Microsoft 365 is the perfect solution to strengthen your NIST cybersecurity program. This strength comes from Microsoft’s close alignment with NIST AKA The National Institute of Standards and Technology. By combining Microsoft 365 services with NIST guidelines, businesses get an easy-to-follow IT planning blueprint. Now part of The Commerce Department, NIST is over 100 hundred years old and plays a vital role in supporting various industries with technology, measurements, and standards. And Microsoft is the worldwide leader in Software as a Service (SaaS). They’re not only one of the strongest horses to bet on for the long haul; Microsoft 365 has innovative applications that only get better every year. Wouldn’t it be convenient to build your IT stack around ubiquitous business tools specifically designed to support NIST Cybersecurity? The next few sections feature four NIST functions mapped to four security pillars within Microsoft 365: Identity and Access ManagementThreat ProtectionInformation ProtectionSecurity Management NIST Cybersecurity Guideline #1 – Identify Microsoft Azure Active Directory helps you identify each one of your digital assets. Organizations benefit from robust controls with management and provisioning capabilities that track and verify user identities, workstations, mobile devices, company data, and cloud applications. Even better, your team has Single-Sign-On (SSO) access to everything they need to work securely, from any location, at any time. Azure Active Directory creates secure access to all of your applications, wherever they happen to be – on a server in the office or several dozen clouds. SSO is one of my favorite applications and will be the norm in five years. NIST Cybersecurity Guideline #2 – Protect Identity management and access control protect you with insights informed by machine learning. This technology pulls data from billions of authentications every day. Then cybersecurity experts score the data and provide real-time risk ratings for each user and device attempting to access the network. Azure Active Directory is configurable with conditions to set parameters around your people, devices, apps, and associated risks. Are you located in Atlanta? Would you be suspicious if someone from Belarus was attempting a login? How would you feel about someone from your team jumping on the network with a device missing the latest virus protection software? Azure Active Directory nips all of this risky activity in the bud. The application is also adjustable to trigger system responses based on risk level, Multi-Factor Authentication rules, device registration requirements, and repeated password submission fails. NIST Cybersecurity Guideline #3 – Detect NIST helps you detect new and emerging threats in today’s era of constant digital warfare. Why is detection so critical? The dark side of the technology community is unleashing a daily torrent of anomalous activity targeting user devices, email, and identity credentials. Don’t worry. Microsoft 365 has you covered with an evolving multi-layered security solution including: Windows Defender Advanced Threat Protection (ATP) for endpointsOffice 365 ATP for emails, attachments, and cloud file storageAzure ATP for identity credential attacks You can test higher-risk user behavior with cyber-attack simulations to identify and take corrective measures. Continuous network monitoring, scanning, logging, and reporting keep a constant pulse on suspicious activities while providing actionable forensic data. You can also proactively manage granular compliance details with Intune device monitoring. The Intune dashboard provides visibility into global compliance for every device, including individual settings, individual policies, and individual machines. NIST Cybersecurity Guideline #4 – Respond Azure Active Directory Access and usage reports will lighten your response planning overhead with insights that reveal the effectiveness of your Azure Active Directory implementation. If there are any gaps, you can immediately respond to neutralize the impact of potential threats, events, or security incidents. There’s something to be said about a solution that’s programmed to notify you whether or not you have it configured correctly. How’s that for intelligent design? As part of Microsoft’s commitment to protecting client data and the uptime of your services, they include a rich array of incident response tools to strengthen your risk mitigation strategy. Resources include security incident guides, Office 365 cyber event whitepapers, and built-in reports to educate everyone on your team. You can also initiate emergency intervention on user machines and specific files in the middle of an attack. While 100% protection is impossible, it’s empowering to know you can contain and reduce the damage caused by internal and external threat