by Felicien | Jun 25, 2018 | Education
Cyber Hacks on DNA-Testing Companies Raise Fears about Genetic Data Privacy
DNA-testing companies the latest to be targeted by cybercriminals
Stories of businesses getting hacked by cybercriminals are pretty much par for the course nowadays. Increasingly, companies who collect and store large amounts of user data are prime targets for malicious and greedy hackers. From social networking sites to ride-share companies, large stores of user data are one of the hottest commodities on the cybercrime market.
MyHeritage hack: Over 90 million users affected
One of the most recently reported attacks saw the email addresses and passwords of roughly 92 million users hacked. MyHeritage – an international company based out of Israel – is a DNA testing provider that offers customers the unique experience of determining the specific makeup of their ethnic ancestry and lineage. The MyHeritage hack stands out among others for the very obvious fact that the company doesn’t simply collect basic user info like emails and passwords – it collects and stores mass amounts of genetic DNA from subscribers.
Now, it must be noted that the MyHeritage attack only saw the theft of user emails and passwords. According to the company, none of the genetic data and DNA information provided by customers was compromised. Nonetheless, the attack serves as a critical reminder that nearly any kind of data stored on servers is at risk of being hacked.
The hack – which occurred in October of 2017 – was only identified and reported to the company by a security researcher seven months later in early June of this year. With about 92 million users affected, MyHeritage has been in damage control mode ever since. While representatives for the company claim there is no evidence to suggest the attack was malicious, they’ve admitted they can’t know for sure.
No genetic data affected, but can it be protected?
It’s important to remember that none of the genetic data collected by MyHeritage was hacked. In fact, most genetic data is stored separately and organized anonymously using a numbered barcode system. However, as cybercriminals continue to become more sophisticated and as user data becomes more valuable, companies will be required to work harder to keep even seemingly secure data safe. Especially when the data being collected includes genetic profiles of users.
MyHeritage has been taking steps to tighten cybersecurity protocols and increase user-controls and account security settings. A forced password change for the nearly 100 million affected users arrived by email. Additionally, the company has facilitated two-step verification controls to ensure user logins are better managed. However, some experts argue that this could have been set-up proactively to mitigate hack risks ahead of time.
Rob Verger, the Assistant Tech Editor at Popular Science Magazine raised a valid point in a recent interview. “If they can’t protect user data,” Verger said, “what makes them able to protect the genetic data?”
Going digital: Balancing benefits with risk in the modern marketplace
There’s a balancing act to be done when considering cases like these. There’s no denying that the electronic storage of data has been an asset – especially to the health and sciences industry. Doctors across the nation are making moves to paperless Electronic Medical Record (EMR) systems that make the patient experience more efficient and organized. Genetic testing companies have been revolutionary in their ability to efficiently and privately connect customers with priceless genetic information.
So how do you know when to draw the line? How can individual consumers reap the benefits of these technologies without leaving themselves open to invasions of privacy? According to Verger, the best strategy when giving out personal data is caution and a second thought.
“People should be careful about the types of information they give these services,” Verger said. “If your biggest nightmare is having your email address all the way to your ethnic history being hacked, then you shouldn’t subscribe to these companies or provide data.”
At the end of the day, what matters most is how the users were affected and how MyHeritage responded. When it comes down to it, users have a right to be wary. Not only about the attack, but also about the incredibly long time it took for the hack to be identified and disclosed to users.
Identification by a security researcher, seven months after the fact is hardly what anyone would call a vigilant cybersecurity effort. While MyHeritage is doing their best to rectify the situation and beef up security efforts, the doubt caused by the hack is understandably unsettling for affected users and potential consumers everywhere.
Walking the tightrope in an increasingly digital world
It’s no secret that today’s cyber-climate is more populated, dynamic, and personalized than ever before. The efficiency and customization that the online market offers are unparalleled. However, there is an underside to all this innovation that must be remembered. Service providers and their advertising teams are constantly looking for the most dynamic and personalized ways to advertise to their target markets in these online spaces.
This means collecting as much data on their consumers as possible and at whatever cost. Consumer’s digital fingerprints are increasingly valuable to companies across the digital market. If a company wants to get a consumer’s attention on the information highway, they know they need to personalize the experience as much as possible. This means that all the bits of data entered into your browser become fingerprints to help identify and sell to you.
