Our Blog

September 26th, 2016

2016september29_virtualization_bFor the average business owner, a virtualized network may not seem groundbreaking. And until recently, even the team at VMware didn’t realize just what they could do with it. Now that they’ve publicly announced what they’re calling “Project Goldilocks,” we finally see how relevant it is. Every small- or medium-sized business is concerned with endpoint security, and that’s why you absolutely must read on to learn about this new form of virtualization.

A virtual network is a way to connect two or more devices that aren’t physically linked by wires or cables. From the perspective of machines on a virtual network, they’re essentially sitting in the same room -- even if they’re on opposite sides of the globe. The advantages of this setup range from ease of management to reduced hardware costs. AT&T and Verizon have begun offering these services, and small- and medium-sized businesses have slowly begun to adopt them.

Meanwhile, another sector of the IT world has been making its own advances. Cutting-edge hardware firewalls are beginning to offer internal segmentation as a method of separating pieces of your internal network to keep them safe from threats that spread internally. The more segments you have, the safer your network is from poorly protected neighbors. But there are limits to how much capacity one of these hardware firewalls has for segmentation.

Virtualization giant VMware has taken notice and developed a prototype to combine these two services. In the hopes of unleashing ‘microsegmentation’ from the limits of physical hardware, Project Goldilocks will essentially create a virtual firewall for every virtualized application. When one of these applications is created or installed, it will come with a ‘birth certificate’ outlining every acceptable function it can perform. When making requests to the operating system, network, or hardware the application is installed on, Goldilocks will cross-reference the request with the birth certificate and deny anything that hasn’t been given permission.

Segmenting virtual networks and applying them to individual applications rather than entire networks or operating systems could revolutionize the market for endpoint security. Not only would it be easier to block malware infections, but those that made it through could be quarantined and terminated immediately because of the virtual nature of their location.

While virtualization may be a complicated state-of-the-art technology, all it really takes is a helping hand. With our full team of specialists, we’re ready to pull you into the next stage of your virtualized infrastructure. All you need to do is reach out us -- why not do it today?

Published with permission from TechAdvisory.org. Source.

September 23rd, 2016

2016september23_microsoftwindowsnewsandtips_bRegardless of the app, platform, or operating system, digital notifications are a tricky business. Our devices are overcrowded with software of varying importance, and without proper customization the stream of information can become overwhelming. Thankfully, Windows 10’s action center is built atop a solid foundation -- it just needs a bit of help. If Windows notifications are driving you up a wall, try out the three steps we’ve listed here to get them under your thumb.

Overarching action center settings

The place to start is customizing system-wide notifications settings. To view these, click on the Cortana icon on your taskbar, type ‘Notifications,’ and click ‘Notifications & actions settings.’ From here you can turn off alerts entirely, adjust those on the lock screen, or customize the alerts for core functions such as alarms and incoming calls.

Settings for individual applications

If you’re interested in taking a far more nuanced approach to your notifications, there are options to create rules on an app-by-app basis. At the bottom of the ‘Notifications & actions settings’ screen is a section titled ‘Get notifications from these senders.’ At first glance it may look as though you can only turn alerts completely off or on for these apps, but that’s not the case.

By clicking on any of the items in this list, you can open a new window full of more graded notifications options. From here, users can specify lock screen, sound, and priority settings for individual software.

Closing the blinds

For users who have no interest whatsoever in the Windows 10 action center, there is a way to banish it entirely. Open Cortana again and search ‘Notification area.’ Halfway down the page, click the menu titled ‘Turn system icons on or off.’ Toggling the Action Center option (third from the bottom) allows you to remove the icon from your taskbar altogether.

While you’re at it, why not take this philosophy one step further? Click the back arrow to return to the ‘Notification area’ window and this time choose ‘Select which icons appear on the taskbar.’ Here you can choose which apps to remove from your taskbar entirely, eliminating any annoying icons that change to alert you of distracting notifications.

