alt tag

Posts Tagged ‘prevention’


Scheduling Security: Take Control of Your OS Updates

Wednesday, May 10th, 2017

update-1672385_640

It happens to everyone: You turn your computer back on after you intended to leave the office, or come in early to get a head start on a new project, only to be greeted by a 20-minute operating system (OS) update session. This common workplace frustration turns what should have been a four-minute job into a half-hour ordeal, forcing you to stay behind or defeating any time gains from starting early.

OS updates provide essential security fixes that keep your business safe, but the platforms have a knack for pushing updates at what feels like “the worst possible time.”

Here’s what you can do to remain one step ahead of your updates at all times.

Change the Default Settings

Don’t leave operating system updates on their default settings, because they’re likely to interfere with work when you need the devices. The solution to this productivity- and attitude-killing problem is to adjust the system settings to force the updates at a specified time when your team won’t need them. Other software, like Office, Photoshop, and web browsers, tend to be less of a problem, since their update sessions are usually much quicker.

Updates Are a Security Issue

The worst solution to update inconvenience is to disable automatic updates. While updates that don’t add any new features may seem irrelevant, they’re actually doing lots of work keeping you safe behind the scenes in areas like IT security and virus/malware prevention.

According to TrendMictro, malware and other security exploits tend to target known security holes that have already been closed through updates and patches. Instead of finding new exploits, it’s easier for hackers to continue to exploit the old ones and take advantage of users who do not update their computer software.

Schedule Around Work to Increase Productivity

Microsoft usually posts their updates on the second Tuesday of every month, which is commonly known as “Patch Tuesday.” However, this may not work well with your business if it disables employee computers Tuesday night or Wednesday morning. The ideal time for updates will differ depending on your business, but for the typical Monday-to-Friday 9-to-5 office, you will be best served by installing updates around 2 a.m. on Sunday morning. Devices can even be individually customized for each employee based on their personal schedule.

The IT Consulting experts at MPA Networks, serving San Francisco, San Mateo County, San Jose, and other San Francisco Bay Area cities, are ready to help your business make technology work for you, not against you. Scheduling updates is a desktop management and support issue, which IT Managed Services can deliver. Contact us today to find out how we can help you better manage your office computers.

The Three Copies Rule: Why You Need Two Backups

Wednesday, May 3rd, 2017

usb-932180_640

Anyone who has ever lost years of work due to computer failure will tell you that backing up your devices can save you considerable heartache and frustration. Reliable, redundant, and regular data backups are your business’s best strategy for disaster recovery—but two copies of your data may not be enough.

IT pros across the world have developed the “3-2-1” backup philosophy to maximize your restoration capacity following a data disaster.

The “3-2-1” Concept

The “3-2-1” approach is simple:

  1. Store three copies of your data.
  2. Utilize multiple storage formats.
  3. Keep one copy off-location.

TrendLabs says that having two backups of your data (meaning three copies total) is all about redundancy. IT professionals have nightmares about experiencing computer or server failure and preparing to restore the backup, only to find that the backup has failed as well. Your business can prevent this situation only by keeping two backup copies of all your important data.

We can’t stress often enough that three copies means three separate devices. Backing up data to a second hard drive in the same computer, or a connected SD card, does not count. This will only protect your data in the event that one of the hard drives breaks.

Some useful backup devices include:

  • External hard drives
  • NAS
  • Cloud storage
  • DVD/Blu-Ray discs
  • Flash drives
  • SD cards

Two Formats: Diversify Storage Media

Using different types of storage for backup improves reliability: It not only diversifies the factors that could cause the backup to fail, but also acts as an extra layer of protection. For example, if both backups are on external hard drives and exposed to a large magnet, both would be destroyed. However, a second copy stored on optical media or a flash drive would survive.

The two backup locations could include a backup external hard drive and cloud storage, or a DVD archive and an onsite NAS server. According to PC & Tech Authority, NAS servers are a great backup option for offices with several networked computers. We’ve discussed storage format longevity in previous blog posts if you need help deciding which one is right for you.

