MS Exchange Critical Security Threat – We’ve Got Your Back!

You may have heard rumblings across the Internet of a giant Microsoft Exchange vulnerability that raised its ugly head this week. On Tuesday evening, Microsoft announced the existence of four critical zero-day security vulnerabilities affecting all current versions of Microsoft Exchange Server. That’s the same time we stepped up to make sure that all DataYard and our clients’ servers were patched and secured as soon as possible.

Starting at 2AM on Wednesday morning, our engineers began installing the needed upgrades and patches to all DataYard managed Microsoft Exchange servers . The Exchange infrastructures in question were quickly updated and rebooted, after which point DataYard engineers took a deeper dive to determine if there were any lingering threats.

In many cases across the globe this security vulnerability had already been exploited in an attempt to open a backdoor to critical and private data – our customers were no exception. DataYard engineers discovered malicious web shells which had been remotely uploaded by nefarious bots in the final days of February 2021. While a malicious shell was indeed uploaded on these systems to provide access to a bad actor in the future, there is no evidence to suggest that the shell was ever accessed or utilized after the initial automated upload.

As of 2PM on Thursday (3/4/21), DataYard had completed the following for all of our managed VIP clients:

Determined if the VIP was vulnerable to the exploit in question
Updated OS when applicable
Installed critical security patches
Reboot and test
Removed all malicious files remotely updated by third parties
Investigated all system logs to ensure no malicious files were executed:
- Network traffic logs
- System events logs
- Exchange application logs
- Remote login records

At this point, the team at DataYard is confident to give all of our managed Exchange VIP systems a thumbs-up and a clean bill of health. We appreciated the trust and confidence that all of our client partners have in DataYard – we are happy to have helped to avoid this nasty security breach and potential data compromise. Please let us know if you have any questions or requests to help make IT better.

Have a fantastic weekend,
The DataYard Team

Helping Your Employees Work from Home

Even if your company had a work-from-home policy before quarantine, most of your employees probably aren’t used to working every single day from their house. It’s important to ensure that your employees are well taken care of as they work remotely. Here are a few things you can be doing to help workers make the most of their at-home employment.

Outsourcing CTO Responsibilities

For small and even medium sized businesses, it can be difficult to figure out which positions you need in your company and which ones you don’t. This is especially true when it comes to executive positions. On one hand, team leadership is vital for maintaining structure, managing departments, and growing in a healthy manner.

On the other hand, these higher-level positions can come with high salary requirements.

But the question isn’t just whether or not you can afford them. It’s also whether or not you really have the need for a full-time employee in that position. You might need some of their skills and duties fulfilled, but that’s not enough to justify a high-level hire.

Especially in the case of something like a CTO.

What Does a CTO Actually Do?

CTO stands for chief technical officer. Generally speaking, they have the role of managing technology infrastructure, overseeing teams, creating digital/tech strategies, and driving everyone towards overarching goals and standards.

However, with today’s tech-heavy, digitally driven world, the exact responsibilities of a CTO can get a little muddled. Sometimes they get mixed up with other positions, such as a VP of engineering or CIO.

In the case of tech startups, the founder and CEO actually might act more like a CTO. Or the CTO might be a separate cofounder.

For companies that aren’t building a software platform or a new piece of technology, however, a CTO usually isn’t an immediate position. As the company grows and you start to integrate more devices, digital storage, cloud-based software, etc. into your operations, some of those CTO-like skills are suddenly much more important.

Unfortunately, a quality in-house CTO is one of the most expensive hires to make, as they are typically highly educated and very experienced. Rather than creating an executive position that will prevent you from making other key hirings, you may want to consider outsourcing the basic CTO responsibilities to an IT company.

Advantages of Outsourcing Your CTO Needs

CTOs need to stay current with technology standards and security threats. They must also be good at developing and executing strategies to keep ahead of these standards and threats. As it happens, these are all things that full-service IT companies like Data Yard do by nature.

Because of this, IT companies are regularly used to handle the responsibilities typically associated with a CTO.

By utilizing a third-party IT company, you can have access to a higher level of knowledge and skills for less than an executive role would cost you. It’s also scalable, so you only pay for the amount of work that you need. As your company grows, the level of service provided by your IT partner can grow with you.

