It seems that small businesses rarely catch a break. Unfortunately, their employees often enjoy fewer perks than those working for larger corporations do. This is primarily because the smaller companies have fewer assets with which to work. Due to the smaller economic cushion, they also have a greater risk. That is why, when a fresh law is put into action for the “little guy,” it is newsworthy. As with any new law, however, there are those that it benefits, those that are unaffected, and those that it may hurt. That’s why it’s good to stay informed. What Are ESOPs? ESOP stands for Employee Stock Ownership Plan. An ESOP allows the owner of a business to shift that ownership to his or her employees. This is often done by way of stocks or “shares.” In some companies, members buy stocks outright. Other businesses require no upfront cost. The ESOP is part of an “employee benefits package.” It is considered part of his or her pay, and maybe figured as 50/50. This is where the company matches monies contributed by the employee. Often, the shares are held until retirement, and maybe, in fact, the bulk of that employee’s retirement. Although ESOPs have existed much longer (just in different forms), they became prevalent in the 1980s. According to the National Center for Employee Ownership (NCEO), a few of the largest ESOP companies include the following: Brookshire Brothers Enercon Services, Inc. Krueger International, Inc. McCarthy Building Company Publix Super Markets, Inc. Travel and Transport, Inc By 2018, the number of ESOPs has been estimated at between 7,000 and 8,900. The number of participants is over 14 million. What Are the Pros of Employee Stock Ownership Plans? Reputedly, there are many benefits to participating in ESOPs. For example, they generally have a positive effect on employees. A few of the primary perks include the following: Employees feel more invested in the company Invested employees are typically harder workers Employees feel a greater sense of job satisfaction They have more job stability They feel like a part of something greater than themselves They often make a tidy profit ESOPs are particularly beneficial in small companies where the primary owner is planning to retire. This allows for a smooth transition of power. As the company succeeds, the employees succeed, and morale rises. What Are the Cons of ESOPs? One of the potential problems with an Employee Stock Ownership Plan occurs when the value of the company decreases after an employee buys in. When the business is worth less, each employee’s stock decreases in value. This usually occurs with companies that have inconsistent profits. An example of this would be the case of Lifetouch Inc., which was a popular photography company. They primarily specialized in school photos. As digital photography techniques became the demand, the company struggled to adjust. Business suffered. The company stock in ESOP declined by $840-million between 2015 and 2018. Lawsuits were filed against individual members of the Board of Directors. Unfortunately, the company’s ESOP was not protected against such losses. This is one example of what could go wrong with this type of retirement plan. How Does the New Law Work and Who Does It Benefit? New York Senator Kirsten Gillibrand introduced the Main Street Employee Ownership Act in May 2018. This ESOP law is the first to focus on employee ownership in the last 20 years. It eases the process for distributing loans for those transferring to an ESOP. However, there are no additional funds being allocated for this process. Generally, the new ESOP law is thought to primarily benefit small to mid-sized businesses. More specifically, it targets the Small Business Administration (SBA) in two ways. First, it directs them to make small business loans more readily available to cooperatives. A Cooperatives is a style of business organization that is owned and run by the employees. They also share in the profits. Second, it encourages the SBA to work with country-wide Small Business Development Centers (SBDC). SBDCs provide consultation and training to small businesses that are transitioning to an ESOP. The ESOP Association’s president, J. Michael Keeling, was reported as saying the following: “This law will help organizations better understand how to pursue a strategy of shared capitalism—something that our country’s founders agreed was vital to the health of our nation.” In Conclusion Whether Employee Stock Ownership Plans are the wave of the future is difficult to tell. The new law provides many benefits that make it an attractive proposition. It paves the way for small and mid-sized companies to more easily transfer ownership to employees. Consultation and training are more readily available for those companies wanting to make this transition. It also improves the ability to obtain loans. Overall, it appears things will be brighter for small businesses. As with anything, only time will tell.  

