alt tag

Posts Tagged ‘cyber security’


This Is the End: Microsoft Takes a Hard Stance on Phasing Out Older Windows Versions

Tuesday, April 11th, 2017

windows-10-1995434_640

If your business hasn’t already made the switch from Windows 10’s predecessors to a new operating system, it’s time to make the initiative a priority. While your IT staff doesn’t need to upgrade every computer in your office, it’s necessary to make sure all vital software is compatible with Windows 10 because new replacement devices won’t fully support older Windows versions.

According to ZDNet,

computers running Intel’s 7th-generation Core CPUs and AMD’s Ryzen CPUs will no longer receive operating system updates for Windows 7 and 8.

Without updates, you are likely to experience IT security issues.

The Writing Is on the Wall

The change does not affect computers built and purchased before the last few months of 2016, but it matters for any new computer running new hardware. Back in January of 2016, Microsoft announced that new CPUs will only be compatible with Windows 10, so anyone looking to buy new hardware and put an older version of Windows on it is out of luck. However, Microsoft will continue to support Windows 7 and 8, with extended support for security updates through 2020 and 2023 respectively.

Plan Your Transition: Business Continuity Concerns

This change in policy means that moving over to Windows 10 will eventually be the only option. Your business should begin to develop a migration strategy with the help of IT consulting services to phase in Windows 10 devices as you replace older systems running incompatible hardware. Also, if your business plans to look into other options like Macs and Chromebooks, this is the perfect time to do it.

Make sure to consider these issues in your transition away from older versions of Windows:

  • Run a pilot Windows 10 system to ensure continuity for your existing work environment. Test your employees’ daily workflow on this system.
  • Install all the software your business uses on this system and see if it works with Windows 10. Your tests may identify legacy software that’s no longer supported but that you’re currently using for important operations. This can lead to expensive, painful transitions to replacement software.
  • Adjust your upgrade strategy to accommodate your findings. This could involve changing the schedule to allow more time for employees that run incompatible software to work out a solution. It’s most efficient to plan to upgrade to Windows 10 upon device replacement; however, if your tests don’t find any problems, you may opt to upgrade existing systems early. Note that the Windows 10 free upgrade period ended in July 2016.

Legacy Software Concerns

Your company may find that some of the software you’ve been using for the past 15 years without any problems will not work under Windows 10, which puts your business in a difficult position. Replacing software that’s vital to day-to-day operations can be a very disruptive process. Managed services providers can help your business devise a contingency plan to keep the old software running, but it’s a best practice to migrate to a contemporary solution eventually. There are a few options your company has to keep those older systems running so you can keep using the old software, including upgrading/repairing the old systems and running older versions of Windows through a virtual machine.

The experts at MPA Networks are ready to help your business find its best OS solution to balance productivity with security. Contact us today.

Mac- and Linux-Based Malware Targets Biomedical Industry

Tuesday, March 14th, 2017

virus-1920629_640

The malware infection, discovered in late January, that’s been hiding out on Mac and Linux devices for more than two years doesn’t mean the security floodgates are open, but it is a reminder that these devices aren’t invincible. Apple is calling this new malware “Fruitfly,” and it’s being used to target biomedical research. While not targeted for Linux devices, the malware code will run on them.

This attack may hit a little too close to home for those industries MPA Networks specializes in protecting, including healthcare and biotech. That makes this a good time to reexamine security best practices for devices that aren’t commonly targeted for attacks.

Attacks Are Rare, But Not Impossible

Broadly speaking, any device that isn’t running Windows has benefited from a concept called “security through obscurity,” which means hackers don’t bother going after these devices because of a smaller market share.

Mac OS X and Linux provide more secure options than Windows for various reasons, but neither is an invincible platform.

Every so often, hackers strike the Mac community with malware—and when the attacks are successful, it’s typically because users don’t see them coming. The lesson here, of course, is to never let your guard down.

You may not need an active anti-virus program on a Mac, but occasional anti-malware scans can be beneficialAccording to Ars Technica, “Fruitfly” uses dated code for creating JPG images last updated in 1998 and can be identified by malware scanners. Anti-malware programs like Malwarebytes and Norton are available for Mac devices. MPA Networks’ desktop support and management can also improve user experiences on non-Windows devices.

