Admin Forwarding

We announced last month that Lodge Information Services (LIS) launched its latest product The Office 365 Security Package. This is part three of the package, focusing on Admin Forwarding.

One of the biggest concerns within any business is IT security. The rising use of the cloud and mobile devices has bought with it cost savings. As a result, there are increased data security risks. Take a look at our latest video below for more information.

 

Get notifications when a new admin account or changes are made to Office 365 accounts with admin forwarding. This ensures you are in control of your data and documents. Impressive!

LIS act fast, with a simple click of a button the LIS helpdesk will advise you of any changes that are detected. We will also email you weekly reports about any admin changes to your accounts

Our Office 365 Security Package is a bundle of software tools

The package works continuously on Microsoft Office 365 accounts. They provide genuine protection benefits that EVERY business ought to have. We manage EVERYTHING for you. It’s all in our hands, which is exactly how it should be. Giving you peace of mind to allow you to concentrate on your business.

Download our Office 365 A Risky Business booklet to find our more.

Track admin login access for your employees. With admin monitoring you do not need to remember when they have logged out. Do not worry if you have not turned permissions off as we will alert you. Your team will have access to data at the right time, ensuring your company files are safe and secure.

LIS can help your company to protect your IT system. As a result, making sure the outside your team have the right access. Giving you peace of mind that your files are safe. We take care of your IT security to enable you to concentrate on your business!

Contact us to make sure you are protected.

Critical RDP Vulnerability

Critical Vulnerability in Microsoft RDP

Details of a critical rdp vulnerability in Microsoft’s remote desktop software were made public yesterday. Microsoft even released patches for old operating systems going back as far as Windows XP which has been out of maintenance for many years! This issue is being taken very seriously!

Sample exploit code has been available to buy on the Dark Web. We have it, it does work and is easy and reliable to use.  And there are credible reports that we should expect a substantial attack over the coming few days.  If computers are not patched in time it is possible that this could cause damage and disruption similar to that caused by WannaCry . Statistics suggest that some 8% of all machines are at risk, the majority being in small businesses which have not yet upgraded to more modern operating systems. Please contact us urgently if your business is still running older OS machines. It is time to upgrade!

How does the exploit work and how critical is it?

Vulnerable server operating systems includes: Windows Server 2003, Windows Server 2008, Windows Server 2008 R2

The list for PCs includes: Windows XP and Windows 7

By exploiting a remote execution bug in RDP the hacker can run code on machines without having to sign in. Once an attacker breaks into a computer this way, they have full control over the machine. No login credentials are needed!

Just running RDP on an old OS means your system is wide open to anyone that wants to use it.

For example, this vulnerability could allow access to deploy worms.  These could replicate themselves across your network infecting machines which would not otherwise be at risk. Alternatively, ransomware encryption viruses could be deployed or your data stolen.  The opportunities for theft, extortion and disruption are only limited by the creativity of the hacker!

The WannaCry ransomware worm spread around the globe in 24 hours. It infected around 300 million computers in 150 countries at an alarming pace. The National Health Service was amongst those badly affected. It is quite possible for this to be a repeat event.

How to mitigate the RDP vulnerability

Patch, patch patch!

We recommend that you apply these security measures as quickly as possible.

1 Patch all systems NOW.

2 Implement IP restrictions if possible to prevent unauthorised traffic.

3 Enable NLA if available. Network Level Authentication is another possible lock in front of RDP traffic.

4 Enforce VPN routing for RDP as this requires authentication.

5 Disable RDP on all systems if not used.

All this is technical so contact your IT company for help if it does not mean anything to you. If they are not aware of the problem then ditch them and contact LIS for help!

LIS Clients are Protected

All LIS clients on our managed services or network support plans are fully protected already. We have patched or scheduled all client machines that have our support software installed whether in contract or not. If you are not already supported by a pro-active IT support company like LIS then please contact us. We can help.

The 2020 problem

This should be a reminder to progress your upgrade plans. Remove all old machines from your networks by the end of this year. The 2020 time bomb is a serious matter and should not be ignored.

In light of Microsoft’s rare legacy OS patch for RDP services, Securonix?s Head explains the likely reasons for the disclosure and its critical nature, as well as how to secure the RDP endpoints.

 

Apple Recall – Plug Safety

We have been made aware that not all our clients have seen the following Apple recall notice.  Apple users please do check whether you are impacted. Better safe than sorry.

At LIS we sit mainly on the Android side of the fence so it would be easy to be smug but then…Samsung Galaxy. Can’t win really!

#apple #recall

Risk of electric shock from broken plugs forced recall from Apple.