by Felicien | Sep 8, 2017 | Education
Check out the most advanced security tactics in the fight against hackers for companies like yours.
One of the worst things about malware is that it never stays the same. There’s always a new threat, vulnerability, or revised virus cropping up. But there’s good news—A lot of innovation is happening in the world of cybersecurity Let’s take a look at some of the latest advances and how they can help businesses like yours in the fight against hackers.
The “White Worm” Approach
For a while now, universities in countries like Sweden, Denmark, and Russia have been studying the Mirai worm, an annoying piece of malware that crept into programs and wreaked havoc. However, security experts at these universities had a good idea—What if they could turn Mirai into a vaccine to use against similar types of worms?
It’s not exactly a new idea, but it is finally showing real-world success. The White Worm Project created a vaccine that uses Mirai-like capabilities to access devices and search for vulnerabilities. However, instead of exploiting those vulnerabilities, the new software (called AntibIoTic for its smart-device application) adds an extra security code instead. The code alerts device owners about potential problems and changes the authorization settings so malware can’t get in.
Additional white worms can be designed to shore up lagging security, warn users about new threats, preemptively protect devices, and more. The future of anti-malware is looking a lot better!
Advanced Machine Learning AI (Artificial Intelligence)
If you’ve kept up on the latest malware developments and security solutions, you’ve probably heard about machine learning and AI programs. Large security organizations are now using AI programs to identify aberrations. These aberrations are numerous and customizable, and focus on any out-of-the-ordinary activity from both software and account users. They indicate anything from malware attacks to identity theft, so the “AI approach” has very quickly become popular. If you receive threat intelligence reports from Microsoft Office 365, you’ve benefited from this technology.
The software adapts based on what it learns. For example, AI software might send 10 alerts to a security administrator. The administrator notes that five of these threats are false positives (ordinary activity that’s just a little unusual, but not threatening). The AI uses its machine-learning capabilities to include this information in its future scans—adding more accuracy over time to pinpoint the security problem.
VM Browsers
Browsers get hit with a lot of malware that can be challenging to block. One new solution that’s getting praise from security experts is a VM (virtual machine) browser approach. In this case, a business only allows browsers to be used when they’re opened in a virtual machine. A VM is created with each new browsing session. If malware manages to make it through the browser, it will get stuck in the VM and be destroyed when the browser session is complete. This approach is interesting because it also allows for the possibility of popular “security browsers” to be used at the professional level, a trend that’s just off the horizon.
Email Authentication
DMARC or Domain Message Authentication Reporting and Conformance is a term you can expect to hear frequently in the near future. It’s an email authentication standard that helps companies to secure their email (to prevent hackers from spoofing them for phishing attacks) and confirm the emails of others (to stop incoming phishing attacks). Customized authentication standards open the path to better and faster security for businesses worldwide.
Architectural Security
The Internet of Things (IoT) is defined as a pervasive and ubiquitous network which enables monitoring and control of the physical environment by collecting, processing, and analyzing the data generated by sensors or smart objects. While many existing security technologies and solutions can be leveraged in a network architecture, there are unique challenges in the IoT space. Architectural security refers to how the Internet of Things is set up. It’s about designing and producing smart devices with security in mind – making them more difficult to access, and with communication features that decrease the likelihood of an attack.
Encrypted Detection
If you’ve attended any of the latest security conferences, you’ve probably heard talk about encrypted detection. However, encrypted data is hard to scan for signs of hacking. In the past security solutions had to unencrypt data and analyze it for threats, or just let the encrypted data pass and hope it didn’t include anything dangerous. Modern solutions have found ways to search for threats in encrypted data, without compromising its encryption. This is a big deal for companies that want to protect their data – especially wireless data –and should soon become standard once the last few wrinkles are ironed out.
Security as Development
During program development, security is often added on after the core workings of the program are already complete. This is problematic – it tends to create a lot more vulnerabilities. We’re finally seeing a concerted demand for developers to start including security aspects in their initial coding. This new standard could help secure many of the applications on the market.
