Windows 10 updates for Fall 2017

By EDITOR

Windows 10’s Fall Creators Update is the next major update that Microsoft will roll out in September. Besides reusing the same “Creators Update” name and focusing on bringing the Windows experience to iOS and Android devices, here are some noteworthy features users can expect.

Timeline
It’s designed to grant Windows 10 users freedom to switch between multiple devices, including iOS and Android phones. Timeline lets you pick up from where you left off if you’re switching between multiple Windows 10 devices. With the Cortana integration, this will even extend to some Microsoft apps on iOS and Android. This useful new feature will be accessible via Window 10’s Task View.

OneDrive Files on Demand
This feature allows you to access all your cloud-based files without having to download them in order to optimize your device’s storage space. What’s more, you won’t have to change the way you work, because all your files — even those online — can be seen in File Explorer, and they work just like every other file on your device.

Cloud clipboard
The Windows 10 Fall Creators Update brings a cloud-powered clipboard that lets you copy information from one Windows 10 device and paste it onto another. And this isn’t limited to text alone either. On top of that, it supports Android and iOS devices if you use Microsoft’s SwiftKey virtual keyboard.

Pick up where you left off
As the name suggests, it basically allows you to start working on your PC and continue working on your phone when you are away from your PC (and vice-versa). Currently, the feature works only between Windows 10 PCs in the Windows 10 Creators Update — but with the upcoming Fall Creators Update for Windows 10, Microsoft will be integrating this capability into your phones as well.

My People
It was originally announced as a key feature in the April’s Creator Update, but will be launched in the coming Fall Creators Update. This feature lets you pin a number of connections to your taskbar — three, in the current Insider preview — and stay in constant touch with them. It defaults to Skype, but you can choose an alternative if you’d like.

These are just a handful of the nifty features users can expect from Windows 10 Fall Creators Update. For more information, don’t hesitate to contact us. We’re more than happy to help.

We’ll keep you updated on the latest developments.

Posted in Uncategorized | Leave a comment

Bluetooth users beware!

By EDITOR

Bluetooth technology helps simplify our daily lives — it allows for hands free communication, a quick and easy way to share content with friends, family, colleagues, and more. In fact, 45 percent of Americans have Bluetooth enabled across multiple devices. This raises the question: Does using Bluetooth leave our doors opened to hacker attacks?

Google paid a settlement fee of $7million for unauthorized data collection from unsecured wireless networks in 2013. While their intention likely wasn’t theft, many disagreed and called them out for Bluesnarfing, a method most hackers are familiar with.

What is it?

Bluesnarfing is the use of Bluetooth connection to steal information from a wireless device, particularly common in smartphones and laptops. Using programming languages that allow them to find Bluetooth devices left continuously on and in “discovery” mode, cybercriminals can attack devices as far as 300 feet away without leaving any trace.

Once a device is compromised, hackers have access to everything on it: contact, emails, passwords, photos, and any other information. To make matters worse, they can also leave victims with costly phone bills by using their phone to tap long distance and 900-number calls.

What preventive measures can you take?

The best way is to disable Bluetooth on your device when you’re not using it, especially in crowded public spaces, a hacker’s sweet spot. Other ways to steer clear of Bluesnarfing include:

  • Switching your Bluetooth to “non-discovery” mode
  • Using at least eight characters in your PIN as every digit adds approximately 10,000 more combinations required to crack it
  • Never accept pairing requests from unknown users
  • Require user approval for connection requests (configurable in your smartphone’s security features)
  • Avoid pairing devices for the first time in public areas

Bluesnarfing isn’t by any means the newest trick in a cybercriminal’s book, but that doesn’t mean it’s any less vicious. If you’d like to know more about how to keep your IT and your devices safe, give us a call and we’ll be happy to advise.

Posted in Uncategorized | Leave a comment

Reasons to back up your mobile devices

By EDITOR

It makes a lot of sense for electronics firms to pack a variety of functions into mobile devices and expand their usefulness. Instead of confining their use to communications, companies such as Apple, Samsung, and others have turned mobile phones into mini-computers that can serve as a substitute for your laptop, or as a storage device. If you’re using mobile phones as a communications and storage device, backing up now would be a wise move.

