Hackers getting into your Android devices through a pre-installed backdoor can get full access to your smartphone and potentially computer network If you are using an Android smartphone in business, you may want to think again. BitSight just reported that certain Android smartphones are vulnerable to hacking, as the Over-the-Air update mechanism is insecure. This potential for hacking is reported in lower priced Android devices, particular from Best Buy and BLU Studio G. This finding means that almost 3 million people throughout the world using Android smartphones are at risk for being attacked by a hacker accessing their phone remotely. This is possible because they have discovered a pre-installed backdoor that contains root privileges. This allows the hacker to gain complete control of the phone. The OTA mechanism that is prone to hacking is found in phones made by Ragentek Group out of China, and the hidden binary contained within provides information to the hacker regarding the user and sets up the potential for the hacker to use the device as a privileged user. This flaw in the Android devices has been hidden well, using a number of techniques to ensure that the binary wasn’t uncovered. A person who wants to hack your Android smartphone can gather all of your personal information off of the device, erase your device remotely, and then use the information gathered to access your business database in order to steal further information. With close to 3 million devices that have been discovered that contain this dangerous rootkit, the outcome could mean a disaster for many Android users. This has been a recurring problem for Android smartphones, as this is the second time this week that investigators have uncovered pre-installed backdoors on Android devices. These devices are sending huge amounts of data to servers in China, and the set up allows your system to be run remotely.

Remove PPTP VPN before upgrading to macOS Sierra & iOS 10 If you have recently set up a PPTP VPN server, macOS Sierra and iOS 10 users will not be able to connect to your server. This is due to the fact that macOS Sierra and iOS 10 systems have removed PPTP connections from VPN profiles once their device is upgraded. Although PPTP protocol is available on OS X El Captain and earlier or iOS 9 and earlier, it isn’t recommended for use as a private, secure method of communication. Reasons for the Transition It has been recently discovered that this form of VPN communication has a number of vulnerabilities. Due to these circumstances, Apple has gone forward by encouraging customers to move on to safe, secure VPN protocols and quit utilizing PPTP for VPN connections. As this decision was made in part by the release of iOS 10 and macOS Sierra, Apple decided to remove PPTP support completely in order to warn customers of the security holes found in the built-in VPN client. By recommending the usage of other VPN clients, Apple customers can continue to receive reliable service from secure communication protocols. If one happens to need access to PPTP VPNs, it is possible to utilize a third-party client with macOS Sierra. If one happens to use OS X El Capitan, popular third-party VPN clients (that support PPTP) are VPN Tracker and Shimo. Other Alternative VPN Networks If one is at a loss in terms of what VPN protocol they should utilize, more secure protocols have been: Cisco IPSec IKEv2/IPSec L2TP/IPSec SSL VPN clients that can be found on the App Stores. Such clients that can be found are SonicWall, Pulse Secure, Palo Alto Networks, Open VPN, NetMotion, MobileIron, F5 Networks, Cisco, Check Point, Aruba, and AirWatch. If you happen to have difficulties figuring out what VPN is best for you in {city}, feel free to contact {company} via phone at {phone} or email at {email} today.

