According to SC Media:

In January 2018, a Long Island, N.Y., medical practice left an exposed port normally used for remote synchronization open, exposing at least 42,000 medical records.

UpGuard Director of Cyber Risk Research Chris Vickery found that port 873, normally used for remote synchronization and moving data between devices (on a server belonging to the medical practice of Cohen Bergman Klepper Romano Mds PC), was open and configured for global access allowing anyone who knew the server’s IP address to find the data. A secure server would only allow access from select IP addresses, UpGuard wrote:

The flaw allowed the patient names, Social Security numbers, ethnicity, insurance information, dates of birth, phone numbers and insurance information of the Huntington, N.Y. practice to be exposed. In addition, physician’s personal information to include Social Security numbers and more than three million of the doctor’s notes on their patients along with emails were also left unprotected, UpGuard said.

The unsecured server was found on January 25, 2018, and finally secured on March 19.

“Beyond the obvious sensitivity of any exposure of an individual’s medical background, the leak of patient – and doctor – Social Security numbers, in association with personal details like home address, insurance information, and date of birth, provide ample ammunition for fraudsters. Armed with the contact information for patients, and the knowledge of which doctor’s office they go to, malicious actors could also socially engineer exposed individuals, posing as a representative of the physicians to further extract sensitive information,” UpGuard reported.

This is a warning to patients who have visited the Huntington, New York practice, along with doctors’ offices and healthcare organizations across the country.

Part of the problem is that the Health Insurance Portability and Accountability

Act is so complicated that most organizations hire specialists to handle all their compliance needs. This at odds with the original intent of HIPAA. It was supposed to improve patient privacy by simplifying administrative procedures, reducing costs and upgrading the level of security throughout the healthcare industry. HIPAA seems to have accomplished just the opposite on all fronts.

Under HIPAA, any organization that deals with patient information must comply with their regulations. This includes anyone who retains, accesses, stores, modifies or destroys protected healthcare information. In order to fully comply, it’s necessary to create a solid audit trail of any disclosures, whether past, present or future.

An organization must be diligent to protect any information that might identify the patient. Although the HIPAA Privacy rule deals more with any type of protected health information (PHI), the HIPAA Security Rule focuses more on the electronic side of things.

Healthcare professionals should become familiar with the two sides of HIPAA regulations:

The privacy of patients. HIPAA maintains strict rules for protecting the health information of an individual. PHI refers to demographic information, medical history, test and laboratory results, insurance information and other data that a healthcare professional needs to identify an individual and determine appropriate care.

Key identifiers such as phone numbers, patient ID numbers, social security numbers, insurance ID numbers, electronic mail addresses and even some vehicle ID numbers. In fact, there are 18 different types of information that might reveal the identity of a patient. These must all be protected from intruders.

With so many hacking and cyber-theft events occurring each year, it has become even more challenging to protect the personal health information of every individual.

The process is even more complicated by the fact that personal data can be stored in a number of different devices. You may have electronic protected health information (ePHI) stored in your email server, voice mail, fax machine, computer, cell phones, tablets, medical devices and other places. In any area that is considered within the purview of the organization, there are serious financial penalties for breaches. The fines range from $100 to $1.5 million.

Did you know that healthcare hacking is the leading cause of data breaches?

Here are a few more examples:

The prominent Washington University School of Medicine learned about a phishing incident on January 24, 2017, when an employee responded to a phishing attack on December 2, 2016. The Office of Civil Rights (OCR) said that 80,270 individuals might have been affected.

“This phishing scam allowed some of Washington University School of Medicine’s patient data to potentially be accessed, the school reported on its website. The accessed employee email accounts may have included names, birth dates, medical record numbers, diagnosis and treatment information, other clinical information, and Social Security numbers in some cases.”

Texas-based Urology Austin, PLLC in Texas revealed that they experienced a ransomware attack on January 22, 2017. Within minutes of the attack, they shut down their computer network. However, OCR reported that 279,663 individuals’ private data might have been affected.

They immediately took steps to restore the impacted data and their operations. A Urology Austin representative told local news that they didn’t pay the ransom and that they were able to restore the patient information from a backup.

The odds that a data breach can happen at your healthcare organization

have greatly increased. This is because healthcare workers generally lack cybersecurity awareness.

Some alarming statistics:

• 24% of healthcare workers lack awareness about phishing emails as compared to 8% in non-healthcare sectors
• Only 18% of healthcare employees were able to recognize phishing emails. Physicians were 3 times worse at it.
• 88% of healthcare workers opened phishing emails.
• 50% of doctors were in the “risk” category, making them disposed to commit a serious data breach.
• Healthcare employees exhibited less knowledge about cybersecurity than did the larger population.
• 24% of physicians couldn’t identify the common signs of malware.
• 30% of healthcare workers took risks that put the safety of patient records at risk.
• 23% failed to recognize forms of malware.
• 18% chose the wrong actions when they were given scenarios to respond to. Many thought it was okay to share patient data via their personal email accounts or over insecure cloud platforms.

