MS Exchange Critical Security Threat – We’ve Got Your Back!

You may have heard rumblings across the Internet of a giant Microsoft Exchange vulnerability that raised its ugly head this week. On Tuesday evening, Microsoft announced the existence of four critical zero-day security vulnerabilities affecting all current versions of Microsoft Exchange Server. That’s the same time we stepped up to make sure that all DataYard and our clients’ servers were patched and secured as soon as possible.

Starting at 2AM on Wednesday morning, our engineers began installing the needed upgrades and patches to all DataYard managed Microsoft Exchange servers . The Exchange infrastructures in question were quickly updated and rebooted, after which point DataYard engineers took a deeper dive to determine if there were any lingering threats.

In many cases across the globe this security vulnerability had already been exploited in an attempt to open a backdoor to critical and private data – our customers were no exception. DataYard engineers discovered malicious web shells which had been remotely uploaded by nefarious bots in the final days of February 2021. While a malicious shell was indeed uploaded on these systems to provide access to a bad actor in the future, there is no evidence to suggest that the shell was ever accessed or utilized after the initial automated upload.

As of 2PM on Thursday (3/4/21), DataYard had completed the following for all of our managed VIP clients:

Determined if the VIP was vulnerable to the exploit in question
Updated OS when applicable
Installed critical security patches
Reboot and test
Removed all malicious files remotely updated by third parties
Investigated all system logs to ensure no malicious files were executed:
- Network traffic logs
- System events logs
- Exchange application logs
- Remote login records

At this point, the team at DataYard is confident to give all of our managed Exchange VIP systems a thumbs-up and a clean bill of health. We appreciated the trust and confidence that all of our client partners have in DataYard – we are happy to have helped to avoid this nasty security breach and potential data compromise. Please let us know if you have any questions or requests to help make IT better.

Have a fantastic weekend,
The DataYard Team

Importance of IT in Quarantine Remote Work

With the outbreak of the COVID-19 virus and the implementation of quarantine and social distancing measures, most office workers are finding themselves operating from home. While many modern offices have some degree of work from home policies in place, the idea of everyone working from home day after day is a much different situation.

Everyone is having to rapidly adjust.

Working from home every day sounds great in theory, but it also poses a number of problems. For workers, many struggle with productivity and focus at home, especially with schools being closed and children being home.

For business owners and office managers, there are more unique concerns. It’s very important to maintain proper IT practices and security measures while everyone is working from home. Though we don’t know how long this time of quarantine will last, it’s best to prepare for the long-haul.

Here are a few things to be mindful of...

Employees Being Ill-Equipped

Most office workers have a laptop, tablet, or at-home computer to utilize. If you have a bring your own device policy in place, they may even use it for work already. Even if they do, the rest of their at–home setup likely pales in comparison to their work setup. If your employees have multiple monitors, standing desks, comfortable chairs, and/or new computers at the office, sitting at a dinner table with a laptop is going to be a challenge for them.

If possible, let employees take monitors, work computers, and even desk chairs home during this time. Give tips for creating their setup. You can even have employees share their own setups.

Security Connections

Home networks are often much less secure than business networks. While you can’t overhaul the broadband and Wi-Fi systems that your employees have at home, you can implement protocols on the devices they’re connecting to it.

This includes making sure their device’s network settings are configured correctly, that firewalls and anti-virus software are turned on, etc. A further measure would be to implement a VPN (Virtual Private Network). This encrypts the data coming and going from a device, making it undecipherable to anyone who isn’t authorized to view it.

This is a highly effective measure that can be implemented with simple, affordable software.

If further security measures are needed, you could issue hardware firewalls to employees to be used at home. It’s an added expense, not to mention some additional configuration would be needed, but for employees who are handling especially valuable data, it may be necessary.

Implementing Communication Tools and Software

With everyone working from home, there’s a greater need for implementing communication and sharing tools. While you certainly had a number of software programs and online tools you used in office, some applications might be needed. Thankfully, there are more ways than ever to connect, share, and work collaboratively without being in the same building.

The main hurdle here is getting your employees setup and trained on the tools.

