Are You Still Using Windows 7?

Windows 7 End of Life

Windows 7 Is Being Sunset Within The Next 2 Years
(Questions & Answers)

Microsoft announced they are stopping mainstream support for Windows 7. Windows 7 is a popular operating system. So, this creates concern for many. Over time, the reliability and security of your computer will fade if you keep using Windows 7.

So What Now?

We’ll cover some important facts here that you need to know about Windows 7.

A History Of Windows 7

Windows 7 made its debut in 2009. It was initially planned as an incremental upgrade to the operating system – it was to address the poor reception of Windows Vista. Windows 7 was praised for its increased performance and intuitive interface with the new taskbar and other improvements.

More than 100 million copies of Windows 7 were sold in its first 6 months. By mid-2012, there were more than 630 million copies sold. It was the most popular Windows variant up until 2018.

In 2014 Microsoft stopped selling Windows 7 in anticipation of its end of life. In 2015 mainstream support ended. Extended support will end on January 2020, sunsetting Windows 7 for good.

Now is the time to migrate to the next Windows operating system.

What Happens At Windows 7 Sunset?

All support for Windows 7 will end on January 14, 2020. This means no more bug fixes or security updates. Over time, the usability of Windows 7 will degrade. There will be a loss of usability and increased vulnerability.

Will Internet Explorer Still Be Supported On Windows 7 After Sunset?

Per Microsoft, support for Internet Explorer on a Windows 7 device will also be discontinued on January 14, 2020. As a component of Windows, Internet Explorer follows the support lifecycle of the Windows operating system, it’s installed on. See Lifecycle FAQ – Internet Explorer for more information.

Does This Apply To Windows 7 Enterprise As Well?

If you are using Windows as part of a work environment, we recommend you check first with your IT department or see Windows 10 deployment support to learn more.

What Does Loss Of Usability Mean?

  • Applications may no longer receive updates.
  • Features may become incompatible.
  • Utilities may become unsupported.
  • New devices may not connect.

What Does Increased Vulnerability Mean?

  • Software bug fixes may no longer be issued.
  • Your PC could be infected by malware.
  • Antivirus programs may no longer be updated.
  • Online banking transaction systems may expire.
  • Your financial data could be vulnerable to theft.

So What Now? Is It Time To Upgrade To A New Operating System?

Yes, you should upgrade to either Windows 10 or Mac OS High Sierra. You probably shouldn’t go from a Windows-based system to a Mac OS unless you’re in design or video production. Most small businesses do best with Windows operating systems.

If you do switch to Mac, you’ll want to perform a cost analysis. You’ll need to change all the software you use, and this could get pricey. Plus, Apple devices are more expensive. However, they do tend to be more reliable and less costly to maintain.

What Do I Need To Do Before Updating/Migrating?

To make sure your hardware is ready for the next software environment, you should perform a series of inventories.

Software Inventory: Go through your start menu, programs folder and any other locations on your PC and make a note of all the applications and utilities you have.

Categorize them into 3 groups:

1. Required

2. Optional

3. Unwanted

Check your required software versions against the most current versions on the market to determine if you need to upgrade them. If so, make a note of the cost to do this.

Software Wishlist: Decide what you need, how soon, and do similar upgrade and cost determination.

Hardware Requirements: Make sure your current hardware is compatible with the most current Windows Operating System (Windows 10). This means checking:

  • The space on your solid-state drive or hard drive.
  • The RAM or memory requirements.
  • Any CPU or Processor.

If they don’t meet the requirements, it may be best to purchase a new machine with Windows 10 installed. Then you can reinstall any current applications that you require.

Should We Consider Purchasing A New Computer?

If your computer is 7 or 8 years old, and running Windows 7, it makes sense to get a new one, or a new Mac and operating system.

For most Windows 7 users, moving to a new device with a Windows 10 operating system is the best path forward. Today’s PCs are faster, lighter in weight, more powerful, and provide increased security.

The average price is considerably less than that of the average PC was eight years ago. This Guide from Microsoft can help you choose a new PC in just a few easy steps.

When you’re ready to upgrade to Windows 10, visit and spend some time on:

https://support.microsoft.com/en-us/help/12435/windows-10-upgrade-faq

Do You Have Any Questions?

Contact us. We’re always here to help.

 

 

 

10 Critical Things To Look For When Choosing An IT Service Provider

IT Service Provider

How Do We Choose An IT Service Provider?

10 Critical Things To Look For

If your IT company doesn’t return your phone calls, their prices are too high, or they run in to “fix” things only to run out before you find what was done, you need to choose another IT Service Provider.

But what should you look for?

With the rapid changes in technology, how are you supposed to know which IT company is best for your business needs?

We’ll tell you here…

Have you ever heard the term Managed Service Provider (MSP)?

It’s important that your IT company is and MSP… meaning that they provide what’s called Managed IT Services.

What Are Managed IT Services?

Managed IT Services allow you to offload all of your IT services and solutions to a service provider (an MSP). Your MSP assumes all the responsibility for 24-hour monitoring and maintenance of your IT system.

Why Is Using An MSP So Important?

Using Managed IT Services is critical to the success of small to mid-sized businesses today. Most don’t have the resources to hire a team of tech experts and keep them on-call 24/7.

Your Managed Service Provider will act as your outsourced IT department. It’s a much more affordable way to access the comprehensive IT systems that larger business enjoy.

This also ensures that your technology and data will always be accessible, reliable and secure.

And, with the services your MSP provides, your company will be set up to better compete against other businesses like yours.

Sounds like a dream come true, right?

But… you must find the right IT MSP company for your organization.

Which brings me to the main topic here…

What Should You Look For In A Managed IT Service Provider?

