Online security is something that should get everyone’s attention. Threats exist all around us: ransomware, viruses, spyware, social engineering attacks and more. There’s so much you need to know to keep your personal and business information safe. But… where do you start? As trusted cybersecurity professionals, we want to help you get educated and stay informed. That’s why during National Cybersecurity Awareness Month our goal is to give you all the information you need to stay secure. How can we help? We’ll be sharing valuable and timely information on cybersecurity in blogs, in our newsletter, and on all of your favorite social media sites. What should you do? You can also give us a call for personalized solutions by subscribing to our exclusive mailing list. Being cybersecurity aware means that you understand what the threats are and take precautions to prevent them. Here are some important reminders: Never give out your password. Don’t share it over the phone either. You never know who’s listening. Don’t click on links that are sent to you via unsolicited emails or from someone you don’t know. Use complex passwords that are difficult to guess and use different ones for different programs and computer devices. Don’t reveal your personal, business or financial information in emails. Don’t respond to email solicitations. Keep software, browsers and operating systems up to date, so they stay free of vulnerabilities. Encrypt your files to ensure unauthorized people can’t access them. Be careful when using public Wi-Fi networks – don’t conduct sensitive activities like banking or shopping with credit cards on public Wi-Fi. Remember your physical surroundings and don’t leave your computer devices unattended in public or easy-to-access areas. Only use websites that begin with “https://” when visiting online shopping, banking or other sites where you will be entering your private information. Keep your online presence private. Don’t publish your email address online in social network sites. What else should you watch out for? Malicious Emails – These typically come in the form of a request from a trustworthy organization like a financial institution. The email may urge you to act quickly, saying that your account has been compromised or a request can’t be fulfilled. The purpose of the email is to get you to provide confidential information to rob you of your money or identity credentials. Take precautions and contact the company directly to see if the email is legitimate. When you search for the company, don’t use any information in the message. Perform your own search online. Ransomware – This is a type of malware that accesses your files and locks (encrypts) then demands payment to unlock them. It’s not suggested that you pay the ransom as this is not a guarantee that you’ll get your files back. Hopefully, you have a secure, offsite copy of all your files so you can recover your data. Viruses – These are harmful computer programs that can be transmitted from device to device. Viruses operate in different ways but they are all designed to create havoc, and some provide criminals access to data on infected devices. If your computer acts irregularly, report this to your supervisor right away. This could be caused by a virus. Spyware – Spyware downloads onto your devices without your permission when you visit an unsafe website or click on a malicious attachment. It can make your computer do things like open advertisements or even track your online movements. Botnets – These are networks of computers that get infected by malware. The criminals can remotely control these botnets to gain confidential or financial information or launch an attack on your network. Spam – This is like getting junk mail but by email. These are unsolicited and unwanted. Phishing – This is where a criminal sends an email that contains a malicious link to collect personal or financial data or to infect your computer with malware and viruses. Spear phishing is where the criminal uses attacks against specific targets to collect information to gain access to IT systems or a list of customers. Spam and phishing messages aren’t limited to email. They also appear on social media sites and in text messages. Think before you act and adopt the motto: “When in doubt, throw it out!” What to do if you become a victim of cybercrime? Report it to the appropriate people in your organization, including your network administrator. If you think your financial account was compromised, contact your financial institution immediately and close your account. Watch for any unauthorized charges in your bank or credit card accounts. Need more help? We’re here for you. These are just some of the protections and service we can offer: Vulnerability Scanning & Assessments Data Loss Prevention 24/7 Remote Monitoring & Mitigation For Cyber Threats A Managed Secure Firewall Multi-Factor Authentication A Security Operations Centers with Network and Endpoint Security Monitoring Log Correlation and Monitoring Endpoint Encryption Identification and Reconfiguration of Improperly Configured Security Solutions Secure Wireless Configurations Quarterly Vulnerability Remediation Efforts IT Security Planning and Milestones Strategic Planning for IT Security Incident Response Management Breach Notification Alerts Backup Solutions to ensure you’ll always have access to your data Security Awareness Training for your employees, so they don’t accidentally expose your organization to cybercrime We hope this helps. Remember, we’ll be posting timely cybersecurity information for you in our Blogs, newsletters and more.
