Author: Stuart Crawford

The NSA Is Urging To Patch Remote Desktop Services On Legacy Versions of Windows

The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats. Recent warnings by Microsoft stressed the importance of installing patches to address a vulnerability in older versions of Windows.

Microsoft has warned that this flaw is potentially “wormable,” meaning it could spread without user interaction across the Internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.

CVE-2019-0708, dubbed “BlueKeep,” is a vulnerability in Remote Desktop Services (RDS) on legacy versions of the Windows® operating system. The following versions of Windows® are affected:

• Windows® XP
• Windows® XP
• Windows Server® 2003
• Windows® Vista
• Windows Server® 2008
• Windows® 7
• Windows Server® 2008 R2

What Is A Wormable Virus?

This means that the virus can get into your system without you doing anything like clicking a malicious link. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights without your knowledge.

Any future malware that uses this vulnerability could propagate from one vulnerable computer to another. This is how similar malware like WannaCry spread around the world. Experts are worried that this flaw could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

Another Problem

Although Microsoft has issued a patch, potentially millions of machines are still vulnerable. This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability.

For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation tools are widely available for this vulnerability.

NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.

What Should You Do?

Microsoft has released a critical update for their Remote Desktop Services that impacts multiple Windows versions. The patches are for devices and systems that are both in and out-of-support, which is rare for Microsoft to do. This shows the importance of these patches.

The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. To apply the patches, go to the Microsoft Security Update Guide for in-support systems and KB4500705 for out-of-support systems.

Microsoft recommends that customers running one of these operating systems download and install the update as soon as possible.

Does This Mean Even Systems Without Support Can Get The Patch?

Yes, Microsoft is aware that some customers are running versions of Windows that no longer receive mainstream support. This means that you wouldn’t have received any security updates to protect your systems from the CVE-2019-0708 virus.

Given the potential impact to customers and their businesses, Microsoft decided to make security updates available for platforms that are no longer in mainstream support. All Windows updates are available from the Microsoft Update Catalog.

What Should You Do Before We Apply The Update?

It’s recommended that you back up all of your important data first. If you have a reliable backup, and if the patch creates problems, you can still access your data. You should do this before you install any patches.

What If You Can’t Apply The Patches?

If you can’t apply the patch for your system there are other things that you can do:

• If you don’t need the Remote Desktop Services, you can disable it.
• Block the TCP port 3389 (this prevents unauthorized requests from the Internet).
• Enable NLA (Network Level Authentication) for Windows 7 and Windows Server 2008.

Of course, the best thing to do is to contact us. We’ll know exactly what to do.

What Else Should You Know?

If you had updated from Windows 7 to Windows 10 or from Windows servers 2008/2008 R2 to Windows 2016 or 2019, you wouldn’t need to worry. This is why it’s essential to keep your systems up to date.

Soon, on January 14, 2020, support will come to an end for all Windows Server 2008, 2008 R2 equipment and the Windows 7 operating system.

If you’re still using these servers or operating system, it’s crucial to replace them now so that there’s no disruption to your daily operations or loss of data.

Any hardware or software product that reaches its end of life is a potential gateway for hackers to enter through. In addition to the security hazard, there are other reasons why it isn’t a good idea to keep using old equipment such as unresolvable outages.

 

 CBD Reports 100,000 Photo and License Plate Breach

The U.S. Customs and Border Protection (CBP) reported today that nearly 100,000 travelers’ photos and license plate data were breached. If you’ve driven in or out of the country within the six-week period where the data was exposed, you could have been victimized.

The department said on June 10^th that the breach stemmed from an attack on a federal subcontractor. CBP learned of the breach on May 31^st.

CBP report:

“Initial reports indicate that the traveler images involved fewer than 100,000 people; photographs were taken of travelers in vehicles entering and exiting the United States through a few specific lanes at a single land border Port of Entry over a 1.5 month period.”

CBP hasn’t reported when this 6-week period was.

Who Was The Subcontractor That Was Affected By The Breach?

CBP hasn’t said who the subcontractor was either. But the Register reports that the vehicle license plate reader company Perceptics based in Tennessee was hacked. And, these files have been posted online.

Additionally, the Washington Post reports that an emailed statement was delivered to reporters with the title: “CBP Perceptics Public Statement.”

Perceptics’ technology is used for border security, electronic toll collection, and commercial vehicle security. They collect data from images on license plates, including the number, plate type, state, time stamps and driver images.

Where Were The License Plate Readers Installed?

Perceptics license plate readers were installed at 43 U.S. Border Patrol checkpoint lanes in Texas, New Mexico, Arizona, and California.

CBP reports that “No passport or other travel document photographs were compromised and no images of airline passengers from the air entry/exit process were involved.”