Malware on mobile

More than 50% of the world’s adult population use a mobile phone with internet connection, so dangers in these handy devices are to be expected. Scarier than the thought of being offline is being online and exposed to malware.

If you use your mobile devices as an extension of your work computers, backing up is a must. Mobile phones have become as vulnerable to malware as laptops and desktops have, especially if you consider the fact that many professionals and business owners use them for emailing confidential documents and storing business-critical files.

Device disasters

Other than malware, other types of disasters can happen on your device. Because you carry it wherever your go, your device can easily be stolen, misplaced, or damaged. They may be easily replaceable, but the data contained in them may not. Having completely backed up data on your devices helps prevent a minor inconvenience from turning into a disastrous situation.

Backup options

Performing backups in iPhone and Android devices is a seamless process. Their operating systems require only minimal effort from users, and backing up entails nothing more than logging into their Apple or Google account. However, other users have different devices with different operating systems, slightly complicating the process.

Mobile devices’ safety is essential to business continuity plans. So whether your office users are tied to a single operating system or prefer different devices, there are options to back up all your organization’s mobile devices. There are cloud backup services that enable syncing of all devices and that back up files, contacts, photos, videos, and other critical files in one neat backup system. These mobile backup tools are offered on monthly or lifetime subscription schemes, which provides small businesses with enough flexibility to ensure protection.

Mobile phones have become so ubiquitous to how people function that many feel the need to have two or more phones, mostly to have one for personal use and another for business. With all these options on hand, there’s no excuse for not backing up data on your mobile devices.

Our experts can provide practical advice on security for your business’s computers and mobile devices. Call us for mobile backup and other security solutions today.

Posted in Uncategorized | Leave a comment

Microsoft says goodbye to Windows Vista

By EDITOR

We live in a digital era where innovations are emerging quicker than the speed of light. This means older operating systems might soon be discontinued. Case in point, Microsoft Vista. After a 10-year run, Microsoft is set to discontinue support for Vista users from April 11th onwards. On top of that, key security or software updates will cease as well.

Windows Vista
Launched worldwide on January 30th, 2007, Windows Vista has been Microsoft’s operating system for home and business desktops, laptops, tablet PCs and even media center PCs. This version came with a bunch of new features such as Aero, an updated graphical user interface; Windows Search, a new search function; as well as Windows DVD Maker, a new multimedia tool. Vista aimed to increase communication between machines on a home network, with peer-to-peer technology that simplifies file sharing.

Windows Vista criticism
Not too long after its release, the operating system came under fire from both the users and the press. Initially, Vista aimed to improve the state of security, the main criticism its predecessor — Windows XP — received. There were commonly exploited security vulnerabilities and overall susceptibility to malware, viruses, and buffer overflows. According to Net Applications, Windows Vista has less than 1 percent of global market share in terms of PC operating systems. Despite that, Windows 10 is doing extremely well, boasting over 400 million devices running on it.

Will computers still function properly?
Essentially, yes, but they will be susceptible to viruses on account of Microsoft discontinuing security updates. On top of that, Internet Explorer 9 won’t be supported either, meaning surfing the web with this browser could possibly expose you to even more vulnerabilities. Microsoft also warned users that certain apps and devices would not work with Vista, as software and hardware manufacturers are optimizing services for newer versions of Windows.

What’s the next step for your business?
We recommend that you upgrade to Microsoft’s latest operating system: Windows 10. But before doing so, check the software and hardware specifications of your PCs, since they might not be able to handle Windows 10. If that’s the case, users can opt for a Windows 7 upgrade as an alternative.

Keeping up with the latest technological innovations might be a tedious task, but it’s also an imperative one. To ensure the future of your small- or medium-sized business, you’ll be needing IT that works for you and not the other way round. For more information on Windows operating systems, feel free to get in touch with us today!

 

Posted in Uncategorized | Leave a comment

When did you last update your firmware?

By EDITOR

Most IT consultants constantly remind clients of how important it is to update and patch their software, but neglect the importance of updating hardware. We don’t mean replacing it with new hardware; we mean updating the applications and settings coded into the physical IT powering every modern office.

What is firmware?

Firmware is a very basic type of software that is embedded into every piece of hardware. It cannot be uninstalled or removed, and is only compatible with the make and model of the hardware it is installed on. Think of it like a translator between your stiff and unchanging hardware and your fluid and evolving software.

