CyberNews from JustWorks – Issue #7

Keeping you up to date on the latest in tech and cyber. Feel free to forward to interested colleagues and acquaintances.


It’s Cyber Security Awareness Month

October is Cyber Security Awareness month, and it’s no coincidence that this is also the time of year when businesses are looking to renew their insurance. We know that all those complex cyber security questions from your insurance can cause quite a fright. Especially as Lloyd’s estimates that premiums from cyber insurance policies will rise from $9 billion last year, to $25 billion in 2 years time.

It will become increasingly valuable to know where your cyber security stands. Being properly positioned can mean saving big on your insurance, making renewals less of a Trick and more of a Treat. Ask your insurance broker if having the right Security Plan in place can save you money on premiums.

We invite you and your associates to send us your Insurance questionnaires, so we can work with you to implement the rapidly advancing security standards they want to see. We have helped our customers develop strong cyber security plans that enabled them to successfully pass a variety of security assessments, and we look forward to doing the same for you.

Graphic produced by the Army Chief Information Officer

Learn how you can be prepared for heightening requirements with SecureWorks


Don’t Get Caught with Your Head in the Clouds

When it comes to cyber security, readiness doesn’t just mean hardware and people. Cloud services are ubiquitously used in today’s IT infrastructure, and cloud providers are having to demonstrate their cyber security posture to maintain viability for their customers IT environments. Companies are realizing that when reviewing their IT posture they need to investigate their cloud service providers with the same level of scrutiny. Forrester writes “that Successful organizations must build a robust cloud governance regime, requiring all cloud workloads to have mandatory security instrumentation and tooling built into them”. Taking the time to ensure your cloud tools and infrastructure are implementing best practices for security is crucial, because when it comes down to it, a chain is only as strong as its weakest link.

That’s why we have been leveraging Sophos Cloud Optix when our customers are evaluating their Cloud Infrastructure. Cloud Optix offers the capability of Multi-Cloud Visibility providing a single view integrating all of your cloud products. Sophos will continuously scan those environments for any vulnerabilities to make sure they are meeting current industry standards. Working seamlessly with other Sophos products like XDR and MDR, Cloud Optix provides IT Teams with enhanced levels of context when assessing threats and vulnerabilities.


CyberNews Archive

CyberNews from JustWorks – Issue #6

Keeping you up to date on the latest in tech and cyber. Feel free to forward to interested colleagues and acquaintances.


Deep Phishing

Margaret Tarrant - "Little red riding hood"

Cyber criminals are taking advantage of AI to generate deeply personalized and complex attacks, known as Deep Fakes. Like the Wolf dawning Grandma’s garbs to fool Little Red Riding Hood, scam artists can impersonate trusted parties like never before to bring down our guards. By formulating attacks via AI with information that would seemingly be too uniquely accurate to be a scam, people are more susceptible to becoming victims of fraud than ever before.

Bloomberg reports that Banks are expecting Cyber Crime to cost $8 trillion this year, and on track for $10.5 Trillion in 2025. With the ability to create innumerable individualized attacks, the protectors of Cyber Security are having to ramp up efforts to avoid losing the battle against criminals. It will take a culture of Cyber awareness and increased education to put up a fight.

Many organizations are reporting very specific attack vectors that are so skillfully crafted to impersonate their usual vendors and clients, that they are worried at the increased possibility of personnel taking the bait. AI can generate all types of sophisticated impersonations from voice clones, visuals, and language patterns, pushing the limits of what the rational mind can differentiate between real and fake.

Learn how you can combat the coming cyber struggles with SecureWorks and our new advanced email protection service.


MOVE it on Down the Road

https://www.youtube.com/watch?v=zrncsyZ9YLA

The Cyber Security landscape mounts up as larger, more critical, infrastructure is increasingly targeted.

The MOVEit file service ransomware attack had the Oregon Department of Transportation (ODOT) lost without direction. Anyone with a state issued ID or Drivers License had their information compromised, including details like name, address, and social security number. The massive scope of the data breach, affecting over 3.5 million people, left ODOT in shock and they did not make any acknowledgment of the attack for months. Claiming they didn’t want to release any statements until after a forensic investigation, which took several months to complete following the breach.

Once ODOT finally publicly addressed the hack, surprised Oregonians expressed their fears of widespread identity theft and were disgruntled at being unaware for months that their personal information was caught in the dark web. Furthermore, ODOT was just one entity that was affected by the worldwide ransomware attack on MOVEit.