Healthcare hacking and IT incidents accounted for the majority of large-scale incidents in 2017.

According to the 2017 Cost of a Data Breach Study: Global Overview, healthcare data breach costs are the highest for the seventh straight year. Data breaches from healthcare organizations cost $380 per record. This is greater than 2.5 times the global average in other industries.

Beyond ensuring that your ePHI and other confidential data is secure and protected at all times, you must provide cybersecurity awareness training that’s conducted by a professional who understands ePHI and what healthcare employees need to know.

It’s obvious from this data that healthcare entities are not properly educated and prepared to defend themselves against sophisticated hacking attempts today. From these statistics, you can see that these organizations are at risk of HIPAA noncompliance.

Your first layer of defense is your employees. They require professional security awareness training that includes both privacy awareness and demonstrations on how to recognize phishing attempts and what to do if they receive one.

It’s only through ongoing Cybersecurity Awareness Training that you can keep your healthcare employees apprised of the latest sophisticated threats, how to mitigate them and what to do protect your organization from severe, negative consequences.

According to the US Department of Health and Human Services, employee cybersecurity awareness training should meet the following 4 objectives:

1. Develop and demonstrate foundational-level knowledge of cybersecurity.
2. Employ best practices to protect privacy and safeguard Controlled Unclassified Information (CUI).
3. Recognize cyber threats to information systems.
4. Identify and report potential cybersecurity and privacy incidents promptly.

5 More Tips:

 Regular and Recurring Security Training Is Essential.

Hackers are constantly developing new, sophisticated methods to trick your employees into clicking on malicious links and downloading dangerous software. For this reason, it’s critical that your employees stay up to date on the very latest security threats and how to avoid them. Additionally, refresher training will keep them on their toes and save you a lot of worries.

 KISS (Keep It Simple and Secure)

If the security measures you teach are complicated and difficult to follow, your employees won’t remember them. Instruction should be clear and concise with ways for employees to easily remember your policies and rules. This is another reason why it’s always best to defer to IT professionals to train your staff.

Your Employees Need to Know How to Respond to Security Incidents.

Along with teaching your staff how to avoid security incidents, they should be aware of how to appropriately respond to them. What should they do if they come across a malicious attachment or link? What should they do if they accidentally click on one? Make sure they know what to do and who to contact.

Teach Your Employees about Cybersecurity for Their Personal Use.

It’s also important to teach your healthcare staff about network security for their personal purposes, such as when purchasing items online or what to do if they receive phishing emails on their personal accounts. They should also know how to protect their personal information on your organization’s network.

Make Sure Security Support is Easily Accessible.

Ensure your staff knows where to go if they have security questions or concerns. Your Technology Service Provider (TSP) will have a 24/7 Help Desk for support and assistance with these concerns or anything regarding technology. Plus, if an employee does come across a ransomware attempt, your TSP can intervene remotely to remove any malware and ensure your ePHI and confidential data remains secure.

Don’t become another statistic. Keep your healthcare organization off the Wall of Shame. Contact our HIPAA Cybersecurity Experts for assistance.

We all hear the rumors, the buzz, and constant speculation any time there is a hotly-anticipated iOS release hyped at an Apple keynote. We read the online gossip about the features announced and compare past keynotes.

If you’re reading this, you’ve been there. We have, too. More importantly, we ask the same questions. Will my current iPhone or iPad be supported? Will there be settings to make my iPhone or iPad operate more efficiently, and improve battery life? That’s the ultimate goal for every Apple product user. That, and the glittering unicorn emoji, naturally.

So, let’s dive right into Apple iOS 11.3, shall we?

The release of iOS 11.3 is the third follow-up to the overhaul that was iOS 11 from 2017, and – if Apple is being honest – it’s entirely due to the scandal for which news broke just before Christmas.

Owners of older iPhones are going to love Apple iOS 11.3 because it’s the promised “fix” to the controversial iPhone-slowing process that Apple covertly implanted in our beloved iDevices, intended to slow down the operations of dated models to prevent “sudden shutdown” of the iPhone. (Pssst…Apple…we didn’t believe you!)

