SpireTech Blog - Tag: Security
IT security and safety recommendations, news, and advice.
Over the last two months, we have seen several customers have their WordPress websites hacked. Hackers installed a plugin or other backdoors and used the sites to send thousands of spam messages – or worse. All sites were successfully recovered from backup and repaired by our Service desk, which is a billable event.
Our investigation revealed that the hacks were due to sites not being kept up to date with security updates, or poor password management practices. Read the rest of this month’s articles to discover ways to secure your WordPress website, and Managed WordPress hosting. Read more...
In response to frequent WordPress hacks, we thought it might be helpful to write about some of the best practices we’ve used to secure WordPress websites.
- Use unique, strong passwords for your login. One of the techniques hackers use is a stolen password – a password you’ve used elsewhere – to login to your site. Another technique is to crack a weak password using a bot, repeatedly trying weak password combinations.
- Use Multifactor Authentication at your Wordpress login. Plugins such as “Google Authenticator” will implement this.
- Update your installation at least monthly. This includes updating WordPress itself, all plugins, and any themes you’ve installed.
- Change your login page. Bots will try the default login URL to find your login page. Simply changing this URL to something unique will give them nothing to probe. Plugins such as “WPS Hide Login” (https://wordpress.org/plugins/wps-hide-login/) can help make this change easily.
- Install a security plugin. Multiple plugins exist for free that will ban IP addresses that repeatedly try to access your login page, or change the default URL for you. Caution
We’ve had a few clients ask us about remote worker policies. We view this as an HR issue with possible legal implications, so you’ll want to seek advice appropriate to your firm. We’ve all had to relax the standards around eligibility and physical environment during Covid, but the policies around attendance and security still apply. Here’s some food for thought if you have yet to implement a remote work policy.
Working from home is a privilege and may be allowed in some circumstances subject to the following guidelines. If your supervisor approves your working from home on a particular day instead of being present in the office, you must comply with the following guidelines:
- Eligibility Not all positions are eligible for working remotely. If your position involves frequent or important interaction with other employees or clients, it may not be possible or practical for you to successfully work remotely. If you are unable to work at your normally assigned position and time, working from home must be pre-approved by your direct supervisor.
M365 has several optional security features that are not turned on by default. The capabilities vary based on your subscription, but even the most basic subscriptions have features that we can enable.
For the quickest, easiest, and automatic enforcement of basic security best practices, subscribe to our M365 security essentials pack. This is software that runs in the cloud to lock down and keep your M365 tenant secure.
Clients on M365 business premium have additional features available, including conditional access, Azure identity protection, and various flavors of Advanced Threat Protection.
Contact us to secure your M365 tenant today.
If you have employees using personal devices to work from home, you should make sure those computers have business-grade anti-virus and patches are being kept up to date. Remember that we offer support for these secondary devices for only $30/mo, and the price includes Sophos Intercept X anti-virus software. Please let us know if you’d like us to secure some of these personal devices. Read more...
Just a quick note to let clients know that if you are still running Windows 7 or 2008 server, we cannot be responsible for the security of your network. The risk of ransomware is real, and we’ve heard many horror stories of companies that have been breached. Being able to apply security updates to your computers is one of the key defenses you have against this risk.
In accordance with our policies, we reserve the right to invoice for technical support of software that does not have vendor support. As a courtesy, we will extend free support for 15 minutes, after which we will request approval to bill for our time. We do not wish to impose hardship, but aged software and hardware does require more time to support than modern software, and we must balance this against the need for security. Read more...
In case you missed it last month, we’ve licensed specialized software that runs in Azure that optionally enables additional security for our clients using Office 365. The software works to automatically keep security tight, and alert on suspicious logins and emails. To learn more, please visit:
With work from home, we’re noticing an increase in the number of machines being shut off when we are trying to install updates. Please remember to log off and leave your computers turned on and connected to power when we prompt you for updates.
Thank you for your cooperation. Read more...
As a reminder to what we advised last month, we’re putting a stop to SpireTech support for Win 7 machines on July 1st. Congratulations to those of you that have successfully eradicated these machines from your networks. However – in a review today, we see that approximately 10% of machines are still running Win 7. We’ve now got 30 days to get rid of the rest of them. While we don’t want to create unnecessary hardship for clients that may be stressed due to COVID-19, we still need clients to make an effort to replace the remaining systems.
Win 7 machines can be slow, insecure, and time-consuming to support. If your network gets breached due to outdated software, or you call us for support on a Win 7 system, we reserve the right to invoice for time beyond 15 minutes of support. Read more...
SpireTech Managed Services clients are now able to purchase a security essentials add-on for Microsoft 365 offered by SpireTech. This add-on, based on powershell and services running in Microsoft Azure, enables additional security features designed to continuously enhance your security on Microsoft 365. These features do not require additional Microsoft licensing to function.
Real time location monitoringWe monitor the login locations for every sign in, and alert on activities outside of expected regions.
External forward monitoringWe monitor automatic forwarding rules. A common tactic employed by hackers to exfiltrate data.
Mailbox auditingLogs actions taken by users in their and other’s mailboxes.
M365 License trackerGet notified every time a license is added or removed from your account, and receive a monthly report of all licenses, use, and assignments.
Email Spoofing ProtectionGet a warning when an external user attempts to impersonate any internal user, including managers.
Monthly Security ReportA detailed report of several key system and security aspects of your M365 tenant. A necessity for regulated industries, and great peace of mind for everyone else.