CBP uses cameras and video recordings at land border crossings and airports. The images they capture are used as part of a growing agency facial-recognition program designed to track the identity of people entering and exiting the U.S.

Do We Know Whose Data Was Exposed?

No, we don’t. And to date, CBP hasn’t said if this data will be released. If we hear differently, we’ll be sure to report any updates, so keep watching this space.

Is Facial-Recognition A Security Threat?

Facial-recognition is a hot topic right now. The American Civil Liberties Union states:

“This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place.”

Congressional lawmakers have questioned whether the government’s expanded surveillance with facial recognition could threaten constitutional rights and open millions to identity theft.

Today’s technology can recognize and track us without our knowledge or an option to prevent it. It’s inevitable that a new battle between surveillance and privacy will be taking place as more breaches occur.

Familiarity with marketing technologies is a must for today’s CMO. However, the range of tech knowledge across CMOs varies widely. Even if every CMO can benefit from some technical familiarity, the reality is that some CMOs know very little about technology while others know more than they will ever need to in order to fulfill their responsibilities. Wherever you happen to sit on the tech knowledge spectrum, it can be helpful to have a roadmap on where your level of proficiency and understanding should be headed. With the right approach to marketing technology management fundamentals, you can ensure that you are best equipped to help guide your company towards its objectives.

Marketing Technology for the CMO—What You Need to Know

If you have been a CMO for very long, you have seen how dramatically your responsibilities have changed in recent years. Where you once focused primarily on building your brand, advertising and customer engagement, today you juggle those responsibilities with embracing and leveraging a range of technologies and platforms. The rate of change is only increasing, so it is understandable that many CMOs feel a bit overwhelmed sometimes. Fortunately, there are key areas that you can focus on when it comes to marketing technology. By leaning into the right areas, you can ensure that your expertise and management efforts are focused where they will do the most good for your company.

The marketing technologies your company utilizes come together to form what is referred to as a stack. The way you approach the stack—both the existing tools you are using and the adoption of new tools—is a major part of how you manage the tech side of your role. You can be actively involved in initiatives related to marketing technology by:

• Determining which technology is a priority
• Helping with the creation of stack strategy
• Conducting reviews of how the stack is performing
• Creating a management structure where your team can fully leverage the available technology
• Being aware of the company’s data strategy and actively contributing to its development

Key focus areas should include:

Ensuring Stack Strategy is Based on Marketing Objectives

There are a seemingly endless number of marketing technologies now available—all of them promising to transform the way you do business. But most of those tools are not ideal for helping you achieve your concrete marketing objectives. Those objectives, based off of the objectives of your business, should guide how you organize your stack. By making sure that technology serves to achieve specific objectives, and is not just a solution looking for a problem, you can streamline your technology usage.

Regularly Measuring the Performance of the Stack

When you adopt new technology, it is important to determine what metric you will use to determine if it is serving the needs of your company. With metrics in mind, you can set regular review sessions to analyze how each technology is performing. You can determine which products are working as expected, which are not working as expected, and which are working even better than expected. With measurements in hand, it becomes much easier to decide how you will move forward with each technology—and which you will eliminate.

Keep an Eye Out for Bloat in the Stack

A regular performance review will help you avoid the bloat that is so common with marketing technology stacks. You and your team can check to see which programs are being utilized and how well they are being used. You may discover that some tools are not being fully leveraged, while others may actually overlap in functionality with other tools. Your team can determine how to get the most out of what you are already using while also eliminating as much overlap as possible. Ideally, you want to use as few technology tools as possible but use the ones you do have as fully as possible. You can develop a lean stack that gets the job done without creating drag.

Create a Clear Data Strategy

There is plenty of data at your fingertips with today’s technologies. But it is not enough to have data coming at you and your team. You need to have a clear strategy on what data to collect, how to collect it and how to process it. The assistance of the IT department can come in handy here, as they should be able to work with you to develop and implement a strategy based on your marketing objectives.

Define Responsibilities

The way you and your company handle the technology stack will be based on the resources you have available. Some companies have numerous departments that can split up the work, while others only have a few people who need to devote themselves fully to the task. What is important is that you and your team define responsibilities. Once everyone knows what they need to do, it is much easier to ensure that everything that needs to be done is done.

Moving Forward

As a CMO, you can help your company achieve its objectives by utilizing technology. You do not have to be an expert in every technology you use; you simply need to know where to focus your efforts to achieve maximum effectiveness.

You may be a small business, but there’s no reason you have to think or act small. Today’s technology innovations offer small businesses all sorts of powerful tools that just a decade ago weren’t available or were only affordable to large firms. Technology can help small businesses think like big ones in all sorts of ways. Here are 7 ways small businesses should start thinking bigger.

