Ulistic Projects Blog

Girl Scouts of the USA recently announced the addition of 30 new badges now available for Girl Scouts aged 5-18. The new badges were created to address a number of today’s most important social issues, including environmental advocacy, cybersecurity, robotics, computer science, and space exploration, among others.

Girl Scouts of the USA has long served as a means for young girls to acquire life experience and develop a number of important soft skills, which include perseverance and confidence. The benefits of participating in Girl Scouts are proven. According to one study, Girl Scouts are over twice as likely to demonstrate community problem-solving skills compared to those who do not participate.

The Cybersecurity badge, funded by Palo Alto Networks, will introduce the girls to a variety of age-appropriate internet safety and privacy principles. They will first learn how the internet works, then learn techniques to spot, report, and further investigate cybercrime.

Cybercrime is on the rise, and the Girl Scouts are in a unique position to influence young girls all over the nation. According to the FBI’s 2017 Internet Crime Report, cybercrime resulted in more than 300,000 complaints last year with losses reaching upwards of $1.4 billion. Raising awareness about cybercrime is just one step toward combatting the problem, and with the help of their sponsors, the Girl Scouts are on their way toward arming a new generation of young people with the tools they’ll need to make a difference in internet security.

New Leadership Journeys

In addition to the cybersecurity badge, the new badges include two additional Girl Scout Leadership Journeys to help girls on their path to growth. Girl Scout Leadership Journeys involve hands-on activities to help girls utilize their new skills to tackle problems within their respective communities. These programs prepare girls to achieve success in fields like computer science, robotics, and cybersecurity.

Funded by Raytheon, “Think Like a Programmer” offers girls a valuable foundation in computational thinking, which will serve as the basis for next year’s Cyber Challenge, a first for the organization. The Think Like an Engineer Journey will help girls further understand how engineers approach and solve problems.

Phase one of the national computer science program for middle school and high school-aged girls has been run as a pilot in a small group of geographies since earlier this year. The program is expected to expand nationwide in the fall of this year, with select groups of Girl Scout councils piloting the upcoming Cyber Challenge next year in 2019.

Raytheon & The Girl Scouts: A Partnership

Raytheon Company, headquartered in Waltham, Massachusetts, is a leader in technology and innovation in civil government, defense, and cybersecurity solutions. With a history spanning nearly a century, Raytheon operates in more than 80 countries. The company has a long history of partnership with several Girl Scout Councils. It is the inaugural sponsor of the Girl Scouts’ computational thinking program, which will expose the girls to age-appropriate content across areas such as science, engineering, technology, and math.

Although women made up half of the current college-educated workforce, only 29% work in occupations dealing with science and engineering. The new partnership with Raytheon seeks to increase the number of female STEM leaders by encouraging girls to explore an interest in these fields early on. In fact, the Girl Scout Research Institute, GSRI, compiled a report, the Generation STEM report, which determined that 74% of teen girls demonstrate an interest in STEM fields; however, this interest fades as they get older and move on through middle school and high school. The decreased interest is thought to be the result of a lack of exposure to STEM fields in ways that pique their further interest and inspire ambition.

In 2017, the Millennial Cyber Security Survey, conducted by the National Cyber Security Alliance, NSCA, found that the majority of female Millennials said that more exposure to STEM information, training, and classes during their middle school and high school years would have had an impact on their interest in cybersecurity careers. These new badges will strive to empower young girls to achieve their goals across all industries, particularly those currently dominated by males.

History Of Girl Scouts

The Girl Scouts of the US have been making a difference across the nation for nearly a century. The first Girl Scout troop was established in 1912 in Savannah, Georgia by Juliette Gordon “Daisy” Low. Since then, the organization has grown exponentially, culminating into a membership of more than 2.6 million. Today, they continue to operate under the principles of courage, character, and confidence in hopes of making the world a better place.

 

How Can I Keep My Business Safe From an Email Scam?

Recently, small business owner, Phoebe Bell of Sage and Clare, a popular homeware designer business in Australia, opened up about her company falling prey to email scammers. Sage and Clare lost $10,000 from the hi-tech thieves who Bell says were most likely tracking the company’s emails for months.

As they have done countless times before, Sage and Clare placed a routine stock order with an unnamed supplier. In fact, Bell handled the order herself, emailing back and forth with the supplier about the order for several weeks.

