Michael Johnson

Have You Made Up Your Mind Regarding Your 2019 Technology Plan?

December 31st is Make Up Your Mind Day

As New Year’s Eve approaches, it’s time to remember its other name: Make Up Your Mind Day. As the last day of the business year for most companies, it’s also a vital point for putting your plans for the next year into action. Unfortunately, creating a business technology strategy can be a complicated process for many IT professionals. Which way will your company go in the new year?

Make Up Your Mind Day

December 31 is Make Up Your Mind Day.  So have you made up your mind regarding your 2019 technology plan?

Here are a few ideas to keep in mind as you work on developing your business technology plan for 2019:

Have You Made Up Your Mind Regarding Your 2019 Technology Plan?

  • Look at digitizing: The process of turning your organization from a traditional one to a digital enterprise is a complex process and requires a great deal of thought and investment to pull off well. Companies that lack a solid understanding of the challenges and opportunities are among the reason why 84% of attempts at digitization end in failure. Make sure you prioritize this vital part of your company’s growth for the upcoming year.
  • Consider legacy assets: Will that old server holds out a few more years or is it time to upgrade the aging sales software instead? Though legacy assets can be challenging to incorporate into your existing scheme, it’s much easier than it was just a few years ago given the prevalence of solution-based software. However, there’s a particular point where it’s just more straightforward to say goodbye to these old classics. Fortunately, there are a few easy signs to help you recognize whether that time has come.
  • Contemplate what tech employees use: Should you dictate to employees the technology they should use when at work? Considering the prevalence of mobile devices and the focus on specific brands, the iOS versus Android battle may appear front and center at your workplace very soon. With 38% of employees resenting management dictating what tech they can use on the job, it’s important to consider more comprehensive solutions that allow employees to work more productively.
  • Take a look at the long-term goals: Trying to bring your business into the fourth industrial revolution without long-term goals to guide you would be like Columbus taking off across the Atlantic without an astrolabe. You know you’re following something, but you waste a lot of time and effort trying to get there. Our friends at Hacker Noon have a great article on how to break down large, seemingly impossible goals into shorter goals, allowing you to navigate from one point to another without being lost in an ocean of planning.
  • Consider upgrades: What condition are those old workstations in? What about that series of laptops that you’re continually making repairs to or sending out for warranty work? When you have the budget available, upgrade or replace poor-performing assets in your system to improve your overall uptime and reduce the amount of work that needs to happen to keep things rolling. This gives you more free time for strategizing to get your business ahead.
  • Make it mobile: If you’re not mobile by this point, you’re missing out. There are so many tools available to help you improve productivity, whether it’s connecting social media accounts, communicating with teams, taking remote payments or having music while you’re wrapping up quarterly reports. Adding mobile capability means your entire team can be more productive on the go, whether waiting for the VP for the meeting or dealing with an emergency from around the globe.
  • Contemplate automation: What does your workflow look like? If you still have manual processes that can be automated, you’re wasting money. Whether it’s marketing tasks that can be more easily handled by a bot on Facebook, a tracking system for your warehouse to make your pickers more efficient or any number of other tasks, automation keeps your business rolling smoothly and efficiently while making your operation more flexible.

With digitization breathing hot down the necks of most IT professionals, having a solid technology strategy in place can make the difference between success and failure of the business as a whole. As IT shifts from an ancillary department to the central core of a company, it’s important to make sure that the leadership is in place to strategize this shift and ensure that it can be made successfully without costing the business more than necessary to provide an excellent outcome.

Have You Made Up Your Mind Regarding Your 2019 Technology Plan? Read More »

FBI Warns Businesses Of Cyber Attack From China

Chinese Hackers

Who Has Been Impacted by Chinese Cyber Attacks?

At the beginning of the year, the FBI warned businesses to protect themselves from cyber attacks by foreign entities, saying activity has spiked in the past 18 months.

Hewlett Packard and IBM are among the businesses most recently targeted. There’s a National Counter-Intelligence and Security Center that manages intelligence efforts for the U.S. government. It recently launched a campaign to address continuing threats. The center warns that many companies need to be more to protect against cyber theft.

Foreign governments accused of cyber attacks against the U.S. include Russia, China, Iran and North Korea, with China receiving the most scrutiny in recent reports.

How Do Hackers Breach Company and Government Security?

According to Entrepreneur magazine, hackers create fake social media accounts to get people to reveal work and personal information. One of the ways to guard against bad actors is to carefully scrutinize social media requests from people that aren’t personal connections and to research apps before using or downloading them, as well as keeping antivirus software up-to-date.

The FBI warning including a brochure entitled, “Know the Risk, Raise Your Shield” that targets federal employees. The recent warnings follow a string of cases against individuals and organizations accused of stealing proprietary information from U.S. government and businesses.