Government services are clearly in hacker’s sights, and data from the UK Govt. shows that the larger your organization is, the more likely you are to be targeted. Do you know anyone lacking secure file services? Have them contact JustWorks today and we can deploy secure file systems for their IT.


Easy Co-Editing

Egnyte recently released an integration with Microsoft Office 365, allowing you to Co-Edit files simultaneously with other colleagues. Have a PowerPoint or Excel document that you and your team are completing? Well, now you no longer have to worry about who works on the file, or when. Co-Edit allows everyone to access the same file, at the same time, so that projects can progress with real time collaboration ensuring all edits are captured in one file. This means no one is stuck waiting for their turn, and you won’t have worry about checking multiple file versions to capture everyone’s edits. All of this works directly inside your desktop Office 365 apps, providing full utilization of computing power compared to web based collaboration.

With the new PDF Viewer and Editor in the Web UI, working on documents is significantly streamlined.

https://helpdesk.egnyte.com/hc/en-us/articles/16577351731597-PDF-Viewer-and-Editor-for-WebUI

No longer will you need to save files locally and then open them with specific PDF editing apps. The PDF Viewer allows you to view any PDF directly in a browser, while the Editor allows editing directly inside the viewer with 30+ annotation, form filling, and form creation tools. Now you can make changes from anywhere, and on any device.

Contact us if you’re interested in using these new features.


CyberNews Archive

CyberNews from JustWorks – Issue #5

Keeping you up to date on the latest in tech and cyber. Feel free to forward to interested colleagues and acquaintances.


Chat Bot not Jackpot: Chat GPT & IT Solutions

Chat GPT and other AI platforms are being scrutinized for their potential to solve problems at a speed and scale exceeding human norms. What human lead tasks today would be done more efficiently and could be replaced fully by AI in the future?

While many people’s considerations drift to the hypothetical endgame of idealized Artificial Intelligence, JustWorks maintains a realistic outlook on computer generated responses and have thoroughly tested Chat GPT’s ability to solve technical problems – one might think that IT would be a field in which Chat GPT would excel. However, our testing has showed that Chat GPT is only provides the correct response to a wide variety of IT problems around half of the time. This is largely due to two of AI’s limits:

  • How it is prompted (hard to do!)
  • Only being able to draw conclusions from the data set it is trained on

As IT Solutionaries, we know that effective service results from the ability to solve novel issues as they arise. In a fast paced environment where issues need to be resolved accurately and in a timely manner, there simply isn’t room for this degree of error.


The Bay Area Cools Off

Businesses in the Bay Area saw employment costs heat up as wages rose at an accelerated rate in 2021/22. However, it appears the climate is shifting as companies adjust to post-pandemic conditions.

Early this year, we reported on tech companies lightening payroll with large job cuts as financial tides went out. Data from the Labor Department shows, these loses have taken a toll on Silicon Valley with counties reporting average weekly salaries decreases of around 20 percent compared to 2021 !

It appears companies are looking to the horizon and choosing to keep those vital jobs which keep the cogs turning and shying away from highly specialized and cost intensive positions. Many organizations across The Bay Area are likely relieved to see they are not going to be priced out of the market for finding the right talent.


Sophos Adaptive Attack Protection

Sophos recently added the ability for Sophos Endpoint to dynamically apply active protection when an on hands keyboard attack is detected. This is next level capability can recognize malicious behaviors in real-time and gives customers valuable time to neutralize active adversaries before a breach occurs. Interest in Adaptive Attack Protection is widespread as companies face the threat of insider attacks with growing numbers of non-localized workers and handling the challenges of complying with cyber security standards with on-site visitors. Watch how

Sophos continues to top the G2 Grid® as the only cybersecurity provider that qualifies as a Leader across:

  • Endpoint Protection Suites
  • Endpoint Detection and Response (EDR)
  • Extended Detection and Response (XDR)
  • Firewall Software
  • Managed Detection and Response (MDR)

G2 independent, verified customers rated Sophos the #1 overall XDR and Firewall solutions. We have many years of experience implementing Sophos to provide the best cyber security for our customers.

If you’d like to know how you can utilize Sophos to achieve the best protection, give us a call on 866-JUSTWOR or email info@justworks.net


CyberNews Archive

CyberNews from JustWorks – Issue #4

Keeping you up to date on the latest in tech and cyber. Feel free to forward to interested colleagues and acquaintances.


Ransomware on the Rise

Cyber Security becomes more valuable by the day as attacks increase in frequency and complexity.