Keep Your Macs and Linux Machines Updated

The old IT adage that says “keeping your programs updated is the best defense against security exploits” is still true when it comes to Mac OS X. While Mac OS X upgrades have been free or low-cost for years, not everyone jumps on to the latest version right away. For example, less than half of Macs were running the latest version of the OS in December of 2014. This means all the desktop and laptop devices running older versions of Mac OS X are exposed to security holes Apple patched with updates.

Typically, Apple only supports the three most recent versions of their operating system, which usually come in annual releases. Your workplace computers should, at the very least, be running a version still supported by Apple. The good news is that Apple quickly issued a security fix to address Fruitfly. The bad news? This isn’t the first Mac OS vulnerability malware has managed to exploit, and it won’t be the last.

The IT consulting experts at MPA Networks are ready to help your company find the right tools to increase productivity and improve security on all your office devices. Contact us today to get started.

An Expert’s Guide to Avoiding Phishing Scams

Tuesday, January 24th, 2017

hacker-1944673_640

Unlike most IT security threats, phishing scams attack the human element instead of the machine element. Phishing scams try to bait a person into exposing confidential information by posing as a legitimate, reputable source, typically by email or phone. Most often, the culprits seek users’ account login details, credit card numbers, social security numbers, and other personal information.

By properly educating your employees and following a handful of best practices, your business can significantly reduce the threat of phishing scams.

Here’s how:

1. Treat every request for information—whether by email, phone, or Instant Message—like a phishing scam until proven otherwise.

Meeting any request for confidential information with skepticism, regardless of how trivial it sounds, is your employees’ best defense against phishing scams. Even innocent information like a person’s first car, pet’s name, or birthday can be used to steal accounts through password recovery. Generally speaking, no professional organization or company would ever ask for personal information when contacting you—so any information request of this type is more likely to be fraudulent than real.

2. Familiarize your staff with scheduled emails for password resets.

Many companies use regularly scheduled password reset policies as a security measure; however, hackers can exploit this system to get people to hand over account login information. Your company’s best protection in this case is to familiarize employees with which services actually send out these requests. If possible, enable 2-step verification services, or avoid scheduled password changes altogether.

3. Never click a “reset password” link.

One of the easiest ways a hacker can steal information is to include a spoofed link claiming to be a password reset page that leads to a fake website. These links typically look exactly like the legitimate reset page and will take the “account name” and “old password” information the person enters. If you need to reset an account or update your information, navigate to the site manually and skip these links.

4. Never send credentials over email or phone in communication that you did not initiate.

Many sites utilize legitimate password reset emails and phone calls; however, a person has to go to the site and request it. If someone did not request a password reset, any form of contact to do so should be met with extreme skepticism. If employees believe there is a problem, they should cease the current contact thread and initiate a new one directly from the site in question.

5. Don’t give in to fear.

One common phishing scam emulates online retailers, claiming they will cancel an order because a person’s credit card information is “incorrect.” These scams rely on a sense of urgency to get a potential victim to hand over information without stopping to think. If the account really is compromised, chances are the damage is already done.

6. Report suspected phishing attempts.

Phishing attacks like this typically target more than one person in an organization, whether it be from a “mass-scale” or “spear” phishing attack. Therefore, it’s safe to assume that if one person receives a phishing email, others will, too—so contact both your company’s IT department and the organization the hackers were imitating.

If your business is looking to improve its IT security practices and avoid falling victim to phishing scams and other attacks, contact the experts at MPA Networks for help today.

Boost Productivity and Security with Google’s Cloud Applications

Wednesday, January 11th, 2017

Afficher l'image d'origine

For anyone unfamiliar with the Google Applications platform, Google Docs et al. are a Cloud-based spin on mainstay office suite programs that can help your staff work better together.

With a zero-dollar price tag (compared with Microsoft Office’s hefty annual subscription fees) and the potential to boost both productivity and IT security, Google Docs shines as a collaboration tool.