What is PMKID? Pairwise Master Key Identifier (PMKID) is a type of roaming feature in a network. Recent improvements in hacking have been targeting it for exploitation in vulnerable processes, thereby demanding that ongoing security efforts better address it and its affected procedures. New wi-fi hacking strategies have been using coding and processes that have made it easier for hackers to learn user passwords for a wide range of router types that are commonly used in homes and businesses. Specifically, processes targeting PMKID zero in on internal network protocols with its features enabled, bypassing critical processes. The method was initially discovered by accident, in an assessment of developments in WPA3 security standards, with the exploitations realized to be potentially applicable to existing security systems. What Security Vulnerabilities Are Concerning? Online sources including The Hacker News report that hackers have used the approach successfully to gain pre-shared key (PSK) user account login passwords, which they have then used to hack the wi-fi networks of their victims. This has led to hackers penetrating even further into user databases to gain or misuse other information. While earlier methods have demanded that hackers stand by while waiting for their targets to log in to the network and acquire a complete four-way authentication handshake of EAPOL, the PMKID approach does not require this. This approach, therefore, makes it easier for hackers to access sensitive information, since they can instead use the Robust Security Network Information Element (RSN IE) with a single Extensible Authentication Protocol over LAN (EAPOL) after making a request from their access point. This is also significantly more efficient and with higher potential for multiple attacks from a single point. Generally, a successful attack occurs in three steps, which may or may not be followed by the subsequent abuse of personal or otherwise sensitive information. In the first step, the hacker uses a tool such as hcxdumptool to make a request to the PMKID. The PMKID is thereby asked, from the hacker’s point, and the hacker can use the tool to prepare to dump information received to a file for future access and misuse. In the second step, the tool is used to process frame output, converting it to a hash format for future acceptance. In the third step, a tool such as Hashcat can be used to crack the WPA PSK password, at which point the hacker has the potential to access the personal information of users. Researchers have been vague in terms of the specific routers involved and the extent of routers most vulnerable to PMKID attacks. The general method seems to be most threatening in 802.11i/p/q/r networks with their roaming functions enabled. This, unfortunately, describes most current routers, while WPA3 developments have only recently begun to counter aspects of the fundamental nature of the vulnerabilities. The Hacker News reports that WPA3 is a new form of security protocol that is required to address previous WPA2 vulnerabilities that have been increasingly exploited despite smaller non-version-specific security developments. Newer developments employ a new framework that includes features that cannot be encompassed by these smaller software and security upgrades, demanding foundational improvements. An example of a foundational technological improvement is the establishment of Simultaneous Authentication of Equals (SAE). In addition to the nature of the vulnerability, as is common with modern hacking potentials, access to directions in a PMKID attack are readily available online. SecuredYou is an example of one of many online sources that walk users through potential attacks. According to this source, in an optimized approach, users should first request PMKID from the router, install hcxdumptool and hcxpcaptool, and make network requests for recording through additional described steps. Other online sources, including the Latest Hacking News and The Register, report that such an approach can be currently used for success in 10 minutes or less on most networks, depending on the extent of active network traffic. Hacking has never been so easy for predators. What’s Been Happening In Research And Development? Software and security protocol developers have been addressing the issue most directly through WPA3 and network security strategy research and development. One recent patent has attempted to address and improve an aspect of vulnerability by enhancing an extensible authentication protocol re-authentication protocol (EAP-RP) framework in message transition. Another recent patent has targeted the way network information is configured and authenticated while maintaining PMKID in addition to a basis on a transient identity key pair provided to other access points. Such developments may benefit users more quickly or to greater extents than the implementation of WPA3. What’s The Bottom Line? PMKID attacks do not require the same waiting times. The potential detriment is high. WPA3 technology can counter the attacks. Other non-WPA3 patents/developments may work but should be tested first.

Happy Labor Day (Labour Day – International Workers Day –  May Day)! You’ve worked hard all summer. This Labor Day before going back to work and back to school, take some time to relax and enjoy one more backyard barbeque, one more trip to the beach, one more night sleeping under the stars, one more bonfire, and create one perfect summer memory.  After all, you’ve earned it! When Is Labor Day Celebrated Around The World?   In both Canada and the United States, Labor Day is celebrated on the first Monday in September. It’s to honor the achievements of American and Canadian workers. In Australia, it’s celebrated on different days according to which state/territory you’re in. For some countries around the world, it’s connected to International Workers’ Day that’s celebrated every May 1st.  And yet for others, it’s celebrated on different dates that hold a unique significance for their labor movement. Over 80 countries around the world celebrate International Workers’ Day on May 1st. The History Of Labor Day In The U.S. The first national Labor Day was held in 1885. The late 1800s was in the height of the Industrial Revolution in the U.S. At this time, the average laborer worked 12 hours a day, 7 days a week.  Plus, children ages 5 and above worked in factories, mills and even in mines. On May 11, 1894, laborers in Chicago working at the Pullman Palace Car Company went on strike. They were protesting wage cuts and the firing of union representatives. Because of the massive unrest, it caused, and to repair relations with American workers, Congress made Labor Day a legal holiday. As the story goes (no one is really sure) Peter J. McGuire, general secretary of the Brotherhood of Carpenters and Joiners and a co-founder of the American Federation of Labor, suggested we honor our workers. But some believe that Matthew Maguire, a machinist, was the founder of Labor Day. He was also the secretary of Local 344 of the International Association of Machinists in Paterson, N.J., and it’s said that in 1882 he proposed we have a holiday to celebrate the work our laborers do.  