Information Technology News & Information

What Can We Learn From the Cyberattack on Russia’s Facebook?

European social network VK.com has been making headlines since becoming the victim of a major hack. The platform, based in St. Petersburg, is known as “Russian Facebook” since the two sites are similar in many ways. VK, previously known as Vkontakte, has 300 million registered users and about 100 million active ones. How Big Was the Attack? ThreatPost asserts that 100 million user credentials are on sale on an underground marketplace called TheRealDeal. That accounts for 33 percent of the site’s total userbase and its entire active userbase — it’s an enormous attack. It is unclear how long this data was collected or by what means, but the login credentials in question are likely those that were in use between the years 2011 and 2013. According to VK.com, the data is too old to be of value since the credentials likely have been changed. It is unclear, however, how users who did not change their passwords or login credentials during that time period are affected. High-Profile Breaches Are Becoming Common Having access to 100 million VK.com users is one thing, but cybercriminals have been busy in 2016: Myspace, Tumblr and LinkedIn have all been the victims of major hacks, leading to a leak of information of as many as 500 million combined users. What Does This Mean for the Rest of the Internet? That VK.com was hacked shows the importance of cybersecurity even when dealing with large, trustworthy platforms. VK claims it has used, “secure encrypted storage,” “password hashes” and two-factor authentication since 2012. Security factors such as two-factor authentication need to be activated by the user to be useful, however. One of the main things that internet users should take away from this high-profile hack is that extra authentication steps are worth the time and energy they require. Additionally, using the same login and password credentials across multiple sites is a dangerous gambit. Despite this, more than half of internet users still copy their passwords between different sites and platforms. Not every site can guarantee their users’ security completely, and cyberattacks can compromise even the best-protected information, making it critical that users have systems in place for protecting their own security should the need arise. For IT companies and other businesses in the tech sector, this emphasizes the importance of secure data handling and encryption. Even if the end user is not concerned about the security of their data at first, they will be after they’re victimized by an attack of this sort. Businesses in this sector will have to implement stricter security protocols to protect themselves and their users. {company} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at {phone} or send us an email at {email} for more information.

Information Technology News & Information

When Will the Password Become Obsolete and What Will Follow it?

As internet technology broadens in scope and offers increasing convenience, web users become increasingly reluctant to use traditional login and password credentials to sign up for new services. While the password, when used correctly, is a very reliable method of ensuring account security, it gets less effective as the user in question is tasked with remembering more and more combinations in order to gain access to different services. Many users simply skip this problem by using the same login and password across multiple sites and accounts. This is a dangerous bet, however, since having one account compromised immediately means that the user’s entire online identity is at risk. New advances in cybersecurity seek to bypass this issue by introducing new methods of verifying user credentials without relying on complicated passwords. Shared Authentication Offers Ultimate Convenience If you’ve tried signing on to a new service recently, chances are you’ve seen the option to use your Facebook or Google credentials to do so, effectively bypassing the need to fill out a form and create a new password set. This is by far the most convenient method for user authentication on the market at the moment, and it will continue to be relevant for years to come. What shared authentication offers in convenience, it lacks in absolute security, since anyone who compromises your Facebook account, for instance, will easily gain access to any other accounts you authenticated using Facebook. Multifactor Authentication Increases Security Another new technology that is helping ease the password’s retirement is multifactor authentication. By requiring several different types of information that only the user would know, it is possible to reliable verify that user’s identity without having to resort to password memorization. This technology is not foolproof, since any attacker who learns the secret information connected to a user’s account can then access that account. Mobile Biometric Authentification Moves Forward With Apple unveiling Touch ID technology with its fifth-generation line of iPhones and iPads, a new form of user identification and verification was made available. Research has found that users find biometric identification much more secure than traditional passwords, and furthermore, that more than 50 percent of consumers are willing to choose any authentication method other than the login/password combination when signing up for new services. This means that we will see a continued push towards mobile biometric authentication in the future. Web services such as PayPal already take full advantage of biometric Touch ID technology in their iOS applications. It is only a matter of time before this technology makes its way to traditional banking systems, corporate ID credentials and more. A longtime staple of science fiction, biometric authentication allows the secure transmission of information to and from an individual without requiring them to remember to input anything; their fingerprint is typically enough to securely identify them. This offers a level of security that passwords simply cannot match. What the Future Holds for Identity Security While the login/password credentialing system has its merits and will surely be an option for years to come, it is gradually becoming obsolete. New technology is guaranteed to overtake this system, and will most likely consist of a combination between biometric and shared authentication methods. Additional multifactor authentication may be involved, or be used in cases of possible identity theft, in order to produce multiple layers of security that are both secure against attack and convenient for the user to access.

