Windows Server DNS Vulnerability Bug - Our Managed Services Clients Received Same-day Protection

In the recent past, a Microsoft Windows Server DNS vulnerability bug was discovered that left millions vulnerable to a security breach.  That same day, our managed services team created a script and pushed it to our clients to manage the open exposure.

Our team has the experience to solve problems, not just patch them and pretend the problem will go away. Having an IT tech that only patches bugs for today in hopes that maybe your network won’t cross the path of an online intruder – is simply a dangerous endeavor.  Our team of IT professionals are very talented, smart people who can create code that dives deep into the jeopardous terrain, to resurface with a solution ready to be deployed.

Obviously, businesses without any proactive IT support are left vulnerable as Microsoft has yet to release a patch, only a workaround exists for remediation. Workarounds are just that, a reactionary measure that only skirts around the problem, without solving it. Your business deserves more than a band-aid approach to your IT needs; understanding your network and all the working parts is necessary to providing the best solution.

With managed services, our team can apply the knowledge gained from the last vulnerability and apply that deep-learning component to the next liability. Recurring updates ensure that wherever the latest wormholes arise, proactive managed services will apply the latest software to protect your network. Counter-response behavior is not foresight behavior, your network cannot survive a mom-and-pop, static update. You need live, dynamic updates and a team of solution providers who work with threats daily and know what they are looking for.

You just want your computer and network to work – absolutely – we do too! However, setting the foundation is 100% necessary to the success of making that happen. Just like building a house, if you don’t get the foundation right, you’ll always be susceptible to shifting ground with costly workarounds instead of doing it right the first time. In 2020 and beyond, robust IT networks demand an automated managed services platform with dedicated IT professionals to remediate the complexities – join our list of valuable clients who understand the best defense is a great offense!


ProofPoint Email Security Suite

Your people are your greatest business asset—and your weakest security and compliance link. With Proofpoint, you can build a defense that starts with them. BEC scams – Business Email Compromise – look for prey and groom their victims in order to misappropriate money and business intelligence.  Criminals spend time creating scenarios that spoof their identity, creating emails that look like emails you’ve seen in the past, emboldening a sense of familiarity and trust. After your confidence is gained, they zero in on gathering your data by making you think it is safe to click, afterwards it is too late to undo the open door that they walked through.

As more employees are working from home, Proofpoint protection offers remote connection security through cloud-based communication between your archives and active content sources, as well as on-premesis network devices. ProofPoint can set up provisions, allowing team members access to those resources specific to their needs, creating streamlined work-flow rules that organize your business. Data Loss Prevention (DLP) is monitored in an active, ongoing fashion while at use, in motion and at rest, offering a more expansive protection definition.

ProofPoint offers a turn-key approach to protection through spam filtering and phishing protection through its prevention tactics. This software has the capability to prioritize threats and act in accordance, focusing remediation to the most damaging items first. This threat intelligence learns as it is employed in your network and develops its own sort of immunity, creating barriers to cyber threats. Then as it continues to learn, it is enhanced each time a new update or new threat is detected, providing URL defense protection in links inside spoofed emails – assisting in catching the corrupt link before you have a chance to click. Encryption capability is also a major resource of Proofpoint that your business needs to incorporate into everyday activity, especially for regulatory and compliance-driven businesses. Your clients will notice the difference when they see these defensive tactics being utilized as protection for their identity and your business security policies. Many regulatory agencies are demanding these software-as-a-service (SAAS) protocols to enhance cybersecurity.

Proofpoint also offers social media monitoring to track and protect the content of your social media, across all platforms. Proofpoint can apply your specific industry’s regulatory policy and alert you to errors and non-compliance. This intelligent software can be vital to assisting you in accurate advertising policies and shape your compliance patterns in the future. Call TimbukTech today to get started, 309-647-7269.

Sophos - Rugged Business Security Essentials

Sophos is the world’s largest privately held security company offering anti-virus protection like none other before. The software created by Sophos employs the philosophy of heuristic monitoring - evaluating current threats as well as unknown vulnerabilities yet to be discovered. The machine-learning necessary to mediate these threats builds upon a history of traditional anti-virus and known technologies as well as intuitive protocols that seek out modern-day solutions that zero in on encryption detection, live hacking, and exploit prevention. This deep learning technology taps into a realm where the human mind and machine meet – creating algorithms that are buoyed by the thought processes of the brain, along with the intelligence of machines, creating a bulwark line of defense.

Hackers are not just writing assault code as a one-and-done launch of attack. They are sophisticated in that the threats are made to be ongoing and constant, with updates made in real-time to counter any anti-virus that may be pumping out protection. Once the wall has been breached, the hacker can set the stage for a blended attack, from deleting your organizations backups and installing malware/spyware, to installing ransomware  and demanding high dollars for the safe return of your company’s information.