Profile – Viewing – Searching We get questions from our clients about using LinkedIn all the time. And we get so many that we’ve been keeping track of some of the most commonly asked ones. We’ve posted three of them here with detailed answers for you. 1. “Is There A Way To Change How My Profile Is Viewed?” Sometimes you want to change the way your profile is viewed. Perhaps you’re looking for a new job, or you’ve just gotten one. Or, maybe you’re working a second job and you don’t want your boss to see this. With changes in your business life, you want to keep track of what’s important to post on LinkedIn. Here’s how to change or update how people see you on LinkedIn. Click Me Click Settings & Privacy This is what you’ll see… Click the Privacy Tab. LinkedIn will give you half a dozen options to change your privacy settings for changing who can see what information about you. Notes: After you change or disable your profile public, it may take several weeks for it to be added to or removed from search engine results. If you edit the settings of your profile photo from your profile page, then your public profile page will be updated with the new setting. For example: if you change your profile photo visibility setting from Public to Your Connections, that change will be applied to your public profile as well, and your photo will no longer appear as part of your public profile. Likewise, you can update your photo visibility settings while you’re editing your public profile page (or by disabling your public profile). Before these settings were unified, some members entered into inconsistent photo visibility states (e.g., their photo is visible in a public profile in search engine results, but is not visible to most members on LinkedIn), and those members are being prompted to reconcile their settings. The default photo setting is Public. Not all sections of your profile can be displayed publicly. On the Public profile settings page, you’ll be able to see and adjust the sections of your profile that can be displayed publicly. Viewers who aren’t signed in to LinkedIn will see all or some portions of the profile display selections you make on this page. 2. “How Do I View My Post Statistics In LinkedIn?” If you’ve ever posted an article or video to LinkedIn, you can see specific demographics about your readers. To see this stats, just like you did above, click on Me and View Profile. Now, scroll down until you see this Dashboard section. Click on Post views. ≈ Next, click on the Posts tab. Now,, scroll down to one of your articles. On the lower left click the view counter next to the line graph icon. LinkedIn will provide you details of who viewed your article. The stats are broken down by company, title and location. Notes: Your post analytics are available for 60 days from creation. Your article analytics are available for 2 years from creation. Your posts and articles will display a detailed breakdown of the analytics only when they have been viewed by 10 or more unique viewers. Once your post or article has reached the minimum number of unique viewers, your analytics button will appear. The analytics breakdown displays non-unique views. 3. “How Do I Use Boolean Search Terms In LinkedIn?” LinkedIn provides powerful search capabilities. It can take a while to efficiently use the power of people search. But it’s worth taking the time to learn. LinkedIn gives you the option to use Boolean Search Terms to perform more specific searches. You can do this by adding or eliminating elements to the search parameters. (Boolean logic is a system of showing relationships between sets by using the words AND, OR, and NOT. The term Boolean comes from the name of the man who invented this system, George Boole.) Boolean Operators are used to connect and define the relationship between your search terms. When searching electronic databases, you can use Boolean operators to either narrow or broaden your record sets. The three Boolean operators are AND, OR and NOT. Here are some examples of Boolean search strings: infographics AND presentations copyediting OR copy editor Google NOT Salesforce Let’s say you wanted to find someone who is an expert in presentation design. You should use this as a key term in your search. When you do, your search results will come up with anyone who has the words presentation and design in their profile even if the two words are located separately in their LinkedIn profile. But by adding quotes around “presentation design” LinkedIn will only list those people with the two words together in their profile. If you wanted to find someone with expertise in both infographics and presentation design, you would do a Boolean Search like this: “infographics” AND “presentation design”. By adding the AND qualifier, you’ve combined the two terms for your search ensuring that you receive more relative results. Other Boolean Search Parameters you can use for more effective results: “OR” to broaden your search to include profiles that include one or more terms. For example: “Microsoft” OR “LinkedIn”. “Vice President” OR VP OR “V.P” OR SVP OR EVP Parenthetical Searches If