by Felicien | Sep 5, 2018 | Education
What’s PhishPoint?
Phishing attacks are attempts to get e-mail recipients to provide sensitive information that can be used by the sender, generally presented as the authority of some account or business. They request that recipients provide information that could be misused for some type of illegal practical gain of the sender. An example of this would be a fake email from PayPal requesting that the reader verify their bank information to address some kind of update or security risk. These phony requests will result in the fraudulent use of the user’s info.
SharePoint or PhishPoint attacks are a specific kind of phishing attack that involves SharePoint users being targeted by hackers using malware to misuse information, or otherwise induce undesirable consequences to unsuspecting and vulnerable users. PhishPoint attacks are not unique in that they still involve the basic attempts of hackers to deceive the consumer. They are designed to make someone believe that the sender is a representative of a viable organization. They pretend to be approaching the consumer for valid and honest reasons. They are intended to seem genuine.
PhishPoint attacks target SharePoint users and OneDrive accounts in an attempt to get vital personal information from the user. If the recipient clicks on the bad link, they open the door to malicious software or malware that steals the user’s information. The user’s system is infiltrated through malicious HTML and URLs that can steal banking information or spread malware as described.
Victims of this form of attack may also experience an impersonation of a standard access request to business documents stored within OneDrive accounts. These may then be stolen through hacking codes. Sometimes access is made possible through a fake Office 365 login redirection.
What Are Examples Of Vulnerabilities And Demands?
Illegal logins have been reported through this form of attack in increasing numbers in recent times, as hackers continue to find new ways to penetrate the best security efforts at Microsoft. Secant Technologies explained that business documents used in OneDrive should be protected by a combination of software and general best practices in addressing third-party or spam email requests. Users should be skeptical of redirections to login screens that have any unusual or seemingly unofficial characteristics. It takes a keen eye to spot them.
Although firewalls and antivirus software may fully recognize and detect phishing scams, they are simply not enough to stop phishing scams from being successful. A new report shows that users are the weak link when it comes to internet security. A careless employee may click on an email attachment that downloads a destructive virus or ransomware. This will cause chaos in any organization. Eventually, companies pay out thousands of dollars to cyber thieves.
Cloud or email security can do little to eliminate phishing scams; it takes educating users on what to look for. While senders should be able to recognize spam or otherwise unofficial emails, they simply get busy and don’t pay enough attention.
PhishPoint campaigns of this nature may be detected and blocked within a matter of days or even hours, but any transmission of sensitive information during this time can still result in major consequences to individual users or the entire organization that they represent.
According to Security Affairs, approximately 10% of office users were affected by attempts to induce a PhishPoint attack within the two weeks of observation included in their assessment. This showed the extent that hackers are able to reach out to users in mass campaigns. While security developments such as ATP and Safe Links have been improved to reduce vulnerabilities, the basic nature of these attacks makes them dangerous. Many aspects of general security are left up to the individual user.
Office 365 currently involves yearly subscriptions with packages that can be upgraded to include ATP, Safe Links, and other security features. These will reduce vulnerabilities and increase security to avoid many forms of hacking, but cannot eliminate all forms of attack.
Office 365 security measures currently are capable of scanning links or URLs included in HTML code or the bodies of emails. They attempt to match recognized threats that have been added to blacklists, but they cannot prevent users from carelessly clicking on a malicious link.
Using baseStriker attack techniques, malicious links can be disguised. This technology is able to split a URL so that security software does not detect it as being malicious.
According to Avanan, hackers have been increasingly taking advantage of SharePoint files in phishing campaigns. Advanced security such as ATP and Safe Links can be beneficial but other layers of security protection are recommended. Office 365 contains excellent online security protection, but ccybercriminals consistently search for ways to bypass it.
Secant Technologies provides more information regarding common practices and recommendations for overall safety or protection from phishing campaigns.
What’s The Bottom Line? What Should My Business Do?
Learn more about the basic nature of phishing campaigns and protection.
Use email addresses with the best protection.
Install the strong protection features and update or upgrade as is determined most beneficial.
Regularly train employees on how to spot phony emails and phishing campaigns.