Not all IT companies are the same…

Here are 10 things to look for…

Make sure that your IT Service Provider:

1. Responds quickly to your calls. Every company has different processes, and response times vary. Ask for their guaranteed response times:

  • How long does it take for them to respond?
  • How fast are issues typically resolved?
  • How long will it take if you require onsite support?

Make sure they back up their answers with facts and metrics.

2. Is an IT Advisor and not just a repair service. Look for a subject matter expert in the industry you serve. If you run a healthcare practice, make sure they are versed in EHRs, HIPAA and practice management software.

Look for an MSP who can act as a consultant and craft a customized solution to meet your unique requirements. They should explain everything they do in plain language that you and your employees can understand, and how it will impact your business operations.

3. Offers access to a team of highly trained and experienced technicians who provide on-call service 24/7/365. They should ensure that your IT infrastructure is available when and where you need it…And that you have access to specialists who can ensure you are following IT best practices.

4. Provides a guaranteed Service Level Agreement. They should monitor your network 24 hours a day to act on any issues before they cause IT interruptions or downtime that can disrupt your staff’s productivity.

5. Helps you budget for the IT services you require. A good IT service provider will offer services that you can predictably budget for, and solutions that you can write off as operating expenses rather than capital ones. Your MSP should offer a customized package of services for a fixed monthly fee that you can count on.

6. Ensures that you’ll have a highly secure IT environment so you won’t have to worry about viruses, malware, and hackers stealing your confidential data. They should use best-of-breed technologies that block data intrusions and eliminate them before they enter your network. They should also help you maintain IT security compliance for industry and government regulations.

IT Service Provider

7. Sets up Business Continuity and Disaster Recovery Solutions with both onsite and offsite cloud backups to ensure you can always access your IT even if your office is closed due to a storm or other disaster. Plus they should provide continuous backups and testing to ensure your data is easily recoverable.

8. Ensures that proactive support is ongoing so you can have the peace of mind that your IT network will run as it should. This way you can focus on your core competencies rather than worry about technology issues.

9. Offers many different services and solutions you can choose from. This includes things like hosted cloud services, VoIP business phones, mobile device management, wireless services, virtual CIO services and more. Only with a variety of services can they provide the customized information technology solutions that best fit your needs.

10. Makes your success their priority. They must get to know your business and your goals. How can you tell if they’ll do this? Ask them about their clients and the success rate they experienced by using the services they provide. Any company that’s provided success for their customers will gladly be willing to share their stories and references.

There’s no doubt that finding the right IT Service Provider can be a daunting task. But armed with this information you should be able to find the right fit for your business.

What Are 2018’s Top Eight Legal Apps?

Best Applications For Lawyers

As software and digital applications (Apps) continue to be developed, Internet Technology (IT) is embraced by a variety of fields that have hitherto ignored it. In law firms across the country, the old ways have been honored as traditional, respectable, and perhaps even better than modern methods. Increasingly, IT has caught up.

Best Applications For Lawyers

Digital platforms make communication and collaboration easier than ever. Accounting and billing take less time. Calendars and documents are efficiently recorded and filed. They are also easily retrieved. Sometimes, choosing the right system for your law practice is the most difficult part. Presented alphabetically, not in order of rating, here are eight of the top legal apps available in 2018.

Actionstep

In addition to law firms, Actionstep is suitable for use in government and corporate legal teams, as well as investigations and compliance groups. It boasts features that assist firms in running every aspect of the business.

The built-in workflow engine, however, enables firms to automate documents, emails, and other processes. This creates a more efficient business. Although it is reputedly the most complicated element of the software, it is the one that makes the $60 dollar a month fee worthwhile. Fortunately, there is a free trial and a free demo that attorneys can enjoy before committing.

Bill4Time

Offering flexible integration with existing management products, Bill4Time accurately tracks time anywhere from any device. The billing and invoicing features include the following:

  • Billing portal
  • Contact database
  • Contingency billing
  • Customizable invoices
  • Hourly billing
  • Online invoicing and payments
  • Payment processing
  • Tax calculations

This app offers a free 14-day trial before committing. It is ideal for companies that prefer the versatility of both cloud and mobile access.

CASEPeer

CASEpeer is case-management software designed primarily for Personal Injury Attorneys. It features campaign tracking, customizable case plans, case organization, and task management. Additionally, it provides superior document management, intake management, an integrated calendar, letter generator, as well as litigation and settlement tools. It also keeps track of data points.

A little more expensive at $55 dollars per month, CASEPeer also offers a free demo and online support.

Clio

This software provides a variety of intuitive functions. Its billing features include account tracking, document management, and expenditure tracking. It offers case and client history and management, as well as conflict resolution. Clio also boasts document indexing, archiving, and retention.

Since it is cloud-based, attorneys are able to work on their cases anywhere. The monthly rate is $39 dollars, and Clio even offers a free seven-day trial or demonstration.

Law Ruler Software

Popular with law firms of all sizes, Law Ruler focuses on the case and client history and management. Some of its unique features include:

  • Automated phone dialer
  • Drip marketing
  • Easy-to-use reporting
  • One-click “send referral” feature
  • Order medical records
  • Send text E-signs
  • A drag-and-drop editor that helps firms build an unlimited amount of intake and case forms

Taking advantage of the free trial allows attorneys to test Law Ruler to see if it is a fit for their firm.

MyCase

Ideal for small law firms, MyCase offers easy-to-use management software. Among other things, this software features a secure client communication portal. It also provides assistance with billable and non-billable hours, mobile time tracking, case management, document management, task management, and court records searches.

