by Felicien | Jun 15, 2017 | Education
In an effort to reduce the intrusive and annoying nature of such ads, Google has announced that their new browser version will feature an automatic ad blocker.
Consider the vast amounts of information, communication, and entertainment, which is funneled through the Internet daily. How often are you part of this stream and how often is your Internet activity interrupted by annoying pop-up ads? For most patrons of the Web, this experience is all too familiar. Follow a link, wait 10 seconds on an ad page before your initial page loads. Play a video clip and watch an ad, usually twice the volume of the intended video.
In an effort to reduce the intrusive and annoying nature of such ads, Google has announced that their new browser version will feature an automatic ad blocker as part of its software. Of course, there are some more specific details for how the ad blocking will work, which we will detail below. And, as some have already asked, we will consider the potential negatives this system may have. Let’s start with some information about how and when the service will work.
A Better Web Experience
In approximately six months, Google’s Chrome browser, for desktop and mobile versions, will include an ad blocker. This will be designed to get rid of the ads consumers find the most disruptive or unnecessary. This advanced notice will hopefully give those companies funded through ads to bring their marketing practices up to Google’s standards. And, good news for companies already in compliance for Internet advertising, as Google’s ad blocker will filter the intrusive, yet allow the ads deemed appropriate through the Coalition for Better Ads. This coalition represents a fairly large (and growing) group of corporations who aims is to supply regulations for how Internet advertising should appear, in order to give advertisers space and opportunity to profit within this digital landscape.
Profitability and Competition
On the surface, it might appear as if Google is arbitrarily blocking out certain ads and Web publishers. Some have complained that only the consumer is benefiting from these moves, with competition from mega corporations making it impossible for the small ad companies to compete. Not so, says Google. In fact, the ad blocking standards they are imposing will help to give all ads space and views they want. And, as discussed in online forums, traditional ad blocking systems block all ads, regardless of content or appearance, whereas Google’s ad blocker will be selective and still allow for ad revenue to be created through online content.
Google and other web browsers consider the advertising landscape to be akin to an ecosystem, in which you have to maintain a healthy balance in order for the ecosystem to thrive. With this in mind, ads which, for example, hijack a consumer’s screen, automatically play blaring music or continually flash and follow as people attempt to scroll are considered toxic waste in the ecosystem. This kind of ad paints a negative picture of all advertising on the Web and pushes consumers to eliminate all ads through third-party blockers or abstaining from the internet altogether. This kind of negative reputation and response hurts all advertisers and encourages the most disruptive types to up their efforts to be even more belligerent and sneaky. After all, bad press is still press, right? Therefore, the aim becomes to agree upon and adhere to a type of best practices for all advertisers, in which the ads are seen, but don’t become overly intrusive and drive away the very consumers they’re looking to attract and capture.
A Bright Future
With this kind of announcement, some see the signaling of an oncoming change or a shift in the current Internet. Truthfully, the Web is in a constant state of evolution. Change often leads to even more positive results. Plus, it hardly seems plausible that all advertising problems will disappear with the addition of this corporate level ad blocking. More than likely, this is only the first of many steps to help regulate such a vast and powerful resource.
The advertising potential the Internet possesses is far too grandiose to be hemmed in, even from some of the most prominent of Web fixtures. We are more likely to witness the growth and true second wave development of the art of Internet advertising.
Consider the TV ads of the 50s and 60s, compared to the slickness of today’s ads, not to mention the expert product placement appearing on most network TV regularly. We are light years away from a Howdy Doody fudge bar spot. It only seems logical that the newest and potentially most powerful entertainment and social network in existence will, in turn, up its advertising game. Google understands their stake in this business all too well. Currently, approximately 58% of all Internet users are using Chrome as their browser. This kind of leverage gives Google the ability to call some big shots, with the hope and belief by many that this is exactly what the Internet community needs.
by Felicien | Jun 15, 2017 | Education
A discussion of a particularly nasty strain of malware downloader and what you need to know to keep yourself, your business and your employees protected.