Do you need help with data security for your business in {city}? The team at {company} understands these challenges. We’ll work with you to create a comprehensive security plan to protect your business from data breaches, malware or other cyber threats. Contact our security professionals at {phone} or {email} to schedule your no-obligation consult.
by Felicien | Sep 8, 2017 | Education
More Than 50% of All Social Security Numbers in The U.S. Were Stolen. Make Sure Yours Isn’t on The List.
On Thursday, September 7, 2017, hackers stole the names and social security numbers of 143 million Americans after a massive breach of Equifax. That’s more than half of the adult population.
Amazing, right? Not really—Cybercriminals are much more sophisticated than in the past. Staying safe and secure online is becoming more difficult all the time. Cyber criminals are everywhere, constantly looking for ways to breach network vulnerabilities—And they hit the “Mother Lode” with this one!
The hackers entered the Equifax data base, scanned through birth dates, addresses and driver’s license numbers, as well as 209,000 credit card numbers! The breach occurred between mid-May and the end of July, but, unfortunately, we’re just finding out now.
Equifax is an obvious target for hackers because it stores so much valuable, confidential personal data. But isn’t it ironic that a company that sells identity and security products ends up getting hacked. If they can, your business can too.
What You Should Do.
It’s imperative that you find out if your data was compromised. To do so, go to the Equifax website and sign up for their free credit monitoring and identity theft protection. (Equifax is offering this to every U.S. consumer in the country regardless of whether they were victimized.)
Here are the instructions Equifax provides:
To determine if your personal information may have been impacted by this incident, please follow the below steps:
Click on the below link, “Check Potential Impact,” and provide your last name and the last six digits of your Social Security number.
Based on that information, you will receive a message indicating whether your personal information may have been impacted by this incident.
Regardless of whether your information may have been impacted, we will provide you the option to enroll in TrustedID Premier. You will receive an enrollment date. You should return to this site and follow the “How do I enroll?” instructions below on or after that date to continue the enrollment and activation process. The enrollment period ends on Tuesday, November 21, 2017.
CHECK POTENTIAL IMPACT
The information accessed includes credit card numbers for approximately 209,000 U.S. consumers. Fraudulent credit card charges will likely take place, if they haven’t already.
In addition:
Be sure to scrutinize your credit card and bank statements for charges that you don’t recognize. (You should be doing this every month anyway.)
Watch out for any notifications that new credit applications have been filed on your behalf. If your personal information is circulated on the black market, other criminals will try to find ways to take advantage of it.
Keep a lookout for phishing emails. Cybercriminals often sell stolen personal information for use in email “phishing” campaigns that persuade victims to hand over additional sensitive information, including bank account numbers.
This Wasn’t the First Major Breach, and It Certainly Won’t Be the Last.
Here’s a brief list of some of the breaches that took place just this year:
Gmail May 3, 2017: Gmail users were targeted in a phishing scam that gained access to accounts through a third-party app. The emails looked like they came from a user’s trusted contact saying they wanted to share a Google Doc with them. Once clicked, the link led to Google’s real security page where the person was prompted to allow a fake Google Docs app to manage his or her email account. Nearly 1 million users were affected.
The IRS April 6, 2017: 100,000 taxpayers had their personal information stolen via the IRS Data Retrieval Tool, which is used to complete the Free Application for Federal Student Aid (FAFSA). Identity thieves also used the tool to steal additional data.
DocuSign May 17, 2017: Customers of this electronic signature provider were targeted with malware phishing attacks. The hackers breached one of DocuSign’s systems, and used the email addresses they stole to conduct a malicious email campaign where recipients were prompted to click and download a Microsoft Word document that contained malware.
Chipotle April 25, 2017: Chipotle said payment card transactions that occurred from March 24, 2017 through April 18, 2017 may have been breached. The investigation is still ongoing. At the time the notice was published, the company didn’t have any additional information, and said it’s too early to provide any more details.
So, What Can You Do to Protect Your Business from a Hack?
You can no longer protect your wired and wireless networks with simple security solutions. You must deploy a proactive defense.
You can’t do this alone. Anti-virus and malware programs aren’t enough You must partner with a trusted Managed Service Provider in your area who provides:
Vulnerability & Risk Assessments to ensure you comply with HIPAA, FINRA, PCI or other industry regulations.
24/7 Remote Network Monitoring that detects and blocks security threats.
