We’ve been talking a lot about session hijacking recently and we’re starting to get a lot of questions about what that term means. By definition, a session hijack is a security attack where an unauthorized person takes control of a user's authorized session in a computer system.

In a typical online scenario, when a user logs into a website or application, a session is established between the user and the server to maintain their authenticated state. This session is generally maintained through the use of session tokens or cookies.

Session hijacking occurs when an attacker intercepts or steals the session information, allowing them to impersonate the legitimate user and gain unauthorized access to the system. There are several methods through which session hijacking can be carried out:

Imagine you have a computer or a system that you rely on for important tasks, like storing important files or running your business. Now, what would result if something unexpected happened and that computer or system suddenly stopped working?

Promethius began migrating on-prem Microsoft Exchange Servers to the cloud about fifteen years ago and we haven’t looked back. Initially, multi-tenant, cloud-hosted Exchange Servers were owned by third-parties, like Intermedia and AppRiver. This arrangement worked very well until Microsoft decided to get serious about the hosting game in 2011 with Office 365 (I’m purposely ignoring their BPOS service that launched in 2008 because I still have nightmares about it). Microsoft seriously undercut the pricing of its own partners and put most of them out of business. The positive of this move, however, is that Office 365, and now Microsoft 365, have become very solid and essential business services boasting almost 2.4 million business customers. Of course, Microsoft 365 isn’t just email hosting, it’s hosted documents via SharePoint and OneDrive and it’s a project management via Planner and the list goes on and on.

In our 10 years of experience with Microsoft 365, we’ve had very few issues of lost emails/documents, but it should be recognized that Microsoft 365 doesn’t offer a traditional backup and recovery system with lots of retention options, etc. As far as disaster recovery of Microsoft servers go, they seem to rely on their extensive redundancy. This is probably adequate, but companies sometimes get caught off guard when it comes to the email and document retention policies. Deleted emails have a maximum recovery period of 31 days and SharePoint/OneDrive documents have a maximum recovery period of 93 days. Keep in mind also, that this isn’t the industry standard off-site backup. These emails and documents are saved to the same network that is hosting the live data. Many small companies choose not to pay for third-party backup even when these facts are pointed out, but a third-party backup of your most crucial communications and company documents is probably worth a discussion. You might be surprised to learn how affordable it is.

Among many other horrible things, 2020 was a year of rampant computer fraud. Therefore, 2021 is the year we pay for it. Insurance companies took a beating and now it’s time for premiums to rise and requirements for policy renewals to get harder. Insurance companies are now beginning to mandate something that IT companies, including Promethius Consulting, have been pushing for years…Multi-Factor Authentication.

You’ve likely heard that hackers are coming out of the woodwork to take advantage of all the novice remote employees. After all, it’s no secret that home networks are generally less secure than their office counterparts. So, the question is, “can your office network be at risk from the actions (or inactions) of home users?” Hopefully, we all know that the answer to this question is, “yes.” If not, THE ANSWER TO THIS QUESTION IS “YES!”

Let me just state first that if you are one of our vDESK customers, then you are safe and that this article does not pertain to you. For those of you who are not vDESK customers, please let the above statement sink in. vDESK is the solution that allows you to sleep at night in situations like this (and the countless more ordinary ones).

Ok, so you’re not a vDESK customer and you still want to be secure in a work-from-home scenario. Let’s first look at why there are risks. What’s the difference?

Maybe a better question is, “Do passwords matter?” I’ve seen password requirements become more and more painful through the years at the same time that the number of security breeches has skyrocketed. The reason is that investing time in hacking into the online application database is far more rewarding than brute-force hacking a single end user’s password. In other words, all the secure passwords in the world won’t do any good when a hacker (or state-sponsored team of hackers) can simply siphon my data out the back end. Providers and online vendors should care more, and we should make them care more by refusing to purchase from them until they can guarantee security. Instead, with every breech, they send more and more ineffective and inconvenient password complexity down to end users as if we are to blame for their bad coding.

Virtual Desktops, sometimes referred to as “Cloud Desktops,” are the next major improvement vastly approaching the computer network landscape (actually, this new technology is already in production today – we use it here at Promethius). We’ve been in business for over sixteen years, and we think this technology will be the biggest “game changer” we have ever seen.

I gained a deep understanding of “disaster recovery” in the best situation imaginable. I was a programmer/analyst for Northern Trust Bank, and for two years worked diligently on our “Y2K” disaster preparedness plan. To say the least, banks cannot afford to lose their data. The fear surrounding Y2K gave me an almost unlimited budget and access to endless resources.

Like so many other organizations, we passed through Y2K without a single glitch. Rather anti-climactic, but I learned a ton about disaster recovery.

Microsoft Windows Server 2003 will officially sunset (support will end) on July 14th of 2015, so what does this actually mean? Well, luckily we have ample time to prepare for the end-of-life of Server 2003. What does it generally mean when Microsoft drops all support of an operating system anyway?