Hire IT consultants to audit your network and computing resources and recommend improvements.
by Felicien | Sep 5, 2018 | Education
California is known for being on the cutting edge of most things, and consumer privacy is one of them. Scheduled to take effect in 2020, the California Consumer Privacy Act gives consumers broader control over how their personal information is used. This was developed in part due to ongoing security breaches that have recently escalated. The new privacy laws in California include disclosures to consumers about how their personal information is collected, stored, transmitted, and shared. The new laws also outline the sharing and selling of certain information without the individuals’ knowledge or consent.
After massive data breaches, such as the Experian beach, consumers were rightfully angry. As outrage grew, it became apparent that changes needed to be made. Private citizens deserved protection. The industry fought back, as the implementation of new privacy regulations was seen as a hardship to companies. This was why the law was delayed. It allowed a period for businesses to organize and develop policies and procedures that would ensure they were compliant by the deadline. Few outside the legal community and the California business community understand what the California Consumer Privacy Policy is, and how it may affect them.
What Does the Law Cover?
There are several aspects that fall under the category of one’s personal information. Many people would immediately realize that their name, address, and phone number would be among those items. They would also think of their social security number, driver’s license, and/or state identification number.
With a bit more consideration, they might realize personal information includes commercial information like records of their personal property. It covers biometric information, which includes fingerprints retinal scans, and DNA. Under the new law, it also covers things like your Internet use and browsing activity history.
Protected aspects even include more obscure personal information like the sound of your voice and thermal information. How this is to be implemented, and even what one’s thermal information specifically is, will be defined by the Attorney General.
What Rights Are Provided to Individuals?
When the new law takes effect, there are several privacy rights that will be guaranteed to the citizens of California of which they had been hitherto deprived. For example, in many companies, it is commonplace to collect the personal data, often relating to consumer purchase patterns, and sell that information to other companies. Under the new law, the consumer has the right to opt out of having their information used in that way. The primary rights provided by California Consumer Privacy Policy are the following:
The right to transparency of who is collecting their personal information and with whom they are sharing it.
The right to demand the information.
The right to have the information deleted.
In many cases, if a company fails to comply, the consumer has the right to bring a lawsuit. This is something that was not available to consumers before.
How Will This Affect Businesses?
When first conceived, there were many industry concerns as to how this would affect their ability to actually conduct their businesses. These were primarily raised by smaller companies. To relieve their anxieties, and reduce their disapproval, several modifications were installed. These ensure that larger California businesses receive the brunt of the impact.
There were three “thresholds” that are included. If any one of these three are met, the law applies and the company has to comply to data collection regulations:
The company has an annual gross income that is over $25 million.
The company annually buys or receives (for business purposes) the information of 50,000 or more consumers, whether personally or from their household devices, i.e., online use.
The company receives more than 50-percent of their annual revenue from selling personal information.
If any one of those thresholds is met, even by small companies, the business is subject to the law. Additionally, it impacts companies that are not actually based in California, but meet one of those thresholds while doing business in the state.
Will California Lead the Way to Privacy Policy Changes?
There is speculation that, since California often leads the way in policy changes, perhaps other states will begin to implement their own progressive privacy laws. Although it is unlikely to occur right away, an increasing number of areas may begin to see its merits for consumers. They will also note the minimal, if any, impact it has on most companies.
Additionally, as more states develop their own new set of standards, there is likely to be a push for unification. Federal guidelines emulating California’s privacy policy may be put into effect. This would make compliance, especially among companies with interests in multiple states, much easier to achieve.
In Conclusion
Currently, California businesses are required to at least have a privacy policy that includes data collection and information regulations. They must also maintain reasonable security for the personal information of consumers. These include efforts to avoid breaches, but requirements to notify individuals of breaches within a certain length of time when social security numbers, banking, and credit card information have been stolen by cyber thieves.
The new law will clarify, expand, and enhance these regulations. Perhaps, in time, these safeguards will be in place throughout the United States. Until then, it’s important for all individuals to do their best to protect their private information from cyber criminals.
by Felicien | Sep 5, 2018 | Education
Social media has become an integral part of everyday life for many people. From Facebook, to Instagram and Snapchat, a growing number of internet users are embracing the power of instant connection. And while this is par for the course for social life, social media can be useful in the business world, too.
By the year 2025, it’s expected that over 70% of the workforce will be people from the millennial generation. And millennials are very keen on connecting via social media and meeting apps. They have embraced technology much better than other generations. This means that more businesses should be exploring methods of communication that make the most of the digital world in which we live.
