Category: Uncategorized

Cyber breaches have become the norm across the United States and in many parts of the world. Regardless of the size of your company or your budget for security, your company could be at risk. This has caused rapid growth in the cybersecurity industry. According to Forbes, this market will reach 170 billion dollars by the year 2020.

Some of this growth is being fueled by the advancement of new technology in cloud-based applications, the Internet of Things, and the increase in the number of computers and mobile devices. However, much of it is being initiated by the constant onslaught of cyber-attacks at home and at work.

Biggest Data Breaches of 2017

During 2017, there were actually hundreds of data breaches in the US, though the public only heard about a fraction of those.

The Equifax hack topped the list with a devastating breach that affected 145 million customers. It stunned the public, proving once again, that no one is out of reach of hackers. With each passing breach, hackers refine their techniques so that more consumers are affected and even more extensive damage is done.

The financial data for over 3 million customers was compromised in the Hitachi Payment Services malware hack. This was reported in February 2017 and eventually led to a massive decline in credit card use. Hitachi suffered damage to their reputation and loss of profits and revenue.

Regardless of how many attacks there are, they continue to have the same effect on the public. Cyber breaches cause consumers to be leery of doing business with the company. People stopped buying products from Target stores right after that breach. The cost to Target was substantial. Breaches damage a company’s brand name and cost millions to resolve in many cases.

Worldwide Data Breaches

The largest leak in the world, known as the Big Asian Leak, exposed the personal information of 185 million customers. Though the names, addresses, passcodes and some financial information was stolen by hackers, most of the Asian companies who were hacked refused to admit they’d been breached and most refused to comment as well.  The stolen data was eventually offered for sale on the dark web by an online vendor known as “DoubleFlag.”

In the US, consumers expect companies to be fully transparent when a breach does occur. They expect certain steps to be taken to avoid future attacks. Sometimes this happens and sometimes it doesn’t. Company leaders tend to think that if they’ve already been hacked once, there’s very little likelihood that it will happen again. There’s no solid proof to indicate that this is true. Hackers search for easy targets; companies with weak, ineffective cybersecurity.

How data breaches for 2018 are shaping up

The last few years have shown a few definite trends. For instance, in 2015 and 2016, businesses were targeted 40.1 percent of the time with the healthcare industry a close second at 35.4 percent. In 2017, there were a total of 868 cyber breaches with businesses and health care agencies the main targets.

Major businesses across the country have stepped up their security on every level and yet 2018 has already proven to be a busy time for hackers.  A new trend involves cyber thieves looking beyond computers and phones for targets. They’ve discovered a whole world of unsecured devices, such as medical devices, educational and government organizations, and other vulnerable technology.

A new study shows that only 51 percent of all companies monitor and analyze their security information on a regular basis. About 45 percent subscribe to some type of intelligence service, while only 52 percent said they used high-tech intrusion detection systems. These numbers indicate a troubling trend. Only about half of all American companies are actually taking their cybersecurity seriously enough.

Ransomware attacks are on the rise as well. In some cases, the cyber thieves do not ask for much money. They demand smaller amounts like $1900 or $4,500. This strategy makes it far more likely that a business will pay the ransom. It’s just more prudent to pay those smaller amounts than to call in the authorities or security experts to resolve the issues.  Below are a few of the major cyber-attacks that have occurred for 2018.

Cyber Breaches and Ransomware Attacks January 2018

Several Indiana hospitals reported ransomware attacks. In one instance, the hospital paid $55,000 to thieves but reported that no data was stolen. The San Diego Office of Education reported a breach of employee retirement data. It was discovered that an unknown number of email addresses were leaked from MailChimp. National Stores, Inc. reported that some financial data from an unknown number of its credit card users was leaked.

WordPress continued having major issues with cyber thieves who were secretly placing crypto-mining code on the computers of its users. This code is designed to run in the background on a user’s computer without their knowledge for the purpose of mining cryptocurrency.  A major embarrassment to Kansas officials, it was reported that the Kansas Secretary of State website accidentally leaked the last four digits of hundreds of Kansas state government workers.

Cyber Breaches and Ransomware Attacks February 2018

The City of Allentown, PA was crippled by a malware attack that has to date cost at least one million dollars. Both financial and public safety systems were attacked. In a phishing attack, 50,000 Snapchat users had their log-in credentials stolen. A hospital in Tennessee revealed that 24,000 of its past patients may have been exposed to crypto-mining attacks.  Both Chase and Hometown Banks revealed that customer data may have been compromised due to skimming/shimming devices placed at ATM machines.  A dangerous T-Mobile bug was responsible for hackers being able to highjack the accounts of T-Mobile customers.

Cyber Breaches and Ransomware Attacks March 2018

In March, the city of Atlanta reported various government systems were down due to a ransomware attack. Several schools and hospitals reported malware and ransomware attacks that shut down their systems for indefinite periods of time. Some data was compromised in these attacks. Other hospitals reported that employee email accounts were hacked leaking confidential patient information. Even the National Lottery Association reported the loss of log-in info for over 10 million players. Emails were sent out instructing players to change their passwords. A point-of-sale breach occurred at some Applebee’s Restaurants exposing the credit card information of its patrons.