It accounts for multiple billing rates and has a simple calendar management system, complete with programmable reminders. MyCase offers monthly and annually-billed rates.

Practice Panther Legal Software

For a low rate of $39 dollars per month, Practice Panther Legal Software manages the billing and invoicing. It handles the case and client management and history of solo practitioners, as well as small and medium-sized firms.

Other aspects Practice Panther manages include the following:

  • Calendar
  • Contacts
  • Contracts
  • Documents
  • Email messages
  • Records
  • Tasks
  • Time tracking

This software also provides a client portal. It offers online support and a free demo, as well.

Zola Suite

With an intuitive and fast interface, Zola integrates with LawPay, Quickbooks, and RPost. It is cloud-based, but is also accessible through native iOS and Android Apps. Although it offers most of the features that other products supply, this software boasts its built-in email and robust business and trust accounting aspects. These include accrual accounting, activity tracking, asset gain and loss reporting, check writing, cross ledger posting, and tax management.

Zola is a bit pricier at $49 dollars per month for attorneys and $58 dollars per month for support staff. It does, however offer a free trial.

In Conclusion

Choosing the right software for your law firm does not have to be complicated. Begin by determining what features would streamline your process the most. Decide on a reasonable budget. Select from the top legal apps that meet your criteria and price point. Then, take advantage of the free trials and demos of each product. This way, you can invest your time and money in the technology that will provide the most benefit for your firm.

 

Can Business Benefit From Microsoft Office 365?

Microsoft Office 365

In today’s business world, it’s important for companies to stay ahead of the trends when it comes to the latest in tools for productivity. Office suites like Microsoft’s Office 365 have become popular among organizations hoping for more effective performance and communication.

With Office 365’s subscription plans, users gain access to the full list of Office apps such as Word, PowerPoint, Outlook, OneNote, Publisher,  and Access, plus so much more.

There are endless benefits associated with Office 365 subscriptions, from the convenient communication tools, to productivity apps intended to help users make the most of their workdays. These apps are updated monthly, so you can be sure you have access to the latest features and security updates available.

Here we’ll explore why a growing number of businesses are turning to Office 365 for their business needs.

Is It Convenient And Accessible?

One major benefit of Office 365 is its accessibility. Installing Office 365 across multiple devices ensures your work goes with you, wherever that may be. Whether you’re browsing from your office computer or mobile phone at home, you can be productive. What’s more, SharePoint makes for easy sharing between coworkers. For instance, if you edit a document from your computer at home, your colleague will be able to view that same file from their phone and see the most up-to-date version of the document.

Since these documents are accessible via the cloud, users are able to customize security settings to be as strict or as lenient as required. Whether you want your entire organization or just a few colleagues to gain access, SharePoint allows for a number of options to ensure proper security for your creative work.

Office 365 also makes it easier to locate content. In office settings, there are many players involved. Once upon a time, workers were forced to go on a wild goose hunt in search of files, which may or may not be stored across any number of employees’ email boxes. Office 365 SharePoint allows one single place to store important documents, photos and communications, so you can find important files when needed most.

Today’s businesses are also on the lookout to improve organizational productivity. Office 365’s Email and Calendar options offer ample mailbox storage, the ability to schedule meetings simply and quickly, and the ability to share your schedule and availability with coworkers and colleagues.

Does Office 365 Provide Enhanced Communication?

Effective communication among coworkers, teams, and departments is crucial for growth within a company. While methods like e-mail are sufficient, the benefits of instant communication can’t be denied. In addition to traditional Email, Office 365 Business provides access to Yammer, Skype for Business and Teams.

In a business landscape with an ever-increasing number of remote workers, effective communication is key, and when it comes to chatting, you’ve got options. Skype For Business is a unified communications platform offering instant messaging, video, and audio conferencing. Online meetings are simple and offer a range of other benefits.

You can immediately see your coworkers’ availability status, share a whiteboard to allow for brainstorming in real-time and share documents on-screen in real time. And with Office 365, management is intended to be easier than ever. From user creation and deletion, to managing passwords, user roles, security and distribution lists, the program’s management tools are built for success.

Business Benefit Office 365

Does It Have a Chat or Meeting App?

Microsoft Teams is another useful feature found within the Office 365 suite. This takes teamwork to a new level, with the ability to chat, share files, and organize meetings. According to Microsoft, over 200,000 businesses across a total of 181 markets are using Teams to collaborate with their coworkers. Recently, the company has introduced a free version, which includes unlimited chat and searches, built-in audio and video calling, 10GB of team file storage, and numerous apps. With the Teams paid version, you’ll gain access to additional storage, and enterprise security, among other features. While Skype has long been the method of choice for communication on-the-go, many users find the Teams interface to be simpler and more effective for instant feedback from team members.

Microsoft Announces Lift On Device Limits

Eager to enhance the user experience for paid subscribers, Microsoft recently announced a major change to its current subscription service. Beginning October 2, Microsoft will lift its limits on device usage for Office 365 subscribers. While the previous limit allows for 10 devices, users can now utilize Office 365 on an unlimited number of devices.

Office 365 Makes An Impact on Business Growth

Office 365 is making an impact across thousands of businesses, and its benefits stretch far beyond Excel, Outlook, and PowerPoint. Office 365 carries with it countless commands that can be of great value to individual users and businesses. If your organization is searching for a means of enhanced productivity and communication, consider all that Office 365 has to offer. It may be just the tool you’re looking for to help your team grow.

Put Down Those Tablets! Special Considerations for Independent Schools’ EdTech Plans

school computers

Independent schools have a prime opportunity to increase enrollment right now. Trust in government agencies is mixed to low, and the importance of individualism is trending upwards past even science in some areas. While that trend might give all educators a tight feeling in pro-vaccination chests, the crisis of identity is leading more families to look for non-public school options.