Yammer is one of the most well-known social media apps for business platforms, and it’s already working for companies who’ve adopted Office 365. Microsoft has done a great job to ensure its capabilities are primed for the business world, and with Yammer, the potential for team environments is greater than ever before.
There are plenty of benefits to integrating Yammer into your business operations. With the ability to create groups, you have access to instant communication among team members. This makes for a single point of communication that can be used for reference, unlike emails. Not only is Yammer valuable in bringing together teammates, but it’s also got potential to give management an inside look at what employees care about. They can readily explore how team members are using Yammer to enhance productivity and teamwork.
Communicate Efficiently With Yammer Groups
Yammer’s goal is simple: Make communication more effective. In order to achieve this, it’s important for users to familiarize themselves with the wide range of tools at their disposal. If you’re already using Microsoft Office 365, then simply download Yammer to get started.
Yammer groups are a place to share information about projects, ask questions, and communicate openly with your team or department. Join a group by using the search box to check and see if there may be established groups you’re interested in joining.
Create your own group by clicking “create group.” Once you create a group, you can post an update or announcement, conduct a poll or upload files to share with others.
One example of a useful group would be an HR Benefits group. This type of company-wide group can be used to ask questions and start conversations about the types of benefits available. Groups are valuable in that they serve as a stored space where people can comment and ask questions with the confidence they will be answered. Too often, emails end up lost or deleted. Yammer Groups are a way to keep important files out in the open, in a centralized location where they’re easily accessible.
Much like Facebook, Yammer allows for a personalized feed to keep you informed about things that matter. You can follow your colleagues by searching for them in the search box. Once you are following another user, you can view their posts in your Following feed. This feature is particularly valuable for large companies with many departments. Following users within your department can make it easier to keep privy of the developments that pertain to you.
Effective Integration
One of the most impressive aspects of Yammer is its capability for integration. Not only can it be used to share live links to documents among a group of teammates, but it also allows users to work within these same files and view each others changes as they happen. Yammer has the ability to link into a Skype call if needed, and it can also link directly to your Office 365 Calendar or Planner. Organization is made much simpler with Yammer in tow.
Mobile App Accessibility
Long gone are the days of clocking in from 8 to 5. For many, the modern day work experience means constant availability. With an ever-increasing number of remote workers joining the workforce, it’s important that communication be accessible even beyond the office. And with Yammer’s mobile app, users can stay connected with teams wherever they go. Users can download the Yammer app and gain access to the same communication tools they’d find in their desktop at the office.
Yammer’s integration with Office 365 also means instant updates. With Yammer updated in line with the rest of Office 365’s apps, this means it will always be current as far as collaboration and efficiency go.
How Can Management Use Yammer?
Communication platforms like Yammer are useful for back and forth conversations and project sharing among teammates. But management can also benefit from this type of open-ended communication. They can use Yammer to evaluate company culture and make improvements by determining what type of content employees are searching for. This also applies to which threads are the most popular, and whether Yammer is effective at delivering the necessary information to the appropriate parties.
Wrap Up
Tools like Yammer have the potential to change the game for companies seeking more effective ways to communicate. Microsoft Office 365 has done the professional world a great service by realizing the power of Yammer to make an imprint in the business world. If your organization is hoping to improve communication and organization, consider subscribing to Office 365 to utilize this exciting range of tools.
by Felicien | Sep 5, 2018 | Education
What Is Instagram And How Is It Vulnerable?
Instagram is a recently created social media site that allows users to share images and videos. It is owned by the same soul that owns Facebook, Mark Zuckerberg. Originally created in the partnership of Kevin Systrom and Mike Krieger, and officially launched in 2010, it first appeared on iOS before its increasing popularity brought it to Android in 2012 and Windows in 2016. Its features include editing filters, messaging, location display, tag browsing in searchers, content ‘liking,’ and trend viewing.
Last year, the service reported that they had 800 million users, only five years after being purchased by Facebook. Bought for $1 billion, 40 billion people all over the world have been uploading images for years. While it is generally considered a beneficial and popular social media app, the software has been targeted by critics for several reasons:
Changes to interface features and use policy
The nature of censorship used
The ability for users to upload content that’s illegal or inappropriate.