Microsoft reports they experience 300 million fraudulent attempts to access their cloud services everyday. Sophos reports on providers of “hacking as a service” increasing through 2022 and into this year.

At this rate, insurance execs are warning that Cyber attacks will soon be joining Natural Disasters in being uninsurable. The enormity of the impacts cyber attacks could have, if critical infrastructure is targeted, is simply too large for insurance companies to anticipate and remediate.

This fear was made real here in the Bay Area when the City of Oakland recently declared a State of Emergency after it fell victim to a ransomware attack that disabled key technical infrastructure and brought city services to a halt. By encrypting Oakland’s data with their own key, the hackers now have sole control over that data and are releasing small portions of employee information to demonstrate their capability and bolster their demands. Understanding your own Cyber Security readiness is critical as threat actors increase their activity.


Managing Your Detection and Response

At JustWorks we have been implementing the Gartner leading cybersecurity managed detection & response, Sophos MDR, for our customers to ensure they have 24/7/365 threat detection and response. Sophos’ Endpoint and Network monitoring approach ensure our customers’ IT Systems are secure no matter where they work. Utilizing AI threat identification to prevent attacks in conjunction with a dedicated team of specialized cybersecurity experts to handle the intensive work, Sophos MDR offers the best Cybersecurity as a Service, while keeping costs and resources down.

Sophos services can also help at any stage of a cyber attack. Whether you would like to assess if your data has already been compromised, or are currently in the middle of an active attack, Sophos’ round the clock SOC can respond to and resolve attacks rapidly.

If you’d like to know more about how we can implement Sophos MDR for your business systems, give us a call on 866-JUSTWOR or email info@justworks.net


It’s 10 PM, do you know where your children are logged in?

As the White House backs a Senate Bill that would ban Tik Tok for Federal Employees, it’s time to think about what apps your family is giving their information to. This short and very polished film by the Financial Times highlights the challenges for managing identity security for youth in today’s digital society.

Watch it at home with your family to get a conversation started.

CyberNews from JustWorks – Issue #3

Keeping you up to date on the latest in tech and cyber. Feel free to forward to interested colleagues and acquaintances.


2023 kicks off with tech turmoil

Seems like every tech business in California is rushing to lighten their payroll ahead of what many expect to be a tough year ahead. Even Microsoft!

This is when the tide goes out and we all find out who has been swimming naked. With so many tech businesses based on new revenue models, who will survive the coming changes ?

Evaluating tech vendors is what we do at JustWorks. It requires in-depth knowledge of the tech industry, the history of firms (who has bought who recently), technical evaluation of the products/services they offer, analysis of each vendor’s cyber security posture, and market intelligence to determine if they have a sustainable position against their competition. This is not work that most companies can do for themselves, which is why vendor selection is large part of our work and a significant value we add for our customers.


The End of Passwords …

Bill Gates predicted the death of the password around 15 years ago. In fact, password use has risen, and they remain the default method of authentication for a huge range of services, both at work and home. 

Increasingly complex password requirements place an unrealistic demand on users. Inevitably, users devise their own coping mechanisms to cope with ‘password overload’. This includes re-using the same password across different systems, using simple and predictable password creation strategies. Sound familiar?

Every company needs to do 3 things right now to stop password overload becoming a cyber security threat to the business:

  • Stop making users change their passwords!
  • Turn on MFA for all remote access. Make every login a proper security check. If the login is at an unusual time of day or from a new location/computer/browser, then ask for another security factor.
  • Get a Business subscription to 1Password. Inevitably there will be passwords that need to be shared across teams and you need to have vaults that are controlled by the company, not the user! Every employee added to a 1Password Business accounts get a free subscription for their personal/family use.

ZTNA is coming in February

We are excited to announce that JustWorks is adding Zero Trust Network Access (ZTNA) from Sophos to our fixed fee services starting in just a few days.

Zero trust refers to a way of controlling access where every request is validated from the ground up and permission is only granted when a valid user authenticates themselves on an approved computer to access an application they are authorized for.

If you’d like to know more “zero trust” for your business systems, give us a call on 866-JUSTWOR to email info@justworks.net


CyberNews Archive

Useful graphics on passwords and many other cyber security subjects available from the NCSC.

CyberNews from JustWorks – Issue #2

Keeping you up to date on the latest in tech and cyber. Feel free to forward to interested colleagues and acquaintances.