At Data Yard, our AYS (At-Your-Service) solutions allow us to operate as a partner of your business. We provide strategic support including big-picture planning, infrastructure management, security implementation, on-going support, and more.

We also fit into your business where you need us to. Whether you need us to act as your CTO and IT department or you need us to assist an in-house IT team, we have you covered. The responsibilities of a CTO are very important to a modern business, but that doesn’t mean you have to strain your budget on a single position.

Instead, contact Data Yard. Our IT consultants in Dayton, Ohio are happy to help you figure out how we can better serve your business.

We Are At Your Service

LEARN MORE ABOUT OUR AYS SOLUTIONS

Creating a Disaster Recovery Plan

A disaster recovery plan is essential for securing your IT systems and protecting yourself against threats. In fact, 80% of businesses that don’t have a disaster recovery plan will go out of business within a year of a serious issue.

Protecting CUI and Maintaining NIST 800-171 Compliance

If you work for a company with government contracts, you’re well aware of how important security and compliance is, especially when it comes to how data is handled. While you might not be working with officially classified information as a non-federal contractor, you’re still handling potentially sensitive materials.

The primary standard governing the handling and accessing of non-classified information is NIST 800-171. NIST 800-171 (also referred to as NIST SP 800-171 or simply 800-171) is a set of security standards for non-federal computer systems, mandating how Controlled Unclassified Information (CUI) is to be handled.

NIST 800-171 was created in response to a lack of consistency across federal departments and their contractors that left openings for exploits and resulted in some major breaches of information. With NIST 800-171, all non-federal contractors have a universal set of standards to follow when it comes to how they handle CUI.

Handling Controlled Unclassified Information (CUI)

CUI is a classification created in 2008 to cover information that is potentially sensitive and relevant to US interests. CUI includes intellectual property, technical drawings, blueprints, legal materials, and more.

Before CUI, agencies used their own internal systems for marking and filing unclassified information, creating confusion and openings for security breaches. CUI helps keep unclassified information better protected and better organized through a filing system of categories and subcategories such as Agriculture, Patent, Law Enforcement, etc.

CUI should not be confused with classified information, which falls under NIST 800-53. Classified information is placed under significantly higher restrictions, can only be accessed with officials holding specific security clearance, and can result in criminal charges when mishandled.

Handling CUI might not be as strict, but it can still be a complicated process achieving NIST 800-171 compliance.

Achieving and Maintaining NIST 800-171 Compliance

If you’re handling CUI in any way, then you are bound to NIST 800-171 standards. If you are working for a federal or state organization, you fall under NIST 800-171. Even if you are working with a third party who in turn, is working with a government agency, you may need to follow NIST 800-171.

It’s always best to be safe rather than be in trouble with the federal government. Failure to protect CUI and follow NIST 800-171 will result in the loss of your current contract, as well as future work. It may incur additional penalties as well.

NIST 800-171 sets standards for user access, authentication procures, activity monitoring, maintenance and updates, physical server access, risk assessment, incident response, and more. Achieving compliance is not as simple as checking a few boxes. It is a process that is on-going. That’s where we can help.

Being located in Dayton, Ohio, DataYard is well-versed in NIST 800-171 compliance. We provide a roadmap experience for our clients, guiding them along the way to meeting all of the necessary standards and helping them maintain them.

From IT consultation to secured hosting to Dayton colocation, our suite of services can be tailored to meet all of the necessary NIST 800-171 standards. Contact us today to learn more and begin your journey towards true compliance.

Need Help Maintaining Compliancy?

TELL US WHAT YOU NEED

Who Exactly Needs to be HIPPA Compliant?

HIPPA compliance can be a little intimidating for those who have never dealt with it before. Not only are the rules vast and complex, but failure to follow HIPAA can lead to major fines, lawsuits, and more. Before you dig too deeply into the ins and outs of HIPAA, it makes sense to wonder whether or not HIPAA is a factor for you in the first place.

Though HIPAA stands for the Health Insurance Portability and Accountability Act, it of course extends to more than just health insurance providers.

Anyone working within the health or medical industry at any capacity will encounter some part of HIPAA. This includes physicians, dentists, counselors, and more. Additionally, companies that have vendors, customers, or third-party connections in the health industry may also be required to follow parts of HIPAA.