You’re going to have to look for solutions, because you are independent and not as “lucrative” to edtech companies. You will also have to get creative because you may not get the big breaks that a large district can (discounts for larger orders, for example).

Competition

On the flip side, there are more options now, too. For the last two decades public schools have had to compete not only with private and parochial schools, but as the newcomer.

Moreover, there’s been a jump in homeschooling. Homeschooling was once the last resort of the fringe religious sect. It was also utilized for incapacitated students unable to thrive in a normal school setting. Today, homeschooling is quite popular with many parents.

In a recent study reported in nheri.org, the growth of homeschooling looks like a threatening storm:

Graph originally from “Homeschooling Growing: Multiple Data Points Show Increase 2012 to 2016 and Later”
April 20, 2018 by Brian D. Ray, Ph.D.

With the push and pull between individual rights to choose how a child is educated and the state’s need to have well-educated, prepared future citizens, Independent schools have an opportunity. To not see the great opportunity growing out of the public’s distrust of the public school system would be a mistake. When developing a technology plan, competitiveness must be of the highest priority, just after efficacy.

Money/tuition

Obviously one of the biggest roadblocks in the era of stagnant wages and uncertain fiscal futures is the tuition barrier. As the gap between the haves and have-nots widens, independent schools must find ways to reach good students whose families can’t afford to pay out the usual tuition.

The evidence of this mistrust is clear in the rise of homeschool and online school students. The barriers to private or religious education may well only be financial. Charters and schools of choice have been a bit of a stop-gap but still have not solved the issues that parents wish to see resolved. If parents have an opportunity to get their kids into a school that they have chosen, many more would do so.

At the same time, since there is that cost issue, there is stiff competition for independent schools, as well as a leeriness of parents to trust a school that is not being monitored closely – if at all – by the government. Since the standards set up for public schools do not automatically apply to independent schools, some parents can feel wary of them, thinking that the teachers may not be as well-prepared to teach.

Along with that is the old idea of the stuffy private school a la School Ties or Dead Poets Society. The idea is that parents are somehow disloyal to their neighborhoods by not having their kids in public school. Although parents enrolling their children in religious schools ostensibly get a pass, as it is a religious matter in this case, there are still negative connotations to getting your kids into private school. As such, there are a mountain of obstacles that private schools must overcome in order to be appealing to the middle and upper class in America.

You must make yourselves competitive. Educational Technology can help, but only if it is planned wisely and thoughtfully and remains within your mission.

Accessibility

Even if you don’t think that your students need accessible websites, their parents, guardians, and other people invested in their well-being may. Someone may want to check the basketball schedule. A potential new family may want to learn more about your school. There are lots of benefits to having a great website that can be read and understood regardless of sightedness, hearing levels, or mobility.

Moreover, to not do something simply because as an independent school you are not required by law to make certain adjustments is admitting that you are willing to do the bare minimum to get by. Why would parents wish to pay out of pocket for the bare minimum? Doing the right thing here will sharpen your competitive edge. Plus, there are lots of stakeholders who need accessibility adjustments in order to read your website. It’s just good business sense.

Look for edtech that will:

  • Streamline your accounting, assessment, reporting, marketing, communications, and other processes.
  • Are single sign-ons so that students and employees can access all of their digital tools with a single password and username combination.
  • Are relatively simple to use, learn, execute, update and (if necessary) install.
  • Lean towards web-based, cloud based stuff, like Microsoft Office 365 for Education (which as an added bonus is FREE!).
  • Look for free or low-cost stuff – there is so much of it.
  • Research to see what others are doing with this. Places like EdShelf can help.

Questions to Ask

What do your teachers and staff think they need? Survey the troops so you can understand what’s happening on the ground plus get an idea of the time commitment that new technology training might entail.

Where is digitization CRUCIAL?

Do you need more actual space in the building? Are the paper reports that you’re using inefficient?

Is this a want or a need?

Learn to know the difference. One way to prioritize is to imagine what would happen if you didn’t upgrade or replace the technology that you currently have, or if you invested in the iPads. What happens next? Do things fall apart if you don’t improve your school’s network capabilities? Does literacy automatically improve when you buy tablets? This thought experiment also shows you what needs to accompany the new technology in order for it to be beneficial.

How does this fit in with our school’s overall mission?

Your mission is the heart and soul of your school and everything that you plan should grow out from that central philosophy. Don’t lose your identity in the rush to be competitive.

Always Remember

Empower and support educators. Don’t pick something too complicated or time-consuming to use. Also, allow some leeway. Maybe budget a bit of discretionary funding and allow departments to choose a few software programs that will be especially helpful for their area. You must remain a competitive employer, too, if you are going to be able to compete against large public districts with contracts, unions, better benefits, and higher pay.

Teachers are what make a school work properly. The best thing to do is have continuity from year-to-year by having the familiar faces of competent, happy teachers. Educators already burn out pretty quickly, but they leave independent schools more readily than public schools. Remember to treat them well and reflect on how new technology will affect them.

What Should I Know About Hashcat?

hashcat

What is Hashcat?

Hashcat is a type of hacking tool, and a password cracker specifically. It was created to be able to hack the most complex of passwords, targeting multiple aspects of coding simultaneously. Additionally, according to online sources including Infosec Institute, it is regarded as being highly versatile and fast in comparison to other password hacking tools, making it especially threatening.

hashcat

Hashcat is capable of reverse engineering information and converting readable information into scrambled coding, which is used to crack password representations. The program can use ‘brute force’ in direct cracking, apply preconfigured dictionaries, or use rainbow tables in user attempts to gain access to sensitive information.

