Mar 13
Using Gamification for Employee Training


Cyber threats are always on the rise, and businesses are constantly looking for ways to protect themselves. One of the most effective ways to train your team is through gamification. 


What’s That? 

Gamification is the process of using game design elements and principles in non-game contexts to engage users and solve problems. It is a powerful tool that can help organizations improve employee training and development. Gamification can be used to create immersive and interactive learning experiences that are more engaging and effective than traditional training methods. It makes learning more fun and interactive by incorporating game elements such as points, badges, levels, and leaderboards. This helps employees stay engaged and motivated to learn! 


How It Works 

We include this approach in our own cybersecurity training program for your team.  This includes phishing simulations and scenarios that replicate real-world cybersecurity threats. This allows employees to experience and learn how to deal with cyber-attacks in a safe and controlled environment. 

This can provide immediate feedback to employees, allowing them to learn from their mistakes and improve their skills. This can help identify areas where employees need further training or support. 

It can also reinforce learning by incorporating repetition and feedback. This can help employees retain information and apply it in real-life situations. 

And finally, it’s fun.  Gamification can create a sense of competition and motivation to learn among employees. This can lead to improved learning outcomes and a stronger cybersecurity culture within the organization. 

This effective tool for training employees and improving cybersecurity is just one component of our solution. By making learning more engaging, interactive, and effective, it can lead to a better-trained workforce and a more secure organization.  

As cyber threats continue to evolve, organizations must invest in employee training and development to stay ahead of the curve, and we can help your business to achieve this. 

If you need help implementing this training for you and your employee, just click here to book a free 30 minutes discovery call with us! 

Aug 25
Is your email compromised? Please check your Outlook Rules Now!


Are you using Office 365 or Exchange for email?  Business Email Compromise (BEC) is running rampant.  After a hacker obtains your user name and password, they will monitor your email for any interesting activity.  Your company is especially at risk if your business deals with large money transfers with wires or ACH payments.  Once a hacker finds an invoice or other large transaction, the hacker will email your client from your email (masquerading as you).  The hacker will instruct your client that your bank account has changed, and the client should transfer the funds to the new bank account.  If payment is not made immediately, the hackers (masquerading as you) will send additional fake emails making the payment request more urgent.  Often they will create a rule that will automatically mark any emails from the targeted client as read and place them in a very rarely used folder like the RSS Feeds folder.  That way, they can continue communicating with the targeted client without you noticing the rogue emails.  Please perform the following check to ensure there aren't any unknown routing rules in your email.

  1. In Outlook
    1. Start Outlook.
    2. Click on File, Rules and Alerts.
    3. In the Email Rules tab look for any rules you weren't aware of.  If unknown rules exist, take a screenshot of the rule and clear the checkbox to disable the rule or delete the rule.
  2. In Outlook Web Access (OWA).
    1. Log into OWA.
    2. Click on the Gear in the upper right corner.
    3. Options, Inbox and sweep rules.
    4. If any rules exist that you weren't aware of, take a screenshot of the rule and clear the On checkbox to disable the rule or delete the rule.

If you DO find a rule that you weren't aware of, contact any involved parties immediately (via your phone, NOT email) to notify them of a potential email compromise.  Ask the client if they've recently received a request from you or your company to change any bank account.  Please take the following measures to protect your company from this type of attack:

  1. Change your passwords regularly.
  2. Don't use the same password for different accounts.
  3. Enable Multi-factor Authentication on all accounts, including OWA access and email access.
  4. Stay up to date with patches.
  5. Implement cybersecurity end-user training so employees can spot this type of attack.
  6. Alert all clients if they ever receive a bank change request from you, they MUST verify the change face to face (best) or with a phone call.  Instruct them NOT to use any phone number listed on the request, but have the client contact you directly on your cell phone.  Instruct them NOT to use email to verify the request.

If you need help implementing any of these protection measures, send an email to


Jun 06
High CPU Utilization on a Terminal Server


We recently ran into a tricky problem on a terminal server.  The CPU utilization would spike to 100% for approximately one minute every 30 minutes.  When this happened, the Terminal Server would appear to freeze and become unresponsive.  Using the Task Manager, we noticed that the Webroot Core process took up most of the CPU resources during the spike.  We contacted Webroot support, and they recommended a uninstall/reinstall of the Webroot Software using the instructions below:

  1. Uninstall Webroot.
    1. Restart the server and press F8 in the boot screen.
    2. Select Safe Mode with networking.
    3. Start a cmd prompt
    4. Type in "C:\Program Files\Webroot\WRSA.exe" -uninstall or "C:\Program Files (x86)\Webroot\WRSA.exe" -uninstall for 64bit systems
    5. Enter the CAPTCHA.
    6. WRData & WRcore Removal
      1. Verify c:\programdata\WRData and c:\programdata\WRCore are removed.  The previously sent uninstall command should remove these folders however, if it hasn't, please delete both.
    7. Verify that the Webroot folders have been removed from both C:\Program Files and C:\Program Files (x86).  Delete them manually if they have not been removed.
  2. Reinstall Webroot
    1. After ensuring that the WRData and WRCore folders are gone, download the most current version of SecureAnywhere. Download the latest software version from the Resources tab in the Management Console.
    2. Do not use an installer that you have downloaded previously.  Please be sure to download a new installer from the console.  This ensures all recent fixes and improvements are included in the latest version.