In this competitive climate, genetic testing companies face an increased risk simply because of the personal nature of the data they collect. Having the genetic makeup of over 90 million consumers is an advertising goldmine, not to mention other potentially dangerous motivations of more malicious hackers. The bottom line? Users need to think twice and be vigilant about the data they choose to share.
“It’s a double-edged sword – EMR and genetic testing can help medicine,” Verger reiterates. “However, nothing out there is perfect,” Verger claims. “Things kept on servers can possibly be hacked or compromised and we need to remember that.”
Trying to find the right balance of technology risks and benefits? Wondering how to keep your organization current without succumbing to increased risk? Reach out to a team of seasoned IT security professionals.
A strategic IT partner will help improve your IT while managing and mitigating risk at the same time. You can have the best of both worlds – you just need a strategic partner, willing to walk the tightrope with caution and creativity.
by Felicien | Jun 25, 2018 | Education
Taking Data Visualization and Collaboration to the Next Level: Excel and Power BI Integration
Data visualization tools are all about helping to make it easier for people to work with their data. An even more important aspect of data visualization is to be able to get real actionable insights into the data you’re working with. The more easily a tool can satisfy both aspects, the better it is for both data handlers and data consumers.
Microsoft Excel is king in this regard. For most users, no other tool comes close to Excel as far as data management is concerned.
If you’re using Microsoft Office 365, you have access to yet another gem: Power BI. This suite of business analytics tools allows you to analyze data, and obtain and share insights in ways that no other tool can.
In essence, this suite of tools is designed to provide users with a 360-degree view of data, with the most important metrics all in one place. Even more amazingly, Power BI updates information in real time and makes it available across all devices.
If you’re using this tool, you can explore the data behind your dashboard with just a single click. Everything is intuitive and guides you to find the answers you need with ease.
Pooling the strength of Excel and Power BI together
While most people think they have to choose whether to use Power BI tools or Excel, the two can be used together to create a powerful combination for any range of data visualization needs.
Notice that the whole idea of Office 365 is to enhance collaboration within the organization. A complete cycle of content creation and collaboration would typically look something like:
Get data,
Analyze the data,
Visualize the data,
Publish the data, and;
Collaborate with other teams based on the data.
Normally, teams that use Excel tend to only involve Power BI when it comes to publishing their data. In essence, you can choose to work in the tool you love when using Excel and Power BI together. You can build your data or models, analyze and visualize them using either Excel or the Power BI tools – whichever works better for you – then publish out to Power BI where you can then build really beautiful reports to share with everyone in your enterprise.
Modern BI with Office 365
The modern BI available on Office 365 provides for efficient integration of Excel and Power BI Pro and Power BI Desktop. Different interactions between Power BI Desktop, Power BI Service, Excel Online and Excel Desktop exist that bring all these together in a common interface.
Each component in this interface has a function that complements that of the other.
Excel allows for data analysis in a familiar environment
Unlike most Power BI tools, the majority of the people within organizations are familiar with Excel functionalities. As such, Excel provides not only the flexibility and freedom to connect, shape, and model your data to fit your business needs, but also the familiar interface with which to visualize data for your organization’s teams.
Power BI Pro allows for publishing of reports
These are the BI tools available online that allow you to publish your reports securely to your organization while ensuring their accessibility from anywhere on any device.
Power BI Desktop is handy in building advanced models
This is the desktop-based interface of Power BI that lets you build advanced models, queries, and reports that help visualize your data in a way that can be consumed easily by anyone in your organization. Power BI Desktop is designed to enable visual data exploration and interactive reporting capabilities powered by a freeform canvas for drag-and-drop examination.
With this interface, you can build data models, create reports based on them, and share your work by publishing it out to the cloud-based BI services.
Office 365 brings everything together
This Microsoft service provides the platform that glues all these tools together into a single fabric and makes these interactions possible. On a broader scale, Office 365 allows solid team collaboration at the enterprise level; with real-time teamwork and compliance.
Here’s a sample demo showing a typical flow of data across this Excel- Power BI interface on BI Office 365.
The essence here is to see where each of the tools: Excel, Power BI Service and Power BI Desktop come in – with the SharePoint management tool as a necessary addition.
So, from the demo, different sales teams are working directly on various excel files, putting them together. Analysts then pull in all that data and add their input (behind the scenes/including adding data from other sources) before publishing it to Power BI where the data model will sit.
From there, a designer uses Power BI desktop to create final, typically actionable reports out of the model from the cloud.