Keep at Least One Copy Offsite for “Catastrophe Recovery”

Catastrophe recovery is another way to describe a worst-case disaster recovery scenario: for instance, the hard drive didn’t fail, but a flood leveled your office, or someone stole both the computer and the backup in a burglary. In order to prevent an outright catastrophe, it’s not safe to keep every copy of your important data under the same roof.

This means, of course, that one of your backup copies should be stored in a secondary locationthe farther the better. The offsite backup could be, for example, a cloud backup, or an external hard drive stored in a bank deposit box. When working with a non-cloud, off-site solution, it helps to swap out two storage devices on a weekly basis.

If your company is looking to streamline its disaster recovery practices with IT Managed Services, contact the experts at MPA Networks today.

Mac- and Linux-Based Malware Targets Biomedical Industry

Tuesday, March 14th, 2017

virus-1920629_640

The malware infection, discovered in late January, that’s been hiding out on Mac and Linux devices for more than two years doesn’t mean the security floodgates are open, but it is a reminder that these devices aren’t invincible. Apple is calling this new malware “Fruitfly,” and it’s being used to target biomedical research. While not targeted for Linux devices, the malware code will run on them.

This attack may hit a little too close to home for those industries MPA Networks specializes in protecting, including healthcare and biotech. That makes this a good time to reexamine security best practices for devices that aren’t commonly targeted for attacks.

Attacks Are Rare, But Not Impossible

Broadly speaking, any device that isn’t running Windows has benefited from a concept called “security through obscurity,” which means hackers don’t bother going after these devices because of a smaller market share.

Mac OS X and Linux provide more secure options than Windows for various reasons, but neither is an invincible platform.

Every so often, hackers strike the Mac community with malware—and when the attacks are successful, it’s typically because users don’t see them coming. The lesson here, of course, is to never let your guard down.

You may not need an active anti-virus program on a Mac, but occasional anti-malware scans can be beneficialAccording to Ars Technica, “Fruitfly” uses dated code for creating JPG images last updated in 1998 and can be identified by malware scanners. Anti-malware programs like Malwarebytes and Norton are available for Mac devices. MPA Networks’ desktop support and management can also improve user experiences on non-Windows devices.

Keep Your Macs and Linux Machines Updated

The old IT adage that says “keeping your programs updated is the best defense against security exploits” is still true when it comes to Mac OS X. While Mac OS X upgrades have been free or low-cost for years, not everyone jumps on to the latest version right away. For example, less than half of Macs were running the latest version of the OS in December of 2014. This means all the desktop and laptop devices running older versions of Mac OS X are exposed to security holes Apple patched with updates.

Typically, Apple only supports the three most recent versions of their operating system, which usually come in annual releases. Your workplace computers should, at the very least, be running a version still supported by Apple. The good news is that Apple quickly issued a security fix to address Fruitfly. The bad news? This isn’t the first Mac OS vulnerability malware has managed to exploit, and it won’t be the last.

The IT consulting experts at MPA Networks are ready to help your company find the right tools to increase productivity and improve security on all your office devices. Contact us today to get started.

8 Spring Cleaning Tips for Your Office Computers

Wednesday, March 1st, 2017

bucket-303265_640

When it comes to your office computers, a little bit of spring cleaning goes a long way. Sure, cleaning office computers can seem tedious. But think of it like preventative maintenance on a vehicle: In the best-case scenario, you’ll never know all the breakdowns you avoided.

Keeping your office computers clean and healthy minimizes your risk of downtime and increases productivity.

Here are 8 tips for your next round of spring cleaning:

1. Update All Software

Run updates and patches for the operating system, commonly used programs, and security software on every system. Program and operating system updates don’t just add features; they’re loaded with security updates that keep your devices safe. Most problems with computer security exploits stem from outdated software that allows hackers to break through established breaches that the developer already closed, so running updates and patches is your best line of defense.

2. Run a Full Anti-Virus Scan

After updating all the software on the computer, run a full anti-virus scan to catch any malicious software hanging out on the device. Active anti-virus protection does a good job of safeguarding the system against infections, but sometimes malware slips through the cracks.