For many types of projects that require teamwork, Google Docs streamlines solutions to the most challenging continuity and security issues inherent in transferring multiple versions of the same file between staff members.

About Google Docs

Google’s DocsSheets, and Slides applications offer many of the same features as Microsoft’s Word, Excel, and PowerPoint, respectively. As browser-based applications, however, they are platform-agnostic, and will work across any device that runs a compatible web browser.

According to CNET, Google Docs does not compete with Microsoft Office feature-for-feature, but instead tries to emphasize the features that are most useful for the typical user. These applications can function in conjunction with existing office suite programs or, depending on your preferences, as a standalone service.

Productivity Perks

Google Docs, Sheets, and Slides offer incredible continuity perks that facilitate collaboration in a huge way. Employees share access to files on Google’s applications through a Cloud-based storage platform called Google Drive, where the files update automatically every few seconds to ensure that everyone accessing them sees the latest version. This makes it easy to edit a document before sending it to a client, or use a spreadsheet as a checklist to keep track of progress on a project in real-time.

The Google application suite eliminates scenarios such as accidentally grabbing an old version of a document/spreadsheet and wasting time merging two sets of content into one file. As a bonus, Google’s web apps free up IT staff to work on other projects because they no longer need to spend time implementing Microsoft Office on employee devices.

IT Security Perks

Google’s range of tools offers several benefits from an IT security standpoint. Cloud-based systems like Google Docs reduce the need for employees to transfer files via email, minimizing the risk of spreading phishing links and viruses. And while it may not be the best option for storing confidential information or files, the platform-agnostic nature of Google Docs allows for easy access to shared files on a wide range of device types, including Windows PCs, Macs, Linux PCs, Chromebooks, iOS devices, and Android devices. This flexibility allows IT teams to take advantage of more secure platforms and limit the device pools that could spread malware. 

If you’re looking to increase workplace productivity and security, the IT consulting experts at MPA Networks are ready to help. Contact us today to get started.

A Primer on Phishing Attacks

Wednesday, December 21st, 2016

credit-card-1591492_640

Phishing attacks are a dangerous and devastating method hackers use to steal personal information and accounts—primarily by striking the user instead of the machine. According to the APWG Phishing Activity Trends Report, the first quarter of 2016 saw an explosive 250 percent increase in phishing attacks, meaning both the industry and individuals should be increasingly concerned about these scams.

While security software is getting better at detecting phishing attacks, it can’t stop them all. Here’s the rundown on what you can do to protect yourself and your employees.

What Exactly Is a Phishing Attack?

The goal of a phishing scam is to get a person to hand over private information, usually pertaining to account access credentials, credit card numbers, social security numbers, or other information, that can be used to steal accounts, information, and identities.

According to Indiana University, phishing attacks, or scams, typically present themselves as fake emails masquerading as official sources asking for personal information. Google adds that phishing attacks can also come through advertisements and fake websites.

So, phishing attacks come in several forms. One example of a phishing attack is an email arriving in an employee’s inbox asking them to reset their Gmail account information. Another is an email from “Amazon” saying the account holder’s credit card information didn’t go through for a recent order.

What’s the Best Defense Against Phishing Attacks?

The best thing a person can do to protect themselves from phishing scams is to be wary any time they receive a message asking for personal information. Businesses and organizations can protect themselves by educating their employees and members about what phishing attacks look like, and how to avoid them.

Teach your employees to look for red flags, like an email address that doesn’t correspond to the supposed sender, impersonalized messages, grammatical errors, and/or unsolicited attachments. Equally, watch out for spoofed links that list one URL on the page but redirect to another—and keep an eye out for spoofed URLs that don’t match the real site (e.g., gooogle.com instead of google.com).

Some phishing emails use such highly personalized information that they may appear, on the surface, to be authentic. Don’t let your guard down. Phishing attacks typically use fear to motivate a person into handing over sensitive information with statements like “your order will be canceled” or “your account will be deactivated.” Instead of clicking the link inside the email or responding directly with personal information, go to the real website using a search engine or by typing the URL directly into your browser. If you receive a phishing email related to any of your professional account credentials, report it to IT.