you’d like to perform a complex search, you can combine terms and modifiers and use parentheses. For example: design AND (graphic OR presentation) (copyediting OR copy editor) Notes: When handling searches, the overall order to precedence is: Quotes [“”] Parentheses [()] NOT AND OR Important: The + and – operators are not officially supported by LinkedIn. Using AND in place of + and NOT in place of – makes a query much easier to read and guarantees that we’ll handle the search correctly. When using NOT, AND, or OR operators, you must type them in uppercase letters. We don’t support wildcard “*” searches. Boolean search will work in the keyword field in Recruiter and Linkedin.com, and will work in the Company, title, and keyword field in Sales Navigator. “NOT” Parameters If you’d
Considering Working With An Email Marketing Solution To Help Grow Your Business? Email marketing plays a critical role in helping you to reach the right people and expand your client base, share important information with prospects and clients, and promote your services and products. Tune into our complimentary on-demand training and learn what email marketing solution is best. Click Here To Tune In Now An Email Marketing Service Provider has the tools and knowhow to take your email marketing efforts to the next level. Our latest On-Demand Training Video covers ESP 101, discussing topics including: What is an Email Marketing Service Provider? What are the benefits of using an Email Marketing Provider? A comparison of the top EMail Marketing Providers. An in-depth look at the most popular Email Marketing Providers. Questions? Shoot us an email at {email} or give a call at {phone}.
Need a quick refresher or a complete introduction to one of the most popular small business accounting packages? Quickbooks is one of the top accounting solutions available to small businesses around the globe. However, many business professionals only use a small fraction of everything Quickbooks has to offer. During this 30-minute on-demand online training session, you’ll discover many of the top features and tools found in Quickbooks, including: Invoicing Expense Tracking Bill Payments Customers and Vendors And much more This is designed to be an introductory training session for those new to Quickbooks and those who just need to know a bit more of what Quickbooks can offer. If you’re on the fence trying to find a small business accounting package, this session will help you make your decision. Click Here and watch this training If you have any questions regarding Quickbooks do not hesitate you reach out to Hammett Technologies!
This month’s training on demand focuses on helping you find the most accurate information you need on Google. We’ll leave no stone unturned in this 28-minute online training session. Learn how to find answers to your queries and questions right through to advanced techniques using Google. Click the video play button below to get started. Click Here To View Online
Where Did They Go? In 2017, Microsoft planned to release a lightweight version of Windows 10. This was their effort to provide a Windows solution that delivered a predictable performance by using only Microsoft-verified applications via the Microsoft Store. Microsoft also wanted to compete with the Google Chromebook and promote Windows 10 S for use in the K-12 education market. Windows 10 S was initially offered as part of the Surface Laptop which is a premium, and quite expensive product. So, this addition to the education market was quite a leap. Windows 10 S was going to be offered at a reduced price with the option to pay more to “unlock” the full Windows 10 Operating System. But Microsoft changed their minds. They realized that we don’t want to pay extra for something that should have been included, to begin with. On March 7, 2018, they said: Based on customer feedback we are simplifying the experience for our customers. Starting with the next update to Windows 10, coming soon, customers can choose to buy a new Windows 10 Home or Windows 10 Pro PC with S mode enabled, and commercial customers will be able to deploy Windows 10 Enterprise with S mode enabled. What this means is that the Windows 10 S computer has been retired. Instead, Microsoft has decided to incorporate Windows 10 S as a “mode” for all Windows 10 Operating Systems. Microsoft hopes this new approach will make it possible for their customers to start using the S mode. They say that it provides a streamlined computing experience that enhances security and performance across all editions. So, for the foreseeable future, Windows 10 S is now a configuration in the Windows 10 Pro and Windows Home computers. The S Mode will lock down Windows 10, so it can only run applications from the Microsoft Store–essentially, exactly what the dedicated Windows 10 S operating system was intended to do. Microsoft is letting Windows 10 Home users disable the S Mode free of charge. However, Windows 10 Pro customers with S Mode enabled on their device will have to pay $49 to get access to the full version of Windows 10 Pro. Should You Consider Using the S Mode? The “S” in Windows 