by Felicien | Jun 12, 2019 | Education
If your business has made the decision to contract with an IT services company for IT support, you’ve made the right choice. However, you’re not done yet. You still need to choose the IT services company that’s best for your business. In most markets, you’ll have choices — maybe too many choices. Use these criteria for how to find the right IT services company to narrow down your search.
1. Size Matters
IT services firms come in all shapes and sizes, from boutique outfits with just a few employees to massive firms with multiple physical locations. Make sure you evaluate the size of an IT services company compared to the size and needs of your business. The right IT services company will be transparent about how many employees they have in various roles or departments, and it will have sufficient capacity to meet your needs.
2. The Right Competencies
IT services companies are generally quite competent. If not, they go out of business pretty fast. So “Are they competent?” is the wrong question. The right question to ask is whether they have the right competencies. Create a comprehensive list of your business’s hardware and software use. Don’t just ask whether the company can support what you’re using. Ask for proof that they have already successfully done so with other businesses.
3. Industry Familiarity
Along the same lines, ideally, you want an IT services company that already understands your industry. Throwing industry jargon at your IT vendor is unavoidable, so it’s important that they understand that jargon. Ask how many companies in your industry the firm has worked with previously. The more, the better.
4. Location, Location, Location
In general, we recommend giving preference to local firms. If you need on-site service, local firms can handle this directly. A distant IT support company has to find a local vendor and hope for good availability.
Finding a provider close by isn’t always possible, and it’s not feasible if you’re a multi-site organization. Still, smaller companies will benefit from choosing a local provider.
5. Service Providers Have Rules, Too
Many IT services companies have their own rules about which businesses they will take on. Before a company makes it onto your short list, make sure your business is actually qualified. For example, some service providers have upper or lower limits for the number of workstations supported, meaning if your business is too large or too small, they won’t serve you. Others may refuse to support specific hardware or software types, or they may narrow their field of clients to specific industries.
Conclusion
These are a handful of the areas you should consider when choosing the right IT services firm. If you want to ask us these or other questions, let’s get a conversation going.
by Felicien | Jun 11, 2019 | Education
The NSA Is Urging To Patch Remote Desktop Services On Legacy Versions of Windows
The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats. Recent warnings by Microsoft stressed the importance of installing patches to address a vulnerability in older versions of Windows.
Microsoft has warned that this flaw is potentially “wormable,” meaning it could spread without user interaction across the Internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.
CVE-2019-0708, dubbed “BlueKeep,” is a vulnerability in Remote Desktop Services (RDS) on legacy versions of the Windows® operating system. The following versions of Windows® are affected:
Windows® XP
Windows® XP
Windows Server® 2003
Windows® Vista
Windows Server® 2008
Windows® 7
Windows Server® 2008 R2
What Is A Wormable Virus?
This means that the virus can get into your system without you doing anything like clicking a malicious link. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights without your knowledge.
Any future malware that uses this vulnerability could propagate from one vulnerable computer to another. This is how similar malware like WannaCry spread around the world. Experts are worried that this flaw could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.
Another Problem
Although Microsoft has issued a patch, potentially millions of machines are still vulnerable. This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability.
For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation tools are widely available for this vulnerability.
NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.
What Should You Do?
Microsoft has released a critical update for their Remote Desktop Services that impacts multiple Windows versions. The patches are for devices and systems that are both in and out-of-support, which is rare for Microsoft to do. This shows the importance of these patches.
The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. To apply the patches, go to the Microsoft Security Update Guide for in-support systems and KB4500705 for out-of-support systems.
Microsoft recommends that customers running one of these operating systems download and install the update as soon as possible.
Does This Mean Even Systems Without Support Can Get The Patch?
Yes, Microsoft is aware that some customers are running versions of Windows that no longer receive mainstream support. This means that you wouldn’t have received any security updates to protect your systems from the CVE-2019-0708 virus.
Given the potential impact to customers and their businesses, Microsoft decided to make security updates available for platforms that are no longer in mainstream support. All Windows updates are available from the Microsoft Update Catalog.
What Should You Do Before We Apply The Update?
It’s recommended that you back up all of your important data first. If you have a reliable backup, and if the patch creates problems, you can still access your data. You should do this before you install any patches.
What If You Can’t Apply The Patches?
If you can’t apply the patch for your system there are other things that you can do:
If you don’t need the Remote Desktop Services, you can disable it.