What’s Been Happening in Current Events?

Hashcat can currently be used to obtain passwords through multiple processes, and can be downloaded online, alongside reader access to user-friendly guides explaining step-by-step how to use the program to bypass security features. Unfortunately, this extent of general accessibility is not uncommon for modern hacking tools, and it is therefore regarded as an added vulnerability. The program can be used on Kali Linux, a version of Linux with hundreds of unique information security tools.

The current version of the program is regarded as advanced with potential for further development. It can be run across the range of common operating systems, including Windows, Linux, and OSX, and is multi-hashed, multi-threaded, and multi-algorithm (including MySQL, DCC, MD4-5, and NTLM) based. Specialized rules can be used to extend the attack mode features, hackers can limit or resume sessions created, and the program recognizes hashes recovered from its out-file upon its startup.

An external file stores a list that can be used in force attacks, and users can configure the number of threads before executing them according to their lowest priority. The program supports hex-salt in addition to hex-charset files, and over 90 algorithms can currently be implemented in an attempt to optimize performance.

Online sources such as Help Net Security provide users with steps in using the programs for attacks. For example, Hashcat can be used to hack a user’s password through a dictionary attack by first creating a dictionary with MBD5 hashes, followed by a frame capture and file dumping for targeted information storage and future access. Only a single frame may be necessary for a successful hack. Unlike other approaches, the success of Hashcat in acquiring a pre-shared key (PSK) on average may involve only a hacker’s application of its features over the course of minutes or days, thereby making it more dangerous. The versatility and options of the program provide hackers with substantial potential.

As with other recent developments in hacking and successes in hacking approaches, Hashcat increases the demand for formal and effective security protocol development as has been done through WPA3 network security protocol. WPA3 has only recently been released in its earliest form, and provides an improvement over fundamental weaknesses in WPA2 security that Hashcat is able to exploit. Online sources including Security Affairs report that experts expect WPA3 protocol to have a major role in safeguarding against Hashcat potentials in the near future.

The Robust Secure Network Information Element (RSN IE) will be considered fundamental and important in ongoing security improvements. Hashcat is currently able to target this directly, rather than using a previous hacker approach of establishing connectivity through network port authentication protocol, and exploiting vulnerabilities in the Pairwise Master Key Identifier (PMKID). These PMKID vulnerabilities are targeted in WPA3 developments and other attempts to improve network safety on a less fundamental level.

The RSN was initially created to secure 802.11 wireless networks, being an element of the 802.11i standard, but broadcasts an internal message during attempts to establish channel communications that have been exploited. Hackers can thereby access WPA PSKs from the PMKID under the current design with common protections. New WPA3 employs a Simultaneous Authentication of Equals (SAE) that is an improved protocol for modern key establishment, resulting in a system that is much harder to attack through current common processes.

What Has Been Happening in Research and Development?

In addition to WPA3, other attempts to improve security effectiveness and efficiency have targeted vulnerabilities exploited by Hashcat, although some efforts have involved benefits from its use.

The Fundamentals of Digital Forensics journal reported that forensic analysts have been able to make use of the program in recent data recovery efforts, as Hashcat has been used by forensics experts to decrypt certain files. Meanwhile, researchers at the Technical University of Denmark reported that the program’s foundational basis of a machine learning model serve as a reference point for both forensic decryption and improved security efforts.

What’s The Bottom Line?

Hashcat:

  • Is among the most effective hacking programs developed to date
  • Can be highly useful to digital forensic analysts and used for positive outcomes rather than hacking
  • Can exploit WPA2 vulnerabilities
  • Creates further demand for WPA3 implementation

What Can Healthcare Providers Do To Make Cloud Adoption Easier?

Healthcare Cloud Computing

Microsoft’s Azure cloud service recently suffered a major disruption at one of its data centers in Texas. A truly epic lightning storm caused even the backup generators to go offline. Every time the center struggled back to a semblance of normal operations, another round of thunderbolts blew through and the center was offline again. It took about eight hours to fully restore service to the affected clients.

Healthcare Cloud Computing

Cloud opponents will point to this and say that this proves the cloud is unreliable; no hospital can afford eight hours down. And Microsoft would rightly reply that, had those clients who were affected chosen to set up a redundant site in another region, their workload would have been seamlessly shifted over to a center out of harm’s way.

Microsoft would also note that eight hours a year of downtime is a miraculous figure compared to some hospitals that operate their own data centers. Virtually all of us have had the experience of having a health care provider tell us that they couldn’t do this or that because “the computers are down.”

What’s Coming in Cloud 2.0?

While some providers are waffling over whether to move anything to the cloud and if so, what, others are racing to get ahead of the coming tsunami of artificial intelligence (AI) products that are in the pipeline. Remember that Amazon, Microsoft, and Google are all working in collaboration to make medical records more uniform and permit rapid data exchange, where there is effectively “one patient, one chart,” no matter how many providers the patient sees.

This obvious step forward fills many providers with dread. Michael Robinson, the Vice President for healthcare at VMware, a Dell subsidiary, puts it like this: “A huge barrier to cloud adoption is that healthcare organizations want to run their own private environments and do not trust public cloud providers to secure their data.” (Robinson 2018.)

The consulting firm McKinsey sees a major divide coming between firms that adopt AI and those that don’t – to the great detriment of the latter (MIT Interview). The leaders will be so far ahead of the pack that the stragglers will never catch up.

What Is The Value Added?

AI will offer an enormous basket of goodies in the next five years. Virtual agents will enable replacing a lot of the legwork that providers’ employees do. But the big payoff for organizations in the near term will be in the realm of analysis. Data analysis becomes ever more important for all organizations.