3. Run a Full Anti-Malware Scan

Anti-virus programs go after specific, high-risk malware infections, meaning lower-level malware can still find its way onto your computers. Anti-malware programs including Malwarebytes and Spybot are better equipped to identify and remove malware that the anti-virus misses.

4. Defragment the HDD

Older PCs with traditional Hard Disk Drives (HDDs) may experience load time improvements from an annual drive defragmentation. However, newer Windows systems—and all currently supported Mac OS versions—handle this process in the background, so you don’t need to worry about it. If the computer is running a Solid State Drive (SSD), do not bother with the defragmentation process.

5. Remove Unnecessary Launch Programs

It may seem like every program installed on your computer wants to launch itself at startup—even those you rarely use. Removing unnecessary programs from the system startup can help improve performance and reduce login times. Windows 10 features a handy “Startup” tab on the Task Manager that lets users quickly toggle which programs launch with the system.

6. Check and Create Restore Points

Restore points can be a major time saver in returning a compromised computer to full operation. Restore points reverse most of the damage caused by malware and bad configurations, all with minimal effort. Check whether the computer is already using them, and create one if it isn’t.

7. Run a Full Backup

Backups are like restore points for when very bad things happen to a computer. It’s best practice to make at least two backups of a given computer’s files, and store them in different physical locations. This ensures that in the event of catastrophic loss, all the data saved on the computer up until the backup point is preserved. Mashable recommends verifying if automated backup services like Time Machine and Windows Backup and Restore are actually working.

8. Bust Dust on Desktops

This part of the spring cleaning process is literal. As we’ve previously discussed, excessive dust inside a computer obstructs airflow, which can cause crashes due to overheating and even damage components. CNET has a helpful guide on how to go about the dustbusting process.

A little spring cleaning makes for a more efficient office and stronger disaster recovery. The expert desktop support and management staff at MPA Networks is ready to help your workplace in San Mateo, San Francisco, the South Bay, and other Bay Area cities implement better practices. Contact us today for more information.

Hack of 500 Million Yahoo Accounts Reminds Industry to Increase Security Measures

Wednesday, November 23rd, 2016

password-397652_640

In September 2016, half a billion Yahoo account users received the bad news that their names, email addresses, phone numbers, and security questions were potentially stolen in a 2014 hack.

According to CNET, the Yahoo hack is the largest data breach in history.

In the wake of a major hack like this one, the only silver lining is a powerful reminder for businesses to review their IT security practices. In the case of the Yahoo breach, hackers can use the stolen information to compromise other employee accounts and further extend the reach of the hack. Here’s how they do it, and what you can do to stop them.

The “Forgot My Password” Reverse Hack Trick

Hackers can steal information from many accounts with the information taken from a single account. If you’ve set your Yahoo email address as your “forgot my password” account for other services, a hacker can use a password reset and reminder commands to compromise even more important accounts. Hackers can use stolen security question answers here to obtain other account credentials as well.

The “Same Password, Different Account” Hack

Memorizing a different password for each account is pretty much impossible for the average person. Most people end up using the same password for many accounts. For example, if you own the email addresses “myemail@yahoo.com” and “myemail@gmail.com” and use the same password for both, it’s likely that a hacker who stole your Yahoo password and security questions will try them on the account with the same name on Gmail.

Password Theft Prevention Strategies

Security breach prevention starts with a strategic security plan and a series of best practices:

Account-Specific Logins and Passwords. One way to prevent a hacker from using your stolen username and password on another account is to create site-specific login and password credentials. This is easily accomplished by memory by adding a site-specific prefix or suffix for each account. For example, your Yahoo and Gmail credentials may be “myemailYHOO/YHOOP@ssw0rd” and “GOOGLmyemail/P@ssw0rdGOOGL” respectively. Alternatively, password managers are an easy way to manage login credentials across accounts and generate random passwords.

Secure the Fallback Account. We’ve previously discussed the security benefits of “two-step verification” as an effective way to keep hackers out of your accounts even if they manage to steal your password or security question answers. Make sure all of your accounts that feature a “forgot my password” function lead back to a “two-step” secured email address.