Sophos also offers a centralized dashboard that provides a snapshot review of all active parameters you want to measure and summarizes usage, statistics and many other categories for alerts in real-time. You can test your staff to see where your vulnerabilities lie and receive reports outlining the areas needing remediation and training. Real-time scanning for ransomware, malware, adware, spyware, rootkits, etc. offers capabilities beyond other out-dated, static anti-virus solutions; your business cannot afford to be stuck in the past when malicious threats are lurking, ready to attack and take advantage of old solutions.

TimbukTech can walk you through the capabilities of Sophos and provide a demo to outline all the reporting features available. This is a great way to get a snapshot of where you are now with your vulnerability monitoring and where you could be. You don’t know what you are missing until you do – TimbukTech can prevent you from being surprised by an attack you didn’t see coming. Utilizing deep learning and heuristic monitoring does just that – you need advanced threat protection in this modern age of cybersecurity susceptibility.

Microsoft Teams

Microsoft Teams – Virtual Communication Capabilities

Microsoft Teams is a collaboration app connecting your team, your students, your club – whatever group of people you wish to connect one another in an online setting. Your group must utilize Office 365 to access this app and can access this feature at This app is customizable to include targeted members of your team as they relate to projects in your business. Pivots allow you to set up channels within a project for further targeted management. For example, if your marketing team has several campaigns they are working on simultaneously, these campaigns can be set up within teams under the general heading and then targeted specifically to only those staff members who are on the particular project. Then the conversation can begin.


Teams allows just that group of people to have access to the communication trail for that channel. Teams can chat with one another, create chats within chats for further targeted communication and team members can invite one another to join groups as they become involved with various projects as the project evolves.  Teams can share files, upload videos/images/audio or any rich media to share with the group. Teams can update files in real-time allowing for work efficiencies and access to the latest information for the entire group.


Each section of the app allows you to customize how you view your dashboard and only present the relevant information and set notifications for the way you want information to come into your dashboard. You can communicate with one or more individuals at a time within the team and have targeted communications with those teammates as well. Your Outlook calendar is synced with Teams and you can invite teammates to meetings and include presentations related to just that meeting’s agenda and have it saved in one place.


Video conferencing is also a feature of Microsoft Teams and has a white board feature for collaboration and brainstorming that is saved as a part of that meeting’s directory. Having direct access to the specific targeted team gains efficiencies and quicker turn around time for deadlines. While the video conference is running, you can chat within teams as well, allowing for greater communication capabilities and saves time for having to follow-up on a to-do list after a meeting – it can all be accomplished inside one meeting.


You can customize the app for desktop, web or mobile use and can also bring in third party apps to run within teams for further organization. For example, if you were utilizing the organization project application Trello, or video conferencing Zoom, these can be integrated into the Microsoft Teams app. TimbukTech offers setup and installation of Office 365 and Microsoft Teams – let our expertise bring you and your team forward with technology knowledge that sets your team apart and prepares you for the future. With these tools at the ready, your organization has the capability to achieve a higher level of performance than ever before – empowering technology and human potential together for advanced communication!


VoIP Phone Systems – Why Your Business Needs Dynamic Phone System Management

VoIP (Voice Over Internet Protocol) phone systems have evolved from a take-it-or-leave-it option of the past to a can’t-live-without function of the 21st century. With the world moving and changing at record speed, your business needs the functionality to adapt quickly to the fluctuating environment. Analog phone systems do not offer the scalability and remote options available with VoIP and can end up costing more money in the long run. With analog lines, you only get the line, the phone service itself, nothing more. In today’s economy, you need more than just a static service; you need to dynamic service options that move with your business and your clients. Paying per lines instead of per user is more expensive when you compare the overall benefits and packages of a VoIP system and versatility.


Your team demands accessibility to the workplace, even when they are not at their desk. Remote workers or staff who are in the field can benefit from a mobile twinning. This feature allows their cell phone to function in the same manner as if they were sitting at their desk. They can take a call in their car, get back to the office and go to their desk and pick up the call and act as if they had been at their desk the entire call, or vice versa – take the call at the desk and then place it on hold and pick it up from a mobile device, all the while the client is taken care of. Taking calls in the field and being able to transfer a call back to the office to get the customer taken care of is a win-win for both parties and allows for efficiencies beyond measure. This cuts down on down-time and wasted calls back and forth between everyone. Getting the client straight to the right person shows the client you are driven to take care of them and will not waste your time.


