In case you didn’t know, Microsoft provides Office 365 users with a free document-sharing platform called docs.com. It’s a great new tool for publishing files intended for public viewing. The downside is, sensitive documents are published without the file owners’ permission. These include hundreds of users who might be unaware that their private files can be viewed by the public. What’s the damage? Usernames and passwords for various devices and applications; personal information such as home and email addresses, bank account details, social security numbers, and phone numbers; and medical info comprising patient treatment data and health insurance numbers -- all these were some of the supposedly leaked documents, which were clearly meant to be private. A security researcher discovered that these sensitive files were accessible using docs.com’s search function. After being alerted to the ‘leak,’ Microsoft responded by removing the search bar. However, most of the documents were already indexed by search engines, Google and Bing, which is how these docs remained available to the public despite disabling the search function. Recent updates To alleviate the damage, Microsoft launched an update that limited what users can do to uploaded files, such as restricting files to a read-only status. Although buttons to ‘like,’ download, add to collections, and share in social media are enabled, only users who enter an email address, phone number, or sign in using their Office or Microsoft account can perform any of these functions. Since anyone can easily create a Microsoft account, docs.com users may not feel at ease. Microsoft’s final word Docs.com is easy-to-use and is valuable to those eager to publish their documents. The site’s user-friendliness also makes it a popular choice for Office 365 users who wish to ‘spread their work to the world.’ Office 365 users can easily upload from their own computer, OneDrive, or Sway account, and share away. Being a free service also adds a lot of incentive for users to upload their Word, Excel, or any other file onto the site. In an effort to solve glaring privacy issues, Microsoft has issued some key updates, such as a warning message reminding users that the document to be uploaded will be publicly available on the web. While it may seem like Microsoft committed a blunder, a stricter privacy setting and a few stronger, more visible warnings to users can help make docs.com a useful productivity tool rather than a hacker’s hunting ground. Discerning Office 365 users can make the most out of docs.com, but they should use the service with caution. If you’ve uploaded documents with sensitive information on docs.com, now is the best time to remove them from the site, or review your privacy settings here and in other document-sharing services. If you’re not sure how to proceed, or want to learn more about this and other Microsoft products and services, call us now on 011 435 0450 or visit our website for advice.

Wake up. Take a shower. Get dressed. These are just some of the numerous tasks we do every single day. They may not be fun, but they are essential to our daily routine. Managing a WordPress website is very much the same. By going through the necessary steps, you can ensure the speed and security of your website. Also, it doesn’t take long to complete! Make backups It’s crucial that you perform a daily offsite backup of your WordPress files and database. This ensures data security in the event of a network breach or natural disaster and facilitates the resumption of your business's regular operations. Although plugins like BackUpWordPress and hosting servers like SiteGround automate the backup process, you should still perform manual backups. Verify backups Not only should you be making backups, you should also be verifying them. By doing so, you are making sure that the backed up files are going where they are supposed to, and backups are being restored. The last thing you need is a failed backup strategy on the day you need it most! Daily security reports If you ask any cybersecurity expert, “Is it crucial to maintain a daily network security report?” the answer will be a resounding YES. While you might not have enough time to carry out thorough inspections and create these reports yourself, you can rely on security monitoring services like Securi. Not only does it carry out the inspections, it sends an SMS notification of any suspicious activity and even emails you a daily status report. Malware scans Cybercriminals are growing in both number and sophistication. With every passing day, new strains of malware are developed and released onto small- or medium-sized businesses. Unless you are a bonafide hacker yourself, detecting malware might be a little tricky. WordPress plugins like Wordfence keeps your website safe using the latest firewall rules, malware signatures, and malicious IP addresses. Speed audits Slow and steady might be qualities valued by some, but not so much for your website. Plugins like Google PageSpeed Insights test how fast your site loads. Because if it takes more than five seconds, you should consider implementing caching and other measures to speed up your site. Slow sites put off visitors and lower search rankings. Review your site For this step, sit down with an impartial friend and let them explore your website. A fresh pair of eyes might highlight issues you might have overlooked, such as forgetting to update the copyright date in your footer. Forbes, National Geographic, and The New York Times are all powered by WordPress, which means you are in good company. By sticking to the checklist, you too can harness the power of this online, open-source website creation tool. Or, instead of signing up for half a dozen services that need daily check-ins, why not have us take care of all of it for you? If you have further questions, don’t hesitate to send us an email or give us a call us a call on 011 435 0450 or visit our website today!

Software developers and hackers are in a constant game of cat and mouse. When cybercriminals find new security bugs to exploit, tech companies have to quickly release a solution that secures those vulnerabilities. Earlier this year, Microsoft released a patch to eliminate a Word exploit designed to steal user information. If you’re an avid Microsoft Word user, here’s what you need to know about the bug. The attack On April 10, cybersecurity firm Proofpoint discovered scammers running email campaigns to trick people into clicking malware-ridden Word attachments. The fraudulent emails, simply titled “Scan Data,” included attached documents that were named “Scan,” followed by randomized digits. Although the emails seem harmless, clicking on the documents triggers a download for Dridex malware, a Trojan virus designed to give hackers direct access to your banking information. From there, they can simply log in to your online account and make unauthorized transactions under your name. In 2015, the distribution of Dridex allowed cybercriminals to steal approximately $25 million from European accounts. And if your business fell victim to this malware, there’s a possibility your company might not be able to recover from the loss. The solution Fortunately, two days after the discovery of the bug, Microsoft released a security update to disable the dangerous documents, urging users to install the patch as soon as possible. But even though Dridex was inoculated relatively quickly, employees continue to be the biggest problem. Like most malware attacks, Dridex was distributed via phishing campaigns that preyed on a victim’s trust and curiosity. Hackers added barely any text to the email, yet people were still fooled into clicking on dangerous links. To make sure Dridex never reaches your company, you must provide comprehensive security awareness training. In your sessions, encourage employees to practice safe computing habits, which include being cautious of online links, setting strong passwords, and avoiding downloads from untrusted and unknown sources. Much like updating your software, keeping your staff’s security knowledge up to date on the latest threats is also imperative. Ultimately, your goal is to have employees with a security-focused mindset when browsing the web. Of course, if security training and cybersecurity solutions are not your company’s specialties, you can always rely on a trusted managed services provider like us to protect your business. We can update and secure your systems regularly, and make sure your staff are actively doing their part to reduce security risks. Contact Multi IT on 011 435 0450 or visit our website today!