by Felicien | Jun 13, 2017 | Education
For many people, the vision of a world of driverless cars represents a commuter’s utopia, and for good reason. Commuting is costly, not only in terms of time and money but in terms of stress-related illnesses. Despite the fact that people have adapted to hurtling through space at 70 miles per hour while avoiding a potentially deadly crash, traffic is anything but relaxing. Just the idea of a car expertly programmed to detect and respond instantly to hazardous road conditions and the erratic behavior of all those other drivers is enough to lower a commuter’s blood pressure considerably. (Our own driving is, of course, always impeccable.) Driverless cars could also make it possible for people to give one another the increasingly rare gift of their undivided attention while traveling.
Any dream of utopia contains within it the potential for the creation of a nightmarish dystopia, and a world of driverless cars is no exception. The number of deaths and injuries resulting from crashes caused by human error could be greatly reduced. However, the number of deaths and injuries caused by deliberate human actions, such as hacking the computer systems of driverless cars, could increase. It isn’t hard to imagine the horror of a driverless car being hijacked and used to drive into a crowded building or cause a multi-car pile-up on a busy interstate highway. One article describes an experiment in which hackers demonstrated, under controlled conditions, how just such a scenario would be possible.
Security Vulnerabilities
IT experts are the first line of defense of our collective vision of a driverless utopia. Recently, the Cloud Security Alliance published a detailed report identifying 20 potential cyber-security threats to connected vehicle systems, including driverless cars. Many of those threats are vulnerabilities caused by the very things that have helped make commutes if not more enjoyable, at least more bearable. Those potential security loopholes include onboard diagnostic ports used for vehicle maintenance, USB ports, Wi-fi, Bluetooth, and entertainment devices that utilize internet connectivity.
Electronic vehicles depend on a CAN (Controller Area Network) message bus that allows communication between devices. The CAN bus was designed as a closed network without security features. According to the report, “An unauthorized party that gains access to the bus can block legitimate messages and transmit illegitimate ones.” Keyless entry systems and the Amazon Echo, which can start a vehicle remotely, also present potential security concerns. That’s why the group recommends that separate CAN buses be used for critical safety features such as braking and lane detection systems.
Precautionary Measures
Brian Russell, the chairman of the alliance’s IoT Working Group, stresses the importance of developing operational designs that “incorporate security throughout the development”. He also recommends using the Department of Transportation’s Connected Vehicle Reference Implementation Architecture as a design guide. Its protocols apply security measures to the enterprise, functional, physical and communications elements of connected driverless systems. Vehicles communicate with one another using both established infrastructure and a DSRC (Dedicated Short Range Communication). The DSRC assigns each message a digital certificate which prevents tampering. To keep out intruders, third party devices should only access a vehicle’s Bluetooth system using the mutual recognition and authentication of Bluetooth Low Energy.
In addition to high-tech security measures being designed and implemented, societies will require a whole new set of laws to successfully integrate driverless technology. That doesn’t just include traffic and insurance laws, but privacy laws. The amount of personal information collected by driverless technology is rivaled only by the amount collected by Facebook. Like Facebook, those who wish to utilize driverless technology may have to sign agreements too lengthy and complicated to read and understand without the expert assistance of a legal professional. In 2015, a class-action lawsuit was filed against Toyota Motor Corp., Ford Motor Co., and General Motors LLC, alleging fraud, false advertising, and violations of consumer protection laws. While the district court dismissed the complaint, the Electronic Privacy Information Center (EPIC) has filed a brief requesting that the dismissal is reversed.
It Takes a Global IT Village
Creating a commuter’s utopia in which drivers can enjoy all the benefits of driverless technology is an achievable goal. With the right security measures, it will become possible for elderly to retain their travel independence and for the young to increase theirs. Parents will be able to spend less time chauffeuring and more time parenting. Workers will be able to spend less energy commuting and more time and energy to enjoy the fruits of their labors. The phrases “fighting traffic” and “road rage” will disappear from our daily lexicon, making room for more interesting, and pleasant, topics of conversation.
