by Felicien | Feb 1, 2019 | Education
On January 22, 2019, The U.S. Department of Homeland Security, DHS, Cybersecurity and Infrastructure Security Agency, CISA, issued an emergency directive. This emergency directive was put into place to address ongoing problems and issues associated with global Domain Name System, or DNS, infrastructure tampering. As a business owner or executive in charge of a business, you may have many questions about this and how it can affect your business. Here is what you need to know about DNS infrastructure tampering.
What is DNS Infrastructure Tampering?
DNS infrastructure tampering involves techniques that allows an attacker access to your DNS. They are able to compromise a users’ credentials, allowing them to make changes to DNS records. Once the records are changed and altered, it allows an attacker the ability to access and intercept many things related to the network, including but not limited to your web address, your mail traffic and web traffic. An attacker can take that information and redirect incoming traffic to an unsafe website that may contain viruses or may collect information about your customer or business. When the attacker accesses your DNS, they also have access to encryption certificates, which allows certain information to be decrypted. And unfortunately, since the certificate is valid, your users will receive no error warnings that the certificate is outdated, so they may feel safe putting in personal information.
How Can DNS Infrastructure Tampering Affect Your Business?
When an attacker tampers with your DNS infrastructure, they basically hi-jack your website. They can control incoming traffic, control where that traffic goes, and see personal information, such as names and credit card numbers. Unfortunately, if your page is hijacked, you have to tell your customers that their personal information may have been compromised, which reflects poorly on you. Your customers and clients expect you to keep your page safe for them, and if you fail to do so, it can be detrimental to your business.
How Can You Protect Your Business From DNS Infrastructure Tampering?
It can be difficult to determine if your DNS infrastructure has been tampered with unless you take the time to carefully review your DNS certificates. It is recommended that you take the time to audit your DNS records, change your DNS account passwords to more complex passwords and add multi-factor authentication to all of your DNS accounts. This should be done within 10 days, as the threat level for DNS infrastructure tampering is so high. This should also routinely be done in the future to ensure your DNS certificates have not been tampered with.
DNS infrastructure tampering can create a security threat to your business. It can negatively affect your business website, and any websites that those within your business frequently visit and interact with. Fortunately, there are steps you can take to help decrease the risk of DNS infrastructure tampering and protect your business. Having the right IT team in place and learning about security threats is imperative to keeping your business safe from threats at all times.
by Felicien | Jan 31, 2019 | Education
Adding a new name and email address to your list of Microsoft Outlook contacts is pretty simple. There are two different ways you can do it depending on whether you want to add the contact information from an email or just want to create a brand new contact.
How to Add a Contact From an Email
1. Right-click the name of the sender in the heading of the email from whom you want to add as a contact.
2. Select “Add to Outlook Contacts” from the drop-down menu.
3. After clicking, you will see a form which is partially filled in with information such as the person’s name, email address, phone number, job title, etc. Fill in any missing information or make any other changes you want.
4. When you are satisfied, click on “Save & Close” on the menu bar at the top of the screen.
How to Add a Completely New Contact
1. Find and select the person icon on the verticle menu bar on the left side of the window.
2. Click on the “New Contact” button on the top menu bar.
3. This will bring you to a completely blank form which will allow you to add the person’s name, email address, and other personal information including a photograph.
4. When you finish adding information, select “Save & Close” on the menu bar at the top of the screen.
That is it!
Now whenever you want to email the person you just added, you will only need to type in the first few letters and Microsoft Outlook will automatically suggest the contact. Remember that you can always change or add to the personal information for each of your contacts by selecting the person from your contact list.
by Felicien | Jan 31, 2019 | Education
What are the Proposed Changes to NC’s Data Breach Laws?
North Carolina’s lawmakers will consider legislation first introduced by the Attorney General Josh Stein and Representative Jason Saine. The proposed law would redefine the term “data breach” and give companies 30 days to report breaches to consumers.
For healthcare providers, this reduces the HIPAA timeframe, which states that breach notifications must go out within 60 days. According to the proposal, this gives consumers additional time to freeze their credit and take steps to prevent identity theft.
The law extends the definition of a breach to include ransomware attacks – a big change for healthcare providers, who have been targeted by recent hackers.
How Do the Proposed Changes Give Consumers Greater Control?
Consumers gain a number of protections, including the following.
Quicker notification. Receiving notification within 30 days, instead of 60, gives consumers a heads up so that they can take action to protect their credit and identity.
Credit freeze. Consumers can place a temporary freeze on their credit reports to prevent hackers and thieves from opening unauthorized credit cards in their name.
Credit monitoring. If a credit reporting company, such as Equifax, is breached, they have to provide four years of free credit reporting to impacted consumers. Other organizations that are breached have to provide two years of free credit reporting.
Clarifies penalties. Businesses that fail to report breaches within 30 days will be in violation of the Unfair and Deceptive Trade Practices Act.
What Does This Mean for Consumers?
The bill expands consumers’ right to information about the breached data, as follows.
Consent. A company seeking access to a person’s credit information would need that person to express their permission. The reason for the request has to be provided in writing.
Right to request information. North Carolinians can ask the consumer reporting agency to give them a list of credit-related and non-credit information, its source, and the entity or person that received it.
Why is the State Considering the New Rules?
North Carolina hosts the headquarters of many credit card companies and financial institutions and the legislation follows a dramatic rise in breaches throughout the state. According to Health IT Security, 1.9 million North Carolina residents were compromised in 1,047 breaches in 2018. This was a 3.4 percent increase over 2017.
