Which Tablet Is Best For You: iPad Or Microsoft Surface Go? Microsoft recently announced a new budget-friendly tablet called the Surface Go with a lower price than previous tablets. This new Surface Go 2-in-1 tablet is Microsoft’s attempt to make it more affordable and accessible for consumers. It doesn’t have the muscle of the Core i7-powered Surface Pro, but it’s half the price. To compete, Apple took a similar approach when it lowered the price of its baseline iPad to $329 ($299 for educators). It’s not as powerful as the iPad Pro, but it’s much less expensive for everyday customers. Let’s break down what each of these tablets, the Microsoft Surface Go, and the iPad, offer you and find out what is the best tablet for you. Software How are they similar? Both iPad and Microsoft Surface Go are 10-inch tablets with optional keyboards and stylus pens. They also allow you to use a bunch of apps for both work and entertainment similar to a smartphone. Aside from those similarities, Apple and Microsoft obviously are different in just about every aspect of the software hemisphere. How are they different? The Surface Go comes with Windows 10 S. This is the scaled-down version of Windows 10 created specifically for tablets. It is similar to Windows 10 Home, but can only use apps from the Microsoft’s Windows Store. Consumers are able, however, to upgrade to Windows 10 Home for free and use their Surface Go like a full Windows system. The downside of this is that you can’t then revert back to Windows 10 S later. The upgrade, in the long run, seems worth it, because the full Windows experience offers more flexibility than a tablet-only Windows product. While there’s plenty of software available at the Microsoft app store, it pales in comparison to the amount you’ll find from other sources of Windows software, or the Android or iOS app stores. The iPad uses Apple’s iOS, the same OS used by the iPhone. The iOS App Store features millions of apps of every kind, and you can enjoy the same user experience you do on the iPhone but in a larger version. The downside is that there’s no way to get access to macOS or OS X Mac software that is in the MacBook Pro on the iPad. Display How are they similar? Both tablets have 10-inch screens, and they both are capable of stylus use. How are they different? Apple has much better resolution, but Microsoft has an edge in display size. The Surface Go has an 1800×1200 10.6-inch PixelSense display custom-built for the tablet. The iPad’s 9.7-inch Retina display has a narrower aspect ratio and a higher resolution, 2048×1536 pixels. In simpler terms, the iPad’s screen is slightly smaller than the Microsoft Surface Go, but it is crisper, featuring a pixel density of 264ppi as opposed to the Surface Go’s 217ppi. Processor Microsoft Surface Go The Surface Go uses the Pentium Gold 4415Y CPU, which is a significant move down from a Core series chip. Not enough independent tests have been performed to see how exactly it will compare to the other Surface Pro tablets at this time. iPad The iPad uses Apple’s A10 Fusion chip, the same one that the iPhone 7 used. It’s a generation behind the A11 Bionic chip that the iPhone 8 and iPhone X uses, but it still does an extraordinary job inside a tablet. Storage/RAM The baseline Surface Go boasts 4GB of RAM and 64GB of onboard flash storage, twice as much as the iPad. The baseline $329 iPad features 2GB RAM, 32GB storage. Another edge the Surface Go has in this area is the ability to upgrade. The Surface Go has a microSD card slot, so you can expand storage, unlike the iPad. Size The iPad is marginally slimmer and lighter than the Surface Go. Apple’s 9.4-by-6.6-inch tablet is just 0.29 inches thick and weighs 1.05 pounds. The Surface Go is a tad bit thicker (0.33 inches), a little larger in footprint (9.6 by 7 inches) and weighs a tiny bit more (1.15 pounds). iPad 2018 and Surface Go-Specs Side by Side: iPad 2018 Surface Go: A10 Fusion chip (2.34GHz quad-core) with 64‑bit architecture; embedded M10 coprocessor 1.6GHz Intel Pentium 4415Y processor (7th-gen Kaby Lake) 2GB RAM 4GB or 8GB RAM 32GB or 128GB storage 64GB, 128GB or 256GB storage 9.7in LED-backlit Multi-Touch display with IPS technology; 2048×1536 at 264ppi; 4:3 aspect ratio; supports Apple Pencil Intel HD 615 integrated graphics 10in IPS screen; 1200×1800 at 217ppi; 3:2 aspect ratio; supports Surface Pen stylus 8Mp rear-facing camera; f/2.4 aperture; Live Photos; Panorama (up to 43Mp); 1080p HD video recording; slo-mo (120fps) 8Mp rear-facing camera 1.2Mp front-facing camera; f/2.2 aperture; Live Photos; Retina Flash; 720p HD video recording 5Mp front-facing camera 802.11a/b/g/n/ac Wi-Fi; Bluetooth 4.2; Lightning port; headphone jack 802.11a/b/g/n/ac Wi-Fi; LTE later in 2018; 1 x USB 3.0 Type C; 1 x Surface Connector; microSD; headphone jack 32.4Wh rechargeable lithium-polymer battery; estimated battery life 10 hours (Wi‑Fi), 9 hours (mobile data) 27Wh rechargeable battery; estimated battery life 9 hours iOS 11 Windows 10 Home in S Mode 240mm x 169.5mm x 7.5mm; 469g/478g (Wi-Fi/cellular) 245mm x 175mm x 8.3mm; 522g
With the escalating cyber threats that affect the U.S. Government, the U.S. Department of Commerce issued a Defense Federal Acquisition Regulation Supplement (DFARS) to safeguard the U.S. Department of Defense’s (DoD) unclassified information. The regulation now requires all aerospace and defense companies to be compliant. Roadmap to DFARS Compliance In order to be considered DFARS compliant, organizations need to pass a readiness assessment according to the NIST SP 800-171 guidelines. On average, it will take an organization about six to ten months to become compliant, depending on the organization’s current security status and the available resources they have at their disposal. Planning is the key to ensure success in your DFARS compliance expedition. It is essential to treat this as a major project, with the mindset of having the needed resources and funding set ahead of time. Many companies hire specialists and consultants and this can really expedite the process, plus it can help an organization to avoid common errors. Let’s look at an action plan or roadmap to guarantee your cloud environment is safe and compliant according to the DFARS mandate. Step 1: Calculate Your Organization’s Applicability Key Question: How can your organization stay relevant? Using the controls listed in