The State of Phishing Attacks

Now that web users are spread out over a variety of operating systems including Windows, Mac OS, Android, and iOS, it makes sense that hackers would divert more effort to scams that attack the user instead of the operating system. Symantec reported a 55 percent increase in “spear-phishing” scams across 2015. In the first quarter of 2016, CSO reported that criminals successfully targeted 41 organizations in a phishing scam aimed at retrieving W-2 data.

If your company is looking to improve its IT security practices against threats like phishing scams, the IT consulting experts at MPA Networks are ready to help. Contact us today.

Antivirus Software: When One Is Better Than Two

Wednesday, December 7th, 2016

antivirus-1349649_640

If your company’s antivirus software is letting you down, you should think twice before installing a second one on a computer: It may actually make things worse.

Multiple antivirus programs working in conjunction on the same device is not a case of “the sum is greater than the parts” but rather “less is more.”

With many viable free solutions like AVG, Avast, and Avira, it can be very tempting to install backup for a paid option. However, the interaction between multiple antivirus programs leads at best to, essentially, nothing. At worst, it will be detrimental to system performance, stability, and security.

Stepping on Toes

The primary reason that running simultaneous antivirus programs on the same device is a bad idea is that the two programs will confuse one another for malware infections and try to eliminate each other. According to PC World, the antivirus scan conflicts can spill out and cause other programs to fail, while making the operating system less stable. Computer users may immediately notice general slowdown and shorter battery life after installing a second antivirus program.

Users may also be plagued with continuous “false alarm” messages after threats have been removed because the act of one antivirus program removing an infection will be seen by the other as a malware action. Therefore, if you’re installing a new antivirus program on a computer, you’ll need to remove the old one first. This includes removing Windows Defender.

Anti-Malware Scanning Software: Antivirus Backup Exists

Backup exists, but it’s not found in additional antivirus programs. Instead, your business can utilize additional programs commonly referred to as “anti-malware” that are specifically designed to catch infections antivirus software misses for improved protection.

The term “antivirus” is a bit misleading because the programs actually protect computers from a wide range of software-based threats on top of viruses including Trojans, rootkits, worms, and ransomware. Antivirus refers to a software security program that runs in the background at all times as an active form of protection. Anti-malware programs including Malwarebytes, SuperAntiSpyware, and Spybot work through “On Demand” scans, meaning they can be used periodically to clean malware infections.

The Recovery Clause

In disaster recovery situations, your IT staff may need to install a different antivirus program to combat a malware infection that the currently installed software can’t remove. In this situation, the old software will need to be disabled or uninstalled before the new program can get to work.

If you’re looking for better digital security options for your office, contact MPA networks today. Use our experience in IT consulting to your advantage for assistance in both preventing and reducing downtime over malware threats.

Hack of 500 Million Yahoo Accounts Reminds Industry to Increase Security Measures

Wednesday, November 23rd, 2016

password-397652_640

In September 2016, half a billion Yahoo account users received the bad news that their names, email addresses, phone numbers, and security questions were potentially stolen in a 2014 hack.

According to CNET, the Yahoo hack is the largest data breach in history.

In the wake of a major hack like this one, the only silver lining is a powerful reminder for businesses to review their IT security practices. In the case of the Yahoo breach, hackers can use the stolen information to compromise other employee accounts and further extend the reach of the hack. Here’s how they do it, and what you can do to stop them.

The “Forgot My Password” Reverse Hack Trick

Hackers can steal information from many accounts with the information taken from a single account. If you’ve set your Yahoo email address as your “forgot my password” account for other services, a hacker can use a password reset and reminder commands to compromise even more important accounts. Hackers can use stolen security question answers here to obtain other account credentials as well.

The “Same Password, Different Account” Hack

Memorizing a different password for each account is pretty much impossible for the average person. Most people end up using the same password for many accounts. For example, if you own the email addresses “myemail@yahoo.com” and “myemail@gmail.com” and use the same password for both, it’s likely that a hacker who stole your Yahoo password and security questions will try them on the account with the same name on Gmail.