Information Technology News & Information

Hammett Technologies is Honored to Discuss Cybersecurity at the American Subcontractor Association

{company} is excited to present for the American Subcontractor Association. Titled  “10 Critical IT Security Protections Every Business Must Have in Place NOW To Avoid Cyber Attacks, Data Breach Lawsuits, Bank Fraud, and Compliance Penalties.” Our team works hard around-the-clock to ensure our clients are protected against the wide range of threats facing modern businesses. With this presentation, we discuss the strategies and solutions needed to effectively combat the adverse effects of cyber attacks and data breaches. When:  Thursday, June 30, 2016. Where: The Seasoned Mariner, 601 Wise Avenue, Dundalk, MD. The American Subcontractor Association is non-profit trade association focused on advocacy, leadership, networking and education for construction subcontractors and suppliers. They are recognized as the united voice dedicated to improving the business environment in the construction industry. The ASA identifies their ideal beliefs as ethical and equitable business practices, quality construction, a safe and healthy work environment, integrity and membership diversity. {company} is proud to have been asked to take part in this event, and we hope you’ll join us to learn the most effective ways to protect your operations and avoid crippling attacks. Sign up for this critical event HERE. You can also find more information by following THIS link. To learn more about our presentation and how {company} will help to keep your business safe from cyber attacks and other online threats, reach out to our team of IT experts at {email} or {phone}.

Information Technology News & Information

Windows Holographic: The Answer to Microsoft and the Entry Into the SMB Market

Perception is reality, and the new generation of VR is finally ready to change the commercial perception of what our lives can be. Windows Holographic brings a developer with legitimate commercial reach into the holographic space, and the result will likely be a boon of new opportunities for the SMB market. Redefining the Mix of Man and Machine Windows Holographic has the ability to make our avatars more than representations of us in the digital world. As the technology matures, the computers we use will be able to eventually use the holographic avatars we create to communicate more directly with them. Imagine being able to code by meeting face to face with a holographic representation of Javascript. A Completely Virtual Life One of the scarier yet still incredibly forward-thinking leaps being considered is a completely virtual life — people would no longer have to physically get up to go anywhere. Holographs could take a person anywhere he or she wanted to go through the virtual world, render clothes, even makeup. People could freeze themselves at a certain age and even change physical features that would normally require expensive and risky plastic surgery. The First Step Science fiction futures aside, the first step into the world of holography has the ability to more or less create a virtual skin over the real world. We see this now in many virtual reality games that use real-world obstacles, but skin them according to the game world to represent something completely different. This technology, once relegated to large laser tag compounds with VR, is coming home in much the same way that the XBox and PlayStation online play clubs killed the arcade by bringing the arcade into the living room of every gamer. Location-based awareness is already widely available, along with the ability of the computer to read changes in the real world such as temperature and implement them in VR games. We still have to use mice and keyboards to get computers to do what we want, at least for the present. However, the future of holographic technology is bright, and the next generation of add-ons is already coming in from first- and third-party developers. {company} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at {phone} or send us an email at {email} for more information.