NIST SP 800-171, document the gaps between your current position and the expected end goal. To ensure your organization is applicable, check off these essentials for Step 1: Review all contracts to pinpoint important DFARS clauses and provisions. Review DFARS to determine the type of CDI or CUI (see Clause 252.204-7012) that applies. Check your applicability with the Contracting Officer as needed. Define what systems, processes, programs, applications, hardware, software, people, etc. fall under the scope of your NIST 800-171 compliance. Step 2: Build a Remedial Plan to Safeguard against Non-Compliance Key Question: What is your current Security Status? In order to stay NIST SP 800-171 compliant, make sure you can put a check next to these measures: Conduct a control gap analysis against NIST SP 800-171. Develop solutions for the identified defects that you find. Meet with your subcontractors and other business partners to make sure you are both on track and in step for compliance. Step 3: Implement Your Remediation Plan to Ensure Compliance Key Question: Have you developed a plan of action to track your progress? Developing a system security plan will give you the peace of mind in knowing that you are going to be compliant. You won’t have to worry about fines and penalties. Develop or revise controls as needed to remedy the control gaps with NIST SP 800-171. Organize your validation testing after remediation is completed to confirm controls are designed and operating effectively (You then need to make sure you have the agreement of your Contracting Officer). Step 4: Continuously Monitor and Follow-Up Key Question: How do you maintain constant monitoring to ensure compliance? Establishing a plan to effectively monitor your compliance can be achieved by doing the following: Use tools, templates, reports, and metrics to develop an ever-flowing monitoring program. For accountability, organize monitoring activities and provide status updates to significant investors on your performance and progress. Conclusion: To Be DFARS Compliant, it is important to remember to set controls in place for current systems and data, while remembering the need to cover new systems and data as they are created. If you fail to keep this in mind, you will assuredly find yourself falling short of compliance. There is a propensity within organizations to place an emphasis on the controls during the implementation phase, but once the system is up and running, they tend to take their foot off the gas and eyes off the road. Sustaining constant compliance is a never-ending process. You must continuously make sure that new data and systems are effectively classified and that the correct controls are applied. Once DFARS is running and business returns to normal, a high level of attentiveness must be maintained to guarantee the safety and compliance of your organization.
Password-Stealing Malware The acquisition of user IDs has become much easier for cybercriminals in the globalization era. A variety of methods can be used to steal passwords, including spyware, keyloggers, and phishing attacks. This can lead to the total loss of essential data held in company or private databases. Most of the methods used by these cyber criminals involve the use of malware that has been designed to steal user credentials. Based on the objectives of a particular cybercriminal, a variety of malware methods are applied to fulfill those goals. A significant proportion of methods used to steal user credentials consider the use of malware. Additionally, phishing attacks use malicious attacks through communication channels such as emails where malware-loaded websites are disguised as genuine ones to trap unsuspecting users. Other types of attacks include spyware and keylogging which, for a variety of incidences, has been observed to continually grow in both complexity and frequency of attacks. Signs of a Malware Infected PC One of the diagnosis methods of identifying whether a computer is infected with a virus is through the observation of random pop-ups and significantly increased booting time. Instances like these are associated with spyware configured to steal essential data from users without them noticing. The objective of using spyware on user PCs is to ensure that information stored in browsers and other sensitive areas is well camouflaged. This includes communication channels such as email. Cyber crooks will attempt to acquire your passwords without you noticing that anything is wrong. Though this seems like a flawed technique that wouldn’t work all the time, the truth is that it works exceptionally well. For instance, 158 million social security numbers were stolen in 2017. That doesn’t include all the other types of records and data stolen from individuals and companies. Malware Injection Technique For reliable security dodging methods, process injection is a method of integrating malware and lifeless adversary strategy in trade-crafting accounting for the integration of custom codes within the address bars of other processes. The variety of injection techniques includes the following methods. Portable Executable Injection Shellcodes and Create Remote Threads are among strategies used in malware injection where malicious codes are copied into accessible active processes commanding them to execute as the originals. Through this strategy of attack, the malware does not require writing malicious code on a disk. Instead, it does so by calling Write Process Memory on the host procedure. The impact of this procedure is that the injected code copies its PE to another process with an unidentifiable base address commanding it to re-compute the original addresses of its PE. Process Hollowing Process hollowing is a technique that malware applies to take into account the mapping or hollowing out of the primary code from within the memory of the target’s procedure while overwriting the memory target process with an executable malicious code. The function of the malware is to create a new process designed to host the malicious code presenting it in a hanging form awaiting for the Resume Thread Function to be called in order to execute. This process leads to the switching of the original file contents with the malicious payload. Processes used for mapping the memory include two API examples, the ZwUnmap and the NtUnmap Views of Section. In order to succeed in assigning