Blog

Konica Minolta Blog

Konica Minolta's blog provides valuable insights from executives and key contributors focusing on IT and cloud services, information management, and enterprise content solutions for your industry and practice. Our unique mix of innovation and expertise provides our readers with technology solutions to help their business run more efficiently. Check back often for updates on timely industry news commentary or subscribe to our RSS feed.

  • Categories
  • Recent Posts
  • Popular Posts
  • Popular Tags

  • Ransomware has quickly become the cybercriminal’s favorite form of malware. As a reminder, ransomware is malware that hackers use to enter a network or device, encrypts files, hold them hostage, and then demand a ransom to return those files back to the victims. In recent years, universitiesmunicipal governmentssmall businesses, and even large corporations like Honda have been victims of ransomware. More recently, the COVID-19 pandemic has provided the perfect environment of uncertainty and disruption for ransomware to thrive.

    As the threat of ransomware increases, it is important for organizations to be prepared. The best place to start is through education and understanding.  By understanding ransomware, you can be better prepared to identify potential weaknesses. In this blog, we will go inside a ransomware attack and explore its progression as it takes hold of a system.

    1. The Breach

      The most common way hackers get access to an organization’s network is through phishing emails. Phishing is a legitimate looking email with a link or attachment that a when a user opens or clicks, the bad guys are in. Once they successfully breach, they will encrypt files on the network, making them inaccessible. Hackers have released many such phishing campaigns under the guise of the current pandemic to make emails seem legitimate and take advantage of the fear factor surrounding the situation. This includes fake emails from the World Health Organization, government agencies, and even fake applications posing as COVID-19 tracking apps.

      This step is where organizations generally make their first mistake. Users (in this case, employees) are the last line of defense against phishing campaigns. Recognizing malicious emails is the first step to halting a potential ransomware attack. Therefore, it is crucial that employees are well trained to recognize and report such emails.

    2. The Dig

      Once hackers have breached a system, they search around the files to find critical data that can make them money. This can include company finances or confidential user information (names, contact details, social security info). So, in addition to encrypting the data they find, they also may steal the data, which they then share on dark web forums (see #3 below). After having armed themselves with this data, the hackers dig through the network in an attempt to gain access to more devices and block them from being used. While remaining undetected, they then go through the network shutting down security controls like AntiVirus and backups, making it more difficult for the victims to recover from the attack and forcing them to have to pay the ransom. These tactics help them strengthen their stranglehold on the network and build greater leverage to blackmail their victims.

    3. The Demand

      Having encrypted and exploited a network as much as they can, the hackers send the victims a message demanding a ransom to release and return all the files back to them. More often than not, the ransom is demanded in Bitcoin as Bitcoin addresses are not directly linked to a hacker’s identity, essentially making them anonymous. Besides the obvious threat of not getting back their files, hackers threaten victims with publishing sensitive information online, or even sharing it with other hackers through the dark web. In a panic and to avoid embarrassment, victims often pay the ransom which is very much ill-advised. Paying a ransom encourages further repetition of cybercrime and provides no guarantee against future attacks or that the criminal will permanently delete the victim’s data.

    How can I protect my organization from these attacks?

    The threat of ransomware is growing and can be a scary thought for business owners. Not only do they lose data and sensitive information, there is also the cost of the ransom, downtime, and public embarrassment to the company name. But with a healthy cybersecurity framework, ransomware and other forms of cyberattacks can be fought and protected against.

    First of all, strongly consider partnering with a Managed Services Provider (MSP) – they have the technical knowhow to help you assess your current protections, provide guidance on improving your security posture, and help restore your files if in fact your organization does get attacked. Further steps include, as mentioned above, to engage in strong, sound security awareness training for your users so that they are able to identify and prevent hacking attempts before they happen. Testing  your environment for vulnerabilities on a regular basis helps identify weaknesses that could be exploited and ensures that your patching and updating processes are effective.