Information Technology News & Information

The Key Vulnerability Hackers Use to Steal Facebook Accounts and More  

Despite all of the attention that large companies, such as Facebook, give to cybersecurity, both through advanced technology and simple things like reminding you to change your password regularly, a major and little-known security vulnerability remains wide open. To complicate matters further, this security vulnerability applies not only to Facebook, but to any site or web service that uses SMS-based authentication systems. It is a vulnerability in a set of telephony signaling protocols commonly called the SS7 network. What is SS7? Signalling System 7 is a communications system developed in 1975 that provides global telecommunications network services—it is the worldwide path through which landline phones transmit voice calls and through which mobile phones transmit data. The SS7 network was never designed with security in mind; it trusts messages sent over it regardless of where they come from, making it easy for hackers and cyber criminals to exploit. The process requires only some information about the victim’s device, such as its phone number and a few other technical details. From that point, fooling the SS7 service into diverting calls, data, or even encrypted WhatsApp and Telegram messages to the hacker’s device. End-to-end encryption doesn’t offer much in the way of security in this situation since hackers can effectively fool the network into confirming their devices are legitimate. Why is SS7 so Vulnerable? It is evident that SS7’s designers did not imagine a need to encrypt data or even have a firewall in place. The telecommunications environment of 1975 simply did not call for such elaborate security measures. Now that the network is the primary global system for transmitting this type of data, however, an important question arises: Whose responsibility is it to upgrade its security? A deceptively simple answer would be the government. However, the United States lacks the tools and the jurisdiction to do this, especially since the Telecommunications Act of 1996 effectively deregulated the domestic market. SS7 is a global network—is America going to fix every telecommunications security flaw in every country in the world? The next possible answer would be the telecommunications giants: Verizon, Vodafone, Sprint, Telefonica, etc. These companies would seem to share the responsibility, but the size of the network creates complex problems when it comes to regulating the manner in which these upgrades take place. Apart from simple issues, such as who pays for the improvements and how they can be structured so as to be compatible with one another, there is the major issue of incentive. None of the telecommunications companies have a clear incentive to secure the SS7 network. Even if one company completely secures the elements of the network it uses, vulnerabilities in another company’s infrastructure compromise those improvements. Nevertheless, Vodafone and Telefonica are working on improving SS7 security, according to Forbes. How to Protect Your Accounts, Data, and Identity Since the vulnerabilities present in the SS7 network are so wide-ranging, two-factor authentication is an absolute must-have. Any site featuring a two-factor authentication method that does not rely on SMS can be considered safe from SS7 vulnerabilities. Additionally, not sharing personal phone numbers on public resources can help keep that vital piece of information out of hackers’ hands. {company} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at {phone} or send us an email at {email} for more information.

Information Technology News & Information

Why You Should Outsource Your Vendor Management

Many people ask us about the IT outsourcing industry; we all know that it is undergoing a fundamental change. As more and more IT service companies are looking to their industry partners for direction, it is important to note that business users are bypassing IT to procure their own technology services and products. While vendor management is nothing new in our industry, outsourcing it is a fairly new concept. Today, vendor management is being asked to do more than ever before, including oversee new IT services, deal with troublesome supplies and meet ever-increasing performance goals—all of this with little or no increase in funding. Overseeing a number of providers can present a significant challenge, especially when it comes to cybersecurity risks and compliance requirements. Because of all this, many companies are looking to outsource. Vendor Management We all understand the importance of overseeing our vendor ecosystem, but today we’re paying it a bit more attention as we realize the critical governance oversight it provides us. Our systems are uniquely positioned to act as a bridge that connects all of our stakeholders. We have traditionally managed our vendors ourselves, as we feel this gives us better control over our vendors—allowing us to keep a hand in what is going on. However, more established enterprises are seeing the benefits of third-party management, bringing these specialists in to manage the day-to-day oversight of their vendors. Vendor management specialists can help manage transactional activity, collect operational data and even come up with suggestions for improvement. By outsourcing management of our vendors, we can reduce our costs, improve service delivery, and place our focus on internal resources to help us develop richer relationships and higher strategic value. Benefits of Outsourcing Bringing in a third-party is a viable and practical option for businesses. A successful partnership can help businesses elevate their vendor governance performance. Companies can expect both subjective and objective benefits. The third party can help with transitioning, too. They will help provide vendor governance experience, vendor management techniques, lead practices that can be deployed, and even offer specific suggestions on how best to work with specific vendors. By outsourcing, companies may find that they can increase their number of vendors or even spend comparatively fewer dollars per vendor. There may be an increase in the number of vendor performance metrics that align with desired business outcomes, due to the fact the third-party offers an increased level of managed services. Often businesses see increased stakeholder satisfaction, which is often good for the bottom line. Cost Savings Perhaps the most important benefit of outsourcing is the savings. With an outsourced service, vendor management activities are generally delivered by offshore resources, and staffing requirements, as they relate to vendors, are limited to relationship management; this can help decrease staffing costs. Over five years, this could save a business as much as 30 percent. Driving Efficiencies Outsourcing vendor management to a third party will also help standardize processes; and consistency helps enable the transparency essential to effective governance. This helps to alleviate flawed data, and costly mistakes. {company} is the most trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at {phone} or send us an email at {email} for more information.

