alt tag

Posts from August, 2017


Adobe Flash: The Rumors of My Death Have Been Greatly Exaggerated…Until 2020

Tuesday, August 29th, 2017

Adobe Flash, the web content standard the Internet loves to hate, will soon meet its ultimate demise: Adobe will finish phasing out the platform in 2020. Flash, first introduced in the early 2000s, has been on a gradual decline for almost as long as it was on the rise. Fortunately for your company’s IT security, this shift will make your computers safer at the expense of losing support for older web content. Here’s what you need to know about Adobe Flash ending.

Trends in Design

While Flash provides rich content for desktop and laptop computer users, the multimedia software platform received its terminal diagnosis when trends shifted towards the mobile web. Flash’s relevance continued to decline as web sites moved away from running separated desktop and mobile sites by adopting a singular “responsive design which requires Flash-free content.

The Slow Death of Adobe Flash

Late Apple Co-Founder Steve Jobs, who played a major role in creating much of the popular computer technology in use today, is credited with signaling the beginning of the end with his public letter, “Thoughts on Flash.” Instead of weening iOS devices off of Flash content, Apple opted to avoid supporting the standard altogether on iPhones and iPads in favor of HTML5 and H.264.

While mobile devices were the first to abandon Flash, desktop devices kept it on life-support for a few more years. Google followed suit with dropping Flash from Android devices in 2012 and YouTube switched to HTML 5 as the default video player for all devices in 2015. The standard took more hits in 2016: both Chrome and Firefox started blocking Flash by default, forcing users to “opt-in” to enable any Flash content.

Performance Issues

Flash isn’t great for device battery life or SEO-friendly web design. Flash content is typically CPU intensive and inefficient, so it forces the device to do a lot of work even after downloading content. For example, Flash video can eat through a device’s battery life twice as fast as the same content encoded in H.264. Flash content is also notoriously poor for SEO because search engine crawlers can’t properly examine the content. Additionally, Flash-content can take several times longer to load which translates into a large share of the audience abandoning the page due to speed.

Security Issues with Adobe Flash

Unfortunately for Flash, security issues create a situation where leaving the plug-ins installed on a computer to continue supporting content leaves the device vulnerable to attack. Flash is riddled with security holes. Even after Steve Jobs called out Adobe for the security problems back in 2010, Adobe’s vulnerability patches continue to be met with newly discovered vulnerabilities. Symantec observed and reported Flash vulnerabilities in 20142015, and 2016. Hackers frequently exploit Flash’s security shortcomings to upload malware onto devices.

Is your business ready to operate in a Flash-free world? MPA Networks can help through IT Managed Services and desktop management by helping your business phase out lingering Flash-required software and removing Flash installations on your devices. Contact us today to learn more!

When Windows 10 Support Stops

Tuesday, August 22nd, 2017

In July of 2017, some Windows 10 users received an error message when trying to install the Creators Update, stating, “Windows 10 is no longer supported on this PC.” This first-of-its-kind problem stems from an incompatibility with a handful of Intel’s Clover Trail CPUs found in some of the earliest laptop, tablet, and 2-in-1 devices that shipped with Windows 8.1. While the issue affects a relatively small number of devices, it stands as a reminder that aging devices may not always be able to support the latest Windows 10 feature updates. The issue won’t create a security headache for users, but it could block new features your employees would otherwise use in order to increase productivity.

macbook-606763_1920

There’s No Windows 11

Up until now, PC users have generally expected that devices working with a given version of Windows will continue to work on that version indefinitely; replacement time comes when the device can no longer run a newer Windows iteration. However, Windows 10 changes that because there won’t be a Windows 11; instead, Microsoft will continue to update Windows 10. Therefore, the system requirements for Windows 10 can’t be expected to stay the same as Microsoft updates the operating system so that devices running on today’s most recent version of Windows may not run all of Windows 10’s future features.

The Case of the Clover Trail Atom CPU:

As of July 2017, the Creators Update compatibility issue only affects the Atom Z2760, Z2520, Z2560, and Z2580 CPU models. As previously stated these CPUs belong to the Clover Trail family which was first released in Q3 2013. The issue has less to do with the processing power of the device and more to do with a compatibility problem with the CPU’s hardware drivers being incompatible with features in the Creators Update.