In today’s digital age, one area where businesses really need to be mindful of HIPAA compliance is regarding their online tools and services.

Do Your Online Services Need to be HIPAA Compliant?

Virtually every business or organization has a website these days. That website is hosted on a physical server somewhere. However, not all servers are the same.

In addition to different speeds, capacities, and software, some servers are HIPAA compliant while others are not. Now, just because you operate within the health industry does not necessarily mean you need HIPAA compliant hosting.

For example, let’s say you’re a dental office with a simple website explaining who you are, what you do, and how you can be reached. In this case, HIPAA compliant hosting isn’t required. However, if you wish to add digital intake forms, or you plan on storing current or potential client’s health information, HIPAA comes into play.

Of course, it’s not just websites that are hosted on servers. Email, online software, cloud storage, and more all fall under HIPAA compliance rules. It’s important to make sure you’re protected.

HIPAA Consultation Makes Compliance Easy

At DataYard, we provide HIPAA compliant hosting solutions and IT services to protect your clients’ information and keep you from facing hefty fines. We realize you might not exactly know what you need when it comes to maintaining HIPAA compliance. That’s why we also offer IT consultation services that we call the Discovery process to make sure you get exactly what’s needed.

Whether you know what you’re looking for, and you’re looking to talk to someone who does, DataYard is here for you.

Need Security Consultation?

TELL US A LITTLE BIT MORE ABOUT YOUR BUSINESS

New and improved Connect Mail

We’d like to thank you DONet & DataYard mail users alike. We’ve spent the last several months bringing you a whole new revamped Connect Mail experience. These upgrades will not require any of our customers to make any changes to their mail clients.

One of the biggest changes you will notice right away is that we’ve changed our webmail platform. We’ve integrated many of our previously separated services into one single pane of glass. Within the new webmail, you will now be able to set forwarders, auto responders, and even create filters to filter your mail. We feel this new experience will be much more user intuitive and stream lined.

When you login to the new webmail, you should see all of your mail, folders and settings. This includes all of your signatures, identities, contacts and contact groups.

The new settings will have some similar features you should be accustomed to using, but you will also notice some new links. On the left hand side you will notice a mobile sync tab which can be used to now synchronize your webmail/mail calendar to your phone, along with all of your contacts.

You will also notice these three tabs next to your folder structure. These are the new locations for you to forward your mail, setup auto responders, and filter incoming messages. No longer will you need to use your my.donet.com to make these changes.

Let us know if you have any questions, concerns, or just want to chat: 1.800.982.4539 or [email protected]. Remember to follow us on Twitter (@datayardtechops & @datayard)!

Cancelled : MySQL Database Maintenance – August 2nd

DataYard’s technical operations team will be cancelling scheduled maintenance for our MySQL cluster set for August 2nd. No downtime will occur, all services will continue operating as normal.

Outlook 2010 starting in Safe Mode

If you are experiencing an issue with your Outlook 2010 starting in Safe Mode after running Windows Updates on or after 12/8/2015, here are the steps to resolve this problem.

Uninstall the KB3114409 Outlook 2010 update:

Open Installed Updates by clicking the Start button , clicking Control Panel, clicking Programs, and then, under Programs and Features, clicking View installed updates.
Select the update KB3114409 to remove, right click, then click Uninstall. If you’re prompted for an administrator password or confirmation, type the password or provide confirmation. (If you have an issue finding it in the list you can use the search in the top right of the screen)
Restart Computer.
Open Outlook 2010.

If you are asked if you would like to start in Safe Mode, select NO and delete the shortcut you launched Outlook from and add it back.

Discontinuing Control Panel Access

DataYard systems team will be discontinuing access to two hosting control panels as of 1/31/14.

Everything that has a beginning has an end… and we are sorry to inform you that we will no longer be offering two hosting control panels in https://controlpanel.donet.com:8443/ and https://controlpanel2.donet.com:8443/.

You may be asking yourself “Why this? Why now? How will we survive? Where are my car keys?”

We are doing this to address security concerns and to reduce costs of our legacy shared hosting platforms.

We can’t help with the car keys, but we can help with any of your needs for sites and mailboxes hosted on these platforms.

Please don’t hesitate to call us at 937-226-6896 or emailing [email protected]. We will make sure that what you need done gets done.