At this time he was serving as secretary of the Central Labor Union in New York. The History Of Labour Day In Canada In 1872 the Toronto Trades Assembly organized Canada’s first demonstration for worker’s rights. It was held to promote the release of 24 leaders of the Toronto Typographical Union who were imprisoned due to a strike they held for a nine-hour working day. Trade unions were illegal at this time. There was such an uprising of support that the house of Canada’s first prime minister, Sir John Macdonald promised to repeal all Canadian laws against trade unions. This led to the Canadian Labour Congress in 1883. In 1894, Labour Day which had been celebrated in the spring, was changed to the fall to be held on the same day as the U.S. The celebration of workers’ rights continues, and many Canadians take the day to relax, take a late summer trip or get together with family and friends at picnics, fairs, and festivals. Labour Day In Australia Labour Day in Australia is held to honor the granting of the 8-hour working day and to recognize the contributions of workers to the country’s economy. Before then, the workday was 12 hours and people worked 6 days a week. In Australia, Labour Day varies between its different states and territories. In New South Wales and South Australia, Labour Day is celebrated on the first Monday in October. In Tasmania and Victoria, it’s recognized on the second Monday in March. (Tasmania calls it the Eight Hours Day). Western Australia celebrates Labour Day on the first Monday in March. Queensland and the Northern Territory celebrate it on the first Monday in May, and they call it May Day. On Christmas Island, they celebrate it on the fourth Monday in March. Labour Day Is Called May Day In The United Kingdom May Day is a bank holiday in the UK and coincides with Labour Day. It’s also known as Labour Day.  It’s commemorated on the first day of May each year. May Day goes as far back as the Gaelic festival Beltane.  In Britain, communities celebrate May Day with village gatherings where folks erect a maypole with ribbons attached that children and adults hold onto while dancing. A competition is typically held to name one of the girls the May Queen in honor of the Roman goddess Flora. The winner then dresses in a white gown and a crown of flowers is placed on her head.  Then, she leads the others in a May Day parade. Labor Day/Labour Day/ May Day/ International Workers Day Labor Day, Labour Day, May Day or International Workers’ Day, it’s a public holiday for all to enjoy.  Whatever you call it, Labor Day constitutes an annual national tribute to the contributions workers have made to the prosperity of our countries.  So, take the time to celebrate.  You work hard, and you deserve a nice long weekend!

What Is Snapchat And What Business Uses Does It Have? Snapchat is a form of now commonly used social media more recent than Facebook, Myspace, or Twitter. It’s unique in that it allows users to create pictures or messages that are only available for a short period of time before they become inaccessible to viewers. This is considered a convenient self-cleaning of media in addition to its other features. Just like Facebook timelines and Twitter feeds, users are allowed to create original “Stories” as 24-hour feeds of content presented chronologically through the app. A “Discover” feature allows businesses to have an interactive exploration of their products or services. The app was developed for mobile technology and continues to evolve with the emphasis on virtual ‘stickers’ and affected ‘reality objects.’ Although not all features are unique to the software, business uses of Snapchat can include some pretty attractive features: Frequently updated postings Promotion through marketing channels Creating sponsoring lenses Allowing people to explore content through interactive features Integrated content created by users Promotion of products or services through discounts and promotion code marketing Promoting new products One of the best features that users love is that SnapChat allows celebrities and other people of interest to directly access the app. This means you might be able to view Jennifer Garner’s favorite places to eat or check out LeBron James on vacation in Italy. Many of today’s top organizations are now successfully using the Snapchat app, including: Taco Bell Disney Gatorade Starbucks McDonald’s AT&T Many others As with other widespread social media programs, Snapchat can be used in traditional business practices including the social media marketing mix, brand strengthening processes, community engagement, and brand awareness. According to The Social Media Examiner, over 100 million people use the app every day, responsible for up to 400 million snaps each day, and while 71% of the estimated billion viewers are between the ages of 18 to 34, it is considered one of the fastest growing networks. Access to live events can be provided through streaming, and the NBA is an example of a major organization that has been taking advantage of this. Private content can be delivered through the software, and contests and other perks can be added to the organization’s storyline. Internal developments can be shown through the service while users can partner with influencers. People can also effectively “follow” organizations analogous to post subscriptions available on Twitter or Facebook. What Are The Security Risks And Why Should I Be Concerned? Snapchat’s features can be more convenient for some users, but it has security risks that may also be unique and therefore uniquely be concerning to users. The software, in short, may not be as private as it may seem. The creative nature of the app means that much of the user provided content is not covered by the same privacy and protection offered through other social media services like Facebook and Twitter. The “snaps” that are made and posted can be potentially retrieved with software tools, and both forensic analysts and hackers alike have some potential to exploit this. According to the Telegraph, it is possible for hackers to intercept Snaps in transmission processes despite levels of encryption. This is due to the potential for decryption through a form of reverse engineering possible through the Android application package file. This does not mean that Snapchat is less secure than services such as iMessage, but it is likely less secure than many people assume. Another potential issue is the possibility that a business will not have access to records if claims are made regarding the nature of posts that have automatically deleted. This could result in dually unfounded claims in court that can cost the organization funding and negative publicity if nothing else. As explained in depth by The Hacker News, the source code of the program itself has also been hacked and posted online after a cyber thief was able to obtain it. The posting made the confidential information of the organization vulnerable to other people who could misuse it. In addition, a number of apps now exist that can capture your Snaps without alerting you. One popular site like this called “SnapSave” was breached in 2014 and 200,000 Snaps were leaked publically. What Additional Security Concerns Should I Have If Using SnapChat?   In general, businesses who plan to use SnapChat should take some precautions to avoid being exploited. These are discussed below: Enable login verification (2FA). Educate users at your workplace who will be in charge of SnapChat with information about security breaches and such. Manually restrict and control access. Ignore random requests. Make sure that only those connected with your account are able to connect with it. Limit who can see your stories. Transfer private snaps saved in memories to the ‘my eyes only’ section for added privacy. Never publically share your Snapcode or username. Conclusion SnapChat can be a powerful business tool that lets your company connect directly with your consumers, fans, and other interested parties. However, by following a few security protocols you can protect your account against hackers and other intruders. As with all your IT technology, hackers are always on the look-out for weak perimeters that will allow them to come in and steal from you.