A Dedicated IT Team Makes Remote Work Much Smoother

With so much already going on, trying to micromanage the individual IT needs of each remote employee can be impossible. However, it’s very important that these needs are met and that they’re handled appropriately.

This is an especially terrible time to lose productivity, experience miscommunication, or suffer from a security breach.

Having a dedicated IT team on hand can make a massive difference. A quality IT company is well-versed in operating remotely, and they’ll be able to assist in setting employees up with new hardware and software and making sure your systems are secure.

At DataYard, we provide a wide range of IT services perfectly suited to help businesses adapt to the rapidly changing work atmosphere. Our IT consultants in Dayton, Ohio can help you maximize security, connectivity, and productivity while your employees operate remotely. We have the knowledge and experience to spot shortcomings, create IT strategies, and implement changes so that everyone is on the same page, regardless of where they’re working from.

Our IT Pros are Here for You

MAKE REMOTE WORKING BETTER

Outsourcing CTO Responsibilities

For small and even medium sized businesses, it can be difficult to figure out which positions you need in your company and which ones you don’t. This is especially true when it comes to executive positions. On one hand, team leadership is vital for maintaining structure, managing departments, and growing in a healthy manner.

On the other hand, these higher-level positions can come with high salary requirements.

But the question isn’t just whether or not you can afford them. It’s also whether or not you really have the need for a full-time employee in that position. You might need some of their skills and duties fulfilled, but that’s not enough to justify a high-level hire.

Especially in the case of something like a CTO.

What Does a CTO Actually Do?

CTO stands for chief technical officer. Generally speaking, they have the role of managing technology infrastructure, overseeing teams, creating digital/tech strategies, and driving everyone towards overarching goals and standards.

However, with today’s tech-heavy, digitally driven world, the exact responsibilities of a CTO can get a little muddled. Sometimes they get mixed up with other positions, such as a VP of engineering or CIO.

In the case of tech startups, the founder and CEO actually might act more like a CTO. Or the CTO might be a separate cofounder.

For companies that aren’t building a software platform or a new piece of technology, however, a CTO usually isn’t an immediate position. As the company grows and you start to integrate more devices, digital storage, cloud-based software, etc. into your operations, some of those CTO-like skills are suddenly much more important.

Unfortunately, a quality in-house CTO is one of the most expensive hires to make, as they are typically highly educated and very experienced. Rather than creating an executive position that will prevent you from making other key hirings, you may want to consider outsourcing the basic CTO responsibilities to an IT company.

Advantages of Outsourcing Your CTO Needs

CTOs need to stay current with technology standards and security threats. They must also be good at developing and executing strategies to keep ahead of these standards and threats. As it happens, these are all things that full-service IT companies like Data Yard do by nature.

Because of this, IT companies are regularly used to handle the responsibilities typically associated with a CTO.

By utilizing a third-party IT company, you can have access to a higher level of knowledge and skills for less than an executive role would cost you. It’s also scalable, so you only pay for the amount of work that you need. As your company grows, the level of service provided by your IT partner can grow with you.

At Data Yard, our AYS (At-Your-Service) solutions allow us to operate as a partner of your business. We provide strategic support including big-picture planning, infrastructure management, security implementation, on-going support, and more.

We also fit into your business where you need us to. Whether you need us to act as your CTO and IT department or you need us to assist an in-house IT team, we have you covered. The responsibilities of a CTO are very important to a modern business, but that doesn’t mean you have to strain your budget on a single position.

Instead, contact Data Yard. Our IT consultants in Dayton, Ohio are happy to help you figure out how we can better serve your business.

We Are At Your Service

LEARN MORE ABOUT OUR AYS SOLUTIONS

Building an IT Support Partnership

Many in-house IT teams find themselves overworked as emergencies and critical responsibilities take precedence over updates, strategy, monitoring, etc. That’s why so many businesses can benefit from a partnership with a third-party IT company.

Setting Expectations for Your IT Support

In today’s digital, data driven world, your IT department has never been more important. Digital security should be one of the top priorities of any modern business. After all, a data breach costs a company an average of $8.19 million.