This is the second attempt to tighten privacy laws in the state. If this bill passes, North Carolina would join several other states that have passed similar laws to combat digital thieves. For example, Colorado passed legislation to shorten their breach notification to 30 days in 2017, and Iowa is proposing a 45-day deadline to notify consumers.
Is This Just Happening in North Carolina?
On the national front, lobbyists and some Congress members are also calling for more protection for consumers whose data has been compromised. For instance, the Information Technology and Innovation Fund has suggested scrapping the hodge-podge of privacy regulations, such as HIPAA, in favor of more unified federal privacy laws.
by Felicien | Jan 31, 2019 | Education
Do you want to have the ability to stay on top of your emails from anywhere without the need to learn a new email system? Then enjoy the convenience of using your Microsoft Office 365 email and calendar directly on your smartphone. The Microsoft Outlook app is available for both iPhone and Android devices, it is free to use, and only takes a few minutes to get it up and running.
A Quick Guide to Installing the Outlook Office 365 Mobile App on an iPhone
The first step is to download Microsoft Outlook from the App Store. Be sure to search for and download the latest version of the “Microsoft Outlook – Email and Calendar” available from Microsoft Corporation.
Once the Microsoft Outlook app finishes downloading, open the app and select “Get Started” from the menu. Choose “Get Notifications” if you want to receive email alerts. Remember, you can always adjust your notification setting in the future.
To connect with your Microsoft Office 365 account, input your email address and click “Add Account.”
This will take you to a login screen with the email portion of the form already filled. Enter your email’s password and select “Sign in.”
If you want to add additional work or personal accounts, you now have the option. If you don’t want to add more accounts at this time, click on “Maybe Later.”
Go through the tutorial to learn how to use the app to write, read, and respond to emails or access your calendar. Now, whether you access your Microsoft Office 365 account using your phone or computer, everything will remain perfectly synched.
A Quick Guide to Installing the Outlook Office 365 Mobile App on an Android Phone
First, go to the Play Store and search for the latest version of Microsoft Outlook. Once you find it, click on “Install.”
When Microsoft Outlook finishes downloading, open it and choose “Get Started.”
Type in your Microsoft Office 365 email, and select “CONTINUE.”
Now you need to log in using your Microsoft Office 365 credentials. The email portion of the form is already complete, so just enter your password and select “Sign in.”
At this point, you can either add additional accounts by clicking on “CONTINUE,” or skip this step for now by tapping “SKIP.” You can easily add additional accounts in the future.
Learn how to use the app to write, read, and respond to emails or access your calendar by going through the short online tutorial. Now your Microsoft Office 365 account will remain synched whether you access it through your computer or smartphone.
Once you have on-the-go access to your Microsoft Office 365 email and calendar, you will find yourself being more productive no matter if you are in or out of the office.
by Felicien | Jan 30, 2019 | Education
A major FaceTime bug discovered recently has left Apple device users skittish about yet another privacy concern and forced the tech giant to scramble for a fix for the issue.
For users of Macs or iPhones, understanding the FaceTime flaw and knowing how to disable the function are important steps until the issue is fully resolved.
What is the FaceTime Flaw?
The FaceTime flaw affects iPhone users running iOS 12.1 or later. Here’s how it works. Someone calls your number using the FaceTime feature. Before you pick up, the caller swipes up and adds their own number (or any number), creating a Group FaceTime interface.
At that point, the caller can hear all audio coming through your microphone — even if you never answered the call.
News of the glitch spread like wildfire over social media. Others discovered that taking further simple actions could give the caller access to video, too.
What Is Apple Doing About the Issue?
Within hours of broad disclosure of the issue, Apple disabled the servers controlling the Group FaceTime function. As of January 29, Apple’s system status page states that “Group FaceTime is temporarily unavailable.” The company has stated that a fix is likely in a few days.
The company had first introduced Group FaceTime in late 2018 for both Macs and iPhones.
What Should I Do About FaceTime on My Device?
Users may want to disable FaceTime on their iPhones or Mac computers. It’s a simple process for either device type.
For iPhones
1. Go to Settings .
2. Scroll to FaceTime. This feature is in the fifth section of settings along with other built-in apps like Phone, Messages and Maps. If you’re having trouble finding it, go to the top of the Settings screen and type FaceTime in the search bar.
3. Click on the FaceTime bar.
4. At the very top of the FaceTime settings, there’s a label marked FaceTime with a slider. If the green light is lit, FaceTime is activated on your phone. Slide the slider to the left to turn FaceTime off.
Note: When Apple releases an iOS update, install the update, go back to the FaceTime settings and slide the slider to the right to reactivate the feature.
For Macs
1. Launch the FaceTime App.
2. Select the FaceTime menu bar from the top-of-the-screen navigation.
3. Select Turn FaceTime Off. Command-K also turns the feature off.
Note: Once Apple releases a fix, turn the feature back on by launching the app and clicking the Turn On feature.
How Did This Happen?
It’s unclear how this flaw was included in the Group FaceTime release. However, the New York Times reported that a 14-year-old Arizona boy discovered the glitch on January 19, 2019, 9 days before it became widespread on January 28.
On January 20, the boy’s mother sent a video of the flaw to Apple, warning of a “major security flaw.” She heard nothing from Apple Support and began using other channels to try to get the company’s attention. She emailed and faxed information to the Apple security team. She posted alerts to both Twitter and Facebook. Five days later, on January 25, Apple’s product security team suggested she create a developer account and submit a formal bug report.
It appears that the company didn’t react until three days later when a developer reported the flaw and a 9to5mac.com article went viral.
Apple faced criticism for its brief and limited response, which stated the company “identified a fix that will be released in a software update later this week.” In an ironic twist, the bug went viral on January 28, which is international Data Privacy Day.