    Evaluate the strength of your security infrastructure to mitigate ransomware with our turnkey Ransomware Readiness Assessment! Built by our Security team, this tool provides valuable insights and expert recommendations on bolstering your environment to protect against ransomware to keep your organization and your clients feeling safe.

    Security, Technology

    , , ,

    The massive shift towards a work-from-home model in the face of the COVID-19 pandemic brings up the critical concern of home network security. A simple home network lacks the sophisticated security protocols that would be present within organizational networks and opens more endpoints for cybercriminals to exploit as your employees work from home.

    Here are some security tips to consider that can help strengthen your organization’s security posture in this new normal of remote work.

    Antivirus

    Ensure that your employees’ devices are protected with a comprehensive, up-to-date antivirus solution. This can help secure your organizational data that is now being transmitted and stored on their devices.

    Patching and Updates

    Having a consistent patching routine ensures that software is up-to-date and protects devices from vulnerabilities. Such vulnerabilities make it possible for cybercriminals to breach networks and steal organizational data. For example, Microsoft recently announced that Windows 8.1 was going end-of-life, meaning they were discontinuing support (including security updates) for this OS. We recommend that you upgrade all organization’s Windows devices to Windows 10 to have access to Microsoft support and protect yourself against security vulnerabilities.

    SaaS/Web Access

    Make sure your team has uninterrupted access to VPN and remote desktop solutions like Citrix or Microsoft RDP. Office 365 is the most widely used cloud-based collaboration and productivity suite worldwide and is invaluable during this period of global remote work. Because of its integration with collaboration tools like Microsoft Teams, it allows your employees to collaborate and have virtual meetings while getting their work done, and since it is happening in the cloud, organizational data stays off personal devices, and protected against breaches. Another benefit to using cloud-based applications is that installing business applications on personal devices would require additional licensing, resulting in higher costs.

    Document Storage

    Review document storage best practices with your employees to ensure that they recognize the sensitivity of your data. Company documents can include confidential information, and therefore should not be saved on personal devices that are used in the home by individuals other than your employee.

    Accounts/Passwords

    For shared machines, employees should have separate user accounts for home and work use, and work accounts should be password protected. This will protect sensitive data from being accessed by users other than the employee. If separate accounts are not possible, we recommend that users avoid saving passwords and disable VPN access once they are no longer using their device. While saving passwords is convenient, when done on shared devices without a separate account, it can expose sensitive data to other users of the device.
    Corporate machines typically have policies that require the screen to lock after inactivity to prevent someone other than the user from accessing the device. Employees should enable screen locks that require compulsory passwords to access their account on their personal devices to protect organization data.

    Home Networks

    Home network devices such as modems and routers are rarely updated with the latest firmware. This can open up the home network to security vulnerabilities that hackers can then exploit. We recommend that your organization’s IT team review these devices to ensure they are up-to-date with the latest firmware to safeguard your critical data.

    Conclusion

    This is an unprecedented period of business disruption, and organizations have taken great strides to enable their employees to work remotely and keep their business functional. However, this requires some security follow-ups, and the above tips will keep your employees and your data safe as we continue to thrive in this new normal of remote work. Please contact us if you have any questions regarding these best practices.

    Security, Technology, Workplace of the Future

    , ,

    Many organizations have recently found themselves scrambling to keep business running as usual while ensuring their staff and clients stay safe. COVID-19 has been testing the planning and preparation of IT Departments around the world.

    Below are 5 measures that all business leaders should implement to keep their users productive in the face of disruption:

    1. Have a Business Continuity Plan (BCP)

    A Business Continuity Plan outlines how a business will remain operational in the event of a major disaster or event. A BCP details the steps taken before, during, and after a critical event that are required to maintain business function from an operational and financial standpoint.

    If you were caught unprepared for the COVID-19 Outbreak, now is the best time to make sure you’re never caught unprepared again. Get a team together and get a Business Continuity plan in place.