Of course, an IT team handles much more than security. From setting up employees with company devices to upgrading software and hardware systems to simply keeping your systems running, your IT department is the heart of all things digital.

Because of this, you should carry very high expectations for your IT team, whether they’re in house or outsourced (or a combination). Third party IT companies can be a valuable asset, as they can typically provide more in-depth services at a much more affordable price.

But the wrong IT company can become a serious liability.

Here is What You Should Expect from a Third-Party IT Company

First and foremost, they need to actually offer the services you require. IT can cover a lot of area, and every company has different needs. Certain IT companies can be more niche than others. Check and see if they have familiarity with your systems as well, from server types to software that’s being used.

There is expected to be a certain amount of discovery when it comes to onboarding a new IT company, but they should have an idea of what they’re getting into.

The same goes for knowledge of your industries compliance needs and security standards. This is especially important for businesses that deal with NIST 800-171 and HIPAA compliance.

A lot of IT is also about thinking and planning ahead. That’s why it’s not enough for an IT provider to meet you where you’re at currently. Scalability is important to consider. As your business matures and grows, your IT needs grow with it.

Your IT provider needs to be able to step up their service as required.

Lastly, when IT emergencies arise, fast response time is critical. You need to make sure a company is easily reachable, effective at communicating what’s going on, and quick to act. While it can be difficult to know how quickly an IT company is going to respond until you’re actually working with them, you can watch for signs during your initial engagement with them.

If details are being skipped over or replies are coming a day or two later, you may want to look elsewhere.

At DataYard, We Aim to Exceed Expectations

We believe that quality IT Support cannot exist without high-level customer service. We want you to know that you have our attention. We’re here to assist you, answer questions, explain uncertainties, and do everything we can to put you at ease.

From the moment a client signs up, it’s our goal to not just maintain the status quo, but to improve your system so that you’re protected against the future. After all, IT isn’t just about protecting against current threats and potential problems. It’s about staying ahead of them.

We can cater our services to your needs. Whether you need a full external IT staff or another team to support your inhouse staff, we’ll integrate seamlessly with your company. And for those located near our data center in the Dayton, Ohio area, we make onsite visits as needed.

With DataYard at your side, you can expect a level of IT support that exceeds your needs.

We're Here for You

LEARN MORE ABOUT OUR IT SERVICES

New Website Announcement

We’re sticking to our motto “make IT better” by launching this brand spanking new website. It’s a little different than before but we think you’ll like it. For some, this change may come as a surprise and you might not recognize that it’s really us and for others, it might be hard to navigate at first, but that’s what this blog is all about.

ACCESSING THE QUICK TOOLS

Our site previously had a top menu bar that featured links to My DataYard, My Webmail, Connect Exchange, and Remote Support. We’ve taken these links and condensed them down to one link ‘My DataYard’, just look to the top right hand of your screen, I’m sure you’ll find it. The My DataYard page will now be the home to all those same links you’re familiar with from the old website.

MY DATAYARD

The ‘My DataYard‘ page has been built to give you even more access to our tools, announcements, and system updates. While today it is host to all the same tools you recognize from our old site over the next few months we will be adding some new features that we’re really excited to share with you.

QUICK NOTES

The site is up to date on several services, specs, and information that was either out of date or inexistent on the previous site so check it all out and if you have any questions let us know. We’re particularly excited about the new IT support page for our AYS service, which has been one of our fasts growing service, but was previously unrepresented on the website.

Hope you love it and if you have any problems feel free to reach out!

Make IT better!

HTTPster Update

HTTP (Hypertext Transfer Protocol) is the default protocol used to transfer data between a Web server and a Web browser. When you open Internet Explorer, Chrome, Firefox or Safari and type a URL in the address bar (for example, https://www.datayard.us); you’re actually sending an HTTP request to DataYard’s Web server requesting information; in this case DataYard’s homepage. When DataYard’s Web server receives this request, it searches for the desired information and responds to your Web browser with the appropriate information. This information is then displayed on your monitor and the HTTP connection is closed. If you were to click on any link within the home page, another HTTP request is sent to the Web server and it responds with the desired data and again displayed on your monitor.