IT professionals worldwide are working overtime to make a world of driverless cars a dream come true. The internet has revealed the degree to which we are all interconnected. That connectivity has the potential to significantly improve the quality of our lives. It also has the potential to expose us to greater danger. That’s why programmers and app developers, whether employed by a private enterprise or governmental organizations, must work together to prevent that dream from becoming a nightmare.
by Felicien | Jun 12, 2017 | Education
Don’t Get Caught in Their Nets.
What is Phishing?
Phishing is tech language for fishing over the Internet for confidential business and personal information such as credit card numbers, personal identification, usernames, and passwords. The first phishing scam occurred in 1996.
It uses social engineering techniques and computer programming to lure email recipients and Internet users into believing that a fraudulent website is legitimate. When the phishing victim clicks the phishing link, they find that their personal identity vital information and even money have been stolen.
What’s the difference between Phishing and Spear Phishing?
Phishing emails are sent to the general public. They often impersonate a government agency, bank, the IRS, social networking site or store like Amazon.
Spear Phishing emails target specific individuals. They are personalized with facts about you or your business to draw you in. And they appear to come from a company or person you do business with. It could come in the form of an email from your CEO.
A Phishing or Spear Phishing Email:
Is the one that you didn’t initiate.
May contain strange URLs and email addresses.
Often uses improper grammar and misspellings.
Typically contains attachments that you don’t recognize as legitimate.
Contains a link or email address that you don’t recognize.
May use language that is urgent or threatening.
Phishing and Spear Phishing are popular among cybercriminals because they usually succeed.
10 messages have a better than:
90% chance of getting a click.
8% chance of users clicking on an attachment.
8% chance users will fill out a web form.
18% chance that users will click a malicious link in an email.
Even high-level executives get spoofed and share usernames and passwords.
The average cost of a Phishing Scam is $1.6 million. It’s a top security concern for businesses today:
1 in 3 companies are affected.
30% of Phishing emails get opened.
Phishing is now the #1 vehicle for ransomware and other forms of malware.
Prevent being a victim of phishing or spear phishing. Here are 8 important things to remember:
Stay informed about phishing techniques. Different phishing scams are being sent out every day. Ongoing security awareness training should be a top priority for your organization. Contact {company} at {phone} or {email}. We can help.
Think before you click a link. Don’t click on links from random emails or text messages. Hover your mouse arrow over a link to see who sent it. Most phishing emails begin with “Dear Customer” so watch out for these. Verify the website’s phone number before placing any calls. Remember, the secure website always starts with “https.”
Never divulge personal information requested by email, such as your name or credit card number. Typically, phishing emails will direct you to a web page to enter your financial or personal information. When in doubt, visit the main website of the company in the email, and give them a call. And, never send sensitive information in an email to anyone. (A secure website always starts with “https”.)
Consider installing an anti-phishing toolbar and security tools. Some Internet browsers offer free, anti-phishing toolbars that can run quick checks on the sites you visit. If a malicious site shows up, the toolbar will alert you. Be sure to ask {company} about updated computer security tools, such as anti-virus software, spyware, and firewalls. They will drastically reduce the chances of hackers and phishers infiltrating your computer or your network.
Never download files from suspicious emails or websites. Double check the website URL for legitimacy by typing the actual address into your Web browser. Check the site’s security certificate. Also, beware of pop-ups as they may be phishing attempts. Your browser settings allow you to block pop-ups, where you can allow them on a case-by-case basis. If one gets through, don’t click on the “cancel” button as this is a ploy to lead you to a phishing site. Click the small “x” in the upper corner of the window, instead.
Get into the habit of changing your passwords often. You can also use a password manager like Dashlane or Last Pass that will automatically insert new, hard-to-crack passwords for you.
Regularly check your online bank and credit card accounts. To prevent bank phishing and credit card phishing scams, you should personally check your statements regularly. Get monthly statements for your financial accounts and check every entry carefully to ensure no fraudulent transactions have been made without your knowledge.