Block the TCP port 3389 (this prevents unauthorized requests from the Internet).
Enable NLA (Network Level Authentication) for Windows 7 and Windows Server 2008.
Of course, the best thing to do is to contact us. We’ll know exactly what to do.
What Else Should You Know?
If you had updated from Windows 7 to Windows 10 or from Windows servers 2008/2008 R2 to Windows 2016 or 2019, you wouldn’t need to worry. This is why it’s essential to keep your systems up to date.
Soon, on January 14, 2020, support will come to an end for all Windows Server 2008, 2008 R2 equipment and the Windows 7 operating system.
If you’re still using these servers or operating system, it’s crucial to replace them now so that there’s no disruption to your daily operations or loss of data.
Any hardware or software product that reaches its end of life is a potential gateway for hackers to enter through. In addition to the security hazard, there are other reasons why it isn’t a good idea to keep using old equipment such as unresolvable outages.
by Felicien | Jun 11, 2019 | Education
Some days it seems like everything in our lives requires a password: banks, apps, debit and credit cards, online banking, business applications, healthcare accounts . . . the list is literally endless. Technology professionals recommend that you use a different and highly secure password for each site — but how is it even possible for humans to associate that many unique and unusual passwords with the correct website or application? You continually hear cautions from security professionals that simple passwords or those that are reused make it all too easy for hackers to break into your accounts and steal your sensitive personal, health or financial information. Even your social media accounts and business websites are being used to glean information about your life that can potentially be used as details to build a complete biography in hopes of breaking into your confidential data. With all these challenges, these four strategies will help you create the super strong passwords that you need to stay protected online.
1. Avoid Simple Concepts and Terms
Few people enjoy creating unique and individualized passwords for each application or website, but it’s crucial that you avoid these Top 100 terrible passwords, as compiled by SplashData. The list includes everything from the expected “123456”, “password”, “sunshine”, “princess”, “football” and “monkey”. From the list, it looks like men and women are equal opportunity offenders when it comes to poor password selection, and SplashData estimates that approximately 10% of people have selected at least one of the Top 100 worst passwords in the prior year. Think of it like this: if the password seems simple for you to remember, it’s probably going to be simple to hack as well. This includes the standard dictionary of user names, birthplaces or birthdays, favorite colors or foods, pets and the names of relatives.
2. Long, Random Words Are Tough to Guess
The days of a hacker sitting in a basement in the dark trying to guess a complex password are long over. Today’s attempts to breach your account are through sophisticated computer programs that can try millions of word and number combinations very quickly. Previously, the government’s cryptography expert recommended that you create a phrase that you can easily remember and simply replace some of the letters with numbers or other letters to make it more difficult to read (and remember!). Bill Burr’s 2003 password creation recommendations are no longer considered valid, and he has since rescinded those recommendations in favor of creating a long string of random words. Well-known Bible verses, famous movie lines and other phrases that are common to the American vernacular are not ideal — nor is the phrase on your favorite coffee mug.
3. Don’t Reuse Passwords
We get it. It’s tough to remember a bunch of different long, complex and rambling phrases. Wouldn’t it be a lot easier to simply create a single phrase that you could use everywhere? It would be easier for you — and also for anyone attempting to gain access to several of your accounts at once. Reusing passwords is a major no-no, but one error that many people commit. If you ever need to share a password with a service provider, you need to be sure to change it so you don’t have that information floating around anywhere. Would you rather have hackers gain access to a single system, or have to cancel every credit card and account that you own due to having a shared password?
4. Use a Password Manager or Random Password Generator
Keeping track of your highly complex and secure passwords is something that can be difficult for humans, making password lockboxes a necessity. Instead of getting a small notebook that you lock up in your purse or pocket, consider using a password manager. These secure online solutions allow you to create a single, memorable password to a platform that automatically creates passwords for each new application or system that you need to access. When your computer is creating and memorizing these passwords for you, you’re much less likely to make simple mistakes when creating your password. The best programs also provide feedback on how secure your password is and when you should make a change. Avast, a leader in online security, offers a free random password generator that you may want to check out, too.
Creating and remembering secure passwords could either be a full-time job, and you could still end up with vulnerabilities due to the common nature of the words that you choose to make up your passwords. When you follow these four password strategies, you are more likely to protect your important business and personal accounts from both humans and computers.
by Felicien | Jun 11, 2019 | Education
Chromebooks are a relatively new type of laptop, first hitting the market in 2011. If you’re in the market for a new laptop or are in charge of purchasing laptops for a group, Chromebooks may have caught your eye due to their low prices.