Girl Scouts of the USA recently announced the addition of 30 new badges now available for Girl Scouts aged 5-18. The new badges were created to address a number of today’s most important social issues, including environmental advocacy, cybersecurity, robotics, computer science, and space exploration, among others. Girl Scouts of the USA has long served as a means for young girls to acquire life experience and develop a number of important soft skills, which include perseverance and confidence. The benefits of participating in Girl Scouts are proven. According to one study, Girl Scouts are over twice as likely to demonstrate community problem-solving skills compared to those who do not participate. The Cybersecurity badge, funded by Palo Alto Networks, will introduce the girls to a variety of age-appropriate internet safety and privacy principles. They will first learn how the internet works, then learn techniques to spot, report, and further investigate cybercrime. Cybercrime is on the rise, and the Girl Scouts are in a unique position to influence young girls all over the nation. According to the FBI’s 2017 Internet Crime Report, cybercrime resulted in more than 300,000 complaints last year with losses reaching upwards of $1.4 billion. Raising awareness about cybercrime is just one step toward combatting the problem, and with the help of their sponsors, the Girl Scouts are on their way toward arming a new generation of young people with the tools they’ll need to make a difference in internet security. New Leadership Journeys In addition to the cybersecurity badge, the new badges include two additional Girl Scout Leadership Journeys to help girls on their path to growth. Girl Scout Leadership Journeys involve hands-on activities to help girls utilize their new skills to tackle problems within their respective communities. These programs prepare girls to achieve success in fields like computer science, robotics, and cybersecurity. Funded by Raytheon, “Think Like a Programmer” offers girls a valuable foundation in computational thinking, which will serve as the basis for next year’s Cyber Challenge, a first for the organization. The Think Like an Engineer Journey will help girls further understand how engineers approach and solve problems. Phase one of the national computer science program for middle school and high school-aged girls has been run as a pilot in a small group of geographies since earlier this year. The program is expected to expand nationwide in the fall of this year, with select groups of Girl Scout councils piloting the upcoming Cyber Challenge next year in 2019. Raytheon & The Girl Scouts: A Partnership Raytheon Company, headquartered in Waltham, Massachusetts, is a leader in technology and innovation in civil government, defense, and cybersecurity solutions. With a history spanning nearly a century, Raytheon operates in more than 80 countries. The company has a long history of partnership with several Girl Scout Councils. It is the inaugural sponsor of the Girl Scouts’ computational thinking program, which will expose the girls to age-appropriate content across areas such as science, engineering, technology, and math. Although women made up half of the current college-educated workforce, only 29% work in occupations dealing with science and engineering. The new partnership with Raytheon seeks to increase the number of female STEM leaders by encouraging girls to explore an interest in these fields early on. In fact, the Girl Scout Research Institute, GSRI, compiled a report, the Generation STEM report, which determined that 74% of teen girls demonstrate an interest in STEM fields; however, this interest fades as they get older and move on through middle school and high school. The decreased interest is thought to be the result of a lack of exposure to STEM fields in ways that pique their further interest and inspire ambition. In 2017, the Millennial Cyber Security Survey, conducted by the National Cyber Security Alliance, NSCA, found that the majority of female Millennials said that more exposure to STEM information, training, and classes during their middle school and high school years would have had an impact on their interest in cybersecurity careers. These new badges will strive to empower young girls to achieve their goals across all industries, particularly those currently dominated by males. History Of Girl Scouts The Girl Scouts of the US have been making a difference across the nation for nearly a century. The first Girl Scout troop was established in 1912 in Savannah, Georgia by Juliette Gordon “Daisy” Low. Since then, the organization has grown exponentially, culminating into a membership of more than 2.6 million. Today, they continue to operate under the principles of courage, character, and confidence in hopes of making the world a better place.  