Update your browsers to the latest version. Security patches are released in response to the vulnerabilities that phishers and hackers exploit. Don’t ignore messages to update your browsers, and download the updates as soon as they’re available.
Protect your confidential information and your business. {company} will train you and your staff to recognize and block Phishing and Spear Phishing Scams. Contact us at {phone} or {email}.
by Felicien | Jun 12, 2017 | Education
Superman Day Is a Perfect Time To Start Your Journey To Becoming Your Own Information Technology Superhero
You don’t have to rely on an outside savior to fix your IT emergencies. Prepare your organization for contingencies with these helpful IT security tips.
Duck into a phone booth (if you can find one!) and don your cape because Monday, June 12, 2017 has been designated as Superman Day! It just so happens that this is concurrent with the time that the new Wonder Woman movie will be in movie theaters around the world, so superheroes are going to be on everyone’s mind.
It’s well known that Superman stands for truth, justice, and the American way, but his time working for the Daily Planet has probably also taught him to have a healthy respect for IT safety and security. In honor of Superman, we at {company} in {city} want you to be prepared for the unknown in the IT world. Don’t wait around for a superhero to save you; instead, learn how you can create processes that will safeguard your data and tech in order to defend against mistakes and emergencies.
Create written procedures to guide your team members
A healthy IT ecosystem begins with everyone in your organization being on the same page when it comes to security procedures and other best practices. Without proper guidance, people do things however it suits them best at the moment, which may not always be the most secure way to operate. Set your teams up for success by clearly outlining the most secure and effective IT processes, so that they always have a guide they can consult in the event of questions.
And if you’re going to go to the trouble of outlining your IT processes, training your staff members on proper execution has to follow. Once you have properly set the expectations for how IT operations are to be conducted, and given your team members the tools they need to complete their tasks, then you will be able to hold everyone in the organization accountable for upholding proper IT practices.
Make cyber security a priority for everyone
When it comes to IT security, the weakest link in the chain metaphor is startlingly accurate. You can have 99% of the people in your organization following proper protocols for every piece of technology they use, and if just one person fails to uphold the same standard you could be putting yourself at serious risk. The importance of cyber security has to come from the top down, and eventually filter to every manager of every department, no matter how integral IT is to their daily job functions.
There are many ways that you can facilitate a more secure technological environment throughout all levels of your company. Remember that no measure is too small to help make your data more secure. Encourage users to keep up to date with software updates, set guidelines for proper data storage and deletion, and enforce strict password requirements, including changes for all software platforms at regular intervals.
Control access to data and keep a regimented schedule of backups
These days, almost every company in existence processes and stores some kind of sensitive digital data. Not only is this data often crucial for the organization to function properly, but it can also be a glaring target for hackers who wish to steal and exploit it.
Whether you’re talking about cyber criminals stealing customer credit card information, or important trade secrets somehow being made public, digital data can be a very valuable target. Limit access to these kinds of data to employees who need it and have been properly trained in security procedures. You may not be able to make yourself invulnerable to hackers, but you can make sure that your sensitive data is taken care of properly.
Additionally, it’s important to not neglect your data backups as well. The main problem with backups is that they often seem less consequential when compared to other mission critical tasks, and they tend to fall by the wayside when people get busy. Systems have a tendency to fail at the least opportune times, so make sure you hold your departments to the backup schedule so you can be prepared in an emergency.
Review your processes on a regular basis
Businesses are always in flux, and IT operations are no different. Hardware infrastructure, software platforms, user functions, and many more factors are going to change frequently as your company grows and its needs evolve. In that regard, the IT processes that you outlined when the company was in its infancy may no longer be optimal.
In order to ensure that your IT policy fits with your organizational realities, schedule frequent reviews of your processes with representatives from every department. Have them talk to their end-user employees to get feedback about how their use of certain systems may have changed, and how policies can be updated to help improve their use of the IT systems and enhance security measures.