For example, Windows can be installed on almost any computer, and it helps users surf the internet and watch YouTube videos. But how does Windows know how to communicate and connect with your hardware router to do all that? Firmware on your router allows you to update and modify settings so other, more high-level, pieces of software can interact with it.

Why is firmware security so important?

Firmware installed on a router is a great example of why addressing this issue is so critical. When you buy a router and plug it in, it should be able to connect devices to your wireless network with almost zero input from you. However, leaving default settings such as the username and password for web browser access will leave you woefully exposed.

And the username and password example is just one of a hundred. More experienced hackers can exploit holes that even experienced users have no way of fixing. The only way to secure these hardware security gaps is with firmware updates from the device’s manufacturer.

How do I protect myself?

Firmware exploits are not rare occurrences. Not too long ago, a cyber security professional discovered that sending a 33-character text message to a router generated an SMS response that included the administrator username and password.

Unfortunately, every manufacturer has different procedures for checking and updating firmware. The best place to start is Googling “[manufacturer name] router firmware update.” For instance, if you have a DLink of Netgear router, typing “192.168.0.1” into a web browser will allow you to access its firmware and update process, assuming you have the username and password.

Remember that routers are just one example of how firmware affects your cyber security posture. Hard drives, motherboards, even mouses and keyboards need to be checked. Routinely checking all your devices for firmware updates should be combined with the same process you use to check for software updates.

It can be a tedious process, and we highly recommend hiring an IT provider to take care of it for you. If you’re curious about what else we can do to help, give us a call today!

Posted in Uncategorized | Leave a comment

The phishing craze that’s blindsiding users

By EDITOR

Most phishing attacks involve hiding malicious hyperlinks hidden behind enticing ad images or false-front URLs. Whatever the strategy is, phishing almost always relies on users clicking a link before checking where it really leads. But even the most cautious users may get caught up in the most recent scam. Take a look at our advice for how to avoid the newest trend in phishing.

What are homographs?

There are a lot of ways to disguise a hyperlink, but one strategy has survived for decades — and it’s enjoying a spike in popularity. Referred to as “homographs” by cybersecurity professionals, this phishing strategy revolves around how browsers interpret URLs written in other languages.

Take Russian for example, even though several Cyrillic letters look identical to English characters, computers see them as totally different. Browsers use basic translation tools to account for this so users can type in non-English URLs and arrive at legitimate websites. In practice, that means anyone can enter a 10-letter Cyrillic web address into their browser and the translation tools will convert that address into a series of English letters and numbers.

How does this lead to phishing attacks?

Malicious homographs utilize letters that look identical to their English counterparts to trick users into clicking on them. It’s an old trick, and most browsers have built-in fail-safes to prevent the issue. However, a security professional recently proved that the fail-safes in Chrome, Firefox, Opera and a few other less popular browsers can be easily tricked.

Without protection from your browser, there’s basically no way to know that you’re clicking on a Cyrillic URL. It looks like English, and no matter how skeptical you are, there’s no way to “ask” your browser what language it is. So you may think you’re clicking on apple.com, but you’re actually clicking on the Russian spelling of apple.com — which gets redirected to xn—80ak6aa92e.com. If that translated URL contains malware, you’re in trouble the second you click the link.

The solution

Avoiding any kind of cybersecurity attack begins with awareness, and when it comes to phishing, that means treating every link you want to click with skepticism. If you receive an email from someone you don’t know, or a suspicious message from someone you do, always check where it leads. Sometimes that’s as simple as hovering your mouse over hyperlink text to see what the address is, but when it comes to homographs that’s not enough.

In the case of homographs, the solution is unbelievably simple: Manually type in the web address. If you get an email from someone you haven’t heard from in 20 years that says “Have you checked out youtube.com??”, until your browser announces a fix, typing that URL into your browser’s address bar is the only way to be totally sure you’re safe.

For most, this trend feels like yet another development that justifies giving up on cybersecurity altogether. But for small- and medium-sized businesses that have outsourced their technology support and management to a competent and trustworthy IT provider, it’s just another reason to be thankful they decided against going it alone. If you’re ready to make the same decision, call us today.

 

Posted in Uncategorized | Leave a comment

Is the government really spying on you?