Information Technology News & Information

New Macbook Pro Details Leaked: Siri, Touchscreen, and Revamped Charging Cable In Play

If you are in the market for a new MacBook Pro and you’ve been paying attention to recent rumors of a fall release, you might be wondering what the latest chatter from the WWDC means for the much anticipated late 2016 release date. After Mac stuck to its guns regarding a hardware-free WWDC this past June, the latest industry rumors indicate that the tech giant might be planning a staggered release of different Macs over the latter half of 2016. As it stands in mid-June 2016, no dates have yet been confirmed. What we do know is that Apple is planning a redesign of its pro-level laptops, and rumors indicate certain features will be in play with these latest models. The biggest change appears to introduce a smartphone-reminiscent touch screen as a part of the keyboard, just above the row of number keys by the hinge. Other companies have attempted a hybrid keyboard/touch screen combination in the past, but Apple actually has the software and hardware integration to make it a valuable addition to the normal functionality of a standard keyboard. Industry experts speculate that this touchscreen feature could be presented as a one-touch, truncated shortcut bar that could be customized to adjust for font and formatting, as well as integration with specific apps and software. Siri is also expected to make an introduction on Macs in 2016, and it is reasonable to assume that this touchscreen capability will provide a convenient location for a Siri animation display. The latest leaks involving potential casing design for the new MacBook pro suggest that it will include four USB-C ports and eliminate the use of the long-standing standard magnetic MagSafe charging system. Since many users expect to keep their laptops for about four years, this change could be a welcome modification for future adaptability. For virtual reality devotees, Fudzilla reported that Apple may include AMD Polaris graphics chips in the new 2016 MacBook Pro line. While the Pro models typically come with separate graphics chips, it has been tentatively confirmed that they will get updated performance—a feature that will please power users and developers that demand high-performance graphics capabilities in their devices. While the addition of the graphics AMD Polaris chips seems relatively certain, it is less clear if the chip will ultimately be incorporated into both the 13-inch and 15-inch models—leaving a bit more speculation on the table…at least for now. Perhaps the biggest question is whether the next-generation MacBook Pro will be available for purchase this fall, or as early as summer 2016. Most reports have detailed that the release will happen in the fourth quarter of 2016, and have narrowed it down to an October 2016 release—but according to MacRumors, this information is very uncertain, and industry hopefuls are considering a mid-summer staggered-release of multiple devices to be a distinct possibility. {company} is your industry IT leader when you’re looking for the latest technology information and innovations for your business. If you’re looking for information concerning IT services that support the Mac OS platform, contact us at {phone} or send us an email at {email} for more information.