Deep learning and similar techniques have been derided as “curve fitting,” but the point is that they are not only fitting lines to the curves, they are finding curves that no one suspected was there. And a lot of the patterns being discovered have to do with money. Hospitals often have no idea what they charge for a given procedure and why they are charging that amount. The prices are usually set in negotiations between payers and providers. AI can discover the real cost of procedures and show what is being overcharged and what is being undercharged. The latter, obviously, are revenue opportunities.

Of course, doing this kind of analytical work involves de-siloing financial and clinical data and making all of it available in one large data lake. Some level of data cleaning is a necessity. CMS, for example, spent over a billion dollars a year cleaning up Medicare and Medicaid data before doing analyses. You will not have to spend a billion, but you would be well-advised to spend something. It is also important to have good consultants to assist in the de-siloing and that data lake creation. Time spent on the front end will save a lot of frustration on the back end.

The value added will be understanding what’s going on in your organization at the deepest levels. Comprehension of this type enables rational actions towards critical business goals. Of course, if your organization has no goals that are stated in quantitative terms, then the analysis is of no use to you. If, on the other hand, you know what “good care” is in terms of costs, infection rates, lengths of stay, morbidity and mortality, and other operational parameters, you will be ahead of the game.

What Are The Risks Of Non-Adoption?

You can choose not to adopt the coming AI revolution. The risk you run there is being eclipsed by your competition, who will be enjoying the fruits of better, faster operations, and lowered personnel costs. You could find yourself in a negative business position from which you cannot recover.

For most healthcare organizations, the biggest worries are security, compliance, and privacy but the paradox here is that the security that cloud providers can give you is far better than you can provide for yourself. You may also fear the loss of control. Again, cloud providers will generally provide whatever level of security you ask for. You can ask for a private cloud and get utmost security there. If you take that direction, you lose the opportunity to reduce your IT staff, but that may be a price you are willing to pay.

In summary, the risks of not moving to cloud 2.0 are infinitesimal compared to the benefits. It’s a move you’ll eventually have to make so why not take the plunge now?

Election Cybersecurity: Why This Is Needed Now More Than Ever

Russian Hacking

With the 2018 midterm elections on the horizon, there are increasing concerns regarding cybersecurity and the voting systems in each state. These security concerns have to extend far beyond our voting systems with this election because digital platforms are also vulnerable to cyber threats. This means that not only are voting and vote tabulation processes at risk, the operations of political parties and candidates are vulnerable as well.

 

 

Election cybersecurity is so important right now because there are forces constantly working to undermine trust in our election system and confidence in the outcome.

Growing Trends Leading Up To The Election

Tom Burt, Microsoft’s corporate VP for security and trust, spoke with a panel at a conference in mid-July, about how the company had detected and helped block phishing attempts against three midterm candidates. Hackers had registered a fake Microsoft phishing website designed to trick staff members into handing over passwords or downloading malware onto their computer. These attacks were similar to those sustained by the DNC in 2016.

Russian Hacking

A few weeks later, Microsoft then reported how it had to disable six Russian-launched websites masquerading as official websites of the U.S. Senate, two conservative think tanks, and the company’s OneDrive cloud storage service. Microsoft President Brad Smith said that they were “concerned that these and other attempts pose security threats to a broadening array of groups connected with both political parties.” Microsoft warned that Moscow was broadening its attacks.

In late August, Microsoft revealed that Russian and Iranian hackers were using the company’s Azure cloud platform to set up fake domains so they could send phishing attacks that were targeted at political campaigns. These websites were so realistic-looking because the hackers used misappropriated company logos and trademarks.

Google also recently alerted Senator Pat Toomey of Pennsylvania, about how hackers with ties to a “nation-state” had sent phishing emails to old campaign email accounts. Steve Kelly, a spokesman for the senator, said the accounts hadn’t been used since the end of the 2016 campaign. Kelly said that these actions underscore the cybersecurity threats our government, campaigns, and elections are currently facing. The news article goes on to report how Senator Jeanne Shaheen of New Hampshire has also been the target of phishing attacks.

These cybercriminals are targeting our political system by trying to gain access inside political campaigns. They also probe our electoral systems, where they can potentially alter voter data and election results. Fake ads and accounts on social media are other methods used to spread disinformation and division.

They will continuously try to do everything they can to breach our systems and disrupt elections in November. Are you prepared for it?

How Candidates, Staff, and Consultants Should Be Protecting Themselves

1. Security Awareness Training

Security awareness training provides everyone with the knowledge on how to recognize cybercrime and learn more about security risks, including social engineering, online phishing, and web-browsing risks. Continually emphasizing the critical nature of data security and the responsibility of each person in protecting this data, will have a significant impact.

2. Data Incident Reporting Procedures

Knowledge about data incident reporting procedures and awareness of a computer operating outside its norm (unexplained errors, running slowly, changes in desktop configurations, etc.) are also critical. When everyone on your team can recognize a legitimate warning message or alert, this will allow these incidents to be reported to IT immediately, so they can mitigate and investigate the threat.

3. Strong Password Selection

Making sure that everyone knows how to select strong and secure passwords is essential. The stronger the passwords, the more secure your computers and accounts are. Have users create a very long easy-to-remember passphrase that never changes, and then add app-based two-factor authentication for accounts with sensitive information, e.g. email.

4. Responsible Email Usage

Responsible email usage is another great defense for preventing data theft. Accepting email that only comes from someone you know; someone you have received mail from before; something you are expecting; doesn’t look odd with unusual spellings or characters; and passes your anti-virus program test will help thwart these phishing attacks. Also, be particularly cautious with emails containing links and attachments.