There are only so many hours in a day, and figuring out how to get the most out of each one is a trick we all wish we could master. Or perhaps more importantly, it’s a trick you wish your employees could master. Getting them on the right track is easier than you might expect. As with any skill, the key is to start small. Here are 7 simple things you can do starting right now that can help to boost productivity for your entire team: Utilize Keyboard Shortcuts ­- A keyboard shortcut is simply a sequence or combination of keystrokes that will allow you to perform certain functions, or prompt certain commands in software. There are hundreds of keyboard shortcuts. Some are universal, others are specific to a program or operating system. Having an arsenal of shortcuts for the programs and applications you use every day can be a big time-saver. Think about how often you use something like ALT + Tab to switch between windows, and how annoying it would be to have to go back to using your mouse instead. It may only take a few seconds, but when it’s an action you repeat constantly, those few seconds start to add up. Take Advantage of Outlook Integrations – There are a ton of handy apps and programs that can integrate with your Outlook account. You’re already using your email constantly throughout the day, so making it a tool to help you complete other tasks and stay organized almost feels like common sense. For example, connecting your Outlook account to your Skype account lets you send instant messages and place calls right from your inbox. Utilize the Right Software Platform for Every Need – Whatever you’re trying to manage, create, or complete, chances are there are a dozen different programs or applications that can help you do it. Finding the software that works best for the task at hand and integrates well with the rest of your system might take a bit of research, but it’s well worth the effort. Relying on generic software just because it’s there can be a huge waste of time and energy, and make something simple take twice as long to accomplish. Allow Your MSP to Deal with Vendors on Your Behalf – When your Internet connection goes down, your team is going to have their hands full trying to work around the obvious issues this will create for your business. Asking an employee to step back from an already hectic situation to sit on the phone with your provider to get back up and running is not ideal. By leaving problems like this in the capable hands of your MSP, your staff is free to focus on managing your business while the problem is dealt with by professionals who not only will have a better grasp of what the problem is, but also know your IT infrastructure inside and out. Make your MSP your main point of contact for all things tech-related, and you can spare yourself a lot of frustration when something goes wrong. Have Backup Hardware Available – Computer troubles are never ideal, but having a spare on hand that can be put into use quickly can make a huge difference with regards to offsetting downtime. Consider investing in a backup computer for each of your departments. A system that already has all required software installed and ready to go makes it possible for your employee to get back to work in minutes, instead of losing hours or even days of productivity while the faulty PC is repaired or replaced. Use Dual Monitors – Adding an extra screen to your workstations can save a heap of time by allowing employees to multitask by referencing one screen while working on the other, or comparing documents to make finding necessary information easier. Typing up a report will go much faster when the spreadsheet it’s based off is open and sitting right next to your Word document, offering up data at a glance. Eliminate Social Media Distractions – The urge to check Facebook or Twitter periodically throughout the day can be tough to ignore. Consider using an app like Freedom to block social media sites and allow you to work distraction-free, or set your firewall permissions to prevent access to social media sites from within your office altogether. If you want your workplace to be a work-only environment, there are tools available to make that possible. Want to learn more about the ways {company} can help your business maximize productivity? Contact us at {email} or {phone}. We’re the productivity experts local businesses trust.

On October 21, we learned that the distributed denial-of-service attack has become a vastly greater threat than ever before. By attacking domain name service provider Dyn, a botnet was able to make multiple websites largely unreachable, including Netflix, GitHub, Twitter, the New York Times, and many others. Overloading Dyn with spurious domain name lookups kept it from responding to legitimate requests. DDoS attacks have been around for a long time. The attacker gets control of a large number of machines and coordinates them to flood the target with data packets. 2016 saw attacks of unprecedented scope. The reason is the Internet of Things. Smart devices perform simple tasks with the aid of an Internet connection. The owner can control them or get information from them remotely. Most of them have very poor security. They have default user names and passwords which are difficult to change. Some have their own Wi-Fi access points, without adequate security. Criminals use software such as the infamous “Mirai” to take control of these devices by the thousands and build botnets from them. Traditional computer security measures provide little protection against these attacks. New approaches, designed to meet an attack of a million pinpricks, are necessary. Monitoring traffic for changes from the normal pattern is the first line of defense. The more quickly you can detect an attack, the more quickly you can stop it. Specialized software can dynamically analyze traffic patterns and distinguish bogus from legitimate data packets, giving a quicker indication that an attack is under way. Standard firewalls give very limited protection against DDoS attacks. A Web application firewall (WAF) provides more help by using application-specific rules to block malicious and malformed requests, but it won’t stand up against a heavy attack. A cloud-based mitigation service is the strongest defense against serious DDoS attacks. The people running the service are specialists, and they constantly update their service as new forms of attack appear. These services have large amounts of reserve processing power and can put multiple machines on a single IP address. This extra capacity lets a site absorb a much larger amount of traffic without exceeding its capacity. Website owners can never stand still. New threats develop and require new defenses. Contact us at {email} to learn more about our services, or call {company} in {city} at {phone}.