Information Technology News & Information

Small Accounting Firms Can Boost Productivity by Tapping Into Technology

Owners ‘n’ managers of small- to mid-size accounting firms often feel as though they are at a competitive disadvantage with their larger counterparts. Though you can swing the balance of power in your favor by recruiting “rainmakers” ‘n’ cutting costs to a certain degree, the best course of action is to tap into contemporary technological solutions. Modern-day technology has somewhat leveled the playing field, empowering small- to mid-size firms by providing resources that dramatically increase productivity. Use Social Media to Your Advantage Social media provides small accounting firms with the opportunity to distinguish themselves from the pack. Most large accounting firms limit their marketing budget, assuming that their namesake ‘n’ word-of-mouth referrals will provide a steady stream of clients. Small accounting firms should pounce on the opportunity to gain low-cost exposure through social media platforms. This does not mean that your accounting firm must hire a full-time social media guru. Rather, dedicate a trusted part-time employee or an intern to your social media efforts. Or, have a full-time employee spend a portion of his time managing these accounts. Social media is a ripper way to connect with new clients as well as those who are already on-board, yet a steady stream of social media posts will not suffice. Your social media content must be highly unique ‘n’ informative. Use these platforms as a means of differentiating your firm from the pack. A comprehensive social media strategy will also include content posted to attract talented employees. Post helpful content that provides unique insight ‘n’ information that solves problems. This is how you gain sway with clients as well as prospective employees. Once you establish your firm as an authority on a breadth of accounting issues, bizzo will pick up, ‘n’ your bottom line will reap the benefits. Furthermore, providing a steady stream of information that helps solve client problems will knock down any perceived barriers between clients ‘n’ your firm. A prospective client who perceives your staff as somewhat altruistic will be much more inclined to hire you for his accounting needs. Tap Into the Power of the Cloud Consider the length of your average client’s tax return. Preparing projects of such a considerable magnitude takes significant manpower, time ‘n’ money. You can ameliorate the tax return challenge by ramping up your firm’s efficiency. Tap into the power of the cloud, ‘n’ you will find that digital workflows are completely altered. Too many small- to mid-size firms still rely on Quickbooks because of the software’s popularity ‘n’ assumed efficiency. Cloud technology is now capable of reducing the amount of time ‘n’ effort invested in preparing tax returns, reviewing the yakka ‘n’ delivering it in a timely manner. You can even e-file the documents with cloud technology. The cloud gives accounting firms the ability to compile data entry ‘n’ voluminous amounts of information in a single space that is easily accessible. Cloud computing dashboards even allow for client access ‘n’ a shared interface that permits collaboration between clients ‘n’ firm employees. Portals empower both parties to upload ‘n’ download documents while keeping the lines of communication open at all times. Part of the cloud’s appeal is that it allows accountants ‘n’ their staff to access client data from remote locations, regardless of what type of mobile device is on-hand. This remote access empowers your staff to perform yakka regardless of where they are situated. The bottom line is that the cloud is mutually beneficial for your firm as well as your clients. {company} {company} Is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks ‘n’ news. Contact us at {phone} or send us an ozemail at {email} for more information.

Information Technology News & Information

Beware of Free Thumb Drives With Malware

Whatever you call them — USB, thumb or flash drives — they hold a ton of data. (For the purposes of this discussion, we will refer to them as “USB drives.”) Their storage capacity has surpassed multi-gigabytes to the lofty terabyte realm. One terabyte can store thousands of hours of music and videos, 500 hours of movies and more than 300,000 photos, as well as over a million 1-megabyte Word documents. In fact, a USB drive was Edward Snowden’s preferred device for storage when he stole thousands of highly classified NSA documents, which he gave to reporters. Snowden didn’t have to burn up a copy machine and carry off the documents a few at a time. They all fit on a plastic-encased device the size of his thumb. USB drives can also pose external threats Most people would never pick up food lying on a parking lot pavement. However, hackers desiring front-door entry to corporate networks have littered employee parking lots with malware-laced USBs. Employees have been duped into picking them up and plugging them into their workstation computers. When testing the foregoing, CompTIA researchers placed 200 unlabeled USB drives in cities throughout the United States. They dropped the drives in heavy foot-traffic areas to find out the number and identity of people who would pick them up and plug them in. The results were that 20 percent (one out of five) users plugged in the rigged drives and opened files as well as clicked on strange web links and sent messages to a loaded email address. And this was just a security test. Read about the real thing in this ZDNet online piece. Threats also come from “friendly” sources In a recent incident, the American Dental Association inadvertently mailed malware-infected thumb drives to thousands of local dental offices. A code embedded in the USBs could gain control of a user’s Windows computer. The contamination, according to ADA, occurred “somewhere in the supply chain,” and only a fraction of the drives may have been infected. Sensible practices for minimizing the USB threat Does your company have a detailed, yet thoughtful, usage policy and sensible security procedures for USBs on the job? Somewhere between banning USB usage altogether and allowing sanctioned, limited use are the best practices for your company’s security posture. Here are five general suggestions: 1. Limit your exposure by disabling USB ports on computers containing sensitive information. Make USB functionality on a strictly need-to-know/have basis. Issue USB drives that have full encryption and pass-phrase protection. Make sure your IT people can remotely wipe or lock the USB drives. Look for high-security products such as Iron Key. 2. Automatically run a USB scanning program on all company computers when the USB drive is plugged in. Permit no unauthorized applications to be run from any USB drive. 3. Audit your USB drives to ensure authorized use. Unannounced and random USB drive confiscation and scanning are the best tools to imprint security awareness among users. Inventory, add serial numbers, and record names of users. Ban all use of personal USB drives on work computers for any reason. 4. Do regular backups of your USB drives and include encryption keys so that the data can be recovered. Run a data recovery test to ensure that your IT security people can unlock and access any USB drive — even if user malfeasance or malware have disabled the drive. 5. Have a plan in place in the event someone loses a company USB drive. Procedures could include locating the drive through geotagging or simply wiping or destroying the device remotely. Looking for help? {company} is the trusted choice when it comes to staying ahead of the latest cyber security and information technology tips, tricks and news. Contact us at {phone} or send us an email at {email} for more information.