10 S was supposed to stand for “simplicity.” Its intent was to provide a productive and secure Windows experience. Microsoft says that it’s designed for superior performance. Starting up, streaming HD video and switching across applications is much faster than with Windows 10. Windows 10 S only uses apps from the Microsoft Store and provides a safer browsing capability via Microsoft Edge. Because the applications for Windows 10 S only come from the Microsoft Store, the folks at Microsoft say that it ensures security and integrity. And they say that Microsoft Edge is more secure than using Chrome or Firefox browsers. The Windows Defender Antivirus and other security features in Windows are also included in Windows 10 S. Windows 10 S comes with built-in apps and new features like Cortana, Windows Ink and Windows Hello so you can sign on without a password. It integrates with OneDrive, so you can easily save your files to the cloud and sync them across your other devices. If you decide you want to run applications that aren’t in the Microsoft Store, you can easily switch to Windows 10 Pro (except you’ll have to pay $49 to do so). What Do Others Think About Windows 10 S? Microsoft says that 60% of their users stay with Windows 10 S when using third-party devices. And those who do switch, do so within 24 hours of setting up their device. Those who keep using Windows 10 S for a week or so, end up keeping their device in S mode (83 %). These statistics are for low-end PCs as the only high-end computer running Windows 10 S is the Surface Laptop. These users weren’t included in their survey. It looks like the Windows S Mode is here to stay. But some experts predict that it poses problems for Microsoft down the line. They believe that it’s going to confuse people. While the Home versions offer a free switch path, the charge for the Pro versions could bother users who want more premium devices. Here is another issue with this change— Microsoft says that AV/Security apps will come in the Windows 10 S mode. But what about the AV software from third-party providers? Will these applications run in the S mode? If so, this defeats the purpose of what the S mode is supposed to do. Does this mean that using these apps will hamper the promised performance in Windows 10 S? We’ll have to wait to see how Microsoft deals with this. But for now, it seems like a contradiction. Windows 10 S devices span a price range from $189 to $2,199 (for the top Surface Laptop). It’s not impossible to provide solutions for both low-end and high-end device users, but some feel this will be difficult for people to get their minds around. Windows 10 Spring Creators Update will probably be released with a different name: Windows 10 April Update. However, it’s been delayed while Microsoft rushes to fix a newly-discovered bug. Between the changes with Windows 10 S and now the next Windows 10 update, it seems there’s a lot of “plate-spinning” going on at Microsoft right now.
As of May 25th, 2018, if local businesses aren’t ensuring the highest possible level of data privacy, they’re risking serious financial consequences. The General Data Protection Regulation (GDPR) is coming into effect. What does this mean? All local businesses MUST be ready to take security more seriously than ever before. The EU Parliament approved GDPR in April of 2016 with enforcement set to start in a couple of weeks on May 25th, 2018. Who Must Comply with GDPR? All businesses storing or processing data of people living in the European Union must comply, regardless of where you’re located in the world. The EU is very consumer-focused and always has been. As data travels beyond the borders of the EU, GDPR is designed to help protect citizens as any company, anywhere in the world, is bound by its rules as long as they’re holding data on citizens. Businesses of all types and sizes – from small one or two person shops to multi-national corporations – must comply. There are no exceptions. For those businesses already complying with the Data Protection Act (DPA), they’re one step closer to being in compliance with GDPR. What’s the Risk of Non-Compliance? Local companies who fail to comply with face fines – up to $24 million OR 4% of annual global turnover, depending on which number is higher. In addition to fines, local companies who fail to comply will also face the devastating impact of reputational damage as most consumers won’t feel comfortable working with a company that doesn’t prioritize data privacy. What Do Local Companies Need to Know About GDPR? First and foremost, local companies need to know that compliance is not optional. Every organization should become familiar with the provisions of GDPR so they’re aware of the requirements. Here are a few key facts to know about GDPR: Strict parameters must be followed to receive consent for the use and/or storage of data. These parameters require an easily accessible form and withdrawing consent must be simple. The right to be forgotten enables consumers to request their personal data be deleted and/or erased immediately with all third-parties halting any processing of said data. In