Unless you’ve been comatose for the last six months, you’ve heard of Apple’s scandal in admitting it slowed down older phones. There were vague excuses, but it felt like a confirmation to many who joked that it seemed like Apple implanted alarm clocks of sorts that made iDevices slow to a crawl around the 20-month mark, fueling the desire to upgrade the device to the latest version – a well-controlled supply and demand market. Cue Apple’s admission and iDevice owners worldwide felt vindicated, completely ignoring that gnawing feeling of how many devices we feel we’d been tricked into purchasing since the release of the very first iPhone over a decade ago. It wasn’t until after Apple’s offer of battery replacements – at a “discount” – and this release to put control back in the hands of the user that we began to realize that we feel a bit violated.

Looking more closely, Apple offers several features in iOS 11.3, so let’s take a closer look at the highlights of what we get with our digital apology.

• Animoji: Have you ever wanted to turn yourself into a bearmoji? Available in the Messages app, now users can select the bear, dragon, skull and sullen lion characters to mimic facial movements and include voice recordings.
• Apple News: Apple News: A new, customizable “For You” section with personalized content, including video.
• Advanced Mobile Location: An improvement on Location Services, when toggled on this setting automatically shares a user’s location with emergency services when an emergency call is initiated.
• App Store Updates: Updates impacting user experience, like the ability to sort reviews by Most Recent, Most Helpful, Most Favorable, and Most Critical, have been long awaited. Thanks, Apple, for catching up and giving users what is most helpful! Apple is recognizing that users want more control and customization of their devices and this update, which also includes file size of updates, will make the App Store more useful in general.
• Security Improvements: Ever a concern, Apple detected cybersecurity vulnerabilities in Mail, Find My iPhone, iCloud Drive, and the Phone and Clock apps and patches for these were included in the 11.3 release.
• Battery Health: The infamous battery issue has its own setting! Users can get up close and personal with their battery details in Settings, Battery, Battery Health (Beta), and see maximum charge capacity and peak performance capability – and the battery will also indicate if it needs replacing.
  • It’s only when the charge capacity is less than 100% that users will see a message that “performance management” features have been applied (aka, the slowing-down effect) and offering the user the ability to disable this. Users might notice increased operation speed, but Apple warns to expect sudden shutdowns.
  • Note: Disabling this feature is semi-permanent; you cannot turn this feature back on unless a sudden shutdown occurs and then this message reverts.

• Health Records: iPhone owners can now store personal medical records on the iPhone, including the ability to connect to medical providers and download encrypted records. Have information about allergies, medications, tests, and results, vaccinations, and a plethora of medical details at your fingertips. We expect this feature to continue to evolve.

The Big One:

• Updated Privacy: Apple is recognizing that their community greatly values their privacy, and is vowing to help do more to safeguard it.

After installation of iOS 11.3, users are greeted with a welcome message going into more detail about its new Data & Privacy feature that states, “Apple believes privacy is a fundamental human right.” The good news is that Apple is now trying to be very transparent with regard to what data it collects from users. To be fair, iPhone owners are Apple customers, and with this relationship, a degree of consumer information is expected in a transaction. Is Apple not held responsible for maintaining the security on our iPhones? We, therefore, assume they require tidbits of consumer information but also have ironclad security with which to protect us – fair trade on the smallest scale. Apple now tells users what data it collects and why just inside Apple apps with a small icon that looks like two shaking hands. The irony is that much of this information has been included in the privacy policy offered by Apple for iTunes transactions (over 1,000 words, roughly).

Compatible iDevices – iPhone 5S or newer, iPad mini 2 or later, 6^th generation iPod Touch or newer, and the 2018 iPad – will (or will have already) receive automatic prompts to install iOS 11.3, but it can also be manually installed via Settings, General, Software Update. The focus with 11.3 is the iPhone, but iOS doesn’t only run on phones, so the new operating system comes with the goal of overall efficiency and privacy.

We love our iPhones (and iPads, too), and we keep endless information on these tiny pocket computers that run our daily lives. From phone calls to text messages, from email to apps, from appointments to reminders, our iPhones hold the key to our productivity and our connectivity, and we want control over how they function. Apple finally recognizes and concedes (some) control to users with iOS 11.3, and we expect even bigger things to come from this.

Apple, this is the beginning of an even better, stronger relationship!

Your company is busting at the seams. Staff is piled on top of each other. You’re growing, but the building isn’t. The time has come to move your office and your technology. Where do you begin? 

If you stick with us, we have it all sorted out for you, with our “Top 5 Easy Technology and Office Moving Tips.”

The best moving plans always start with a little bit of reconnaissance. Getting it down in writing, as you would see on a blueprint.

• What you want
• Where will you be located
• What will your new location look like
• Where will your technology be installed
• Will you need to upgrade or replace your equipment
• Will you need to renovate the office space
• What are the parking slot allotments per business
• How to minimize office downtime through your move

As you consider your move, remember, your technology has become one of your employees, in many respects. Behind the scenes, they operate quietly. Your technology performs a high volume of functions, not seen by you and your staff.