Everyone is different. If artists have tools unique to their style, why shouldn’t the tools of your trade be tailored to your preferences? Our paintbrush is technology, and we’d love to show you how we work by helping you achieve new levels of productivity and efficiency on your Windows machine. Get in touch with us today to speak with one of our tech-savvy specialists about your technology goals.

Published with permission from TechAdvisory.org. Source.

Topic Windows
September 21st, 2016

2016september21_security_bEveryone hates jargon. It’s ostracizing and off-putting, but somehow we just keep creating more and more of it. For those who have adopted an “if you can’t beat ‘em, join ‘em” philosophy, we have just the list for you. Let’s take a look at some of the most relevant cybersecurity terms making the rounds today.

Malware

For a long time, the phrase ‘computer virus’ was misappropriated as a term to define every type of attack that intended to harm or hurt your computers and networks. A virus is actually a specific type of attack, or malware. Whereas a virus is designed to replicate itself, any software created for the purpose of destroying or unfairly accessing networks and data should be referred to as a type of malware.

Ransomware

Don’t let all the other words ending in ‘ware’ confuse you; they are all just subcategories of malware. Currently, one of the most popular of these is ‘ransomware,’ which encrypts valuable data until a ransom is paid for its return.

Intrusion Protection System

There are several ways to safeguard your network from malware, but intrusion protection systems (IPSs) are quickly becoming one of the non-negotiables. IPSs sit inside of your company’s firewall and look for suspicious and malicious activity that can be halted before it can deploy an exploit or take advantage of a known vulnerability.

Social Engineering

Not all types of malware rely solely on fancy computer programming. While the exact statistics are quite difficult to pin down, experts agree that the majority of attacks require some form of what is called ‘social engineering’ to be successful. Social engineering is the act of tricking people, rather than computers, into revealing sensitive or guarded information. Complicated software is totally unnecessary if you can just convince potential victims that you’re a security professional who needs their password to secure their account.

Phishing

Despite often relying on face-to-face interactions, social engineering does occasionally employ more technical methods. Phishing is the act of creating an application or website that impersonates a trustworthy, and often well-known business in an attempt to elicit confidential information. Just because you received an email that says it’s from the IRS doesn’t mean it should be taken at face value -- always verify the source of any service requesting your sensitive data.

Anti-virus

Anti-virus software is often misunderstood as a way to comprehensively secure your computers and workstations. These applications are just one piece of the cybersecurity puzzle and can only scan the drives on which they are installed for signs of well known malware variants.

Zero-day attacks

Malware is most dangerous when it has been released but not yet discovered by cybersecurity experts. When a vulnerability is found within a piece of software, vendors will release an update to amend the gap in security. However, if cyber attackers release a piece of malware that has never been seen before, and if that malware exploits one of these holes before the vulnerability is addressed, it is called a zero-day attack.

Patch

When software developers discover a security vulnerability in their programming, they usually release a small file to update and ‘patch’ this gap. Patches are essential to keeping your network secure from the vultures lurking on the internet. By checking for and installing patches as often as possible, you keep your software protected from the latest advances in malware.

Redundant data

When anti-virus software, patches, and intrusion detection fail to keep your information secure, there’s only one thing that will: quarantined off-site storage. Duplicating your data offline and storing it somewhere other than your business’s workspace ensures that if there is a malware infection, you’re equipped with backups.

We aren’t just creating a glossary of cyber security terms; every day, we’re writing a new chapter to the history of this ever-evolving industry. And no matter what you might think, we are available to impart that knowledge on anyone who comes knocking. Get in touch with us today and find out for yourself.

Published with permission from TechAdvisory.org. Source.

Topic Security
September 16th, 2016

2016september16__browsers_bGoogle’s Chromecast device has been around for a few years now. The simple and inexpensive flash-drive-sized screen broadcaster has earned itself a faithful following, but it’s not stopping there. With the newest update, you might even be able to ‘cast’ your desktop or mobile screen to a nearby device before the end of this article. If that sounds like something you’d be interested in, we have all the details right here.

In its earliest stages, ‘Casting’ allowed users to stream a device’s screen to a TV with a Chromecast wireless adapter plugged into the HDMI port. Soon after, Google released a second, updated model that added the possibility of connecting to audio-only devices via stereo cable and faster internal hardware to improve streaming to both TVs and stereo systems.