Many aspects of the service are potentially vulnerable. Users have reported that their passwords were hacked. Google searches currently display websites instructing users how to hack passwords in the first few pages of search results. Hacked accounts can potentially lead to a wide range of problems, which may include social inappropriateness, crime, businesses negatively impacted, and more.
What Examples Are There Of Recent Account Hack Risks?
Security professionals believe that Instagram account users should better understand the specific security risks related to the use of this software. Many people sign up each day with no understanding of the various ways hackers can get into their account and use it for personal gain. Of course, Instagram advises users to create strong passwords. This is the first and most important step to prevent hackers from getting into your Instagram account.
Below are a few tips on creating strong passwords:
This: 378jsoTTkm84 NOT This: password1234
The password on the right would be cracked by hackers in less than one second. Here’s a website where you can check the strength of your passwords to see if they are good enough to fool hackers.
Guess how long it would take to Bruteforce the password on the left? 33 centuries (Quite a long time). Below are a few more to try in the password checker:
Account123: This password would be bruteforced in 21 minutes.
Home1234: 5 minutes
Car2233: 20 hours (better)
Many people use their own name or their pet’s name with a series of numbers after it. These are usually very easy to crack as well.
Charles1234: 3 minutes to crack
Rover2323: 46 minutes (woof-woof!)
Carol3434: 4 minutes
Spot8888: 18 minutes
Two-Step Authentication
Two-step authentication is one of the best and simplest ways to provide your account with the high level of security it requires. You can go a step further and use biometric authentication. This solution uses your fingerprint and/or photo of your iris as a password to your account. New ways to protect users from hackers are constantly being created.
Getting Lock Out
Some users have been locked out of their accounts when hackers took control of them. This can be scary and infuriating. The Sun reported on an ‘epidemic’ hacking of Instagram that occurred when hackers in Russia took over many popular accounts, then changed the names and photos. Some users reported that it took them weeks to get their accounts back. They said that Instagram wasn’t very helpful so they had to do a lot of the work themselves.
Despite improvements in security, hackers have increasingly been able to break into all types of software programs, social media platforms, email accounts, and even company databases There seems to be nowhere that hackers can’t go if they want to. They apparently have the tools, resources and backing to focus all their efforts on hacking day in and day out.
Some of these hackers are sponsored by big governments like China and Russia. These countries have realized how much money there is in hacking and they seem to have no conscience about committing this crime. One good ransomware attack against your company could net thieves $30,000 or $40,000. Most people will pay the ransom to get their files back, though this doesn’t always ensure that you will.
Instagram Security Improves
Instagram security has been improving in a number of ways. They are now being upfront in the media about the hacking experiences their customers are enduring. They have stated that they will continue to dedicate themselves to addressing all reports of hacks. With each one, they will:
Record all the details of what happened
Examine the relevant security aspects
Get the customer’s account restored as quickly as possible
Improve the relevant software through updates
Make or suggest any other improvements that could prevent the breach from occurring again
Mashable Gets Hacked Too
In a recent article, Mashable explained that some of their users were having the same experiences as those on Instagram. Hackers would break in, change the name on the account, change the photos and pretty much just take it over. Even contact information and profile image were changed, leaving account holders to scratch their heads. It’s a story being told more and more often.
“It’s embarrassing and frustrating to feel so vulnerable,” said one Mashable patron.
How Could My Account Be Hacked And What Resources Exist For Security?
Users should be aware that accounts can be hacked by:
A forgotten password hack
Coding
Phishing
CheatDroid
A range of third-party applications
Conclusion
UGTechMag is a good source of online guides and tips available to help protect users. It’s best for Instagram users to learn all they can about how to keep their account secure. Today, it takes a proactive approach. All over the world, hackers are working non-stop to find ways to hack into your computer, your network, your social media accounts, your email … whatever they can do to find personal information about you and use this to exploit you – that’s what they’ll do. That puts each of us in the position of having to remain vigilant and proactive. We must each do everything possible to protect ourselves from cyber thieves.
by Felicien | Sep 4, 2018 | Education
Does it make you nervous when you consider how much of your personal information is essentially spread all over the internet? In spite of antivirus programs and firewalls, all data is somewhat at risk on the web. One of the most proven techniques to ensure your data is safe is to use a virtual private network (VPN), which will give you back control over how you’re identified online. With the constant news of data breaches, most of us are tired of hearing that our personal information was lost yet again by a large credit reporting agency or some retailer.