Without them, your company doesn’t function smoothly. So, your technology moving plan is as vital as your office moving plan. Implementing the process takes careful and timely planning.

Tip 1. Phone System Evaluation

At your new location you will want to:

• Establish a new internet connection
• Install new phone lines
• Run new cables

Ask yourself: Is it time for equipment upgrades or replacements? How long have your phones been in use? What are the phones speaking and listening quality? Is it hard to hear the caller? Do you or any of your staff sound garbled when speaking? Are the warranties valid or have they expired?

Quick warranty tip – Most phone equipment warranties do not go beyond 24 or 36 months. If you’ve reached those milestones, go ahead and replace.

Installing new phone equipment will save you money, adapt to more modern technology, and new warranties are in place.

As you plan for additional growth, new phones allow you to:

• Use video conferencing
• Forward voicemails to email
• Use an IVR system
• Improve call quality

Let’s also not forget telecommunication providers bundle packages, with new installations and low-cost introductory offers.

Tip 2. Cloud-Based Services

At your new location simplify your process. Maybe clean-up IT processes. Starting with Internal Server and Infrastructure. If you keep your current physical set-up, you will need to create new operation protocols.

On the other hand, you could switch over to Cloud-Based Services before your office move. What could you move into the Cloud that would free up physical space at your new location?

1. Accounting
2. CRM
3. Email
4. Files
5. Phone System
6. Administration
7. Industry-specific software

Anything currently at your location you can send to the cloud reduces your overhead costs and secures your system. You will also eliminate the expense of installing and the upkeep of a secure server room.

Tip 3. Connectivity and Floor Layout

Here is where you must do a physical walk-through of your new location. Before you conclude, your Wi-Fi will work step into the building, look at every square inch of the landscape. What is the construction of the walls? (Some interior building walls make connectivity difficult due to their development and materials)

These are the physical attributes and barriers you’ll want to look for:

• Floor layout
• Office configuration
• Wall and ceiling textures
• Water Damage
• Mold and Mildew
• Technology services availability
• Types of technology your neighbors use

Consider hiring a building inspector, that specializes in Connectivity and Technology office space setups. Laying the groundwork here removes any negative impact on employees, should the Wi-Fi connection be blocked and not work on opening day.

Tip 4. Internet Speed and Connection

Frustrated with your internet speeds? All of us have at one point. As you plan your office and technology move, now is the time to improve this necessity. Before you move to your new building, check with your provider to see if there is a cost break on the new service. What you may be paying now is for existing service at your current location, not the new one.

You’ll want to coordinate, with your provider when your new Internet connection goes live. We recommend giving plenty of notice, should you or a staff member needs to be at the location when the service technician arrives.

Tip 5. Transition and Moving-Day

As stated above: “Simplify your process.” Before you make that rapid transition, from one phase of your business to another, consider cutting over before you move.

If you can do it without hindering your business, cut-over before your move date. This part of your transition will make your final relocation simpler. If you are having new equipment installed, before your move, this part of the transition will be fast too.

Finally, these five items stay in place before your move:

1. Furniture
2. Computers
3. Servers and network equipment
4. Public IP Address (if it’s still needed)
5. Phone Number Block migration to the phones lines at the new office

Taking the time to consider these items will make the overall office relocation project a more positive experience for everyone involved, including you.

 

Your most valuable asset has nothing to do with information or data you store, but rather within your human resources departments – which may also be your greatest weakness.

Cybercriminals don’t sleep. Nope. In fact, it’s when we sleep that cybercriminals are the most active! There is a good stretch of time during which they can cause significant damage before we rise to start our day, much less notice. While the rest of us are sleeping, cybercriminals are like attendees at an all-night rave with glow-in-the-dark colors splashed about the otherwise-pitch-black room, in the form of paint, black lights, and glow sticks worn by the party goers. Loud music pumps up the energy well into the wee hours of the morning, until just before Average Joes rise at the sound of their alarm clocks to prep for the workday.

Unlike the revelers at the rave, cybercriminals – hackers – aren’t dancing the night away in black leather and copious amounts of hair gel, although we can’t guarantee their wardrobe or style choices. What we can guarantee is their activity: seeking a network with even the tiniest cybersecurity vulnerability which they plan to exploit to their every advantage. This is where your greatest asset comes in: human resources. These human resources are not the team members that oversee onboarding, payroll, benefits administration, or anything like that. We literally mean the resources on your staff that is human! The people that get the daily tasks done are an organization’s greatest asset, even more so than the most dedicated and loyal customers that spend the most money.

