thinking you are safe are over.

What are Software Restriction Policies

Software restriction policies define the files and/or file types that are able to execute on your computer. Similar to how a firewall allows or blocks traffic based on certain parameters (source, origin, port, protocol, etc.), Software Restriction Policies allow or disallow programs based on their location on the disk, filename, file type, etc.

Blacklisting

There are essentially two ways to implement Software Restriction Policies, Whitelisting or Blacklisting. Blacklisting allows any program to execute by default, unless it matches a restriction defined by an administrator, specifically file type, file name, or file path. For example, a Blacklist restriction might say that any file named Spotify.exe cannot execute. This would effectively block the program Spotify from running on a computer that is subject to this policy. A brief analogy, think of Blacklisting as the TSA’s No Fly List. Anyone can fly on an airplane (with a ticket and proper ID) as long as they are not on the No Fly List.

Blacklisting is effective at blocking specific programs that a company does not want its employees to use. Another common use is blocking certain paths that Malware, Ransomware, and Viruses tend to use.

Whitelisting

Whitelisting, on the other hand, takes the opposite approach. By default, no programs have permission to run unless they match certain criteria. In a Whitelisting scenario, you may have a policy that allows C:\Program Files (x86)\Microsoft Office\root\Office16\Excel.exe to execute. This will allow Microsoft Excel to run, but any other programs do not have permission to run. You can think of Whitelisting as the lock on your home’s front door. No one can come in unless they have the key to unlock your door.

Whitelisting is a more effective strategy to keep your computers secure, however it can require more time and effort to implement and can be more intrusive on the end user. If a company has many different applications their employees use regularly, each application will need its own Whitelist rule. The administrator would also need to create rules for any new applications before installing on the workstations.

How To Secure Your SMB Network – E-Book

How to Secure Your SMB NetworkThis is the fourth part of a nine part series that details How To Secure Your SMB Network. Every Wednesday we will post a new section that gives details and examples on how Banks Technology Services secures out client’s networks. We have compiled all of this information into into an EBook which you can download for free. The E-Book contains additional information, real world examples, and is updated as new technology emerges. To receive your FREE copy, head on over to the [intlink id=”7985″ type=”page”]How To Secure Your SMB Network[/intlink] page.

 

 

 

 

[content_band style=”color: #333;” bg_color=”#f3f3f3″ border=”all” inner_container=”true”] [custom_headline style=”margin-top: 0; align:center;” level=”h3″ looks_like=”h3″ ]How To Secure Your SMB Network Blog Series[/custom_headline]
Part 1 – Network Security Principles
Part 2 – UTM Gateyway
Part 3 – Content Filtering
Part 4 – Software Restriction Policies
Part 5 – Spam Filtering
Part 6 – Endpoint Security
Part 7 – Patching
Part 8 – Administrative Rights
Part 9 – Conclusion[/content_band]

Categories
Business Processes

Employee Onboarding Process

One of the best ways to create a favorable impression of your company with new hires is to have a smooth and structured on boarding process. This involves scheduling orientations, trainings, etc and having your new employee’s work space ready to go on the first day.

Notification and Planning

The first step in the on boarding process is to notify IT of the new hire and provide the pertinent information they will need. This includes the full name of the new employee. Make sure you double check the spelling as changing a username after the fact is much more involved than setting up a new username.

We like to see two weeks notification before a new employee starts. This allows time to order a computer (If the new employee is receiving a new machine) and any other needed equipment such as a mobile phone, desktop scanner, or additional monitors. If the new employee will be using an existing computer, this notice gives us ample time to backup the previous user’s date and prepare the machine for your new employee.

Your IT department will likely request additional information during this process. What is their Job Title and what Department will be they be working in? They will need to know what additional or specialized software the new employee will need. What additional accounts will need to be setup SharePoint, Software As A Service Accounts, etc)? This information should all be included in your standard on boarding process.

Account Setup

Once the needed information has been collected and the equipment procured, it’s time to start setting up accounts for the new employee. First we’ll set up a new user account on your office’s server and set the appropriate permissions for their Department and Job Title. We’ll configure things like User Folders and Network Drive access.

We’ll also setup the user’s email account, either in house or using a cloud provider such as Office 365. Depending on your company and what software and services you use, we may need to setup access to SharePoint along with Microsoft OneDrive or DropBox for Business.

User Profile Setup

Once we have the accounts setup for the new employee, we’ll move on to setting up their computer and other equipment. First, we’ll configure their User Profile by logging on to their computer with their new credentials. During User Profile configuration, we’ll setup Microsoft Outlook with their email account. We’ll add the office’s printers and any local or desktop printer(s) the user will need access to.

During this step we will also setup Scan to Email and/or Scan to Folder for the new user, by adding them to the Address Book on your copier and configuring any necessary folders on the workstation or server.

New User Credential Sheet

Every new employee (and the person responsible for their orientation) should receive a New User Credential Sheet. One way to quickly detail an otherwise successful on boarding process is to not have the new users credential’s when they arrive. This results in calls to the help desk or your outsourced IT provider in a frantic attempt to find a username and password.

A concise “cheat sheet” for the employee solves this once and for wall. Username, Password, Email address, webmail access instructions, mobile phone number, office phone and fax number, online account credentials, and other items should be included on this sheet.

Need Some Help?

The on boarding process can be stressful for everyone involved. The new employee is in an unfamiliar environment and expected to produce almost immediately. Existing employees involved in the on boarding process are taking time away from their priorities (which don’t go way) to get the new employee up to speed as quickly as possible. Productivity will take a hit during this process, this should be expected and it should be planned for.