new memory for the malware, this procedure takes advantage of the malware’s unmapping of the memory and proceeds to execute the loader, VirtualAllocEx that facilitates the application of the malware to the Write Process Memory on the identified vulnerable target. Classic DLL Injection Through Create Remote Thread And Load Library This technique is among the most popular method used in malware injection into other processes. By commanding the implicit address space to process the malware code using the dynamic-bond library, the approach facilitates the creation of Remote Threads in the target process through process loading. The primary objective of the malware is to target a process for injection. This procedure is generally performed through a search of the processes to call a trio of APIs that include CreateToolHelp32Snapshot, Process32 1st, and 2nd. The specific functions of each of these APIs include the cataloging of heaps and returning a snapshot, retrieval of the first process, and the iteration through the previous two processes respectively. After successfully allocating the target process, the malware is able to execute through Open Process calling. Conclusion This article reported on a number of techniques used by malware attackers in concealing unauthenticated activities in other processes. Two procedures are observed to facilitate the functionality of malware and include open injection of a shellcode on another processor or the command of other processes to load malicious libraries on behalf of the malware. Cyber thieves are constantly updating their attack procedures to stay one step ahead of IT professionals. That makes locating and eliminating malware threats a full-time job.
How Useful Are MSPs? Managed Service Providers in the field of Information Technology have a more critical role than other business organizations. There are important things to consider when it comes to IT, and these are: Reliable IT staff-able to conduct routine maintenance such as updating and installing hardware and software. Availability-sometimes an organization needs a system that can support their business on a 24/7 time basis. Especially if engaged in international business and there is the issue of different time zones. This may call for staff that is able to meet this demand. Generate Income-ensure that whatever technology you are using in your organization is able to pay you back and not the other way round. This is achieved by simply weighing the available options and making the right choice as to the type of technology most suited to properly run your organization. Why do you need MSP? Organizations prefer having in-house IT staff because it is cheaper to have an employee on pay role than hire an IT firm to manage your network. What most entities don’t know is that they could be missing out on better services than just the routine maintenance and updating of software. There is a whole lot more in the tech world, so instead of overwhelming your IT staff and missing out on new developments, the managed service providers do the extra that will boost your business to higher levels. Here are the reasons why you should consider MSPs: Specialized support: depending on the kind of organization you are running, they custom make for you the most suitable IT system. They are aware of the statutory regulations in your area of expertise and so ensure that your technology is in compliance. Examples of those regulations include: the Health Insurance Portability and Accountability Act (HIPAA), which is very critical in an organization dealing with Healthcare in the United States of America. Also, the General Data Protection Regulation(GDPR), which is a regulation in European Union law on data protection and privacy for all people within the European Union and the European Economic Area (EEA). These are just a few of the considerations that an MSP takes into account when managing and maintaining your technology. Reliable support which provides a 24/7 help desk to deal with client issues. This is basically an IT firm’s work; it is what they specialize in. They give it their all as compared to your organization’s IT staff who would not appreciate being disturbed in the middle of the night just to handle a client issue. It would also be very expensive to try and employ staff who are able to provide services over time. Security and privacy of client data are guaranteed since the IT staff in the managed service providers are experts who are well equipped and ready to handle issues of a security breach. To top it off, your organization will not have to worry about the legal liabilities that may arise in case a security breach occurs. System back-up and data recovery are well handled by the MSP because they have the resources to conduct research and come up with mechanisms to deal with network issues such as downtime. Small entities do not have to worry about spending additional resources on top of what is already lost in trying to establish better mechanisms in terms of what should be done in those situations. MSPs will ensure that you get back on your feet as soon as possible in situations where issues like downtime affect your business. Software updates are as important in IT as regular service on a car. Needless to say, they are a bit complex and time-consuming. MSPs help you to focus on other important things as they update your software in the background. They know which one is best suited for your organization to give you optimum benefits. It is very expensive trying to hire the services of an IT firm for a specific task or during an emergency. You could save on these expenses if you are relying on a contracted managed service providers. They are reliable and efficient because they understand your business environment and so handle emergencies beforehand by devising workable, tried and trusted mechanisms. Wrap up Technology has become an integral part of every organization. The best way to ensure that you are maximizing its benefits is by acquiring and managing the right technology suitable for your organization. That is exactly why you need the managed service providers to do all your IT work. You worry about running your organization while they help you boost your business through IT. The collaboration between your organization and an MSP firm will simply provide you with stability and reliability in your network.