Think of these human resources like cheerleaders in a human pyramid: the company is only as strong as the weakest link. This group of individuals is the frontline of defense when it comes to a network’s cybersecurity, and no individual is foolproof. That’s the goal of any hacker, to find that one email address or Internet user that isn’t as solid on defense and wriggle inside with covert tactics.

Most professional organizations install some form, or multiple forms, of antivirus protection at the user-level, as just one of the methods to safeguard against cybersecurity vulnerabilities. End-user antivirus software has remained one of the most effective and reliable methods to protect against infiltration, but antivirus programs have three major faults:

• Antivirus programs are only as “good” as the programmers that designed them.
• Antivirus programs are only effective when installed and used properly by the end user.
• Criminals don’t follow the rules.

That last part is the most important of everything you need to keep in mind for your cybersecurity needs. Hackers have their own set of rules, and those rules change faster than anyone can keep up – including antivirus software developers.

How does antivirus software work? Software installed to protect at the user level, known as endpoint protection, is design to detect and block a virus or malware from taking root on a user’s computer, or worse, accessing a network to which the user is connected. If a user encounters a threat, the antivirus software detects the threat and blocks it using a string of text – an algorithm – it recognizes as a known virus. The virus file tries to take one action or sequence of actions, known to the antivirus software, and the algorithm recognizes this behavior and prompts the user to take action against the suspicious behavior.

The threat landscape is evolving, and new viruses and threats are constantly emerging – faster than antivirus software programs can keep up. Increasing security challenges present ongoing opportunities to strengthen cybersecurity. Brand new viruses emerge and antivirus programs react with new updates to maintain optimal protection for the user’s computer or network. The problem is that the antivirus software industry is in a constant reactive state. Detecting in advance is more proactive, but it relies on predicting criminal behavior. The good news is some viruses behave similarly because of their design, and this helps antivirus programs detect “families” of viruses, including some newer versions.

The trouble is like we mentioned before, is that criminals don’t follow rules. Cybercriminals already know how antivirus software programs work, and the most effective means by which to ensnare a victim to gain access to a network. The number of new viruses being detected each year drastically decreases, which poses the question of whether fewer viruses are being created or antivirus software programs are less effective. It’s not a great position to be in, and a question no business owner ever wants to be forced to answer.

There are many arguments that claim virus detection software programs aren’t as effective in the last 12 months as compared to the previous time frame. Current overall detection rates for the last 12 months are averaging right near 70% of the time. Considering this number is nearly three out of every four instances where a threat is detected before it has the chance to impact a user or network, it’s not a terrible statistic, but it’s still incredibly scary. The potential damage a virus that slips through these cracks can cause is immeasurable.

• Reports have shown the average number of professional emails received per day is near 125. Of these, about 75 are legitimate, which means that roughly half of all emails received are spam. These only represent the number of messages that clear security filters.

After digesting these scary numbers, consider an even scarier number: the IT budget for an organization. This is the number by which an organization’s ultimate cybersecurity strength is measured.

• Do enough resources get allocated to training end users?
  • If your human resources – end users – are those responsible for not falling victim to a cyber-attack, help prevent them from being the weakest link that allows access to your network.
• Does enough of the budget account for emerging cybersecurity needs?

Your human resources are your greatest asset, but only if properly armed with the right tools and knowledge to protect themselves, a network, and the organization for whom they work. The right cybersecurity awareness training and education can be the thin line between an organization’s success – and failure.

17 Product Groups Named-Their Production Halted and Update Support Ended After Irrefutable Evidence Uncovered Flaw in Intel Chips.

The information about the Spectre attacks came to light back in January 2018. Intel and other technology firms and vendors were made aware of research findings by Paul Kocher from Spectreattack.com and Jann Horn from Google Project Zero.

Paul’s collaboration team regarding the chip flaw and the notorious Spectre Attacks were:

• Daniel Genkin (the University of Pennsylvania and University of Maryland)
• Mike Hamburg (Rambus)
• Moritz Lipp (Graz University of Technology)
• Yuval Yarom (University of Adelaide and Data61)

The research findings from Paul Kocher’s team and Jann Horn supported what the U.S. Department of Commerce’s agency, NIST (National Institute of Standards and Technology) found. At NIST’s, National Vulnerability Database website is the research published on January 4, 2018.

Take note of these excerpts, the indirect branch prediction and branch prediction in both announcements:

CVE-2017-5715

Current Description: “Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.”

CVE-2017-5753

Current Description: “Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.”

