by Felicien | Oct 18, 2018 | Education
Perhaps the space is not large enough for your expanding partnership. Maybe, it’s antiquated and no longer feels appropriate. Whatever reason an office chooses to move to a new building, relocating is a large undertaking. Unfortunately, in many offices, the IT-related aspects of the move are overlooked until the last minute. This can be disastrous.
Improper planning can result in lost data or broken equipment. It could cause interruptions in service. This might mean lost clients, which of course would equal lost money.
Fortunately, it is not difficult to do this right. It does, however, take adequate notice. This is often longer than one would anticipate. Usually, it requires at least 60 days. It also helps to have a good plan and consistently follow through. Here are a few other things to consider before relocating.
How Should an Office Plan for the Move?
The first step would be to determine who will act as the internal manager of the relocation. This should include someone on the staff who is familiar with the office. In a small business, he or she might coordinate the entire project alone.
For larger establishments, however, it would be wise to hire a professional Managed Services Provider. They are more experienced with delicate relocations and can help lead the internal manager in the process.
Generally, the first step is to inform all Internet and telecom providers of the coming move. It is often in the service agreement that they receive a certain amount of notice. This also ensures there will be no interruption in service.
When Is an IT Evaluation of the New Space Conducted?
Ideally, IT needs would be considered when initially choosing the location. This is not always realistic. In an office, there are many aspects to consider when selecting a new office space. A few of these include demographics of the area, accessibility, image, and the history of the site, etc. IT needs are often an important afterthought.
Typically, an evaluation of the new space will be conducted during the planning phase of the actual move. It would be done with or by the project manager or Managed Services Provider. If the office has one, the head of the IT department should be involved as well.
There are several things that should be evaluated to ensure the move goes as smoothly as possible. These include, but are not limited to, the following:
Cabling for computers, telephones, and security cameras
Power outlets of adequate number and in optimal locations
Wireless networking capability
Each room should be checked. Any of the above that are subpar will need to be addressed. This would ideally occur before the move itself.
How Should an Inventory Be Done?
The IT needs of most offices are evolving. Before moving it all, it would be advisable to take an inventory and evaluate the existing equipment. Begin by determining what is no longer needed. It is better to responsibly recycle it than move it to the new location.
Next check the condition of each remaining piece of equipment. Make a list of anything that is worn or outdated. Decide how to dispose of them rather than pack them. Order replacements so there is no interruption once the move has been made.
As the business world continues to embrace IT, this is the perfect time to assess current trends. It is also a good idea to look to the future and ensure any new equipment purchased is flexible enough to adapt.
Make a hardcopy list of every piece of equipment being moved to the new office space.
Have Disaster Recovery and Business Continuity Plans Been Developed?
Failure to have a Disaster Recovery Plan and a Business Continuity Plan in place before a move could, in fact, be devastating to your business. Further, it is an essential step to make several backups of everything important. This includes files, as well as data systems, security systems, and servers. Keep these separate and in a safe place during the move. If you’re already working with a managed IT services provider, they will take care of this for you. They can also handle much of the move as far as your IT infrastructure goes.
Lists should be made of the important information required for the successful implementation of the Business Continuity Plan. A few items to include are:
Business priorities
Inventory of all equipment
Emergency contact information for IT vendors
Plan for switching phone lines and internet connections
This improves the likelihood that the office will be able to resume business with as little delay as possible. If you have a good relationship with a managed IT service provider, they may be able to move your networking and computing equipment and get everything back up and running a day or so.
In Conclusion
When it comes to the day of the move, everything should have already been planned. This ensures the smoothest transition. For offices that do not have an onsite IT team, hiring a professional IT-relocation company would be a good idea. The internal manager or Managed Services Provider would be responsible for making important decisions. With proper planning, the actual move to the new location should be much easier.
by Felicien | Oct 18, 2018 | Education
A recent report has revealed that there are many US weapons systems that are susceptible to hackers. This news is disturbing on many levels, including the attitude exhibited by Department of Defense officials. What does the report reveal, and how serious is the threat?