Which Tablet Is Best For You: iPad Or Microsoft Surface Go? Microsoft recently announced a new budget-friendly tablet called the Surface Go with a lower price than previous tablets. This new Surface Go 2-in-1 tablet is Microsoft’s attempt to make it more affordable and accessible for consumers. It doesn’t have the muscle of the Core i7-powered Surface Pro, but it’s half the price. To compete, Apple took a similar approach when it lowered the price of its baseline iPad to $329 ($299 for educators). It’s not as powerful as the iPad Pro, but it’s much less expensive for everyday customers. Let’s break down what each of these tablets, the Microsoft Surface Go, and the iPad, offer you and find out what is the best tablet for you. Software How are they similar? Both iPad and Microsoft Surface Go are 10-inch tablets with optional keyboards and stylus pens. They also allow you to use a bunch of apps for both work and entertainment similar to a smartphone. Aside from those similarities, Apple and Microsoft obviously are different in just about every aspect of the software hemisphere. How are they different? The Surface Go comes with Windows 10 S. This is the scaled-down version of Windows 10 created specifically for tablets. It is similar to Windows 10 Home, but can only use apps from the Microsoft’s Windows Store. Consumers are able, however, to upgrade to Windows 10 Home for free and use their Surface Go like a full Windows system. The downside of this is that you can’t then revert back to Windows 10 S later. The upgrade, in the long run, seems worth it, because the full Windows experience offers more flexibility than a tablet-only Windows product. While there’s plenty of software available at the Microsoft app store, it pales in comparison to the amount you’ll find from other sources of Windows software, or the Android or iOS app stores. The iPad uses Apple’s iOS, the same OS used by the iPhone. The iOS App Store features millions of apps of every kind, and you can enjoy the same user experience you do on the iPhone but in a larger version. The downside is that there’s no way to get access to macOS or OS X Mac software that is in the MacBook Pro on the iPad. Display How are they similar? Both tablets have 10-inch screens, and they both are capable of stylus use. How are they different? Apple has much better resolution, but Microsoft has an edge in display size. The Surface Go has an 1800×1200 10.6-inch PixelSense display custom-built for the tablet. The iPad’s 9.7-inch Retina display has a narrower aspect ratio and a higher resolution, 2048×1536 pixels. In simpler terms, the iPad’s screen is slightly smaller than the Microsoft Surface Go, but it is crisper, featuring a pixel density of 264ppi as opposed to the Surface Go’s 217ppi. Processor Microsoft Surface Go The Surface Go uses the Pentium Gold 4415Y CPU, which is a significant move down from a Core series chip. Not enough independent tests have been performed to see how exactly it will compare to the other Surface Pro tablets at this time. iPad The iPad uses Apple’s A10 Fusion chip, the same one that the iPhone 7 used. It’s a generation behind the A11 Bionic chip that the iPhone 8 and iPhone X uses, but it still does an extraordinary job inside a tablet. Storage/RAM The baseline Surface Go boasts 4GB of RAM and 64GB of onboard flash storage, twice as much as the iPad. The baseline $329 iPad features 2GB RAM, 32GB storage. Another edge the Surface Go has in this area is the ability to upgrade. The Surface Go has a microSD card slot, so you can expand storage, unlike the iPad. Size The iPad is marginally slimmer and lighter than the Surface Go. Apple’s 9.4-by-6.6-inch tablet is just 0.29 inches thick and weighs 1.05 pounds. The Surface Go is a tad bit thicker (0.33 inches), a little larger in footprint (9.6 by 7 inches) and weighs a tiny bit more (1.15 pounds). iPad 2018 and Surface Go-Specs Side by Side: iPad 2018                                                                    Surface Go: A10 Fusion chip (2.34GHz quad-core) with 64‑bit architecture; embedded M10 coprocessor 1.6GHz Intel Pentium 4415Y processor (7th-gen Kaby Lake) 2GB RAM 4GB or 8GB RAM   32GB or 128GB storage 64GB, 128GB or 256GB storage 9.7in LED-backlit Multi-Touch display with IPS technology; 2048×1536 at 264ppi; 4:3 aspect ratio; supports Apple Pencil Intel HD 615 integrated graphics 10in IPS screen; 1200×1800 at 217ppi; 3:2 aspect ratio; supports Surface Pen stylus 8Mp rear-facing camera; f/2.4 aperture; Live Photos; Panorama (up to 43Mp); 1080p HD video recording; slo-mo (120fps) 8Mp rear-facing camera 1.2Mp front-facing camera; f/2.2 aperture; Live Photos; Retina Flash; 720p HD video recording 5Mp front-facing camera 802.11a/b/g/n/ac Wi-Fi; Bluetooth 4.2; Lightning port; headphone jack 802.11a/b/g/n/ac Wi-Fi; LTE later in 2018; 1 x USB 3.0 Type C; 1 x Surface Connector; microSD; headphone jack 32.4Wh rechargeable lithium-polymer battery; estimated battery life 10 hours (Wi‑Fi), 9 hours (mobile data) 27Wh rechargeable battery; estimated battery life 9 hours iOS 11 Windows 10 Home in S Mode 240mm x 169.5mm x 7.5mm; 469g/478g (Wi-Fi/cellular) 245mm x 175mm x 8.3mm; 522g