actors. NIST and Microsoft provide safety through longevity. Microsoft and NIST are formidable in increasing performance, lowering risk, and having a unified sheet of music to justify investments in business-optimizing technology. Both Microsoft and NIST form a collective north star. Why not benefit by following an explicit set of directions to travel a well-worn path? If you have a technology planning committee (and any skeptics reluctant to approve anything), this framework is compelling. It also withstands rigid legal scrutiny. For a deeper dive into the product nuances (and the source material that inspired this discussion), I encourage you to explore the following link: Learn More: Microsoft & NIST CSF Get in touch to discuss with us Today Johannesburg – +27(0)11 435 0450, sales@multi.co.zaCape Town – +27(0)21 879 1950, sales@multi.co.zaDurban – +27(0)31 331 0735, sales@multi.co.za Namibia – +264(0)84 000 8310, sales@multi.com.na

Businesses should be clear on the differences between VoIP support, vendor technical assistance, and system administration. The word “support” is subject to interpretation. That’s why we’ll illuminate and contrast related activities and service offerings frequently conflated with VoIP support activities. Support and Vendor Technical Assistance are a few degrees apart in scope. VoIP administration is a separate service since its scope is significantly more extensive. The following three sections will empower you with pointed questions to articulate your business requirements with much greater clarity. #1 – VoIP Support MULTi IT and Telephony Solutions and most other MSPs are familiar with the two primary varieties of VoIP: Software as a Service (SaaS) and premised-based phone systems. This discussion will focus on the SaaS category and its more descriptive and current moniker, Unified Communications as a Service (UCaaS). The evolving UCaaS platform has a comprehensive catalog of collaboration solutions spanning voice, video, chat, telephony, text, mobility, presence, instant messaging, conferencing, and scheduling. It also has expanded functionality and integration with office productivity tools, file sharing, and storage. Doesn’t this sound more like an IT application than a basic phone service? It should because it is, and it’s constantly evolving. UCaaS also has a high level of public awareness and transparency. Many industry leaders are Unified Communications as a Service companies featured in Gartner Group’s Magic Quadrant. Most MSPs are well versed in Unified Communications as a Service. Since your IT provider’s job is to monitor, manage, support, and secure your local area network and users, they are responsible for owning the uptime of your IT systems. This base-level MSP service integrates and tracks all network components throughout the technology lifecycle. If it’s connected to your systems, your MSP is involved. Every UCaaS service implementation includes but is not limited to the following activities, which by default, require your MSP to: Coordinate the cutover with the carrier and the service provider (it could be the same company)Make changes to settings on your server, switch, and firewallCreate a vLAN to segment voice traffic from data trafficInstall additional cable drops or at least collaborate with a low voltage vendorAssist with the setup and configuration of desk phones or softphones Of course, your MSP has visibility into all the standardized hardware, software, and services connected to your network. So they should be able to not only support UCaaS infrastructure but also provide help identifying and troubleshooting issues related to the service. The same applies to well-known solutions from prominent names like Cisco, Datto, Dell, HP, Lenovo, Microsoft, Proofpoint, Veeam, and VMware. On a small world note, both Cisco and Microsoft are in the UCaaS space. And each UCaaS solution from major names like 3CX, Ring Central, Nextiva, and Vonage is designed to work in IT stacks that include all of the brands I mentioned. We’re talking about modular pieces of the same general puzzle. #2 – Vendor Technical Assistance is a Little Different than VoIP Support. Sometimes referred to as vendor management, vendor technical assistance (VTA) is a more formal description of daily IT support activities that require the MSP to troubleshoot IT support issues with third parties. While the first section mainly addresses core support capabilities, VTA is the intentional discipline of engaging a host of outside technology vendors. For example, users may be unaware of the root cause when they open tickets with their MSP. A system administrator or network engineer knows how to quickly isolate the problem and then work with their technical counterparts at AT&T, Bigleaf Networks, Comcast, Ring Central, Windstream, Polycom, etc., to resolve any issues. This process