Are You Prepared for Windows 7 End of Life? Windows 7 has been one of the most successful operating systems developed by Microsoft. Its resilience has been boosted by many conspiracies and controversies surrounding Windows 8. In fact, millions of organizations skipped the Windows 8 upgrade and stuck with Window 7. Many businesses are still not convinced that Windows 10 is any better than Windows 8. Even though there are numerous valid reasons to stay with Windows 7, it’s time to start preparing for the inevitable upgrade. January 2020 will be the end of the road for Windows 7. This means that Microsoft will put an end to Windows 7 security updates, bug fixes, and all support, thereby implementing its end of life. Until then, you can enjoy the operating system’s extended support as Microsoft works on phasing it out. As of now, the manufacturer is still offering paid support for the operating system but has terminated all the complimentary updates that come with the product license. Support Status for Windows 7 Like many Microsoft products, Windows 7 came with a predetermined support timeline. It’s good to know a product’s support lifecycle so that you know when to upgrade. The conventional mainstream support for Microsoft’s operating system stopped developing Windows 7 updates on January 13, 2015. This means that Microsoft no longer provides bug fixes and security updates for the operating system. With that in mind, the company will still provide some security patches through the extended support phase. This extended support period will run until January 14, 2020. After this date, there will be no more security fixes and updates thereby marking the official Windows 7 End of Life. However, there’s absolutely nothing stopping you from using Windows 7 even after its End of Life. But you should know that using an outdated operating system makes your computer vulnerable to cyber-attacks. For instance, many organizations that stayed with Windows XP long after the expiry of its lifecycle suffered serious cyber attacks from infamous hackers like the WannaCry ransomware. There’s a good chance that attackers are already working on how they can exploit the vulnerabilities that will be created when Microsoft ends their extended support period for Windows 7. Why Microsoft has to end Windows 7 support Microsoft has a policy stipulating how the life of a product starts and how it ends. Normally, the life of a Microsoft product begins when it is released into the market and ends when the company stops providing support. This is how Microsoft OS lifecycles start and end. More importantly, Microsoft needs to sell its latest operating systems, which are Windows 8 and Windows 10. To do that effectively, they must preside over the death of the older operating systems. The tech giant has already started blocking updates through some machines so it may be necessary to start preparing now for the eventuality that you may not be able to get any new updates. What Windows 7 End of Life means to you Imagine using a product that a company doesn’t want to take responsibility for anymore. You’ll be using the product at your own risk. This means that Microsoft will not take responsibility for loss of data due to security breaches on Windows 7. New Malware is developed daily so it’s important to understand that anyone continuing to use Windows 7 could be more vulnerable. Without regular patches and security updates, you’re basically at the mercy of hackers. Most users don’t want to take the risk of losing important data and having to deal with a cyber breach. Preparing for Windows 7 End of Life Now you know that the Windows 7 OS will not be a safe product to use over the internet in a couple of years. So you have to ask yourself if you’re ready to move into the future with the more modern Windows 10 operating system. Windows 10 gets regular patches and updates to keep it secure. It will install on most devices and machines with no problems or issues, but Microsoft does have a vast array of help and support documents on their website in case you run into trouble. For enterprise upgrades, it’s best to seek the help of an IT professional. This is a good way to ensure that everything is upgraded correctly and that all firewalls and antivirus are in place and working optimally. Depending on what type of hardware and software you’re using, you may need to take specific steps to make sure everything is fully compatible. Wrap Up We all dislike change; it’s just normal. But when it comes to something important like your operating system, your company and staff will benefit by having the latest Microsoft products installed. Each year, all-new features are added to Windows operating systems to make them easier to use and give users a better experience. Once your team knows how to use all these great features, they can save time while producing better documents, spreadsheets, PowerPoint displays and such.