Cyber Gets Serious

Cybersecurity risk is the #1 concern for businesses large and small according to the 2021 Travelers Risk Index.

Our analysis of a cybersecurity questionnaire from Travelers Business Insurance shows responses are required for 56 requirements from the NIST 800-171 standard, including 40% classified as Advanced in the CMMC framework. Of those 39 require enhanced JustWorks management, and 17 require specific internal policies and processes.

It’s time to get serious about cyber. Every business needs a security plan and a continuity plan for I.T. — not just for insurance.

The SecureWorks add-on plan for JustWorks customers is now available with 4 service levels to suit your business needs. Let’s get a SecureWorks plan started for your business.

Making IT Security Simple | JustWorks
Making IT Security Simple | JustWorksjustworks.net
JustWorks does it again! We have been Making IT Simple for over 25 years and now we are making Cyber Security & Compliance simple too. SecureWorks is the new add-on service that turns a confusi…

Cooling IT

Keeping IT systems cool is no laughing matter. The recent heatwave in the UK caused systems at 2 major hospitals to literally melt down! They have been offline for over 2 weeks and porters are running around with test results on bits of paper, trying to find patients!

Good design, up-to-date equipment, and active monitoring are keys to preventing this kind of problem. That’s why these principles are baked (excuse the pun) into every JustWorks design.

What is “zero trust” ?

Techies love buzzwords and the term “zero trust” is the buzz of 2022. But what does it mean?

Zero trust refers to a way of organising computer systems in which no one and no devices are assumed to be trustworthy.

On a typical office network the PCs on everyone’s desks are assumed to be computers that have already been configured to meet the business’ security standards. So there are few, if any, limits placed on what they talk to or how they respond to other devices on the network.

In a “zero trust” environment every computer treats every other device as a stranger, until proven otherwise. This helps stop, or at least control, the spread of malicious code across a network.

The spread of ransomware in recent years means that very few networks are still configured to be “all trust” nowadays. Most are somewhere in the middle. If you still have to use a VPN to connect to your office, that’s probably because the office systems are too trusting and so they need to be more strongly protected (even though it makes life harder for users).

If you’d like to know how close to “zero trust” your business systems are, give us a call on 866-JUSTWOR to email info@justworks.net

CyberNews from JustWorks – Issue #1

Hello and welcome to the new newsletter from JustWorks.

We will keep you up to date on the latest cybersecurity and information technology developments. Just what you need to know, when you need to know it.

We will keep this simple (just like our services). If you have any questions or would like any futher information just reply to let us know.

In this edition: planning, zooming, and safety at home.

Do forward this on to anyone else you know that needs to keep up on the latest cybersecurity for business.


Ukraine, crypto, and cyber attacks

Russia’s aggression in Ukraine has coincided with a reduction in cyber attacks (and, tangentially, in crypto currency values).

Not what we expected.

Perhaps the “Fancy Bears” are distracted with trying to take down Ukraine’s IT systems and so there’s been less focus on attacking the rest of us? Just a guess, but in any case now is the time to review all the potential weak points in your cyber security plan.

They will be back, you can be sure of that!

If you haven’t got a cybersecurity plan: you don’t know how [in]secure you are. Get started on a plan now!

Zoomin’ IT

Covid made “zoom” a verb. Shorthand for online video meetings, “zoom” has become a household word. Now zoom can be your phone system too.

Building on the global infrastructure they put in to deliver high quality video, zoom have easily been able to add voice service that is just as clever at managing itself as the speed of your Internet connection changes second by second.

With direct, private peering with the world’s public telephone networks, zoom offers high levels of security for their phone service.

But, like everything else in the cloud: it’s only as secure as you configure it to be!

If (when) you do switch to an online phone system, get an expert in identity management to set it up properly.

Stay cybersafe at home too!

Cybersecurity doesn’t stop at the office door. Make sure your personal systems at home are protected too — you’re only as secure as your weakest point.

Get Sophos Home for all your home computers, especially the kids! Covers up to 10 computers for less than the cost of one fancy coffee a month.

Every Cloud Needs a Pilot

In 1996 we pioneered the managed services concept and helped create the Managed Services Provider model that so many others claim to be doing today, but while they were catching up we were driving ahead and recognizing that for some business the day was coming when racks of servers in their offices would be a thing of the past.

That day has arrived. Starting this year JustWorks is now delivering completely cloud-based I.T. infrastructure for businesses with no physical servers, no Active Directory™, and no worries!