may entail calling and emailing several companies before achieving a resolution. VTA goes way beyond UCaaS and is typically a separate line item on an MSP proposal and contract. I’ve been in the MSP business since 2003, and many of the following scenarios qualify as VTA events: Onboarding a new PEO vendorNew service cutovers of any kindData recovery projectsRansomware threatsPower outagesFloodsSecurity alarm malfunctionsHardware or software procurement projectsCopier installsFirmware upgradesSoftware updates Each of these situations can potentially consume up to six hours a month. Can you see why companies would rather pay someone else to do this? MSPs who don’t classify this service, define the parameters based on the client’s vendor count, and simply tell a prospect they “support” everything are setting an expectation that will be hard to fulfill. They will either do all the legwork and lose money or only do part of the legwork to avoid losing money. #3 – VoIP (UCaaS) Administration is Much Deeper than VoIP Support. This term is an entirely different animal compared to support and VTA. It incorporates operating activities from both disciplines. However, it’s similar to an MSP’s role when they administer your Microsoft 365 account. Users who need help with passwords, SharePoint, One Drive, or Teams aren’t opening tickets directly with Microsoft. They’re contacting their Microsoft Certified Partner MSP, the authorized admin on the account. UCaaS administration typically includes each of the following services for a fixed fee: Moves, adds, changesUser support based on your headcountHelp configuring Auto Attendants, Call Centers, and General Voicemail Boxes Like Microsoft 365, UCaaS solutions are software-based and easy for qualified engineers to jump into and tweak the settings. Your team will not have to call 8X8, Dialpad, Nextiva, Ring Central, Vonage, or anyone else. Your MSP should do this on your behalf if they charge you an administrative fee. Next Steps in Your UCaaS Journey Your MSP can enhance your VoIP/UCaaS experience. But you need to clearly state your needs with the correct terminology. Here’s a quick run-down of the main takeaways: MULTi IT and Telephony Solutions can support all of the usual suspects in the UCaaS field.VTA is different than basic support and requires interacting with third parties. (This can be time-consuming and frustrating for non-technical types.)Administration means the MSP is truly running the show, and you won’t have to worry about going direct with one or several vendors when you need a hand. We can also support and provide VTA to premise-based VoIP solutions as long as the hardware and software have current warranty/support coverage. The administration piece requires case-by-case consideration. We look forward to a conversation if you have any additional questions or want to evaluate MULTi Hosted 3CX VoIP Solutions. Get in touch to discuss with us Today Johannesburg – +27(0)11 435 0450, sales@multi.co.zaCape Town – +27(0)21 879 1950, sales@multi.co.zaDurban – +27(0)31 331 0735, sales@multi.co.za Namibia – +264(0)84 000 8310, sales@multi.com.na

This year, Microsoft announced that on-premises Microsoft Exchange servers were exposed to serious vulnerabilities via a breach by a Chinese state-sponsored hacking group. But why? We’re going to examine this and more for you in this article. Microsoft Exchange server breach: an overview Before we can start examining the effects, we need to explain the basic elements of what happened. Who’s behind the Exchange server breach? Microsoft calls the group behind the breach Hafnium. Microsoft has assessed Hafnium to be a Chinese “state-sponsored threat actor” based on their targets, tactics, and procedures. The group is based in China, but primarily works out of U.S-based virtual servers and targets various industry sectors. Microsoft was aware of Hafnium previously, but this is the first time they are naming the group publicly. What does the breach involve? The attack targets on-premises Microsoft Exchange servers, both older releases that have reached “end of support” and the newest releases. How did the breach happen? Microsoft described the breach as a three-step process: Hafnium could gain access to an Exchange Server with stolen passwords or zero-day (undiscovered) vulnerabilities. These vulnerabilities would disguise Hafnium hackers as someone who already had access to the system.It would create a web shell to control the server remotely.It could then steal data from an organization’s network, set up ransomware, or plan another type of malicious attack. How did Microsoft act? Microsoft immediately released patches for Exchange Server 2013, 2016 and 2019. They also released a Defence in Depth update for Exchange Server 2010 with Service Pack 3. This is noteworthy because Exchange Server 2010 has already reached