alt tag

Posts Tagged ‘data protection’


Mac- and Linux-Based Malware Targets Biomedical Industry

Tuesday, March 14th, 2017

virus-1920629_640

The malware infection, discovered in late January, that’s been hiding out on Mac and Linux devices for more than two years doesn’t mean the security floodgates are open, but it is a reminder that these devices aren’t invincible. Apple is calling this new malware “Fruitfly,” and it’s being used to target biomedical research. While not targeted for Linux devices, the malware code will run on them.

This attack may hit a little too close to home for those industries MPA Networks specializes in protecting, including healthcare and biotech. That makes this a good time to reexamine security best practices for devices that aren’t commonly targeted for attacks.

Attacks Are Rare, But Not Impossible

Broadly speaking, any device that isn’t running Windows has benefited from a concept called “security through obscurity,” which means hackers don’t bother going after these devices because of a smaller market share.

Mac OS X and Linux provide more secure options than Windows for various reasons, but neither is an invincible platform.

Every so often, hackers strike the Mac community with malware—and when the attacks are successful, it’s typically because users don’t see them coming. The lesson here, of course, is to never let your guard down.

You may not need an active anti-virus program on a Mac, but occasional anti-malware scans can be beneficialAccording to Ars Technica, “Fruitfly” uses dated code for creating JPG images last updated in 1998 and can be identified by malware scanners. Anti-malware programs like Malwarebytes and Norton are available for Mac devices. MPA Networks’ desktop support and management can also improve user experiences on non-Windows devices.

Keep Your Macs and Linux Machines Updated

The old IT adage that says “keeping your programs updated is the best defense against security exploits” is still true when it comes to Mac OS X. While Mac OS X upgrades have been free or low-cost for years, not everyone jumps on to the latest version right away. For example, less than half of Macs were running the latest version of the OS in December of 2014. This means all the desktop and laptop devices running older versions of Mac OS X are exposed to security holes Apple patched with updates.

Typically, Apple only supports the three most recent versions of their operating system, which usually come in annual releases. Your workplace computers should, at the very least, be running a version still supported by Apple. The good news is that Apple quickly issued a security fix to address Fruitfly. The bad news? This isn’t the first Mac OS vulnerability malware has managed to exploit, and it won’t be the last.

The IT consulting experts at MPA Networks are ready to help your company find the right tools to increase productivity and improve security on all your office devices. Contact us today to get started.

8 Spring Cleaning Tips for Your Office Computers

Wednesday, March 1st, 2017

bucket-303265_640

When it comes to your office computers, a little bit of spring cleaning goes a long way. Sure, cleaning office computers can seem tedious. But think of it like preventative maintenance on a vehicle: In the best-case scenario, you’ll never know all the breakdowns you avoided.

Keeping your office computers clean and healthy minimizes your risk of downtime and increases productivity.

Here are 8 tips for your next round of spring cleaning:

1. Update All Software

Run updates and patches for the operating system, commonly used programs, and security software on every system. Program and operating system updates don’t just add features; they’re loaded with security updates that keep your devices safe. Most problems with computer security exploits stem from outdated software that allows hackers to break through established breaches that the developer already closed, so running updates and patches is your best line of defense.

2. Run a Full Anti-Virus Scan

After updating all the software on the computer, run a full anti-virus scan to catch any malicious software hanging out on the device. Active anti-virus protection does a good job of safeguarding the system against infections, but sometimes malware slips through the cracks.

3. Run a Full Anti-Malware Scan

Anti-virus programs go after specific, high-risk malware infections, meaning lower-level malware can still find its way onto your computers. Anti-malware programs including Malwarebytes and Spybot are better equipped to identify and remove malware that the anti-virus misses.

4. Defragment the HDD

Older PCs with traditional Hard Disk Drives (HDDs) may experience load time improvements from an annual drive defragmentation. However, newer Windows systems—and all currently supported Mac OS versions—handle this process in the background, so you don’t need to worry about it. If the computer is running a Solid State Drive (SSD), do not bother with the defragmentation process.

5. Remove Unnecessary Launch Programs

It may seem like every program installed on your computer wants to launch itself at startup—even those you rarely use. Removing unnecessary programs from the system startup can help improve performance and reduce login times. Windows 10 features a handy “Startup” tab on the Task Manager that lets users quickly toggle which programs launch with the system.