After the findings arrived, on January 3, 2018, Intel responds to Paul and Jann’s security research findings with this disbelieving statement: “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”

With the proof in front of them, Intel believed the research reports were flawed and incorrect. The idea of these acts caused by a “bug”, or a “flaw” was not possible. Their explanation was, “there are many types of computing devices, using different vendor’s operating systems and processors. All are at risk of being exploited.”

But Paul’s team exploited speculative execution and had solid proof.

They experimented on multiple x86 processor architectures. They used the Intel Ivy Bridge (i7-3630QM). The Intel Haswell (i7-4650U). The Intel Skylake (unspecified Xeon on Google Cloud) and finally an AMD Ryzen processor.

In every test, the team observed the Spectre vulnerability across all of these CPUs. Similar results on both 32- and 64-bit modes, and both Linux and Windows. Some ARM processors also support speculative execution, and the initial testing confirmed, ARM processors could not pass the test.

When they attacked using native code, they were able to read the entire victim’s memory address space, including the secrets stored within it, with ease.

When they attacked using Java code, they successfully read data from the address space of the browser process running it, with zero effort.

The research evidence was irrefutable.

Their results showed there was a flaw in Intel chips.

A day later, January 4, 2018, Intel issues updates to protect systems from security exploits. They released this statement: “Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and servers — that render those systems immune from both exploits (referred to as “Spectre” and “Meltdown”) reported by Google Project Zero.”

Three months later on April 2, 2018, Intel’s Microcode Revision Guidance is released and what’s inside exposed the truth. In this 19-page pdf document, you will find 17 product groups listed, (color-coded in red), productions halted, and update support has ended.

Looking through the guide, you will find the columns listed by Product Names, Public Name, CPUID, Platform ID, Production Status, Pre-Mitigation Production MCU, STOP deploying these MCU revs, and New Production MCU Rev.

The pages with the discontinued products are below:

• Page 4: Bloomfield and Bloomfield Xeon
• Page 7: Clarksfield
• Page 8: Gulftown and Harpertown Xeon CO & EO
• Page 11: Jasper Forest
• Page 12: Penryn/QC
• Page 15: SoFIA 3GR
• Page 16: Wolfdale CO, MO, EO & RO, Wolfdale Xeon CO & EO
• Page 17: Yorkfield & Yorkfield Xeon

When you review the columns, you will see one labeled STOP deploying these MCU revs. Intel’s definition for this column is as follows:

• Intel recommends discontinuing using these select versions of MCU that were previously released with mitigations for Variant 2 (Spectre) due to system stability issues.

Intel also states in their Microcode Revision Guidance Legend:

• “After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release”
• “Microcode updates for these products for one or more reasons including, but not limited to the following:”
• “Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)”
• “Limited Commercially Available System Software support.”
• “Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.”

As you can see, Intel’s exhaustive investigation could not discredit Paul, Jann and NIST’s research and proof. Intel decided, due to microarchitectures and microcode capabilities, for the specific products listed, not to move forward and release microcode updates for these products.

If you own a PC, Mac, or Cell phone, a Spectre attack can affect your device. If you use Cloud Services, your provider’s infrastructure may be vulnerable to a Spectre attack and theft of customer’s data. If your device uses any of Intel’s older microprocessors, you may be shopping around for a new machine.

Social media is big business and has the potential to drive millions of visitors to websites, engage directly with customers on a public platform, and solve – or create – problems in real time. What is the future of “social business”?

Twenty years ago, marketing and promotions were simple and straightforward. The majority of efforts were focused on print: newspaper and magazine advertising, The Yellow Pages, direct mail, billboards, and perhaps flyers. Email marketing was in its infancy, and digital marketing wasn’t quite yet an industry – though there are firms that argue this time frame. Metrics were relatively predictable, and results were in the form of sales and revenue.

• Yes, The Yellow Pages telephone directories still offer printed books. Publishers of “phone books”, as they’re often referred to, reduced paper usage by half before 2013, and major efforts are in place to ensure unused or outdated materials are recycled.

This is not the case today! There are so many facets to “digital marketing” that it’s safe to say the industry is constantly evolving. Yes, constantly. The rules change just as often, and the de facto rule-maker is Google. Google has the famous “Google algorithm”, by which all search parameters are defined. If a business or brand doesn’t meet Google’s search preferences, they’ve wasted their time and won’t make the first page of a user’s search results – and when was the last time you clicked past the first page of results in an average Google search?