Cyber Breaches and Ransomware Attacks April 2018

April was a busy month for hackers. Over 72 million records were leaked in a long string of ransomware, malware and data breaches. The most notable included Sears Stores, Delta Airlines, K-Mart and Panera Bread. A service that connects handymen with customers called TaskRabbit had to shut down its website and suspend use of its app due to a massive data breach. SunTrust admitted that a former employee had stolen the customer data of 1.5 million customers. A data search service called LocalBlox reported that 48 million records were left accessible on the Internet. The data included personal info, as well as psychographic data used by marketing agencies.

Moving into the Future

Though the numbers are not out yet for May, experts believe that there will continue to be massive data leaks, ransomware attacks, malware attacks, and cyber breaches. Cyber thieves refine their strategies with each passing month. Consumers and business owners must stay on top of the activities of cyber thieves. Experts recommend hiring security experts to gauge how effective your cybersecurity is and recommend methods to improve it. The best defense continues to be a strong offense.

Wireless networking has become a very important aspect of human life. The global marketplace has forced businesses to find new ways of reaching their customers in countries around the world. However, wireless networking isn’t just for business owners. Various people in every way of life rely on wireless networking for different reasons.

Teenagers, young adults, parents, and even senior citizens count on wireless networks to perform a wide range of tasks each day. From paying the bills to visiting favorite social media sites, consumers depend on these services in an ever-increasing number of ways.

Today’s business people can’t survive without wireless networks to maintain an online presence. Dependable networking is extremely important for the success of any business in this complex online world. There are various providers who specialize in wireless networking. Both individuals and businesses now have numerous options available to them. In this sea of service providers, it may be difficult to find the service that best suits your needs. Each business has its own requirements and usually a tight budget to work with.

Professional services

Managed wireless networking services are most often offered by professionals. These are IT pros who specialize in wireless networking and a wide range of other services. Outsourcing your IT services can make your life much easier. But it’s important to find a provider who understands the specific needs of each customer; someone who will become a trusted partner. This is one of the major pain points of small business owners. They feel as if their IT needs will be lost in the busy workday of an IT specialist and they will not get the exact networking solution they need to thrive in the marketplace.

Eliminates the need to hire trained IT pros

Upon contracting for managed wireless services, the service provider brings his or her own team of professionals in to do all IT-related work. The costs for getting your professional services are factored into the contract price. Usually, this includes 24/7 support, which can be a big expense for some. This can eliminate a major headache for most business owners. You don’t have to hire and train employees to perform these services. Managed wireless networking services thus ensure that businesses employ a smaller number of personnel and therefore save on hiring costs.

Customized solutions

One of the major benefits from outsourcing your IT services is that you can get exactly what you need at a price that fits your budget. Managed service providers are specialists in their field. They are in a position to offer customized solutions to their clients. They most often have an IT consultant on staff who will work with you in determining your specific business IT requirements. For some, this is an easy process and for others, it is more complex due to HIPAA compliance and other government regulations. Most small business owners are not experienced enough to determine how to best handle these complex issues. But, an experienced IT professional knows. Depending on the service provider that you decide to partner with, you may have the option of choosing from different wireless options. The advantage of this is that you can choose specific services depending on their prices. You can select scalable options that will grow with your company.

Extra services

Managed networking service providers usually deliver many extra services, such as assessing, designing, deploying, and managing network services. This can take a real load off any business owner’s plate. It can be a burden to deal with older equipment that’s constantly breaking down. But if your contract includes unlimited service calls, you can rest easy. You won’t have to pay extra or employ people to handle things. As a result, you get inclusive services and at rather affordable costs. Your employees don’t have to spend time trying to fix networking equipment that breaks down. Simply call your IT service provider and you can get back to doing your regular job.

Legal liability

With the increase in the number of cyber crimes, managed networking providers become very important. First of all, these people are in a position to handle any type of data leak or security issue. Having the necessary knowledge of the latest advancements in cyber security is a valuable asset. Your managed service provider is responsible for keeping your systems well-protected.  Secondly, cyber thieves are constantly improving their methods of breaking in and stealing your data. Keeping up with these issues is a time-consuming and complex task. With managed wireless service providers, you do not have to worry about this. Your provider will stay on top of all the latest technology to ensure that your computers and network are protected.  This helps to reduce your liability as well.

Consistent monthly charges

Managed wireless networking agreements state an exact amount of money that the organization is to pay for their services. This means that your company can budget for these expenses. This eliminates enormous charges for broken equipment and outdated software. In most cases, the cost of handling all these problems and charges for networking and computer repairs will be far more than your regular monthly charge. This gives business owners peace of mind and prevents unexpected charges.

Final thoughts

In this era where wireless networks are an absolute necessity, it’s wise for any size business to opt for managed IT services. Find professionals in your area that have a good reputation; a company that stands behind its promises. Most IT service providers include regular maintenance to keep your computers running smoothly. They ensure that your network is protected against cyber intruders. Managed Wireless Networking Providers are a great choice for any organization looking to alleviate the burden of networking, computer repairs, and dependable IT services.