Password Theft Prevention Strategies

Security breach prevention starts with a strategic security plan and a series of best practices:

Account-Specific Logins and Passwords. One way to prevent a hacker from using your stolen username and password on another account is to create site-specific login and password credentials. This is easily accomplished by memory by adding a site-specific prefix or suffix for each account. For example, your Yahoo and Gmail credentials may be “myemailYHOO/YHOOP@ssw0rd” and “GOOGLmyemail/P@ssw0rdGOOGL” respectively. Alternatively, password managers are an easy way to manage login credentials across accounts and generate random passwords.

Secure the Fallback Account. We’ve previously discussed the security benefits of “two-step verification” as an effective way to keep hackers out of your accounts even if they manage to steal your password or security question answers. Make sure all of your accounts that feature a “forgot my password” function lead back to a “two-step” secured email address.

Update Passwords Frequently. Typically, hackers use your stolen information immediately to access your accounts and steal your information. That’s why frequent password changes are often considered a waste of time. However, the Yahoo hack bucks this trend as the information being released in late 2016 came from 2014.

IT security and password protection are an essential part of doing business in the modern digital world. Contact us today for IT consulting advice for better security practices and managed services assistance to help keep your business’s confidential information safe.

Massive IoT DDoS Attack Causes Widespread Internet Outages. Are Your Devices Secured?

Tuesday, November 1st, 2016

finger-769300_640

As you probably know already, the United States experienced its largest Internet blackout in history on October 21, 2016, when Dyn—a service that handles website domain name routing—got hit with a massive distributed denial of service (DDoS) attack from compromised Internet of Things (IoT) devices. The day will be known forevermore as the day your home IP camera kept you from watching Netflix.

The writing has been on the wall for a while now when it comes to IoT security: We’ve previously discussed how IoT devices can be used to watch consumers and break into business networks.

This specific outage is an example of how the tech industry is ignoring security mistakes of the past and failing to take a proactive approach in protecting IoT networks.

The Outage

The October outage included three separate attacks on the Dyn DNS provider, making it impossible for users in the eastern half of the U.S. to access sites including Twitter, Spotify, and Wired. This attack was different from typical DDoS attacks, which utilize malware-compromised computers to overwhelm servers with requests to knock them offline. Instead, it used malware call Mirai that took advantage of IoT devices. These compromised devices then continually requested information from the Dyn servers en masse until the server ran out of power to answer all requests, thus bringing down each site in turn.

This outage did not take down the servers hosting the platforms, but rather the metaphorical doorway necessary to access those sites.

Ongoing Security Concerns

According to ZDNet, the IoT industry is, at the moment, more concerned with putting devices on the market to beat competition than it is with making devices secure. IoT devices are notably easy to hack because of poor port management and weak password protection. IoT devices are also known for not encrypting communication data. October’s attack wasn’t even the first of its kind: A 145,000-device IoT botnet was behind a hospital DDoS attack just one month prior.

What You Can Do

MacWorld recommends changing the default security configuration settings on all IoT devices and running those devices on a secondary network. The Mirai malware works simply by blasting through default username and password credentials—so users could have protected themselves by swapping the default “admin/admin” and “password/password” settings. There are also IoT security hub devices available to compensate for IoT security shortcomings.

IoT devices can offer fantastic perks for your office, but the security concerns are too important to ignore. If you’re interested in improving network security pertaining to IoT devices or looking for advice on which IoT devices would benefit your workplace, don’t hesitate to contact MPA Networks today.

Are Chromebooks Right for YOUR Business?

Wednesday, September 7th, 2016

acer-791027_640

Google’s Chromebook platform has the potential to replace traditional laptops and increase productivity for businesses, much like it has in the consumer market at large. For the uninitiated,

Chromebooks are Cloud-oriented laptops that run most operations through the Google Chrome web browser instead of traditional desktop applications.

And, while lacking the raw horsepower and feature range found in Windows and Mac computers, Chromebooks manage to pack a ton of functionality in a secure, zippy, and affordable package.

Extremely Capable Machines

According to TechRadar, the Chromebook is an ideal device for workers who rely mostly, if not exclusively, on Cloud data storage and web applications. Employees that work mostly through Google Apps already will find the device a natural fit. If it runs in Chrome, it runs on the Chromebook.

