8 Foolish IT Security Mistakes Never Get Caught Doing

IT Security Mistakes

Everyone makes foolish mistakes. You’ve done, I’ve done it, and it’s all part of being human. But if that mistake affected your IT security, consider the ramifications it could have on your organization for being careless. For instance, a computer hacked or leak of sensitive data because a password was easy to crack. Luckily, these security problems don’t have to become a common occurrence and can get fixed easily.

IT Security Mistakes

What Are The Eight Foolish IT Security Mistakes to Avoid?

In no particular order, we’ve created a list of the most common IT security mistakes technicians see regularly. Also included are their recommendations to fix and avoid making the same mistakes again.

Mistake #1 – Using a weak password or not having one at all

Even with all the security warnings repeated continuously, people will always choose the same or a straightforward password to remember. It could be a birth date, the word “password,” a family pet’s name or the number sequence: 1-2-3-4-5-6. Then there are other individuals, that decide they don’t want a password, or they’ll get to it later, but later never comes.

  • Recommendation: Consider using a password generator. When using a password generator, it can create a strong password in seconds. Currently, on the market, there is Dashlane, Keeper Password Manager, Password Boss, LastPass, and Sticky Password.

Mistake #2 – Writing passwords on sticky notes or slips of paper

This mistake follows the previous one and makes it extremely easy for anyone to access your account or device, especially if they got their hands on your password. It is common to find a piece of paper and jot down our passwords. Or worse write it down on a sticky note and attach it to the back of your computer monitor. In all reality, why do that? It’s like you don’t have a password at all because everyone knows where you stuck it.

  • Recommendation: Stop writing down your passwords on paper. Consider using a password saver. Currently, on the market, there is Dashlane, Keeper Password Manager, Password Boss, LastPass, and Sticky Password.

Mistake #3 – Refusing to install antivirus protection or disabling it for faster computer speed

There continues to be this belief that antivirus software is not needed, especially for those individuals and companies that own and use Apple/Mac devices, but this is simply not true. Yes, it can be frustrating when your computer slows down while software is running.

  • Recommendation: Consider using an anti-virus program that won’t’ slow down your computer. Currently, on the market, there is Avast, AVG, Kaspersky, Bitdefender, and Check Point Zone Alarm.

Mistake #4 – Taking unnecessary risks with email and blindly trusting the sender

This mistake includes opening email attachments from unknown sources or people you don’t know. Or worse responding to these individuals and sharing highly sensitive information (such as credit card numbers or passwords). When you open an email with an attachment, and you don’t know who the sender is, leaves you wide open to a malware virus or your computer hacked. Please be mindful; when sharing personal information, always remember, doing so could place you, your business, and your client’s information vulnerable to identity theft.

  • Recommendation: From this point forward, no longer send sensitive information or data through an email. Consider using a tool like Google Drive. You can then send the data as a link which requires the recipient to log in first before they can access the file.

Mistake #5 – Walking away from your computer and not locking the screen

Eavesdropping continues to be an overlooked security issue and risk. When you get up from your computer and walk away, who has taken notice, that could potentially gain access to your account? What might happen if you forgot to close the bookmarked tabs in your browser, to step away, and on those tabs were your online banking account or your company’s bookkeeping system? With an open unlocked screen, you’ve given anyone full access.

  • Recommendation: Always lock your computer before leaving it. On most keyboards, you will see the Microsoft Windows key. Press and hold it down while you press the letter “L” key, and your screen instantly locks. You can also preset your computer to automatically close after a specific amount of time passes (one minute, five minutes or 10 minutes).

Mistake #6 – Not installing the application and operating system patches or updates on time

Operating system updates and patches are crucial and vital in protecting your computer from evolving threats. Mainly, these updates and patches keep your computer healthy. Next time, before you hit the “not now” or “ask me later” button, reconsider.

  • Recommendation: When prompted, always install the updates and patches when notified. Better yet, at least once a week, deliberately check for updates and patches. If you’re unsure where to begin, contact us or send us an email and we will help you.

Mistake #7 – Putting off having a reliable, stable, and well-tested cloud storage backup

It’s going to happen. Servers will fail, and computers will crash. It’s not if, but when. Not considering what a lifesaving tool, cloud computing offers, is like signing a death warrant on your files. Besides getting hacked, there are other reasons servers go down, i.e., age, fire, flooding, natural disasters are just four everyday occurrences.

  • Recommendation: Seek out an IT company that hosts cloud storage services or is a vendor partner with a large cloud computing company. Do take the time to read and understand the SLA they present to you before you sign their contract.

Mistake #8 – Allowing personnel that is untrained, or not certified to secure your IT systems

Unfortunately, employees will be the most significant security threat a business faces. Most of the time is it not intentional, but human error and lack of training that usually causes the problems. It may seem convenient, but not everyone is an IT expert or specialist. IT security has many moving parts, and if one piece isn’t correctly set up, your system remains vulnerable.

  • Recommendation: Allow your employees to do what you hired them to do. But when it comes to your IT system, consider hiring an outside IT services provider.

Did you find this article informative? If you liked this one, check out our other content we think you’ll find interesting.

PSA Alert! Sleeping While Phone Charges

Sleeping with smartphone

Read the following alert before charging your phone tonight and from this day forward. According to the Newton, New Hampshire, fire department’s PSA message posted on social media; it seems as though charging a phone in bed poses a serious health risk and lethal safety concerns for you and your loved ones. Now it is imperative you think twice before charging your tablet or smartphone in bed ever again.