Not-for-profit organizations frequently contend with the lack of time and money necessary to afford large IT investments that are critical for achieving efficiency in their operations. Those organizations that can afford these technologies constantly have to deal with scarce resources and manpower needed to manage the technology.

There is another glaring problem within the nonprofit environment: the staff, Board members, and volunteers are often spread across several locations. Further, their extensive use of different devices and operating systems (OS) tends to result in difficulties accessing the organizations’ latest files.

Microsoft Office 365 – addressing the challenges nonprofits face

Office 365 is Microsoft’s global offering designed to provide eligible users with access to the company’s top-of-the-line cloud-based tools for collaboration and productivity. The service is complete with web conferencing and high definition (HD) video, calendars, business-class email, online Microsoft office suite, as well as file storage and sharing.

While Microsoft has a provision to offer these services to eligible, qualified nonprofits as a donation, the organizations can purchase important additional services for a small fee. In addition to the rich apps connected to Microsoft Cloud always being up-to-date, they are available for users on a 24/7 basis.

If all this isn’t reason enough for you to jump aboard the Office 365 bandwagon, then read along to find out further why your nonprofit should invest in Microsoft Office 365.

Voice and web conferencing allows for easy collaboration

Successful running of any nonprofit heavily depends on the quality of collaboration between its members. Among the suite of tools that come with Microsoft Office 365 is Skype for Business, an all-in-one tool for web conferencing, video calls, voice calls and instant messaging.

The HD video conferencing capability means that nonprofit teams can meet and collaborate with each other regardless of where they are located. Out-of-office personnel and volunteers can remotely share data and influence timely decision making.

Skype for Business has a note-taking feature that works in real time. This can allow you to keep track of notes and new ideas from every meeting.

Social networking is easier with Office 365

Every Microsoft Office 365 Nonprofit plan comes with the tech giant’s internal social network, Yammer – designed for organizations like your own. With your own Yammer site, it is easier than ever to bring teams together regardless of where they are located across the globe. Yammer allows the organization’s internal staff, volunteers and other stakeholders to connect, share, and collaborate seamlessly at all times.

Teams can edit and share documents on the go

Microsoft Office 365 also includes Microsoft’s cloud-based file-sharing tool SharePoint Online. With this advanced file sharing tool, teams can easily edit and share documents with one another, even on their mobile devices. Many users love the fact that they can actually edit documents simultaneously with colleagues on this cloud-based platform – effectively saving time and the possible confusion associated with back and forth emailing of documents.

There is just so much you can accomplish with your documents in the cloud. Your board reports will be available so you can share them remotely or access them, along with grant applications and other equally essential documents anywhere, at any time.

Microsoft’s online office suite, Office Online, also allows you to create and edit files using lightweight Microsoft Office web apps including Word, Excel, OneNote and PowerPoint. So, your team has the liberty to open, view, and edit various document forms right from their browsers, both on iOS and Android devices.

Both staff and volunteers can use Microsoft Office 365 to open, view, and edit practically any document on up to five of their devices. This empowers them with the flexibility to work anywhere, anytime.

Guarantee of security and compliance

Data security is one of the greatest concerns to any nonprofit organization. Nonprofits also have to comply with applicable privacy and compliance laws. The good news is, Microsoft’s Office 365 is engineered to the highest level in privacy and security standards.

The service has built-in malware protection to safeguard your data in the cloud. As such, your nonprofit organization can have peace of mind storing its data in the cloud and sharing even the most sensitive information without running the risk of noncompliance with data protection requirements.

Nonprofit organizations enjoy 24/7 support

Office 365 offers the luxury of 24/7 professional-level customer support so you won’t need any IT staff to stay on call. The level of support your nonprofit organization gets depends on your organization’s Office 365 Nonprofit plan.

Final thoughts

Technology related problems can create indecisiveness and slow down efforts in the nonprofit environment, eventually taking a toll on important mission activities and hurting productivity overall. With its full range of capabilities, as well as its cloud accessibility that ensures collaboration both online and offline, Microsoft Office 365 is a great tool for every nonprofit organization that wishes to achieve maximum efficiency.

Security researchers have discovered a new hacking group that is targeting healthcare organizations and other major international corporations related to this sector all around the world, and especially in United States, Europe, and parts of Asia. The intent of this group is to conduct corporate espionage. Researchers have named this hacker group “Orangeworm”. According to a recent report, this group has been active since early 2015, and its primary focus is the health sector.

How does Orangeworm work?

The healthcare industry has been targeted by Orangeworm to get access to patient’s records and to learn more about imaging devices. The hackers install a Trojan (dubbed by security researchers as “Kwampirs”) in computers used to control high-tech imaging devices like MRI and X-Ray machines. This allows the hackers to steal sensitive data and remotely access equipment by opening a backdoor in these compromised computers. It also infects machines that are used to assist patients in filling consent forms.

Kwampirs then takes some basic information from these compromised computers and sends it to the hackers to a remote command-and-control server. This server then determines if the hacked system is being operated by a high-value target or a researcher. If the server finds the victim to be of interest then the virus spreads itself across network shares and infects all the other computers in the same organization. The malware uses the system’s built-in commands to gather information about the victim’s compromised system and network instead of using enumeration tools and third-party reconnaissance.