Regardless of which model you had previous to last month’s update, individual apps needed to include Casting functionality, and even Google’s own Chrome browser required downloading and installing an extension before users could get the most out of the service. As an industry leader in user experience and design, the engineers at Google knew this had to be fixed. Their solution was a no-brainer, and may even be sitting in your browser this very moment.

The Cast feature is now built directly into every updated version of the Chrome. Just click the three stacked lines that act as Chrome’s File menu and select Cast halfway down the menu. Click the arrow to the right of ‘Cast to’ and choose desktop, followed by which Chromecast device you would like to broadcast, and voilà -- your computer’s desktop will be duplicated on your Chromecast-enabled TV.

Assuming you’re currently connected to a trusted wireless network, we invite you to give it a try right here and now. If you’re confused about why we would suggest such a thing when you haven’t had a chance to go out and buy the necessary hardware adapter, that’s because several big-name TV brands are now installing this functionality directly into their televisions. You may have had this feature all along without even knowing it!

Once you’ve mastered casting your screens and audio wirelessly, why not check out all the apps Google has highlighted specifically for this Chrome feature? From NFL streaming to slideshow production, the Play Store has everything you’re looking for to step up your casting game.

It’s amazing how something so useful and so accessible could go relatively unnoticed for so long. There are tons of wonderful and exciting features lurking around, even in software as ordinary as your internet browser. For IT solutions big and small, there’s only one number you need to know -- and it’s right at the bottom of this page. Give us a call today.

Published with permission from TechAdvisory.org. Source.

Topic Web & Cloud
September 15th, 2016

2016september15_socialmedia_bAside from having an up-to-date LinkedIn profile, there seems to be more waiting around than getting job interviews or receiving promotions. Why so? You’ve given all the relevant information needed to land a job, or to convince your boss that it’s time for you to step up the corporate ladder -- but what else is missing? Your network. Knowing how to fully utilize your network will help advance your career by leaps and bounds. All you have to do is start using LinkedIn’s Alumni tool.

Get started

Access the Alumni tool by going to the homepage and hovering over “My Network.” Then select “Find Alumni.” From there, you are free to perform any search for individuals who have attended your school. You can apply one or more of the following filters:
  • Where they live (geographic location)
  • Where they work (company)
  • What they do (job function)
  • What they studied (major)
  • What they’re skilled at (LinkedIn skills)
  • How you are connected (first- and second-degree connections, group members, etc.)
On top of that, you can also identify alumni by the year they attended school, or you can conduct a text search for specifics that don’t fit in any of the listed filters.

The benefits of LinkedIn Alumni

Imagine that you’re looking for work in a new city. Let’s say you're looking for a marketing job in Texas. With the Alumni tool, select “Dallas/Fort Worth” area under “Where they live” and “Marketing” under “What they do.” If you are interested in a specific area of marketing like social media, you can refine your search by selecting “Social Media Marketing” for the “What they’re skilled at” filter. The more you target your search, the more relevant your results will be. From there, you can sift through profiles and send messages to those you want to have an actual conversation with. You can dip your toes into the water first by setting up an informational interview or exchanging questions via email.

If you’re looking to change careers but don’t know anyone in your new sector, all you need is filter for your alma mater. It shouldn’t be hard to reach out to anyone who went to the same school as you, because going to that school is what you both share in common. If you want to know how others made the leap toward where you’re headed, you can use the “What they studied” and “What they’re skilled at” filters for further information. You might also be able to find an individual with a nontraditional background, but who’s nonetheless working in the industry you want. This person may have insight into how to land the job without possessing the typical required experience.

Know how to contact the candidates

After narrowing down your search by utilizing the appropriate filters, you now have a list of individuals you wish to connect with. Technically, you’re just about done with the “Alumni Tool” portion of the process, but you’re not at the finish line just yet. All that’s left is to reach out to the people in your list and make the most out of the search.