Significant vulnerability may be affecting as many as 700 million Android smartphones and devices RIGHT NOW. The world around us is getting more dangerous all the time, particularly as businesses leap head first into the new digital world in which we now live. Case in point: a pre-installed backdoor exploit that is currently on as many as 700 million Android phones around the world is in all likelihood sending incomprehensible amounts of personal data to China. If you happen to be an Android smartphone owner and are concerned about the safety of your business, this is one story you’re definitely going to want to pay attention to. What Happened? Security researchers at Kryptowire recently discovered a backdoor exploit hidden in the firmware of many “budget” or “entry-level” Android smartphones sold in the United States. The backdoor firmware, developed by Shanghai AdUps Technology, has the ability to secretly send a massive amount of personal information to China in 72 hour increments. The types of data that could be sent without the user’s knowledge include SMS text messages, contact lists, location history, personalized app data and a whole lot more. What This Means First, the bad news: even though security researchers have discovered this backdoor exploit, it is baked into the firmware in such a way that users cannot remove it. It is up to the software development companies themselves to release patches that address the issue head-on. Though the total number of affected phones is massive, knowing whether or not you personally have been a victim is also difficult to determine. A spokesperson for ZTE USA, for example, provided a statement that no devices from the company sold in the United States have ever had the affected software (AdUps) installed on them. BLU Products, another major player in the Android world, IS affected. The company recently confirmed that as many as 120,000 of its smartphones have the affected software installed. This seems to be one argument that is decidedly FOR the “walled garden” architecture of Android competitor Apple. Whereas manufacturers can make adjustments to the software installed on an Android phone (similar to the way computer manufacturers do with Windows), Apple is the sole developer and publisher of the iOS mobile operating system. We take our responsibility as your leading provider of technology news, tips, tricks and best practices very seriously. If you’re in {city} and you’d like to find out more about this or any other IT topic, please don’t hesitate to contact us today at {email} or by phone at {phone}.

A discussion of the seven core strategies that insurance companies can use to modernize their IT efforts. When it comes to information technology, the legacy systems of yesterday are very rarely capable of handling the unique challenges of today – to say nothing of the difficulties posed by the possibilities of tomorrow. This is especially true for insurance companies, where core system transformation is expected to remain a top priority across the board for the next several years. Modernizing insurance company information is time consuming, costly and risky – but it is not impossible. For insurance companies to truly build and implement the solutions they need, they must keep a few important strategies in mind. Build With a Purpose in Mind Perhaps the number one way to modernize insurance company information technology is to build not necessarily with the challenges of today in mind, but with the end results needed for tomorrow. Insurance companies need to have systems in place that don’t just keep things like investment budget or time to market in mind, but also with future plans, strategic priorities and more. It’s a balance to be sure, but it’s an important balance to strike. It’s About the Entire Organization If insurance companies really want to modernize their information technology, they need to have the backing of the entire company – not just the IT department. Not only all departments, but also vendors, need to provide their input to build a system that EVERYONE sees value in and that will benefit EVERYONE moving forward. If IT decisions are made in an IT silo, it will be much harder to get everyone on board. Focus on Change Management In the insurance company, needs change on a regular basis. Customer preferences are fluid, regulatory norms one day are gone the next. To truly modernize insurance company IT, change management must become a priority. Business sponsors, program management officials, experts, vendors and more should all be able to regularly monitor deployment until the end of the program for the absolute best results moving forward. Picking the Right Partners is Critical As stated, modernizing insurance company IT is something that CANNOT be done with only the IT department. Partners are needed, but those partners must be vetted very carefully to help make sure they have the relevant experience in a project of this scope and magnitude. Partners must be able to handle the heavy level of customization that is going to be needed, must have credibility, must be able to help support changes that themselves support key business requirements and more. Understand That Risk Never Goes Away When it comes to executing an insurance company IT infrastructure update, one of the most important keys to success involves the understanding that risk is always a present. When it comes to something as fickle as IT, things going wrong is not a question of “if” but “when.” Project leaders need to have risk assessment plans so that they not only know what they’re up against, but so that mitigation plans can be developed in the most effective way possible. Pay Close Attention to Data Migration When it comes to modernizing insurance company information technology, there are two key factors to concern yourself with. The first is the new system requirements, processes and other infrastructure changes that will be required. The second (and equally important) is the critical data that will need to be converted and migrated from the old system to the new without issue. Insurance companies will need to build an approach for how to handle active policies, claims, transactions, data quality and more before, during and after this process. Service Oriented Architecture Modern insurance company IT demands a certain level of flexibility and versatility that can only be provided by SOA support, or Service Oriented Architecture. When it comes time to integrating between peripherals and external systems, having a separate team on-hand to oversee this very important (and time consuming) process is always advised. This is a team that won’t have to split their attention in countless directions and can instead focus on the important task at hand. At {company}, we’re dedicated to helping make sure that all of our clients in {city} and the surrounding areas have access to every last technology tip, trick and news item they need to run the types of businesses they’ve always dreamed of. To find out more information about this or any other IT topic, contact us at {phone} or send us an email at {email}.