5. Hire A Security Partner

Your final defense is to hire a good cybersecurity provider and form a partnership where remote monitoring and constant maintenance allows them to keep ahead of any threats. There are so many ways hackers can cause chaos on your network and try to tamper with information, without you knowing about it. Sometimes your IT team just doesn’t catch it quickly enough and the damage will already have been done. Many eyes are essential to a proactive defense.

Are you the next target of these cybercriminals? They’re going to attack, it’s the where and when that’s uncertain.

KTG recently brought on a new client in the Nashville area who provides political campaign strategy services. The company reached out to us to make sure they are as secure as possible. We have implemented several layers of additional security to protect their employees, the candidates, and the staff they are working for during this election cycle.

By partnering with KTG, you will have consistent, “on guard” protection for your network, essential data, applications, people, and processes. Please contact us today because vigilant cybersecurity management leading up to and during these elections is needed now, more than ever.

How Can I Optimize My Wi-Fi?

Speed up WIFI

With a range of technology continuing to encompass upgrades and versions improving on previous ones, there are constantly new ways for people to improve their Wi-Fi speed. Considering the most recent developments, the below provides instructions for minimizing obstacles to your connection speed while optimizing it as much as possible.

Watch this great video from Steve Dotto below.

 

How Can I Use A Speed Test For Optimization?

Speed tests can be helpful to locate problems and potential in your Wi-Fi network. The two most fundamentally concerning or relevant aspects of your connection are the speeds by which it can upload or download data. This can affect aspects of your operations including:

  • How quickly you can send large files in your business
  • How quickly manual or automatic updates take to download
  • Media and a range of aspects of web browser speeds
  • Computer, internet of things (IoT) devices, and cloud file transfers
  • File attachments in emails
  • Sending live video streams
  • Uploading media such as images

Running a speed test allows you to view measurements of the ping, or the effective response time of the Wi-Fi connection, which is measured in milliseconds. Users naturally want to have a low number for their measurement. Many free speed tests are available online, such as Speedtest.net recommended by LinkSys, created and maintained by OOKLA, an online metrics business. The test offered through their organization has over eight billion tests of experience, and functions by using sample uploads and downloads analyzed through their program.

Before starting a test, users are recommended to ensure that their connection is maintained in a normal manner so that the reading is accurate. For example, if multiple family members are using hotspots, streaming, using online gaming, using downloads, etc., it is recommended that the user wait until the use of service ends so that ideal testing conditions are established. Additionally, users are recommended to ensure their router or routers are not obstructed in some way.

After testing, if you are not satisfied with the results, you can take some actions in an attempt to make improvements. You could also consider upgrading your router or changing Wi-Fi providers. Purchasing a superior router can also give you better security as you browse. Some users, especially those in large offices or homes use a range extender to improve performance.

Other options include resetting your router, then retesting to ensure that the low speed observed wasn’t simply random or a ‘fluke.’ Next, you can attempt to transfer your router or routers to a more open area of your building to be sure that electronics or building materials weren’t responsible for a reduced signal strength causing the speed drop.

Beyond this, check to see if your modem is outdated. If you have a dual-band router, you can enter into its settings to see if you can increase a common 2.4 GHz frequency set to a 5 GHz one, which will reduce signal congestion. Lastly, you can compare your ethernet to your Wi-Fi connection with an ethernet cable to determine the extent that your speeds are due to your internet service provider (ISP) or a device. Your ISP may not actually be providing the speeds that they advertise. If you determine that the ISP is the culprit here, contact them and explain that you’ve checked to make sure that your slow speeds are not due to any other thing and insist on them taking action on their end.

In addition to the link provided above, NetSpot recommends users consider their speed app or one of four others listed on their website: Wifiner, Network Speed Test, LAN Speed Test, or Google Speed Test. Click the link for details regarding these tests and other relevant information.

How Can I Begin To Take Steps To Increase Robustness And Reliability?

Beyond the basic steps listed here, you can begin to take more involved steps to optimize your connection. Firstly, you can update the firmware of your router. There may be a new version that has been created since your last install. Firmware updates are important because they involve better security or other speed related upgrades that can improve your service. The administration page of your router’s firmware generally has access to this.

In addition to building material interference and excessive use bogging, you may be experiencing interference from other devices you use. Home telephones, Bluetooth speakers, microwaves, baby monitors, and other devices, according to USA Today, can affect a Wi-Fi network. Creating a ‘heat’ map of potential issues using an application such as HeatMapper could assist you with finding them. You can also attempt to change the channel you established for your router, or use network settings and rules to limit the bandwidth or accessibility of other users to reduce their capacity to affect your speed.

The Quality of Service (QoS) feature available in some routers can also potentially help, as it allows users to prioritize their traffic in accordance to the nature of the information that is transferred in the process. Applications that are sensitive to latency, such as Skype, streamed media, and online games can have higher prioritization than other types of activity; this can be addressed for better results in practical use.

How Can I Further Optimize My Router?

Beyond changing the settings and updating the firmware, you can upgrade. If you navigate to the settings feature of your existing firmware, you should be able to enter into “Advanced Settings” and access channels. Changing the channel to a ‘clear’ one that no one else is using can help. LifeWire has more channel-related recommendations.

How Can I Use A Powerline Or Wi-Fi Signal Strength Increaser?