Windows 10 Support: Problems Down the Road

Hypothetically speaking, there are a number of issues that Windows 10 feature updates could add to the operating system that will render older devices incompatible or unable to run at a smooth speed. Lower-end devices that run inexpensive and weaker hardware are the most prone to being unable to support future updates. Some possible compatibility issues could include:

  • Insufficient RAM
  • Unsupported hardware drivers
  • CPU too slow
  • Not enough storage

What Next?

The good news here is that the devices are still compatible with the Windows 10 Anniversary Update, which will continue to receive security updates throughout the original Windows 8.1 device lifetime support window. The devices will still receive security updates, making it safe to continue using the devices. This isn’t like running a Windows XP computer on the modern Internet; if the device user doesn’t need the new Windows 10 features from the update, this really isn’t a big deal. However, after 2023, affected devices should be replaced.

Make sure your company’s computers and other devices are secure and able to perform to their highest ability. The IT consulting experts at MPA Networks are ready to help in San Mateo County and throughout the San Francisco Bay Area to keep your hardware and software up-to-date. Contact us today!

The Internal SMB IT Security Threat: Overconfidence In Cyber Security Preparedness

Tuesday, August 15th, 2017

According to a 2017 published study by Advisen and Experian, one of the biggest threats facing small businesses comes from within, such as overconfidence in the organization’s ability to protect itself and recover from cyber security attacks. While businesses in the survey aren’t claiming to have exceptional cyber security plans and policies in place, there is a disconnection on how well prepared companies  believe they are compared to third-party security experts. Modesty is an often overlooked virtue in business cyber security; knowing that your business needs to continually evolve and improve practices is a defense mechanism of its own.

The People Problem

email-1903444_1920

Hackers are shifting their attention to a different part of the system when trying to break in: the human aspect. Hackers are using increasingly sophisticated phishing scams through email, web-linking, and phone calls to trick humans into handing over information instead of dealing with strong technical security implementations.

According to the Experian survey, “80 percent of legal experts and 68 percent of brokers were concerned, versus just 61 percent of risk managers”, pertaining to employees able to successfully identify and avoid phishing and social engineering attacks. Businesses, then, need to emphasize employee education on avoiding phishing and social engineering attacks.

Internal Vs. External Perspectives

According to the Experian survey, on a preparedness scale of 1-to-5, business risk managers rated their employee education programs 3.36. However, legal experts and data brokers gave those same programs 2.91 and 2.57 scores respectively. This disconnect is important because it shows that businesses tend to realize that they have a lot of room for improvement but they undershoot how far their practices need to grow.

Fortunately, firms aren’t as off-base when it comes to assessing preparedness versus other businesses: 54 percent of companies report that their IT security preparedness is better than their competition. Employees further removed from the metaphorical front-lines may be more confident. According to a Deloitte study, 76 percent of business executives are “highly confident” in their firm’s ability to respond to a cyber security attack.

Looking Ahead

Different businesses face different challenges. According to a FICO survey, telecommunications businesses were the most confident whereas healthcare organizations were the least confident in their company’s cyber security protection. However, the healthcare industry perspective could stem from hackers narrowing-in on the hospitals and healthcare providers as the top target. The legal industry and financial service industry businesses are also major targets for cyber attacks.

The silver-lining in the Experian survey is that businesses and security experts are in agreement on what their biggest security concerns should be: phishing for personal/financial information, ransomware attacks, and IoT vulnerabilities. Is your business looking to improve its cybersecurity practices? The IT consulting experts at MPA Networks can help. Whether it’s through desktop support and management or disaster recovery solutions, your company can always work to improve cyber security. Contact us today!

Addressing the Unique Ransomware IT Security Issues in Healthcare

Tuesday, August 8th, 2017

Ransomware, a type of malware that holds a computer hostage and tries to force the victim to pay money to recover access, is a nightmare for any business, but the healthcare industry faces the more severe side of a ransomware attack. The healthcare industry receives a whopping 15 percent of all ransomware attacks across all industries. It’s therefore essential to look at why the healthcare industry is such a prime target so businesses can adjust their IT security strategies to keep both information and patients safe.

ecg-1953179_1920

Why is the Healthcare Industry a Prime Target for Ransomware?