    1. Elect an Emergency Preparedness Team

    During any type of business disruption, organizations need to have a steering committee that is at the helm of the decision-making process. With a Continuity Plan in place, your team will have a great starting point, but every disruption to your business is unique. Your Emergency Team should keep an eye on official recommendations from government and health officials. They can use those recommendations to identify how your business will be affected and decide on any additional measures required to keep your staff safe and productive. Your Emergency Team can coordinate the disaster response so that nobody is left scrambling, wondering what next steps are.

    1. Offer Remote Work Options

    “Work is not where you are. Work is what you get done.” – who said this?

    The ability to work remotely has become essential for all businesses. More and more organizations are adopting a work from home policy to foster better work-life balance and increased productivity. Enabling your employees to work from home (WFH) becomes even more valuable in the face of business disruption.

    Many large organizations, like Twitter for example, have announced that they will be working remotely in response to the COVID-19 outbreak. Being ready with a WFH Policy can keep your organization up and running even in the face of a nation-wide lockdown, like some Countries around the world are currently experiencing.

    Here are some important points to consider:

    • Do your employees have secure laptops that they can take home?
    • Can your VPN or remote access solution support the increased load if most or all employees are trying to connect?
    • Do you have collaboration tools in place that enable employees to easily interact amongst themselves and with your customers? Examples include:
      • Phone and video conferencing solutions
      • Chat or team-based collaboration tools
    1. Be Ready with Cloud Backups

    With any business disruption—whether it’s a local natural disaster making your office inaccessible, or a pandemic response where you need increased social distancing for staff – you need to be mindful of where data is getting created, stored, and backed up.  With more work-from-home scenarios, that means data is getting created and potentially stored on devices outside of your core network or in the cloud.  Backing up data from endpoints, from cloud apps, and from shared network drives should now be a mainstay in an organization’s business continuity plan.

    You need to protect your users, their data, and their productivity with good, easily restorable backups. When staff are working remotely, they are more susceptible to cybersecurity risks, lost or stolen devices, and good old-fashioned human error (spilling the latte at Starbucks). Protect your productivity, data integrity, and your business continuity by rolling out a backup solution that covers not just your servers, but your endpoints (laptops) and your cloud apps and data like Office 365.

    1. Test Your Process

    How can you know for sure that you’ll be ready when disaster strikes? Test your process.

    Once you have a BCP in place and an Emergency Preparedness Team assembled, schedule a run through to make sure everything is working. The last thing you need in the middle of a business disruption is to learn that something is broken

    Following these tips will help ensure that your business is ready for any disruption. Should you need help any step of the way, feel free to contact us.

    Technology, Workplace of the Future

    , , ,

    The COVID-19 pandemic has brought on a fair share of negativity in the business world, yet many technology companies are taking part in a global effort to support our economy during this period of disruption. Below are several examples of major technology partners providing free offers or lower cost solutions due to the COVID-19 crisis.

    Microsoft: 6-month Office 365 E1 Trial

    Microsoft created this trial as a direct response to COVID-19. Office 365, and more specifically Microsoft Teams, is a great solution for helping remote employees stay productive, connected, and collaborative. This trial can easily be upgraded to a paid subscription after the 6 month trial period.

    Cisco: Free 90-day trial for a WebEx Enterprise Account (temporarily paused)

    Understanding the demand for collaboration and communication during this time, Cisco has released free WebEx enterprise account offer. WebEx is an enterprise grade video collaboration platform from Cisco, one of the most trusted names in networking and collaboration. This doc from Cisco provides more details on the offer

    Note: Cisco has temporarily paused enrollment into this free trial due to the overload of requests they have received. We will update this blog to reflect when they are opening up registrations, so keep an eye out!

    Citrix: Citrix Synergy 2020 now a free, multi-day Online Event

    Citrix has changed its annual conference to a free digital event, which will give businesses a chance to learn about Citrix’s latest updates and innovations from the safety of their own homes.