Conventional wisdom tells us that if you’re trying to keep your employees, your clients and ultimately your business safe from virtual harm, a little bit of old-fashioned common sense goes a long way. You’ve likely already been investing in ongoing security training, making sure that you and your team know how to identify a phishing email when you see one or know how to spot a rogue download coming from a mile away.
But what happens if even this isn’t enough to get the job done? What if there was a new and terrifying form of malware that could infect any PC in its path, even if the user never clicked on any suspicious-looking links in the first place? It sounds like a nightmare scenario, doesn’t it?
Unfortunately, that’s precisely the type of situation that we now find ourselves in. Security researchers from Trend Micro and Dodge This Security recently uncovered a technique that cyber criminals have been using around the world. An advanced malware downloader could potentially uninstall a banking Trojan horse on your computer – even if you never “accidentally” gave it permission.
21st Century Cyber Terror
Generally speaking, Trojan horses in the past have been limited in scope because they require some type of input from the user in order to execute. A file doesn’t just appear on your hard drive – you have to give it permission, usually while you think you’re downloading something totally legitimate. Even at that point, in an enterprise environment, a password will typically have to be provided. These two barriers have been enough to stop a large number of potential cyber attacks… until now.
The new banking Trojan discovered by security researchers simply requires that the user hovers their mouse pointer over a hyperlink in a carrier PowerPoint file. At that point, the damage has already been down – the Trojan has infected the machine and there is little that can be done about it.
Research reveals that this technique has already been incredibly successful, striking victims around the world. It has been seen in various companies and organizations all across Europe, in the Middle East and even in Africa.
The good news is that you can still train your employees to avoid this type of situation – you just need to take your old techniques and update them with a new spin. In most cases, victims received an email that was usually finance related. They would get an email supposedly from a client or colleague with a subject line like “Invoice” or “Order Number.” The PowerPoint presentation – which itself was fairly harmless – was contained inside.
Once that PowerPoint presentation was viewed in a browser (as many popular options like Firefox or Apple’s Safari have the capability to do), users could easily be exposed to the rogue link and the virus hiding just behind it.
Embedded inside the link, which typically reads “Loading, Please Wait…”, is a malicious PowerShell script. Because of the nature of PowerShell, users don’t have to actually click it – they just have to hover over it. As this is a technique commonly used to check for rogue links in the first place (hovering your mouse over a link will usually give you a peak at the associated URL), it has been particularly damaging in many situations.
Equally, good news is the fact that if a computer is running a newer version of Microsoft’s Office productivity suite, end users will STILL need to approve the malware’s download before it has the opportunity to infect a PC. This is because more modern versions of Microsoft Office have a feature called “Protected View,” which automatically displays a prompt identifying something as a “potential security concern” as soon as a script tries to execute itself.
Once a computer is infected, it can easily steal everything from user credentials to bank account information and more in seconds.
This is just another in a long line of examples as to why ongoing security training is so essential for your employees. Every computer connected to your office network is a potential vulnerability just waiting to be exploited by someone who knows what they’re doing. If even one user falls victim to this attack, it could bring your entire network to its knees.
As always in terms of cyber security, the best defense is absolutely a good offense. In addition to making sure that your employees are aware of attacks like these, you’ll want to make it a priority for your IT team to update all software whenever possible. Many don’t realize that updates to productivity suites like Microsoft Office don’t just come with fancy new features and sleek new graphical user interfaces – they usually also include bug fixes and security patches designed to stop attacks like these from happening.
As far as this particular malware downloader is concerned, research indicates that it seems to have died down after almost 1500 detections at the end of May 2017. However, it is always a possibility that this was just a test run for something far bigger and more sinister that could make its way across the planet at some point in the not-too-distant future. Whether or not we’ll be seeing an increased use of this downloader at some point soon remains to be seen, but it’s still a good idea to prepare your team accordingly just in case.