VPN Explained
A VPN constructs a virtual encrypted tunnel that runs between you and a remote server controlled by a VPN service. All outside internet traffic is transmitted through this passageway, so your data is not spied upon as you put it out there on the internet. Also, your computer looks as if it has the IP address of the VPN server, so your identity is hidden.
When you put your data out to the VPN server, it exits back out to the public internet. If the site you’re visiting has HTTPS to keep the connection safe, you are still secure. But even if it was intercepted by a third party, it’s challenging for the outside party to trace the data back to you, since it appears to be coming from a VPN server.
VPN in Real Life
Let’s look at an all too familiar scenario to understand the value of a VPN in your everyday life. When using a public Wi-Fi network at a popular spot, such as coffee shop or airport, you typically connect without giving it much thought. But unbeknownst to you, there may be people watching the traffic on that network. Can you be sure the Wi-Fi network that gave you quick access is secure, or could it be operated by a hacker who is after your personal data? While you are busy taking care of your business waiting on a plane or a meeting, your banking and credit card information, and all your private data could be delivered to the hacker on a silver platter.
It is extremely tough to tell whether or not a Wi-Fi network is what it appears to be. You could be at a coffee shop called Java Joe’s, and you link to a public Wi-Fi network that says JavaJoes. But that doesn’t mean the server you are on is really owned by that coffee shop. A hacker can put out their own server with similar wording to the coffee shop’s server, and sometimes it even has a better signal.
Now, if you connect to that same public Wi-Fi network using a VPN, you can be sure no thief will be able to steal your data. If there are hackers seeking for would-be victims, they can’t touch your computer.
VPN and the Government
We all would like to think that the government is on our side. Perhaps some of its agencies are only online snooping for terrorists and Wall Street insiders. Unfortunately, news of the Snowden leaks and Russian online infiltration have shown us that a government’s surveillance capability is massive in scope.
The NSA (National Security Agency) has the ability to intercept and explore almost every communication that is being sent out on the web. When using a VPN, you can have the peace of mind knowing that your encrypted information is less directly traceable back to you.
The Federal Communications Commission has recently turned back Obama-era rules that were made to protect net neutrality, and this opened the door for internet service providers (ISPs) to make money off your data. Now they are able to gather huge amounts of information about you, and then use it to tailor advertising. Often, these companies sell your data to other companies.
Your ISP is basically your gateway to the entirety of the internet. Most of us have limited home ISP choices, and some only have one ISP that provides wired internet access. Now that ISPs are allowed to sell data from consumers, it makes us easy targets. Do you ever wonder why your Google search for a product, and then that product shows up in advertisements on every page you go to for the next few days? Your ISP could be sharing your data and profiting off your personal searches.
The Unique Protection of a VPN
When the internet was first becoming popular, there wasn’t a demand for security or privacy. In the beginning, shared computers at research institutions made computing power very limited. The use of encryption would have made things extremely problematic.
Today, the average user has multiple devices connected to the web. It is up to individual users to protect themselves. Antivirus apps and password managers are a key factor in keeping you secure online, but a VPN is a uniquely powerful tool that will keep you safe in today’s connected world.
by Felicien | Sep 4, 2018 | Education
Why are Tech Giants Diving into the Health Care Business?
In a report by Christian Holz and Edward Wang of Microsoft Research, the researchers revealed that Microsoft is creating eyeglasses that measure blood pressure. What Microsoft is calling Glabella, the glasses are equipped with optical sensors hidden inside the frame. These sensors can recurrently measure pulse waves at three different locations on the face. By gauging the time and rate between these three areas and the heart, it can determine the user’s blood pressure. Concurrently, the eyewear can be used as an activity tracker as it also collects information on the individual’s physical activity.
Tech Giants Clamoring to Enter the HealthCare World
Microsoft’s newest eyeglass patent arrives on the heels of its rivals. Apple, Google, Amazon, and Samsung have also filed patents for products in the area of healthcare technology. Google has already filed a patent for eyeglasses that monitor heart rate and Apple recently filed a patent application for a monitoring cuff that measures blood pressure. Samsung’s forthcoming new Galaxy Watch is rumored to be able to calculate your heart rate by using polarized light that can identify the amount of the scattered light.