The latest Anti-Spam, Anti-Virus and Anti-Malware Solutions that secure your desktops, laptops, servers and mobile devices.
A Managed Firewall that’s constantly deployed and upgraded in real time to prevent unauthorized access and data breaches.
Remote Network Management for issue-remediation to ensure both wired and wireless Network Security.
Web-Filtering Solutions to protect you and your staff when using the Internet from any computer device, wired or wireless.
Backup and Disaster-Recovery Services so your files are always secure and retrievable as recommended by the S. Government.
Data and Email Encryption to ensure your information is protected against unauthorized use, and that messages are kept private, both when in transit and when archived.
Safe Wireless Networking with the ability to constantly monitor and secure access points to prevent unauthorized users from entering.
Mobile Device Management so your confidential data is protected when employees use BYOD.
It’s hard enough to secure your personal data. Securing your business’s data is much harder. It takes expertise. However, you can implement very effective solutions (such as those listed above) to ensure that when a hacker comes around, he’ll move on to another victim, because your infrastructure isn’t worth the trouble of hacking into.
{company} will deploy a proactive defense to protect your business in {city} from today’s malicious cyber threats. Don’t wait until a data breach occurs. Contact us for an assessment of your Network Security needs: {phone} {email}
by Felicien | Sep 6, 2017 | Education
Do you know about NIST and what their guidelines can do to benefit your business? If not, it’s time to get educated.
The National Institute of Standards and Technology (NIST) promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards, and related technology through research and development. They support greater development and application of practical, innovative and secure technologies to enhance our country’s ability to compete more effectively on the world stage.
What does this have to do with your business? — If you adopt NIST standards, your business will be more competitive and secure.
The next time your IT team advises you to comply with NIST, listen. While you may think that overarching IT authority will limit your company’s effectiveness, the exact opposite is true. Governance and innovation are not mutually exclusive concepts when it comes to your business.
Risk, Compliance and Regulation
NIST provides standards and metrics for maintaining organizational effectiveness and information security. By adopting these policies along you’ll reduce confusion and provide your IT and business teams more time to focus on process optimization and growing your business.
However, even the most innovative, NIST-compliant organizations can’t innovate and compete if they use aging technology systems. To operate productively and lead the force in innovation requires a peak-performing, secure IT infrastructure, along with the adoption of NIST compliance controls.
Creating a framework for governance can be difficult as complexities evolve and IT assets are being introduced at an expanding rate. When risk isn’t adequately controlled and governance rules aren’t followed, you open yourself up to of both foreign and domestic hackers who have the resources to find holes in your security practices. This is why you need the assistance of an IT Managed Services Provider who is versed in NIST best practices.
NIST recognizes the critical need for cybersecurity standards and best practices for organizations like yours. Following NIST’s cybersecurity standards can enhance your ability to address current and future computer and information security challenges.
Big Data and Security
The heavy reliance on data translates into more opportunities for hijacking information as it moves between locations—And the additional endpoints in today’s businesses add risk factors that are difficult, if not impossible, to control. The vast quantity of data points from online sales transactions, social media and mobile activities make organizations like yours a primary target for cybercriminals interested in learning more about your expansive network of individuals.
Governance provides a way to secure data and provide customers and employees with a higher level of comfort knowing that their personal information is being protected.
Federal Information Processing Standards
NIST has created a set of guidelines called Federal Information Processing Standards (FIPS) that are the gold standard of managing data for U.S. federal agencies. Since these standards are endorsed by the U.S. government, any contractors and companies in their employment must actively be engaged in maintaining these specifications and best practices.
These stringent security measures ensure that anyone doing business with the U.S. government is in full compliance with all other standards including HIPAA, FISMA (Federal Information Security Modernization Act) and Sarbanes Oxley (SOX).
NIST Compliance Examples
While this is not a full overview of what brings an organization into NIST compliance, below are a few of the steps you can take to comply with standards for FISMA:
Security controls must be continuously monitored.
Baseline controls must be documented in a written plan, with risk assessments to refine the standards.
Security professionals must document any data protected under FISMA.
Any information systems used for processing must be authorized, with full security controls applied.
Ongoing performance monitoring is crucial to maintaining full compliance.