{company} is incredibly proud to act as your one-stop source for all of the breaking news, tips, tricks and best practices you need to not only keep you and your employees safe from digital threats but to wield the full might of modern technology to your advantage. If you’re in or around the {city} area and would like to find out more information about this topic, or if you have any additional questions that you’d like to get more specific answers to, please don’t delay – give us a call at {phone} or send us a message at {email} today.
by Felicien | Jun 14, 2017 | Education
Technology is an essential part of the modern business in large part due to the way that it helps bring people together. Since the beginning, Microsoft solutions like OneDrive and SharePoint have been founded on this simple fact – by making it easier for people to collaborate and communicate with one another, organizational leaders can create an environment where everyone can contribute towards the goal of working “smarter, not harder” whenever possible.
At Microsoft’s recent SharePoint Virtual Summit, company officials debuted a number of new features for both platforms that seem to double down on this simple-yet-critical goals. The features, which will begin making their way to users later on this summer, are intended to improve the way that organizations can connect both internally among employees and externally with clients.
OneDrive Updates
The centerpieces of Microsoft’s summer update spree in terms of OnePoint is undoubtedly the new “file sharing experience,” a feature designed to improve OneDrive’s integration with the built-in file management tools found in the Windows 7, Windows 10 and MacOS operating systems.
When users navigate to an Office 365 file or folder using either the “File Explorer” file management system on Windows or “Finder” on a Mac, a new OneDrive-centric “Sharing” option will appear. This is similar to the way services like Dropbox already work in that employees can now share files and other documents with one another WITHOUT navigating away from the file manager or opening a different piece of software.
The same window will give users the option to create Web links for colleagues from external organizations or even from their clients. What sets OneDrive apart from their competitors, however, comes by way of the far deeper level of control that it provides. Users can set an expiration date on all links that they create, for example, and can even modify the permissions they give to any particular shared file. If someone is sharing a proof of concept document with a client that they want them to SEE but not EDIT, it is now simple to make that happen in just a few quick clicks of a mouse.
One specialist described the OneDrive updates as “collaboration on my own terms.” He said that Microsoft is going deeper than just allowing people to share documents – instead, it’s now possible to truly connect with someone in a meaningful way the same way you would if they were sitting beside you in an office. People can connect anyWHERE, anyTIME with anyONE – something that will be of particular value to the collaborative environment with many employees working remotely.
Because OneDrive sharing permissions will also be tightened, end users will have a far superior level of visibility over who can view, modify or even access certain documents. This will also go a long way towards maintaining a much-needed level of security in a digital age that is growing more dangerous by the day.
The Future of SharePoint
During the same event, Microsoft also announced that a new feature called “communication sites” are coming to SharePoint later this year. They’re designed as an alternative to the existing “team sites,” offering employees a much better and more user-friendly way to distribute content more broadly across and organization than ever before.
If a certain piece of information needs to be seen by as many employees as possible as quickly as possible, users can create a “communication site” in seconds to do exactly that. If the venue of an upcoming company picnic has suddenly changed due to unpredictable weather issues and people are already in transit, the “communication site” can bring together elements like Bing Maps, an image gallery, a general messaging service and more – all in an effort to spread the word as far as possible as fast as you can.
Microsoft also announced a new feature that administrators have been clamoring for in particular – the new “Site Management” page. Viewing and managing all SharePoint sites is no longer a time-consuming and frustrating experience. Instead, administrators can navigate to a single page that serves as a comprehensive destination for viewing and managing all sites, no exceptions. That noise you just heard was the collective sigh of administrators around the country enthusiastically awaiting this release.
Another upcoming feature that will allow admins to rest easy – a newly designed “Device Access” page, distilling all of the various access controls for mobile collaboration down to a single window. Businesses can now quickly set policies restricting file sharing based on users, devices, and location characteristics, helping to cut off small security incidents before they have a chance to become much bigger (and undoubtedly more expensive) ones down the road.
More Features on the Horizon
In related news, Microsoft also took the opportunity to announce changes to PowerApps – the company’s “no fuss, no muss, no-code” business app builder. End users will soon have the option to create custom forms that appear in SharePoint lists and libraries. Approval flows are also on the horizon, which are built on the Flow automated workflow platform and are intended to speed up the approval process at many different organizations.