Sleeping with smartphone

What the Newton fire department shared is quite literally a wake-up call

The Newton Fire Department, in Newton, New Hampshire shared this photo. You will notice burned sheets and pillows next to a device charger’s cord. If the picture seems scary, you now have your proof. Without warning, if a child or teenager is sleeping next to their phone while it’s charging, this could happen to them, putting them in grave danger.

 

According to the fire department, a home fire is reported in the U.S. every 86 seconds. They also uncovered some recent research which indicates over 50 percent of children and teenagers charge their tablet or phone under their pillows. When you consider that everyday habit, you must ask yourself, “where does the heat go if the phone is covered up?”

We all know if the heat from that charger can’t evaporate you’re going to have a cord, charger, and device that’s hotter and to difficult to touch. If the charger and phone are under the pillow, then that pillow, mattress, and the entire bed could catch fire, and the whole house could go up in flames, putting all the family members in danger.

Should we be concerned, isn’t this an isolated situation?

Unfortunately, it isn’t. It continues happening.

It wasn’t that long ago a 10-year-old boy, in Northern Ireland woke up in shock. He was charging his new phone in his bedroom overnight. What awakened him was the smell of smoke, as his iPhone sat burning on his bed. The phone got overheated and severely singed. Fortunately, there was no fire outbreak.

Then there’s the incident where a family of a 15-year-old girl from Wales had to flee their home. They were not as lucky. The girl’s iPhone overheated while resting on the bedding. Next thing they know the bed quickly caught fire and engulfed the home. Fortunately, no one was hurt. But it took six months before the family could return to their home, due to the extensive fire damage.

But we can’t just look at children and teenagers who leave their tablets or phones charging overnight. Take the Alabama man, in his 30s that nearly lost his life getting electrocuted, after he fell asleep with his cell phone charging right next to him in bed.

As he slept, the charger disconnected from the phone. But in the morning he rolled over, and his military dog-tags around his neck got caught on the exposed prongs of the plugged-in phone charger. What happened next, nearly took his life. The dog-tags acted as a conductor so, the electricity traveled straight to his neck. Strips of flesh and skin were missing from his neck and his shirt got singed, where the metal dog-tag necklace had burned his throat.

What should you know moving forward?

It was pointed out in a 2017 Hartford Home Fire Index; there is a “high risk” when charging your phone on your bed overnight. They compared it to leaving a candle burning unattended or when your stove doesn’t get turned off after cooking.

There was more extensive research published by the American Medical Association (AMA), in their JAMA Pediatrics monthly peer-reviewed medical journal that shows roughly 89 percent of teens and 72 percent of children use, on average at least one device, tablet or phone, in their “sleep environment.” And quite often it’s used just before bedtime.

“The distinctly possible result is that the pillow or bed or both will catch fire,” the Newton fire department added. “This places the child or teen, as well as everyone else in the home in grave danger.”

What should you start doing today?

To quote Stuart Millington, senior Fire Safety Manager, of the New Wales Police department, “Turn chargers off. Unplug them before you go to bed,” His warning came after a similar incident where a phone caught fire while charging under a pillow of a North Wales family home. “Never leave items unattended or charging for long periods of time.”

If you are a parent or grandparent, warn your kids and grandchildren. Bring it to their attention to the dangers of sleeping next to a charging tablet or phone. Also, look to see where device charges are plugged in, and if not suitable recommend a designated charging zone in your home for all devices.

Did you find this article informative? If you liked this one, check out our other content we think you’ll find interesting.

What IT-Aspects Are Important When Relocating Your Law Office?

Law Firm Office Move

Perhaps the space is not large enough for your expanding partnership. Maybe, it’s antiquated and no longer feels appropriate. Whatever reason an office chooses to move to a new building, relocating is a large undertaking. Unfortunately, in many offices, the IT-related aspects of the move are overlooked until the last minute. This can be disastrous.

Law Firm Office Move

Improper planning can result in lost data or broken equipment. It could cause interruptions in service. This might mean lost clients, which of course would equal lost money.

Fortunately, it is not difficult to do this right. It does, however, take adequate notice. This is often longer than one would anticipate. Usually, it requires at least 60 days. It also helps to have a good plan and consistently follow through. Here are a few other things to consider before relocating.

How Should an Office Plan for the Move?

The first step would be to determine who will act as the internal manager of the relocation. This should include someone on the staff who is familiar with the office. In a small business, he or she might coordinate the entire project alone.

For larger establishments, however, it would be wise to hire a professional Managed Services Provider. They are more experienced with delicate relocations and can help lead the internal manager in the process.

Generally, the first step is to inform all Internet and telecom providers of the coming move. It is often in the service agreement that they receive a certain amount of notice. This also ensures there will be no interruption in service.

When Is an IT Evaluation of the New Space Conducted?

Ideally, IT needs would be considered when initially choosing the location. This is not always realistic. In an office, there are many aspects to consider when selecting a new office space. A few of these include demographics of the area, accessibility, image, and the history of the site, etc. IT needs are often an important afterthought.

Typically, an evaluation of the new space will be conducted during the planning phase of the actual move. It would be done with or by the project manager or Managed Services Provider. If the office has one, the head of the IT department should be involved as well.