6. Check and Create Restore Points

Restore points can be a major time saver in returning a compromised computer to full operation. Restore points reverse most of the damage caused by malware and bad configurations, all with minimal effort. Check whether the computer is already using them, and create one if it isn’t.

7. Run a Full Backup

Backups are like restore points for when very bad things happen to a computer. It’s best practice to make at least two backups of a given computer’s files, and store them in different physical locations. This ensures that in the event of catastrophic loss, all the data saved on the computer up until the backup point is preserved. Mashable recommends verifying if automated backup services like Time Machine and Windows Backup and Restore are actually working.

8. Bust Dust on Desktops

This part of the spring cleaning process is literal. As we’ve previously discussed, excessive dust inside a computer obstructs airflow, which can cause crashes due to overheating and even damage components. CNET has a helpful guide on how to go about the dustbusting process.

A little spring cleaning makes for a more efficient office and stronger disaster recovery. The expert desktop support and management staff at MPA Networks is ready to help your workplace in San Mateo, San Francisco, the South Bay, and other Bay Area cities implement better practices. Contact us today for more information.

An Expert’s Guide to Avoiding Phishing Scams

Tuesday, January 24th, 2017

hacker-1944673_640

Unlike most IT security threats, phishing scams attack the human element instead of the machine element. Phishing scams try to bait a person into exposing confidential information by posing as a legitimate, reputable source, typically by email or phone. Most often, the culprits seek users’ account login details, credit card numbers, social security numbers, and other personal information.

By properly educating your employees and following a handful of best practices, your business can significantly reduce the threat of phishing scams.

Here’s how:

1. Treat every request for information—whether by email, phone, or Instant Message—like a phishing scam until proven otherwise.

Meeting any request for confidential information with skepticism, regardless of how trivial it sounds, is your employees’ best defense against phishing scams. Even innocent information like a person’s first car, pet’s name, or birthday can be used to steal accounts through password recovery. Generally speaking, no professional organization or company would ever ask for personal information when contacting you—so any information request of this type is more likely to be fraudulent than real.

2. Familiarize your staff with scheduled emails for password resets.

Many companies use regularly scheduled password reset policies as a security measure; however, hackers can exploit this system to get people to hand over account login information. Your company’s best protection in this case is to familiarize employees with which services actually send out these requests. If possible, enable 2-step verification services, or avoid scheduled password changes altogether.

3. Never click a “reset password” link.

One of the easiest ways a hacker can steal information is to include a spoofed link claiming to be a password reset page that leads to a fake website. These links typically look exactly like the legitimate reset page and will take the “account name” and “old password” information the person enters. If you need to reset an account or update your information, navigate to the site manually and skip these links.

4. Never send credentials over email or phone in communication that you did not initiate.

Many sites utilize legitimate password reset emails and phone calls; however, a person has to go to the site and request it. If someone did not request a password reset, any form of contact to do so should be met with extreme skepticism. If employees believe there is a problem, they should cease the current contact thread and initiate a new one directly from the site in question.

5. Don’t give in to fear.

One common phishing scam emulates online retailers, claiming they will cancel an order because a person’s credit card information is “incorrect.” These scams rely on a sense of urgency to get a potential victim to hand over information without stopping to think. If the account really is compromised, chances are the damage is already done.

6. Report suspected phishing attempts.

Phishing attacks like this typically target more than one person in an organization, whether it be from a “mass-scale” or “spear” phishing attack. Therefore, it’s safe to assume that if one person receives a phishing email, others will, too—so contact both your company’s IT department and the organization the hackers were imitating.

If your business is looking to improve its IT security practices and avoid falling victim to phishing scams and other attacks, contact the experts at MPA Networks for help today.

Boost Productivity and Security with Google’s Cloud Applications

Wednesday, January 11th, 2017

Afficher l'image d'origine

For anyone unfamiliar with the Google Applications platform, Google Docs et al. are a Cloud-based spin on mainstay office suite programs that can help your staff work better together.

With a zero-dollar price tag (compared with Microsoft Office’s hefty annual subscription fees) and the potential to boost both productivity and IT security, Google Docs shines as a collaboration tool.

For many types of projects that require teamwork, Google Docs streamlines solutions to the most challenging continuity and security issues inherent in transferring multiple versions of the same file between staff members.