    UPDATE: The Citrix Synergy conference has been postponed to a virtual event in the fall. We will update this space with dates once they are announced.

    Leveraging these offers from industry leaders will continue to keep your organization running smoothly during this disruption. We will continue to update this blog with new offers as they are rolled out, so keep your eye on this space!

    If you are interested in any of these promotions, please let us know!

    Technology, Workplace of the Future

    ,

    With the transition to remote work in the face of the COVID-19 pandemic, many organizations and schools are transitioning to using Zoom for online collaboration and learning. This has seen the online conferencing service get hit with multiple cyberattacks, and there are now over 500,000 leaked Zoom accounts available for sale on the dark web.

    We have received some questions from our clients on these security concerns, and whether Zoom is safe to use. This blog is in response to those concerns and some of the measures that users can take to stay safe, should they choose to use it.

    Why Zoom?

    Zoom’s focus has been usability and reliability – easy to use and works great on any device with a range of bandwidth. Zoom has had to handle a 20x increase in use over a matter of weeks and have largely been successful in managing the increased usage.

    However, as use in organizations has skyrocketed, vulnerabilities and concerns have been identified. With the popularity of Zoom, it has also presented a huge attack opportunity for cybercriminals.

    Initial areas of concern

    1. Zoom-bombing:
      Zoom-bombing is when an intruder infiltrates and disrupts a video conference call. Not only could intruders share inappropriate content, they could also simply just quietly listen into or watch what’s happening in the meeting and steal specific data to enhance social engineering and e-impersonation campaigns. Various changes have been made by Zoom to address Zoom-bombing including defaulting to users being put in the waiting room where a host must allow them access. Advice has also been issued on ensuring that a password is used for all meetings and that the meeting URL is only provided to invited users.
    2. General:
      Vulnerabilities have been identified, but recently, Zoom has been fairly quick to fix them. If installed, Zoom should be set to auto update, so all new fixes are applied as soon as available. Meeting links are generalized and reused so once someone has the link, they can always access in future.
    3. Encryption:
      Currently, Zoom is using their own encryption, which is generally not recommended due to the highly complicated nature of encryption. Zoom does not use end-to-end encryption, so there is a potential that their current communication stream could be compromised. Zoom indicates that they are working on improvements.
    4. Privacy:
      Ensure that the Zoom privacy policy is reviewed, understood, and determined acceptable for your organization. For free accounts, personal information will certainly be monetized. For paid accounts, organizations should understand what information is collected and how it is secured.

    In Conclusion

    If you choose to use Zoom, it is important to keep in mind the security of your data and users. Practice cybersecurity discipline and use the following tips to stay safe:

    • Use with caution and an understanding of the risks
    • Should not be used for secret or confidential meetings or conversations
    • If used;
      • Ensure users are aware of, and using, proper security settings and are staying up-to-date on ongoing changes
      • Set the application to auto-update so it is always up-to-date with latest fixes
      • Ensure meeting recordings are also protected
    • Hosts should monitor participants of their meetings and not allow unknown users into meetings
    • For tighter control and deeper integration with other organization communication tools, consider a more mature conferencing solution

    Security, Workplace of the Future

    , , ,

    Optimism in The Face of Disruption: Technology, Collaboration and The New Normal

    , Director, Marketing & Communications, IT Weapons, a Division of Konica Minolta

    Everything is different now. In just a matter of weeks our world of work, interaction, and collaboration has transformed.  And for most Canadian organizations, technology is at the heart of your ability to respond effectively.  Welcome to the new normal of widespread remote work.  Unfortunately, many organizations are in survival mode. They are on their heels, trying to adjust temporarily, until they can get “back to normal”.  But what does “normal” look like on the other side of this pandemic crisis?

    Going through a difficult time often forces us to prioritize differently; to identify the elements of process or work that are truly essential to our business, to our customers, and to our teams internally. And despite negativity surrounding the crisis and disruption, this can also precipitate positive change and innovation.