the event of a breach, notification must be done within 72 hours of becoming aware of the breach. This means all affected parties must be notified and offered information on the incident. Consumers may request to receive their personal data, in order to transmit said data to another data controller as needed. Companies must ensure data is easily accessible to provide upon request. Data protection must always be considered when designing any system or solution, which means it cannot be an afterthought or addition done after the system or solution is designed. Specific protection is in place for children as they are generally more vulnerable. When storing data relating to or involving children, parental consent must be received for children up to age 16. Essentially, local businesses will have to review their marketing processes in terms of data mining and remarketing. However, those who have already prioritized data privacy will have less work to do to ensure compliance. What Steps Must Be Taken to Ensure Compliance? Assess what needs to be done: Review all requirements of GDPR to understand how the provisions impact your company and/or which departments will be affected. Perform a complete audit: Audit what personal data is collected and stored, where the data came from, and who the data is shared with, then record your processing activities. Update all privacy notices: Privacy notices must be updated to communicate how personal data will be used and collected, as well as explaining the lawful basis for processing personal data. Verify data accessibility and portability: Verify that access requests can be accommodated in 30 days and data can be received in a commonly used, machine-readable format. Review instructions for receiving consent: These instructions will help you properly seek, record, and manage consent for the use and/or storage of data. Work with all third-party providers: You can be held responsible for breaches resulting from non-compliance on a third-party providers part, so work with email service providers, CRM providers, and more. Educate every single staff member: ALL staff members must be educated in case they come into contact with information relating to customers. Lastly, make sure you’re working with a trusted team of technology experts who can help you put all of the tips above into action. You almost certainly WILL require some changes to your information technology environment in terms of how data is stored and processed. A good {city} IT support company will help with this. You need a technology services company {city} businesses trust to help them comply with GDPR. {company} is that technology services company. Call us now at {phone} or email us at {email} to get started.
17 Product Groups Named-Their Production Halted and Update Support Ended After Irrefutable Evidence Uncovered Flaw in Intel Chips. The information about the Spectre attacks came to light back in January 2018. Intel and other technology firms and vendors were made aware of research findings by Paul Kocher from Spectreattack.com and Jann Horn from Google Project Zero. Paul’s collaboration team regarding the chip flaw and the notorious Spectre Attacks were: Daniel Genkin (the University of Pennsylvania and University of Maryland) Mike Hamburg (Rambus) Moritz Lipp (Graz University of Technology) Yuval Yarom (University of Adelaide and Data61) The research findings from Paul Kocher’s team and Jann Horn supported what the U.S. Department of Commerce’s agency, NIST (National Institute of Standards and Technology) found. At NIST’s, National Vulnerability Database website is the research published on January 4, 2018. Take note of these excerpts, the indirect branch prediction and branch prediction in both announcements: CVE-2017-5715 Current Description: “Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.” CVE-2017-5753 Current Description: “Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.” After the findings arrived, on January 3, 2018, Intel responds to Paul and Jann’s security research findings with this disbelieving statement: “Intel believes these exploits do not have the potential to corrupt, modify or delete data.” With the proof in front of them, Intel believed the research reports were flawed and incorrect. The idea of these acts caused by a “bug”, or a “flaw” was not possible. Their explanation was, “there are many types of computing devices, using different vendor’s operating systems and processors. All are at risk of being exploited.” But Paul’s team exploited speculative execution and had solid proof. They experimented on multiple x86 processor architectures. They used the Intel Ivy Bridge (i7-3630QM). The Intel Haswell (i7-4650U). The Intel Skylake (unspecified Xeon on Google Cloud) and finally an AMD Ryzen processor. In every test, the team observed the Spectre vulnerability across all of these CPUs. Similar results on both 32- and 64-bit modes, and both Linux and Windows. Some ARM processors also support speculative execution, and the initial testing confirmed, ARM processors could not pass the test. When they attacked using native code, they were