Having to call a carrier for a phone system change is a thing of the past. No one has the time to wait on hold for this when VoIP allows you to customize changes at your fingertips. Your system has a portal or NOC that manages the protocols for each user and can easily be scaled to make changes for holidays, staff on vacation, etc. Hunt groups can be created to stipulate a certain direction the call should flow through as it rings through your organization. For example: A call that comes into your organization meant for the sales team can be programmed to start with Sally and Joe, the customer support team to ring three times, then if they don’t answer, on to Peggy and Bob, the inside sales team with two rings, and then the entire customer support call center so that someone gets the call instead of it going into a voicemail no-mans-land because Sally forgot to set her voicemail up for being out on vacation. This is just one example of how VoIP can target great customer service and silo specific criteria for incoming calls. With VoIP, you have the power to make these changes yourself and remedy problems immediately for every department in your business! TimbukTech will assist you in training or we can make the changes for you – versatility and effectiveness simultaneously.


What about Moves-Adds-Changes (MAC)? When new staff are hired or turnover occurs, wouldn’t it be great to add/change the network and program their hunt group to your specific liking? Analog phone lines do not have this functionality and with the way everything moves these days, you need faster options that move with the pace of your business. Each user has their own portal to access call logs/analytics, caller ID, call waiting, call forwarding, voicemail forwarding, conference calling, visual voicemail, text transcription, and CRM integration etc. in order to have more usability to get the client taken care of faster. Especially in this latest environment where almost everyone has had to work from home, this option creates a flexible advantage for your team to function from anywhere. The end user does not need to know where you are because it functions as if you were in the office. This feature can allow you to create new work opportunities for your staff to function from any location, giving them unlimited capabilities for work and time with family. What if a staff member asked you to travel to Colorado for two weeks, they worked during the day and then had time with friends and family at night? You just became the office hero!


Whether your VoIP system is on premises or hosted, TimbukTech has the experience and know-how to set you up immediately!

Why Choose Office 365? Savvy Business Results Await….

Are you tired of passing around the same spreadsheet to members of a team only to be faced with comments like, “I didn’t have the latest version” and “My changes didn’t get attached”? These complaints are true time wasters creating an unproductive work environment. Switching to an Office 365 subscription will provide your team with up-to-date software and speed like never before!

Featured within Office 356 is Microsoft Teams – a space where teams can collaborate and share information via chat, video conferencing, data storage and application implementation. The best part about Microsoft Teams is the ability to work remotely and connect with clients and staff wherever they may be. TimbukTech will tailor-make the platform for your business needs so that your employees can collaborate on projects that currently live in many different locations. This platform acts as a project manager so your staff can share files and make live updates to documents in real time – creating simultaneous applause around the office!

There are many packages and bundle opportunities from an email-only option to adding in Word, Excel, etc., making the options more affordable then traditional Office products. This variability can save you money by only buying what you really need for each employee and customizing each user to their role in the company. Office 365 can also connect to five devices – making your life more efficient and organized! Your laptop, phone, tablet, desktop – all connected versus being chained to your desk and non-mobile responsive!

Not to forget the tech specs, Office 365 is secure and can be configured with MFA (Multi-Factor Authentication) to legitimize logging in from each device. Real-time updates are a big deal when it comes to utilizing the features of Office 365 – users get the benefit of the latest upgrades possible versus living with what you bought one time in the past – why not be up-to-date all the time? TimbukTech bundles Office 365 with third-party security software, such as Proofpoint Essentials to provide enhanced spam protection, email encryption, and spoofing prevention. If your server goes down, Proofpoint serves as a bridge for email continuity by queuing up messages; you can access Proofpoint simply by logging on and proceeding business-as-usual without disruption and continual communication. Pairing these products together allows for a rigorous strategy of user-friendly work environments, workplace efficiencies, and hard-working network protection.

Contact us to visit with our team to get started with Office 365 today!

Don’t be a Cyber Crime Statistic – Why Your Business Needs Multi-Factor Authentication Now

Multi-Factor authentication or MFA is a process of verifying the credentials of a user attempting to connect to protected data. MFA is commonly described as something you have, as well as something you know. For example, a user has an email address and logs into their credit card information after receiving a text message with a code in order to proceed to the protected data. After receiving the authentication, users can rest assured, knowing they were the only user to receive this special code, confirming the security of the session.

Won’t this slow down my ability to quickly get the information I need?
No. MFA is easy to use and becomes a habit, just like any other security measure you have implemented into your security regime. The moment or two it takes to receive the authentication, can mean the difference between maintaining your company’s identity or letting it slip away by ignoring the challenges networks face in the age of criminal cyber activity.