    If your operating model never prompted you to adopt remote work and remote collaboration solutions across the company before now, it makes sense that you’re having a difficult time adjusting under pressure. But adjust you must … And once you do stabilize in the coming days and weeks, the question becomes, how permanent will these changes be for your organization?

    Many of the more dramatic social changes we have seen are going to be temporary; the mandatory social distancing, the prohibitions on travel and events etc… Eventually things will calm down and we can get back together in person.  But some of the changes we are making in response to this new normal won’t be temporary. They are going to be permanent transformations … And maybe that’s a good thing.

    There are many organizations who are adopting a rethinking and reinvention mindset toward what is happening. They are looking at their organization through a new lens; taking this radical and sudden disruption as an opportunity to re-examine the role that technology plays in their essential operations and the way we engage with customers and clients in every industry across Canada.

    In some places they are rethinking their operations out of necessity, but that is still giving rise to new opportunity.  For instance, think about the fine dining restaurant that just pivoted to be a leading, local, gourmet delivery service.  Or consider the primary care physicians and mental health professionals that are finding ways to connect with patients and deliver care using video-conferencing tools.

    Think also about common business processes that are impacted by the mandatory social distancing; what do we do about signatures and approval workflows work when everyone is remote and we can’t simply “print, sign, and scan”.  Of course there are digital tools for that!  Every business is finding new ways to be digital first. And despite the terrible situation we find ourselves in right now, that kind of innovation can be exciting.

    Microsoft has reported a spike of over 775% in usage of its cloud platform and tools in recent weeks (for Power BI, Xbox, Infrastructure services etc…). There are also over 44 million people using Microsoft Teams to collaborate every day now.  Cisco WebEx has a comparable surge in usage in the previous weeks. Things are changing fast.

    And as we adjust to this new normal, new habits are forming every day.  As your team finds ways to collaborate internally and engage with your customers without being face-to-face, patterns of behaviour are emerging.  How many of these new ways of engaging are going to persist when we are allowed back to the office? That’s up to us.

    Some of the changes you make now won’t merely help you survive this current episode of widespread disruption; there is an opportunity to thrive when we get to the other side.

    To be sure, the short (and long) term social and economic impact of this pandemic cannot be overstated.  This is a tough time for everyone, and a horrible time for some. That’s why governments at all levels (all over the world) are mobilizing assistance and aid packages and emergency spending.  It’s important to remember that they are also optimistic that if we work together and play it smart, if we all lend a hand where it’s needed, we can come out of this a little stronger and a whole lot wiser.  Together.  And that can be inspiring.

    Maybe being forced to operate in a video-first, virtual way with our teams, with our partners and with customers will actually help us to create more a human-centric approach in the future.  But for right now, let’s all make sure we have the tools we need to keep business moving and stay connected while staying at a distance.

    Digital Transformation, Workplace of the Future

    Think of the most popular brands in the world. You could recognize them anywhere. Why is that? Aside from their global presence, these brands have one thing in common – they adhere to a strict set of brand guidelines. (more…)

    Marketing Services

    ,

    On June 15th, 1993, the Portable Document Format (or PDF) was born. PDF was created by Adobe® to be a standard document format which would allow for the exchange of documents across different systems (i.e., Windows, Mac, Linux, etc). The PDF file format allowed for any end-user to read/view a document, regardless of their system and irrespective of the native application that created it. (more…)

    Content Management, Digital Transformation, Workflow and Automation, Workplace of the Future

    , ,

    This is the final blog in a four-part series that will help you create a roadmap for your journey to build and maintain a better IT system. [Part 1], [Part 2], [Part 3]. (more…)

    IT, Workplace of the Future

    , ,

    This blog is the third in a series that will help you create a roadmap for your journey to build and maintain a better IT system. [Part 1], [Part 2]. (more…)

    IT, Workplace of the Future

    , ,