If you have high CPU Utilization on a server running Webroot, try this fix.  It worked for us!

Jan 01
Exchange Mailflow Breaks on 1/1/2022 at 12:00 a.m. and the Y2k22 Bug


There is a major Bug on how some software stores the date/time of 1/1/2022.  Some software stores the date/time as a long integer variable.  The maximum value of a long integer variable is 2.147.483.647.  But when the date of is stored, systems break because this value is greater than the maximum allowed value of a long integer variable.  This Bug will impact any system that stores the date/time as a long integer variable.  As far as we know, it breaks mail flow on on-premise Exchange Servers and Mail Auditing and the Junk Box on the Sonicwall Email Security Appliance.


For Exchange, you have to bypass malware scanning on your Exchange Server to re-establish mail flow by issuing the following PowerShell commands:


  1. Get-ExchangeServer | % {Set-MalwareFilteringServer -BypassFiltering $true -Identity $_.Name} 
  2. Restart Transport service
  3. $ExchangeServers = Get-ExchangeServer | Select -ExpandProperty Name
  4. $ExchangeServers | % {Get-Service -ComputerName $_ -ServiceName MSExchangeTransport | Restart-Service -Force} 
  5. Restart the Exchange Front end Transport Service.
  6. Restart the Exchange Transport Service.


For SonicWall Email Security, a new version of the firmware will address this Bug – there currently is no workaround.

Nov 30
VMWare has pulled vSphere 7.0 Update 3


VMware has discovered multiple issues with vSphere ESXi 7.0 Update 3, 3a, and 3b and vCenter 7.0 Update 3b.  These versions are no longer available for download.  If you downloaded any of these builds before VMWare pulled them, DO NOT install these updates. 

The ESXi updates can cause the Purple Screen of Death (PSOD) and crash the host under certain circumstances.  Here are links to known issues with these updates: and  One client installed vSphere 7.0 Update 3, and it changed the iSCSI Qualified Name (IQN) on the host, which caused all of the shared SAN storage to go missing.  If you have any issues that are not resolved by the VMware Knowledgebase articles, open up a support case with VMware.

Oct 04
Facebook and Instragram are down today


Both Facebook and Instgram sites are down for a lot of users today.  It appears to be a problem with Domain Name Services (DNS)​, because both Facebook and Instragram do not resolve to an IP address.

Feb 10
Beware of Tricky Relevant Phishing Email Messages


Some Phishing Emails are floating around that are particularly tricky.  They typically deal with the following subjects:


  1. Payroll Protection Program (PPP).  Quite a few companies have applied for a PPP loan and forgiveness of that loan.  Many fake phishing emails attempt to trick you into clicking on a link, downloading an attachment, or entering confidential information.  They are typically related to the Loan Forgiveness Process or other PPP related matter.  As a general rule, DO NOT open these emails.  Study them carefully, hover over any link to see where they will take you (usually over a cliff), review the sender, recipient, and any other clues that the message is fake.  If it didn't come from your bank or, it's probably fake.  If you're not sure, contact your bank or directly to confirm that the message is legitimate.
  2. Covid Vaccines.  We've seen numerous emails claiming you can get a vaccine early, pay to "jump" the line, or other methods and promises to get vaccinated early.  Do NOT click on any of these emails.  Instead, go to or other reputable web sites to get information about the availability of vaccinations in your area.

Hackers are aware that people are concerned, stressed, and may let their guard down during the pandemic.  This is the perfect opportunity for these phishing campaigns to be more effective.  Make sure to pause and review the email.  If you have any doubts, delete the email and contact the resource directly.  Stay safe, everyone!


Nov 19
Gift Card Scams


With the holidays fast approaching, be on the lookout for this widespread scam.

This type of scam will slip through most anti-spam and anti-phishing software because most anti-phishing software only analyzes attachments or scans for suspicious links in an email. Gift Card Scam emails are dangerous because they do not have attachments or links to click — they look like emails from someone important in your organization asking for help, but are actually from a Cybercriminal.

The "From:" line of an email can display any name, so a cybercriminal can write a CEO's name but send the email from a different email address.

Gift Card Scam emails often appear to come from your company leader asking for a favor and mentions that they are too busy to talk on the phone. The scammer expects the employee will respond quickly to their boss' request. 