GAO Report
The US Government Accountability Office (GAO) just released a report that reveals that almost all weapons that were tested by the Department of Defense (DoD) between 2012 and 2017 have serious vulnerabilities that make them very open to cyber attack. These vulnerabilities have been labeled mission critical, which makes this news all the more serious. The report had been requested by the Senate Armed Services Committee in connection with expected DoD spending in excess of $1 trillion in order to develop weapons systems.
Examples of Weaknesses Detected
The vulnerabilities were discovered by penetration tests performed by employees of the DoD. In one example, a penetration tester was able to partially shut down a weapons systems by merely scanning it. In another test, it only took nine seconds for DoD testers to guess the admin level password on a weapons system. Failure to make changes to default passwords connected with open source third-party software installed on systems resulted in several instances of vulnerability.
Those performing these tests were not making any efforts to hide their presence, but the systems they tested had a difficult time detecting their presence. These systems should have been able to detect the presence of intruders and alert those in charge. A few of the automated systems did detect the presence of the penetration testers and alerted those monitoring the systems. However, in an even more disturbing turn, the individuals monitoring the systems didn’t seem to understand what the intrusion alert meant and thus did not take any action.
Failure to Take Basic Cybersecurity Precautions
What makes this report distressing is that many of these potential open doors exist in part because of a failure to follow basic cybersecurity rules. Guidelines such as the use of encryption, robust passwords, and basic employee training are foundational to a security system. Because such guidelines have been neglected, hackers equipped with even simple techniques and tools would be able to not only take control of key systems associated with these weapons but do so almost undetected. What could a skilled hacker with the latest tools accomplish inside such a poorly secured system?
Is There a Valid Reason for the Lack of Concern?
The subtitle of this GAO report was “DoD Just Beginning to Grapple with Scale of Vulnerabilities.” Surprisingly, those in charge of such systems do not seem very concerned about these susceptibilities, perhaps because they feel the GAO is exaggerating the seriousness of the problems discovered. For example, the report does remind readers that some of the findings may no longer be a problem once a system is deployed in the field.
In addition, these officials have indicated that in the past they believe the systems were well-secured. The authors of the report, however, strongly imply that there’s a disconnect between what these officials may believe and what the reality is.
Another possible cause of the DoD’s lack of concern is the belief that the types of tests that were run would be practically impossible for any system to pass. The GAO, however, insists that the tests were not extreme and represented realistic threats to these critical systems.
The DoD may also be resting on its laurels: it received praise last year for a bug-bounty program that led to many different bugs being patched. On the other hand, the GAO report points out that only one of 20 vulnerabilities discovered in previous risk assessments had been fixed by the time the report was written.
Implications of the Report
One of the implications of the report is that a number of US weapons systems could be susceptible to a disabling cyber attack. Considering that so many adversaries of the United States have established reputations for extremely talented hackers, this is all the more disconcerting. And hackers are not subject to the same constraints as DoD penetration testers. Malicious actors may well have access to funding, state-of-the-art equipment, and would intentionally keep their activities hidden.
Another implication of the GAO report is that their testing merely revealed the proverbial “tip of the iceberg” when it comes to vulnerabilities that exist in US weapons systems. The penetration tests performed were far from exhaustive. For example, categories that were not tested included potential weaknesses related to counterfeit parts or industrial control systems.
Conclusion
The incidence of cyber attacks are on the rise, and the techniques and tools available to malicious actors are continuously evolving. It makes sense that the security of a nation’s existing weapons systems should be a very high priority. The revelations of the GAO’s report are disturbing, yet there is hope that the DoD will respond to the vulnerabilities discovered.
by Felicien | Oct 17, 2018 | Education
On November 1, updates to the Personal Information Protection and Electronic Documents Act (PIPEDA) will be in effect. Included in these updates are rules involving mandatory notification of Office of the Privacy Commissioner of Canada (and affected individuals) if certain types of security breaches of personal information occur. Considering the repercussions, including fines and legal fees that may be involved with a failure to report, Canadian companies would be wise to address issues related to data security as soon as possible.
Personal Information Protection and Electronic Documents Act
The Canadian government is cracking down on negligent practices with an individual’s personal information. And any breaches of personal data that involve a risk of financial loss, humiliation, identity theft, harm to relationships, or loss of reputation must be reported. Notifications must be made not only to the Office of Privacy Commissioner of Canada but to the individuals affected by the breach. These rules are going to be enforced, and Canadian organizations need to be well acquainted with the guidelines involved.