Information Technology News & Information

Why the Cloud Hasn’t Gained Sway With Legal Professionals

The cloud has become ubiquitous in the past decade. Just about every business taps into the cloud’s storage power. Even students, teachers and everyday individuals rely on the cloud. Yet there is one particular group that has not assimilated with the rest of society: Legal professionals. Professionals with legal backgrounds tend to question just about everything, including the safety of new technologies. Let’s take a look at why the cloud hasn’t gained sway with lawyers and their support staff. Distrustful by Nature Lawyers tend to massage the truth for personal gain. It’s part of the job. They tend to expect the worst from humanity as they have defended some extremely unscrupulous individuals and suffered at the hands of cutthroat attorneys who will do just about anything to win a favorable judgment. You can’t blame these professionals for begrudging the cloud. They’ve become quite cynical and distrustful due to the nature of their work. A Control Issue When you store information on the cloud, you relinquish control of that data. Giving up control of sensitive information is not the type of thing that a seasoned attorney does without reticence. A number of high-profile security breaches have occurred at law firms throughout the past couple of years. These successful attacks have scared plenty of attorneys away from tapping into the power of the cloud. The bottom line is that attorneys are the first and last line of defense when it comes to safeguarding client data. If an attorney were to upload sensitive data to the cloud only to have a malicious hacker steal the files, he would likely lose clients who are negatively affected. It really boils down to a trust issue. Experienced attorneys are not willing to risk their client base, their reputation or their career on a technology that has the potential to be breached by a devoted hacker. Though it might sound nihilistic, most attorneys really do not trust cloud providers or any other third party to safeguard sensitive information. The Devil is in the Details If you take a close look at the “birdseed” of cloud contracts, you will find that cloud providers bear just about no liability in the event that user data is pilfered or accessed by an inappropriate party. This is precisely why attorneys are hesitant to store data anywhere but the in-house server or computer hard drive. Previous Cloud Security Breaches Most people are familiar with the recent cloud hacks that resulted in the leak of celebrities’ naked pictures. Yet celebrities are not the only ones to suffer from cloud security breaches. The data of several law firms has been exposed to malevolent hackers in recent years. Consider the Mossack Fonseca breach in which hackers found information proving the existence of tax shelters safeguarded by the Panamanian law firm. The New York law firm Cravath Swaine & Moore also suffered a high-profile breach as well. The FBI has gone to the extent of warning law firms that their data is an easy target for cyber thieves. Hackers view law firm data as fruit ripe for the picking. There’s an excellent chance that law firm files contain valuable trade secret information and unpublicized deal information that can be easily exploited. Add in the fact that cloud apps can also be infiltrated to thieve information and it is easy to understand why more and more law firms are opting to store all important data in-house rather than on the cloud. {company} {company} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at {phone} or send us an email at {email} for more information.