Pricing Out a Managed IT Services Plan: What You Need To Know? Developing a cost-effective and customized price plan for managed IT services It’s no surprise that any modern business is – to some degree – dependent on technology. No matter what kind of devices your organization uses or the kind of work your organization does, making sure your technology is up and running to support operations is critical. Even more critical? Determining the right kind of IT support to match organizational needs and determining the right price to pay for it. Like with any other managed service, pricing out IT support services must reflect the unique needs and realities of each business. There really is no ‘one-size-fits-all’ managed IT price plan. Professionals looking to price out managed IT services need to adopt an informed and proactive approach. Don’t wait until a disaster happens to start pricing out managed IT support. The first step is determining what you need – and that means taking a detailed IT inventory. Strategic Spending: How Taking a Tech Inventory Will Help You Price Out Managed IT When you go to the grocery store, it’s common practice to make a list. Otherwise, you find yourself wandering the aisles, unsure of what needs to be stocked up at home. You end up getting home with a bag full of things you didn’t need and realize you forgot some of the main items you went to the store for. It sounds simplistic, but pricing out your managed IT service plan should follow the same logic You don’t want to dive headlong into pricing out a provider before you know exactly what you need. How many computers and devices does your company use? Do they all need to be monitored? What about software and hardware updates – is your organization behind the times and in need of rejuvenation? Do you need round-the-clock support or are you looking for help on an as-needed basis? Asking yourself these questions will make pricing out managed IT services much easier. Even better? It will help ensure that you don’t end up with a wealth of services and features that you don’t need or that don’t apply to you. This way, when you meet with providers, you’ll be armed with a clear idea of what’s required and what isn’t. Being proactive and thorough is the best way to start a transparent and productive pricing conversation with potential providers. Comparing Existing Models: Understanding the Pros and Cons of Each Once you understand the extent and type of IT support services you require, exploring the existing pricing models is a great next step. There are five main pricing models that organizations choose from. Each has its own benefits and drawbacks. However, the ultimate usefulness of each will vary based on the needs of different organizations. Let’s explore some of the leading managed IT service pricing models: Per-Device/Per-User The per-device or per-user pricing models are celebrated for their flexibility and simplicity. On the per-device model, you pay a flat rate for a device that is supported and monitored by the IT partner, including desktops, laptops, servers, smartphones, tablets, etc. Per-device models are attractive in that they offer the easy adding or removing of devices as needed. However, it’s a good idea to do some research and ensure the per-device rate you’ve been offered is set appropriately based on market realities. On the per-user device model, a flat rate is issued for each user or employee at your organization – no matter how many or what kind of devices each person uses. Per-user pricing models are attractive because they simplify the billing process. However, if your user base is continually growing and each user is starting to use two or three devices each, keep in mind that your managed IT partner may want to revisit cost-margin considerations. Value-Based Flat Fee Flat-fee, value-based pricing models are becoming more and more popular in the managed service sector. Often referred to as ‘cake’ pricing, the value-based model offers organizations ‘full-service’ coverage instead of separated and specialized components. On this model, you truly do ‘buy the cake’ rather than the ingredients you need to make it. Value-based pricing models are great options for SMBs since the model offers wide-spread, comprehensive coverage and services. Under the value-based pricing model, your managed IT partner essentially takes on the role of your outsourced IT department. They take care of everything for a singular flat rate. Keep in mind though, that if you select this option, you must trust your managed IT partner to cover all your bases and provide adequate full-scope coverage as your IT needs evolve. Tiered Under the tiered pricing model, managed service providers offer a variety of service packages, ranked using levels like Bronze, Silver, Gold, and Platinum. Each tier includes a specified range of services and support. This makes it easy for business owners to check out the specs of each package and choose one that is both cost-effective and tailored to their specific needs. Do keep in mind, however, that sometimes service packages will contain some things you need and some you may not. While its possible, pre-established tiered service packages may not always be a flawless fit with your needs and budget parameters. When using this model, its best to select the service tier that gives you as much relevant support as possible while staying inside your cost margins. This way you’ll avoid investing in services or fancy solutions that you don’t want or need. A-la-carte The a-la-carte pricing model works just as it sounds. You’re able to build-your-own service plan based on the supports and solutions that you require and nothing more. This is perhaps the most celebrated model as it offers maximum flexibility and customization for organizations. However, when using an a-la-carte pricing model, it’s a great idea to consult with a third-party expert to ensure you have all your bases covered. The last thing you want is to draw up a service agreement, thinking
On July 4th we as Americans honor the formation of the union we call The United States of America. Whether enjoying the holiday at the beach; a backyard barbeque; watching a fireworks celebration in the city; working hard in the office or shop; or marching in a local community parade; we all celebrate the birth of our great nation together as one. Here’s to our beautiful lakes, our majestic mountains and everything that makes American the greatest place to live! For anyone who’s not American, or new to our country, here’s what Independence Day is all about. Independence Day is celebrated each year on July 4th. It’s often known as “the Fourth of July.” It’s the anniversary of the publication of the declaration of independence from Great Britain in 1776. In 1775, the people of New England began fighting the British for their independence. On July 2, 1776, the Congress secretly voted for the country’s independence from Great Britain. Two days later, on July 4, 1776, the final wording of the Declaration of Independence was approved, and the document was published. The first public reading of the Declaration of Independence occurred on July 8, 1776. Congressional delegates began signing it on August 2, 1776. Fifty-six congressional delegates signed the document. The delegates signed by states from North