Cybercrime is on the rise, and its perpetrators are growing bolder and more savvy. The rate of incidents such as ransomware infections and data breaches continues to climb, with devastating consequences. The resulting downtime and loss of profits can seriously hurt your business, and the damage to your reputation can be difficult to overcome. When sensitive data is compromised by a cyber attack, your business could face fines or even lawsuits. These threats are not something you can afford to take lightly. The more you know about the risks of cybercrime, the better protected your business will be. Having the right IT security precautions in place is crucial. Hammett Technologies President Charles Hammett will be hosting a FREE networking event to discuss these concerns with local business owners, and offer valuable information to help your business stay a step ahead of cyber threats. Join us on Wednesday, November 16th at 7:30AM at the Sparrows Point Country Club – 919 Wise Ave., Baltimore. If you’d like to take advantage of this amazing opportunity, register here by Sunday, November 13th. You can get in touch with us at {email} or {phone} with any questions you have about this event. We hope to see you there!

With the huge proliferation of cyber threats out there, cyber safety and security are at the top of anyone’s list who regularly use PCs or are part of (or who run) a computer network. The PricewaterhouseCoopers 2016 Global State of Information Security Survey revealed a 38 percent increase in the number of security incidents in 2015 over the previous year. That figure will likely climb for next year’s survey, which is why many companies are in a rush to implement iron-clad cybersecurity policies and technology. It’s all because of one thing – the safekeeping of data, which is the backbone of any business entity or organization. And, along with adopting better cybersecurity standards, more and more companies are opting for cyber insurance as part of their cyber defense strategies. Although a relatively new phenomenon on the computer networking scene, cyber insurance can offer an additional layer of protection between unethical hackers and end-users, filling the gap where traditional business insurance may fall short. Cyber insurance, however, definitely has its perks and drawbacks, so you will want to be fully aware of what you’re getting when you opt-in. What is Cyber Insurance? It works exactly like any insurance policy would, covering the financial losses that would occur due to a cyberattack, breach, or cyber-related data theft. The worth of cyber insurance policies generally run well into the millions, in order to be able to cover insureds from the often costly fines stemming from compliance violations. There is as of yet no policy exceeding $100 million, but it is possible to structure “towers” of coverage with multiple cyber insurance policies for added indemnification strength for business organizations with overall worth in the hundreds of millions or even billions. Who Needs Cyber Insurance? A good way to determine if your organization needs cyber insurance is to evaluate your ongoing cyberattack risk level, and ask yourself these questions: What type of information does my organization hold? What are the potential consequences if this information is stolen and/or exposed? What are our current cybersecurity policies? Does our current business insurance policy cover any type of cybersecurity related risk? The answers to those key questions will help you get closer to what kind of cyber insurance policy you’ll need, if any. Some other helpful resources are available at the National Institute of Standards and Technology (NIST) Cybersecurity Framework (resources) and the Federal Financial Institutions Examination Council Cybersecurity assessment tool. How Do I Get Cyber Insurance? Once you are ready to acquire a cyber insurance policy, you’ll want to first identify the gaps in your existing business insurance policy first, as being fully cognizant of what your traditional policy covers is the first step to understanding what type of additional coverage is needed. Coverage can be widely divergent in exactly what is provided for in the case of a cyber breach, e.g. business disruption and downtime, extraneous expenses, event response costs, litigation defense fees and/or settlement costs in the case of a compliance violation fine, and appertaining lawsuit. Having a checklist prior to approaching an insurance broker will help you be prepared for an interview, wherein you can comprehensively convey all aspects of your business model, operations requirements, and also be able to formulate the right questions to them on the types of policies on offer. Shop Around and Be Prepared Don’t just go for the first cyber insurance carrier out of