Wrap Up
Well, as you can see, this is just a sample demo of what you can achieve by integrating Excel and Power BI tools together. Nonetheless, the key takeaway is the demonstration of just how using these tools in combination can serve to enhance collaboration within your organization.
by Felicien | Jun 25, 2018 | Education
Have you ever been in a position where you are supposed to work on an assignment or important document but you forgot your laptop or cannot access your desktop? That can be frustrating, but thanks to Microsoft, as long as you can access the internet on your phone or even tablet, you can easily resume working on your assignment. Microsoft 365 is an excellent business tool that provides you with lots of options when trying to access a saved document on another device.
A closer look at Microsoft Office 365
Office 365 is Microsoft’s global offering designed to provide users with access to the company’s top-of-the-line cloud-based tools for collaboration and productivity. The service is complete with web conferencing and high definition (HD) video, calendars, business-class email, online Microsoft office suite, as well as file storage and sharing.
When you stay connected to the Microsoft Cloud, you can be sure that all programs are up-to-date and available for users on a 24/7 basis. Below is a simple outline of just a few of the Microsoft 365 apps that enable us to work from any location or device.
Using Outlook App on your phone to work on the go
When you open your Outlook Application, you will see a calendar function, a file function, and a mail function. When you tap on the calendar function, you can see how similar it is to the one that is on the desktop, which means it will be easy for you to use. The files function will help you view all recently accessed documents on OneDrive and even some of the recently shared files—very convenient!
When accessing the mail function, this is where you are able to see all files, documents, and links shared with you. You can also share a file via OneDrive.
Accessing information shared via a link
Simply click on the link and it will open into SharePoint, which will allow you to view the file. If you need to edit the file, open it in the word App and as soon as you start editing, anyone who has access to the file will see your edits right away. Such an incredible feature! This is great because, after editing, you don’t have to keep sending final copies of the same document to everyone on your team. Documents are updated in real time, which is a real time saver!
Accessing the same information on different devices
It’s frustrating to lose devices such as phones, tablets, and even your laptop. If you travel a lot, you may even damage your laptop or phone. Though this can be expensive, it’s also devastating to lose important documents. Retrieving data from a damaged phone or computer usually requires an IT expert. Data retrieval used to be such an expensive ordeal and sometimes unsuccessful. The good news is that on Microsoft 365 you don’t have to worry if you find yourself in any of the above predicaments. Here is a simple outline of how you can access your information from any device.
Open any browser and type the words office.com, then log in. A page will come up with various Microsoft 365 Applications such as Word, Excel, Outlook, and services such as OneDrive. Click on the OneDrive service, which will immediately take you to all files located on OneDrive. You will then be able to access all files that have been saved to OneDrive.
These files are all live so this means that any changes made, such as editing by anyone on your team, will be there. You can view, share, or edit these files. Let’s say you wish to edit a file that you recently shared with someone. Just open that file and you will see an editing option on the top right. You can do all your editing in the browser. This works with all files including Word, Excel, PowerPoint, and other Microsoft applications. All updates will immediately show up on any shared documents.
There are so many other noteworthy features in Microsoft 365 that can help make your work easier. If you want to learn more about these helpful features, just visit this page: www.Microsoft.ca/GetItDone
Wrap Up
Losing or damaging your phone or laptop is always stressful, but you don’t have to lose any of your important documents when you work with Microsoft 365. You may be home sick for a few days, but you don’t necessarily have to get behind on your projects. It’s possible to work from anywhere using any device with Microsoft’s helpful range of products.
Remember that you can work from home and even share updates in real-time with your colleagues. As long as documents are stored to Microsoft’s OneDrive, they’ll always be right at your fingertips. That’s the epitome of convenience!
by Felicien | Jun 22, 2018 | Education
eFail flaw leaves encryption users on guard and encryption providers in ‘patch’ mode
Security researchers announced this week that a significant flaw exists among popular encryption tools that are used for encrypting correspondence and digital signatures. Any and all email encryption services that use OpenPGP standard and rely on GnuPG to encrypt their data and create digital signatures are subject to this wide-reaching security flaw.
Break Down: How the Encryption Security Hole Leaves Users Vulnerable
After a nearly month-long investigation, researchers have publically announced a series of security holes that have been dubbed ‘eFail.’ The eFail flaws were identified in PGP and S/Mime encryption tools and the glitches give cyber criminals the ability to uncover encrypted correspondence. The overall scope of this security flaw is hard to estimate, as most mainstream email providers – including Outlook, Apple Mail, and Thunderbird – have been impacted by the eFail glitches.
