We can’t escape it in our current-day, online, Web-connected culture: Every day it seems there is another news story about a business organization that’s been hit with yet another data breach, and which has cost that organization sometimes many hundreds of thousands of dollars. If you’re a healthcare facility or organization, then it could be HIPAA fines on top of what the data breach or ransomware attack costs you. The recent data breach at Athens Orthopedic, has affected nearly 200,000 patients. The CEO of the organization that underwent the breach has made a statement to their clients, however, that they cannot pay what would amount to “millions of dollars [to] pay for credit monitoring for nearly 200,000 patients and keep Athens Orthopedic as a viable business”. The reason credit monitoring plays into this situation is that financial information was hacked during the June 14 attack, and it became incumbent upon the clinic to monitor and correct the credit reports of patients whose banking and financial info might be exploited by way of a report to the three major credit reporting bureaus that the individuals’ financial info was stolen. It’s unknown at this time whether, under PCI compliance laws the health care organization could be given Payment Card Industry fines as well. Implications of Healthcare Data Breach Anyone who truly understands IT security and data networking knows that that is somewhat of a naïve statement to have made, and also sadly indicative of the fact that Athens Orthopedic could have – nay, should have had proper managed IT services in place, and obviously didn’t. It would have saved yet another healthcare facility yet more embarrassment, bad public relations, lost revenue, and potentially huge HIPAA fines. All of that on top of having to fix the problem then finally resorting to getting IT support that includes monthly IT infrastructure maintenance that would have prevented the disaster in the first place! Get Reliable IT Monitoring Doesn’t it make better sense to have reliable IT services in place before disaster strikes? Any IT professional will advise you of this – that in today’s day and age of ransomware, malware, spyware, email phishing scams, and hackers cyberattacking vulnerable data networks opportunistically you have to make sure those hackers have no chance to infiltrate your data center, right from the get-go. Especially if you’re a business charged with the responsibility of keeping Protected Health Information (PHI) safe and secure with the threat of HIPAA fines staring you down if you don’t! Do you have questions or concerns about expensive data breaches and getting IT support that covers all the bases to prevent them? {company} is the leader in providing managed IT services in {city}. Contact our expert IT staff at {phone} or send us an email at {email}, and we will be happy to answer your questions.
Have you heard about the Internet of Drones yet? It’s an idea whose time has truly come. You probably saw it coming with all the proliferation and controversy about drones in recent years. Pundits have compared the spike in drone popularity and filling the airways to that of air traffic post World War One. Noting the similar safety concerns of having so many machines roaming around up there, similar regulations and flight monitoring devices are being implemented for remote-controlled drones. One of the major precipitating factors for this move is the increasing place of importance drones have occupied in our culture, such as acting as cameras for numerous TV and film productions, as well as in military and security. A Framework for Drone Safety Robert J. Hall of AT&T Labs coined the term “Internet of Drones,” as part of a paper called An Internet of Drones, published in May 2016 in IEEE Internet Computing. In the paper, Hall talks of “airspace awareness,” “non-line-of-site control,” Collision Avoidance and the principle of Augmentative Control, which assigns things such as no-fly zones, and green zones, or “geofences”. The article also outlaid a prototype system called the Geocast Air Operations Framework (GAOF), that provides for “novel network and software architectures” to ensure drone safety. All of these were major points of Hall’s article, and influenced the FAA to make security and safety precautions that would keep both the drones and bystanders safe from possible collisions. The move paves the way for the Internet of Drones to truly take flight. Other Concerns and Hazards The military refers to drones as Unmanned Aerial Vehicles (UAV), Unmanned Aircraft Systems (UAS), or Remotely Piloted Aerial Systems (RPAS). In addition to the military application and safety issues, drones have presented another danger due to some users using them maliciously, such as for: Conveying explosive payloads Chemical, radiological, or biological hazards Hacked drones Criminal and terrorist use Networking Drones The different modes of drone travel posed by recreational, commercial, and military use presents another slant in the Internet of Drones story. As far as a wireless network for drones goes on this concern, the answer appears to be in geographic addressing, or GA, which assigns individual drone IP addresses. Additionally, a geographic address is assigned to individual drones, which can operate on a two-tiered communication system. Drones within one region or assignment area can query one another to gain information on position, speed, height, vector, etc. This will help keep drones safe, when they are in each other’s vicinity, when used for whichever application. It will also help in terms of keeping the public safe from drones. The same concept applies for subnets using stationary IP addresses, only the mobile element presents a wild card that will certainly be cause for much tweaking of the Internet of Drones. Questions and Concerns The public is right to have many questions and concerns regarding this “add-on” to the Internet of Things. If you have concerns about drones on your own network, or the general operation of them, don’t hesitate to inquire. {company} is the leader in providing managed IT services and consulting in {city}. Contact one of us today at {phone} or send us an email at {email}, and we will be happy to answer all your questions.
