alt tag

Posts from February, 2016


Internet Explorer: Upgrade Your Relationship or Break Up?

Thursday, February 25th, 2016

browser-773215_640

The end is here for all versions of Microsoft’s Internet Explorer outside of the most recent version. If your business is still using older versions of the browser, it’s important to switch to a different browser—or upgrade to maintain the latest in security and support. According to Microsoft, support for IE10 and prior versions ended on January 12, 2016.

As recently as fall 2015, Internet Explorer still accounted for around 17 percent of all desktop computer web traffic. ZDNet reported that somewhere around 30 to 40 percent of in-use Microsoft web browsers are lower than IE11. So there’s a good chance some of the older systems your employees are using are running an older version of IE. Situations like this are problematic because the security updates help prevent hackers from infecting and infiltrating your business’s systems.

Why should I care?

Microsoft dropping support means that employees using older versions of Internet Explorer will experience security risks for any unpatched vulnerabilities in the browser’s code.

While the mobile web has commanded more than 60 percent of all Internet media viewing time since May of 2014, the traditional desktop web still accounts for a substantial 40 percent of all traffic—and it is still an important productivity platform for many businesses.

How do I upgrade?

If a computer’s operating system supports IE11, updating to IE11 can be as straightforward as running Windows Update and selecting the browser from the update options list. However, if the computer is not cooperating with Windows Update, users can manually download IE11 for Windows 7 from Microsoft’s download page. Windows 8.1 and Windows 10 users are already running IE11 and Edge by default, so the upgrade is unnecessary.

What if my OS is incompatible with Edge or IE11?

The only way to run IE11 or Edge on a computer with an incompatible operating system (like Windows XP or Windows Vista) is to upgrade the computer to Windows 7 or an even more recent iteration. The newest operating systems tend to be the most secure overall, providing additional benefits outside of Internet Explorer. Microsoft is offering a free upgrade to Windows 10 for a large portion of Windows 7 and Windows 8 users, which will move computers to Edge, Microsoft’s newest browser.

A Compromise

Some businesses may encounter problems with older website code that does not work on newer web browser versions: They are stuck choosing between dropping support or continuing to run a security risk with an older browser. However, you can maintain legacy support situations like this while using a modern web browser on the same system by installing either Mozilla Firefox or Google Chrome. These browsers support modern web and security standards, so employees can opt to open Internet Explorer only for legacy support on older services while using a modern web browser for all other purposes.

Not sure how (or when) to upgrade? Get in touch with a local Managed Service Provider who can talk you through it.

New Ransomware Good Reminder to Practice Thorough Data Backup

Wednesday, February 17th, 2016

close-159133_640

A new combination of a sophisticated password-stealing Trojan, powerful exploit kit, and content-encrypting ransomware is making its way around the Internet infecting Windows users. If it hits your business, you’re looking at a considerable loss of time and finances.

It’s estimated that businesses worldwide spent around $491 billion in 2014 managing the blowback from data breaches and malware infections. Making sure your business is ready to minimize the amount of damage a ransomware attack can do is the best course of action for dealing with cyber threats like these.

Ransomware Refresher

Ransomware has taken system-disabling malware to a whole new level by trying to extort money in exchange for returning control.

Ransomware that employs data encryption programs like Cryptolocker and CryptoWall uses a complex encoding algorithm that locks off important data on the computer—so removing the ransomware will not restore the data.

In many cases, paying the $24 to $600+ demanded to decrypt the information ends up being practical, because restoring the lost data would end up costing more. However, it is possible that even after you’ve paid the ransom the hackers will not restore access to your system. So pay at your own risk.

Kicking You When You’re Down

The new malware fusion doesn’t just lock a user out of their computer or try to steal login credentials; it does both, and tries to use some of that stolen information to hijack websites the user has admin access to (and propagate itself across more systems). According to PCWorld, the new disastrous malware mix uses the “Angler” exploit kit, the credential-stealing “Pony” Trojan, and the “CryptoWall 4” ransomware. If any of your business’s computers are hit with this malware campaign, you’ll have to deal with compromised account login information, possible FTP and SSH website access breaches, and all the data on the infected computer is as good as lost. So you’re not only looking at the expenses for changing passwords, locking down websites, and replacing lost information, but also the dozens of hours redoing lost work.

The Best Defense

Even though malware finds new ways to compromise systems, it is still a best security practice to keep your antivirus and system software up to date to protect your information. However, keeping everything updated can be problem for some companies, as vital software may not work correctly following an update. Additionally, businesses should avoid using computers running old, outdated operating systems like Windows XP that are no longer receiving security updates.

Making sure your important information is also saved in off-device storage (like an external hard drive or on a cloud service backup) is one of the best things your business can do to minimize the amount of damage caused by a system-disabling malware attack. If the system is infected, the backed up data will still be up to date—and instead of losing months of work, you’re looking at a few hours or days instead. Moving work to cloud-based applications with online storage is another good way to prevent loss from malware. If an employee’s computer gets hit with ransomware, any work they’ve been storing or working on through a cloud service is still safe and secure.

Need advice on backing up your data? Get in touch with a local MSP today.