Update Passwords Frequently. Typically, hackers use your stolen information immediately to access your accounts and steal your information. That’s why frequent password changes are often considered a waste of time. However, the Yahoo hack bucks this trend as the information being released in late 2016 came from 2014.

IT security and password protection are an essential part of doing business in the modern digital world. Contact us today for IT consulting advice for better security practices and managed services assistance to help keep your business’s confidential information safe.

Password Managers and Recovery Strategies

Tuesday, August 16th, 2016

password-397656_640

Secure passwords and recovery strategies are an essential part of doing business in the digital age—and password manager programs can help streamline the process.

Password managers store and, often, automate login credentials for individuals across all secured online platforms for easy, secure, and fast access.

Why You Need It

Password-related IT security is an always-hot topic in the tech world; new reports of password security breaches are still hitting headlines with alarming frequency. In June of 2016, hackers hit remote desktop access service GoToMyPC® with a sophisticated attack, causing the company to send out a mass password reset to all of its users. Security breaches like these are a good reminder of why your business should use a password manager.

Everyday Use

Using the same password for every platform is problematic for the obvious fact that hackers can use that one password to break into several accounts. Your best bet is to use different passwords for different platforms—but trying to remember them all can, of course, be a challenge. For services you use infrequently, a password manager can improve productivity by helping you avoid tedious password search and reset processes.

Naturally, the biggest advantage of password manager platforms is that they allow you to easily create and store complex, hack-proof passwords. What do those look like? Here are a few tips: Secure passwords should use 10-12 characters with a mix of capital letters, lowercase letters, numbers, and symbols. And since it’s admittedly difficult for humans to remember 12+ character passwords that look like someone punched a keyboard, a password manager can come to the rescue.

Restoring Secure Access

When it comes to passwords, the best defense is a good offense—but breaches are going to happen. According to PCWorld, password leaks should be treated more like a “when” situation than an “if” situation.

Password managers can help you each step of the way, from locking down compromised accounts to restoring access on all devices so your employees can get back to business like nothing ever happened. After you regain control of the account, the password manager can generate a new, secure password. Additionally, the program will restore access on all of your connected devices by entering the new password in a single location, saving you the time and hassle of re-entering each new password on your work computer, personal desktop, personal laptop, smartphone, tablet, etc.

If you’re worried about password security, talk to your IT consulting service. A local MSP can help your business establish and implement secure password practices and manage them with ease. Check out PC Magazine’s list of top password managers for 2016 for a closer look at your best options.

Cybercrime Begins Over the Phone, Too—Don’t Let Your Employees Forget

Tuesday, April 19th, 2016

phone-388838_640

If you’ve been a regular reader of our blog, you know we’ve spent plenty of time discussing phishing, malware, and other cybercrime. It’s all part of our modern online world, and we know it will never really go away.

We’ve talked about the tricks scammers use, from links in bogus emails to simply visiting the wrong website. But don’t forget crooks are still stalking victims via good old Ma Bell.

Chances are you’ve received a phone call pitching one of these common scams—more than once:

  • The promise of a lower credit card interest rate or a reduced electric bill… provided you give the caller your existing credit card number(s).
  • A call on behalf of one of your family members, requesting wired money to bail them out of a foreign jail. With “people search” sites all over the web, it’s disturbingly easy for a scammer to not only obtain your phone number, but also the names of your loved ones.
  • And perhaps the most devious phone scheme: the service tech from “Windows” who warns that your PC has been detected with a dangerous virus, which he can immediately remove remotely—for a nominal service fee, of course—or guide you in removing via a removal tool download (which is the actual malware)!

Hopefully, you’ve learned to recognize such obvious schemes. But businesses large and small are also targets of sophisticated electronic con artists, and it only takes one employee’s slip-up to rob a company of anything from confidential information to simple cash.