About Google Docs

Google’s DocsSheets, and Slides applications offer many of the same features as Microsoft’s Word, Excel, and PowerPoint, respectively. As browser-based applications, however, they are platform-agnostic, and will work across any device that runs a compatible web browser.

According to CNET, Google Docs does not compete with Microsoft Office feature-for-feature, but instead tries to emphasize the features that are most useful for the typical user. These applications can function in conjunction with existing office suite programs or, depending on your preferences, as a standalone service.

Productivity Perks

Google Docs, Sheets, and Slides offer incredible continuity perks that facilitate collaboration in a huge way. Employees share access to files on Google’s applications through a Cloud-based storage platform called Google Drive, where the files update automatically every few seconds to ensure that everyone accessing them sees the latest version. This makes it easy to edit a document before sending it to a client, or use a spreadsheet as a checklist to keep track of progress on a project in real-time.

The Google application suite eliminates scenarios such as accidentally grabbing an old version of a document/spreadsheet and wasting time merging two sets of content into one file. As a bonus, Google’s web apps free up IT staff to work on other projects because they no longer need to spend time implementing Microsoft Office on employee devices.

IT Security Perks

Google’s range of tools offers several benefits from an IT security standpoint. Cloud-based systems like Google Docs reduce the need for employees to transfer files via email, minimizing the risk of spreading phishing links and viruses. And while it may not be the best option for storing confidential information or files, the platform-agnostic nature of Google Docs allows for easy access to shared files on a wide range of device types, including Windows PCs, Macs, Linux PCs, Chromebooks, iOS devices, and Android devices. This flexibility allows IT teams to take advantage of more secure platforms and limit the device pools that could spread malware. 

If you’re looking to increase workplace productivity and security, the IT consulting experts at MPA Networks are ready to help. Contact us today to get started.

Looking Forward: Cloud Services Costs and Opportunities

Thursday, January 5th, 2017

download-1745473_640

If your small-to-medium business (SMB) isn’t looking at ways to increase productivity through Cloud services, you could be missing out on exciting opportunities. But while the Cloud offers countless opportunities for business expansion, it can also taking up an ever-increasing share of your company’s IT budget. Overall IT budgets may not be growing, but Cloud expenses are; industry shifts indicate a gradual move towards increased dependency on Cloud platforms to run business operations even among small businesses.

Your business should be aware of these shifts, as they could have a direct impact on how your company’s IT budget is allocated in the future. Read on to find out more. 

The Cloud’s Share of IT Budget

According to a 451 Research study, the typical business spent around 28 percent of its IT budget on Cloud services in 2016, which could increase to a projected 34 percent in 2017.

The study argues that the budget adjustment will stem from an increased reliance on external hosting infrastructure, application platforms, online IT security, and SaaS management programs.

While this report implies a budget increase in one area, businesses will be able to recoup part of the cost with a decreased reliance on internal infrastructure like local servers. Additionally, Cloud platforms do a lot of the heavy lifting, so your business will be less dependent on powerful, expensive computers.

The State of IT and Cloud Expenses

Gartner reported that businesses worldwide spent $2.69 trillion on IT services in 2015With IT expenses remaining mostly flat across 2016, that puts total enterprise Cloud service expenses around $750 million annually. The Cloud is a big deal in the business world: in 2016, upwards of 41 percent of enterprise workloads ran in the Cloud, and that number could grow to 60 percent by the end of 2018.

Why Use the Cloud for SMBs?

Simply put, the Cloud offers businesses incredible versatility, flexibility, and agility that’s not available with on-site servers. One of the Cloud’s key advantages is that it can enable a business to become significantly less dependent, if not completely independent, on local servers. Moreover, Cloud servers can scale for extra processing power to handle work in web applications, web hosting, and SaaS platforms that wouldn’t be available if the business had to rely entirely on in-house servers. Finally, the Cloud allows employees easier access to work platforms regardless of their physical location, making collaboration, disaster recovery, security, and data backup much simpler.

Common Cloud Services to Explore

Here’s a list of Cloud services worth exploring for all SMBs:

  • Content Management Systems
  • Customer Relationship Management Systems
  • Data Backup and Archiving
  • Point-of-Sale Platforms
  • Time Clock Systems
  • Productivity/Web Applications

 If your business is trying to decide whether to expand its IT infrastructure into the Cloud or simply maintain current costs via IT consulting, contact the experts at MPA Networks today.