In the midst of negotiating the order, the supplier informed Bell they had a new bank account to pay the money into for the order. Again, this was nothing out of the ordinary, Bell says because suppliers often change bank accounts.

After paying the $10,000 into the supplier’s “new account,” Sage and Clare discovered that their business was the victim of a scam, where a third party posed as the initial supplier. The scammers most likely hacked emails and read through the correspondence between Sage and Clare and the supplier, intercepted the specifics, and then redirected the payment funds.

Fortunately for Sage and Clare, they have the capital to recover from this loss. For some small businesses, losing $10,000 would cripple them.

Ms. Bell said that she was both embarrassed and distressed that this sort of thing could happen to her. She thought that she was smart enough to spot a dirty trick like this. When she opened up about the incident online, she found that many others had gone through a similar experience. She says that if someone had broken into her shop and stolen $10,000, the local police would come out and do a full investigation. But since the incident happened online, there’s nothing the police can do. She did report the theft to her bank, the Australian Federal Police, and the Australian Cybercrime Reporting Network (ACORN).

How Can I Train My Team to Spot Hackers?

How can you keep your business safe from these types of email scams? What kind of safeguards can you put in place to ensure that your business does not fall prey to thieves prowling for businesses who practice naive online transactions?

5 Effective Tools to Keep Your Australian Business Safe from Hackers in 2018

Routinely Train Your Employees

Almost 90% of Cyber Attacks are Caused by an employee’s human error or an honest mistake, according to a cyber consultant, Willis Towers Watson. These circumstances are commonly a result of employees giving sensitive information to hackers who pretend to be clients in need of information.

Routinely scheduling an online security awareness training for all your team will keep your company updated and vigilant to fend off hackers.

 Improve Your Technology

Having anti-virus software in place to protect your company’s site from viruses and malware is the first step in good cybersecurity.

It is essential to have the software updated on a regular basis. We all get the update software notices, and it’s easy to ignore or delay the update to the next day, week or month. Make sure your IT department stays on top of all updates and patches. This will ensure that each computer is up-to-date.

Here are some questions to ask yourself and your team to ensure you are protected from viruses and malware:

• Do we have firewall protection?
• Are our passwords strong?
• Do we use two-factor authentication?

Being able to confidently answer these questions will give you peace of mind that you are doing your best to keep your business safe from cyber-attacks.

Keep a Tight Rein on Internet Access

This key step is often overlooked by employers but is so important. Your IT department can set up your computers so that they cannot access risky sites. Make sure that important company information can only be accessed by a chosen few.

Another good tip is to make it a practice to stay informed about current online data breach scams. Routinely making a habit of following a blog that reports the latest hacking news will help you stay vigilant.

 Don’t Keep Unnecessary Data

It isn’t necessary to store old data or customer information that is outdated or no longer useful for the company. Too often, though, companies don’t take the time to purge old records. Instead, they end up keeping information such as credit card numbers and other sensitive information in their system for customers who are long gone.

When the information is of no further use to your company, have a system in place where it is deleted. This will ensure that you avoid the risk of revealing unnecessary customer information if you are breached.

Adhere to a Phishing Awareness Checklist

Sticking to a protocol of routinely checking off safety practices will keep you aware of potential phishing attacks.

Here are some suggestions of important checklist questions you may want to include:

• Do you recognise who’s sending the email?

If not, hover your mouse over the “From:” field to check for the right domain (i.e., an email from Yum Dog Treats should have a domain name of yumdogtreats.com).

• Can you identify the sender’s email address?

Don’t open anything when their name is not matched up with the email address. If “Katie Jones” from “Yum Dog Treats” sends you an email, her email address should most likely say something like kjones@yumdogtreats.com, not kjones1989@gmail.com.

• Is there an attachment the sender wants you to open?

Be suspicious of all attachments, but especially ones that have two extensions (i.e., file.doc.scr) or small files that are zipped.

• Is there a link from the sender?

If so, does the URL convey the message of the email? You can simply hover your mouse over the link to check the URL to read it.

Conclusion

With the current situation, cyber-attacks are increasing dramatically in Australia and around the world. No one is safe. It’s every person’s duty to remain informed and aware of these scams. Ms. Bell learned her lesson the hard way and it cost her $10,000 to do so. You may not be financially able to learn such an expensive lesson.