There are ads within emails and ads on websites, and even “sponsored results” in an Internet search. Consumers have ads coming at them from every angle of the Internet, so why would social media – including the King of Social Media, Facebook – be any different? It’s not. In fact, a Facebook user is valued even more highly than a search user. The Facebook user is already engaged with a website, and it’s one where the content that loads is customized and personalized for each user. Google tries to do this with search results, but there’s only so much Google can do with a string of words and no context. Both Google and Facebook have the user’s history of cookies, but Facebook has the incredibly valuable position of knowing a user’s friends, families, what content a user likes – literally “likes” by clicking the blue-and-white thumbs-up symbol – and what news stories, photos, and content a user clicks on and engages with. In this context, Google’s metric is the click in terms of the value of a visitor, whereas Facebook’s value of a click is a highly-engaged user already on the website and opting to give more of their time and attention. The ultimate competition comes down to the value of a visitor versus the value of a click.

After evolving from a social platform into a platform that can be highly monetized, Facebook turned the digital marketing industry upside down with the newly-invented notion of advertising right in front of Facebook users. Any organization or brand that has ever paid for advertising on Facebook is used to Facebook changing things up by now – after all, Facebook changes their approach on a regular basis. After seizing the lead and maintaining this very profitable position for years – and years – the brain trust recently announced a bold decision to simplify their overall approach – after long being the primary innovator in social media and marketing and carving the path which others follow today.

Facebook Advertisers Are Users, Too

Facebook users fondly recall a time when privacy settings at the user level resembled a “stealth” mode when users had the ability to set their account information, including their names and other details, as completely private and would not show in other Facebook user searches. The added bonus was the implied guarantee that photos, posts, and other user content had this same level of protection. Sometime around 2009, Facebook implemented a pretty major privacy settings overhaul and many users who long enjoyed stealth status were suddenly thrust into the spotlight – and was no longer “invisible”. In all fairness, Facebook gave plenty of advance notice this change was coming. Their public reason was that Facebook is a social media platform, not a private website where a user could have total control – and this is a fair position. Facebook is a free website for users, but it’s not a nonprofit organization. Ever evolving, their approach has tweaked and allowed users to choose various privacy settings for posts, images, etc., which are highly customizable if the user chooses to take the time.

In 2017, Facebook recognized a growing dissatisfaction from its users and tried to pinpoint the cause. After much speculation, Facebook realized the greatest impact to the user experience is the allowance of brands to intermingle with users in their feeds, detracting from the social purpose of the channel. Thus, more major changes were in store. Facebook announced a desire to go “back to basics” and return the focus of a user’s feed to posts shared by friends and family members and make it harder for brands to get their content seen (unless advertisers were willing to pay). The result was that post reach – the number of people that see a post in their feed – plummeted. The plan was for average Facebook users to see fewer news stories, cat videos, political posts, or branded content, but rather see more photos shared by friends of birthday parties, graduations, and other significant events entirely unrelated to corporate messaging.

Privacy, Redefined

The change to the Facebook feed was a welcome change to users and required a major adjustment to social media marketing efforts for companies. Details of how the changes rolled out and the reasons for these changes trickled into news stories until major news broke that Facebook sold private user information on more than 87 million Facebook accounts to an organization involved in the political arena in 2016. Users worldwide felt violated that a trusted entity would share such private details – a harsh reminder that Facebook is a for-profit entity and users need to read the “fine print” and not just agree to Terms and Conditions without reading. Your digital life is not your own when using a website owned by someone other than yourself.

So, what can Facebook users do to protect themselves? Without deleting your Facebook account, it’s wise to do a once-over on user privacy settings every few months to verify what might have changed and safeguard your information.

• Check your privacy settings
• Facebook offers a variety of user settings allowing for a spectrum of privacy, though most remain a mystery to users. Under “Settings”, click “Privacy” and control how visible information like posts, account information like phone numbers and email addresses, and friend requests and more are.
• Keep friends close
• Friends’ activity can impact others. If a user allows tagging in a friend’s activity, this is then affected by their privacy settings and is subject to sharing or visibility by others.
• Beware third-party apps
• At first, it seemed benign to click “accept” when a third-party app or quiz intrigued a user enough to click content, with the innocent warning that the app would thus be granted access to a user’s profile and list of friends. That list of friends became an incredibly valuable commodity in an environment where privacy settings were controlled by a user – a tricky little workaround.
• Users can adjust these settings quickly and easily but often didn’t go back to limit access.
• Review security alerts
• Users can opt for security alerts when Facebook detects a new login from a different device or browser. Two-factor authentication is also an option. To enable, access the same “Settings” menu, and click “Security and Login” from the left navigation and choose “Setting Up Extra Security”.

Security considerations impact all Facebook users, regardless if a user is also an advertiser. Before abandoning Facebook entirely, employ additional efforts to protect user data and your privacy. This type of “social security” has nothing to do with the government-issued card Americans carry, and a few additional steps will help secure user information and improve the Facebook user experience.

From humble beginnings in a garage as the brainchild of two men to an asset valuation of nearly $250 billion in 2018, Microsoft is no stranger to breaking records.