A Primer on Phishing Attacks

Wednesday, December 21st, 2016

credit-card-1591492_640

Phishing attacks are a dangerous and devastating method hackers use to steal personal information and accounts—primarily by striking the user instead of the machine. According to the APWG Phishing Activity Trends Report, the first quarter of 2016 saw an explosive 250 percent increase in phishing attacks, meaning both the industry and individuals should be increasingly concerned about these scams.

While security software is getting better at detecting phishing attacks, it can’t stop them all. Here’s the rundown on what you can do to protect yourself and your employees.

What Exactly Is a Phishing Attack?

The goal of a phishing scam is to get a person to hand over private information, usually pertaining to account access credentials, credit card numbers, social security numbers, or other information, that can be used to steal accounts, information, and identities.

According to Indiana University, phishing attacks, or scams, typically present themselves as fake emails masquerading as official sources asking for personal information. Google adds that phishing attacks can also come through advertisements and fake websites.

So, phishing attacks come in several forms. One example of a phishing attack is an email arriving in an employee’s inbox asking them to reset their Gmail account information. Another is an email from “Amazon” saying the account holder’s credit card information didn’t go through for a recent order.

What’s the Best Defense Against Phishing Attacks?

The best thing a person can do to protect themselves from phishing scams is to be wary any time they receive a message asking for personal information. Businesses and organizations can protect themselves by educating their employees and members about what phishing attacks look like, and how to avoid them.

Teach your employees to look for red flags, like an email address that doesn’t correspond to the supposed sender, impersonalized messages, grammatical errors, and/or unsolicited attachments. Equally, watch out for spoofed links that list one URL on the page but redirect to another—and keep an eye out for spoofed URLs that don’t match the real site (e.g., gooogle.com instead of google.com).

Some phishing emails use such highly personalized information that they may appear, on the surface, to be authentic. Don’t let your guard down. Phishing attacks typically use fear to motivate a person into handing over sensitive information with statements like “your order will be canceled” or “your account will be deactivated.” Instead of clicking the link inside the email or responding directly with personal information, go to the real website using a search engine or by typing the URL directly into your browser. If you receive a phishing email related to any of your professional account credentials, report it to IT.

The State of Phishing Attacks

Now that web users are spread out over a variety of operating systems including Windows, Mac OS, Android, and iOS, it makes sense that hackers would divert more effort to scams that attack the user instead of the operating system. Symantec reported a 55 percent increase in “spear-phishing” scams across 2015. In the first quarter of 2016, CSO reported that criminals successfully targeted 41 organizations in a phishing scam aimed at retrieving W-2 data.

If your company is looking to improve its IT security practices against threats like phishing scams, the IT consulting experts at MPA Networks are ready to help. Contact us today.

Hack of 500 Million Yahoo Accounts Reminds Industry to Increase Security Measures

Wednesday, November 23rd, 2016

password-397652_640

In September 2016, half a billion Yahoo account users received the bad news that their names, email addresses, phone numbers, and security questions were potentially stolen in a 2014 hack.

According to CNET, the Yahoo hack is the largest data breach in history.

In the wake of a major hack like this one, the only silver lining is a powerful reminder for businesses to review their IT security practices. In the case of the Yahoo breach, hackers can use the stolen information to compromise other employee accounts and further extend the reach of the hack. Here’s how they do it, and what you can do to stop them.

The “Forgot My Password” Reverse Hack Trick

Hackers can steal information from many accounts with the information taken from a single account. If you’ve set your Yahoo email address as your “forgot my password” account for other services, a hacker can use a password reset and reminder commands to compromise even more important accounts. Hackers can use stolen security question answers here to obtain other account credentials as well.

The “Same Password, Different Account” Hack

Memorizing a different password for each account is pretty much impossible for the average person. Most people end up using the same password for many accounts. For example, if you own the email addresses “myemail@yahoo.com” and “myemail@gmail.com” and use the same password for both, it’s likely that a hacker who stole your Yahoo password and security questions will try them on the account with the same name on Gmail.