Engage in ongoing IT professional development
Ongoing education is important for many areas of business, and this is especially true for IT management. Technology progresses at a rapid pace, and the only way to keep up with all of the changes is to make a commitment to keep learning. This will help you stay up to date on new technology that may be beneficial to your organization, and keep you apprised of potential dangers that you need to protect yourself from.
Running a company comes with numerous different responsibilities, and it can be difficult on your own to devote the necessary time to IT professional development. We want you to know that you have a partner who can work with you to ensure that your IT operations are in peak condition. To learn more about how you can become your own IT superhero, contact one of our representatives at {email} or {phone}.
by Felicien | Jun 12, 2017 | Education
Yammer’s social capabilities now support a number of content formats: Here’s why that matters for your business.
Yammer has gone through some important changes in 2017 as Microsoft has been working to make the social app as business friendly as possible. First created to give employees a safe social place to interact (and yes, even joke around) without the distractions of an external social network, Yammer has been added functionality for months now. The goal is to create a social space that is fully integrated with Microsoft’s other business services so that it can become more useful for more companies. Still not convinced? Check out the latest content that Yammer can handle, and how it makes it better than before.
SharePoint Projects
SharePoint is becoming an increasingly common way for Windows-oriented companies to organize their data and workflow processes, so it makes sense that new integration with Yammer would be forthcoming. To clarify, Yammer already works quite well with SharePoint. For a year now people have been able to share any Office 365 documents on Yammer, which is excellent for asking a question, enabling group work, or exchanging data (and yes, encryption still applies on Yammer, so that data will still have protections in place). If you haven’t started sharing docs in Yammer conversations, your teams should definitely start, it’s a very organic way of managing quick work-related tasks.
New functionality includes a Yammer ability to appear on the SharePoint Newsfeed. For example, let’s say that a manager started a particularly important conversation on Yammer about new rules and got a lot of great feedback. That manager can then pin the Yammer conversation on SharePoint, allowing less frequent users to see the conversation and add those own comments for even more feedback. It’s a great way to make sure that particularly valuable Yammer discussions aren’t lost or ignored.
Videos
Video functionality has been slow to come to Yammer – Microsoft appeared to dislike the idea of integrating external video formats too closely with Yammer, possibly because of security or good old-fashioned monetization reasons. However, now Yammer has finally made the leap and supports Microsoft Stream and Office 365 video posting, which allows people to view the video right in Yammer.
Not sure how this improves matters? Microsoft suggests using it for personal CEO messages to the workforce, interviews, important product marketing, training videos, and similar content.
External Apps
Connectors is an Office 365 feature that allows you to connect over 90 external apps to the Microsoft platform: Now that also means that those apps play nice with Yammer, which really opens the door to some creative uses of apps that your teams already need. These Connectors can insert news pieces from other sites or social networks, provide analysis from common tools like GitHub, keep people up on the latest important Tweets by inserting them right in a conversation, and more. You can add or remove apps as necessary to keep control of how many apps are being used as well.
Dynamic Groups
Dynamic Groups doesn’t exactly add new content, but it does reorganize old content in a more useful way. The “dynamic” part of this essentially means that an administrator can “create” groups by searching or filtering the right results. So if a manager wants to send a message to the team that is working on Project A but doesn’t have a list of all the team members, it’s no problem – they can just create a dynamic group based on the name of the project, and the names will be automatically added. If any team members leave the project, the group will be updated to reflect that. It’s a lot easier than email chains!
Desktop Notifications
On Desktop Yammer uses what is called the Desktop Notifier to log in and peruse conversations. It’s a simple little interface for both Windows and Mac, but it’s going to get a lot better in the future. Microsoft has plans to expand this Notifier with a new app that will have an automatic sign-in option and smoother operation with better administrative control, which makes this an ideal time to pick up Yammer if you think your business could use it.
If you’ve never used Yammer before or are new to Office 365, we can help! {company} serves business in the {city} area with a variety of IT and data services. Contact us at {phone} or {email} to learn more today.
by Felicien | Jun 11, 2017 | Education
You don’t have to rely on an outside savior to fix your IT emergencies. Prepare your organization for contingencies with these helpful IT security tips.