There are several things that should be evaluated to ensure the move goes as smoothly as possible. These include, but are not limited to, the following:

  • Cabling for computers, telephones, and security cameras
  • Power outlets of adequate number and in optimal locations
  • Wireless networking capability

Each room should be checked. Any of the above that are subpar will need to be addressed. This would ideally occur before the move itself.

How Should an Inventory Be Done?

The IT needs of most offices are evolving. Before moving it all, it would be advisable to take an inventory and evaluate the existing equipment. Begin by determining what is no longer needed. It is better to responsibly recycle it than move it to the new location.

Next check the condition of each remaining piece of equipment. Make a list of anything that is worn or outdated. Decide how to dispose of them rather than pack them. Order replacements so there is no interruption once the move has been made.

As the business world continues to embrace IT, this is the perfect time to assess current trends. It is also a good idea to look to the future and ensure any new equipment purchased is flexible enough to adapt.

Make a hardcopy list of every piece of equipment being moved to the new office space.

Have Disaster Recovery and Business Continuity Plans Been Developed?

Failure to have a Disaster Recovery Plan and a Business Continuity Plan in place before a move could, in fact, be devastating to your business. Further, it is an essential step to make several backups of everything important. This includes files, as well as data systems, security systems, and servers. Keep these separate and in a safe place during the move. If you’re already working with a managed IT services provider, they will take care of this for you. They can also handle much of the move as far as your IT infrastructure goes.

Lists should be made of the important information required for the successful implementation of the Business Continuity Plan. A few items to include are:

  • Business priorities
  • Inventory of all equipment
  • Emergency contact information for IT vendors
  • Plan for switching phone lines and internet connections

This improves the likelihood that the office will be able to resume business with as little delay as possible. If you have a good relationship with a managed IT service provider, they may be able to move your networking and computing equipment and get everything back up and running a day or so.

In Conclusion

When it comes to the day of the move, everything should have already been planned. This ensures the smoothest transition. For offices that do not have an onsite IT team, hiring a professional IT-relocation company would be a good idea. The internal manager or Managed Services Provider would be responsible for making important decisions. With proper planning, the actual move to the new location should be much easier.

 

US Weapon’s Systems: Weak to Cyberattacks?

GAO Cyber Security Report

A recent report has revealed that there are many US weapons systems that are susceptible to hackers. This news is disturbing on many levels, including the attitude exhibited by Department of Defense officials. What does the report reveal, and how serious is the threat?

GAO Cyber Security Report

GAO Report

The US Government Accountability Office (GAO) just released a report that reveals that almost all weapons that were tested by the Department of Defense (DoD) between 2012 and 2017 have serious vulnerabilities that make them very open to cyber attack. These vulnerabilities have been labeled mission critical, which makes this news all the more serious. The report had been requested by the Senate Armed Services Committee in connection with expected DoD spending in excess of $1 trillion in order to develop weapons systems.

Examples of Weaknesses Detected

The vulnerabilities were discovered by penetration tests performed by employees of the DoD. In one example, a penetration tester was able to partially shut down a weapons systems by merely scanning it. In another test, it only took nine seconds for DoD testers to guess the admin level password on a weapons system. Failure to make changes to default passwords connected with open source third-party software installed on systems resulted in several instances of vulnerability.

Those performing these tests were not making any efforts to hide their presence, but the systems they tested had a difficult time detecting their presence. These systems should have been able to detect the presence of intruders and alert those in charge. A few of the automated systems did detect the presence of the penetration testers and alerted those monitoring the systems. However, in an even more disturbing turn, the individuals monitoring the systems didn’t seem to understand what the intrusion alert meant and thus did not take any action.

Failure to Take Basic Cybersecurity Precautions

What makes this report distressing is that many of these potential open doors exist in part because of a failure to follow basic cybersecurity rules. Guidelines such as the use of encryption, robust passwords, and basic employee training are foundational to a security system. Because such guidelines have been neglected, hackers equipped with even simple techniques and tools would be able to not only take control of key systems associated with these weapons but do so almost undetected. What could a skilled hacker with the latest tools accomplish inside such a poorly secured system?

Is There a Valid Reason for the Lack of Concern?

The subtitle of this GAO report was “DoD Just Beginning to Grapple with Scale of Vulnerabilities.” Surprisingly, those in charge of such systems do not seem very concerned about these susceptibilities, perhaps because they feel the GAO is exaggerating the seriousness of the problems discovered. For example, the report does remind readers that some of the findings may no longer be a problem once a system is deployed in the field.

In addition, these officials have indicated that in the past they believe the systems were well-secured. The authors of the report, however, strongly imply that there’s a disconnect between what these officials may believe and what the reality is.

Another possible cause of the DoD’s lack of concern is the belief that the types of tests that were run would be practically impossible for any system to pass. The GAO, however, insists that the tests were not extreme and represented realistic threats to these critical systems.

The DoD may also be resting on its laurels: it received praise last year for a bug-bounty program that led to many different bugs being patched. On the other hand, the GAO report points out that only one of 20 vulnerabilities discovered in previous risk assessments had been fixed by the time the report was written.

Implications of the Report

One of the implications of the report is that a number of US weapons systems could be susceptible to a disabling cyber attack. Considering that so many adversaries of the United States have established reputations for extremely talented hackers, this is all the more disconcerting. And hackers are not subject to the same constraints as DoD penetration testers. Malicious actors may well have access to funding, state-of-the-art equipment, and would intentionally keep their activities hidden.

