February 13, 2024

Beware of Session Hijacking

We’ve been talking a lot about session hijacking recently and we’re starting to get a lot of questions about what that term means. By definition, a session hijack is a security attack where an unauthorized person takes control of a user's authorized session in a computer system.

In a typical online scenario, when a user logs into a website or application, a session is established between the user and the server to maintain their authenticated state. This session is generally maintained through the use of session tokens or cookies.

Session hijacking occurs when an attacker intercepts or steals the session information, allowing them to impersonate the legitimate user and gain unauthorized access to the system. There are several methods through which session hijacking can be carried out:

Continue reading
March 24, 2023

Microsoft Office 2013 End of Life

Please be aware that Microsoft Office 2013 has reached its end of life, effective April 11, 2023. This means that Microsoft will no longer provide support, updates, or security patches for the Office 2013 suite. While the software will continue to function, its lack of ongoing support and security updates may leave you vulnerable to potential security threats.

Continue reading
February 22, 2023

Password Strategies

In today's digital age, passwords are an essential aspect of our online lives. They protect our personal information and digital assets from unauthorized access and ensure our online security. However, with the increasing number of online accounts and services, it can be challenging to remember and manage multiple passwords. that can help enhance your online security and ease the burden of password management.
Continue reading
January 23, 2023

Protect Yourself Against Gift Card Phishing Scams

It seems that phishing scams are always on the rise and ever-changing, but the "gift card" scams have been a mainstay for years.  This video will explain how to spot such phishing scams before it's too late.

I won't name names, but I have been shocked at some people I know who have fallen for these scams, including seasoned technical types.  It's best to always be on the lookout and and to be suspicious if you want to avoid these clever phishing scams.

March 11, 2022

A Focus on Consulting

Back in 1999, the first Prometheans were trying to come up with a name for this venture of ours. Earlier tales have been told of how Promethius came to be a part of it, but what I’d like to discuss today revolves around the “Consulting” portion of that storied name.

You see, consulting has always been a major value that we bring to the table, but many of our clients don’t avail themselves of it. In the early years of the Promethius experience, it was very common for Prometheans to be part of our clients’ teams. We attended staff meetings, board meetings and sometimes even staff birthday parties. We consulted on annual budgets, strategic initiatives and even staffing decisions. As technology progressed, however, it became much more common for small companies to departmentalize their tech. It became common practice to rely on software vendors for advice on software functionality, for instance. Rather than work with a trusted advisor to gather requirements and wish lists, company leaders, and sometimes general staff, would start meeting with software vendors and let the demos do their work.

In recent years, many of our prospects/customers approach us already knowing the products and services they wish to purchase. Too often this sort of thinking has led to computer support being viewed as a commodity. Seeking the lowest-priced help desk support can cause some real problems and has left many small companies in dangerous positions in this age of cyber threats.

The risks today are too great to rely on client/vendor relationships. We need to go back to a world of partnership. We need relationships in which we can have real discussions of threats, problems, options and solutions. If there is no trust, then everything seems like a sales pitch. The fact is that the most profitable solution for Promethius, the vendor, is often the “solution” that we would advise against. It would be easy, for instance, to recommend a time and materials solution to our clients that only reacts to problems after they have revealed themselves through some sort data loss or security breach. This kind of arrangement might be good for our bottom line, but it would be irresponsible for us to recommend such a strategy.

So, the moral to the tale is to discuss technology strategies with your trusted advisors and more importantly, choose vendors that you can trust as the number one criterion. View your technology providers as a team of experts that is there to help you make decisions to run your business. If your website developers can’t work with your SaaS providers or your Managed Services Provider, then some changes might be in order because technology needs to work in concert to be effective. Give us a call if you’re interested in discussing your IT strategy.

September 6, 2021

Cloud-to-Cloud Backup

Cloud to Cloud Backup

Promethius began migrating on-prem Microsoft Exchange Servers to the cloud about fifteen years ago and we haven’t looked back. Initially, multi-tenant, cloud-hosted Exchange Servers were owned by third-parties, like Intermedia and AppRiver. This arrangement worked very well until Microsoft decided to get serious about the hosting game in 2011 with Office 365 (I’m purposely ignoring their BPOS service that launched in 2008 because I still have nightmares about it). Microsoft seriously undercut the pricing of its own partners and put most of them out of business. The positive of this move, however, is that Office 365, and now Microsoft 365, have become very solid and essential business services boasting almost 2.4 million business customers. Of course, Microsoft 365 isn’t just email hosting, it’s hosted documents via SharePoint and OneDrive and it’s a project management via Planner and the list goes on and on.

In our 10 years of experience with Microsoft 365, we’ve had very few issues of lost emails/documents, but it should be recognized that Microsoft 365 doesn’t offer a traditional backup and recovery system with lots of retention options, etc. As far as disaster recovery of Microsoft servers go, they seem to rely on their extensive redundancy. This is probably adequate, but companies sometimes get caught off guard when it comes to the email and document retention policies. Deleted emails have a maximum recovery period of 31 days and SharePoint/OneDrive documents have a maximum recovery period of 93 days. Keep in mind also, that this isn’t the industry standard off-site backup. These emails and documents are saved to the same network that is hosting the live data. Many small companies choose not to pay for third-party backup even when these facts are pointed out, but a third-party backup of your most crucial communications and company documents is probably worth a discussion. You might be surprised to learn how affordable it is.

September 4, 2021

Multi-Factor Authentication

Among many other horrible things, 2020 was a year of rampant computer fraud. Therefore, 2021 is the year we pay for it. Insurance companies took a beating and now it’s time for premiums to rise and requirements for policy renewals to get harder. Insurance companies are now beginning to mandate something that IT companies, including Promethius Consulting, have been pushing for years…Multi-Factor Authentication.

Continue reading
1 2 3