Becoming NIST compliant may be challenging for smaller IT teams, but there are myriad benefits if you do this. Even if you aren’t actively conducting business with the U.S. government, these regulations may help stop aggressive cyberattacks and protect your customers from being the victim of a data breach.
Alternatively, NIST compliance does not ensure that your organization will be safe from cybercriminals, internal attacks or simple negligence — but it can help. Monitoring of NIST and other standards by a competent Managed Services Provider is one way you can provide a higher level of security than can be provided by internal IT teams.
Innovation and competitiveness can only flourish when your IT systems are fully supported, structured and secure. When your IT teams aren’t spending their time chasing outliers or managing non-compliance issues, they can better support the growth of your business.
Let {company} help your organization in {city} find the ideal measure of governance to support your competitiveness, innovation and security. Contact our IT Process and Security Professionals at {phone} or via email {email} to learn more about how you can accelerate your company’s growth potential.
by Felicien | Sep 6, 2017 | Education
Mac vs. Windows: Which is the better operating system?
It’s an age-old question that may never get answered. But there’s a happy compromise—The newest version of Parallels makes it possible for your employees to choose the OS they prefer.
Discover the Power of Parallels 13 for Mac!
For the sake of civility (and productivity) in your office, both Mac and Windows lovers must put aside their differences and come to together as one — or at least have the ability to run the same business applications.
Since the majority of business applications are still Windows-based, Mac users who want to use their beloved computers at work are the ones who wind up needing to find a solution.
Luckily, there are a few good fixes out there that let Mac users run Windows applications. Two of the most popular are Boot Camp and Parallels. While both Boot Camp and Parallels are good at what they do, Parallels just released a new version, and I think it deserves a closer look by my clients who use Macs to run Windows software.
The Power of the New Parallels
The release of Parallels Desktop 13 for Mac provides new options for Mac lovers. First, the new release comes in three different versions—The Home and Student Edition, the Pro Edition, and the Business Edition. (I’ll explain the differences between each in a moment, but first, let’s dive into what all the versions have in common.)
With Parallels, you can jump between PC and Mac applications effortlessly without rebooting your computer. This saves time, and immediately increases your productivity.
Plus, you can access Windows files 47% faster than in previous versions of Parallels. Parallels 13 was created to run on the High Sierra (10.13) operating system, and can easily run the Windows 10 Fall Creators Update.
The new release of Parallels provides many improvements to the previous versions, with the ability to:
Install Windows onto a Mac with a single click.
Integrate Windows 10 applications into the Touch Bar.
Add the upcoming Windows 10 People Bar directly to the Mac Dock.
Adapt Retina displays to show Windows 10 applications on the fly, and to change the display configurations manually without rebooting.
Tweak settings automatically to increase performance depending on the type of application you’re running.
Use over 30 toolsto take the pain out of maintaining and optimizing your Mac.
Run Windows’ 10 applications, and run Linux applications via an installed Linux OS version.
The Different Versions of Parallels 13
As, mentioned, you can choose from three different editions of Parallels 13. I expect the majority of small businesses will find the Pro Edition is the best match for their needs. However, here are highlights for each version to give you a better idea which one is the most suitable for your business.
The Home and Student Edition is a great choice if you plan to run Windows applications occasionally, and ones that require low specs to function. This version offers 8 GB of virtual RAM, and lets you assign up to four virtual CPUs for each Virtual Machine. That’s enough to run common business applications like Word. However, it may not be enough for graphic-intense applications or games. The Home and Student Edition comes with 30-days of premium telephone and email support to help you resolve any installation issues.
The Pro Edition is a great choice for small businesses that need more computing power and flexibility than what the Home and Student version provides. It provides up to 128 GB of virtual RAM, and you can apply as many as 32 virtual CPUs per Virtual Machine. This is enough processing power to run even the most intensive graphic programs on the market today. The Pro Edition lets you tap into the power of Microsoft Visual Studio IDE, and software that online developers require. The Pro Edition supports a variety of business cloud services which are typically restricted to Windows users. Plus, it comes with unlimited premium telephone and email support
The Business Edition makes deploying Parallels 13 across multiple computers much easier. In addition to all the benefits the Pro Edition provides, it lets your IT department administer users and manage multiple licenses from a central location. It also has multiple security features IT professionals can use to protect your network without having to spend hours creating a custom solution. This edition offers the same computing power as the Pro Edition, and offers 24/7 unlimited support through email or by telephone.