the gate, and be sure as well that you understand all of a given policy’s set guidelines that govern things like when the policy is triggered, what exactly it covers, and any major exclusions in the policy. This will help to eliminate any confusion in the event of a cyberattack or breach. Remember also that cyber insurance should never serve as the single line of cyber defense, as it’s designed to work as part of a greater overall cybersecurity plan. Here’s another great resource (especially for those entities operating in the financial sector) to aid you in your search for the right cyber insurance policy – The Purchaser’s Guide to Cyber Insurance Products from the Financial Services Sector Coordinating Council. Ask a Cybersecurity Pro You can also speak to an IT specialist at {company}, which is a proven leader in providing IT consulting and cybersecurity in {city}, about how to find the right cyber insurance policy. Contact an IT expert at {phone} or send us an email at {email} today, and we can help you with all your questions or needs.

It happened on March 19 of this year – campaign chairman for Hillary Clinton John Podesta unwittingly clicked on a link in an email he thought was from Google corporate. It wasn’t from Google, but rather from a group of phishing hackers the US government has since linked to Russia. Podesta wasn’t aware the link was malicious at the time he clicked on it, but doing that gave the hackers access to his entire email account. Fast-forward to October 9, when WikiLeaks began publishing thousands of Podesta’s emails, the motive seen by many as the desire to influence the US Presidential election by exposing Clinton camp improprieties. Now there is evidence that it may have been the same hacker group that targeted the Democratic National Committee. Both hacking incidents were done using the same malicious short URLs that are routinely hidden in fake Gmail messages by black hat hackers. Those URLs were created with a Bit.ly account linked to a domain controlled by a hacker named Fancy Bear, one of the identified Russian hackers. Data also shows a “clear thread” between allegedly separate and independent leaks that have shown up on a site called DC Leaks which included some of both Colin Powell’s and John Podesta’s emails. Fancy Bear and Political Hacks Hidden in the Bit.ly link was a longer URL that included a 30-character string that actually contained the encoded Gmail address of John Podesta. The link was clicked on twice in March, acts which opened up Hillary Clinton’s campaign manager’s email account to exploitation and revelation on a major scale. The link was just one of thousands created by Fancy Bear which were used to target nearly 4,000 persons between October 2015 and May 2016. The Fancy Bear hacker group used two Bit.ly accounts to create the malicious links, but forgot to set those accounts to private, allowing “good guy” hackers like security firm SecureWorks to track their use through command and control domains and servers. Fancy Bear used 213 shortened links targeting fully 108 email addresses on the HillaryClinton.com domain, as reported by SecureWorks and in BuzzFeed earlier in October. Using Bit.ly “allowed third parties to see their entire campaign, including all their targets— something you’d want to keep secret,” said Tom Finney, a researcher at SecureWorks. According to Thomas Rid, professor at King’s College, it was “one of Fancy Bear’s gravest mistakes,” explaining that it gave researchers unparalleled visibility into the hacker group’s activities, which resulted in investigators being able to link different, supposedly disparate parts of its larger campaign together. Using the encoded strings, embedded inside the shortened links, and which targeted numerous political figureheads like Podesta, Powell, and Clinton staffer William Reinhart, effectively revealed their targets for any and all eyes to see. No Smoking Gun Although the evidence is clear and profound, it doesn’t constitute any kind of smoking gun that can unequivocally link the phishing attacks to the Russian hackers, in early October the US government publicly accused the Russian government of not only sponsoring but directing the attacks. And as Motherboard put it in their piece entitled, “How Hackers Broke into John Podesta and Colin Powell’s Gmail Accounts,” “The intelligence community declined to explain how they reached their conclusion, and it’s fair to assume they have data no one else can see.” Need Cybersecurity Advice? If you need advice about cyberattack preparedness, cyber safety awareness and security, {company} is a proven leader in providing IT consulting and cybersecurity in {city}. Contact one of our IT experts at {phone} or send us an email at {email} today, and we can help you with all your questions or needs.