able to read the entire victim’s memory address space, including the secrets stored within it, with ease. When they attacked using Java code, they successfully read data from the address space of the browser process running it, with zero effort. The research evidence was irrefutable. Their results showed there was a flaw in Intel chips. A day later, January 4, 2018, Intel issues updates to protect systems from security exploits. They released this statement: “Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and servers — that render those systems immune from both exploits (referred to as “Spectre” and “Meltdown”) reported by Google Project Zero.” Three months later on April 2, 2018, Intel’s Microcode Revision Guidance is released and what’s inside exposed the truth. In this 19-page pdf document, you will find 17 product groups listed, (color-coded in red), productions halted, and update support has ended. Looking through the guide, you will find the columns listed by Product Names, Public Name, CPUID, Platform ID, Production Status, Pre-Mitigation Production MCU, STOP deploying these MCU revs, and New Production MCU Rev. The pages with the discontinued products are below: Page 4: Bloomfield and Bloomfield Xeon Page 7: Clarksfield Page 8: Gulftown and Harpertown Xeon CO & EO Page 11: Jasper Forest Page 12: Penryn/QC Page 15: SoFIA 3GR Page 16: Wolfdale CO, MO, EO & RO, Wolfdale Xeon CO & EO Page 17: Yorkfield & Yorkfield Xeon When you review the columns, you will see one labeled STOP deploying these MCU revs. Intel’s definition for this column is as follows: Intel recommends discontinuing using these select versions of MCU that were previously released with mitigations for Variant 2 (Spectre) due to system stability issues. Intel also states in their Microcode Revision Guidance Legend: “After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release” “Microcode updates for these products for one or more reasons including, but not limited to the following:” “Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)” “Limited Commercially Available System Software support.” “Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.” As you can see, Intel’s exhaustive investigation could not discredit Paul, Jann and NIST’s research and proof. Intel decided, due to microarchitectures and microcode capabilities, for the specific products listed, not to move forward and release microcode updates for these products. If you own a PC, Mac, or Cell phone, a Spectre attack can affect your device. If you use Cloud Services, your provider’s infrastructure may be vulnerable to a Spectre attack and theft of customer’s data. If your device uses any of Intel’s older microprocessors, you may be shopping around for a new machine.
Experts in the tech world are giving their input on what is planned by state and local Chief Information Officers (CIOs) in terms of security for all of today’s technology. For so long, technology has existed and yet the public has taken its security for granted. But, sometime last year, giants of industry like Cisco Systems, have revealed that plans are underway to bring new and better levels of security to the cyber world. According to Britt Norwood, the head of Cisco Systems’ state, local and education sales for the western U.S., it’s time that technology had some real-life applications.[1] According to Mr. Norwood, the state and local government of the future will rely heavily on technology for its management. From Smart Cities to cloud computing, innovative breakthroughs will change life as we know it. Life will become easier while access to public services will become cheaper and more readily available. A great example is the Internet of Things. All of our medical devices and appliances are now connected via the IoT. However, these devices are extremely easy to hack and that puts consumers at risk. This reveals our ongoing need to implement stronger cybersecurity measures to protect ourselves. The government, along with the private sector now understands the importance of keeping hackers out of our systems, networks, and databases. To address these issues, a host of new and radical changes will take place over the next few years. These include four major areas as cited below. Adoption of the Internet of Things at Community Level There is no doubt that IoT has had the attention of the public sector for a few years now. Informal discussions on the implementation of IoT applications by the government in delivering services to citizens have been underway. Imagine a situation where parking meters are connected and pricing on parking are determined by the time of day. Or even an application that is able to track buses in real time to give accurate information on wait-times to patrons at bus stops. This would most definitely improve the quality of services delivered to the public. Each town and city has its own set of unique problems with delivering affordable, reliable city services. Each jurisdiction may adopt its own unique applications according to what suits them best. These applications will definitely make a positive change in the way cities and