Breaches Are on the Rise – But So Is
Considering that data breaches, hacking, and other types of cyber crimes are on the rise, organizations should be paying closer attention than ever to their privacy practices. When large corporations like LinkedIn, Facebook, and Equifax suffer from breaches, one would think that companies would be even more diligent about their cybersecurity. However, it seems that the effect has been the opposite.
Recent surveys by the Privacy Commissioner’s Office indicate that far too many businesses are simply not concerned enough with preventing and responding to breaches. Companies seem to have grown more complacent, content with poor password policies, with employees falling victim to social engineering, and having their servers compromised by malware. Phishing emails, drive-by downloads, ransomware, and data theft are all serious problems, but organizations don’t seem to be extremely concerned.
Every organization that uses personal information is at serious risk, though. There are already billions of passwords that have been stolen across the world. Many of them are up for sale along with other private information, on the Dark Web. Cybercrime is reaching epidemic levels, and it makes sense for companies to be much more vigilant.
And the targets are not just large, well-known companies. More and more small to medium businesses are becoming victims of attacks, including ransomware, data theft, and even industrial espionage. In short, no organization is safe from security breaches – and the federal regulations regarding these breaches are the same for both small and large businesses.
Breach Response Plans
These plans are something that exists before the breach ever happens, not after one has occurred. Breach response plans must be developed to comply with federal privacy practices, including mandatory notifications for personal data that has been compromised. In addition, these plans must be updated as regulations are updated. It not only takes time to develop a robust breach response plan, but it also requires experience.
Breach Detection
Breaches must be detected quickly to minimize damage. However, detection of such breaches requires systems and tools to intelligently sort through logs and events. It takes special security skills to be able to effectively investigate an alert and perform damage control. Tracking down how a breach happens involves forensic skills.
Timeliness
Detection and response are far more than a report or a system check that is run once a week – it is a continuous process that runs 24/7. Breaches must be detected as soon as possible and the response plan must be enacted immediately after a breach has been confirmed. This is even reflected in the wording about private data breach reporting, which states that the Office of Privacy Commissioner must be notified “as soon as feasible.”
However, the average IT department (and even the typical IT service provider) will not have the kinds of resources and tools to adequately address all the threats that can develop.
Don’t Be Overwhelmed
When major companies, that have powerful security systems and analysts at their disposal, still fall victim to hackers, it can make privacy practices seem overwhelming to small companies. However, things can get worse: The Office of the Privacy Commissioner is also seeking new powers, including the right to enter an organization and confirm that federal privacy practices are in use even if a violation is not suspected. If that happens, will your organization be prepared?
Conclusion
Fortunately, there are solutions in the form of third-party experts who combine key skills such as digital forensics, breach mitigation, and response plan development. They also have access to the tools needed to help your company ensure that it is PIPEDA compliant while reducing the risk of a devastating data breach. Don’t allow your company or organization to become complacent – reach out for the help needed to become PIPEDA compliant.
by Felicien | Oct 17, 2018 | Education
What Are You Doing for Spreadsheet Day?
Spreadsheets: some people love them, some people hate them, and some people are a little afraid of them. No matter which category you may currently fall into, you probably know that spreadsheets are vital to the inner workings of organizations ranging in size from massive Fortune 500 companies to small, locally owned businesses. At this very moment, millions of spreadsheets are probably open all across the world – and it seems fitting that there is a day to celebrate the birth of the modern digital spreadsheet.
VisiCalc, the First Spreadsheet Program
October was chosen for the month in which Spreadsheet Day would occur for a very simple reason that not many people are aware of: it was October 17 of 1979 when the first spreadsheet program was released. It was called VisiCalc, for those of you who may not have been alive then, and it ran on the Apple II computer. With the release of this software, the often overwhelming task of organizing massive amounts of numerical data not only became streamlined but, for some of us, actually became enjoyable.
VisiCalc (whose name means Visible Calculator) was the brainchild of Dan Bricklin of Software Arts. It functioned much like a paper spreadsheet, hence its classification as a spreadsheet program. But unlike a paper spreadsheet, you didn’t need a pencil or an eraser. And the calculations could be performed automatically and with incredible accuracy.