As providers are all too well aware, their payments from Medicare are affected by their score in the Merit-based Incentive Payment System (MIPS). MIPS imposes a number of requirements; if these are not met, payments may be reduced or denied.

The MIPS requirements apply to all Medicare claims, even those whose performance is not necessarily affected by a MIPS constraint. Among these universal requirements is the meaningful use of electronic health records (EHRs). Within the EHR requirements, we have the promotion of interoperability with other EHR systems, and within that, we have the security requirements. Among the security requirements is an annual security risk assessment.

What Has Changed?

In the Federal Register of July 27, 2018, the Centers for Medicare and Medicaid Services (CMS) proposes that the current security risk assessment requirement in MIPS be replaced. The suggested replacement will be an attestation to the activities included in the security risk assessment standard that has been performed in the past MIPS year.

This essentially switches the scoring of the security risk requirement from the equivalent of a numeric grade to a pass/fail scoring system. A practice or institution passes if it has done the assessment; how well it has done on the assessment falls by the wayside. The requirements are stated in a bare-bones fashion in the Code of Federal Regulations at 45 CFR 164.308.

CMS states that their rationale is, in part, a result of the realization that a risk assessment is done well, or not at all.

What A Serious Risk Assessment Entails

The thinking behind this can be found in the Office of Civil Rights (OCR) newsletter for April 2018.  This newsletter distinguishes a gap analysis (“find the holes”) from a security risk assessment (“make sure there are no holes”). It is a highly useful guide to discerning the scope and the level of effort required for a serious risk assessment.

An article on the HHS website goes into greater detail explaining what is subject to the security rules and why:

All e-PHI created, received, maintained or transmitted by an organization is subject to the Security Rule. The Security Rule requires entities to evaluate risks and vulnerabilities in their environments and to implement reasonable and appropriate security measures to protect against reasonably anticipated threats or hazards to the security or integrity of e-PHI. Risk analysis is the first step in that process.

The guidance issues from OCR noted that the CFR requirements are divided into two categories: required and addressable.

The addressable requirements are not optional. Rather, if the approach specified in an addressable requirement is not feasible, the provider organization must develop an effective alternative to approach to achieve the same end and document this. The tendency to document-but-not-implement should be firmly resisted.

Did You Really Do A Risk Assessment?

Experts suggest that OCR has significantly underestimated the time required to do a serious risk assessment. Obviously, you have to look at hardware-associated risks. Are the BIOS files in your desktops and laptops updated? Has router firmware been updated?

You must take a hard look at software-associated risks as well. Are operating systems patched? You must strategically assess administrative risks: are you enforcing complex password requirements? Are you using biometric identifiers? Is data access truly on a need-to-know basis?

A Helicopter-Level View Is Not Adequate

The reader may protest that those concerns are nowhere to be found in the guidance. True. The point is that an adequate risk assessment will have revealed these as questions that need to be asked on a day-to-day operational basis. A risk assessment that is not dynamic misses all the critical points of vulnerability.

A risk assessment should point out any unnecessary risks and then offer a solid plan to eliminate them. It’s good to remember that the whole point of the endeavor is to make sure that the government (and all organizations) move toward better Internet and network security. With cyber breaches occurring on almost a daily basis, there’s every need to be more cautious about how we handle, store, and transmit Big Data.

The current cost of a data breach has reached between $1.3 million and $3.5 million. The number one most sought-after data that hackers are vying for is healthcare information. On the Dark Web, 30,000 up-to-date healthcare records will fetch a pretty price.

Conclusion

Under this proposed rule change, you will no longer be given a percent of compliance score on your risk assessment. You will simply be in or out of compliance. The upside is less administrative hassle; all you have to do is carry out the activities and attest that you did this. The downside is that this may lead to a relaxation of vigilance at a time when threats are constantly increasing.

 

 

Azure Stack has commanded plenty of loyal followers since its release, and it’s easy to see why. The platform provides many of the same great benefits users found in Microsoft’s Azure. Chief among them is the impact on multi-cloud environments. Building and deploying applications have become easier than ever before, and users are now able to enjoy the same familiar, tried-and-true tools to streamline their web operations. These factors plus a wide variety of others combine to create a solid case for Azure Stack.

Before you decide if a service like Azure Stack is right for your company’s IT structure, it’s important to know what benefits you’re dealing with. Knowing the basics of Azure Stack and its usage capabilities can help you determine whether it makes sense for your unique business needs.