Amazon is working on a new partnership with JPMorgan Chase and Warren Buffett. Apple is building state-of-the-art medical clinics. Google’s umbrella company Alphabet, is entering the Medicaid market with plans to serve low-income urban residents covered by Medicaid and Medicare. Also, studies show that more and more people are opting out of emergency ambulance service in favor of Uber taking them to the hospital.
Why Are these Tech Giants Making Big Health Care Moves?
Why are the most proven and forward-thinking companies in the field of technology deciding that healthcare should be their next big move? With technology rapidly advancing, these tech titans are noticing a health care system full of administrative ineptitudes, out of control prices, and frustrated customers. To the movers and shakers in Silicon Valley, they see this as a huge opportunity to enter the complex world of health care and make it better.
The Pros and Cons of Tech Businesses in the Healthcare Field
Is health care similar to other areas of the economy that Silicon Valley currently manages? Health care is one-sixth of the American economy, and it is currently managed by a scrambled assortment of manufacturers, providers, administrators, payers, and patients. The complex, murky, and massive healthcare industry has many vested players. They aren’t going to stand idly by and allow Silicon Valley to unseat them.
Also, health care operates in a highly regulatory environment with its complex interactions between patients, health providers, and insurers. For example, Amazon has taken interest in online pharmacies. Look at the complexity of entering the pharmacy world:
The Food and Drug Administration regulates drugs.
Health insurers try to rein in their drug costs.
Drug manufacturers set their own list prices.
Pharmacy managers coordinate deals between health insurers and drug manufacturers.
Consumers are trying to traverse through all this complexity and get their medications at the lowest prices.
In contrast, the benefits of the tech giants’ entrance into the healthcare industry cannot be overstated. Electronic medical records, mobile phones, and health assisting apps have slowly received widespread implementation by the healthcare world. The conglomeration of the two worlds has been at play for several years now. And yet, health care is still incredibly timid in its use of information and consumer technologies.
With the huge amount of money at stake in health care, the tech world’s disruption of this industry could be just what the doctor ordered. Imagine companies like Microsoft adding their knowledge, expertise, organizational skills, operational know-how, and other advantages to the healthcare industry. Patients will receive much better care at a fraction of the cost.
Can They Just Get Along?
Whenever the new kid shows up on the block, there is always fear, mistrust, and jealousy that is felt throughout the neighborhood. In order for tech companies to succeed in the healthcare market, they will ultimately need to forge relationships with professionals who are deeply rooted in this tangled system.
But when push comes to shove, they both can learn from each other. Case in point: Microsoft’s Glabella, which will try to replace the traditional cuff monitor with eyeglasses for tracking blood pressure. The sensors on this new product have only been shown to be accurate for taking the systolic pressure. For optimum accuracy, blood pressure should be measured by taking both systolic pressure and diastolic pressure.
According to the CDC: “The first number, called systolic blood pressure, measures the pressure in your blood vessels when your heart beats. The second number, called diastolic blood pressure, measures the pressure in your blood vessels when your heart rests between beats.”
While systolic pressure is commonly recognized to be more important than diastolic pressure, both readings are important. Systolic pressure is better at assessing your risk of having a stroke or heart attack. Diastolic pressure shows whether or not the heart is relaxing enough and can help doctors prevent future cardiovascular problems in a patient.
As Microsoft’s prototype medical device evolves, developing a way to measure both systolic and diastolic pressure is a perfect example of why the tech and healthcare people need to find common ground in the modern world.
Wrap Up
Consumers in general will benefit greatly from the excellence that companies like Google, Apple, and Microsoft can bring to the healthcare industry. And, most people will agree that this is one area that has not been well-organized for many years. Pharmaceutical companies are well-known for suddenly raising the price of drugs to ten times what they were for no apparent reason. With these tech giants in control, prices should be reasonable. They should stabilize. Care should be improved as well. And with wearable healthcare devices, people will be able to better monitor their health.
In the end, consumers will be the real winners here. For too many years, the healthcare industry has loomed out of control and missed opportunities to provide better care for patients. Their bottom line has always been profit over patient care. With these tech giants now pushing forward, we can expect all that to change.
