This is the last week before Microsoft transitions Windows 7, Windows Server 2008, and Exchange Server 2010 to un-supported status. If you are still running any of these, it’s a good idea to get an upgrade project into your short term budget, as these software products will grow unpredictable and vulnerable as time passes.
Next Tuesday (January 14, 2020) is Microsoft’s “Patch Tuesday”, when the final patches will be released by the manufacturer. January 15, 2020 marks the first day of non-support.
The chart below lists products and their approaching End of Support (EOS) dates.
Legend:
Orange – Already un-supported, some are quite vulnerable by now
Yellow – Approaching end of support
Business Applications
MS Office 2003 – April 8, 2014
MS Office 2007 – October 10, 2017
MS Office 2010 – October 13, 2020
Desktop Operating Systems
Windows 7 – January 14, 2020
Windows 8 – January 12, 2016
Windows 8.1 will reach end of support January 10, 2023
Servers
MS Exchange Server 2007 – April 11, 2017
MS Exchange Server 2010 – January 14, 2020
Windows Server 2003 – July 1, 2015
Windows Server 2008 R2 – Jan 14, 2020
Microsoft SQL Server 2008 – July 9, 2010
Microsoft SQL Server 2008 SP4 – July 9, 2019
Microsoft SQL Server 2008 R2(SP3) – July 9, 2019</span
Virtualization
VMware ESXi 5.5 – September 19, 2018
VMware ESXi 6.0 – March 12, 2020
Contact us for help understanding your exposure, available upgrade paths, and pricing.
Budgeting for Information Technology continues to be important, and may be more important than ever as penalties increase for violations of compliancy and network breaches that result in loss of personally identifiable information. It can be argued that budgeting for cyber security and subsequently funding that protection shows evidence of “due diligence”. With IT being a known enabler of business operations, it’s hard to find a more effective way to risk operations than by neglecting your IT budget or failing to fund budgetary line items when they come due. So how do you increase IT budgeting effectiveness without breaking the bank?
First, don’t delay your IT budgeting exercise, nor delay funding your budgeted line items. Imagine delaying your vehicle’s oil changes until the end of year. Sure you’ll only need to fund one service, until the mechanic announces you need a new engine.
We recommend you meet with your service provider annually and request advice on software and operating systems approaching End of Support (EOS), as well as core infrastructure upgrade schedule.
When budgeting, start with known monthly income and expenses, and consider last year’s expenses as this year’s starting points. It’s good to periodically review these expenses and their providers to make sure you’re getting the lowest price available for what you need.
Each infrastructure device should periodically be evaluated for available firmware updates and patches, and your IT budget should include these updates. Backups and BDR solutions should be regularly evaluated to ensure that files and file systems restore successfully and there’s available space for future backup sets.
Next, host a budgetary planning meeting that includes your IT service provider and a representative from each department. Ask your staff what they hope to accomplish with technology over the next few years, and capture this information so it can be mapped on a budget timeline. This can be looked at as a “brainstorming” session, where criticism of ideas is kept at a minimum to encourage thinking outside the box. Another useful question is “what’s working and what’s not?”.
Following this meeting, research is required to identify and quantify requirements for the brainstormed ideas. You’ll want to involve your IT department or provider who can generate quotes with pricing.
Look over the quotes, then ask your provider to justify any line items you don’t understand, to explain labor entries and scopes of work, and to compare each solution against less expensive alternatives. Don’t forget to evaluate expected benefits and fulfilled compliancy requirements in addition to costs.
Dependencies need identifying, where one change requires another to occur in advance. Multi-stage dependency requirements can expand a project’s budget significantly.
Now how do you pay for these budgeted items? With positive cash flow, available short-term assets, and by tapping equity and borrowing sources. Increase your positive cash flow by collecting payments quickly after you deliver your products or services, setting up your customers to pre-order from you, negotiating with vendors for longer payment terms, reducing your inventory to just in time, and continually re-visiting your budget to confirm spending and verify expected results. Many IT Manufacturers and Distributors offer attractive financing, sometimes annuitizing without interest and offering $1 equipment buyout at final payment.
Budgeting can increase stress. By creating a budget in advance, involving all departments, and by making sure technology upgrade projects are planned for and don’t blind-side you, you can ensure the “going concern” nature of your organization and reduce everyone’s stress. This isn’t an illusion, but a very real result of your budgeting timeliness coupled with a reduction in frequency of invoicing surprises. You’ll look and feel like a hero.
Current Security Threat – Remote Support
Scams and Search Ads
“Hello, this is Microsoft Technical Support.” Or is it?
There is a new twist on an old scam that impersonates trusted companies like Microsoft, Apple, and Merrill Lynch, attempting to gain remote access to your computer or online account. Google Chrome appears to be the susceptible browser, and fictitious phone numbers can be found in the ads at the top of search results. These ads are platform-aware, such that scammers answer “This is Apple…” when you’ve used Chrome running on an Apple device to search for a number, and “This is Microsoft…” when Chrome was used on a Windows device.
The scammer will ask the victim to go to Microsoft’s Remote Assistance Support website. As stated at the bottom of the picture, Microsoft uses the 3rd support tool LogMeIn to provide tech support to clients. The unaware victim will think that they are working with Microsoft directly.
The scammer then provides the victim the 6-digit code to THEIR LogMeIn Account to gain remote access to the victim’s computer. See the picture below:
This is all a part of the scammer’s ongoing unethical pursuit to steal your money and/or identity. Once they have access to your PC, all of your data can potentially be compromised.
If you receive a call or email and are not sure if it is genuine, do not share any information or allow remote connections. Contact LeeShanok for any questions and we can make a determination of legitimacy.
LeeShanok takes IT security seriously and it is our duty to inform our clients about potential threats and vulnerabilities that can affect your business. LeeShanok is monitoring the current status of security threats and will continue to inform its clients of any new information.
If you have any questions or need assistance with anything IT-related, please don’t hesitate to contact us.
LeeShanok IT News Attackers exploit flaw in GDPR-themed WordPress plugin to hijack websites
Description
Attackers have been exploiting a security weakness in a GDPR compliance plugin for WordPress to seize control of vulnerable websites, according to a blog post by Defiant, which makes Wordfence security plugins for the web publishing platform.
What You Can Do
The developer behind the plugin, which is called WP GDPR Compliance, has issued a patch fixing the critical flaw. Its users are, therefore, strongly advised to upgrade to version 1.4.3, or alternatively disable or remove the tool.
Online Marketing - CS Design Studios