Before you jump onto the Chromebook bandwagon, it’s important to understand the significant differences between Chromebooks and conventional PC or Mac laptops. First, let’s take a high-level look at what Chromebooks are.
Chromebook Overview
The underlying vision for Chromebook was to create an entirely new category of laptop, one that’s streamlined, durable, and low in price. Chromebooks generally don’t look as flashy as higher-end laptops. They don’t have hard drives; instead, they rely on small amounts (16, 32, or 64 GB typically) of eMMC storage. eMMC storage is cheaper and less feature-packed than SSD storage. Critics call them underpowered; proponents say they’re intentionally streamlined.
Chrome OS
One of the most noticeable differentiators between Chromebooks and other laptops is Chrome OS. Chrome OS is a much simpler operating system than Windows or macOS. It’s quick and responsive — most Chromebooks boot up in around 8 seconds — but it lacks many of the features and much of the depth of both Windows and macOS.
Software Options
With a few exceptions, the apps in Chrome OS launch and run in the Chrome browser. Chrome OS’s file manager and media player launch on their own, but that’s it. Everything else runs in the Chrome browser. Granted, the Chrome browser is powerful, and these days many apps have a web version accessible via Chromebook. Still, this gives you an idea some of the limitations you might face when choosing a Chromebook. You won’t be running Photoshop, iTunes, or other popular desktop-only applications.
If you want to know more about what software is and isn’t available for Chromebook, search the relevant stores. All Chromebooks have access to the Chrome Web Store, and some additionally can access the Google Play Store.
Hardware
If you’re looking for a streamlined, lightweight machine to do basic office or education-related tasks, Chromebook may be a good choice. It’s no hardware powerhouse, though, and that’s by design. If you need raw computing power, you won’t find it here. Most Chromebooks have decent but not great displays. They have lower levels of eMMC storage, which itself is less powerful than SSD technology.
Their processors are adequate for what the OS allows you to do, but they are slower than what you’re likely to find in a late-model PC or Mac. Because Chromebooks don’t do a lot of heavy lifting, most of them are fanless, which reduces both weight and power consumption.
Chromebook battery life is usually fantastic. Smaller, slower, simpler components don’t need as much power, and along the same lines the sleek, streamlined OS doesn’t demand much, either. Bear in mind that the more intense the task, the faster the battery will drain—just like other laptops.
Cost
Cost is one of the biggest differentiators. Because Chromebooks don’t need to include the fastest and best components, they are far cheaper than flagship PC or Mac laptops. While prices vary depending on hardware specs, many Chromebooks are available for less than $200. The cheapest MacBook air starts at $999. You could buy 5 Chromebooks with that money!
Should You Get One?
The answer is, of course, it depends. If you need a powerful device capable of running any and all software, or if you have a strong preference for Windows or macOS, then a Chromebook isn’t right for you. On the other hand, if price is a big consideration, you’re a casual user, or you’re wanting a simple, streamlined device, Chromebook may well be a great choice for you.
by Felicien | Jun 11, 2019 | Education
CBD Reports 100,000 Photo and License Plate Breach
The U.S. Customs and Border Protection (CBP) reported today that nearly 100,000 travelers’ photos and license plate data were breached. If you’ve driven in or out of the country within the six-week period where the data was exposed, you could have been victimized.
The department said on June 10th that the breach stemmed from an attack on a federal subcontractor. CBP learned of the breach on May 31st.
CBP report:
“Initial reports indicate that the traveler images involved fewer than 100,000 people; photographs were taken of travelers in vehicles entering and exiting the United States through a few specific lanes at a single land border Port of Entry over a 1.5 month period.”
CBP hasn’t reported when this 6-week period was.
Who Was The Subcontractor That Was Affected By The Breach?
CBP hasn’t said who the subcontractor was either. But the Register reports that the vehicle license plate reader company Perceptics based in Tennessee was hacked. And, these files have been posted online.
Additionally, the Washington Post reports that an emailed statement was delivered to reporters with the title: “CBP Perceptics Public Statement.”
Perceptics’ technology is used for border security, electronic toll collection, and commercial vehicle security. They collect data from images on license plates, including the number, plate type, state, time stamps and driver images.