Password Theft Prevention Strategies

Security breach prevention starts with a strategic security plan and a series of best practices:

Account-Specific Logins and Passwords. One way to prevent a hacker from using your stolen username and password on another account is to create site-specific login and password credentials. This is easily accomplished by memory by adding a site-specific prefix or suffix for each account. For example, your Yahoo and Gmail credentials may be “myemailYHOO/YHOOP@ssw0rd” and “GOOGLmyemail/P@ssw0rdGOOGL” respectively. Alternatively, password managers are an easy way to manage login credentials across accounts and generate random passwords.

Secure the Fallback Account. We’ve previously discussed the security benefits of “two-step verification” as an effective way to keep hackers out of your accounts even if they manage to steal your password or security question answers. Make sure all of your accounts that feature a “forgot my password” function lead back to a “two-step” secured email address.

Update Passwords Frequently. Typically, hackers use your stolen information immediately to access your accounts and steal your information. That’s why frequent password changes are often considered a waste of time. However, the Yahoo hack bucks this trend as the information being released in late 2016 came from 2014.

IT security and password protection are an essential part of doing business in the modern digital world. Contact us today for IT consulting advice for better security practices and managed services assistance to help keep your business’s confidential information safe.

The Benefits of Backups

Wednesday, November 16th, 2016

data-key-571156_640

Even seasoned IT pros have made the mistake of not backing up a device—and panicked after losing countless important files because the device failed. We may know better, yes, but that doesn’t mean we’re perfect.

On the flip side, we’ve all breathed a sigh of relief when a recent backup of our computer or smartphone rescued valuable files after a crash. With employees at businesses large and small using more devices than ever, vulnerability is just as high as the stakes.

It’s never too late (or too early) to implement a reliable backup system—so what are you waiting for?

How Often?

This is a question we hear a lot when it comes to backups. The answer, as ambiguous as it sounds, is “right now.” In an ideal world, your business would configure its employee devices to back up on a daily or weekly basis; but, of course, the more often your business can back up data, the better. And while it’s common for smartphones to Cloud-sync whenever they’re connected to Wi-Fi, it’s worth checking your settings right away.

Minimize Data Loss

Regular data backups are an excellent tool for disaster recovery. In the event that a computer’s hard drive is not recoverable, the ability to restore the machine based on a recent backup significantly decreases the amount of data lost in the process. For example, if the hard drive fails on Tuesday morning and the last backup was on Friday afternoon, the employee will lose at most a day’s worth of work from the incident.

Decrease Recovery Downtime

Backups get your employees back to work faster after a disaster. For obvious reasons, it’s easier to recover a computer to a backup point than to start from scratch, and for some problems, restoration can be even more efficient than repairs.

Removing an infection, decrypting data, and recovering a computer that’s been infected with ransomware, for instance, can take days. But if the computer has undergone a recent backup, restoration may take mere hours.

Old File Version Recovery

Every so often an office has to deal with an employee accidentally making a change to a shared file that can’t be fixed. Regular backups are like freezing a moment in time for your business where you can always go back and recover what was lost.

Embrace the Cloud

Take advantage of Cloud storage solutions for a range of benefits—especially business continuity. With the Cloud, employees can, in many cases, share and access their work from any device. If an employee is on a business trip and needs to update or reference a file stored on their office desktop computer, they can access the information through the Cloud platform.

If your business is looking to improve its data backup practices for a more reliable digital ecosystem, contact the experts at MPA Networks today. MPA’s IT Managed Services offerings can help your company implement a backup system that minimizes downtime and protects your data for both peace of mind and pace of business.

Think Manually Running Hard Drive Defragmentation Is a Big Deal? Think Again

Wednesday, October 19th, 2016

hard-drive-607461_640

Good news: Your IT staff can stop running regular hard drive defragmentation on your office computers. Improvements in technology have rendered this decade-old practice largely irrelevant. One less thing to worry about, as far as we’re concerned.

Hard drive defragmentation is a process in which files that have been split apart across a storage device are reassembled as contiguous, individual files.

This adjustment improves load times and reduces wear on the storage device because the hard drive only needs to “seek” or relocate the reader arm once to load an individual file. Regular hard drive defragmentation has long been considered an easy way to increase productivity by decreasing computer load times.

Modern File and Operating System Changes

That old Windows XP system you’re running in the back corner of the office still probably needs to be defragmented—but the rest don’t. From Windows 7 onward, Microsoft implemented changes that streamlined the defragmentation process. Modern Windows computers are better at keeping files together, automatically waiting for the computer to go idle to run defragging processes in the background.