Another implication of the GAO report is that their testing merely revealed the proverbial “tip of the iceberg” when it comes to vulnerabilities that exist in US weapons systems. The penetration tests performed were far from exhaustive. For example, categories that were not tested included potential weaknesses related to counterfeit parts or industrial control systems.

Conclusion

The incidence of cyber attacks are on the rise, and the techniques and tools available to malicious actors are continuously evolving. It makes sense that the security of a nation’s existing weapons systems should be a very high priority. The revelations of the GAO’s report are disturbing, yet there is hope that the DoD will respond to the vulnerabilities discovered.

Is Your Organization Ready to Comply with PIPEDA?

PIPEDA Canada

On November 1, updates to the Personal Information Protection and Electronic Documents Act (PIPEDA) will be in effect. Included in these updates are rules involving mandatory notification of Office of the Privacy Commissioner of Canada (and affected individuals) if certain types of security breaches of personal information occur. Considering the repercussions, including fines and legal fees that may be involved with a failure to report, Canadian companies would be wise to address issues related to data security as soon as possible.

PIPEDA Canada

Personal Information Protection and Electronic Documents Act

The Canadian government is cracking down on negligent practices with an individual’s personal information. And any breaches of personal data that involve a risk of financial loss, humiliation, identity theft, harm to relationships, or loss of reputation must be reported. Notifications must be made not only to the Office of Privacy Commissioner of Canada but to the individuals affected by the breach. These rules are going to be enforced, and Canadian organizations need to be well acquainted with the guidelines involved.

Breaches Are on the Rise – But So Is

Considering that data breaches, hacking, and other types of cyber crimes are on the rise, organizations should be paying closer attention than ever to their privacy practices. When large corporations like LinkedIn, Facebook, and Equifax suffer from breaches, one would think that companies would be even more diligent about their cybersecurity. However, it seems that the effect has been the opposite.

Recent surveys by the Privacy Commissioner’s Office indicate that far too many businesses are simply not concerned enough with preventing and responding to breaches. Companies seem to have grown more complacent, content with poor password policies, with employees falling victim to social engineering, and having their servers compromised by malware. Phishing emails, drive-by downloads, ransomware, and data theft are all serious problems, but organizations don’t seem to be extremely concerned.

Every organization that uses personal information is at serious risk, though. There are already billions of passwords that have been stolen across the world. Many of them are up for sale along with other private information, on the Dark Web. Cybercrime is reaching epidemic levels, and it makes sense for companies to be much more vigilant.

And the targets are not just large, well-known companies. More and more small to medium businesses are becoming victims of attacks, including ransomware, data theft, and even industrial espionage. In short, no organization is safe from security breaches – and the federal regulations regarding these breaches are the same for both small and large businesses.

Breach Response Plans

These plans are something that exists before the breach ever happens, not after one has occurred. Breach response plans must be developed to comply with federal privacy practices, including mandatory notifications for personal data that has been compromised. In addition, these plans must be updated as regulations are updated. It not only takes time to develop a robust breach response plan, but it also requires experience.

Breach Detection

Breaches must be detected quickly to minimize damage. However, detection of such breaches requires systems and tools to intelligently sort through logs and events. It takes special security skills to be able to effectively investigate an alert and perform damage control. Tracking down how a breach happens involves forensic skills.

Timeliness

Detection and response are far more than a report or a system check that is run once a week – it is a continuous process that runs 24/7. Breaches must be detected as soon as possible and the response plan must be enacted immediately after a breach has been confirmed. This is even reflected in the wording about private data breach reporting, which states that the Office of Privacy Commissioner must be notified “as soon as feasible.”

However, the average IT department (and even the typical IT service provider) will not have the kinds of resources and tools to adequately address all the threats that can develop.

Don’t Be Overwhelmed

When major companies, that have powerful security systems and analysts at their disposal, still fall victim to hackers, it can make privacy practices seem overwhelming to small companies. However, things can get worse: The Office of the Privacy Commissioner is also seeking new powers, including the right to enter an organization and confirm that federal privacy practices are in use even if a violation is not suspected. If that happens, will your organization be prepared?

Conclusion

Fortunately, there are solutions in the form of third-party experts who combine key skills such as digital forensics, breach mitigation, and response plan development. They also have access to the tools needed to help your company ensure that it is PIPEDA compliant while reducing the risk of a devastating data breach. Don’t allow your company or organization to become complacent – reach out for the help needed to become PIPEDA compliant.

Happy Spreadsheet Day!!!

Spreadsheet Day

What Are You Doing for Spreadsheet Day?

Spreadsheet Day

Spreadsheets: some people love them, some people hate them, and some people are a little afraid of them. No matter which category you may currently fall into, you probably know that spreadsheets are vital to the inner workings of organizations ranging in size from massive Fortune 500 companies to small, locally owned businesses. At this very moment, millions of spreadsheets are probably open all across the world – and it seems fitting that there is a day to celebrate the birth of the modern digital spreadsheet.

VisiCalc, the First Spreadsheet Program

October was chosen for the month in which Spreadsheet Day would occur for a very simple reason that not many people are aware of: it was October 17 of 1979 when the first spreadsheet program was released. It was called VisiCalc, for those of you who may not have been alive then, and it ran on the Apple II computer. With the release of this software, the often overwhelming task of organizing massive amounts of numerical data not only became streamlined but, for some of us, actually became enjoyable.