Companies infected by Orangeworm

Almost 40% of companies infected by this malware belong to the healthcare sector while the rest of the organizations, although not belonging to the medical sector, are related to healthcare organizations. Other organizations infected with Orangeworm belong to companies in the agriculture, logistics, IT services, and manufacturing sector. According to researchers, hackers attempted a supply-chain attack to penetrate the software of healthcare organizations by infecting a service provider.

Profile of the hackers  

According to investigators Orangeworm does not fit the techniques, procedures, and tactics of a classic nation-state APT (advanced persistent actor) but it is still an APT. The most common observation is that Orangeworm is a single hacker or a group of lone hackers working to steal information about patients from healthcare organizations to sell on the black market. This patient information is considered to be more complete than customer data stored in financial or any other institution. Hackers gather as much information as they can about their victims such as network shares and user groups, configuration information, account policy information, list of directories and files, running system process and systems, accounts with admin access and the like.

If the virus detects something of value in the system, Kwampirs will copy itself, propagate across the network and infect other computers. Investigators are of the opinion that the hackers are working on some sort of espionage on the sector as they do not appear to be copying any data from the network.

The hackers are not concerned about being detected as they are using lateral movement methods that are thought to be noisy and antiquated. In spite of this, it took investigators three years to disclose and identify the group’s attacks. According to investigators, the reason why this malware went undetected for so long is that the healthcare organizations usually use computers that are old and have software that is rarely updated, doesn’t have an antivirus, and are therefore easy to hack.

According to experts, hackers employed a similar pattern in all the attacks that were carried out. They infected one computer with Kwampirs, and then proliferate to others. This ensured them remote access to every infected host. The hackers spread the virus to as many systems possible that is why the malware has also infected the computers that control the medical devices.

Security concerns

According to the findings of a detailed report on the group’s method of operation, hackers have made no efforts to update the virus since the first attacks which suggest that the attackers are either stupid or supremely confident about never getting caught.

These attackers are bold as their methods have proved very effective. Security researchers have been stressing for a long time the need to install security measures to safeguard the weakened ports. Medical devices have been targeted before also. Recently, WannaCry ransomware also targeted hospitals all around the globe.

Even though the motives of Orangeworm are unclear and investigators have been unable to find the group’s origins, they are of the opinion that the group is conducting espionage for personal gain and commercial purposes. They have been unable to find any significant evidence suggesting that a nation-state backs it.

Although, Orangeworm is not the first or the last malware to hit the healthcare organizations it is imperative that these organizations routinely search and monitor their computer systems to make sure that their devices are safe from such attacks.

The recent announcement of the vulnerabilities found in the Intel, ARM, and AMD processors has sparked a new phishing campaign – not the good kind of fishing with bait and largemouth bass. Although, these hackers are using a particular kind of bait.

While Meltdown and Spectre require access to your system, hackers have various ways to gain access. Already hackers are using phishing emails to trick users into giving them access. They send out an email claiming to contain a patch for Meltdown or Spectre. Instead, the email installs malware on your system. This malware gives the hacker access to your system, allowing them to exploit the bugs and take the unprotected data.

Be wary of social engineering scams like phishing emails. Hackers are all too eager to take advantage of problems like this, and unfortunately, some people are so eager to fix the problem that they might not realize that the “patch” they just clicked on is now allowing a hacker to steal all their data.

WHAT IS PHISHING?

Phishing is a hacking technique that “fishes” for victims by sending them deceptive emails. The “ph” replaces the “f” in homage to the first hackers, the “phone phreaks” from the 1960’s and 1970’s. Virtually anyone on the internet has seen a phishing attack. Phishing attacks are mass emails that request confidential information or credentials under pretenses, link to malicious websites or include malware as an attachment.

Many phishing sites look just like the sites that they are impersonating. Often, the only difference in many spoofed sites is slight, and easily missed difference in the URLs. Visitors can easily be manipulated into disclosing confidential information or credentials to the hacker if they can be induced to click the link. Even blacklisted phishing sites can often get by standard filters through the technique of time-bombing the URLs. Then the URL will lead to an innocent URL initially to get past the filters but then redirect to a malicious site.

Although malware is harder to get past filters, recently discovered and zero-day malware stands an excellent chance of getting through standard filters and being clicked on, especially if malware hides in a non-executable file such as a PDF or Office document. This is how many of the recent ransomware attacks were pulled off.

Now with Meltdown and Spectre looming over us, the average person is more susceptible to “quick fixes” and solutions to this issue.

Despite the lack of personalization, an astonishing 20% of recipients will click on basically anything that makes it to their inbox.

SPEAR PHISHING

Spear phishing is an enhanced version of phishing that aims at specific employees of the targeted organization. The goal is usually to gain unauthorized access to networks, data, and applications. In contrast to the mass emailing of a phishing attack, which might see hundreds of attack messages sent out to random recipients within the space of a couple of hours, spear phishing is methodical and focused on a single recipient. Often the initial email will contain no URL or attachment. Instead, it will simply try to invoke the recipient into thinking that the sender is who they say they are. Only later on will the hacker request confidential credentials or information, or send a booby-trapped URL or attachment.