You may have seen or heard about the reports coming out of Microsoft HQ that the newest as well as future processors by Intel, Qualcomm, and AMD will not support older versions of Windows – namely versions 7 and 8. What does this mean for businesses? Probably an expensive rollout and upgrade if you haven’t taken advantage of the free Windows 10 upgrade within the past year. Basically, if you want to run Windows on the popular computers that run Intel Skylake, Qualcomm or AMD Zen processors you will be required to have Windows 10 as your OS; so says Microsoft. Upcoming iterations of Intel, Qualcomm, and AMD chips such as Kaby Lake silicon, 8996 silicon, and Bristol Ridge silicon, respectively, will not support Windows 7 or 8. Does this seem like an unnecessarily aggressive move by Gates, et al. in Redmond? It might, but getting a seasoned IT support team in there to help you with the upgrades and rollout will make any transition go as smoothly as possible, and you won’t have to worry about incompatible OSes on your desktops and mobiles. Warnings of Future Tense Installing Windows 7 or 8 on computers running Kaby Lake, AMD Zen, or Qualcomm 8996 should result in the driver and security updates being “a bit glitchy,” according to PC World. An Aug. 31 article in Forbes warns users, “If you’re running Windows 7 or Windows 8/8.1, you should not buy a new PC with Intel’s 7th Generation Core Kaby Lake processors — or any processor generations that follow. Hat tip to PC World, which pointed this out on Tuesday.” Counter-Point 4-Traders counteracted the aggressive “upgrade or else” hype, though, in a story Sep. 3 saying that Windows 7 and 8 will indeed be supported by Intel Core Kaby Lake processors. Processor analyst Dean McCarron of Mercury Research says the outcome will be just fine when running the older versions of Windows on those new-fangled processors that Microsoft has so loudly warned us about. And, his credibility seems pretty airtight on the matter. Planning, Validation, and Upgrade Some are calling this Microsoft push for Windows 10 aggressive; others say it’s just the efforts of a popular software giant to get its customers on the same, compatible page. Still others are saying you will be just fine when running Windows 7 and 8 on the new-generation processors. Whatever your beliefs or opinions about the matter are, we can help you with the changeover, rollout, and upgrade through planning, validation, and network uniformity. For those of you who wish to remain with older hard drives and previous versions of Windows, there are ways to maintenance chips, as well as alternative OS types you can run – namely Linux Mint, for example. Whatever scenario you choose during the Windows 10 push, our IT team is in your corner to help you make the smoothest changeover or adaptation possible. The IT Pros Who Can Help Only an experienced IT support team is qualified to be your trusted IT services provider. Call us today for a free consultation on what we can do to help you with the Windows 7, 8, and 10 compatibility factor. {company} is the leader in providing managed IT services in {city}. Contact one of our IT pros at {phone} or send us an email at {email}, and we will be happy to answer all your questions.