What is Azure Stack?

It’s an extension of Microsoft’s Azure, and helps companies combine cloud computing with on-premises environments. Consistency is key with this type of platform, as it allows companies to deliver Azure’s unique services from their own unique datacenter for consistent hybrid cloud deployments.

What Are Some Benefits of Azure Stack?

There are many benefits associated with Azure Stack. For instance, users can apply Azure web and mobile services, architectures, and containers to extend legacy applications through the use of consistent processes in the cloud and on-prem. They can also build applications with a consistent set of tools and services, then deploy those applications to the appropriate location by writing code just once.

It allows companies the flexibility to seamlessly transition workloads between private and public environments, bringing a whole new world of potential for those who have long hoped for a turnkey solution to deploying applications. While deploying new cloud applications once took hours or even days, with Azure Stack, users can deploy them in mere minutes with the use of prebuilt solutions from Azure’s Marketplace. Add-on products, such as Commvault Hyperscale, are also integrated easily with Azure Stack.

One other perk users find in Azure Stack is its payment structure. Users pay only for the services they actually use, which can also be found in Azure.

How Can Azure Stack Be Useful For Federal Agencies And Financial Service Providers?

While Azure Stack is beneficial to companies across diverse industries, its capabilities are particularly helpful in the federal agency and financial services realms. Nearly all industries must comply with some sort of financial regulations, required either by internal policies or by customers. Security-wise Azure Stack satisfies requirements that dictate sensitive data must be stored in one tightly managed location.

Among the many benefits of Azure Stack for federal agencies is the ability to provide edge and disconnected computing for remote users, such as military members in a combat zone or other areas where access to the cloud may be difficult to come by. The ability to process big data at the edge and have this data sent to one central location is highly useful to federal agencies.

Additionally, Azure Stack allows large agencies to build out private clouds to serve their internal teams, which provides specialized services both cost-effectively and securely. Azure Stack allows federal customers to remain compliant with governing regulations that call for the security of privileged and classified information, which may later be moved to a public cloud once those security requirements expire.

Adequate security is vital in the financial world, and today’s top financial organizations simply can’t afford a breach. Large financial service providers have the opportunity to host Azure Stack-as-a-service to other business units, resulting in a private cloud that becomes a consumable service. With this, business units are able to avoid the security issues that come from operating outside of a private cloud. Financial service providers are also able to now scale quickly with Azure Stack, given their ability to transition to the public cloud during times of heavy traffic.

What Are Some Azure Stack Storage Options?

When it comes to persistent storage while using Azure, developers are faced with three basic options:

1. Tables
2. Blobs
3. SQL Databases

The latter is a database-as-a-service that offers a variety of the same features found in SQL servers, but without the overhead of one key figure: database administration.

Tables have the capabilities to support upwards of 200TB of basic structured data. This may be a good option for those who prefer a NoSQL database, similar to that of MongoDB, but without the need to manage a data store service.

There is also the option of Blobs, short for binary large objects, which are unstructured storage objects built for the storage of binary data. It can be accessed through API commands or REST, and has about the same storage capacity as Tables.

Wrap Up

All in all, Azure Stack has proven well worth its weight in terms of convenience for developers. If its current state is any indication, there should be plenty of exciting new features to look forward to in the years to come.

Which Tablet Is Best For You: iPad Or Microsoft Surface Go?

Microsoft recently announced a new budget-friendly tablet called the Surface Go with a lower price than previous tablets. This new Surface Go 2-in-1 tablet is Microsoft’s attempt to make it more affordable and accessible for consumers. It doesn’t have the muscle of the Core i7-powered Surface Pro, but it’s half the price. To compete, Apple took a similar approach when it lowered the price of its baseline iPad to $329 ($299 for educators). It’s not as powerful as the iPad Pro, but it’s much less expensive for everyday customers.

Let’s break down what each of these tablets, the Microsoft Surface Go, and the iPad, offer you and find out what is the best tablet for you.

Software

How are they similar?

Both iPad and Microsoft Surface Go are 10-inch tablets with optional keyboards and stylus pens. They also allow you to use a bunch of apps for both work and entertainment similar to a smartphone. Aside from those similarities, Apple and Microsoft obviously are different in just about every aspect of the software hemisphere.

How are they different?