A smooth onboarding process make’s an excellent first impression and sets a professional tone with your new employee. It minimizes lost productivity for your existing employees and gets your new employee up to speed and contributing faster. If you have questions about how best to onboard new employees, please Contact Us or leave us a comment below.


[promo style=”align:center; width:80%;”]

Need some help developing an onboarding process? Download our OnBoarding Forms below.

[/promo]

Categories
Windows OS

How To Change Your Default Browser in Windows 10 – #BanksTechTips

How To Change Your Default Browser in Windows 10

On today’s Banks Tech Tip, we’re gonna take a look on how to change your default browser in Windows 10. [00:00:15]

Okay, folks, let’s take a look at the default browser in Windows 10. What is a default browser? Say you receive an email or maybe you have a PDF file with a [00:00:30] link in it. You click on that link and your web browser opens to the website. That web browser is your default browser. Any time you click on a shortcut or a link, your default browser is going to open.

If you have a brand new computer, [00:00:45] straight from the factory, you haven’t changed anything on it yet, your default browser in Windows 10 is going to be Microsoft Edge. If you want to use something else, Chrome, Firefox, something like that, you’re going to need to change that setting. So let’s click [00:01:00] on the start menu, and I’m going to type in “default” and we’ll click on “default programs.” This brings up the choose default apps. So we’ll scroll to the bottom here where it says “web browser.” As you can see, [00:01:15] mine is set to Google Chrome right now, and you can see right here I have a shortcut with the Google Chrome icon there.

So let’s click on that, and let’s change it to Microsoft Edge. So we click on Edge, and you can see the icon [00:01:30] changes. Your default browser now is Microsoft Edge. You can see anything that you have installed. If you have Safari or Firefox installed, they will show up here as well. So just pick your browser, and that’s [00:01:45] about all there is to it. So I’m gonna switch it back to Chrome, and there it is. That’s all there is to it, folks. Quick and easy.

I want to thank you for taking the time to watch the video. If you found the content useful, please subscribe to our channel and like the video. [00:02:00] That really helps us out, and if I missed anything, or if you have anything to add to this, please use the comment section below. We reply to all of those comments. That’s all for today, folks. Until next time, I’m Phillip Banks [00:02:15] with Banks Technology Services.

Resources

How To Change Your Default Browser in Windows 10

Categories
Security

How To Secure Your SMB Network – Part 3 of 9 – Content Filtering

Welcome to How To Secure Your SMB Network! This is part 3 of a 9 part series that discusses our approach to Network Security and how we secure client networks. As you will see there are many facets that go into creating a secure network. Think of it as puzzle with each piece playing an important role. The days of installing Norton Anti-Virus on your computer and thinking you are safe are over.

What is Content Filtering

Content Filtering is the process of screening or restricting information that a computer or user is allowed to access on a network. This can be as simple as blocking broad categories of websites, such as pornographic or violence oriented content. Going further, Content Filtering can be used to block things such as pop-ups, advertisements, URL redirects, cookies and even Flash or Java based content.

URL Filtering is simply allowing or denying access based on the URL or origin of the requested content. This can be used to block specific websites that an organization does not want it’s employees accessing, such as monster.com or facebook.com. Instead of filtering based on broad categories, this is a granular approach to filtering. Many URL filtering services include dynamic block lists which will prevent access to websites that are known security threats. This can greatly reduce the risk from zero-day threats which are so new that most anti-virus software is not yet aware of them.

How Does Content Filtering Work

Content Filtering is an involved process that inspects incoming data. Every bit of data is inspected and compared to a database of rules, then it is either allowed to enter the network or thrown out. If Adobe Flash content is blocked by the Content Filtering rules, it will be identified during the inspection process and not allowed to enter the network. Depending on your organization’s bandwidth, Content Filtering can require quite a bit of processing power.

How Does URL Filtering Work

URL Filtering is very straightforward, it simply compares the origin of the data to a database of blocked locations. If the data is coming from a matching URL, it is thrown out before it enters your network. Some URL Filtering services will even toss out outbound requests that match blocking rules. This is valuable because it doesn’t clog up your bandwidth with data that is eventually going to be thrown out and not allowed to enter the local network. It can also stop some Malware threats that rely on outbound traffic to request a payload.

What to look for in Content Filtering

Oftentimes, the size of your organization will determine the best course of action when it comes to Content and URL Filtering. If you have a large organization, you will likely want a Cloud filtering service or a Hardware/Appliance filtering device. Cloud filtering does a great job at keeping unwanted traffic out of your network. Since the processing takes place in the cloud, the content never enters your network, or uses your bandwidth. Hardware or Appliance Filtering devices are placed on the edge of your network and keep unwanted traffic from entering your local network.

How To Secure Your SMB Network – E-Book

How to Secure Your SMB NetworkThis is the third part of a nine part series that details How To Secure Your SMB Network. Every Wednesday we will post a new section that gives details and examples on how Banks Technology Services secures out client’s networks. We have compiled all of this information into into an EBook which you can download for free. The E-Book contains additional information, real world examples, and is updated as new technology emerges. To receive your FREE copy, head on over to the [intlink id=”7985″ type=”page”]How To Secure Your SMB Network[/intlink] page.

 

 

 

 

[content_band style=”color: #333;” bg_color=”#f3f3f3″ border=”all” inner_container=”true”] [custom_headline style=”margin-top: 0; align:center;” level=”h3″ looks_like=”h3″ ]How To Secure Your SMB Network Blog Series[/custom_headline]
Part 1 – Network Security Principles
Part 2 – UTM Gateyway
Part 3 – Content Filtering
Part 4 – Software Restriction Policies
Part 5 – Spam Filtering
Part 6 – Endpoint Security
Part 7 – Patching
Part 8 – Administrative Rights
Part 9 – Conclusion[/content_band]