While the malware family tree is fairly expansive, the ransomware branch alone is responsible for 72 percent of all malware attacks in hospitals for 2016. Even though industry experts say victims should never pay the ransom, one study found as many as half of victims have done exactly that. Unfortunately, this pattern persists because it works. The healthcare industry, with an emphasis on hospitals, exhibit three behavioral patterns that make them prime targets:

  • Hospitals have a reputation for running on older operating systems with known vulnerabilities hackers can exploit. Hospitals may need to use outdated operating systems to work with vital, legacy software. Alternatively, it could also be an IT oversight. Even Macs are vulnerable to ransomware.
  • Healthcare operations may need access to specific computers and files immediately or they risk losing a patient’s life, so this makes them a prime target to pay the ransom. When faced with paying a $500 unlock fee or risk a patient dying, there’s not enough time to look at other options.
  • Hackers assume healthcare operations are financially well off and can afford to pay the ransom.

Phishing with Spears, Not Nets

Since healthcare operations are such a prime target, hackers are going as far as creating ransomware-infection mechanisms that emulate specific software. For example, the ransomware infection mechanism may create a window that’s designed to look like a common patient information window. However, instead of closing the window or saving changes, the window forces the computer to download malware. These attacks are often aimed at specific employees with top-level-access.

What the Healthcare Industry Can Do

  • Backups Are A Lifeline: The more often your business runs data backups, the less information it stands to lose. Frequent backups allow your business to access versions of files just a few hours to days old, which minimizes the damage ransomware can inflict.
  • Emphasize Keeping Software Up-To-Date: Ransomware rarely reinvents the wheel and instead relies on exploiting known security holes that vendors have already patched up. Making sure every program on every computer in your business updates to the latest version as soon as possible will offer exceptional ransomware protection.
  • Use the Cloud: Ransomware has a very difficult time seizing data from applications run through the cloud. Therefore, switching to a cloud platform offers additional security.

While the healthcare industry is a prime target for malware, all businesses need to be concerned about the many types of ransomware in the wild. If you would like to learn more about how your healthcare business or other type of company can protect itself from ransomware, contact the experts at MPA today!

You might also want to read: The “Seven Deadly Sins” of Ransomware.

Looking at USB/NFC Keys for Extra Account Security

Tuesday, August 1st, 2017

Hijacked accounts are an IT security nightmare, so it makes sense for your company to look at new technology for better ways to keep your digital assets safe. While security professionals are working out new ways to look at what account credentials are, sometimes with mixed results like with Samsung’s iris-scanner:  it’s clear that the username/password system alone isn’t enough anymore. According to PC World, a new device-based authentication key called “YubiKey” plugs countless security holes by requiring the connecting of a physical device to a computer or smartphone to access accounts.

hacker-1944688_1280

Increased Security, Tougher to Crack with YubiKey

The authentication device solution owes its lineage to the 2-step verification system, which forces the user trying to access the account to enter a time-sensitive key sent to the user through a secondary device to access an account. Usually, to save effort, these systems flag a device as allowed after a one-time authentication. The YubiKey changes that requirement so that the access key device needs to be physically connected to the device accessing the account: disconnecting the device means logging out of the account. This offers increased security because it prevents people from accessing accounts on stolen, authenticated devices and prevents anyone else from being able to use the account at the same time as the key holder.

Avoiding the SMS Pitfall

Physical authentication devices do not need to transmit a key to the user, only send the key to the site hosting the account which makes them much more secure. In 2016, hackers found a way to intercept 2-Factor authentication system messages sent over SMS text-messaging, which put a huge dent in the method’s dependability. Hackers strike businesses incredibly frequently, so any way that your company can stay ahead of them helps.

USB is the Standard-Bearer, NFC is Forward-Thinking

The biggest problem many new security methods face stems from cross-device compatibility. If the authentication device won’t work with a person’s computer, phone, or other devices, it’s not going to be widely used. However, the YubiKey works around this problem by being compatible with both the USB ports devices have been using since 1994 and NFC found in many newer devices that may lack a USB port. Supporting standards like USB and NFC eliminates the most substantial barrier between the authentication device and the end-user.

However helpful devices like the YubiKey are, progress doesn’t stop there. A similar device called “Token,” which is a biometric token ring acts as an authentication device and can also require a fingerprint scan for additional protection. If your business is looking to take a step forward in IT securitycontact the experts at MPA Networks today!

You might also want to read:

Addressing the Unique Ransomware IT Security Issues in Healthcare

Is Your Office Router Secure?