its “end of support” last year, and Microsoft had no obligation to support it further. This underscores the seriousness of the breach — and how many businesses are still using this deprecated release. Those who can least afford it: Why SMBs will be overwhelmingly affected Exchange is a cheaper solution (and that’s often not a good thing) Microsoft Exchange vs. Microsoft 365 is just another example of the subscription model debate: Exchange needs greater upfront costs, but once it’s bought, it’s bought. Microsoft 365 is more affordable to set up but will always require a monthly fee. There is obviously nuance — properly supporting an on-premises environment like Exchange requires active maintenance and expertise, while Microsoft 365 has built-in support. But the basic idea is that Microsoft 365 is considered the more expensive choice in the long run. So, what does that mean in context? Exchange users are often considered price-sensitive, and that’s typically SMBs, nonprofits, educational institutions, and government. Their price-sensitivity means that these servers might not be properly maintained, leading to more opportunities for cybersecurity issues. Exchange is an older solution (and fewer orgs should be using it) Despite the subscription model cost, the benefits of SaaS solutions like Microsoft 365 have led to their widespread adoption. While Microsoft continues to support Exchange, its best use case has become increasingly limited. Over the past few years, we at MULTi IT & Telephony Solutions have taken great effort to transition our clients from on-premises Exchange servers and onto Microsoft 365. We currently have ten clients that still use Exchange servers. They tend to be larger, more complex environments, where keeping Exchange server around was either needed or useful. But for many small businesses who don’t have an MSP to help drive decision-making like this, they are sticking with Microsoft Exchange as their tried-and-true solution. The sunk-cost fallacy is often in effect. Even if it’s outdated, even if it’s not being properly supported, and even if it’s not the best solution for their current needs… the time, effort, and cost of setting up an on-premises solution can cloud judgement. This is another reason why SMBs are going to be affected by this hack. Why are incident response teams experiencing burnout? Incident response (IR) is what happens after a breach or cyberattack. Organizations and teams need to limit impact and reduce recovery time and costs. But the teams that handle this type of response been through a lot recently. The attacks keep coming and they don’t stop coming 2021 may have been “the most active year for cyberattacks in memory,” and 2022 isn’t slowing down. In the past week alone, ID Agent covered nine separate breaches that had a severe or extreme business risk. This includes unsecured servers, ransomware, and data breaches from a variety of sources across the world. And IR teams are still reeling from the last huge breach in SolarWinds, which just happened a few months ago. An overwhelming amount of serious, high-level incidents can make a team feel like there’s no time to breathe. A perpetual high-stakes, high-intensity environment can lead to burnout, especially among smaller, less mature, or primarily reactive teams. And burnout can lead to mistakes, or at least a fear of missed mistakes. This might be what some hackers are planning on. A cybersecurity expert has compared the psychological effect of these rapid high-profile cyberattacks to a hacker method where a computer is overwhelmed with requests. How MULTi IT handled this breach Our team worked round the clock, and we patched the affected servers within 24 hours of the patch coming online. We went beyond Microsoft’s recommendations — we used a script released by independent researchers to search for files associated with breaches. This gave us a better understanding of what happened at a time when information was scarce. We were able to inform the select few clients who may have been affected and devote time to further investigation. But a burned-out team that’s dealing with multiple emergencies might not be capable of responding as quickly or effectively. And if most of our clients were still using on-premises Exchange servers, we might have had a harder task ahead of ourselves. Our team’s expertise and proactive planning gave us a better chance of handling this incident well. And that’s also why some organizations will struggle with this breach in a wave of cyberattacks. We do IT differently. Find out what sets us apart from all the other IT companies out there. Get in touch to discuss with us Today Johannesburg – +27(0)11 435 0450, sales@multi.co.zaCape Town – +27(0)21 879 1950, sales@multi.co.zaDurban – +27(0)31 331 0735, sales@multi.co.za Namibia – +264(0)84 000 8310, sales@multi.com.na