The additional customization and targeting of a spear phishing email, along with the lack of easily recognized blacklisted URLs or malware customization results in click-rates more than 50%!

Technology is constantly evolving, and so is its relevance. In the world today, technology is fast-becoming a human being’s best friend. Just think of the number of times that you rely on technology in a day’s time. Everyone, even the self-proclaimed analog dinosaur, depends on technology to some extent.

Of course, this has spawned a major increase in the number of cybercrimes that occur daily across the globe. Cybercriminals are targeting information technology systems that are simply not well-protected from intrusion. The fact that people are so reliant on technology makes it easier for these criminals to achieve their goals. This is where Managed Detection and Response (MDR) comes in.

Information Technology experts face a constant struggle to curb cybercrimes. This crime, which has become deep-rooted in our society today, has led to the loss of time, money and reputation. Cybercriminals target websites with weak security because they’re an easy mark. Then they sell that data on the black market. It’s an ongoing crime and has quickly become a familiar scenario to many.

This is why MDR is so important in our society today. MDR is not a new concept; it has been around for a long time. Like technology, however, MDR continues to evolve with the changing trends in hacking. The main goal of Managed Detection and Response is to ensure that cybercrimes are prevented. It’s not enough to arrest and prosecute these criminals. The crimes need to be stopped before they actually happen.

How can MDR help with this cause? The simple answer to this question is that MDR is a system used to enable organizations to better understand their cybersecurity environment. With this program in play, your organization can more fully understand the IT environment in which you operate. This will provide you with some important advantages that can help prevent hacking.

Environmental threat detection

First, as mentioned above, the main goal of MDR is to aid in detecting cybersecurity threats in a particular environment. To this end, this system performs a series of functions including analyzing the types of risks that your organization may be exposed to. This can enable you to determine exactly what the most critical threats are. Using MDR, companies are able to gauge which threats are more serious. This allows you to take preemptive steps to close those doors to cyber thieves. Preventing just one attack can save you millions of dollars.

Makes threat detention faster

By making the organization aware of the threats they face, MDR makes threat detection simpler. Since MDR enhances threat analysis, your business can fully understand exactly which cybersecurity threats you face. Imagine being able to act before a breach occurs. You can take action today and avoid a nightmare tomorrow. With MDR, your company can quickly assess its level of security and take action right away.

Increases ability to respond to threats

MDR enhances the capabilities of organizations that use it to respond to cybersecurity threats. Preparation is everything when dealing with hackers and cyber thieves. Your organization needs to be prepared for every type of threat, from ransomware and hacking to data leaks. Having greater knowledge of those threats that pose the biggest risk helps you to respond with more precision. Anticipate threats before they happen. Define those weaker areas and eliminate them.

Enhances threat prevention

An ounce of prevention is better than a pound of cure, they say. This holds true especially when millions of dollars are at stake. The impact of cybersecurity in our world today is far-reaching. Every year, cyber breaches cost businesses millions of dollars. They damage your reputation and slow your forward progress.  With MDR, threat prevention becomes your greatest ally. Proactive security monitoring can apply proven rules to your security system, thus offering a new level of breach management.

Do we really need MDR?

Many business owners feel frustrated by the sheer number of cyber breaches occurring each day. It seems that the criminals have the upper hand and there’s nothing we can do to stop them. MDR allows you to take back control of your data security. It’s a reliable system that focuses on one thing: preventing cyber breaches from occurring.

The threat of cyber-attacks is ever looming. Thieves are constantly finding new ways to get through any crack or hole in your security system. And, their methods are getting more and more sophisticated as the days go by. The whole cyber security industry evolves at such a fast pace that most business owners are unable to keep up with it. This fact leaves you at a distinct disadvantage.

Final thoughts

Though the intricacies of MDR may be somewhat complex, it is important to remember the advantages of this system. With MDR in place, you can avoid being the next victim and sleep much better at night. For business owners, peace of mind is priceless. You can focus on running your company once again and take pride in your accomplishments.

Where Did They Go?

In 2017, Microsoft planned to release a lightweight version of Windows 10. This was their effort to provide a Windows solution that delivered a predictable performance by using only Microsoft-verified applications via the Microsoft Store.

Microsoft also wanted to compete with the Google Chromebook and promote Windows 10 S for use in the K-12 education market. Windows 10 S was initially offered as part of the Surface Laptop which is a premium, and quite expensive product. So, this addition to the education market was quite a leap.

Windows 10 S was going to be offered at a reduced price with the option to pay more to “unlock” the full Windows 10 Operating System. But Microsoft changed their minds. They realized that we don’t want to pay extra for something that should have been included, to begin with.

On March 7, 2018, they said:

Based on customer feedback we are simplifying the experience for our customers. Starting with the next update to Windows 10, coming soon, customers can choose to buy a new Windows 10 Home or Windows 10 Pro PC with S mode enabled, and commercial customers will be able to deploy Windows 10 Enterprise with S mode enabled.