With MFA enabled, hackers are less likely to be able to access both a user’s credentials and the resources the user is attempting to access. Two-factor authentication (2FA) or dual authentication, a subgroup of MFA indicating it takes two types of factors for identification purposes, is a common practice by which users produce two unique forms of credential confirmation. For example, a user may log into a banking website, possess a pin number AND a unique one-time passcode in order to access the information. This dual authentication allows for a unique-in-time-visitor-circumstance, allowing for peace of mind and corroboration that proper security measures are in place.

TimbukTech’s Managed IT Services guard against vulnerabilities and create long-lasting secure habits that lead to a healthy, robust network.

Contact us today to receive more information on implementing MFA in your network.

business partners shaking hands

Making your company more cyber aware

The biggest problem companies face when it comes to cybersecurity is often not the technology; it’s the people.  And hackers know this. That’s why it takes more than strong IT to keep your company safe.

Beyond technology, the best way to protect your business from cybercriminals is with a trained and educated cyber aware company culture. It may seem like a large and daunting company initiative, but it isn’t.  There are a few corner stones that continue to build up, along with continuing education and strong corporate communication.

Let them know cybersecurity is everyone’s job

Leadership is always where a company culture starts. Employees and contractors, from entry-level to senior management, need to feel that cybersecurity is important to the company. If the executive leadership team values cyber safety, it will trickle its way down to all corners of workplace.

Cybersecurity should be more than just the responsibility of the Information Technology department. A statement by leadership must be delivered that it is up to everyone, beyond IT, to keep cyber criminals out of the company’s network.

Management shouldn’t be the exception to the rule.  Management most often have the highest privileged accounts.  Allowing management to bypass those safeguard not only put the organization at risk but sets a bad tone from the top.

Train and test your staff

Posters, employee newsletters, training sessions and regular meetings are avenues to communicate across the organization about how everyone can be more cyber aware. Regardless of what methods you choose, you should train staff on a regular basis. Monthly training is highly suggested. It can be via email or face-to-face. Or both.

Beyond training, it is good to see that employees are understanding and retaining the cybersecurity information. While you can trust that the staff is paying attention, it is recommended to test your staff as well.

Send a mock phishing email a little while after a training session or communication. It would be interesting to see who, if anyone, falls prey to the false hack.  This shouldn’t be a gotcha for those employees but a change for the organization to focus on more advanced training.

Teach your team that the inbox is the hacker’s favorite target

Based on current trends, cyber attackers are finding email to be the best route for penetrating a company’s security defenses. Trends Labs reports that 91% of targeted cyber-attacks use email as their way to breach networks. Likewise, Ponemon reports that 78% of targeted email cyber-attacks use malware embedded in an attachment.

Addressing targeted email attacks from leadership and your technology department is an essential piece of puzzle when creating a cyber safe culture. This should certainly be a topic addressed in employee training and even onboarding.

Have a password update plan

According to Verizon’s 2017 Data Breach Investigations Report, as many as 81% of hacking-related breaches were caused by leveraging stolen or weak passwords.

Often, employees are not aware of the risks. That is why password education is a great topic to include in cybersecurity training. Require complex password structures and explain the reasoning behind it.  Do not allow people to use the default password for more than the first login.

Have a formal cybersecurity plan

Your technology team should contribute significantly to a cyber aware culture and with cybersecurity training. Have the IT folks develop formal cybersecurity training with a documented plan to accompany it. The plan should be reviewed and updated often. Too many companies create cybersecurity plans and teams only to find that the plan becomes dusty and the teams include staff that’s no longer at your company.

Ask for a cyber security advocate from each of your departments like HR, Finance, Sales & Marketing, etc. since this casts a wider net to learn about targeted phishing and helps show that cyber security isn’t just for IT anymore.

No matter how great your CIO or CTO might be, one person alone cannot fight cybercriminals. Create a cyber aware culture and get everyone at your organization involved.

Disaster Recovery Plan

Some stats on disaster recovery

If you’ve ever known disaster, whether it be natural or cyber, you know just how serious it can be. Obvious causes include storms that inflict on-site damage or malicious attacks, but even user error can trigger disaster at a moment’s notice. Regardless of how your business conceives of these threats, the cruel fact remains: 93% of companies without a data recovery plan face closure within a year of a major disaster.

According to phoenixNAP, over the past five years, half of all businesses have weathered a downtime event longer than a full working day. The most common causes are:

  • 45% - hardware failure
  • 35% - loss of power
  • 34% - software failure
  • 23% - external security breaches
  • 20% - accidental user error

According to DataCore, for the businesses that experienced a downtime event, only half were confident they could restore 100% of their data. Smaller and medium sized businesses face greater fallout from these disasters, often because they have fewer IT staff, and a smaller portion of funding allocated towards technology resources.