VisiCalc (whose name means Visible Calculator) was the brainchild of Dan Bricklin of Software Arts. It functioned much like a paper spreadsheet, hence its classification as a spreadsheet program. But unlike a paper spreadsheet, you didn’t need a pencil or an eraser. And the calculations could be performed automatically and with incredible accuracy.

By running on the Apple II computer, the power of spreadsheets became accessible not just to corporations and large organizations but too small businesses and homeowners, too. There are other things that set VisiCalc apart from previous attempts to develop electronic spreadsheets, such as the instant recalculation of values when the value in a dependent cell was changed, or it’s interactive WYSIWYG interface that still resembles what we use today. In short, VisiCalc was the starting point for the modern spreadsheet that we know today.

The Ubiquity of the Spreadsheet

You might be surprised at the multitude of applications there are for spreadsheets. We know spreadsheets are used for tasks such as accounting, sales, business intelligence, and finance. Professors, instructors, and teachers use spreadsheets to track class performance and assign grades. Engineers and scientist alike use them to perform simulations, create complex models, and analyze massive sets of data. Homeowners use them to track expenses and set up budgets. Small business owners use them to keep track of inventory and sales. Large companies use hundreds of different spreadsheets for just about everything imaginable — from simple tasks that require a small portion of a worksheet to massive workbooks with thousands of calculations and complex visualizations.

When it comes to data, spreadsheets can model, manipulate, sort, organize, visualize, and process large sets of both numerical and non-numerical data. Spreadsheets can be used to perform what-if analysis, make predictions based on existing data, inform decisions, and perform extremely complex calculations. They can be used for optimization, curve fitting, and solving simultaneous equations. And one of the benefits of spreadsheets, to quote an old professor of the author’s, is that if you can do it once, and do it right, you may never have to do it again.

Modern Spreadsheet Packages

We aren’t limited to VisiCalc in modern times, however. We’ve got a wide variety of options when it comes to spreadsheet packages, including:

  • Microsoft Office Excel (which is available both as desktop software and online)
  • Google Sheets
  • Corel Quattro Pro
  • LibreOffice Calc
  • OpenOffice.org Calc
  • iWork Numbers

There other less well-known options available, too, but Excel is what most people think of when someone says “spreadsheet.”

Modern packages offer numerous types of formulas and functions, including those for finance, accounting, mathematics, statistics, probability, and string manipulation, just to name a few. And the visualization capabilities of spreadsheets are constantly evolving to enable users to give even more context and meaning to data. How spreadsheets process massive sets of calculations is also growing, with some packages supporting multi-threaded processing. The types of data that can be processed within a spreadsheet are rapidly expanding beyond floating point numbers and characters, and some packages such as Excel are including aspects of artificial intelligence among new capabilities.

How Can You Celebrate Spreadsheet Day?

There are quite a few ways to celebrate Spreadsheet Day. One of the best ways is to expand your knowledge of spreadsheets. It’s always a good idea to increase your skill set when it comes to computer applications, but especially so when it comes to spreadsheets. Spreadsheets can make your work much easier if you learn how to make the best use of them. Take our word for it – spreadsheets can do so much more than you realize.

That’s why we think the very best way to celebrate the birthday of the modern spreadsheet is to register for free online Excel training at SpreadsheetsTraining.com. Sharpen your existing skills, learn something new, and find out new ways to put spreadsheets to work for you!

Infections That Can Survive The Most Extreme Cleaning 

Ransomware

Technology has unlocked a world of potential for businesses everywhere. But with these advances comes a new set of problems, like malware. While it’s common knowledge that computers are susceptible to viruses, today’s breed of hackers are more creative than ever. They’re utilizing new, innovative techniques to infiltrate systems of businesses big and small.

Ransomware

Not all malware is created equal. Just like infectious disease, there are different strains of malware, many with the potential to wreak havoc on your business network. In today’s business landscape, tech departments are faced with the task of not only stopping these attacks before they happen, but with quickly repairing networks in the event that an attack has hit.

The Problem With LoJax

One recent attack has IT departments up in arms. A Russian hacking group created the Rootkit, named “LoJax”. According to ESET, a leader in IT security, the campaign delivering LoJax targeted certain organizations in the Balkans and other countries throughout Central and Eastern Europe.

The problem with LoJax is that it isn’t just any ordinary malware. It’s used to gain persistent access to a computer, and with its reputation for being hard to detect, it’s causing quite the problem for users. Much to the horror of IT professionals, this hacking technique is so complex that it can withstand a variety of common fixes. Some of these include a reformat, a complete OS reinstall and a hard-disk swap.

This unique type of malware lives in a system’s flash RAM, meaning the only way to clear it is to over-write the infected machine’s flash storage. This presents its own set of challenges, and isn’t even a guaranteed fix unless you’re armed with the right code.

What Is Spectre?

Spectre is the name of an underlying vulnerability affecting the vast majority of computer chips manufactured within the last two decades. If this vulnerability is exploited within a system, it could enable attackers to gain access to data that was previously deemed protected. Lojax directly leverages this vulnerability, making it all the more difficult to detect before it hits.

If attackers are successful, they can they utilize LoJax to access systems remotely, and on a constant basis. This allows them to inject it with additional malware. This type of malware can also be utilized to track a particular system’s location, and potentially the owner’s location.

