Bad guys keep winning (Part VI)

pexels-kat-wilcox-923681

I’m super angry about this, so be prepared for a bit of a rant. I’m posting this in the hope that it maybe found by others who maybe concerned about a recent call they received from the “Security Department of VISA and Mastercard” detailing fraud on their banking accounts.

My senior parents received a call from “Neil Spence” from the “Security Department of VISA and Mastercard” claiming there had been some potential fraudulent transactions from eBay and Amazon on an account. The total of these was around $400. He then asked whether they wanted them investigated and stopped. Of course they said “Yes please”. He then said he would transfer them to their bank to speak with someone to take action and block these transactions. During this process he provided a call back number 1800 829 403 (which turns out to be the number for the Australian Government Department of Aged Care Fraud hotline which is nothing to do with VISA. I also called and determined there is no “Neil Spence” their either) and a reference number SIP5010.

Now the ‘helpful’ person at ‘the bank’ they were transferred to, got them to provide all the account details (account number and balances) and made a great show of saying that this isn’t a scam because they were not being asked for the PIN to any accounts. The ‘bank’ said it would investigate.

A few days later the ‘bank’ called back and said they had identified that fraud had indeed taken place but by an employee of the ‘bank’ at the local branch they use. The ‘bank’ then said they wanted the help of my parents by catching the employee in act of conducting this fraud. To do this, my parents needed to go the bank immediately and make a cash withdrawal of just over $8,000 and then wait for more instructions. They were however told not to mention this at the bank branch otherwise it would tip off the investigation and allow the perpetrator to get away scott-free!

At this point it was determined that it was a scam but here’s where it gets interesting for me. Even though I was confident that no money was missing I thought it best to call the bank. That process took me down a rabbit hole of pushing numbers on a phone routing system, entering account details, trying to work out how to enter an alpha numeric password via tones, etc. My parents had no hope negotiating that.

When I did eventually get through, I was on hold for more than 20 minutes with no idea of how much longer I’d be, so I hung up and called the Police on a general number. That too went to hold and again I gave up after 20 or so minutes of no reply and no idea of wait numbers.

Here’s why the scammers win. They target people of an older generation who are less comfortable with the modern method of banking (Internet and phone). They also target them because they tend to not question authority. They then establish trust and get the target to ‘help’ them catch the bad actors, that makes the target feel guilty that they should help catch the alleged perpetrator. All this ends up doing is draining money from their accounts and sending it to the scammers all the while making people like my parents less trusting of their local branch staff, which is exactly the people they should be going to. There is no doubt, these scammers know their game.

At this stage it seems like the initial attempt at obtaining funds has been thwarted but given account details were shared unwittingly, we’ll need to be extra vigilant and potentially cancel all the credit cards which will be a very painful process. Very. So this issue is not over by any means and at the very least my parents will probably continue to receive more called from the ‘bank’ and I expected these to become more hostile when they don’t comply.

What has truly made me angry is just how hard it is for people of my parents generation to get help on these matters. Luckily, I was able to provide an external perspective as well as do some investigation of my own. What would of happened if I wasn’t available to assist? Most likely, the scammers would have continued to fleece my parents for large of money over a few weeks.

No wonder the bad guys (and gals) keep winning if the responses I got from the authorities trying to report this is anything to go by. Where is the protection for our societies most vulnerable? As I have said many, many times cybersecurity is largely an illusion, especially when enacted by big institutions. It seems like it is you against some very clever and motivated scammers and if you are the right target, then you really don’t stand much of a chance. From where I sit, there is lots of talk but the problem is not getting any better. Just look at the news and amounts people are scammed out of regularly. Why is there not better protection? People have a right to not have their hard earned money fleeced from them when they are with a large institution that makes all these noises about being cybersecurity-aware and investing billions in protecting customer. Unless you fit their customer profile seems like you are on your own to me!

A sad state of affairs were we are all reduced to looking after ourselves. But what about those who are unable to do this? Do we just let them get fleeced? As I said, I’m angry that it is victim who pays and hope this information is of value to someone else and prevents them from being fleeced or put through this drama.

CIAOPS Need to Know Microsoft 365 Webinar – July

laptop-eyes-technology-computer

Join me for the free monthly CIAOPS Need to Know webinar. Along with all the Microsoft Cloud news we’ll be taking a look at how to work with files in Microsoft 365.

Shortly after registering you should receive an automated email from Microsoft Teams confirming your registration, including all the event details as well as a calendar invite.

You can register for the regular monthly webinar here:

July Webinar Registrations

(If you are having issues with the above link copy and paste – https://bit.ly/n2k2207 – into your browser or scan this QR code)

image

The details are:

CIAOPS Need to Know Webinar – July 2022
Friday 29th of July 2022
11.00am – 12.00am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.