By EDITOR

Wikileaks, the website that anonymously publishes leaked information, recently released a number of documents alleging widespread surveillance by the US government. The released documents claim that the vast majority of these efforts took place via smartphones, messaging apps and…TVs? Let’s see just how worrisome they really are.

What devices and apps are supposedly vulnerable?

Wikileaks labeled its ongoing release of 8,761 classified CIA documents “Year Zero.” Nestled among those files are tools and correspondence that explain how operatives could snoop on communications, downloads, and browsing history. Here is a list of the “affected” applications and hardware:

  • Windows operating systems
  • iOS
  • Android
  • Samsung Smart TVs
  • WhatsApp
  • Signal
  • Telegram
  • Confide

Those are some very big names, right? Thankfully, it’s mostly hyperbole. The reality of the situation isn’t nearly as bad as it sounds.

Two considerations before freaking out

First, almost all these exploits require physical access to devices before anything can be compromised. For example, news organizations repeatedly reported that WhatsApp, Signal, Telegram and Confide all had encryption protocols that had been subverted by the CIA. That is 100% false.

What the documents actually revealed is that the CIA was aware of security gaps in Windows, iOS, Android and Samsung’s Tizen OS, which allowed the agency to snoop on messages before they were encrypted. Messages sent in these apps are still totally uncrackable as long as the devices they are installed on haven’t been physically compromised.

Takeaway #1: Physical security is still one of the most important aspects of cyber security. Most data security regulations require certain physical security protocols as a deterrent to breaches that take place via theft of social engineering — and for good reason.

The second reason not to worry is the hardware devices and operating systems that supposedly left encrypted messages vulnerable haven’t been sold for a long time. For example, only Samsung TVs from before 2013 were vulnerable to the always-on microphone bug — which was patched in an OS update years ago.

But what about iOS — surely that’s the scariest reveal of them all, right? Not quite. Only the iPhone 3G, discontinued in 2010, was susceptible to exploitation. Furthermore, Apple immediately responded that they were aware of this vulnerability and patched it in the version of iOS that was released in 2011.

Takeaway #2: Updating software is critical to keeping your data safe. As we saw in the Year Zero leaks, just one piece of outdated software can cause a domino effect of other vulnerabilities.

In reality, the most recent Wikileaks releases shouldn’t change your approach to cyber security at all. As long as you consider data security a never-ending battle, you’ll be safer than everyone too lazy or forgetful to lock up their server rooms or update their operating system.

But running a business doesn’t always leave you a lot of time for fighting a “never-ending battle,” does it? Fortunately, that’s exactly what we do for our clients every single day. To find out more about how we can keep you safe, call today.

Posted in Uncategorized | Leave a comment

Why you need to update Microsoft Word

By EDITOR

Microsoft Word is a staple business application. But since so many people use it on a daily basis, hackers work tirelessly to expose and exploit flaws in the system. In fact, cybercriminals stumbled upon a Word vulnerability that puts your sensitive data at risk. Read on to learn more about the exploit and what you can do about it.

The attack
On April 10, cybersecurity firm Proofpoint discovered scammers running email campaigns to trick people into clicking malware-ridden Word attachments. The fraudulent emails, simply titled “Scan Data,” included attached documents that were named “Scan,” followed by randomized digits.

Although the emails seem harmless, clicking on the documents triggers a download for Dridex malware, a Trojan virus designed to give hackers direct access to your banking information. From there, they can simply log in to your online account and make unauthorized transactions under your name.

In 2015, the distribution of Dridex allowed cybercriminals to steal approximately $25 million from European accounts. And if your business fell victim to this malware, there’s a possibility your company might not be able to recover from the loss.

The solution
Fortunately, two days after the discovery of the bug, Microsoft released a security update to disable the dangerous documents, urging users to install the patch as soon as possible. But even though Dridex was inoculated relatively quickly, employees continue to be the biggest problem.

Like most malware attacks, Dridex was distributed via phishing campaigns that preyed on a victim’s trust and curiosity. Hackers added barely any text to the email, yet people were still fooled into clicking on dangerous links.

To make sure Dridex never reaches your company, you must provide comprehensive security awareness training. In your sessions, encourage employees to practice safe computing habits, which include being cautious of online links, setting strong passwords, and avoiding downloads from untrusted and unknown sources.