The “Age of Graphene” is upon us, but are you ready? Graphene is a super-thin, super-strong substance that’s already revolutionizing the devices we use – from wearables to smartphones, sports equipment, and super-capacitors. Scientists and engineers have been studying its efficacy as a hardware component for 60 years. It has wide application, including as a rapid supercapacitor battery charger, which could replace lithium-ion batteries in smartphones and charge phones in 5 minutes. Graphene will also: Allow cars to gather and store the energy they produce while in motion Help us build better, stronger bicycles using graphene-nanoplatelets in resin Add strength to tennis racquets with graphene paint Cause light to be more “medically revealing” with graphene light sensors Be used in windows as light detection sensors Help with water, soil, and air purification Be used in hands-free systems in cars, and much more. Sensing the Future Graphene spectrometers placed in smartphones will be able to tell if a melon is ripe or whether the tires on your car are worn to the point of needing replacement. They would also be able to detect if there are harmful chemicals or additives in foods, or if a reportedly “real” product is actually fake. Having graphene spectrometers in phones could take place within the next two years, but likely only if a big tech component manufacturer gets on board with capital funding. Nevertheless, the revolutionary ideas keep rolling in, and sooner or later graphene-component devices, sensors, and objects of all kinds will be part of our world. Graphene Wearables Graphene is also slated to be part of not only wearable technology, but also the clothing we wear. Italian sportswear maker Colmar launched a full-bodied graphene swimming suit which will transfer heat from hot zones to colder ones, keeping the swimmer more comfortable and on an even temperature keel. Gloves fitted with graphene sensors will be super-responsive to temperature changes and motion, “programming” the special gloves to react accordingly. Paper wristbands with graphene print will act as tickets or other kind of tag, like those for hospitals or special events. Airports or busy train stations could use the graphene wristbands to keep track of passengers, or as the ticket itself. Tracking People and Products An Internet of Things-connected world will utilize the graphene components in places like stores, warehouses, and factories to keep track of stock. Same for livestock. At the risk of sounding Orwellian, they will also be used to track the movements, buying habits, and traffic flow of humans for security purposes. As long as the privilege isn’t abused, it appears graphene is poised to make our world much safer, by being able to reunite lost children with frantic parents, and generally account for those who would have gone missing in action with no recourse.
How Cloud Storage Pricing is Helping Companies Prosper Many small, medium, and larger businesses have migrated their IT networks in recent years to cloud-based computing options. This is for very good reasons – businesses utilizing cloud services gain a number of benefits, not the least of which is money saving via the assurance of adequate backup, disaster recovery, and business continuity. And, cloud computing is also helping in the cost-cutting department in a number of other ways, which we will examine. Perform a Data “House Cleaning” In order to cut cloud storage costs, you will want to perform an evaluation and data storage house cleaning, which focuses on: A by-department file storage allocation analysis Discovery of what types of files are being stored – is there any misuse of storage space? What is the by-file data access need, and are you spending more for fast retrieval than it’s actually using? Access Control and Data Retention You will also want to make sure your access groups are clearly defined, organized properly, and that permissions aren’t being granted to parties who have no inherent need for it. Studies show that companies polled in a recent study showed 62% of employees have access to data and saving to cloud storage which they should not. Another good tip is to archive the data you don’t need immediate access to; consolidate multiple files if you can do it, and have a deletion policy in effect that’s standardized, i.e. discard files after 5, 7, or 10 years of disuse, for instance. Cloud Pricing You can cherry-pick the particular features and applications you want in cloud storage and computing options. Understanding your needs, based on the above recommendations, will get you that much further down the road to common sense solutions for your cloud services needs, and thus, more savings in the short and long run. Act Now and Save More Cloud computing and storage costs are currently on the rise, due to the huge increase in demand, even though they can end up saving you money. Acting right now to secure your company cloud-based storage options will save you money in the long run, for multiple reasons. Waiting until disaster strikes via cost-cutting procrastination in the short-term will spell financial and data loss disaster down the road, should it strike. Ask the IT Experts If you are interested in upgrading your office IT network to cloud-based computing options, contact an IT professional today. {company} is the leader in providing managed IT services in {city}. Contact our expert IT staff at {phone} or send us an email at {email} if you have any questions or concerns regarding cloud computing services, and we will be happy to answer any and all your questions.