1. Embrace the Cloud

There are numerous cloud-based technologies that can help your small business punch above its weight. By embracing the cloud, you can save money, improve your staff’s productivity, and expand or contract IT operations far easier than you could without the cloud.

Entrust things like email and calendar hosting, file storage, and video chat to cloud-based software and infrastructure solutions. Most small businesses will pay less for a cloud solution than they would to purchase and maintain servers and software. This is due to the economy of scale: your cloud provider is operating at a very large scale, so the cost of adding just a bit more server space is negligible. Without cloud services, your small business shoulders all the unique setup and maintenance costs all your own.

2. Improve Your Website

Sometimes the difference between a successful small business and a failing one is as simple as the quality of their website. Your website is your digital storefront, but it’s also your digital billboard, white pages, classified ad, and more. If it looks terrible or doesn’t function well, you’re sending a poor message to your customers and prospective customers.

If revamping your website is more than your business can do well in-house, consider contracting with a vendor for this crucial task. Many managed service providers offer this service or can contract with qualified vendors who do.

3. Leverage Social

Your business needs a social presence, even if it’s small. This is true of all small businesses, but the smaller your business, the more important grassroots tools like social become. Share content regularly (including photos and videos) and encourage your most loyal customers to do the same.

As your brand’s social presence grows, it’s important to keep an eye on your reputation. What are people saying publicly about you? Is there anything you need to intervene on? Social can be a great avenue to see what challenges your customers are facing.

4. Use CRM Software

Customer resource management (CRM) software is the way big businesses keep in contact with customers in an organized fashion. CRM software isn’t limited to large firms, though. Affordable cloud-based options that work well with small business are available.

5. Big Data Isn’t Everything

Big data helps big companies win, right? That’s what we’re always hearing, and there’s truth to it. That said, we’ve all seen plenty of examples of big data leading companies astray, like “targeted ads” that miss completely or hyper-local campaigns that come off as fake or out-of-touch.

As a small business, you have access to something big businesses don’t: real, interpersonal data. Call it “small data” if you like. You likely know your customers much better than large firms do. Write down the things you learn. Better, input that information into your CRM software. You have the ability to send more personal notes than your large, faceless competitors. Capitalize on this.

6. Plan to Plan

You have a business plan in place, but as you grow, does your business plan grow with you? Your small business runs the risk of losing focus as it grows. Employees and leadership get so focused on daily tasks that they don’t keep their eyes on the overall plan. In other cases the overall plan becomes outdated and less applicable. Schedule time each year to review your business plan and goals, just like the big guys do.

7. Don’t Go It Alone

Lastly and most importantly, don’t go it alone as a small business. Your business is unique, set apart by some feature, product, or ethos that your competitors don’t have. Focus as much of your energy as possible on that thing, on your core competencies. As much as possible, divest yourself from other things.

One of those other things, for most businesses, is IT. Partnering with a managed service provider (MSP) to implement and support your IT infrastructure can save you money and increase productivity. You’ll also gain access to a deeper bench of IT professionals than you could afford to keep in house. If you’re ready to explore what we can do as your MSP, contact us today.

The rapid increase in technology use in businesses has affected every industry. Across all businesses, the need to keep up with the competition means paying attention to what technologies are available and incorporating the right tech tools as they become viable. Whatever your business, you know that you need to invest in information technology to excel in your industry. But how much should you invest, exactly? To determine your IT budget, you need to look carefully at your industry, your business goals and most importantly, what you can reasonably expect information technology to do for you on your path towards those goals.

Putting Technology Investment in Context

Depending on what stats you read, it appears that businesses spend anywhere from 3% to 6% of their budget on IT. The average spend on tech is expected to go up in the coming years, but no one is quite sure how much it will increase. It makes sense to expect an increase, of course, given the drastic increase in tech adoption across all facets of daily life and business. But the amount of increase is hard to be certain of because no one is sure exactly what the future holds.

What is clear is that an IT budget is necessary for building and maintaining a business. However, the size of that budget can vary considerably depending on the business and the industry that business is part of. In a study conducted by Deloitte, it was found that banking and securities spent 7.16% of their budget on IT—the most of any industry—while construction spent the least at 1.51%. Other industries spent somewhere in between. Such a large difference in spending is indicative of a spectrum of need for IT that differs significantly depending on the business. Those differences make it impossible to define a one-size-fits-all budget percentage for IT for all businesses. There are simply too many variables to consider.

How to Determine How Much Your Company Should Spend on IT

Guidelines on how to determine your own IT budget can be much more useful than a blanket statement about how much you should spend. By knowing what questions to ask, you can get the answers you need to form your own ideas about what your company needs as far as IT goes.

Some questions you can ask include:

Do we need an IT budget?