When to Hang Up the Phone

  • Suppose one of your senior executives is speaking at an out-of-town industry conference (information freely available on the conference’s website). Your receptionist receives a call from an “event manager” saying they urgently need their email password changed in order to download their PowerPoint presentation within the next half-hour. If it’s actually a cyber-crook on the other end of the line, they’ll have successfully hijacked that email account—inbox, address book, archives, everything.
  • If your accounting team gets a call from an angry “vendor” demanding payment for a mysterious invoice that’s suddenly 90 days past-due—for something as innocuous as bottled water or toner cartridges—might they be directed to a bogus payment site to collect a quick payment? Banks usually won’t forgive such voluntary gaffes, and if the culprits are outside the U.S., that money is almost surely gone.

We’ve discussed the necessity of a comprehensive employee security training program. Don’t forget to include your employees on the lookout for phone scams as well. Also consider a policy of no password changes without alerting top-tier support of your managed service provider, or supplement usernames and passwords (or even replace them) with two-step verification.

Questions? Contact us today.

Prepare Now or Pay Later: More Ransomware Attacks in the News

Thursday, April 7th, 2016

euro-76015_640

We’re only a few months into 2016, but we’ve already seen two high-profile ransomware attacks—where cyber-crooks heavily encrypt a victim’s computer files before demanding payment for a decryption key only they can provide. Two notable incidents grabbed headlines:

  • In January, Israel’s Electricity Authority was hit by what officials termed “a severe cyber attack.” What early media reports described as a possible terrorist plot to knock out Israel’s national power grid turned out to be a multiple ransomware infection that crippled the agency’s IT network—most likely triggered by a employee falling for a phishing scam (as little as clicking a link in a bogus email). The Israeli government didn’t reveal whether they’d paid off the crooks in order to restore the network.
  • Closer to home, one month later Hollywood Presbyterian Medical Center in Southern California gave in to hackers’ demands for 40 Bitcoins—a little under $17,000—to restore access to their ransomware-encrypted network. With patient care potentially in the balance, the hospital decided the quickest solution would be to simply pay the ransom.

Pay or Don’t Pay: Where Do You Stand?

A recent study from anti-virus maker Bitdefender indicates that over half of all U.S. ransomware victims have actually paid off their attackers, while 40% of respondents said they most likely would pay to restore access to their data files if necessary.

This leads us back to the central ransomware conundrum: To pay or not to pay.

As we recently discussed, the FBI considers their hands tied against ransomware attacks (almost all are suspected to be launched from Eastern Europe) and shockingly recommends victims simply cough up the Bitcoins. But there are still very logical reasons why paying off cyber-extortionists is never a wise idea:

  • You’re an instant patsy. A quick ransom payment indicates you’ll give in without a fight—an ideal victim. Expect your attackers to remember that when they run low on cash—or share that knowledge with other cyber-gangs looking for their next “easy mark.”
  • The demands will grow bigger. Think of ransomware attacks in terms of simple economics—the “seller” charges what the market will bear. Today’s most lethal strain of ransomware, CryptoWall 4.0, currently charges victims a standard flat rate of 1.83 Bitcoin ($700). If most readily paid $700 for their precious data today, why wouldn’t they pay $900 tomorrow—or even more?

Protect Your Company Now

  • Back up your entire network regularly. Most ransomware will seek out external backup drives (connected to a computer via a USB port) and infect those files as well—unplug the drive after every manual backup.
  • Make sure all software is fully updated and patched. Ransomware and other viruses seek out vulnerabilities in all common office apps.

The middle of a robbery is too late to create your anti-robbery plan! Contact us to help design and implement your company’s strategy against ransomware and other emerging cyber-threats.

IoT Devices: Security Holes?

Tuesday, March 15th, 2016

network-782707_640

Hackers can take advantage of a newer technology prevalent throughout your business to break into your network and compromise security: Internet of Things devices. Your business may have never considered that the handy new Smart Thermostats throughout the building or the Smart TV in the conference room could actually be used by a hacker to piggy-back onto other devices on your network.

Fortunately, a managed service provider can stay on top of your IT security, installing the latest updates on every computer and all network hardware, and minimizing the risk of experiencing productivity-draining malware and hacks.

Your business could be vulnerable to a major security breach by leaving IoT devices unpatched and running old code.