Duck into a phone booth (if you can find one!) and don your cape because Monday, June 12, 2017 has been designated as Superman Day! It just so happens that this is concurrent with the time that the new Wonder Woman movie will be in movie theaters around the world, so superheroes are going to be on everyone’s mind.
It’s well known that Superman stands for truth, justice, and the American way, but his time working for the Daily Planet has probably also taught him to have a healthy respect for IT safety and security. In honor of Superman, we at {company} in {city} want you to be prepared for the unknown in the IT world. Don’t wait around for a superhero to save you; instead, learn how you can create processes that will safeguard your data and tech in order to defend against mistakes and emergencies.
Create written procedures to guide your team members
A healthy IT ecosystem begins with everyone in your organization being on the same page when it comes to security procedures and other best practices. Without proper guidance, people do things however it suits them best at the moment, which may not always be the most secure way to operate. Set your teams up for success by clearly outlining the most secure and effective IT processes, so that they always have a guide they can consult in the event of questions.
And if you’re going to go to the trouble of outlining your IT processes, training your staff members on proper execution has to follow. Once you have properly set the expectations for how IT operations are to be conducted, and given your team members the tools they need to complete their tasks, then you will be able to hold everyone in the organization accountable for upholding proper IT practices.
Make cyber security a priority for everyone
When it comes to IT security, the weakest link in the chain metaphor is startlingly accurate. You can have 99% of the people in your organization following proper protocols for every piece of technology they use, and if just one person fails to uphold the same standard you could be putting yourself at serious risk. The importance of cyber security has to come from the top down, and eventually filter to every manager of every department, no matter how integral IT is to their daily job functions.
There are many ways that you can facilitate a more secure technological environment throughout all levels of your company. Remember that no measure is too small to help make your data more secure. Encourage users to keep up to date with software updates, set guidelines for proper data storage and deletion, and enforce strict password requirements, including changes for all software platforms at regular intervals.
Control access to data and keep a regimented schedule of backups
These days, almost every company in existence processes and stores some kind of sensitive digital data. Not only is this data often crucial for the organization to function properly, but it can also be a glaring target for hackers who wish to steal and exploit it.
Whether you’re talking about cyber criminals stealing customer credit card information, or important trade secrets somehow being made public, digital data can be a very valuable target. Limit access to these kinds of data to employees who need it and have been properly trained in security procedures. You may not be able to make yourself invulnerable to hackers, but you can make sure that your sensitive data is taken care of properly.
Additionally, it’s important to not neglect your data backups as well. The main problem with backups is that they often seem less consequential when compared to other mission critical tasks, and they tend to fall by the wayside when people get busy. Systems have a tendency to fail at the least opportune times, so make sure you hold your departments to the backup schedule so you can be prepared in an emergency.
Review your processes on a regular basis
Businesses are always in flux, and IT operations are no different. Hardware infrastructure, software platforms, user functions, and many more factors are going to change frequently as your company grows and its needs evolve. In that regard, the IT processes that you outlined when the company was in its infancy may no longer be optimal.
In order to ensure that your IT policy fits with your organizational realities, schedule frequent reviews of your processes with representatives from every department. Have them talk to their end-user employees to get feedback about how their use of certain systems may have changed, and how policies can be updated to help improve their use of the IT systems and enhance security measures.
Engage in ongoing IT professional development
Ongoing education is important for many areas of business, and this is especially true for IT management. Technology progresses at a rapid pace, and the only way to keep up with all of the changes is to make a commitment to keep learning. This will help you stay up to date on new technology that may be beneficial to your organization, and keep you apprised of potential dangers that you need to protect yourself from.
Running a company comes with numerous different responsibilities, and it can be difficult on your own to devote the necessary time to IT professional development. We want you to know that you have a partner who can work with you to ensure that your IT operations are in peak condition. To learn more about how you can become your own IT superhero, contact one of our representatives at {email} or {phone}.