By running on the Apple II computer, the power of spreadsheets became accessible not just to corporations and large organizations but too small businesses and homeowners, too. There are other things that set VisiCalc apart from previous attempts to develop electronic spreadsheets, such as the instant recalculation of values when the value in a dependent cell was changed, or it’s interactive WYSIWYG interface that still resembles what we use today. In short, VisiCalc was the starting point for the modern spreadsheet that we know today.
The Ubiquity of the Spreadsheet
You might be surprised at the multitude of applications there are for spreadsheets. We know spreadsheets are used for tasks such as accounting, sales, business intelligence, and finance. Professors, instructors, and teachers use spreadsheets to track class performance and assign grades. Engineers and scientist alike use them to perform simulations, create complex models, and analyze massive sets of data. Homeowners use them to track expenses and set up budgets. Small business owners use them to keep track of inventory and sales. Large companies use hundreds of different spreadsheets for just about everything imaginable — from simple tasks that require a small portion of a worksheet to massive workbooks with thousands of calculations and complex visualizations.
When it comes to data, spreadsheets can model, manipulate, sort, organize, visualize, and process large sets of both numerical and non-numerical data. Spreadsheets can be used to perform what-if analysis, make predictions based on existing data, inform decisions, and perform extremely complex calculations. They can be used for optimization, curve fitting, and solving simultaneous equations. And one of the benefits of spreadsheets, to quote an old professor of the author’s, is that if you can do it once, and do it right, you may never have to do it again.
Modern Spreadsheet Packages
We aren’t limited to VisiCalc in modern times, however. We’ve got a wide variety of options when it comes to spreadsheet packages, including:
Microsoft Office Excel (which is available both as desktop software and online)
Google Sheets
Corel Quattro Pro
LibreOffice Calc
OpenOffice.org Calc
iWork Numbers
There other less well-known options available, too, but Excel is what most people think of when someone says “spreadsheet.”
Modern packages offer numerous types of formulas and functions, including those for finance, accounting, mathematics, statistics, probability, and string manipulation, just to name a few. And the visualization capabilities of spreadsheets are constantly evolving to enable users to give even more context and meaning to data. How spreadsheets process massive sets of calculations is also growing, with some packages supporting multi-threaded processing. The types of data that can be processed within a spreadsheet are rapidly expanding beyond floating point numbers and characters, and some packages such as Excel are including aspects of artificial intelligence among new capabilities.
How Can You Celebrate Spreadsheet Day?
There are quite a few ways to celebrate Spreadsheet Day. One of the best ways is to expand your knowledge of spreadsheets. It’s always a good idea to increase your skill set when it comes to computer applications, but especially so when it comes to spreadsheets. Spreadsheets can make your work much easier if you learn how to make the best use of them. Take our word for it – spreadsheets can do so much more than you realize.
That’s why we think the very best way to celebrate the birthday of the modern spreadsheet is to register for free online Excel training at SpreadsheetsTraining.com. Sharpen your existing skills, learn something new, and find out new ways to put spreadsheets to work for you!
by Felicien | Oct 16, 2018 | Education
Technology has unlocked a world of potential for businesses everywhere. But with these advances comes a new set of problems, like malware. While it’s common knowledge that computers are susceptible to viruses, today’s breed of hackers are more creative than ever. They’re utilizing new, innovative techniques to infiltrate systems of businesses big and small.
Not all malware is created equal. Just like infectious disease, there are different strains of malware, many with the potential to wreak havoc on your business network. In today’s business landscape, tech departments are faced with the task of not only stopping these attacks before they happen, but with quickly repairing networks in the event that an attack has hit.
The Problem With LoJax
One recent attack has IT departments up in arms. A Russian hacking group created the Rootkit, named “LoJax”. According to ESET, a leader in IT security, the campaign delivering LoJax targeted certain organizations in the Balkans and other countries throughout Central and Eastern Europe.
The problem with LoJax is that it isn’t just any ordinary malware. It’s used to gain persistent access to a computer, and with its reputation for being hard to detect, it’s causing quite the problem for users. Much to the horror of IT professionals, this hacking technique is so complex that it can withstand a variety of common fixes. Some of these include a reformat, a complete OS reinstall and a hard-disk swap.