With the escalating cyber threats that affect the U.S. Government, the U.S. Department of Commerce issued a Defense Federal Acquisition Regulation Supplement (DFARS) to safeguard the U.S. Department of Defense’s (DoD) unclassified information. The regulation now requires all aerospace and defense companies to be compliant. Roadmap to DFARS Compliance In order to be considered DFARS compliant, organizations need to pass a readiness assessment according to the NIST SP 800-171 guidelines. On average, it will take an organization about six to ten months to become compliant, depending on the organization’s current security status and the available resources they have at their disposal. Planning is the key to ensure success in your DFARS compliance expedition. It is essential to treat this as a major project, with the mindset of having the needed resources and funding set ahead of time. Many companies hire specialists and consultants and this can really expedite the process, plus it can help an organization to avoid common errors. Let’s look at an action plan or roadmap to guarantee your cloud environment is safe and compliant according to the DFARS mandate. Step 1: Calculate Your Organization’s Applicability Key Question: How can your organization stay relevant? Using the controls listed in NIST SP 800-171, document the gaps between your current position and the expected end goal. To ensure your organization is applicable, check off these essentials for Step 1: Review all contracts to pinpoint important DFARS clauses and provisions. Review DFARS to determine the type of CDI or CUI (see Clause 252.204-7012) that applies. Check your applicability with the Contracting Officer as needed. Define what systems, processes, programs, applications, hardware, software, people, etc. fall under the scope of your NIST 800-171 compliance. Step 2: Build a Remedial Plan to Safeguard against Non-Compliance Key Question: What is your current Security Status? In order to stay NIST SP 800-171 compliant, make sure you can put a check next to these measures: Conduct a control gap analysis against NIST SP 800-171. Develop solutions for the identified defects that you find. Meet with your subcontractors and other business partners to make sure you are both on track and in step for compliance. Step 3: Implement Your Remediation Plan to Ensure Compliance Key Question: Have you developed a plan of action to track your progress? Developing a system security plan will give you the peace of mind in knowing that you are going to be compliant. You won’t have to worry about fines and penalties. Develop or revise controls as needed to remedy the control gaps with NIST SP 800-171. Organize your validation testing after remediation is completed to confirm controls are designed and operating effectively (You then need to make sure you have the agreement of your Contracting Officer). Step 4: Continuously Monitor and Follow-Up Key Question: How do you maintain constant monitoring to ensure compliance? Establishing a plan to effectively monitor your compliance can be achieved by doing the following: Use tools, templates, reports, and metrics to develop an ever-flowing monitoring program. For accountability, organize monitoring activities and provide status updates to significant investors on your performance and progress. Conclusion: To Be DFARS Compliant, it is important to remember to set controls in place for current systems and data, while remembering the need to cover new systems and data as they are created. If you fail to keep this in mind, you will assuredly find yourself falling short of compliance. There is a propensity within organizations to place an emphasis on the controls during the implementation phase, but once the system is up and running, they tend to take their foot off the gas and eyes off the road. Sustaining constant compliance is a never-ending process. You must continuously make sure that new data and systems are effectively classified and that the correct controls are applied. Once DFARS is running and business returns to normal, a high level of attentiveness must be maintained to guarantee the safety and compliance of your organization.