Parallels was already an excellent application for businesses using multiple operating systems—And the newest version just made it better. In my opinion, if you’re looking for a way to run Windows applications on a Mac, Parallels 13 is a good choice. Plus, owners of older versions can also benefit from upgrading to the new version.
For more information about Parallels 13, and if it’s right your business in {city}, contact the IT experts at {company} at {phone} or {email}.
by Felicien | Sep 6, 2017 | Education
Your Employees Want to Work Efficiently Regardless of Their Physical Location. In Fact, They’re Demanding This.
Today’s mobile workforce demands flexible work options. And, in our option, Microsoft Office 365 is the best choice. See how this cloud-based solution supports the way your employees want to work today.
If yours is like most businesses today, you’ve been surprised how employees demand work options you didn’t provide before. From wanting a greater work-life balance, to having the ability to stay on top of breaking situations when out of the office, they now require mobile, collaborative, software solutions.
Office 365 allows your employees to work efficiently and securely regardless of their physical location, the device they use, or level of connectivity.
Office 365’s Multi-Device Support Provides the Flexibility They Need.
With an Office 365 subscription, your teams can work where and how they need to — whether it’s from their phones, laptops, desktops or tablets. With access to presentations, spreadsheets or documents in a taxi on the way to meeting, Office 365 is game-changer for employees who are often pressed to make last-minute decisions. Its innovative structure allows them to edit a file on their laptop, and later open the same file on their phone or tablet to make tweaks before important presentation.
Ongoing Cost Management
Purchasing subscription-based Office 365 allows you to spread your costs over a long period of time—something that can be valuable when it’s difficult to pull together funds for software or upgrades.
The cost to upgrade software on numerous machines was once a reason to continue using aging software—No longer. Cloud-based software subscriptions like Office 365 ensure your workers have access to the latest tools to drive innovation and efficiency.
Due to its benefits, it’s predicted that by 2020, more than 80 percent of software vendors will change from traditional license and maintenance, to subscription-based models like Office 365.
The Benefits of a Promoting a Remote Workforce
Offering flexibility to your workforce is a way to differentiate your organization as the best place in town to work. You’ll attract and keep the best talent, often without raising pay scales significantly.
Plus, with Office 365 you can manage licensing deployment from a distance, which is critical when you have employees working from home or out of state. A blend of onsite and offsite workers is now accepted as the norm, and Microsoft offers the tools to help you manage this with ease.
Competition for top workers is tight, with businesses looking for ways to out-innovate their competitors. Providing workers with the ability to work remotely with Office 365 allows for a more effective work-life balance, which can be missing from your competitors’ organizations.
Office 365 Is the “First Name” in Collaboration
Microsoft’s remote collaboration tools such as OneDrive allow your employees to work together on files by editing them in real-time, and saving them across their devices. Collaboration has long been a challenge for remote teams, but the tools in Office 365 now provide an exceptional connection.
Work is being transformed and accomplished, from mobile, shared documents, removing the constraints of paper. Individual empowerment is at an all-time high with organizations that leverage Office 365’s sophisticated, yet simple-to-operate, secure tools.
Employing Millennials
As more Millennials enter the workforce, there’s a growing need to provide a fluid culture that provides ample opportunity for uniting a global workforce. It’s no longer unusual for a project team to span continents as well as states, with physical locations being, perhaps, the least important component of their effectiveness.
At {company}, we find that by providing a more fluid approach to the workday, that our employees’ efficiency and effectiveness have increased—And, this goes for all generations, not just Millennials.
Having a familiar and consistent interface across different devices provides your employees the comfort level they’ve come to expect from Microsoft products. Whether it’s checking their calendar on an Android phone, Surface tablet, desktop PC and Apple Watch, or picking up where they left off editing a contract while sitting on the subway, productivity tools have evolved to be as mobile as the people using them.
{company} can help you learn more about, and deploy innovative solutions like Office 365. Contact us by calling {phone} or email {email}. We will work you to create the ideal package for your needs, while keeping upfront costs to a minimum.