Where Were The License Plate Readers Installed?
Perceptics license plate readers were installed at 43 U.S. Border Patrol checkpoint lanes in Texas, New Mexico, Arizona, and California.
CBP reports that “No passport or other travel document photographs were compromised and no images of airline passengers from the air entry/exit process were involved.”
CBP uses cameras and video recordings at land border crossings and airports. The images they capture are used as part of a growing agency facial-recognition program designed to track the identity of people entering and exiting the U.S.
Do We Know Whose Data Was Exposed?
No, we don’t. And to date, CBP hasn’t said if this data will be released. If we hear differently, we’ll be sure to report any updates, so keep watching this space.
Is Facial-Recognition A Security Threat?
Facial-recognition is a hot topic right now. The American Civil Liberties Union states:
“This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place.”
Congressional lawmakers have questioned whether the government’s expanded surveillance with facial recognition could threaten constitutional rights and open millions to identity theft.
Today’s technology can recognize and track us without our knowledge or an option to prevent it. It’s inevitable that a new battle between surveillance and privacy will be taking place as more breaches occur.
by Felicien | Jun 11, 2019 | Education
Protecting your business requires more time, effort and energy from your technology team than ever before. Business systems are increasingly complex, requiring staff members to continually learn and adapt to changing conditions and new threats as they emerge. It’s not unusual for a single ransomware incident to wreak havoc on carefully balanced systems, and this type of attack can be particularly damaging if you do not have the backup and disaster recovery procedures in place to regain critical operations quickly. From checking for system vulnerabilities to identifying weak points in your processes, here are some reasons why it is so important to regularly test your business systems.
1. Business System Testing Helps Find Vulnerabilities
The seismic shift in the way business systems work is still settling, making it especially challenging to find the ever-changing vulnerabilities in your systems. Cloud-based applications connect in a variety of different ways, causing additional steps for infrastructure teams as they review the data connectors and storage locations. Each of these connections is a potential point of failure and could represent a weakness where a cybercriminal could take advantage of to infiltrate your sensitive business and financial data. Regular business system testing allows your technology teams to determine where your defenses may need to be shored up. As the business continues to evolve through digital transformation, this regular testing and documentation of the results allow your teams to grow their comfort level with the interconnected nature of today’s systems — which is extremely valuable knowledge to share within the organization in the event of a system outage or failure. Experts note that system testing is being “shifted left”, or pushed earlier in the development cycle. This helps ensure that vulnerabilities are addressed before systems are fully launched, helping to protect business systems and data.
2. Business System Testing Provides Valuable Insight Into Process Improvement Needs
Business process improvement and automation are never-ending goals, as there are always new tools available that can help optimize the digital and physical operations of your business. Reviewing business systems in depth allows you to gain a higher-level understanding of the various processes that surround your business systems, allowing you to identify inefficiencies as well as processes that could leave holes in your cybersecurity net. Prioritizing these process improvements helps identify any crucial needs that can bring significant business value, too. This process of continuous improvement solidifies your business systems and hardens security over time by tightening security and allowing you to review user permissions and individual levels of authority within your business infrastructure and systems.
3. Business System Testing Allows You to Affirm Your Disaster Recovery Strategy
Your backup and disaster recovery strategy is an integral part of your business. Although you hope you never have to use it, no business is fully protected without a detailed disaster recovery plan of attack — complete with assigned accountabilities and deliverables. It’s no longer a matter of “if” your business is attacked but “when”, and your technology team must be prepared for that eventuality. Business testing allows you to review your backup and disaster recovery strategy with the parties that will be engaged to execute it, providing an opportunity for any necessary revisions or adjustments to the plans. Whether a business system outage comes from a user who is careless with a device or password, a cybercriminal manages to infiltrate your systems or your business systems are damaged in fire or flood, your IT team will be ready to bring your business back online quickly.
Regularly testing your business policies and procedures and validating your disaster recovery plan puts your organization in a safer space when it comes to overcoming an incident that impacts your ability to conduct business. The complexity of dealing with multi-cloud environments can stymie even the most hardened technology teams, and the added comfort level that is gained by regular testing helps promote ongoing learning and system familiarity for your teams. No one wants to have to rebuild your infrastructure or business systems from the ground up, but running testing procedures over time can help promote a higher level of comfort within teams and vendor partners if the unthinkable does occur.