to South, beginning with Josiah Bartlett of New Hampshire, and ending with George Walton of Georgia. Some delegates refused to sign the Declaration, including John Dickinson of Pennsylvania, and James Duane, Robert Livingston, and John Jay of New York. Some opposed the document but signed it anyway to present the appearance of a unanimous Congress. This included Carter Braxton of Virginia, Robert Morris of Pennsylvania, George Reed of Delaware, and Edward Rutledge of South Carolina. Five delegates were absent including Generals George Washington, John Sullivan, James Clinton, and Christopher Gadsden, as well as Virginia Governor Patrick Henry. John Adams sent a description of how Independence Day would be celebrated in a letter to his wife Abigail on July 3, 1776. He described “pomp and parade, with shows, games, sports, guns, bells, bonfires, and illuminations” throughout the country. An interesting note: Thomas Jefferson and John Adams, both signers of the Declaration of Independence and presidents of the United States, died on July 4, 1826, exactly 50 years after the adoption of the Declaration. For our Help Desk employees, Independence Day is a workday. We plan to celebrate the 4th just like the rest of our countrymen (and women!). But we do this by being here if you have any technical issues. Our Help Desk is your front-line support for submitting incidents and service requests. We say that we operate 24/7/365 and we mean it – Independence Day, Memorial Day, Christmas, New Year’s Day, Easter – no matter the holiday or day of the week. You’ll have direct access to the IT professionals who help you onsite and provide the advice, guidance, and rapid restoration of services you need to keep your business running. When you call, one of our agents will log your request into our IT service management system and either resolve it for your then or escalate it to the next level of support. You have the option of reporting an incident or service request by email or by contacting us by phone. When you do, this will generate a “ticket” in our IT service management system. Once the ticket is created, you’ll automatically receive an email receipt confirmation with your ticket or reference number. This confirmation tells you that your request has been logged at our Help Desk and that it’s been assigned to a tech specialist who knows your business and is experienced in your particular IT issue. Here’s what we ask that you provide when submitting a request to our Help Desk: Your name, business name, phone number, and email address. A detailed description of the problem or concern. Whether the issue you’re experiencing affects only one user, many users, your entire office or multiple offices. The impact your issue has on your business, including whether any critical applications have been affected. Anything you or your staff have done to try to resolve the issue before contacting us. Prioritizing Tickets It also helps if you prioritize your need. Here’s an example of what we mean: Non-Urgent: Your problem is minimal and doesn’t impact your ability to work. It’s something that you could wait to be addressed within the next week. (For example, you’d like us to provide a new piece of computer equipment for you.) Normal: The IT issue has some impact on your day-to-day operations. However, you could wait for two days for it to be addressed. (For example, you’d like us to help you find a better way to use an application or replace it with a different one.) Urgent: The issue you face has a significant impact on one user’s ability to work. You need help sometime during the workday. Emergency: This issue has a significant team-wide impact on your staff’s ability to work. Multiple employees are affected. You need help as soon as possible, no matter if it’s after hours, over the weekend, or on a holiday (like the 4th of July). This is for things like outages and downtime. Please do your best not to prioritize something as “Urgent” or “Emergency” when it’s not. This helps us get to those really urgent requests much faster. We want you to know that you and your staff can enjoy Independence Day with the peace of mind that our Help Desk is always here for you. Happy 4th of July everyone!
The Top 5 Cybersecurity Risks Your Company Hasn’t Considered Exploring the leading cybersecurity threats facing business professionals today There’s no getting around the prevalence of cybercrime today; it’s happening more and more, all across the globe. Even worse? The identity thieves and malicious attackers lurking behind the scenes are getting better at exploiting weaknesses to get their hands on confidential business data. Understandably, business owners are often scrambling to ensure they’re doing enough to keep security tight. Maybe they invest in some “total solution” software or perhaps they overload a tech savvy employee with IT security work. Some business owners simply decide to roll the dice and hope for the best. Whether it’s doing too much or too little, business professionals often get caught up in a less-than-ideal approach to cybersecurity. So, with all the horror stories in the headlines about companies and government agencies getting breached, what’s a business owner to do? The key is to remain focused and strategic so you can put together a level-headed plan. This involves taking a closer look at some of those gargantuan cyber threats we often forget about. Narrowing Down the Doom: 5 Concrete Risks You Can Focus on Fixing Today In order to develop a realistic and strategic approach to cybersecurity, you have to cut out all the noise. Put the headlines and your own fears to the side and try to stay focused on the things you and your staff can control. Think long and hard about the various ways cyberattacks could occur in your organization and then consider how you can work to close the gaps in each section. Check out these Top 5 Security Risks that your organization must be carefully managing: 1. Your own team No one likes to admit that internal risks exist, but the reality is that employees are the weakest link in the cybersecurity chain. Sometimes these internal threats are malicious, but most often it’s a matter of ignorance and carelessness. In fact, human error is the catalyst for the vast majority of cyber-attacks on businesses. The reality is, an uninformed and unprepared team can have drastic consequences for your organization’s cybersecurity. You may have employees who are more likely to click a malicious link or download a bad file from a phishing scam. Perhaps your team receives fraudulent business email compromise (BEC) scams that seem legitimate. No matter the error, your workforce – when uninformed – can put your organization at serious risk. How to tackle an uneducated team: The best way to counteract employees who aren’t in the know is to teach them! Yes, this will require some investment of time and resources but in the long run, your organization will be stronger and more secure. Find ways to get your team on board and help empower them to be cybersecurity superheroes. Help them determine how to identify threats and create an environment for open and honest communication about suspicious activity of any kind. With an informed and vigilant team, your cybersecurity woes will be reduced significantly. Password malpractice Passwords are