Much like updating your software, keeping your staff’s security knowledge up to date on the latest threats is also imperative. Ultimately, your goal is to have employees with a security-focused mindset when browsing the web.

Of course, if security training and cybersecurity solutions are not your company’s specialties, you can always rely on a trusted managed services provider like us to protect your business. We can update and secure your systems regularly, and make sure your staff are actively doing their part to reduce security risks. Contact us today!

Posted in Uncategorized | Leave a comment

Networks: Software-defined vs virtualized

By EDITOR

If knowing is half the battle, virtualization is one for the ages. With more than a decade of history, it’s a tough topic that business owners would be hard-pressed to ignore. Over the years, the terminology has changed and capabilities have gotten even more confusing. If you’ve ever heard anyone use software-defined networking and network virtualization interchangeably, it’s time we set the record straight.

Software-defined networking (SDN)

Managing storage, infrastructures, and networks with high-level software is something IT technicians have been doing for a long time. It’s a subset of virtualization and it is one of the oldest strategies for optimizing and securing your IT hardware.

Despite its popularity, SDN does have one major drawback — it needs hardware to do its job. SDN allows you to control network switches, routers, and other peripherals from a centralized software platform, but you can’t create virtual segments of your network without the hardware that would normally be required outside of an SDN environment.

Network virtualization

Evolving beyond SDN was inevitable. Whenever a technology can’t do it all, you can bet someone is working hard to fix that. Network virtualization uses advanced software solutions to allow administrators to manage physical hardware and to create virtual replicas of hardware that are indistinguishable to servers and workstations.

Network virtualization simplifies the field of network design. You can reduce spending on expensive hardware, reconfigure network segments on the fly, and connect physically separate networks as if they were in the same room.

A virtualized network may sound like an exciting technology that doesn’t have much use at small- or medium-sized business, but that’s exactly the beauty of hiring a managed services provider! We provide enterprise technology and advice as part of your monthly service fee. Call today to find out more.

Posted in Uncategorized | Leave a comment

Cloudbleed: Your data could be at risk

By EDITOR

A small error in Cloudflare’s code has spilled millions of login credentials, personal information, and cookies all over the internet. The bug, known as Cloudbleed, was discovered by the internet security company last month, and since then, they have worked to mitigate the security risks. So far, it appears that hackers have yet to exploit this vulnerability, and that’s why internet users have to remain vigilant. Find out what Cloudbleed can do and how you can stay safe.

What is Cloudbleed?
Although it’s technically similar to Heartbleed, a bug that compromised millions of websites and accounts, Cloudbleed is less severe. Google security researcher Tavis Ormandy discovered that several Cloudflare-hosted websites, including Fitbit, Uber, and OkCupid, were inadvertently leaking customer information and saving them within the source code.

For example, when a person visits a bugged Uber page, the website code could contain data and login credentials from another user who recently visited the page. The data may be hidden between several lines of code, but a skilled hacker can easily find it.

Exploiting it, however, is more difficult. The Cloudbleed bug collects random bits of data, which may or may not contain any sensitive information, making it a less attractive point of attack for cybercriminals. Over time, a cybercriminal may be able to compile enough information to exploit, but it doesn’t seem to be a viable option for targeted attacks.

The response
According to Cloudflare, Cloudbleed was triggered 1,240,00 times and found in 6,400 websites between September 22 and February 18. After the bug was discovered, the internet security company quickly alerted affected websites, fixed the code, removed cached pages from search engines, and monitored client websites for any strange website activity.

Cloudflare-hosted websites also checked what data was leaked and reassured customers that there was minimal impact to their private information.

What can you do?
While Cloudflare and other companies are telling everyone that the possibility of Cloudbleed attacks and password leaks is low, you should still ensure your account is safe.

Start by setting stronger passwords with a combination of letters, numbers, and symbols. Make sure to set unique passwords for every online service, especially for any of your accounts that use Cloudflare. Whenever possible, use two-factor verification to keep your account secure even if someone gets a hold of your password.

And, last but not least, contact us for any cybersecurity, cloud, and website issues. We aim to make your internet and cloud experience as safe as possible.

Posted in Uncategorized | Leave a comment