What this means is that the Windows 10 S computer has been retired. Instead, Microsoft has decided to incorporate Windows 10 S as a “mode” for all Windows 10 Operating Systems.

Microsoft hopes this new approach will make it possible for their customers to start using the S mode. They say that it provides a streamlined computing experience that enhances security and performance across all editions.

So, for the foreseeable future, Windows 10 S is now a configuration in the Windows 10 Pro and Windows Home computers. The S Mode will lock down Windows 10, so it can only run applications from the Microsoft Store–essentially, exactly what the dedicated Windows 10 S operating system was intended to do.

Microsoft is letting Windows 10 Home users disable the S Mode free of charge. However, Windows 10 Pro customers with S Mode enabled on their device will have to pay $49 to get access to the full version of Windows 10 Pro.

Should You Consider Using the S Mode? The “S” in Windows 10 S was supposed to stand for “simplicity.” Its intent was to provide a productive and secure Windows experience. Microsoft says that it’s designed for superior performance. Starting up, streaming HD video and switching across applications is much faster than with Windows 10.

Windows 10 S only uses apps from the Microsoft Store and provides a safer browsing capability via Microsoft Edge. Because the applications for Windows 10 S only come from the Microsoft Store, the folks at Microsoft say that it ensures security and integrity. And they say that Microsoft Edge is more secure than using Chrome or Firefox browsers. The Windows Defender Antivirus and other security features in Windows are also included in Windows 10 S.

Windows 10 S comes with built-in apps and new features like Cortana, Windows Ink and Windows Hello so you can sign on without a password. It integrates with OneDrive, so you can easily save your files to the cloud and sync them across your other devices. If you decide you want to run applications that aren’t in the Microsoft Store, you can easily switch to Windows 10 Pro (except you’ll have to pay $49 to do so).

What Do Others Think About Windows 10 S?

Microsoft says that 60% of their users stay with Windows 10 S when using third-party devices. And those who do switch, do so within 24 hours of setting up their device. Those who keep using Windows 10 S for a week or so, end up keeping their device in S mode (83 %). These statistics are for low-end PCs as the only high-end computer running Windows 10 S is the Surface Laptop. These users weren’t included in their survey.

It looks like the Windows S Mode is here to stay. But some experts predict that it poses problems for Microsoft down the line. They believe that it’s going to confuse people. While the Home versions offer a free switch path, the charge for the Pro versions could bother users who want more premium devices.

Here is another issue with this change— Microsoft says that AV/Security apps will come in the Windows 10 S mode. But what about the AV software from third-party providers? Will these applications run in the S mode? If so, this defeats the purpose of what the S mode is supposed to do. Does this mean that using these apps will hamper the promised performance in Windows 10 S? We’ll have to wait to see how Microsoft deals with this. But for now, it seems like a contradiction.

Windows 10 S devices span a price range from $189 to $2,199 (for the top Surface Laptop). It’s not impossible to provide solutions for both low-end and high-end device users, but some feel this will be difficult for people to get their minds around.

Windows 10 Spring Creators Update will probably be released with a different name: Windows 10 April Update. However, it’s been delayed while Microsoft rushes to fix a newly-discovered bug. Between the changes with Windows 10 S and now the next Windows 10 update, it seems there’s a lot of “plate-spinning” going on at Microsoft right now.

Security researchers have discovered a new hacking group that is targeting healthcare organizations and other major international corporations related to this sector all around the world, and especially in United States, Europe, and parts of Asia. The intent of this group is to conduct corporate espionage. Researchers have named this hacker group “Orangeworm”. According to a recent report, this group has been active since early 2015, and its primary focus is the health sector.

How does Orangeworm work?

The healthcare industry has been targeted by Orangeworm to get access to patient’s records and to learn more about imaging devices. The hackers install a Trojan (dubbed by security researchers as “Kwampirs”) in computers used to control high-tech imaging devices like MRI and X-Ray machines. This allows the hackers to steal sensitive data and remotely access equipment by opening a backdoor in these compromised computers. It also infects machines that are used to assist patients in filling consent forms.

Kwampirs then takes some basic information from these compromised computers and sends it to the hackers to a remote command-and-control server. This server then determines if the hacked system is being operated by a high-value target or a researcher. If the server finds the victim to be of interest then the virus spreads itself across network shares and infects all the other computers in the same organization. The malware uses the system’s built-in commands to gather information about the victim’s compromised system and network instead of using enumeration tools and third-party reconnaissance.

Companies infected by Orangeworm

Almost 40% of companies infected by this malware belong to the healthcare sector while the rest of the organizations, although not belonging to the medical sector, are related to healthcare organizations. Other organizations infected with Orangeworm belong to companies in the agriculture, logistics, IT services, and manufacturing sector. According to researchers, hackers attempted a supply-chain attack to penetrate the software of healthcare organizations by infecting a service provider.

Profile of the hackers  

According to investigators Orangeworm does not fit the techniques, procedures, and tactics of a classic nation-state APT (advanced persistent actor) but it is still an APT. The most common observation is that Orangeworm is a single hacker or a group of lone hackers working to steal information about patients from healthcare organizations to sell on the black market. This patient information is considered to be more complete than customer data stored in financial or any other institution. Hackers gather as much information as they can about their victims such as network shares and user groups, configuration information, account policy information, list of directories and files, running system process and systems, accounts with admin access and the like.