supposed to keep your organizational and employee data safe and secure. But when’s the last time your team changed their passwords? Is there a culture of password-sharing or posting in your office that threatens security? For that matter, have you and your team ever had an open conversation about choosing strong passwords? These are questions you must ask yourself in order to get on top of password malpractice. How to manage password malpractice: Like with any other part of your business, best practice for password management is to have standard operating procedures in place to ensure your team knows what is expected. Make it a rule that passwords must be kept private and changed on a 30 or 60-day basis. Mark calendars with password change dates and makes it a group activity. Make it a rule that passwords must be unique and not repeats of old passwords or other accounts. Ensure there is a chain of command for access and control – superiors should never be sharing login credentials with employees – no matter how convenient. Finally, consider setting up two-factor authentication at all endpoints to add an extra layer of verification security. 2. Patch procrastination In an increasingly digital workforce, hardware and software updates seem to pop-up daily. However, it is becoming blatantly clear that updated software and hardware are a critical part of maintaining strong cyber security. Why? Because updates very often include patches designed specifically to fix security holes or glitches. Who can forget the massive WannaCry scam from 2017? Even though a patch had been released in March, it had not been installed on countless machines who were then infected by the virus in May. Even with the high profile WannaCry case, it is still common practice for many business professionals to avoid or put off software updates. Sometimes there is fear of change or increased technical issues once an update is installed – and this can happen. However, for the most part, updates are designed correctly and will work wonders by patching unseen security flaws. This can make a huge difference in keeping your network secure. How to stop patch procrastination: Again, schedule your updates and mark them on calendars as much as possible. Taking the time to make a physical note will help emphasize the importance of staying on top of patchwork. Most importantly, when your machine gives you a reminder to install an update – install it! Get out of the habit of clicking “Remind Me Later” – your network will thank you. It’s not just about security either. Staying on top of updates and patches will help your systems run at optimal capacity at all times. Make updates to your new habit and explain this priority to other administrators. 3. Other organizations This is perhaps the biggest risk that business professionals often forget. It’s not just your own cybersecurity practices you should be worried about – it’s the other companies you work with.
Cyber Hacks on DNA-Testing Companies Raise Fears about Genetic Data Privacy DNA-testing companies the latest to be targeted by cybercriminals Stories of businesses getting hacked by cybercriminals are pretty much par for the course nowadays. Increasingly, companies who collect and store large amounts of user data are prime targets for malicious and greedy hackers. From social networking sites to ride-share companies, large stores of user data are one of the hottest commodities on the cybercrime market. MyHeritage hack: Over 90 million users affected One of the most recently reported attacks saw the email addresses and passwords of roughly 92 million users hacked. MyHeritage – an international company based out of Israel – is a DNA testing provider that offers customers the unique experience of determining the specific makeup of their ethnic ancestry and lineage. The MyHeritage hack stands out among others for the very obvious fact that the company doesn’t simply collect basic user info like emails and passwords – it collects and stores mass amounts of genetic DNA from subscribers. Now, it must be noted that the MyHeritage attack only saw the theft of user emails and passwords. According to the company, none of the genetic data and DNA information provided by customers was compromised. Nonetheless, the attack serves as a critical reminder that nearly any kind of data stored on servers is at risk of being hacked. The hack – which occurred in October of 2017 – was only identified and reported to the company by a security researcher seven months later in early June of this year. With about 92 million users affected, MyHeritage has been in damage control mode ever since. While representatives for the company claim there is no evidence to suggest the attack was malicious, they’ve admitted they can’t know for sure. No genetic data affected, but can it be protected? It’s important to remember that none of the genetic data collected by MyHeritage was hacked. In fact, most genetic data is stored separately and organized anonymously using a numbered barcode system. However, as cybercriminals continue to become more sophisticated and as user data becomes more valuable, companies will be required to work harder to keep even seemingly secure data safe. Especially when the data being collected includes genetic profiles of users. MyHeritage has been taking steps to tighten cybersecurity protocols and increase user-controls and account security settings. A forced password change for the nearly 100 million affected users arrived by email. Additionally, the company has facilitated two-step verification controls to ensure user logins are better managed. However, some experts argue that this could have been set-up proactively to mitigate hack risks ahead of time. Rob Verger, the Assistant Tech Editor at Popular Science Magazine raised a valid point in a recent interview. “If they can’t protect user data,” Verger said, “what makes them able to protect the genetic data?” Going digital: Balancing benefits with risk in the modern marketplace There’s a balancing act to be done when considering cases like these. There’s no denying that the electronic storage of data has been an asset – especially to the health and sciences industry. Doctors across the nation are making moves to paperless Electronic Medical Record (EMR) systems that make the patient experience more efficient and organized. Genetic testing companies have been revolutionary in their ability to efficiently and privately connect customers with priceless genetic information. So how do you know when to draw the line? How can individual consumers reap the benefits of these technologies without leaving themselves open to invasions of privacy? According to Verger, the best strategy when giving out personal data is caution and a second thought. “People should be careful about the types of information they give these services,” Verger said. “If your biggest nightmare is having your email address all the way to your ethnic history being hacked, then you shouldn’t subscribe to these companies or provide data.” At the end of the day, what matters most is how the users were affected and how MyHeritage responded. When it comes down to it, users have a right to be wary. Not only about the attack, but also about the incredibly long time it took for the hack to be identified and disclosed to users. Identification