Microsoft has taken a lot of flak over the years for releasing “solutions in search of a problem” or for making “changes just for the sake of it” with many of its products. The company’s flagship operating system seems to have been a particularly notable culprit of this, though Windows 10 has undoubtedly gotten things back on track. Regardless of what has happened in the past, one thing is for sure – Microsoft’s summer update spree to both OneDrive and SharePoint, in particular, reaffirm its commitment to its customers and their own workflows moving forward.
Microsoft seems to genuinely want to make it possible for organizations to work “smarter, not harder.” While the company’s definition of “smarter” is often up for debate, steps like these show that the tech giant is at the very least moving in the right direction.
{company} is incredibly proud to be your premiere source for all the industry news, tips, tricks and best practices you need to run the business you’ve always dreamed of. If you’re in or around the {city} area and you’d like to find out more about Microsoft’s OneDrive and SharePoint summer update spree, or if you have any additional questions that you’d like to see answered, please don’t delay – contact us today at {phone} or by sending us an email to {email}.
by Felicien | Jun 13, 2017 | Education
June 13th is the Day to Celebrate Being a Geek!
When you hear the word “geek” what image does your brain conjure up? If you’re like some people, this might be a bespectacled young man who uses his razor-sharp mind to write binary code for those nifty apps that you’ve become accustomed to as you streamline your busy life. While that is certainly one way that a person can be a geek, it is far from being a club that is exclusive only to those people who are into computers. In fact, these days, you can find geeks in nearly every sector and industry.
June 13th: Geeks Will Take Over the World
Well, not really. However, June 13th IS the day that has been proclaimed to be “Embrace Your Geekness Day.” While the word geek hasn’t always been a compliment, these days geeks are trendy. Even those people who used to be called “sports fans” or “sports nuts” are now referred to as “sports geeks.”
What Exactly is a “Geek” Anyway?
This might be a trick question since there is no one-size-fits-all definition of a geek. It’s safe to say, however, that computer geeks now run the world to some extent. Whether they do so behind the scenes by writing code or engaging in other engineering tasks or they enter the picture when there’s a problem in the form of repair, having a strong interest in, and knowledge of, computers is almost imperative if you want to stay abreast of the ever-changing world of technology.
Geeks Don’t Necessarily Equal Computers
Geeks also refer to people who have a consuming obsession in one — or even more! — things. In many cases, geeks can talk about their favorite subject for hours, spouting useful tidbits and facts. These obsessions can be as unique as the people themselves and can run the gamut of interests. Comic books, Star Wars, cosplay, LARP, Pokemon, Medieval reenactors and video games are just a few of the numerous interests that your favorite geek might hold.
How Can YOU Celebrate “Embrace Your Geekness Day”?
Are you a closet geek who has an obsession that no one else knows about? Celebrate “Embrace Your Geekness Day” on June 13th and find other fellow geeks that you can connect and bond with. If there is one thing that geeks love to do, it’s talk about their interests. What better way to do that then to proclaim your geekiness loud and proud so other geeks that share your interest can find you? Who knows what will come of it if you join or grow your community of geeks? By combining your knowledge, creativity, and imagination with other like-minded geeks, it is entirely possible that the next great gadget, tool or media presentation will result.
So, what are you waiting for? You better start making plans now so you can celebrate “Embrace Your Geekness Day” in style on June 13th! At {company}, we love geeks of all types! We’d love to hear your ideas for making this year’s “Embrace Your Geekness Day” the best one ever! Contact us via {email} or call us at {phone} for more information.
by Felicien | Jun 13, 2017 | Education
For many people, the vision of a world of driverless cars represents a commuter’s utopia, and for good reason. Commuting is costly, not only in terms of time and money but in terms of stress-related illnesses. Despite the fact that people have adapted to hurtling through space at 70 miles per hour while avoiding a potentially deadly crash, traffic is anything but relaxing. Just the idea of a car expertly programmed to detect and respond instantly to hazardous road conditions and the erratic behavior of all those other drivers is enough to lower a commuter’s blood pressure considerably. (Our own driving is, of course, always impeccable.) Driverless cars could also make it possible for people to give one another the increasingly rare gift of their undivided attention while traveling.