What’s At Risk?

UEFIs are particularly at risk. UEFI, Unified Extensible Firmware Interface, is a specification for the interface between a computer’s operating system and its firmware. It runs pre-boot apps and is responsible for booting the OS. By re-writing the rootkit, the malware is able to stay hidden within the computer’s flash memory, making it difficult to repair.

How To Protect Your Network

Businesses can implement a series of additional security measures to minimize the risk of a cyber attack on their network, especially one as severe and unpredictable as LoJax.

One of the single biggest mistakes businesses are making is running their operations on old, outdated equipment. Not only can this hinder productivity, but it can also leave businesses more susceptible to a cyber attack. Investing in new equipment that runs the latest and most improved hardware means security measures are often built in.

Keeping equipment up-to-date can become costly, but it can also minimize the chances of an even costlier network revamp in the event that a catastrophic cyber attack takes place and compromises everything a company has worked so hard to build.

Exercise Caution With Emails

Malware can gain access to your system through one of several ways. One of the most common methods is e-mail. It’s wise to take a cautionary approach to e-mail when utilizing your work network. Be wary of e-mails from strange e-mail addresses and also be cautious of what websites you are visiting, taking care to only visit safe, reliable sites.

Implement A Secure Boot

While malware like LoJax are especially hard to combat, IT departments can take comfort in the fact that not all hope is lost. One method of prevention is Secure Boot. This mechanism ensures that only securely signed firmware are able to boot up and run on a particular system. With signature verification required, Secure Boot makes it possible to prevent uniquely complex malware like LoJax from successfully infecting a system. Businesses are encouraged to review the Secure Boot configuration throughout the entirety of their hardware.

Malware Cleaning

Once you suspect a computer within your network is infected, it’s important to take action immediately. Be sure to back up your files before you attempt any type of intensive cleaning. Also, don’t attempt to repair complex computer issues alone. Your IT department can help you create a comprehensive game plan to address the problem and prevent similar incidents in the future.

Your system can come under attack when you least expect. Given that phishing is still a go-to strategy for hackers to penetrate systems, security awareness is more important than ever. Create a solid line of defense, and an effective response strategy, to ensure an attack doesn’t compromise your business. Security awareness training can serve an important role in helping your organization stay protected from hackers.

Should Manufacturing Firms Invest In Microsoft Technologies?

Manufacturing Technology

From the invention of the assembly line to cloud computing for the Discrete, Repetitive, and Process Manufacturing industries, updating to the latest technology is never in question. What does get closer scrutiny, is deciding to invest in Microsoft technologies. That’s what Rolls Royce did, and now they use Microsoft technology platforms, to fundamentally transform, how it uses data to serve their customers better.

Manufacturing Technology

5 Microsoft Technologies Offered to Discrete, Repetitive, and Process Manufacturers

Every CEO or business owner knows reducing overhead, and expenses on server maintenance, technology management, and upgrading code benefits the company both short-term and long. It’s the same viewpoint manufacturers have always had for their operations.

The five areas of interest to Manufacturers is Microsoft’s Azure technologies in these areas:

  1. IoT
  2. Machine Learning
  3. Large-Scale Computing
  4. Hybrid Clouds
  5. Blockchain

Internet of Things (IoT)

The Internet of things (IoT) is the network of physical devices, vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators, and connectivity which enables these things to connect, collect and exchange data.

When managing hundreds of thousands of devices, around the globe, while large quantities of data get streamed, and then; processing and storing that same data in real-time, is a job only the cloud was explicitly designed to pull off. That’s why Azure got designed. It will deliver both Platforms-as-a-Service (PaaS) and Software-as-a-Service (SaaS), making it easy for all types of Manufacturers to choose Microsoft Azure.

From the Platform as a Service level, you will find five Azure platform services:

  • Azure IoT Hub – you can directly and securely connect and consume data from IoT assets
  • Azure IoT Hub Device Provisioning Service – you can provision millions of devices in a secure and scalable manner
  • IoT Edge – you can run advanced analytics, machine learning, and artificial intelligence at the device level
  • Azure Stream Analytics – integrates with Azure IoT Hub to enable real-time analytics on data from IoT devices and applications.
  • Azure IoT Suite – provides a set of preconfigured IoT solutions for workloads such as Remote Monitoring, Predictive Maintenance, and Connected Factory.

From the Software-as-a-Service level, you have Microsoft’s IoT Central. It is a fully managed IoT SaaS solution. IoT Central makes it easy to connect, manage and monitor the Internet of Things assets at scale, allowing it to create deep insights from the IoT data to take necessary and informed action.

Machine Learning and Artificial Intelligence (AI)

Microsoft continually improves old tools. They also build new ones to simplify the process of integrating these technologies with your business. These are significant areas of investment for both Microsoft and Manufacturers, limited only by your imagination.

  • Azure Machine Learning Services – are integrated, end-to-end, advanced analytics and data science solution that permits data scientists to develop experiments, prepare data, and deploy models at cloud scale.
  • Azure Machine Learning Studio – is a drag-and-drop collaborative tool you use to build, test, and deploy predictive analytics solutions on your data
  • Azure Bot Service – is an integrated environment that is purpose-built for bot development, permitting you to build, connect, deploy, manage and test intelligent bots.
  • Cognitive Services – are intelligent algorithms to see, hear, speak, understand, and interpret user needs through natural methods of communication.