Office desktop apps include Windows Explorer

A major stumbling block for many during the transformation process from on premises to Microsoft 365 is the desire for Windows Explorer. It is understandable that people want to maintain the status quo and their current work processes, however want many don’t appreciate is that Windows Explorer like capability is built right into Microsoft Office desktop applications.

image

If we take a look a Word as an example, and then select Open from the menu on the left, we find an array of documents displayed that were recently opened as shown above. You’ll also notice that you can view recently accessed Folders from this same interface as well. There is even a Search option at the top of the page to help you locate items in this list.

image

You’ll see there is also the ability to ‘pin’ an item (file or folder) so that it will always appear as shown above.

image

A little further down you will find the cloud storage locations you are connected to as shown above, which are typically associated with your Microsoft 365 environment. If I select SharePoint here, I will then see a list of my SharePoint sites on the right.

image

If I then drill into a site, I will see all the Document Libraries it contains. If then drill into a Document Library I will see all the files and folders within, just like you do when using Windows Explorer.

image

If I right click on something like a folder, you see from the above, that I again have the ability to Pin to Recent list. This makes it easy to navigate back to that location later. It is always a good idea to do this for those locations you need to get to regularly. 

I can move up and down the list of items as I could using Windows Explorer. This therefore, should be the familiarity that many are looking for when navigating file structures.

The file displays inside this application navigation are limited to files that can be opened or view by that application. For Word this would be things like DOC, DOCX, PDF, Text files and so on.

It would be nice if Microsoft (or anyone else) took this built-in Office desktop navigation and created a stand alone desktop application that could navigate all files at once. This would then be a direct replacement for the traditional version of Windows Explorer but for locations in Microsoft 365. How handy would that be?

As yet, I have not found an application that does this but hopefully some smart developer will look ate creating something as I reckon it would be a real winner. So, for the time being, remember that you do have a simplified version of the old familiar Windows Explorer built into Office desktop application that you can use to enhance your daily workflow with the common file types you work with in Microsoft 365.

Cloud file productivity using Windows Quick Access

Here’s a productivity tip I use to make navigating cloud file location easier on Windows 10 desktops.

image

After have set up any synced locations, like my OneDrive, SharePoint, Teams, etc,  I then locate a frequent folder I need in a cloud location. Here that folder is Customers on my OneDrive for Business. I then right mouse click on that folder and select the option Pin to Quick access as shown above.

image

You should then see that folder in the Quick access area in the top left of Windows Explorer as shown above.

image

Now, if I want to attach an email from that location I can simply browse to a location (web or local doesn’t really matter), because whenever you get Windows Explorer, you also get your Quick access.

image

from which you navigate to the file you need via Quick access in the top left of Windows Explorer. Quick and easy.

image

Because Windows wants to be ‘helpful’ and add recent locations to Quick access by default, I want to disable that so this area doesn’t become cluttered. I want Quick access just to contain the stuff I put in there, nothing else.

To achieve this, I go into the properties of Windows Explorer and in the General tab, under Privacy, I uncheck both options (Show recently used files in Quick access and Show frequently used folder in Quick access) as shown above.

I like to keep my Quick access as small as possible and therefore remove anything that isn’t relevant to my day to day work (i.e. the shortcuts to stuff like Media and Movies).

I haven’t seen many people use Quick access on Windows desktops but I find that once you set it up it is invaluable as it pops up anytime you need to work with files. You can also add, remove and edit over time to customise to your exact needs. For example, if I’m working on a project, I add that location for the duration of time I’m working on that project. This make access very fast and easy.

Hopefully, this productivity approach may also help you when working with files from the cloud.

Microsoft Defender for Business post setup wizard recommendations

image

Let’s say that you have kicked off the Microsoft Defender for Business setup wizard as shown above. For the purposes of this article I’ll also assume that this is part of a Microsoft 365 Business Premium tenant.

image

Let’s assume that you have now completed that process, which you can read about here:

Use the setup wizard in Microsoft Defender for Business

image

After the wizard has completed I suggest you head to the Settings options in https://security.microsoft.com and then select Endpoints and finally, select Advanced features, where you should see the above screen full of options on the right.

At this point I’d suggest you go and enable all the options listed. Now, not all of them will be relevant but I’d still recommend they be turned on none the less. Do it once and you won’t need to come back is my philosophy.

Leave that location open as we’ll be coming back here.

image

Next, head over to your Microsoft Endpoint Manager and select Endpoint security on the left, then Microsoft Defender for Endpoint, which should result in the above screen.

Here you want to ensure the Connection status is Enabled (i.e. green check mark) as shown.

If it isn’t for some reason, then head back to https://security.microsoft.com, Settings, Endpoint, Advanced features.

image

Scroll through the list of items until you find the Microsoft Intune connection as shown above. Ensure that it is turned On. If it isn’t, turn it On, wait at least 15 minutes and check back in Endpoint Manager for the Connection status to be Enabled (i.e. you see the green check mark). If it is already On and the green check mark doesn’t appear, turn the setting Off for at least 15 minutes and then turn it back On. You know, kinda reboot it. The connection status should go green after that in my experience.

image

When the Connection status is Enabled go and turn all the options on the page to On as shown above.

image

Return to https://security.microsoft.com and select the Onboarding option as shown above.