Do you think Paul Allen and Bill Gates knew what lie ahead in 1975? Nope. Couldn’t have.

In those days, developing a BASIC interpreter for the Altair 8800 seemed impossible – because no one else had done it, including Allen and Gates, yet they promised the finished product and were able to deliver in two months. Between 1975 and now, the Microsoft Windows product is a professional mainstay and continues to dominate the desktop computing market. Add to this their Microsoft Surface product line-up, and between the desktop or laptop PC or the operating system it’s running, Microsoft is The Man. And we didn’t even get to the Microsoft Office line-up yet.

Between Microsoft Office, for which organizations purchased physical software plus per-seat licenses for users roughly a decade ago, and today’s Office 365, accessible online from anywhere, Microsoft caters to the modern professional. The Office Suite has expanded in recent years, beyond Word, Excel, and PowerPoint, to include a variety of productivity apps, including OneNote, Microsoft Teams – formerly Skype for Business – for a collaborative platform, and Outlook. All Microsoft applications offer seamless integration with other Microsoft apps, as well as a variety of external apps to blend the user experience with the goal of simplifying processes to increase efficiency and productivity – therefore, revenue.

Whether it’s standalone apps or the subscription-based Office 365, Microsoft products are the staples at every professional workplace in first-world countries today. Microsoft’s SharePoint and OneDrive, and their super-seamless integration with a multitude of productivity apps, simplify communication and connectivity in the professional world. From creating documents and spreadsheets to storing and sharing with colleagues, Microsoft has you covered.

Microsoft doesn’t like to just do something first – the team behind Microsoft Teams wants to do something first and best. Case in point, Microsoft is the first global cloud provider to receive the Certification for Protected data in Australia – a great achievement. The underlying significance of this is all levels of government and critical national infrastructure in Australia will be able to accelerate and increase use of secure cloud computing and storage. By comparison, Amazon began expanding its Amazon Web Services cloud-based storage solutions in the same area in 2012, but Microsoft is still first to be awarded this certification.

Remember when we mentioned subscription-based Office 365? Microsoft Azure and Office 365 are also getting accolades: both can now boast of Protected Certification by the Australian Signals Directorate (ASD), as well as inclusion in the Certified Cloud Services List (CCSL). Microsoft has been working in direct partnership with the Australian government toward this major milestone for a few years, and this achievement grants the opportunity for immense digital transformation in the public sector in both New Zealand and Australia.

Both Certification statuses are timed well with Microsoft’s announcement on the availability of Azure Australia Central. Two new highly-secure Microsoft Azure cloud regions are located in Australia-owned facilities, designed to facilitate mission-critical operations and demands for critical elements of national infrastructure. The Australian government has established clear intentions with these Certifications and announcements, to expand the adoption of cloud solutions. The public display of confidence in Azure and Office 365 offers a high level of assurance in both Microsoft and cloud optimization.

Australia released a formal strategy recently to demonstrate the cloud’s economical digital storage solutions, offering an ideal opportunity to shift reliance to a faster and reusable environment. Cloud-based storage solutions are free from limitations and constraints imposed by on-site options, with the added bonus of being customizable and convenient.

Microsoft invested in Australia with these data centers, and demonstrate a commitment to the public sector as well as the high degree of trust other organizations can have in Microsoft as a cloud service provider.

The cloud is nothing new, and the appetite for cloud-based solutions is growing in every corner of the globe. Microsoft isn’t the only global cloud solution provider, but this move signals a level of trust that few other brands can boast – or deliver upon. Every day, news of “the cloud” reaches journalistic outposts – Time, CNN, MSNBC, you get the idea. Dozens of entities have filled the channel, claiming to offer the same level of service and security that industry leaders, like Microsoft, can – but, in reality, few do. Why? It’s likely a combination of factors: expertise, financial fortitude and flexibility, all upon which a solid reputation is built.

• Key players in the Infrastructure as a Service (IaaS) industry deliver infrastructure services on an outsourced basis to enterprise operations, providing hardware and storage solutions, servers and data center space These components each feature the benefits Australia focused on in their selection of Microsoft as their IaaS provider: security, scalability, reliability, economy, and expertise.

Is security the most critical component of the cloud? Many would argue that each benefit is nearly equal, but security and reliability are the two with the greatest impact and should, therefore, have the greatest focus when choosing a cloud solutions service provider. It’s easy to see why Australia went with the industry giant.

What’s next? Will other national governments follow Australia’s lead? Cloud is clearly the direction to take for trusted resources in data storage, with Microsoft being the lead innovator. Cloud is highly scalable, flexible, and reliable, and the future of data storage!