If the virus detects something of value in the system, Kwampirs will copy itself, propagate across the network and infect other computers. Investigators are of the opinion that the hackers are working on some sort of espionage on the sector as they do not appear to be copying any data from the network.

The hackers are not concerned about being detected as they are using lateral movement methods that are thought to be noisy and antiquated. In spite of this, it took investigators three years to disclose and identify the group’s attacks. According to investigators, the reason why this malware went undetected for so long is that the healthcare organizations usually use computers that are old and have software that is rarely updated, doesn’t have an antivirus, and are therefore easy to hack.

According to experts, hackers employed a similar pattern in all the attacks that were carried out. They infected one computer with Kwampirs, and then proliferate to others. This ensured them remote access to every infected host. The hackers spread the virus to as many systems possible that is why the malware has also infected the computers that control the medical devices.

Security concerns

According to the findings of a detailed report on the group’s method of operation, hackers have made no efforts to update the virus since the first attacks which suggest that the attackers are either stupid or supremely confident about never getting caught.

These attackers are bold as their methods have proved very effective. Security researchers have been stressing for a long time the need to install security measures to safeguard the weakened ports. Medical devices have been targeted before also. Recently, WannaCry ransomware also targeted hospitals all around the globe.

Even though the motives of Orangeworm are unclear and investigators have been unable to find the group’s origins, they are of the opinion that the group is conducting espionage for personal gain and commercial purposes. They have been unable to find any significant evidence suggesting that a nation-state backs it.

Although, Orangeworm is not the first or the last malware to hit the healthcare organizations it is imperative that these organizations routinely search and monitor their computer systems to make sure that their devices are safe from such attacks.

The cost of downtime goes up exponentially when you’re waiting for an unresponsive IT company. So why bother? Try our responsive Help Desk instead. 

So much of the IT industry is dependent on time. How quickly an IT firm can respond to a problem, how much downtime their client deals with, how much they’re charged for on-site repair hours, etc.  The speed of resolution is a primary factor in how valuable an IT firm’s services really are.

We all know that downtime is bad. It’s bad for business, bad for employees, bad for clients – bad for you. When your systems fail, your employees sit around twiddling their thumbs, waiting for it to come back online. Your customers get more and more frustrated, waiting to get what they were expecting when they came to your office or called you that day.

But the truth is, it’s even worse than that.

Beyond the surface level issues caused by unexpected downtime, there’s the reality that downtime both wastes your money and costs you in revenue. When you really dig into the details, downtime can cost you a lot of money in a relatively small time frame.

That’s why it makes zero sense to put up with unresponsive IT support. Every minute of delay costs you more money in wasted staff hours, lost data, and lowered productivity, all on top of what you’re already paying the IT firm in the first place!

The reality of modern technology is that cybercrime, serious weather, or even human error can quickly take your systems offline. IT is now such a central part of a business that server failure and software crashes will affect every aspect of it.

The computer isn’t just one part of your business anymore. It’s how you process sales, place orders, track inventory, and more. That means that one full day of computer downtime equals one full day of not being in business.

Given that your IT is such a foundational part of your business, you need to invest in support that will make sure it keeps working for you, day after day, regardless of increases in cybercrime, or bad weather, or a careless employee.

{company} is proud to offer high-quality Help Desk support services for your business. Unlike other network support companies, we won’t put you on hold when you need our help.

We know when you have problems with your technology, your employees are unable to stay focused and productive, which means time and money are wasted and work doesn’t get done. Our Help Desk professionals are here to give you the quick and reliable support you deserve with:

• E-mail applications and Web browsers
• Hardware and network troubleshooting
• Printer installation and support
• User administration
• Desktop performance problems
• Virus and malware infections
  

We specialize in proactive management and maintenance of your IT environment. With this type of support, most of the pending issues and possible threats in your system are neutralized before they affect your business. In-house IT staffs often operate on a break/fix model, which only address issues after a problem has occurred. Proactive maintenance keeps your systems running and your employees productive, which ensures a maximum return on your investment in technology and employee wages.

However, when something does go wrong, and you need our help, we won’t keep you waiting!

Technology issues need to be sorted out as quickly as possible, and that’s exactly what we’ll do. Our Help Desk services give you:

• Access to knowledgeable technicians that are able to resolve issues remotely or come onsite when needed.
• Around the clock availability via our online ticketing system, phone or email, which means you are never left without the help you need.
• A thorough explanation of the situation in plain, easy-to-understand terms to help you understand what is happening with your technology.
• Comprehensive support solutions for anything you need to stay productive, including remote access, printing, email, phones, connectivity, and more.

Your business can’t afford downtime, slowdowns, and breakdowns. Our proactive approach to IT management and Help Desk Services gives you the answers you need and speedy resolutions to any IT issues that may come up from day to day.

Our responsive Help Desk staff is internal and based right here in our offices.