My recommendation is that you manually onboard the first Windows 10 device in your environment using a local script. That will ensure everything is working quickly and easily.

Simply download the script provided and run it on one of the Endpoint Manager enrolled devices in your environment.

image

Once the script has run successfully return to the console and select Device inventory from the menu on the left as shown. Within 15 minutes or so, you should see the machine that you ran the script on appear here.

Congratulations, you have successfully onboarded your first device to Defender for Business in your tenant. You are now free to continue to configure additional devices using the policies provided. I always like to do the very first device in the environment manually so I know everything is working as expected. If I then get issues, I know to troubleshoot my deployment policies.

Be a winner. Don’t recruit, build an employment system

pexels-洋榤-郭-2399840

One of my favourite quotes is from Scott Adams:

Losers have goals. Winners have systems.

Scott Adams is the creator of the Dilbert cartoon strip, which many would say provides perceptive insight into how many businesses are run today and the personalities inside them.

This systems based approach lines up with some recent articles I’ve written:

Every business today is a software business

and

We all need to automate more

because, probably the place where I see the least use of systems is when it comes to employing and training staff. Most businesses cast a random net looking for people with unique skills and experience, but when they employee people they find, they largely don’t develop them further in any structured way. They hope that they will ‘accumulate’ knowledge throughout their time and apply to the business adding value along the way. That is a pretty haphazard approach to probably the most important resource in a business.

I think a far better model to emulate is brought to us from the military. They take recruits, from all walks of life and experience, then put them through standardised training to get people with the skills they need. They have done this successfully for thousands of years. It is a proven model for results. Why don’t more commercial businesses take this approach?

I had a recent conversation with a technology provider who was having trouble finding a high level cloud technician for a role. Given the the constantly changing cloud technology field, how would you ever expect to find someone like that I asked? To attract such a candidate the business is going to have a huge salary package, well above what the small business could afford. But he insisted that this is exactly ‘what his business needed to succeed’. No it doesn’t! That approach to me is completely bonkers because you are putting all your eggs in a single basket with someone would could choose to leave at any point in time, including immediately after starting.

I suggest that a far better approach would be to build a ‘training system’ to produce the candidates you require. You can take people with much lower skills sets and put them through a largely continuous automated training process to give them the skills needed. If the candidate resigns or ‘drops out’ of the system at any point, you simply feed the next candidate into the start from which, again, out will pop exactly the person with the skills that you need.

The other advantage with an ‘employment system’ like this is that the business owns it, manages it and controls it. It isn’t reliant on someone who could leave a the business at any stage.

When you speak with most managers they say they employ on attitude and develop skills but that is definitely not what I see executed, especially in IT reseller businesses. Most get rushed into selecting a candidate because they have a desperate need and then hope against hope that they will work in that role. In the majority of cases, they don’t, which means it’s right back to recruitment stage again.

The challenge with systems is that don’t grow on trees or magically appear when you rub a lamp. They need to be designed. They need to built. They need to be maintained and they need to be automated. I’ll go back to one of my other favourite quotes I’ve used before recently:

“Compound interest is the eighth wonder of the world. He who understands it, earns it … he who doesn’t … pays it.”

― Albert Einstein

and say that compound interest ONLY works when you invest FIRST! All you need to do is start and keep working at it. Too many people focus on the end result rather than what they need to do NOW to move the ball forward.

I’ve spoken before about:

Core Microsoft Cloud IT Professional skills

and

The benefits of certification

It would also be hard to say that there is not an abundance of training available today from many, many sources on just about any topic you can name. Leverage these, put a program together, track people’s process and enhance it over time. If you are smart, you’ll get those who are undertaking the training to provide feedback and even adjust it for you. Thus, each new employee is helping to improve your training system.

Many employers incorrectly fear that if they train employees, they will leave. Many studies show the reserve is actually true. Employees prefer businesses that provide training and invest in their careers rather than those that don’t. Besides, as I said earlier, if an employee chooses to leave, you just insert another one into the system you have created.

The chances of you obtaining a suitably qualified candidate in the market today is pretty low. Instead, do what the military does and has done for thousands of years to great success, take anyone and put them into a system that creates the desired end result. By doing so you gain independence and you build another item of unique value in your business. Be a winner, build an employment system.


CIAOPS Need to Know Microsoft 365 Webinar – June

laptop-eyes-technology-computer

Join me for the free monthly CIAOPS Need to Know webinar. Along with all the Microsoft Cloud news we’ll be taking a look at Microsoft Teams.

Shortly after registering you should receive an automated email from Microsoft Teams confirming your registration, including all the event details as well as a calendar invite.

You can register for the regular monthly webinar here:

June Webinar Registrations

(If you are having issues with the above link copy and paste – https://bit.ly/n2k2206 – into your browser)

The details are:

CIAOPS Need to Know Webinar – June 2022
Friday 24th of June 2022
11.00am – 12.00am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.