Even worse? The investigation revealed that eFail includes an input sanitization vulnerability, dubbed SigSpoof by software developer Marcus Brinkmann. This particular vulnerability allows hackers to forge digital signatures with stolen user ID data. Again, the impacts of these vulnerabilities are wide-reaching, affecting countless popular encryption applications including GnuPG, Enigmail, GPGTools, and python-gnupg. All of these providers have included patches for the vulnerability in their latest software updates.
According to experts, the vulnerabilities were made possible thanks to an OpenPGP protocol. Regularly, when a message arrives to the intended recipient, decryption occurs by separating the information and verifying a valid signature. This process occurs through the strategic separation of information using a file name system.
However, the investigation led by security researchers uncovered that the file name entry port allows for up to 255 characters, meaning it doesn’t get adequately sanitized in the decryption process. This makes it easier for cyber criminals to modify and alter file names and fraudulently gain access to confidential data. Once they’re able to gain access, cyber criminals can read encrypted messages in plain text and send fake messages via the application in hopes of spoofing digital signature verifications.
Patch Mode: Providers Scramble to Patch Flaw and Avoid Disaster
This widespread loophole can have hugely devastating impacts on affected users. Besides the obvious risks of data breach and forgery, the investigation uncovered that the flaw holds the potential to maliciously infect enormous parts of a user’s core infrastructure. In addition to email encryption, GnuPG tools are used for backups and software updates; the extent of negative consequences is difficult to estimate.
The investigation wasn’t just speculation either. Researches demonstrated three pieces of evidence to establish just how easily encryption and signature data can be hacked and forged thanks to the loophole. So far, the best and only solution is for affected users to immediately implement the latest available software updates. Since patches have been created, updating to the latest software versions is the only concrete strategy for ensuring the loophole doesn’t continue to leave users vulnerable.
Check out this list of platform-specific update prompts:
Upgrade to GnuPG 2.2.8or GnuPG 1.4.23
Upgrade to Enigmail 2.0.7
Upgrade to GPGTools 2018.3
Navigating the Digital Business Force: Vigilance and Proactivity are Critical
The bottom line is that operating as a business professional in an increasingly digital workforce means having to think about countless potential threats to data security – even in places one wouldn’t expect. It seems a new story is making headlines every week about some scary security flaw or devastating hack. But the reality is, with a proactive and level-headed approach, maintaining strong IT security standards for your organization doesn’t have to be a long and painful battle.
The first step, however, does involve accepting that there are simply some things out of your control. Hacks happen. Security holes happen. What matters most is that you and your team are prepared to respond and that you have a detailed plan for responding efficiently and effectively. It’s no secret that the worst time to think about cybersecurity planning is when you’re already in the midst of an attack. Proactivity is the key.
Being proactive involves more than reading about the latest hacks and telling your team to be on the lookout. It means getting emergency response plans on paper and providing detailed security awareness training for your team. It also may mean upping your network monitoring and management tools and delegating some IT responsibility to the professionals.
Does your team rely on some of the encryption tools mentioned in this article? Has your team updated all software with the latest patches? Do you often wonder about the vulnerabilities that are lurking in your company network? Are you overwhelmed trying to stay on top of seemingly endless cyber threats?
Stop thinking and take action. Maintaining a secure network doesn’t have to be expensive or overwhelming. Reaching out to a team of IT security veterans is the first step in taking control of your cybersecurity efforts. Today is the day to empower your business by reinforcing your security network instead of becoming the next victim of cybercrime.
by Felicien | Jun 22, 2018 | Education
Cyberattacks in Atlanta likely to be the most damaging in US municipal history
It was only this past March that the city of Atlanta was hit by a massive ransomware attack. However, city officials are claiming an additional $9.5 million dollars is required for the ongoing recovery effort. As the city struggles to restore normal and secure operations, many are wondering how high the total bill for the restoration will get.
When the city first took action in April, costs very quickly reached nearly $3 million. A recent Reuters report called the attack “the worst cyber assault on any US city” and noted the following implications:
Over 30% of software programs used by the municipality were uninstalled or disabled by the attack.
Countless municipal applications and government services were stolen, with nearly a third of affected data related to critical services like police and court departments.