Google’s one-on-one video calling app, Google Duo, launched on Monday for both Android and iOS. The app is expected to be available worldwide in the next few days. The app boasts the ability to transition from cellular data to Wi-Fi, and high speed to low speed wireless connections seamlessly, promising to allow users to continue calls from location to location without interruption. Some loss of video quality may still occur at slower connection speeds. No account sign up is required to use Google Duo, and calls can be initiated with a single tap. All calls are encrypted end to end. For Android users, a feature called “Knock Knock” provides a preview of incoming calls, even if the app isn’t open on their device. This feature also provides a preview of outgoing calls. The preview feature only works for iOS users if the app is open, and only applies to incoming calls. Unlike Skype, Google Hangouts, or even Facebook Messenger, the app has no extra functions or features, serving strictly as a video calling application. Duo is currently only available on mobile phones, with Google electing to start small. Duo is a basic, straightforward app that is easy to learn and use, with more in common with FaceTime than Skype. But whereas FaceTime only works between Apple devices, Google Duo is compatible with any mobile platform. While video calling is fairly commonplace today, its generally not most people’s preferred method of communication. One of the biggest issues is the myriad of issues that arise when devices try to communicate via a video connection. There is a tendency for calls to not work well, or just not work at all because of compatibility challenges. Google Duo is attempting to address the latter issue. How successful they’ll be, and what kind of impact that will have on video calling as a whole, remains to be seen. Have questions about video conferencing applications for business? Contact {company} at {phone} or {email} for more information about the options available to you. We’re the trusted IT professionals for businesses in {area}.
You may have heard that 68 million Dropbox users were recently told by the company that they needed to change their passwords due to a general hack of their database. The hack occurred in 2012, but it was only after years of persistent rumors by Netizens and cybersecurity mavens that Dropbox finally came clean about the hack. Dropbox completed performing a forced password reset for 68 million people just last week. Dropbox is merely the latest Web-based startup or organization that has faced having many millions of their customers affected by a single data breach. 5GB of files were obtained by Motherboard via Leakbase, a data breach notification service. The hacked cache of files includes email addresses and hashed user passwords, but, interestingly, almost half (32 million) of the passwords are secured by bcrypt, a strong hashing function, leaving the rest hashed by the hashing algorithm known as SHA-1. Dropbox Speaks Head of Trust and Security for Dropbox Patrick Heim told the world that his company had successfully completed the password reset process, and all affected users of his popular service were covered. Says Heim, “We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.” No Illegal Access? According to a Dropbox spokesperson, the company has found no evidence that any Dropbox account was illegally accessed, although Tech News journal FossBytes reports that, “The Dropbox dump also hasn’t appeared on any major dark web marketplace” which sounds suspiciously like damning with faint praise for yet another outfit that has unwittingly exposed millions to an account and data breach – as well as a breach of inherent trust. Leave it to a third party (FossBytes) to take it upon themselves to advise Dropbox users to change their passwords immediately, and also choose strong passwords that are changed “from time to time,” a.k.a. every few months. This is probably a habit everyone should get into for any website containing personal data they can’t afford to have hacked. The Argument for Better Cloud Security The Dropbox debacle underlines the need for better cloud storage security, as that’s what type of platform Dropbox is and was at the time of the hack of their database in 2012. Some may argue that cloud security has advanced significantly in the intervening four years, but – has it advanced enough? The company claims that those passwords that were reset or accounts that were created after 2012 have no chance of being affected, but how can the Web-buying and online-using public be 100% secure in that notion? Lightning doesn’t often strike twice, that’s true. But, there are demonstrable patterns of malicious behavior by hackers, combined with a Web-using public that tends to let down its guard that should bring a rallying cry from IT experts and cybersecurity specialists everywhere: “Encrypt, reset, and be ever-vigilant out there.” Consult an IT Pro About Passwords and Data Encryption {company} is the leader in providing managed IT services in {city}. Contact our expert IT staff at {phone} or send us an email at {email} if you have any questions or concerns regarding data encryption, passwords, or protecting your valued data online, and we will be happy to answer any and all your questions.