states are run. But they must include the best security to protect consumers. Cyber Security Still a Top Priority for Governments With technological advancement comes increased risk and vulnerability in terms of security. It is very important that the government stays on top of it. It would be of no use to continue investing in digitalization and increasing connectivity without having in place measures to address the issue of data breaches. That is why for the last four years the National Association of State Chief Information Officers (NASCIO) in their ‘State CIO Ten Priorities for 2017’ report, ranked security and risk concern as a top priority. According to Yejin Cooke, who is the director of government affairs for NASCIO, security and risk management are not going to lose their importance any time soon. In fact, the public is only now becoming aware of all the threats across the globe that can endanger everything from air flights to ground transportation or satellites. A society cannot operate without knowing for sure that hackers will not have access to our most important sectors. It is vital to have well-organized and comprehensive cybersecurity plans in order to counter major attacks. Some states like California and Michigan have made milestones in terms of well-laid security plans. They are setting the pace for other states. Uploading data to Cloud Priority According to Chip George, NetApp’s senior director of state and local government and education for the U.S. public sector, moving data to the cloud has proven to be a way in which governments are able to deal with financial constraints and legacy technologies. A recent survey by MeriTalk found that 76% of state and local agencies are planning to increase spending on Cloud computing.[2] State and local governments must also consider their environment so as to adopt a model that best suits them. The Cloud has three models: public, private, and hybrid. Data management can complicate issues if governments resort to relying on multiple cloud management providers. In addition, George pointed out that, “Agencies must adopt a data fabric, so that data across all cloud environments is seamlessly integrated and managed with the same set of tools, no matter the cloud provider.” In the future, when governments are trying to evaluate which model suits their needs, they will have to consider these and many other factors dealing with the proper implementation. Collaboration Tools Another mechanism that has become highly prioritized across governments is collaboration tools where centralized resources are optimized. By optimizing and centralizing technology, costs are lowered and a more streamlined cyber security platform is installed. Good collaboration tools make sense. They reduce costs. They put everyone on the same page. Conclusion Technology is here to stay, but it evolves at a rapid rate. Though this is good on some levels, when it comes to cyber security, the experts have not been able to keep up with the hackers. Cyber thieves must be stopped in order for businesses and governments to improve efficiency in service delivery, cut their costs, and protect consumers from cyber criminals. [1] https://statetechmagazine.com/article/2017/02/5-priorities-state-and-local-government-technology-year-ahead [2] https://www.meritalk.com/study/destinationcloud/
As you may be aware, the FBI issued a warning last week about a malware botnet called VPNFilter. This malware originated in Russia and attacks “consumer-grade” routers typically purchased from retailers such as Best Buy andor installed in homes by Internet Service Providers such as Spectrum, Time Warner, and Charter. The malware has not been found to infect commercial grade routers typically installed in your business, such as those from Cisco, Fortinet, SonicWALL or others. If you or any of your staff has one of the following routers installed at home, we recommend the Internet Service Provider be contacted for guidance. At a minimum, the router should be rebooted – and the router password should be changed to one with a fair amount of complexity. (ISP technicians have a reputation for often not changing the simple “factory default” password when they install a router.) In some cases, a router firmware upgrade may be required. The affected routers identified so far are: Linksys (Models E1200, E2500 & WRVS4400N) Mikrotik Cloud Core Routers (versions 1016, 1036 & 1072) Netgear (Models DGN2200, R6400, R7000, R8000, WNR1000 & WNR2000) QNAP (Models TS251 & TS439 Pro) QNAP NAS devices running QTS software TP-Link R600VPN While we are unable to manage the consumer-grade routers targeted in this attack, We can offer you a powerful network security appliance (router/firewall/wireless access point) that can provide commercial-grade protection at your home or office. If you have teleworkers or executives who access your network by working from home, you should be concerned about business risks created by consumer-grade routers. A relatively inexpensive corporate or business-grade firewall is likely an appropriate solution. Please let us know if you would like more information.