The loss of over 70 municipal computers and the loss of over a decade’s worth of legal court documents.
An undisclosed amount of lost dash-cam footage from Atlanta PD.
Worse Than It Seemed: Additional Time and Money Required for Atlanta Restoration
However, with the recent request for an additional $9.5 million in recovery funding, it’s becoming quite clear that the scope of municipal government services implicated in the attack is far larger than these earlier reports suggested. According to city officials, the additional funding will be used to rebuild applications and restore services disabled or destroyed by the ransomware catastrophe. Not to mention, this $9.5 million request is in addition to the $35 million allotment the municipal IT department will be making in the annual budget.
Funding allotments have yet to be finalized and decided, and Atlanta’s 2019 municipal budget process was postponed in light of the massive cyberattack. Atlanta Mayor, Keisha Lance Bottoms announced her administration’s commitment to determining the root cause of the attack, as well as its overall impact on municipal operations. However, with such a large attack and a new fiscal year beginning on July 1st, the city is still struggling to respond strategically.
Maybe the Worst, But Not the First: Municipalities Increasingly Hit by Cybercrime
Atlanta isn’t the only municipality to be struck by cybercrime in recent memory. Though the scope of the Atlanta attack may be record-breaking, attacks on US cities aren’t a singular phenomenon. Just in the last two years, government departments in Rhode Island and North Carolina have made headlines. Not to mention countless attacks on emergency service departments in cities across the country.
So, the question becomes: if municipal and governmental departments are struggling, how can business professionals ensure their own data isn’t sitting prey for cybercriminals? Staying proactively informed is a great first step. Communicating with your team and developing cybersecurity best practices is even better. But even with these best intentions leading the way, cities, governments, and businesses are still at risk for data loss.
Full Throttle Response: Why Consulting an IT Security Expert Makes All the Difference
More and more, IT partners and managed security service providers (MSSPs) are playing a vital role in helping businesses – and governments – stay secure and protected. In fact, two award-winning MSSPs – Secureworks and EY – have been at the forefront of Atlanta’s recovery effort.
However, in an age of cost reduction, professionals are often wary about hiring external partners to do jobs they think they can manage themselves. This is understandable, and to some extent, business professionals do have resources available to help mitigate cyber risk on their own. The problem is, cybercrime is incredibly unpredictable. Standalone automated solutions simply don’t measure up to the reliability and expertise offered by IT security trade professionals.
Partnering with a managed IT security provider offers countless benefits, including:
Strategic planning – Partnering with an experienced MSSP is one of the best ways to implement strategic planning. An experienced and reliable partner will perform network evaluations, identify and fix vulnerabilities, and help develop detailed and customized plans for responding to threats and attacks.
Informed expertise – One of the most useful benefits of partnering with IT security professionals is the wealth of knowledge and experience they bring with them. Managed security experts know how to identify and properly handle all kinds of attacks including ransomware and other malware infections. Simply put, it helps to have someone on your team who truly knows the nuts and bolts.
Best practice development – If you’re looking to get concrete procedures and best practices on paper, an IT security partner can help spearhead the process. Using their experience and expertise, IT partners can help you create strategies and best practices to continually mitigate risk at all endpoints.
Proactive monitoring, management, and updates – Another key benefit of partnering with an IT security team is the reliability and consistency they bring. Having an IT security partner in your corner ensures there is a constant eye on your systems. Your IT partner ensures things are continually monitored and managed. Including everything from software and hardware updates to access controls and user permissions.
Employee education and empowerment – Perhaps most importantly, the right IT security partner is the best way to get your team more informed, prepared and vigilant. A managed security provider can help educate your team about different attacks and strategies for effective response. This way, even the weakest links in your security chain are taken care of.
Making Moves: Take Action Before Cybercrime Hits Your Company
Overall, partnering with an expert increases the chances of keeping business networks and servers unpenetrated. Partners provide a wealth of information and resources that help business professionals stay focused and productive while remaining vigilant in the face of cybercrime. This helps team members better identify threats as they occur and respond accordingly to keep them from escalating out of control.
Looking to tighten your cybersecurity effort but not sure where to get started? Desperate to avoid the potentially massive costs of ransomware restoration? Reach out to a team of IT professionals today. A team of experts will do whatever it takes to ensure your data is as secure as possible. Even better they’ll make you feel empowered to be your own cyber security hero.