If you have a first-degree connection with certain people, message them by clicking on the envelope icon found below the job title. Without a first-degree connection, you’ll see a silhouette and plus sign below the job title. From there, look to the bottom right of the profile photo; if there’s a Venn diagram, hover over it to see the connections you share. If you have a good relationship with one of these mutual connections, you should consider reaching out to see whether he or she would be willing to make an introduction.

There are a few ways to connect even without mutual connections. One option is to leverage your school’s alumni database to find contact information. Another is to send a personalized connection request. In the message, politely and briefly explain your reasons for wanting to connect. That should do it!

When used properly, networks truly are the keys to success. Like any other untapped resource, you must proceed with caution and know how to fully utilize it. If you have questions or concerns regarding LinkedIn’s Alumni tool, don’t hesitate to call in or send us an email. Let us be a part of the success that awaits you.

Published with permission from TechAdvisory.org. Source.

Topic Social Media
September 14th, 2016

2016september14_businesscontinuity_bCompanies can pay a hefty sum if they ever experience any downtime. In fact, Delta Air Lines had a bad bout of severe downtime just last month. In just three days, the airline company cancelled 2300 scheduled flights and suffered $150 million in income loss. That doesn’t even account for the considerable reputational damage from delayed service. So how do you avoid sharing the same, expensive fate? Here are some valuable business continuity lessons we can all learn from Delta’s IT outage.

Strive for 100% redundancy According to Delta’s chief information officer, a power failure caused the company’s data center to crash, grounding thousands of would-be passengers. Although power was restored six hours after the incident, critical systems and network equipment failed to switch to a secondary site, corrupting valuable data in the process. And while some systems failed over, other vital applications didn’t; this created bottlenecks, decreased revenue, and diminished customers’ confidence.

Delta’s case is a massive wakeup call not just for the airline industry but for every business -- large and small. Companies must implement disaster recovery plans for their data centers, on-site technology, and Cloud applications to continue servicing customers while fixing the main issue with their primary systems. Companies also need to get rid of the false notion that redundancy plans to assure service continuity is restricted to larger corporations. DR and business continuity solutions are extremely affordable today, and a partnership with a provider can help you in more ways than one (more on this later).

Always test your backups

So although Delta had a plan to bring its business back to normalcy, the DR plan left a lot to be desired in practice. This begs the question as to whether the airline company is actually testing, reviewing, and reinforcing its vulnerabilities to different disasters.

The point is that even though your company may have a failover protocol in place, that protocol adds no value to your business unless it has been rigorously tried and tested. In order to avoid the same fate as Delta, make sure to find out whether your disaster recovery plan is capable of running mission-critical applications like email and customer service applications before -- not after -- downtime occurs.

Account for different types of vulnerability

In an interview with the Associated Press, Delta CEO Ed Bastian said, “We did not believe, by any means, that we had this type of vulnerability.” Indeed, it’s often hard to foresee what threats and vulnerabilities a natural disaster, power outage, or hacker can produce. But it’s not impossible.

By conducting a comprehensive audit of your data center security and disaster protocols, your business will be more aware and adept at minimizing the risk of potential disasters. This also means evaluating and preparing for disasters that are likely to happen to your business depending on its geographic location. Southern US, for instance, is prone to hurricanes and flooding.

Call for help

These lessons and strategies are all crucially important, but pulling off a DR and business continuity solution on your own may be difficult. For this reason, it’s critical to have a planned partnership with a managed services provider that can assess, plan, test and install the continuity solutions your business needs in order to minimize the impact and avoid encountering a Delta IT outage of your own.

To find out more about business continuity and guaranteeing complete IT redundancy, contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Business
September 12th, 2016

2016september12_iphone_bAlthough they may not garner the fervor of hardware releases and refreshes, iOS updates still manage to bring even the most casual of iPhone and iPad users out of the woodwork. Those who were willing to brave the bugs of Apple’s beta got a chance to play with the most recent version of the mobile platform, but the rest of us have been patiently awaiting its release. The time has finally come. Let’s take a closer look at iOS 10’s release details.