Any dream of utopia contains within it the potential for the creation of a nightmarish dystopia, and a world of driverless cars is no exception. The number of deaths and injuries resulting from crashes caused by human error could be greatly reduced. However, the number of deaths and injuries caused by deliberate human actions, such as hacking the computer systems of driverless cars, could increase. It isn’t hard to imagine the horror of a driverless car being hijacked and used to drive into a crowded building or cause a multi-car pile-up on a busy interstate highway. One article describes an experiment in which hackers demonstrated, under controlled conditions, how just such a scenario would be possible.
Security Vulnerabilities
IT experts are the first line of defense of our collective vision of a driverless utopia. Recently, the Cloud Security Alliance published a detailed report identifying 20 potential cyber-security threats to connected vehicle systems, including driverless cars. Many of those threats are vulnerabilities caused by the very things that have helped make commutes if not more enjoyable, at least more bearable. Those potential security loopholes include onboard diagnostic ports used for vehicle maintenance, USB ports, Wi-fi, Bluetooth, and entertainment devices that utilize internet connectivity.
Electronic vehicles depend on a CAN (Controller Area Network) message bus that allows communication between devices. The CAN bus was designed as a closed network without security features. According to the report, “An unauthorized party that gains access to the bus can block legitimate messages and transmit illegitimate ones.” Keyless entry systems and the Amazon Echo, which can start a vehicle remotely, also present potential security concerns. That’s why the group recommends that separate CAN buses be used for critical safety features such as braking and lane detection systems.
Precautionary Measures
Brian Russell, the chairman of the alliance’s IoT Working Group, stresses the importance of developing operational designs that “incorporate security throughout the development”. He also recommends using the Department of Transportation’s Connected Vehicle Reference Implementation Architecture as a design guide. Its protocols apply security measures to the enterprise, functional, physical and communications elements of connected driverless systems. Vehicles communicate with one another using both established infrastructure and a DSRC (Dedicated Short Range Communication). The DSRC assigns each message a digital certificate which prevents tampering. To keep out intruders, third party devices should only access a vehicle’s Bluetooth system using the mutual recognition and authentication of Bluetooth Low Energy.
In addition to high-tech security measures being designed and implemented, societies will require a whole new set of laws to successfully integrate driverless technology. That doesn’t just include traffic and insurance laws, but privacy laws. The amount of personal information collected by driverless technology is rivaled only by the amount collected by Facebook. Like Facebook, those who wish to utilize driverless technology may have to sign agreements too lengthy and complicated to read and understand without the expert assistance of a legal professional. In 2015, a class-action lawsuit was filed against Toyota Motor Corp., Ford Motor Co., and General Motors LLC, alleging fraud, false advertising, and violations of consumer protection laws. While the district court dismissed the complaint, the Electronic Privacy Information Center (EPIC) has filed a brief requesting that the dismissal is reversed.
It Takes a Global IT Village
Creating a commuter’s utopia in which drivers can enjoy all the benefits of driverless technology is an achievable goal. With the right security measures, it will become possible for elderly to retain their travel independence and for the young to increase theirs. Parents will be able to spend less time chauffeuring and more time parenting. Workers will be able to spend less energy commuting and more time and energy to enjoy the fruits of their labors. The phrases “fighting traffic” and “road rage” will disappear from our daily lexicon, making room for more interesting, and pleasant, topics of conversation.
IT professionals worldwide are working overtime to make a world of driverless cars a dream come true. The internet has revealed the degree to which we are all interconnected. That connectivity has the potential to significantly improve the quality of our lives. It also has the potential to expose us to greater danger. That’s why programmers and app developers, whether employed by a private enterprise or governmental organizations, must work together to prevent that dream from becoming a nightmare.
by Felicien | Jun 12, 2017 | Education
Don’t Get Caught in Their Nets.