Password-Stealing Malware The acquisition of user IDs has become much easier for cybercriminals in the globalization era. A variety of methods can be used to steal passwords, including spyware, keyloggers, and phishing attacks. This can lead to the total loss of essential data held in company or private databases. Most of the methods used by these cyber criminals involve the use of malware that has been designed to steal user credentials. Based on the objectives of a particular cybercriminal, a variety of malware methods are applied to fulfill those goals. A significant proportion of methods used to steal user credentials consider the use of malware. Additionally, phishing attacks use malicious attacks through communication channels such as emails where malware-loaded websites are disguised as genuine ones to trap unsuspecting users. Other types of attacks include spyware and keylogging which, for a variety of incidences, has been observed to continually grow in both complexity and frequency of attacks. Signs of a Malware Infected PC One of the diagnosis methods of identifying whether a computer is infected with a virus is through the observation of random pop-ups and significantly increased booting time. Instances like these are associated with spyware configured to steal essential data from users without them noticing. The objective of using spyware on user PCs is to ensure that information stored in browsers and other sensitive areas is well camouflaged. This includes communication channels such as email. Cyber crooks will attempt to acquire your passwords without you noticing that anything is wrong. Though this seems like a flawed technique that wouldn’t work all the time, the truth is that it works exceptionally well. For instance, 158 million social security numbers were stolen in 2017. That doesn’t include all the other types of records and data stolen from individuals and companies. Malware Injection Technique For reliable security dodging methods, process injection is a method of integrating malware and lifeless adversary strategy in trade-crafting accounting for the integration of custom codes within the address bars of other processes. The variety of injection techniques includes the following methods. Portable Executable Injection Shellcodes and Create Remote Threads are among strategies used in malware injection where malicious codes are copied into accessible active processes commanding them to execute as the originals. Through this strategy of attack, the malware does not require writing malicious code on a disk. Instead, it does so by calling Write Process Memory on the host procedure. The impact of this procedure is that the injected code copies its PE to another process with an unidentifiable base address commanding it to re-compute the original addresses of its PE. Process Hollowing Process hollowing is a technique that malware applies to take into account the mapping or hollowing out of the primary code from within the memory of the target’s procedure while overwriting the memory target process with an executable malicious code. The function of the malware is to create a new process designed to host the malicious code presenting it in a hanging form awaiting for the Resume Thread Function to be called in order to execute. This process leads to the switching of the original file contents with the malicious payload. Processes used for mapping the memory include two API examples, the ZwUnmap and the NtUnmap Views of Section. In order to succeed in assigning new memory for the malware, this procedure takes advantage of the malware’s unmapping of the memory and proceeds to execute the loader, VirtualAllocEx that facilitates the application of the malware to the Write Process Memory on the identified vulnerable target. Classic DLL Injection Through Create Remote Thread And Load Library This technique is among the most popular method used in malware injection into other processes. By commanding the implicit address space to process the malware code using the dynamic-bond library, the approach facilitates the creation of Remote Threads in the target process through process loading. The primary objective of the malware is to target a process for injection. This procedure is generally performed through a search of the processes to call a trio of APIs that include CreateToolHelp32Snapshot, Process32 1st, and 2nd. The specific functions of each of these APIs include the cataloging of heaps and returning a snapshot, retrieval of the first process, and the iteration through the previous two processes respectively. After successfully allocating the target process, the malware is able to execute through Open Process calling. Conclusion This article reported on a number of techniques used by malware attackers in concealing unauthenticated activities in other processes. Two procedures are observed to facilitate the functionality of malware and include open injection of a shellcode on another processor or the command of other processes to load malicious libraries on behalf of the malware. Cyber thieves are constantly updating their attack procedures to stay one step ahead of IT professionals. That makes locating and eliminating malware threats a full-time job.

How Useful Are MSPs? Managed Service Providers in the field of Information Technology have a more critical role than other business organizations. There are important things to consider when it comes to IT, and these are: Reliable IT staff-able to conduct routine maintenance such as updating and installing hardware and software. Availability-sometimes an organization needs a system that can support their business on a 24/7 time basis. Especially if engaged in international business and there is the issue of different time zones. This may call for staff that is able to meet this demand. Generate Income-ensure that whatever technology you are using in your organization is able to pay you back and not the other way round. This is achieved by simply weighing the available options and making the right choice as to the type of technology most suited to properly run your organization. Why do you need MSP? Organizations prefer having in-house IT staff because it is cheaper to have an employee on pay role than hire an IT firm to manage your network. What most entities don’t know is that they could be missing out on better services than just the routine maintenance and updating of software. There is a whole lot more in the tech world, so instead of overwhelming your IT staff and missing out on new developments, the managed service providers do the extra that will boost your business to higher levels. Here are the reasons why you should consider MSPs: Specialized support: depending on the kind of organization you are running, they custom make for you the most suitable IT system. They are aware of the statutory regulations in your area of expertise and so ensure that your technology is in compliance. Examples of those regulations include: the Health Insurance Portability and Accountability Act (HIPAA), which is very critical in an organization dealing with Healthcare in the United States of America. Also, the General Data Protection Regulation(GDPR), which is a regulation in European Union law on data protection and privacy for all people within the European Union and the European Economic Area (EEA). These are just a few of the considerations that an MSP takes into account when managing and maintaining your technology. Reliable support which provides a 24/7 help desk to deal with client issues. This is basically an IT firm’s work; it is what they specialize in. They give it their all as compared to your organization’s IT staff who would not appreciate being disturbed in the middle of the night just to handle a client issue. It would also be very expensive to try and employ staff who are able to provide services over time. Security and privacy of client data are guaranteed since the IT staff in the managed service providers are experts who are well equipped and ready to handle issues of a security breach. To top it off, your organization will not have to worry about the legal liabilities that may arise in case a security breach occurs. System back-up and data recovery are well handled by the MSP because they have the resources to conduct research and come up with mechanisms to deal with network issues such as downtime. Small entities do not have to worry about spending additional resources on top of what is already lost in trying to establish better mechanisms in terms of what should be done in those situations. MSPs will ensure that you get back on your feet as soon as possible in situations where issues like downtime affect your business. Software updates are as important in IT as regular service on a car. Needless to say, they are a bit complex and time-consuming. MSPs help you to focus on other important things as they update your software in the background. They know which one is best suited for your organization to give you optimum benefits. It is very expensive trying to hire the services of an IT firm for a specific task or during an emergency. You could save on these expenses if you are relying on a contracted managed service providers. They are reliable and efficient because they understand your business environment and so handle emergencies beforehand by devising workable, tried and trusted mechanisms. Wrap up Technology has become an integral part of every organization. The best way to ensure that you are maximizing its benefits is by acquiring and managing the right technology suitable for your organization. That is exactly why you need the managed service providers to do all your IT work. You worry about running your organization while they help you boost your business through IT. The collaboration between your organization and an MSP firm will simply provide you with stability and reliability in your network.