Other employees who primarily use desktop computers may find a Chromebook a much more powerful productivity booster for a secondary mobile device compared with smartphones and tablets. While the devices may have slower CPUs than comparable laptops, they’re running an OS with little overhead bloat, so they tend to offer a smooth user experience.

Cloud-Based Advantages

The Cloud-based nature of Chromebooks makes them a great asset for malware prevention and simplified disaster recovery. According to Google, Chromebooks “are designed from the ground up to defend against malware and viruses.” Additionally, all files saved in web applications are stored in the Cloud, which means the disaster recovery process amounts to simply reloading the operating system. Moreover, Chromebooks are highly secure in the event of theft since they don’t store confidential data on the device itself.

Low Cost

Chromebooks are a cost-effective option for many companies, but small startups may have the most to gain. Don’t use—or can’t afford—costly management tools, server hardware, and other infrastructure? Chromebooks start as low as $150, with more capable models in the $200-250 range; high-end Chromebooks hit the cost ceiling at $500. These are much cheaper than typical enterprise laptops, making them an affordable alternative. Chromebooks are also a great option for business trips, considering three-day laptop rentals can cost between $70 and $150 per employee.

Results May Vary

Chromebooks aren’t for everyone, so make sure the device fits seamlessly into your workflow before making a company-wide commitment. If, for example, your employees need powerful systems with proprietary software for intense applications like video editing, rendering 3D models, or financial modeling, and these tasks are not offloaded into the Cloud, then Chromebooks are not for you. Also, it’s worth keeping in mind that Chromebooks lose most of their functionality when working in areas without an Internet connection, and that configuring a Chromebook to print isn’t as easy as on a PC or Mac.

That said, many of the Chromebook’s shortcomings could see improvements soon: Google is planning to add Android application support in the near future. If your workflow can adapt well to Chromebooks, the pros may outweigh the cons and then some.

Are Comatose Servers Draining Your Wallet and Leaving You Vulnerable?

Tuesday, August 30th, 2016

bones-1294357_640

Those old servers your business no longer uses—and keeps running anyway—are more than just a security risk: They’re hurting your firm’s bottom line.

The term comatose server describes a functional server, connected to a network, that sits idle virtually all of the time. If your business is running three servers, there’s a high chance that at least one of them is a “zombie server.” 

30 percent of all servers are comatose. This means that approximately 10 million servers across the planet are sitting around doing nothing productive.

According to the Wall Street Journal, most companies are better at getting new servers online than taking old servers offline. A managed service provider (MSP) can help your business identify inactive servers and dismantle them, both to reduce costs and improve security.

Security Concerns

A comatose server can be a major security risk for your business. Unlike that shiny new server running the latest software, the old one is likely running a legacy operating system necessary to utilize older applications. These forgotten servers are also unlikely to receive security updates. If hackers are looking to break into your business network, they are going to have an easy time breaching an outdated system with established security exploits. Because even though these servers aren’t being used, they are likely to hold important—or even confidential—information.

Wasting Electricity

That’s not all, says the Wall Street Journal. The 3.6 million zombie servers in the United States are also wasting a staggering 1.44 gigawatts of electricity—enough to power every home in Chicago. While your business’s unused servers are just a drop in the bucket compared to the national problem, you’re still looking at a hefty energy bill to keep a dormant server running over time. If we consider that, on average, electricity costs 12 cents per kWh in the U.S., that means running a 850-watt server costs about $890 a year. Two comatose servers wasting energy for five years total nearly $9,000 in electricity expenses—money your business could save just by flipping a switch.

Hunting for Zombies

An IT consulting service can help your business identify and dismantle comatose servers. The process involves identifying every server your business owns and runs, and determining which ones aren’t being used anymore. Some older servers may not be running domain-name-system software, so they may not show up when searching the network directory—meaning you may need to hunt them down manually.

Of course, it’s unlikely that a smaller firm has more than a handful of servers, so creating a server inventory is often as straightforward as looking at the office server rack. Businesses that have a much larger group of servers to work with may need a network scanning tool to find servers. But remember: The savings and security benefits begin as soon as the comatose servers are turned off.