The Elephant in the Room

In December of 2015, the security experts at TrendMicro identified approximately 6.1 million devices in use, including IoT devices, running software with an unpatched code execution attack security hole. The catch is that the security hole was identified and fixed all the way back in 2012, meaning these devices are still putting their owners at risk. Code vulnerabilities aren’t limited to device firmware, as the security hole TrendMicro found came from a code library found within apps.

A study by HP showed that upwards of 70 percent of all IoT devices are in some way vulnerable to an attack—and according to ZDNet, IoT devices are problematic for business security overall because they lack much of the security sophistication found on devices like laptops. For example, the home IoT market is facing major privacy and security concerns over Baby Monitor hacking. Your company may be concerned about home IoT devices as well if you have employees that work from home.

Plug, Play, and Forget

Hackers aim to exploit the common “set it and forget it” mentality toward IoT devices. Not only are IoT devices prone to security breaches, they are also often neglected as points of concern. When the manufacturer issues an update to patch security problems, your staff may not include IoT devices alongside regular updating practices.

There is plenty that an MSP can do right now to protect your business from IoT security holes, even when security apps and firmware patches aren’t an option. In addition to keeping the device’s operating software up to date, it is also necessary to keep all installed apps updated. Many IoT devices lack a clear interface to implement patches, making the process cumbersome. Security apps work well on devices that support them, but IoT products that lack security app support are a bit trickier to work with.

Another way an IT consultant may suggest to keep IoT devices from impacting the rest of your business’s security is to create a second isolated network for smart devices that can’t directly access your main network. WiFi makes the process relatively inexpensive and straightforward.

Keep your business running productively by taking preemptive action against IoT security faults with a local MSP. You’ll be glad you did.

The Dangers of Free Public Wi-Fi: How To Protect Your Network

Tuesday, February 2nd, 2016

wireless-signal-1119306_640

How dependent have you and your employees become on public Wi-Fi outside the office? Mobile hotspots are almost everywhere now—from coffee houses and fast-food restaurants to hotels and airports (and even aboard most planes). Without Wi-Fi access, many of us feel alarmingly “disconnected”—as if we’ve driven 20 miles before realizing we left our phone at home! (Can you recall where and when you last saw a pay phone?)

Risky Business

We’ve come to rely on free Wi-Fi for its sheer convenience, but how secure is it, exactly—particularly for business purposes? Actually, not much at all.

Most commercial-grade public Wi-Fi has been made as technically simple as possible to maximize the number of simultaneous users and avoid connection issues which might require a time-consuming call to a Help Desk. There are no cumbersome firewalls, encryption, or other standard frontline defenses you’d expect from your company’s onsite network.

Even a public hotspot requiring a password offers little real security if all users use the same common login. This makes free public Wi-Fi an especially inviting target for hacking. A minimally-skilled cyber-crook can eavesdrop on Wi-Fi data traffic via black market software on a tablet hidden in a backpack, while a more sophisticated hacker can go as far as creating a bogus duplicate hotspot for users to mistakenly log into. Once connected, the hacker has free reign over the user’s personal data—email, social media, bank accounts, and more—as well as any important business files (even if they’re not open at the time). The vulnerabilities of public Wi-Fi are the weakest link in your IT security chain.

Saving Private Data

What’s the best defense against malicious Wi-Fi snooping? If you aren’t familiar with VPN (Virtual Private Network), your company is already at serious risk. A VPN server essentially acts as a third-party “buffer” between a mobile device and the company network (or the at-large Internet). Using a VPN app installed on the device, the Wi-Fi user connects to the company’s VPN instead of connecting directly to their usual browser homepage. The VPN then thoroughly encrypts all end-to-end data traffic to and from the user’s mobile device. If a hacker intercepts that Wi-Fi data stream, they’ll only receive unintelligible gobbledygook.

Adding a VPN layer of security is relatively painless. A VPN option is actually built into Windows (do a file search for “VPN”). There’s also a wide range of VPN client/server software and real-time services from trusted vendors, or a custom solution can be developed, typically based around SSL (the same level of security most banking sites use) or other advanced protocols.

Are your employees unknowingly putting your company at risk whenever they flip open their laptop at the coffee shop down the street? Feel free to share your concerns with us.