by a security researcher, seven months after the fact is hardly what anyone would call a vigilant cybersecurity effort. While MyHeritage is doing their best to rectify the situation and beef up security efforts, the doubt caused by the hack is understandably unsettling for affected users and potential consumers everywhere. Walking the tightrope in an increasingly digital world It’s no secret that today’s cyber-climate is more populated, dynamic, and personalized than ever before. The efficiency and customization that the online market offers are unparalleled. However, there is an underside to all this innovation that must be remembered. Service providers and their advertising teams are constantly looking for the most dynamic and personalized ways to advertise to their target markets in these online spaces. This means collecting as much data on their consumers as possible and at whatever cost. Consumer’s digital fingerprints are increasingly valuable to companies across the digital market. If a company wants to get a consumer’s attention on the information highway, they know they need to personalize the experience as much as possible. This means that all the bits of data entered into your browser become fingerprints to help identify and sell to you. In this competitive climate, genetic testing companies face an increased risk simply because of the personal nature of the data they collect. Having the genetic makeup of over 90 million consumers is an advertising goldmine, not to mention other potentially dangerous motivations of more malicious hackers. The bottom line? Users need to think twice and be vigilant about the data they choose to share. “It’s a double-edged sword – EMR and genetic testing can help medicine,” Verger reiterates. “However, nothing out there is perfect,” Verger claims. “Things kept on servers can possibly be hacked or compromised
Check Out These Pros and Cons First. Many of today’s business owners have decided to move their IT infrastructure to the cloud. In a large company, the number of services and workloads can be staggering, making the transformation a hugely complex procedure. Even in smaller businesses, there are pitfalls to be aware of. If you know about these before you begin, then you can avoid some costly mistakes. Remember that all clouds do not have silver linings. Some are just big ole thunderclouds that are about to dump 10 inches of rain on your parade. If you understand the issues and complications that can crop up, then you can bring your umbrella and escape getting all wet. If not, you may be in for some rainy days ahead. What are the benefits? Migrating to the cloud can deliver some “big-company benefits” that small businesses need these days in order to compete in the global marketplace. However, as many business owners have learned, there can be security issues, unexpected costs, and other snafus. The most successful cloud migration approach involves careful planning. It’s often a great idea to engage with some experts in cloud technology to help you. These experts understand what’s required and they’re familiar with cloud best practices. They can help you optimize the migration process. You also need clear heads who can keep you on the right road. Why are you moving to the cloud? Most business owners will answer that they’re hoping to reduce their infrastructure costs. That’s a good reason and the primary motivation behind most moves. The problem is that somewhere during the move, it’s easy to lose sight of these basic fundamentals. Cost reduction does occur for most companies but it’s not a guarantee. If the process is carried out incorrectly and/or the wrong cloud management maturity roadmap is followed, you could wind up in a ditch instead of on cloud 9. The hybrid infrastructure strategy Digital transformation and hybrid architecture – these are terms that many business owners struggle with. Though you’re probably an exceptional CEO, manager, or small business owner, if your expertise is not in the realm of Information Technology, hire a pro. In the midst of moving to the cloud, you need to know that everything is being done according to best practices. The diverse environments of infrastructure and operations (I&O) present numerous challenges. Before you move everything to the cloud, consider the following: The full cost of this process including hidden expenses On-premise vs. public cloud The security of your data Bandwidth availability Ownership of the data Availability of moving the data Developing a multi-year strategy that includes ongoing ROI The cloud roadmap In order to seamlessly migrate your physical infrastructures to private, public, and multi-cloud environments, you must first decide which services and applications are best suited for the cloud. Not every application is a good fit for the cloud. A good operational model will help your select the right services and apps based on their unique requirements. In other words, you need a good solid roadmap that outlines what will be moved, when it will be moved, and whether you have the right security to protect all your data throughout the process. This is especially important in industries where compliance is a factor, such as the healthcare industry. One HIPAA violation can be expensive but a good IT specialist will make sure that all data both in and out of the cloud is well-protected. Assess the risks Begin your cloud journey with an assessment of your current business network and IT technology. Include your current resources, along with the maturity of your processes and people. Consider these questions: Which services and applications can best benefit from migrating to Azure, AWS, or other cloud platforms? How will you manage third-party vendors to prevent data leaks? Do you have an IT team or outsourced IT provider with the right experience for this job? Should you migrate everything at once or do it in stages? Have you considered whether your new cloud environment is viable for both the short- and long-term? Can your new cloud infrastructure support growth? Hybrid infrastructure offers unique benefits to business owners. But it’s not a solution that will fix every IT problem you have. Instead, it’s more of a strategy for ensuring that your business can compete in a global marketplace. Cloud solutions and hybrid architecture aside, no one can predict the future. But it’s a good bet that cloud technology will evolve rapidly and your new cloud solution should be able to grow right along with it. That means flexibility. And, it should continuously assess your network security and compliance to relevant regulations. One single data breach these days can cost a million dollars. What to do next Before you take the next step, it can be highly beneficial to engage with cloud experts who have completed this journey for other companies. When you work with experienced professionals, they’ll guide you down the right path. As you move your applications and services over to the cloud environment, they will advise you every step of the way. This can eliminate a lot of the worry and stress, plus it usually helps you to complete the process without wasting precious time, money, and resources. Know where you’re going before you begin your journey and the cloud transformation can be an exciting new adventure for your business.