Large-scale Computing

Large-scale computing is a building block when working with large datasets, especially for computationally-intensive engineering workloads. Manufacturers use rendering, and simulation technologies such as Azure Batch, to run massive parallel and HPC batch jobs.

Also used is Microsoft HPC Pack, Linux RDMA cluster to run Message Passing Interface (MPI) applications, and high-performance VMs lets you dynamically extend to Azure, when you need additional capacity, and deploy an on-premises Windows compute cluster.

Hybrid Clouds

Hybrid Clouds have become popular choices for manufacturers, just not ready to make a full commitment to the cloud. Lack of engagement might be something as simple as, keeping some company data and systems in-house.

That’s when Microsoft got the idea to create, Microsoft Azure Stack, for common scenarios like this. The Azure Stack is a hybrid cloud platform. The platform lets you deliver Azure services from your organization’s data center.

In Manufacturing, there are two daily routines, that have made hybrid cloud deployments particularly attractive to manufacturers:

  1. Edge and Disconnected Environments – Often IoT implementations include devices that are intermittently connected, or not connected at all to the Internet.
  2. Security and Compliance Requirements – Highly secure devices often are unable to connect directly to the internet and must use a local service. That is more common in the manufacture of goods for the military and defense sectors.

Blockchain Technologies

Bitcoin, a form of Cryptocurrency, relies heavily on the blockchain technology. However, Blockchain-as-a-technology (BaaT) became a much broader application to use. Easy-to-deploy templates from Microsoft that run on Azure for the most popular ledgers, including their Azure Blockchain Service.

Blockchain gained more attention with Manufacturers, as they began using tools like these in the cloud. It has the potential to address several essential manufacturing scenarios including

  • Asset Management
  • Counterfeit Prevention
  • Digital Thread Traceability
  • Supply Chain Management
  • IoT Tracking and Identification

The deep integration of all these services is Azure’s fundamental value proposition. It might be from Microsoft or Open Source, with on-premises systems, rich operational analytics, strong SLAs, and compliance certifications, you can still trust they have the right answers for your manufacturing company.

If you are still wavering, about investing your manufacturing firm in Microsoft technologies, who better to look to, then a technology giant that’s been transforming businesses and manufacturers, around the globe, for nearly half a century.

Did you find this article informative? If you liked this one, check out our other content we think you’ll find interesting.

Did Microsoft Just Win the Internet?

Microsoft Surface 6

Good news for people wanting a new Microsoft Surface Pro 6 2-in-1. It is all grown up. No longer just for schools, video-games, and weekend play, the new Surface Pro is ready for prime-time. It has a sleek new look and a thicker, black non-slip coating on the exterior. This makes it much more professional-looking than previous versions. In fact, that is one of the main selling-points—its classy, elegant appearance.

Microsoft Surface 6

Tablets are generally seen as more convenient than a laptop or a clunky, antiquated desktop. However, they also have a screen size that’s easier to view. This makes them portable, but more useful than a smartphone screen would be. Plus, with the addition of a keypad along with the touchscreen, this is a multifunctional device.

Additionally, it is as useful as it is attractive. At a whopping 67-percent faster speed, the eighth-generation Intel quad-core i5 processor handles work and play with equal capability. One of the things customers requested was a more professional-looking workstation, with faster processing using multiple cores and Microsoft Pro 6 definitely provides that.

What Are Its Primary Features?

One of the primary selling points is the more professional appearance. The muted colors that the Pro 5 were available in, included blue, red, and silver. The black-colored cover that has only been provided in the Pro 6 is considered much more appropriate for the work environment than the brighter options previously offered.

A second feature that makes the upgrade beneficial is the advanced speed. Although the Surface Pro was already considered fast, the newest iteration is significantly more so. It can be purchased with either 8GB or 16GB of memory and comes with 128GB, 256GB, 512GB, or 1TB SSD.

What Makes It Better Than Previous Versions?

The superior speed of use and professional appearance are its main selling points. Truly, it depends on what one is buying the tablet for. If it is for a child’s homework or video game playing, then the Pro 5 might be a better choice. The Pro 6 has less desirable graphics for gaming, while the Pro 5 has the most superior graphics capabilities of the two, and includes a faster and more capable CPU. If one is buying the tablet for business purposes, the Pro 6 is likely the preferred option, as it has superior speed without all the glitz.

How Are the Surface Pro 5 and Surface Pro 6 Similar?

Both Pro 5 and Pro 6 are available with the following attributes, and some would argue that they are nearly identical. They have a 12.3-inch display, which is more than enough for most users and is the same size as many laptop computers. Both are available with 4GB, 8GB, or 16GB of RAM. They each have a battery-life of around 13 hours.

Some of their notable features include the following:

  • Headphone Jack
  • MicroSDXC Card Reader
  • Mini-DisplayPort
  • Surface Connect Port
  • USB-A 3.0 Port
  • Multi-touch PixelSense

One of the main things that previous versions have that this one does not is the truly impressive graphics. The Surface Pro 5 is sold with an Intel® HD Graphics 620.

What Are Other Options?