Here are the details and how to identify this type of attack:

  1. Spoof Sender Email.  The person will receive an email that looks like it came from the CEO/CFO/COO requesting help or a favor.  This email will be malformed, so the reply will go to a different email address other than the CEO/CFO/COO.  The email address may be a Gmail or other free email account. The spoofed email address will show when a user replies, but it is often overlooked.  It is overlooked because users don't look at the reply address when responding to the email.
  1. Spoofed Reply Email Address.  The person replies to the email, thinking they are responding to the CEO, but they are really responding to the Cybercriminal.
  1. Correspondence.  The email thread goes back and forth, making the request more and more urgent.  Train your users to be aware of any change of tone for email threads that request gift card purchases.  If the person thinks – wow that doesn't sound like the CEO - it probably isn't.  If you review the email thread, the reply address will be to a different domain – another clue of a fraudulent request.
  2. Purchased Gift Cards.  If the scam is successful, the impersonators will ask you to take photos of the numbers on the back of the gift cards and send them back. Once you send those photos, you're never getting your money back. 

Please make all users aware of these fraudulent attempts and how to spot them.  Closely review how easy it is (usually VERY easy) to determine the CEO/CFO/COO/Controller emails address via your website and social media sites like LinkedIn, Twitter and Facebook. 

Do yourself a big favor, don't immediately respond to emails asking for a favor. Call the person and ask if they really need any extra help (they won't).  Make it a habit to always check the email address when replying to a message to verify that the message is going to the intended person.  Stay safe and Happy Holidays!

Oct 05
SimpliVity VMs may not Inherit a SimpliVity Datastore Backup Policy

SimpliVity Backup Policies.jpg

When you create a datastore with SimpliVity, it is assigned a Backup Policy.  Any new Virtual Machines (VMs) that reside on that datastore will inherit the Backup Policy.  However, if you Storage vMotion a VM to a different datastore, the VM is suppose to retain the original SimpliVity Backup Policy.  In reality, your results may vary.

This is an issue if you Storage vMotion a VM to a new datastore with a different SimpliVity Backup Policy, and assume that the VM will automatically inherit the SimpliVity Backup Policy assigned to the target datastore.  In our experience, we've seen an existing Storage vMotioned VM, sometimes inherit the new target datastore Backup Policy, and sometimes retain the original Backup Policy. 

In addition to our existing data center in Switch Las Vegas, we recently opened up a new data center in Switch Reno.  We created a new datastore in Las Vegas and a new datastore in Reno.  Both new datastores have a Backup Policy that backup locally and to the remote data center.  For clients who want their VMs replicated between the two data centers (or for migrations between the two datacenters), we place their VMs on the datastore with the local and remote replication Backup Policy.  If a client has existing VMs that they want to replicate to the remote data center, we perform a Storage vMotion to the datastore that has the local and replication Backup Policy.  We assumed that the VM would start replicating to the remote datacenter when the Storage vMotion was complete.  In practice, we've seen the VM sometimes get the target datastore Backup Policy and sometimes retain the source datastore Backup Policy. 

The fix here is relatively simple.  After you perform the Storage vMotion, right-click on the VM, and manually assign the target datastore Backup Policy to the migrated VM.  Don't assume that the VM will inherit the target datastore Backup Policy.  If you do not perform this step, the VM may not receive the target datastore Backup Policy.  You may not discover it's an issue until you attempt to restore the VM in the remote datacenter.

Sep 25
SimpliVity Saves the Day (Again)


Yesterday, I received a panicked call from one of our clients.  He cleaned up some disk space on their Enterprise Resources and Planning (ERP) server, and some production data was accidentally deleted.  This caused their ERP package to crash. 

Fortunately, they have a vSphere HPE SimpliVity Cluster that backs up their Virtual Machines every 30 minutes.  Based on the timestamp of the folder, it appeared that the files were deleted around 4:05 p.m.  I reviewed the SimpliVity backups that were available for that ERP server, and there was a backup of the VM that ran at 4:00 p.m. – just before the accidental deletion of the files.  For a file-level restore, SimpliVity has a maximum limit of 32GB.  In this case, they weren't sure how many files were involved, so we decided to restore the entire VM instead of performing a file-level restore.  With SimpliVity, you can restore an entire VM in seconds (it took about 10 seconds) regardless of the VM's size.  We were able to successfully restore the VM and get them back up and running in a few minutes.  The client was VERY HAPPY!

We also run SimpliVity in our ADS Cloud Service.  A few years ago, we received a call from one of our ADS Cloud Clients, a CPA firm.  During tax season, one of the partners accidentally deleted all of the tax information for a client.  Before migrating to ADS Cloud, we informed the client that we backed up hourly and could quickly restore data.  After determining the best restore point, we were able to restore all of the client's deleted data in a few minutes.  The client was THRILLED to get back their deleted files.

The ability to restore a VM in seconds regardless of its size is one of the best features of SimpliVity.  It's saved our SimpliVity and ADS Cloud clients countless hours of work and lost productivity.  The thought of restoring a large server (>1tb) without SimpliVity is an intimidating task and may require six hours to a day or more depending on the speed of your infrastructure.  With SimpliVity, the restore takes seconds, not hours, not days.  For more information about SimpliVity or our ADS Cloud Service, please send an email to or call us at (310)541-8584 x 100.

1 - 10Next

Servers at Switch Las Vegas 

Home of ADS Cloud