Mac OS X uses a process called “Hot File Adaptive Clustering” in the HFS format that automates the defragging process when writing new data to the hard drive. You can see for yourself how jumbled the hard drive is by opening the defragmentation tool and checking the “Current Status.” Unless the drive is 10 percent fragmented or higher, there’s no need to run the tool.

Modern HDD Changes

Modern HDD technology unintentionally resolved many of the problems with fragmentation simply by expanding capacity. When saving a file, the computer searches for the largest available contiguous space to store it—and if it can’t find a space big enough, it breaks up the file into the fewest possible pieces. Less contiguous free space means those files get split up more and the situation worsens. Larger storage devices can save more data before having to split files, and they’re more likely to have contiguous available space to store a file in the first place.

The SSD Clause

Defragmenting an SSD can actually wear down the device faster. Additionally, SSDs do not need to move a physical part to seek data, so file fragmentation does not impact performance. For these reasons (and more), it’s widely recommended that SSD storage devices should not be defragmented.

Attn: Large File Power Users

Despite all the improvements in technology, power users that work with large numbers of massive data files can run into problems with file fragmentation. According to OSX Daily, this is more of an issue for pro users who work with multimedia files. Fragmentation can also be an issue on shared storage servers where many users are constantly saving and editing work. These computers and servers may need regular defragmentation.

Get in touch with MPA Networks to take advantage of reliable IT managed services that help you make the most of your time. Old habits, including good ones, may become obsolete over time. Let us help you create better ones in their place.

Are Chromebooks Right for YOUR Business?

Wednesday, September 7th, 2016

acer-791027_640

Google’s Chromebook platform has the potential to replace traditional laptops and increase productivity for businesses, much like it has in the consumer market at large. For the uninitiated,

Chromebooks are Cloud-oriented laptops that run most operations through the Google Chrome web browser instead of traditional desktop applications.

And, while lacking the raw horsepower and feature range found in Windows and Mac computers, Chromebooks manage to pack a ton of functionality in a secure, zippy, and affordable package.

Extremely Capable Machines

According to TechRadar, the Chromebook is an ideal device for workers who rely mostly, if not exclusively, on Cloud data storage and web applications. Employees that work mostly through Google Apps already will find the device a natural fit. If it runs in Chrome, it runs on the Chromebook.

Other employees who primarily use desktop computers may find a Chromebook a much more powerful productivity booster for a secondary mobile device compared with smartphones and tablets. While the devices may have slower CPUs than comparable laptops, they’re running an OS with little overhead bloat, so they tend to offer a smooth user experience.

Cloud-Based Advantages

The Cloud-based nature of Chromebooks makes them a great asset for malware prevention and simplified disaster recovery. According to Google, Chromebooks “are designed from the ground up to defend against malware and viruses.” Additionally, all files saved in web applications are stored in the Cloud, which means the disaster recovery process amounts to simply reloading the operating system. Moreover, Chromebooks are highly secure in the event of theft since they don’t store confidential data on the device itself.

Low Cost

Chromebooks are a cost-effective option for many companies, but small startups may have the most to gain. Don’t use—or can’t afford—costly management tools, server hardware, and other infrastructure? Chromebooks start as low as $150, with more capable models in the $200-250 range; high-end Chromebooks hit the cost ceiling at $500. These are much cheaper than typical enterprise laptops, making them an affordable alternative. Chromebooks are also a great option for business trips, considering three-day laptop rentals can cost between $70 and $150 per employee.

Results May Vary

Chromebooks aren’t for everyone, so make sure the device fits seamlessly into your workflow before making a company-wide commitment. If, for example, your employees need powerful systems with proprietary software for intense applications like video editing, rendering 3D models, or financial modeling, and these tasks are not offloaded into the Cloud, then Chromebooks are not for you. Also, it’s worth keeping in mind that Chromebooks lose most of their functionality when working in areas without an Internet connection, and that configuring a Chromebook to print isn’t as easy as on a PC or Mac.

That said, many of the Chromebook’s shortcomings could see improvements soon: Google is planning to add Android application support in the near future. If your workflow can adapt well to Chromebooks, the pros may outweigh the cons and then some.