Your assigned Help Desk technician will even come to meet you at your office – so you know exactly who you are talking to every time you pick up the phone and call.

We won’t make you wait on hold – you can speak with us directly by telephone. If it’s more convenient, you can access our Help Desk through the agent we set up on your computers, online portal, or email.

The legal industry is facing its most challenging obstacle to date and it’s not from judges, court cases, the mafia, felons or any of those things you might guess. Instead, these attacks against law firms are coming from hackers. Once viewed as impenetrable to hackers, today’s law firm is just about as likely to be hacked as any other business.

John Sweeney of LogicForce explains: “Law firms are the subject of targeted attacks for one simple reason,” he recently said. “Their servers hold incredibly valuable information. That includes businesses’ IP, medical records, bank information, even government secrets. For hackers looking for information they can monetize, there is no better place to start.”

His comment highlights a growing problem for the legal industry. Each day, they are faced with new and practically unstoppable cyber-crimes. One of the most startling aspects of this troubling trend is that many times, the law firm doesn’t even know it’s been hacked. A 2016 study done on this topic showed that 40 percent of the law firms that were breached had no idea that a crime had been committed. This is disturbing on several levels.

If you’ve recently done business with a law firm, there is a possibility that your business, personal and/or financial information could already be in the hands of hackers on the other side of the world.

A global problem for law firms

The fourth largest law firm in the world, Mossack Fonseca lost 11.5 million files from its database. The information was eventually shared with journalists, the BBC and newspapers. This offshore law firm specializes in helping wealthy clients hide their money. The documents that were leaked contained highly sensitive information about wealthy clients and their offshore tax schemes.

Mossack Fonseca’s client base also included national leaders and well-known politicians. The documents that were leaked held clear evidence of how and where large amounts of money were hidden by illustrious leaders like Vladimir Putin. Embarrassing revelations were made public such as how British prime minister, David Cameron’s father, had been avoiding paying taxes in Britain for many years. Any law firm would find it difficult to recover from such a devastating breach of security.

Solving the problem

For most companies who are breached by cyber thieves, the recovery process begins with contacting those who were affected while stopping any other data leaks. With law firms, this process usually begins with helping the firm to find out whether they’ve already been a victim of a cyber-crime. This requires experts in cybersecurity who will run a series of tests looking for specific anomalies. Once they find out whether data has been lost, the experts will recommend a course of action. This typically includes securing the data so that no other intrusions will occur, while notifying those who were affected.

Law firm hacking on the rise

In spite of all the hype about hacking and cyber-security, a new report says that 14 million businesses were, in some way, affected by cyber-crimes last year. The experts believe that the reason the number is so high is that most small business owners do not believe they are at risk. This is also true of most law firms. They simply think they are exempt from data breaches. This leaves them even more at risk because they are unprepared.

Senior attorneys don’t fully understand how hacking is done and what types of weaknesses a hacker looks for. The principles at a law firm are often not up to date on the latest techniques that hackers are using. This leaves them defenseless. If you want to defeat an enemy, you must first learn everything you can about that enemy. Very few people including attorneys, understand the science behind hacking.

In addition, lawyers use a wide range of devices from smartphones to laptops and desktop computers. Each device is a potential gateway for cyber-thieves to enter and steal information. With the Internet of Things (IoT) now growing, even appliances in the break room can be hacked.

The recent rise in law firm breaches proves that professionals are still not fully aware of the dangers lurking around us on the internet. Attorneys may be reluctant to spend the money and time on a security team that will come in and create the proper security protocols. But waiting to see will place all customer data at risk. People often tell their attorney sensitive information that could harm their clients in many ways. A data breach is embarrassing and hard to explain to those clients who have entrusted you with personal information.

Preparing for data breaches

A good place to start for a law firm that does not have proper security in place is the American Bar Association’s guide. This comprehensive document includes a great deal of information about preventing cyber-attacks. It also addresses ways to respond once an attack has occurred. Employees should be trained about phishing attacks and this training must be ongoing because the method that hackers use evolves with each new attack.

The managers at a law firm can begin by engaging an outside IT security expert that specializes in legal data. The team of security experts will assess your current level of protection against intruders, then recommend new initiatives. They should institute a regular training program that teaches employees how to spot phishing attacks in emails. Even trained employees may get careless, but continual training helps everyone to remember how important it is not to click on suspicious links or give away passwords.

What a law firm can do today

Many law firms are also writing their own policies about password protection, log-in credentials, and web-surfing. Once you have policies in place that your employees are aware of, you can begin to enforce them and this will help to eliminate threats. Your onsite IT people should be checking weekly for patches and updates to software. New updates should be downloaded as soon as possible.

Regardless of the time and expense of these security initiatives, the alternative could be devastating. One of the most important assets a law firm has is its reputation. Once a data leak has occurred, it’s too late. Legal professionals must do everything possible to prepare and prevent these leaks.

There’s every reason to believe that this digital age will continue to expand across the world. Businesses and the legal industry are facing unprecedented challenges for the future, but there are solid remedies that work. It all begins with realizing how vulnerable you are and how important it is to protect your client’s information. Regardless of the cost, the alternative is just too costly.