HTTP is inherently insecure, meaning information is sent in plan or clear text. Why is this noteworthy? If a savvy person were to “snoop” on your Internet connection, they’d be able to read the data rather easily using simple tools found all over the Internet. This isn’t such a bother when you’re browsing for the latest football scores or reading up on recent events. However, if you’re paying bills, checking bank accounts or attempting to secure a loan of some type via an online finance tool, this becomes seriously concerning. The answer: HTTPS.

HTTPS (Hypertext Transfer Protocol Secure), as its name implies, is HTTP’s much more secure brother. If you were to type “google.com” into your favorite browser, you’ll likely see the address change and it’ll look like this…

Why is this, though? It’s because Google uses an SSL (Secure Socket Layer) certificate to encrypt data sent between their Web servers and your Web browser. Much the same can be said about almost any other Web domain that would be expected to serve up sensitive information (banks, online shopping, investment entities, utility companies that accept online payments, etc.). Without this certificate or HTTPS, if you were to complete an online shopping transaction and someone happened to be “snooping” on your device or Internet connection, they’d be able to see the details of your purchase in plain or clear text. Credit card information, shipping addresses and other details of your transactions would be wide open for the world to see. So how does HTTPS work exactly?

When an SSL certificate is purchased and placed on a Web server, the Web server holds a private key, basically an encryption algorithm that tells its public key holders how to decrypt the information its sending back and forth. Let’s take our first example of HTTP but this time we’re going to use HTTPS.

It’s time to pay bills and instead of using snail mail, you’ve opted to go green and pay online. You enter your vendors Web address in your browser, https://www.electriccompany.com. Immediately upon this request, Electric Company’s Web server will send your browser a public key, instructions on how to decrypt the encrypted information via the private key. Confused yet? You shouldn’t be. All this decrypting and encrypting is transparent to the user and is exclusively handled by the browser and server.

As you enter your credit card information and click “SUBMIT”, your credit card information, account details and other personally identifiable information is sent to the Web server within a snug, tightly-wrapped blanket of human-unreadable characters that can only be deciphered by the Web server and it’s private key. So the guy that’s been “snooping” on your Internet connection would only see a very lengthy and incoherent string of characters that would envy Da Vinci’s cryptex.

Now that you have a better understanding of HTTP and HTTPS, as well as their differences and advantages; how does one go about “securing” their Web site? It’s rather simple, actually and as more and more people conduct sensitive business in our technologically endowed world, certificate authorities (CA) are making this process even more streamlined than before.

Companies like VeriSign, GeoTrust, DigiCert and GoDaddy specialize in the sale and deployment of SSL certificates on a global scale. A user would simply purchase an SSL certificate from any of these CA’s then install the certificate on the appropriate Web Server(s). Once the installation is complete, any browser requesting information from that Web server would then have the benefits and peace of mind that all the transactions would be safe and secure! If you’re not up for the task just let us know and we’ll be sure to take care of everything giving you a wonderful gift, peace of mind.

DataYard – At Your Service

DataYard – At Your Service!

Now available by popular demand, DataYard has created a brand new offering under a brand new division, At Your Service. AYS will help regional companies with all aspects of business IT – whether it is managing existing workstations and servers, migrating to a VoIP phone service, upgrading network equipment, or guiding your transition to the cloud – DataYard has you covered.

The DataYard Difference

For over two decades, DataYard has helped thousands of local businesses use technology to improve business efficiency and reliability. But we noticed that we were getting more and more requests from clients to assist with projects beyond just Internet services or hosting projects – they needed help with technology inside of their businesses, and turned to us for advice. AYS is an answer to those questions and needs, and DataYard can now bridge the gap between on-premise IT work and cloud-based hosting services.

We’ve built some great partnerships over the last twenty years – with Microsoft, VMware, and Cisco, to name a few – and these relationships make it possible for DataYard to be your full-service, end-to-end IT partner. If you have a problem, project, or just want to talk through an issue, give us a call – DataYard is here to help you make IT better.