In keeping with its yearly mid-September schedule, the next update to iOS will be released on September 13th around noon (depending on your time zone). Before updating, it’s a smart idea to begin charging your phone and connect to a wireless network. Once you’re all set for the lengthy download and installation, go to your Settings dashboard, then tap General, and finally Software Update. This screen will give you detailed information on the latest update and the option to ‘Download and Install.’

As we’ve seen in the past, not all Apple devices can handle the RAM-hungry features of a new operating system. If you’re still holding onto any iPhone model older than the iPhone 5, you won’t be able to download the update. Unfortunately, the same goes for the original iPad Mini and the Retina/third-generation iPads. And although they’re not too common nowadays, the sixth generation iPod Touch will get iOS 10, while anything older will not.

We’d be remiss if we didn’t warn our readers, however; just because your device is eligible doesn’t mean updating it is the best idea. Older hardware wasn’t designed with the requirements of current software in mind, and updating may result in a significant slowdown of your phone or tablet. Furthermore, despite going through a beta stage, there’s no guarantee that all the bugs have been worked out of the system yet. We recommend waiting a day or two until Apple’s servers aren’t overburdened and other users have had a chance to suss out any problems.

Something as simple as updating your phone can become immensely frustrating if you’re not fully prepared. And despite what you may think, no task is too small for us to consider. If you think helping you update your phone, or even just configuring it to receive work emails is too mundane for your neighborhood managed services provider -- think again. Stop searching for the iOS update menu and call us today.

Published with permission from TechAdvisory.org. Source.

Topic Apple
September 8th, 2016

2016september8_virtualization_bUntil now, virtualization hadn’t been targeted by cyber attackers with the same vigor as other small- and medium-sized business IT solutions. Whether it was because of the inherent security of virtualization or because of the relatively narrow scope of its adoption, this is no longer the case. VMware, one of the leading virtualization software vendors, released a vital patch to a number of their products to combat unauthorized users attempting to gain undeserved privileges. Keep reading for an update on how it affects you.

Since its first software release in 2001, VMware has remained the leading provider of virtualization platforms, with most sources estimating double-digit leads in market share over the nearest competitor. By creating virtual environments stored on a network server or in a cloud environment, the company has given their clients the ability to create workstations, software, and even networks that can be utilized remotely. Fast forward to today, and VMware is working overtime to maintain its reputation by preempting software security vulnerabilities.

Obviously, when delivering any kind of specialized privileges over a network, adequate protection is of the utmost concern. In this case, two services for managing mobile clouds (vIDM and vRealize) were found to be vulnerable to exploits wherein users with minimal rights could cheat their way into full administrative privileges.

The security team at VMware elaborated that when executed in just one of the two services, this flaw would not be considered critical. However, when combined, it could pose an imminent threat to the security of your cloud infrastructure. To amend this oversight, ask your managed services provider or IT staff to update vIDM and vRealize to their most recent versions (2.7 and 7.1, respectively) as soon as possible. If this can’t be achieved in a realistic time frame, blocking port 40002 would act as a temporary workaround.

Sufficient security requires by-the-minute responses to the latest breaches and exploits. By partnering with us, you’ll never need to worry about checking in regarding patches or breaches you read about in the news. Instead, you’ll be hearing about them from us when we come around to install the updates. Choose the safe option -- contact us today with any of your virtualization needs or questions.

Published with permission from TechAdvisory.org. Source.

September 7th, 2016

2016September7_MicrosoftWindowsNewsAndTips_BUnlike those who attend Hogwarts, magicians rely mainly on subtle sleight of hand to convince others that they managed to make coins disappear into thin air. The same concept applies to ransomware. How can it complete its mission in a suit labeled with the word “Villain”? Nowadays, ransomware fashions various disguises that render it undetectable. A case in point is Fantom -- here are some of the reasons why you should steer clear of this technological spook.

AVG security researcher Jakub Kroustek recently spotted Fantom coded atop an EDA2, a ransomware-building kit that was open-sourced but eventually taken down. EDA2 contained certain flaws that allowed researchers to obtain decryption keys from its C&C server, yet these flaws have since disappeared, indicating that Fantom coders might have found and fixed them before anyone else had a chance to.