After spending a half-decade operating undetected, an APT (advanced persistent threat) known as “ProjectSauron” has been uncovered by both Symantec and Kaspersky Labs. A group called “Strider” has been using Remsec, an advanced tool that appears to have been designed for spying. According to Symantec, the malware has been active since at least October 2011. Symantec became aware of ProjectSauron when their behavioural engineer detected the virus on a customer’s systems. Kaspersky’s software detected the malware in a Windows domain controller as an executable library registered as a Windows password filter. The spyware can deploy custom modules as required, and has a network monitor. Once it has infected a system, it can open backdoors, log keystrokes, and steal files. It is heavily encrypted, allowing it to avoid detection as it takes control, moving across the network and stealing data. As many of its functions are deployed over the network, it resides only in the computer’s memory, not on disk. This, along with the fact that several components are in the form of Binary Large Objects makes it extremely difficult for antivirus software to detect. So far, evidence of a ProjectSauron infection has been detected in 36 computers by Symatec, spanning seven separate organizations in Russia, China, Sweden, and Belgium, as well as individual’s PCs in Russia. Kaspersky has found more than 30 infections across Russia, Iran, and Rawanda, and suspects that Italy may also have been targeted. Both Symantec and Kaspersky have suggested that a nation-state may be behind this APT. Kaspersky has collected 28 domains and 11 IP addresses in the US and Europe that may be connected to ProjectSauron campaigns. While it appears that the spyware has gone dark, no one can confirm whether or not Strider’s efforts have ceased. If Strider is in fact a nation-state attacker, these infections will likely continue to crop up. The fact that ProjectSauron operates by mimicking a password filter module is yet another indication that it may be time for technology users worldwide to move away from relying on passwords, favoring instead biometrics and other more sophisticated security measures. Need more information on how to best protect your data, devices and business against malware? Contact {company} at {phone} or {email} with your questions. We’re the trusted IT professionals.
There is no doubt that the internet has made doing business across the street or across the world easier. Borders and barriers don’t exist for the most part (except in certain totalitarian countries). You can reach customers around the world 24/7. Now that the internet is firmly entrenched as a major tool for business for communications, marketing, data storage and information sharing; risk is involved with usage, and criminals seem to always be a step ahead of virus and malware protection using a basic online protection source. So, let’s take a look at some of the most popular ways that small- and medium-sized businesses are hacked and how your business can protect itself from them. Popular Hacker Schemes Literally hundreds, if not thousands, of schemes exist for stealing data such as personal financial information (PFI) and personal identifying information (PII). In addition to stealing your data, a newer scam has come into play against businesses of all sizes called ransomware. Let’s get started. Phishing Scams Email phishing has been around as long as email has, but phishing expeditions have migrated from exclusively attacking individuals to include businesses too. The most common ways that this type of scam works is that you receive an enticing email with an attachment to open. These emails are sent out by the thousands from criminals that want to access your stored data so they can use any PPI and PPF you have about your customers. Generally, the email looks legitimate, has no grammatical errors, and often includes the legitimate logo of the company for which the email purports to come. Industry experts have estimated that only 0.4 percent of people receiving these fake emails fall for the criminal’s ploy. Sure, it doesn’t sound like a high risk, but it is extremely powerful for criminals who send out hundreds of thousands of these emails; with just a 0.4 percent response rate, they have entrapped data from 400 businesses. Buffer Overflow This scheme works when a black hat hacker responds to an online form. The hacker inputs more data than your business system can handle; included in the excess data is code that is complex and designed to: Steal your data; Cause harm to your system; or Provide the hacker with a backdoor