The answer to this is an obvious “YES”, but it is worth coming up with your own reasons for having a budget to begin with. The closer you look at your circumstances, the more apparent it will be that IT is simply a part of doing business and an area that you will always have to navigate as a company. And it is not enough to put off IT decisions until you make a split-second purchasing decision financed by extra cash you have lying around—not if you want IT to generate reliable results. For long-term success, you need a specific budget.

What is the budget for?

IT investments should serve to further your business objectives. Pulling a random number out of the air is not going to achieve optimal outcomes. The budget should be set to ensure that you can use the technology you need to achieve the outcomes you desire. Of course, to answer this question, you may need to clarify your business objectives and your IT needs. The CIO, CMO and other business leaders can work together to set guidelines for what needs to be accomplished and the budget can be built from there.

Are we spending more just because?

Knowing that business spending on IT is increasing in many industries is useful, but just because others are doing it does not mean that you need to do it. Increasing spending on IT is not enough on its own to improve your business. That increased spending needs to have a purpose. Maybe you are upgrading important infrastructure. Or, perhaps you know of a new tech tool that is virtually guaranteed to make you more competitive. Just make sure that an increased budget has a purpose.

Is the budget based on current economic conditions?

Some businesses are still stuck in a recession mindset. They try to avoid any extra spending because they think it is a necessity for survival. But if the economy has picked up, it is vital to take advantage of increased revenue to bolster your technology while you can. The better you equip your company to move into the new age now, while you have the resources, the more capable your company will be of weathering any storms to come.

The reality of IT budgets is that they need to be customized to the business using them. Fortunately, the process of determining the IT budget can greatly improve your company’s understanding of where it is, where it is going and how technology will help it get there.

More than ever, cybercrime is a reality all businesses in Australia must face. No matter your industry, company size, or level of technology use, it’s up to you to ensure the security of your data and the strength of your security.

Together with the Cyber Security Working Group (CSWG), the Australian Taxation Office has developed 3 key tips to help businesses throughout the country combat cybersecurity. We’ve summarised these tips below.

3 Tips for Better Cyber Security

1. Ensure your system and individual accounts are constantly monitored.

All accounts owned or operated by your company need to be monitored constantly for unusual activity. This may mean hiring a security company to carry out consistent monitoring, but it will also mean checking your company interactions and transactions in-house. On an individual level, instruct your employees to follow the same self-monitoring protocol.

2. Train your employees in best practices for optimal security.

Evidence shows that phishing scams are at the root of most cybercrime activity. A phishing scam is generally conducted by email, but it can be done over the phone or by mail as well.

Most often, a criminal on the other end of the scam will send an unsolicited email to one or more employees in your company. The email will likely appear from a legitimate source, such as a bank, credit card company, security manager, or higher-up in the company. A key feature of a phishing email is the request to:

• Reply with more information (usually personal or sensitive information such as a login or account number)
• Login to an account you possess via a link the provided in the email
• Click on a link for some other reason (to retrieve a prize you’ve won, for example)

In order to avoid phishing scams from affecting your company, the only truly effective measure is to train your employees in common cyber scam activity. Teach them how to avoid such scams. It’s important to teach your employees to:

• Never click on links from or reply to suspicious emails.
• Avoid providing sensitive information (logins, passwords, account numbers, access codes, etc.) when prompted by email. When in doubt, double check with the sender by calling them directly or speaking to them face-to-face to see if the initial message was real.
• Never open attachments or programs from unknown sources.
• Never leave their open or logged in computers or terminals unattended.
• Watch your social media presence carefully. Not everything (meaning, sensitive details) should be shared on public accounts like Facebook, Twitter, and Instagram as hackers may come back to use this information with malicious intent. Make sure whoever is managing your social media accounts is aware of this.

3. Be wary of conducting business on public Wi-Fi connections.

Public Wi-Fi can be a tricky Internet connection to safely use because it’s not always secure from corruption by nearby hackers. This certainly goes for individuals on a personal level as individuals can easily be hacked via their bank account logins or by email, but it always goes for business conducted on company laptops or through company websites or cloud accounts.

This is often an issue “on the road.” Many businesses will send employees on company trips, during which they may want to use public Wi-Fi (at an airport, hotel, or restaurant, for example). In general, this should be avoided whenever possible, or, if it is absolutely necessary, only general, non-sensitive business should be conducted when connected to public Wi-Fi.

Is Cybercrime on the Rise in Australia?

Yes. Top businesses and the Australian government strive to attain optimal cyber defence capabilities. However, even as awareness of cybercrime grows, there are still mounting incidents of cybercriminals getting away with their crimes. This is partly because hackers can commit their misdeeds internationally — and most do. This makes them much harder to track as they often route their hacks through a variety of countries.

The best way to combat this type of criminal activity is to follow the directives listed above. Only thorough and attentive security monitoring and diligent training of employees can stop the threat of cybercrime to your company.