Are You Prepared for Windows 7 End of Life? Windows 7 has been one of the most successful operating systems developed by Microsoft. Its resilience has been boosted by many conspiracies and controversies surrounding Windows 8. In fact, millions of organizations skipped the Windows 8 upgrade and stuck with Window 7. Many businesses are still not convinced that Windows 10 is any better than Windows 8. Even though there are numerous valid reasons to stay with Windows 7, it’s time to start preparing for the inevitable upgrade. January 2020 will be the end of the road for Windows 7. This means that Microsoft will put an end to Windows 7 security updates, bug fixes, and all support, thereby implementing its end of life. Until then, you can enjoy the operating system’s extended support as Microsoft works on phasing it out. As of now, the manufacturer is still offering paid support for the operating system but has terminated all the complimentary updates that come with the product license. Support Status for Windows 7 Like many Microsoft products, Windows 7 came with a predetermined support timeline. It’s good to know a product’s support lifecycle so that you know when to upgrade. The conventional mainstream support for Microsoft’s operating system stopped developing Windows 7 updates on January 13, 2015. This means that Microsoft no longer provides bug fixes and security updates for the operating system. With that in mind, the company will still provide some security patches through the extended support phase. This extended support period will run until January 14, 2020. After this date, there will be no more security fixes and updates thereby marking the official Windows 7 End of Life. However, there’s absolutely nothing stopping you from using Windows 7 even after its End of Life. But you should know that using an outdated operating system makes your computer vulnerable to cyber-attacks. For instance, many organizations that stayed with Windows XP long after the expiry of its lifecycle suffered serious cyber attacks from infamous hackers like the WannaCry ransomware. There’s a good chance that attackers are already working on how they can exploit the vulnerabilities that will be created when Microsoft ends their extended support period for Windows 7. Why Microsoft has to end Windows 7 support Microsoft has a policy stipulating how the life of a product starts and how it ends. Normally, the life of a Microsoft product begins when it is released into the market and ends when the company stops providing support. This is how Microsoft OS lifecycles start and end. More importantly, Microsoft needs to sell its latest operating systems, which are Windows 8 and Windows 10. To do that effectively, they must preside over the death of the older operating systems. The tech giant has already started blocking updates through some machines so it may be necessary to start preparing now for the eventuality that you may not be able to get any new updates. What Windows 7 End of Life means to you Imagine using a product that a company doesn’t want to take responsibility for anymore. You’ll be using the product at your own risk. This means that Microsoft will not take responsibility for loss of data due to security breaches on Windows 7. New Malware is developed daily so it’s important to understand that anyone continuing to use Windows 7 could be more vulnerable. Without regular patches and security updates, you’re basically at the mercy of hackers. Most users don’t want to take the risk of losing important data and having to deal with a cyber breach. Preparing for Windows 7 End of Life Now you know that the Windows 7 OS will not be a safe product to use over the internet in a couple of years. So you have to ask yourself if you’re ready to move into the future with the more modern Windows 10 operating system. Windows 10 gets regular patches and updates to keep it secure. It will install on most devices and machines with no problems or issues, but Microsoft does have a vast array of help and support documents on their website in case you run into trouble. For enterprise upgrades, it’s best to seek the help of an IT professional. This is a good way to ensure that everything is upgraded correctly and that all firewalls and antivirus are in place and working optimally. Depending on what type of hardware and software you’re using, you may need to take specific steps to make sure everything is fully compatible. Wrap Up We all dislike change; it’s just normal. But when it comes to something important like your operating system, your company and staff will benefit by having the latest Microsoft products installed. Each year, all-new features are added to Windows operating systems to make them easier to use and give users a better experience. Once your team knows how to use all these great features, they can save time while producing better documents, spreadsheets, PowerPoint displays and such.