Wi-Fi extenders, which are devices made specifically for the purpose of improving your wireless power, can also be a worthwhile investment. According to TechRadar, such devices have been increasingly useful in helping people experience greater improvements to their network capacities. Relatively inexpensive, they significantly increase coverage without the extent of installation or restructuring required in implementing new network cables. The most effective use of them is their placement in areas where the signal in the network has been observed as weak. Specific devices that TechRadar recommends for this use include:

  • Netgear’s AC1200 EX6150 and EX6200 models
  • D-Link’s DAP-1520 Dual Band Range Extender model
  • TP-Link’s RE350 AC1200 model
  • Linksys’ RE6500 AC1200 and Velop models
  • D-Link’s DAP-1320 N300 and DAP-1650 AC1200 models
  • Trendnet’s 1200 AV2 model

Speed up WIFI

How Can I Make The Most Of The Netgear Genie Program?

Netgear Genie is a desktop application program that can be configured to manage home routers for the purposes of:

  • Network speed tests
  • Live parent controls
  • SSID and password changes
  • Guest network controls
  • Viewing a connected device map

Most of these help users do what has already been discussed here more easily. The network map feature shows when connections are problematic.

What Should I Do?

Use these recommendations as a basic guideline. While you may not need to upgrade your hardware or even your software, it’s likely that you can take some action to increase your Wi-Fi performance.

How Could My Office 365 Be Vulnerable To ‘ZeroFont’ Phishing?

Microsoft Office 365 Zerofont

What is ‘ZeroFont’ Phishing?

‘Phishing’ is where hackers attempt to get a user to willingly provide personal information, generally through posing to be someone else. It is one of the more threatening forms of hacking, as it is among the most difficult to protect against traditional security measures.

Microsoft Office 365 Zerofont

Hackers continue to find new ways to breach spam and other filters while representing authorities with practical reasons to request information. It is ultimately the user’s decision to trust the hacker which results in information misuse. Users must, therefore, be aware of the nature of phishing tactics and vulnerabilities to best protect themselves.

‘ZeroFont’ phishing attacks have been successful against Office 365 users. In this attack, hackers use a zero-sized font in order to hide identifying information while posing as a reputable account-hosting organization. Users are unable to view zero-sized fonts so they are easily tricked.

What’s Been Happening?

Attacks have been increasing as security researchers learn about this type of internet hacking. ZeroFont phishers have been bypassing Advanced Threat Protection (ATP) processes in popular email services, such as those provided with the commonly used Office 365. Although the advanced Microsoft software uses security processes with many AI and machine learning procedures for blacklisting and other forms of phishing defenses, the ZeroFont method is able to evade these. The use of zero font sizes has proven to be a clever method that allows hackers to sneak in and steal information from a wide range of users.

ZeroFont attacks are actually not new. They were used by hackers in the past but faded into the background for quite some time. For years, hackers have used simple phishing scams to trick users into visiting unsafe sites or giving up their log-in information. This basic method of exploiting internet users has been very successful but cybercriminals are always looking for new and easy ways to steal our money.

Microsoft’s natural language processing has made it more vulnerable to zero font attacks. One example of a hacker using this approach for a successful attack against an Office 365 user involves fraudulent email. The emails are created by a phisher who pretends to be a legitimate Microsoft representative. The email they send out says something about how Microsoft is attempting to notify them that they’ve reached a quota limit of some sort.

Assuming they’ve received an actual message from someone who is their subscription representative, and with the words ‘Microsoft Office 365,’ the email urges the user to divulge personal information. Because of the zero font size, the security program does not recognize relevant keywords and the email is not correctly identified as a ‘spoof’ or spam. Instead, users may choose to cooperate in providing personal information.

ZeroFont attackers can exploit an ability to display a message to users that cannot be properly read by anti-phishing filters. These emails can look as if they are being sent by Facebook, PayPal, Apple, or your financial institution. They urge users to give up sensitive personal information that can then be misused. Hackers have been able to take over Amazon, Facebook and eBay accounts.

While natural language processing is regarded as a powerful aspect of software, highly efficient and effective while safeguarding against email phishing, exploitations of its vulnerabilities have caused ongoing demands for security upgrades. Avanan has more information about the nature of ZeroFont, Punycode, Unicode, and Hexadecimal Escape Character attacks being used today.

Online sources explain that this form of attack has been common, if not rampant since the extent of certain vulnerabilities in Office 365 has been realized.

Security Affairs reported recent phishing ‘campaigns’ that have successfully used this approach, and The Hacker News also reported on a campaign that ‘wildly’ attempted to target a wide range of Office 365 users. The latter was reported to involve a representation of Microsoft while directing users, via a link, to a SharePoint document established to record sensitive information.

As the bodies of the emails sent made use of a zero font size to avoid anti-phishing filters, users were presented with messages that appeared to be legitimate. Imagine getting SharePoint invitations asking for your collaboration or cooperation from Microsoft. It can be tempting to follow the instructions that hackers provide and just do what they say.

Clicked links resulted in automatic openings of the SharePoint file, which hyperlinked the user to an unsafe URL. Therefore even users that did not log in were vulnerable to hacking through the hyperlink, while users that attempted a login also provided their account information to the phisher.

The only way Microsoft can identify such attempts is to scan links within shared documents for URLs that appear to be created for the sake of phishing. Hackers have now become well aware of this. Even if all links are correctly identified, the software would have to blacklist links to all SharePoint files to blacklist the bad URL. This is not a practical fix for the problem.

The Hacker News reported that approximately 10 percent of registered Office 365 users had been targeted by a phishing campaign within just a two week time window.

 

What Should I Do?

Microsoft recommends, in addition to following best practices for trusting a claim of authority in an email, to:

  • Ensure the best ATP anti-phishing software and updates are installed.
  • Use all applicable anti-phishing features.
  • Use the Security & Compliance Center for more information and system- or software-specific instructions and optimization.