The Surface Go comes with Windows 10 S. This is the scaled-down version of Windows 10 created specifically for tablets. It is similar to Windows 10 Home, but can only use apps from the Microsoft’s Windows Store. Consumers are able, however, to upgrade to Windows 10 Home for free and use their Surface Go like a full Windows system.

The downside of this is that you can’t then revert back to Windows 10 S later. The upgrade, in the long run, seems worth it, because the full Windows experience offers more flexibility than a tablet-only Windows product. While there’s plenty of software available at the Microsoft app store, it pales in comparison to the amount you’ll find from other sources of Windows software, or the Android or iOS app stores.

The iPad uses Apple’s iOS, the same OS used by the iPhone. The iOS App Store features millions of apps of every kind, and you can enjoy the same user experience you do on the iPhone but in a larger version. The downside is that there’s no way to get access to macOS or OS X Mac software that is in the MacBook Pro on the iPad.

Display

How are they similar?

Both tablets have 10-inch screens, and they both are capable of stylus use.

How are they different?

Apple has much better resolution, but Microsoft has an edge in display size. The Surface Go has an 1800×1200 10.6-inch PixelSense display custom-built for the tablet. The iPad’s 9.7-inch Retina display has a narrower aspect ratio and a higher resolution, 2048×1536 pixels. In simpler terms, the iPad’s screen is slightly smaller than the Microsoft Surface Go, but it is crisper, featuring a pixel density of 264ppi as opposed to the Surface Go’s 217ppi.

Processor

Microsoft Surface Go

The Surface Go uses the Pentium Gold 4415Y CPU, which is a significant move down from a Core series chip. Not enough independent tests have been performed to see how exactly it will compare to the other Surface Pro tablets at this time.

iPad

The iPad uses Apple’s A10 Fusion chip, the same one that the iPhone 7 used. It’s a generation behind the A11 Bionic chip that the iPhone 8 and iPhone X uses, but it still does an extraordinary job inside a tablet.

Storage/RAM

The baseline Surface Go boasts 4GB of RAM and 64GB of onboard flash storage, twice as much as the iPad. The baseline $329 iPad features 2GB RAM, 32GB storage. Another edge the Surface Go has in this area is the ability to upgrade. The Surface Go has a microSD card slot, so you can expand storage, unlike the iPad.

Size

The iPad is marginally slimmer and lighter than the Surface Go. Apple’s 9.4-by-6.6-inch tablet is just 0.29 inches thick and weighs 1.05 pounds. The Surface Go is a tad bit thicker (0.33 inches), a little larger in footprint (9.6 by 7 inches) and weighs a tiny bit more (1.15 pounds).

iPad 2018 and Surface Go-Specs Side by Side:

iPad 2018                                                                    Surface Go:

A10 Fusion chip (2.34GHz quad-core) with 64‑bit architecture; embedded M10 coprocessor	1.6GHz Intel Pentium 4415Y processor (7th-gen Kaby Lake)
2GB RAM	4GB or 8GB RAM
32GB or 128GB storage	64GB, 128GB or 256GB storage
9.7in LED-backlit Multi-Touch display with IPS technology; 2048×1536 at 264ppi; 4:3 aspect ratio; supports Apple Pencil	Intel HD 615 integrated graphics 10in IPS screen; 1200×1800 at 217ppi; 3:2 aspect ratio; supports Surface Pen stylus
8Mp rear-facing camera; f/2.4 aperture; Live Photos; Panorama (up to 43Mp); 1080p HD video recording; slo-mo (120fps)	8Mp rear-facing camera
1.2Mp front-facing camera; f/2.2 aperture; Live Photos; Retina Flash; 720p HD video recording	5Mp front-facing camera
802.11a/b/g/n/ac Wi-Fi; Bluetooth 4.2; Lightning port; headphone jack	802.11a/b/g/n/ac Wi-Fi; LTE later in 2018; 1 x USB 3.0 Type C; 1 x Surface Connector; microSD; headphone jack
32.4Wh rechargeable lithium-polymer battery; estimated battery life 10 hours (Wi‑Fi), 9 hours (mobile data)	27Wh rechargeable battery; estimated battery life 9 hours
iOS 11	Windows 10 Home in S Mode
240mm x 169.5mm x 7.5mm; 469g/478g (Wi-Fi/cellular)	245mm x 175mm x 8.3mm; 522g