This unique type of malware lives in a system’s flash RAM, meaning the only way to clear it is to over-write the infected machine’s flash storage. This presents its own set of challenges, and isn’t even a guaranteed fix unless you’re armed with the right code.
What Is Spectre?
Spectre is the name of an underlying vulnerability affecting the vast majority of computer chips manufactured within the last two decades. If this vulnerability is exploited within a system, it could enable attackers to gain access to data that was previously deemed protected. Lojax directly leverages this vulnerability, making it all the more difficult to detect before it hits.
If attackers are successful, they can they utilize LoJax to access systems remotely, and on a constant basis. This allows them to inject it with additional malware. This type of malware can also be utilized to track a particular system’s location, and potentially the owner’s location.
What’s At Risk?
UEFIs are particularly at risk. UEFI, Unified Extensible Firmware Interface, is a specification for the interface between a computer’s operating system and its firmware. It runs pre-boot apps and is responsible for booting the OS. By re-writing the rootkit, the malware is able to stay hidden within the computer’s flash memory, making it difficult to repair.
How To Protect Your Network
Businesses can implement a series of additional security measures to minimize the risk of a cyber attack on their network, especially one as severe and unpredictable as LoJax.
One of the single biggest mistakes businesses are making is running their operations on old, outdated equipment. Not only can this hinder productivity, but it can also leave businesses more susceptible to a cyber attack. Investing in new equipment that runs the latest and most improved hardware means security measures are often built in.
Keeping equipment up-to-date can become costly, but it can also minimize the chances of an even costlier network revamp in the event that a catastrophic cyber attack takes place and compromises everything a company has worked so hard to build.
Exercise Caution With Emails
Malware can gain access to your system through one of several ways. One of the most common methods is e-mail. It’s wise to take a cautionary approach to e-mail when utilizing your work network. Be wary of e-mails from strange e-mail addresses and also be cautious of what websites you are visiting, taking care to only visit safe, reliable sites.
Implement A Secure Boot
While malware like LoJax are especially hard to combat, IT departments can take comfort in the fact that not all hope is lost. One method of prevention is Secure Boot. This mechanism ensures that only securely signed firmware are able to boot up and run on a particular system. With signature verification required, Secure Boot makes it possible to prevent uniquely complex malware like LoJax from successfully infecting a system. Businesses are encouraged to review the Secure Boot configuration throughout the entirety of their hardware.
Malware Cleaning
Once you suspect a computer within your network is infected, it’s important to take action immediately. Be sure to back up your files before you attempt any type of intensive cleaning. Also, don’t attempt to repair complex computer issues alone. Your IT department can help you create a comprehensive game plan to address the problem and prevent similar incidents in the future.
Your system can come under attack when you least expect. Given that phishing is still a go-to strategy for hackers to penetrate systems, security awareness is more important than ever. Create a solid line of defense, and an effective response strategy, to ensure an attack doesn’t compromise your business. Security awareness training can serve an important role in helping your organization stay protected from hackers.
by Felicien | Oct 16, 2018 | Education
From the invention of the assembly line to cloud computing for the Discrete, Repetitive, and Process Manufacturing industries, updating to the latest technology is never in question. What does get closer scrutiny, is deciding to invest in Microsoft technologies. That’s what Rolls Royce did, and now they use Microsoft technology platforms, to fundamentally transform, how it uses data to serve their customers better.
5 Microsoft Technologies Offered to Discrete, Repetitive, and Process Manufacturers
Every CEO or business owner knows reducing overhead, and expenses on server maintenance, technology management, and upgrading code benefits the company both short-term and long. It’s the same viewpoint manufacturers have always had for their operations.
The five areas of interest to Manufacturers is Microsoft’s Azure technologies in these areas:
IoT
Machine Learning
Large-Scale Computing
Hybrid Clouds
Blockchain
Internet of Things (IoT)
The Internet of things (IoT) is the network of physical devices, vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators, and connectivity which enables these things to connect, collect and exchange data.