Upgrading to Windows 10: Why You Should (Still) Wait

Thursday, February 11th, 2016

do-not-enter-98935_640

We were as optimistic as anyone about Microsoft’s long-awaited release of the Windows 10 operating system. As we discussed last May, we looked forward to real improvements—chiefly a better desktop interface—over its widely unloved predecessor, Windows 8.1. At the same time, we hoped Microsoft had learned from its troubled history of Windows upgrades and delivered a finished OS which would leave most users thankful, pleased, and productive.

So much for wishful thinking.

You probably don’t need us to tell you Microsoft’s ambitious free online upgrade to Win10’s initial “RTM” version (“Release to Manufacturing”—or perhaps rushed to market!) hasn’t gone quite as smoothly as anticipated.

Of over 100 million worldwide users who clicked an icon and expected a clean, hassle-free install, an overwhelming number experienced a gauntlet of frustrating issues, such as:

  • Continuous stalls, reboots, or cryptic “Something Happened” error messages during the Win10 download.
  • Confusing instructions about locating and entering a new Windows activation key.
  • Incomplete new features (Mail, Edge browser, Cortana voice input, revived Start menu) which proved not-ready-for-primetime.
  • Displaced software apps or compatibility issues with existing hardware drivers that left upgraded computers much less functional—if not totally disabled (or “bricked”).

Many exasperated upgraders were left to that dreaded last resort—a wait in the phone queue of Microsoft tech support. Or they simply threw in the towel and reverted to their previous version of Windows (which Win10 allows within 30 days of upgrade).

Microsoft’s first attempt to correct the early flaws in Windows 10 was the November release of Version 1511, also referred to as Threshold 2—or what Microsoft once called a Service Pack update. While most of those clunky new features generally perform better, the problem of disappearing apps and utilities remains (as discussed in this Reddit thread). For casual users who wouldn’t consider themselves “computer nerds”—and even many who do—upgrading to Windows 10 on their own has been just short of a nightmare.

Where We Stand on Windows 10 Today

  • If you haven’t already attempted upgrading your computers to Win10, we recommend resisting as long as possible—until most of the bugs have been fixed. The current deadline for the free upgrade is July 29, 2016—but we wouldn’t be surprised if that date gets extended, given the massive number of hiccups so far.
  • If you’ve stuck with Windows 7 all along, you’re using a tried-and-true OS which many IT experts actually consider superior to the current Windows 10. Microsoft has pledged extended support for Win7 until January 2020—long after you’ll probably consider your current PC hardware obsolete.
  • We expect Windows 10 to be, eventually, a terrific, reliable user experience. But the first-of-its-kind online download/install—of an entire OS—has been difficult, considering every PC is its own unique combination of hardware and software. It’s hardly a do-it-yourself project… but we can help.

The Dangers of Free Public Wi-Fi: How To Protect Your Network

Tuesday, February 2nd, 2016

wireless-signal-1119306_640

How dependent have you and your employees become on public Wi-Fi outside the office? Mobile hotspots are almost everywhere now—from coffee houses and fast-food restaurants to hotels and airports (and even aboard most planes). Without Wi-Fi access, many of us feel alarmingly “disconnected”—as if we’ve driven 20 miles before realizing we left our phone at home! (Can you recall where and when you last saw a pay phone?)

Risky Business

We’ve come to rely on free Wi-Fi for its sheer convenience, but how secure is it, exactly—particularly for business purposes? Actually, not much at all.

Most commercial-grade public Wi-Fi has been made as technically simple as possible to maximize the number of simultaneous users and avoid connection issues which might require a time-consuming call to a Help Desk. There are no cumbersome firewalls, encryption, or other standard frontline defenses you’d expect from your company’s onsite network.

Even a public hotspot requiring a password offers little real security if all users use the same common login. This makes free public Wi-Fi an especially inviting target for hacking. A minimally-skilled cyber-crook can eavesdrop on Wi-Fi data traffic via black market software on a tablet hidden in a backpack, while a more sophisticated hacker can go as far as creating a bogus duplicate hotspot for users to mistakenly log into. Once connected, the hacker has free reign over the user’s personal data—email, social media, bank accounts, and more—as well as any important business files (even if they’re not open at the time). The vulnerabilities of public Wi-Fi are the weakest link in your IT security chain.

Saving Private Data

What’s the best defense against malicious Wi-Fi snooping? If you aren’t familiar with VPN (Virtual Private Network), your company is already at serious risk. A VPN server essentially acts as a third-party “buffer” between a mobile device and the company network (or the at-large Internet). Using a VPN app installed on the device, the Wi-Fi user connects to the company’s VPN instead of connecting directly to their usual browser homepage. The VPN then thoroughly encrypts all end-to-end data traffic to and from the user’s mobile device. If a hacker intercepts that Wi-Fi data stream, they’ll only receive unintelligible gobbledygook.

Adding a VPN layer of security is relatively painless. A VPN option is actually built into Windows (do a file search for “VPN”). There’s also a wide range of VPN client/server software and real-time services from trusted vendors, or a custom solution can be developed, typically based around SSL (the same level of security most banking sites use) or other advanced protocols.

Are your employees unknowingly putting your company at risk whenever they flip open their laptop at the coffee shop down the street? Feel free to share your concerns with us.