Incredibly efficient, effective and simple cloud services that span the range from file services to directory to telephony and online meetings are now all available from JustWorks with 0 delay, $0 startup and 0 commitment. Everything works together, everything is secure, and everything is managed by your very own cloud pilot – it just works!

Navigating this new cloud world is not for the faint of heart, littered with the wreckage of failed vendors and integration turbulence. That’s why you need an experienced pilot who can navigate the skies with you every step of the way. We Make IT Simple. Just step on board for a fixed monthly fee per user and the next thing you know you’ll be relaxing in the comfort of your very own private jet through the clouds, answering your calls anywhere in the world, opening offices with just a WiFi access point, and onboarding new employees in minutes.

Contact us if you’re interesting in joining our growing list of cloud enabled customers.

JustWorks returns

We are very happy to be returning to our original business location where JustWorks started in 1996.

We are marking the return of JustWorks in more ways than one. In 2019 we have completed our transformation into a full Cloud Services Provider (CSP, because techies love acronyms!) and are once again leading the field in helping our customers Make IT Simple.

In 1996 we pioneered the managed services concept and helped create the Managed Services Provider model that so many others claim to be doing today, but while they were catching up we were driving ahead and recognizing that for some business the day was coming when racks of servers in their offices would be a thing of the past.

When we started JustWorks we had racks of equipment in our offices at 1975 Hamilton Avenue and leased lines to our customers, now we have no servers, no racks and neither do some of our customers. We have led the way, eaten our own dog food and developed an incredibly efficient, effective and simple cloud services model that spans the range from file services to telephony and online meetings.

We are glad to be back home, and just as pleased to be offering Bay Area businesses the opportunity to make cloud IT simple to adopt and simple to use.

Contact us if you’re interesting in joining our growing list of cloud enabled customers.

 

 

State of IT 2017

As we start the New Year it’s appropriate to look at the state of I.T. and give you the JustWorks perspective on where the best path forward will take us.

First we need to remember that the basic structure of a computer has not changed: a computer uses a processor to process data that is kept on storage. The proximity of the processor to the storage is still absolutely key, and that affects how “cloud services” work, or don’t work. The larger the data being processed, the more important it is that the processor and the data it is working on are joined by a fast connection, so applications like CAD and accounting cannot tolerate a situation where the processor and the storage are separated by the typical Internet link available to most businesses today. Either the data needs to be local (in the same place, like the office) to the computer, or the processing needs to be done remotely, close to where the data is.

Using this model we can more easily understand the different cloud services that are available.

  • “True cloud” services are where both the processing and the storage are provided by the vendor, so all the user needs is a window into their systems — a good example is QuickBooks Online, where the data and the processing are done on Intuit’s servers and all you need is a web browser to see the results.
  • “Hybrid cloud” services are where the processing and the storage are not always colocated. A good example of these type of services are the cloud file services, where the files exist in the cloud but are also replicated locally so that they can be used by your (local) computer. Hybrid solutions typically require both some local systems and some remote (cloud) systems to deliver the solution effectively.

For the majority of businesses the world of cloud services has not advanced to the point where they can replace their local applications, and it may well be many years before that is true. So most businesses are stuck in between the old world of local networks and servers, and some combination of the true and hybrid cloud services.

The way forward is to be ready to move applications to the cloud when that becomes feasible, and in the meantime get as much advantage as possible from hybrid cloud services without breaking what works on the local, office-based network. This is what we have designed JustWorks 7 to deliver.

jw7JustWorks 7 is our seventh major design revision in our 21 year history, and just happens to neatly coincide with 2017 as the launch year. In designing JustWorks 7 we have preserved the ability of our customers to continue to run the applications they need on their office network, while also providing the benefits of a distributed cloud file system that is available from anywhere on any device. Customers can share their data securely with partners and vendors, enable remote working, and still have lightening fast access in the office.

JustWorks 7 provides a platform that supports local applications today, and is ready for those applications to move to a cloud service provider as soon as our customers are ready to do that. Our design is a “hybrid cloud” that prepares our customers to move to “true cloud” when the time is right.

Our new design moves the core collaboration tools of email, calendaring and file sharing so that they are cloud based, but easily accessible from the office too. The reference design for JustWorks 7 is based on using Microsoft’s Office 365 services for email, but can also accommodate anyone who would prefer to use Google, Amazon or another vendor for email. The JustWorks 7 cloud file service works equally well irrespective of which vendor is providing the email services.

JustWorks 7: designed for the future, and today.
We make IT simple.