When managing hundreds of thousands of devices, around the globe, while large quantities of data get streamed, and then; processing and storing that same data in real-time, is a job only the cloud was explicitly designed to pull off. That’s why Azure got designed. It will deliver both Platforms-as-a-Service (PaaS) and Software-as-a-Service (SaaS), making it easy for all types of Manufacturers to choose Microsoft Azure.
From the Platform as a Service level, you will find five Azure platform services:
Azure IoT Hub – you can directly and securely connect and consume data from IoT assets
Azure IoT Hub Device Provisioning Service – you can provision millions of devices in a secure and scalable manner
IoT Edge – you can run advanced analytics, machine learning, and artificial intelligence at the device level
Azure Stream Analytics – integrates with Azure IoT Hub to enable real-time analytics on data from IoT devices and applications.
Azure IoT Suite – provides a set of preconfigured IoT solutions for workloads such as Remote Monitoring, Predictive Maintenance, and Connected Factory.
From the Software-as-a-Service level, you have Microsoft’s IoT Central. It is a fully managed IoT SaaS solution. IoT Central makes it easy to connect, manage and monitor the Internet of Things assets at scale, allowing it to create deep insights from the IoT data to take necessary and informed action.
Machine Learning and Artificial Intelligence (AI)
Microsoft continually improves old tools. They also build new ones to simplify the process of integrating these technologies with your business. These are significant areas of investment for both Microsoft and Manufacturers, limited only by your imagination.
Azure Machine Learning Services – are integrated, end-to-end, advanced analytics and data science solution that permits data scientists to develop experiments, prepare data, and deploy models at cloud scale.
Azure Machine Learning Studio – is a drag-and-drop collaborative tool you use to build, test, and deploy predictive analytics solutions on your data
Azure Bot Service – is an integrated environment that is purpose-built for bot development, permitting you to build, connect, deploy, manage and test intelligent bots.
Cognitive Services – are intelligent algorithms to see, hear, speak, understand, and interpret user needs through natural methods of communication.
Large-scale Computing
Large-scale computing is a building block when working with large datasets, especially for computationally-intensive engineering workloads. Manufacturers use rendering, and simulation technologies such as Azure Batch, to run massive parallel and HPC batch jobs.
Also used is Microsoft HPC Pack, Linux RDMA cluster to run Message Passing Interface (MPI) applications, and high-performance VMs lets you dynamically extend to Azure, when you need additional capacity, and deploy an on-premises Windows compute cluster.
Hybrid Clouds
Hybrid Clouds have become popular choices for manufacturers, just not ready to make a full commitment to the cloud. Lack of engagement might be something as simple as, keeping some company data and systems in-house.
That’s when Microsoft got the idea to create, Microsoft Azure Stack, for common scenarios like this. The Azure Stack is a hybrid cloud platform. The platform lets you deliver Azure services from your organization’s data center.
In Manufacturing, there are two daily routines, that have made hybrid cloud deployments particularly attractive to manufacturers:
Edge and Disconnected Environments – Often IoT implementations include devices that are intermittently connected, or not connected at all to the Internet.
Security and Compliance Requirements – Highly secure devices often are unable to connect directly to the internet and must use a local service. That is more common in the manufacture of goods for the military and defense sectors.
Blockchain Technologies
Bitcoin, a form of Cryptocurrency, relies heavily on the blockchain technology. However, Blockchain-as-a-technology (BaaT) became a much broader application to use. Easy-to-deploy templates from Microsoft that run on Azure for the most popular ledgers, including their Azure Blockchain Service.
Blockchain gained more attention with Manufacturers, as they began using tools like these in the cloud. It has the potential to address several essential manufacturing scenarios including
Asset Management
Counterfeit Prevention
Digital Thread Traceability
Supply Chain Management
IoT Tracking and Identification
The deep integration of all these services is Azure’s fundamental value proposition. It might be from Microsoft or Open Source, with on-premises systems, rich operational analytics, strong SLAs, and compliance certifications, you can still trust they have the right answers for your manufacturing company.
If you are still wavering, about investing your manufacturing firm in Microsoft technologies, who better to look to, then a technology giant that’s been transforming businesses and manufacturers, around the globe, for nearly half a century.
Did you find this article informative? If you liked this one, check out our other content we think you’ll find interesting.