into your network Ransomware Attacks First used against individual computer owners, ransomware also has become a huge income source for the black hat gangs. They gain access to your system by sending a member of your company an email that offers a free download or newsletter. People that open this kind of email also open the floodgates for cybercriminals to take control of your system. Another point of entry is from an infected website offering downloads. Once your system is breached, all your data is encrypted, and to get it back, you must pay a ransom. Prevention of Cyberattacks You can do a lot to prevent cyberattacks from succeeding. Following are some tips to help your business stay secure. When individual passwords are needed, have employees create random passwords, including upper and lower case letters, numbers and some symbols. Never use an actual word as programs can easily hack them. The longer the password, the more secure it is. Educate employees at all levels of your organization about the dangers of opening emails from strangers or downloading items from unknown sources on the internet. Invest in the best antivirus and anti-malware protection available. Patch all software as soon as a patch arrives. Update software too when updates become available. Consider using an outside managed services security provider to help keep your system safe and secure. {company} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at {phone} or send us an email at {email} for more information.
If you’re currently unfamiliar with the concept of ransomware, consider yourself lucky – it is by far one of the most dangerous threats that Internet users and businesses all over the world face today. Ransomware viruses actually encrypt either certain files on a user’s hard drive or the entire drive, completely blocking access unless the victim pays a “ransom” to their attacker. The amount of the ransom tends to increase as time goes on, giving people an incentive to pay sooner rather than later – especially if they find themselves unable to fix the issue on their own. Should you become the victim of a ransomware attack, knowing how to identify the particular strain you’ve been hit with is one of the most important parts of being able to fix this problem once and for all. Cerber One of the most common types of ransomware that Internet users face today is called Cerber, officially classified as RANSOM_CERBER.A. What makes Cerber unique is that it actually has a voice feature that reads the on-screen ransom note out loud, as opposed to other strains that make the user read it as plain text. Cerber is also unique because it doesn’t encrypt an entire hard drive, just files it believes will be particularly valuable to the victim. These include files with extensions like DOC, DOCX, PDF, MP3, MOV, MP4, JPG, JPEG and more. CryptXXX CryptXXX, officially classified as RANSOM_WALTRIX.C, is another common type of ransomware that is regularly updated to make it more difficult for experts to combat. Not only does CryptXXX encrypt a user’s hard drive, but it is unique in that it actually has the ability to lock a user out of their hard drive altogether. When the user boots their affected computer, they are greeted by a screen that prevents their operating system’s desktop from loading at all. Jigsaw Jigsaw, officially known as RANSOM_JIGSAW.I, is certainly one of the more colorful types of ransomware in existence. In addition to display a message indicating that all photos, videos, documents and other files on a hard drive have been encrypted, Jigsaw displays a graphic of the main villain from the “Saw” series of movies – also appropriately called Jigsaw. Jigsaw also has a built-in timer that counts down the seconds until the ransom is increased, instilling a sense of urgency in the owners of infected computers. Mircop Mircop, also officially classified as RANSOM_MIRCOP.A, uses a particularly unique tactic to scare its victims into paying as much money as possible for the ransom. When the ransom note is displayed on an infected computer, it also displays an image of a hooded figure in a Guy Fawkes mask – similar to the imagery used by the hacker group Anonymous. Even though there is no confirmation that Mircop is affiliated with that group, the implication is there and people tend to react accordingly. Most interestingly is the fact that in June of 2016, the Mircop strain demanded one of the biggest ransoms for any ransomware attack seen at any point up until now. The ransom note on one victim’s computer demanded 48.48 Bitcoins, which roughly translated to $32,239 at then-current exchange rates.