What is Phishing?
Phishing is tech language for fishing over the Internet for confidential business and personal information such as credit card numbers, personal identification, usernames, and passwords. The first phishing scam occurred in 1996.
It uses social engineering techniques and computer programming to lure email recipients and Internet users into believing that a fraudulent website is legitimate. When the phishing victim clicks the phishing link, they find that their personal identity vital information and even money have been stolen.
What’s the difference between Phishing and Spear Phishing?
Phishing emails are sent to the general public. They often impersonate a government agency, bank, the IRS, social networking site or store like Amazon.
Spear Phishing emails target specific individuals. They are personalized with facts about you or your business to draw you in. And they appear to come from a company or person you do business with. It could come in the form of an email from your CEO.
A Phishing or Spear Phishing Email:
Is the one that you didn’t initiate.
May contain strange URLs and email addresses.
Often uses improper grammar and misspellings.
Typically contains attachments that you don’t recognize as legitimate.
Contains a link or email address that you don’t recognize.
May use language that is urgent or threatening.
Phishing and Spear Phishing are popular among cybercriminals because they usually succeed.
10 messages have a better than:
90% chance of getting a click.
8% chance of users clicking on an attachment.
8% chance users will fill out a web form.
18% chance that users will click a malicious link in an email.
Even high-level executives get spoofed and share usernames and passwords.
The average cost of a Phishing Scam is $1.6 million. It’s a top security concern for businesses today:
1 in 3 companies are affected.
30% of Phishing emails get opened.
Phishing is now the #1 vehicle for ransomware and other forms of malware.
Prevent being a victim of phishing or spear phishing. Here are 8 important things to remember:
Stay informed about phishing techniques. Different phishing scams are being sent out every day. Ongoing security awareness training should be a top priority for your organization. Contact {company} at {phone} or {email}. We can help.
Think before you click a link. Don’t click on links from random emails or text messages. Hover your mouse arrow over a link to see who sent it. Most phishing emails begin with “Dear Customer” so watch out for these. Verify the website’s phone number before placing any calls. Remember, the secure website always starts with “https.”
Never divulge personal information requested by email, such as your name or credit card number. Typically, phishing emails will direct you to a web page to enter your financial or personal information. When in doubt, visit the main website of the company in the email, and give them a call. And, never send sensitive information in an email to anyone. (A secure website always starts with “https”.)
Consider installing an anti-phishing toolbar and security tools. Some Internet browsers offer free, anti-phishing toolbars that can run quick checks on the sites you visit. If a malicious site shows up, the toolbar will alert you. Be sure to ask {company} about updated computer security tools, such as anti-virus software, spyware, and firewalls. They will drastically reduce the chances of hackers and phishers infiltrating your computer or your network.
Never download files from suspicious emails or websites. Double check the website URL for legitimacy by typing the actual address into your Web browser. Check the site’s security certificate. Also, beware of pop-ups as they may be phishing attempts. Your browser settings allow you to block pop-ups, where you can allow them on a case-by-case basis. If one gets through, don’t click on the “cancel” button as this is a ploy to lead you to a phishing site. Click the small “x” in the upper corner of the window, instead.
Get into the habit of changing your passwords often. You can also use a password manager like Dashlane or Last Pass that will automatically insert new, hard-to-crack passwords for you.
Regularly check your online bank and credit card accounts. To prevent bank phishing and credit card phishing scams, you should personally check your statements regularly. Get monthly statements for your financial accounts and check every entry carefully to ensure no fraudulent transactions have been made without your knowledge.
Update your browsers to the latest version. Security patches are released in response to the vulnerabilities that phishers and hackers exploit. Don’t ignore messages to update your browsers, and download the updates as soon as they’re available.
Protect your confidential information and your business. {company} will train you and your staff to recognize and block Phishing and Spear Phishing Scams. Contact us at {phone} or {email}.