Reports have also found that 75% of small businesses do not have a disaster recovery plan in place, creating a huge liability for an already overtaxed budget. Given the tremendous cost associated with data recovery, roughly $100,000 per incident, small businesses face a more arduous recovery process.

Keep in mind that 1 in 3 businesses reported a virus or malware attack in the last five years. Also, 58% of businesses breaches in the last 12 months have been due to viruses and malware and only 2% of businesses were able to recover from their latest security event within an hour.

Fortunately, the majority of these problems are avoidable through strategic planning. 96% of companies with thorough disaster recovery and data backup plans were able to avoid the fallout from ransomware attacks. By leveraging a resource such as TimbukTech, your company will have the benefit of:

  • Disaster recovery
  • Retention and reporting
  • Data backup and restoration
  • High availability and shared storage
  • Infrastructure design and architecture

If you're looking to outfit your business with affordable, enterprise protection, contact a TimbukTech expert today.

5 problems with legacy technology

According to a survey by Riverbed Technology, of 1,000 IT leaders from across the world, 97 percent say that legacy technology is holding them back. A definition of legacy technology describes the term as “an old method, technology, computer system or application program, of, relating to, or being a previous or outdated computer system.”

Even in the digital business era, legacy applications are a reality for most organizations from small and medium-sized businesses to enterprises. The reality is that those businesses that have not reached the tipping point where they can take advantage of the latest technologies are facing numerous risks every day. Here are just five of the most prevalent problems that dated technology can bring to businesses.

  1. Increasing operational costs and system downtime

The true cost of legacy technology far outweighs the investment. Because legacy applications cost more to run and maintain, they make the business highly inefficient in terms of OPEX.

Moreover, these systems crash often and require constant attention from the IT department, eating away at employee resources. That constant attention pulls IT personnel away from projects that increase business opportunities and operational efficiency.

Because they suffer a higher failure rate, these technologies require tracking down increasingly rare replacement parts that manufacturers may have stopped supplying. In addition, the constant threat of downtime means that the workforce cannot be productive and the customer base will suffer as even a single downed system ripples throughout the operation.

  1. Security vulnerabilities

Cyber criminals love legacy technology. This is because they are extremely vulnerable to attack. Unfortunately, businesses face a one in four chance of falling victim to a cyber-attack that could cripple them permanently.

Because many of these outdated systems are no longer supported by the manufacturer, a single unpatched vulnerability can enable attackers to access all applications, middleware, and databases running on the server platform. Plus, without modern backup and disaster recovery solutions and other security solutions and services, the business will never be able to properly safeguard its data today and tomorrow.

For businesses operating under stringent regulatory compliance requirements, the cost of outdated technology can compound those serious repercussions. Compliance standards require that your technology be supported. Not only are audits difficult and costly to conduct in environments with legacy technology, but a breach sets the business up for expensive fees and penalties.

The loss of reputation and customer trust alone could send the business into a financial spiral. Ultimately, the need for comprehensive network and infrastructure solutions that can make the business more agile, as well as secure, is crucial to phasing out or integrating the applications in ways that further the business.

  1. System incompatibility

Another problem with using outdated technology is that most legacy systems are incompatible with newer systems, which is essential to effectively running the business in the digital age. This also compounds ongoing financial loss as IT-aware competitors reap the benefits of a growing customer base that requires speed, convenience, and security.

  1. Less support

As legacy technology moves further past the point of manufacturer support, fewer and fewer IT professionals with the knowledge of those systems are available to support them. As these application experts retire or leave the business, the costs of the smaller pool of experts in that technology grow.

  1. Inability to compete

In the era of cloud services, virtualization, and software-defined everything, legacy technologies can no longer enable the business to remain competitive as customers and clients demand faster responses, products, and solutions.

Consequently, the adoption of cloud via infrastructure as a service, platform as a service, and software as a service enables businesses to move from CAPEX to much lower OPEX models. The need for mobility and secure remote access by the workforce to applications and collaboration tools is an imperative for the smallest business to the largest global corporation.

Every business today is faced with a landscape of accelerating technology that is changing the way business is conducted. Legacy technology systems inhibit business scalability and growth in that constantly evolving digital business landscape. With increased scale and demand, businesses require better throughput capacity and a modern IT architecture to manage operations or face the real prospect of losing relevance and an ability to compete.

If you need assistance assessing your legacy technology and considering new options, give TimbukTech a call at 309-444-7263. We’re prepared to learn more about your business and give expert advice that can make a difference in your performance and budget.