Very little is known as to how Fantom is distributed. As for the method of deployment, cybercriminals plant the file onto the target’s computer via spam email or exploit kits. Fantom-infected files are named criticalupdate01.exe; they utilize a “Windows Security Update” to prompt targets into running the file.

After activation, the ransomware starts by locking the user’s screen while displaying fake Windows Update graphics, complete with a fully-functioning percentage-based loading timer that mirrors the original Windows Update screen. However, beneath this pleasant facade, Fantom is encrypting your files right before your eyes. Luckily, the temporary lock screen is removable before it reaches 100% -- simply press CTRL+F4. Unfortunately, the encryption process remains intact.

The MalwareHunterTeam states, “The ransomware uses classic ransomware encryption by locking files using an AES-128 key and then encrypting this key with a dual RSA key, with the private key stored on the crook's server, and a public key left on the user's PC.”

In order to retrieve the private key to unlock your files, you must contact the perpetrators by email. The email address is listed in the ransom note that appears after the process of encryption is complete. Fantom displays ransom notes in the form of HTML and TXT files, while changing the user’s desktop with a custom screenshot that lists the contact details. Lastly, after completing all its operations, Fantom cleans after itself by running two batch scripts wiping all the installation files clean.

Ransomware isn’t new, but the ways that cybercriminals utilize them are. Who would’ve thought that the ever so familiar Windows Update window has fallen prey to malicious intent? Pretend that you’re the Little Red Riding Hood and that the wolf is the ransomware that cybercriminals have disguised as your grandmother. They no longer wait to trap you, instead, they wait for you to walk straight into one instead.

The issue of ransomware is as extensive as it is meticulous. If you have any questions about Fantom or would like to request more information, feel free to get in touch with us! Give us a call or send us an email. Our dedicated staff are more than happy to help.

Published with permission from TechAdvisory.org. Source.

Topic Windows
September 5th, 2016

2016September5_HealthcareArticles_BIs being responsible for electronic medical records a daily source of trepidation for you or your business? While the sentiment is understandable, it often results from a lack of understanding about what HIPAA compliance actually means. As industry-wide penalties continue to rise every year, it’s essential to take a closer look at who is being fined, and why. Keep reading for more details on the most recent case.

As the largest fully integrated healthcare system in Illinois, Advocate Health Care Network’s mismanagement of electronic medical records (EMR) came as quite a shock. Regardless of your feelings on such a sizable provider being unable to maintain secure EMRs, what can’t be argued is the precedent set by last month’s $5.5-million settlement.

How exactly did it come to such a historic penalty? The answer is threefold. Firstly, Advocate failed to perform the risk assessments mandated by HIPAA regulations -- an oversight that could have potentially prevented the other two infractions. Secondly, Chicago’s premier healthcare network failed to obtain proper written agreements with each of the business partners who had access to its data, which may have gone unnoticed if one of its associates had not been the subject of a security breach.

The final infraction, and arguably the most directly relevant to Advocate’s internal security policies, was the unsatisfactory safeguards in place on two stolen laptops with confidential medical information. While the breach of its business partner’s network only put 2,000 EMRs at risk, the stolen computers had access to almost 4 million.

So, if you’re tired of vague platitudes about ‘penalties for lax data compliance’ or the ‘liability risks of mediocre security,’ this is your answer: inadequate preventative measures, unfit business partners, and poor internal security protocols can spell millions in damages. Unfortunately, this isn’t just an aberrant case -- the total punitive damages for HIPAA noncompliance in 2015 totaled $6.2 million; after just over eight months into 2016, they currently stand at $20.3 million.

Keep your company’s name off the growing list of companies that didn’t have suitable systems in place when it mattered most. Our EMR management practices provide a full suite of care for your data records; from prevention to end-point security, your information is safe with us. Our proficiency in the healthcare IT industry spans a wide variety of experiences and know-how. Contact us today. We’d love to tell you all about it.

Published with permission from TechAdvisory.org. Source.

Topic Healthcare