The use of only passwords – even well-encrypted ones – for login permission is not enough, it seems, to stem the tide serious problem of black hat hacking and unauthorized access. Across the cybersphere, it seems the more frequently a given company or individual updates their passwords that just as fast there is a “cracker” ready to decrypt them in order to gain unauthorized access. Amidst all of this is the recent statistical revelation that employees are the biggest cyber threat in the workplace. It seems that the only thing agreed-upon in the Admin vs. User game is that passwords alone are not enough to guarantee secure login and access control. They are a distinct problem, in fact, which multi-factor authentication enabling can remedy. Valid Alternatives With passwords presenting such a problem globally, the search for valid and viable alternatives is fast becoming essential for any venture. PIN (Personal Identification Numbers) work out to be simply numerical and shorter forms of passwords, though in certain cases PINs can provide greater levels of security, due to being tied to a specific device. Multi-Factor Authentication (AKA MFA, or Two-Factor Authentication, Two-Step Authentication, or TFA), then, presents itself as the best and most valid alternative to passwords in the battle for ultimate security in login access. Why? Because MFA provides a step-by-step, real-time process of validating a user’s identity, the steps for which must happen in a given order if entry is granted. MFA has three essential tiers of authentication, which include: Knowledge, in the form of something only the valid user knows, such as a PIN. Possession, defined by a thing which only that user possesses such as smartcards, hardware/software tokens, soft tokens, or a registered phone number. Inherence, in the form of something only the valid user is, verified through biometric information. The Case for Multi-Factor Authentication Multi-Factor Authentication makes the most sense for any business venture or organization that is required to take electronic communication security seriously. Because MFA is tied to users’ identity in a strict way, it largely obviates the most popular form of cyberattacks and threats – leveraging stolen passwords. As a result, MFA provides the highest measure of security assurance for organizations of all types. And, because MFA can also pinpoint and track user identity in such an exacting manner, enterprises can better track on a use-by-use basis exactly who is accessing their databases, along with when, where, and how. For a long time, SMBs and even corporate structures overlooked the importance of having MFA as part of their IT security, because it was seen as too costly. Now, with the rise of ransomware hacks and other costly cyberthreats, MFA in 2016 is altering the security paradigm through being both easier to implement and use, as well as more affordable. Many platforms, such as Microsoft, Amazon and Google, now allow you to set up multi-factor authentication for your online accounts. The first factor of which is the traditional user name and password (or PIN), while the second is either a phone call that you answer to obtain a verification code, or a phone app notification in which you enter your pre-determined PIN code. Microsoft recently released a new version of their Microsoft Authenticator app for Android and iOS that lets you perform MFA for both your Azure business account and your Microsoft accounts – both personal and business. Heads in the Cloud Any technology solution needs to balance sharp-eyed security against the user adoptability quotient. Cloud applications, for one, weren’t designed to work in tandem with legacy MFA capabilities.  Those legacy solutions were strictly built for on-premises resources, long before “cloud” or “mobile” meant anything in the world of IT.  Recently-generated MFA methods, however, can make strong authentication an easy, convenient, and secure option for virtual and cloud-accessing networks. Have Questions About Implementing MFA for Your Network? If you have questions or concerns about multi-factor authentication, {company} is the leader in providing cybersecurity and IT consulting in {city}. Contact one of our expert IT staff at {phone} or send us an email at {email}, and we will be happy to help you attain better security verification methods for your business network.