One of the primary aspects that other devices have is their port options. For example, many laptop options have Thunderbolt connectors, which allow them to handle larger files much more quickly than older machines. If you’re planning on using a two-in-one for heavy audio or video usage, you may want to consider your options thoroughly. Without Thunderbolt or USB-C, simple tasks like transfers or opening files can take quite a long time. Much of the time spent doing a project can be waiting for files to transfer, render, load, etc.

Neither the Surface Pro 5 or the 6 comes equipped with a USB-C or Thunderbolt 3 connector. This wasn’t considered a major issue with previous devices. However, since recent editions of modern 2-in-ones have them now, it is a bit surprising.

Some of the competitors in the field include the following:

  • Dell XPS 13 2-in-1
  • Eve V
  • HP EliteBook x360 G2
  • HP Envy x2 (Qualcomm)
  • HP Spectre x360
  • Lenovo Miix 720
  • Lenovo Yoga 920
  • Surface Book 2 (13 inch)

Although there are lots of options, Microsoft has been around since 1975. As a long-time contender, it has more than proven its abilities and staying power.

In Conclusion

When one doesn’t want to sit at a desk all day, perhaps a tablet is the best option. It allows for mobility, versatility, and flexibility. With a Microsoft Surface Pro 6 you can make the best of work and play. Although the graphics are not as great as they were with the Surface Pro 5, they are decent. Both are light enough to take into the office or on vacation. With a one-year warranty and a first-class support system, you cannot go wrong. Microsoft just keeps getting better and better.

October 16th Is Steve Jobs Day

Steve Jobs Day

Steve Jobs Day Sheds Light On Apple Founder’s Legacy

In today’s modern world, the name “Apple” has become synonymous with technology. It’s no wonder then that Steve Jobs, the company’s late co-founder, has become such an influential figure in American history. His contributions are well documented in motion pictures, books and an authorized biography.

Steve Jobs Day

October 16 is known as Steve Jobs Day, which was declared in 2011 by the Governor of California. The day brings forth the opportunity to reflect on the life of the famed innovator and how his contributions have helped advance the human race. From iPhones to iPads and every single app in between, one could argue that humanity would not be as technologically savvy without the work of Steve Jobs.

In August of this year, Apple achieved what no other company in history has done. It became the first publicly traded U.S. company to reach $1 trillion. Not only is this historic in terms of branding, but it brings to light the incredible ingenuity the company has displayed throughout the years. Along with his partner Steve Wozniak, Jobs’ innovations have helped solidify an incredible legacy likely to stand the test of time.

The Early Years

Jobs grew up in the San Francisco bay area in the 1960s. By the age of 10, he had developed a fascination with electronics, likely due largely in part to time spent with his father building crafts. This hobby paved the way for Jobs’ establishment of Apple in 1976, along with his co-founder Steve Wozniak.

Jobs sat at the helm of Apple’s operations until 1985, when he broke ties with the company and established NeXT computers. Apple later purchased NeXT and paved the way for Jobs’ return to the company in 1997.

Apple Computers

While Jobs can’t be credited for inventing the first computer, his founding of Apple paved the way for its widespread use. The computers that came before Apple was expensive and typically used only for business purposes. The introduction of the Apple II, the brainchild of Jobs and Steve Wozniak, changed this concept forever. Marketed as the world’s first mass-market personal computer, the Apple II meant users could now access the technology from the privacy of their own homes.

More than two decades later, in 1998, Apple released the iMac, an all-in-one computer. One of Apple’s lesser-known inventions is the iBook, which was introduced in 1999. The laptop came equipped with Wi-Fi technology and a few upgrades to its design. People today may remember it for its tangerine and blueberry color options and clamshell design.

The Apple iPad, introduced in 2010, has made the Internet even further accessible. This tablet computer was built more for entertainment than previous devices, making it a staple in many households, utilized by children and adults alike. The product was deemed so successful that Apple sold more than 15 million of these devices in its first year.

The iPhone

Of all Apple’s products, none is as influential in the tech world as the iPhone. Apple’s introduction of the iPhone marked a paradigm shift for the traditional mobile phone. Apple’s version, like the majority of its most revolutionary products, boasted a sleek, simple design that helped further uncomplicate technology for the masses.

Introduced in 2007, the phone has undergone a radical series of redesigns over the years, each year presenting more opportunities for productivity than the last. Prior to the invention of the iPhone, mobile phones’ primary purpose was to access chatting and emailing. Today’s version is utilized for web-surfing, Facetiming, social media and the utilization of an endless stream of apps available for download at users’ fingertips. Frequent updates and new designs ensure Apple users are getting the best product possible, which has helped the brand amass its own population of loyal followers.

The iPod

One of Apple’s most significant inventions to date remains the iPod. While mp3 players had been on the market for several years, Apple’s version was seen by many as far superior, and so it began to dominate the market. Able to store thousands of songs, the iPod grew in success with the help of other products, such as Apple iTunes, which was released in 2001. The new technology allowed users to organize their digital library on both their personal computer and through their devices. The iTunes Music Store went live in 2003.

Not all of Jobs’ best inventions were technological. The innovator is also credited with inventing the world’s first glass staircase. The design, which was awarded a patent in 2002, has been used across some of Apple’s flagship stores and has since been adopted, in some sense, by both commercial and residential properties the world over.

Steve Jobs Day is a day designated for honoring the Jobs legacy, but his impact is seen daily, in the hands of millions. While Apple, as a company, has certainly carried on without him, Jobs is one innovator unlikely to ever be forgotten.