Nine cases filed since July 2018 include two hackers investigators say are linked to the main Chinese spy agency. Knicknamed APT 10, they allegedly stole corporate and government information via cyber attacks on employees.

Has There Been an Uptick in Recent Activity?

The breach of private businesses by Chinese hackers first hit news headlines in 2014, when Sony Pictures was hacked. This prompted an agreement in 2015 between Chinese President Xi Jinping and then President Barrack Obama that curbed cyber attack for a while.

At FireEye, a cybersecurity firm, analysts track hackers working on behalf of the Chinese government. The firm’s representative says attacks are on the uptick recently. These hacking groups are referred to as Red Leaves, cloudhopper, and APT10.

Managed Service providers are among the groups targeted. MSPs supply technology, telecommunications and other services to business clients. If they can break the security systems of such companies, Chinese hackers gain access to the sensitive data of the MSP’s clients.

APT10 has routed malware via an MSP network to its business targets. However, there are many steps businesses can take to protect their employees and data from prying eyes in cyberspace.

What Should Business Do to Raise Their Shields?

U.S. businesses should take proactive measures to safeguard against cyber attacks from Chinese hackers via email, social media and other points of entry.

This includes ensuring that advanced detection tools are utilized on network and email servers to safeguard access to company data. Regular threat assessments and employee training can help. This provides a diagnosis of the state of a firm’s cyber defenses regarding advanced persistent threats that attempt to find breaches in the company’s firewall. Precautions taken against the intrusion of foreign governments include:

  • Fortify access controls. Evaluate the plans, policies, and procedures that govern corporate technology to keep proprietary data safe. This could include that installation of multi-factor authentication (MFA), data encryption and solidifying a layered defense system on all possible points of cyber attacks.
  • Training. Make cybersecurity education and training a top priority. Everyone from the Board of Directors and C-Suite to individual employees needs to understand how to avoid cyber attacks by avoiding fake emails, malware and weak password strategies, among other efforts.
  • Incident response plan. Organization leadership and key technical personnel must develop a protocol for dealing with threats. This should include representatives from business administration, information technology and operations.
  • Crisis communications plan. Align the protection policy to risk management methodologies and the business needs of employees.
  • Adopt a monitoring, detection and response plan. Quickly detect intrusions and breaches via rapid-respond plans to effectively eradicate the malware or other methods of entry.

FBI Warns Businesses Of Cyber Attack From China Read More »

Windows 7: Under One Year Until Support Ends

Windows 7 End of Support

Use Windows 7? Do you love your Windows 7? Will your need or desire to continue to use Windows 7 surpass this year? If so, you should be aware that in just under one year — January 14, 2020, specifically — Windows 7 Extended Support ends for most users. As such, there are things you need to know and decisions you may have to make. This is your guide to understanding what the expiration of Windows 7 Support may mean for you in one year.

What is the Current Status of Windows 7?

Windows 7 is a reliable desktop OS for Microsoft users. When Windows 8 came out, the differences were so stark that most users preferred to stick to Windows 7.

Why would they stay with an outdated system?

Here’s what Windows 10 offers:

  • A straightforward interface that is well-designed and laid out;
  • A start menu that combines the old with the new;
  • A clutter-free and clean look that is familiar to you;
  • Thumbnail previews that allow you to automatically open an item;
  • Jump lists that allow you to quickly access files or documents you frequently use;
  • Performance that allows the system to boot up comparatively quickly;
  • A new calculator to convert units, figure out fuel economy, etc.;
  • A new WordPad that offers more formatting features; and — among many other features —
  • Upgraded and improved media player and center.

These are just a few of the reasons that so many PC users love their Windows 7 and do not want to particularly give it up, especially when they found Windows 8 a disappointment.

In fact, StatCounter suggests that 41.86% of PC users — who according to Statista makes up nearly 84% of the market share for desktop PCs — use Windows 7 still while another 42.78% use Windows 10 and a sad 8.72% use Windows 8. Those statistics say a lot about Windows 7 and suggest that a lot of people are going to need to figure out what they are going to do before January 2020, if they want their systems to be secure and updated.

Why is Microsoft ending support for Windows 7?

There is no specific reason why Microsoft is ending support for Windows 7 come January 14, 2020, except that this date is the date provided in Window 7’s lifecycle.

Windows 7 Lifecycle
October 22, 2009 Date of general availability for:

  • Windows 7 Professional
  • Home Basic
  • Home Premium
  • Ultimate
October 31, 2013 Retail software end of sales for:

  • Windows 7 Professional
  • Home Basic
  • Home Premium
  • Ultimate
October 31, 2014 End of sales for PCs with Windows preinstalled with:

  • Home Basic
  • Home Premium
  • Ultimate
October 31, 2016 End of sales for PCs with Windows 7 Professional preinstalled
January 13, 2015 End of mainstream support for Windows 7
January 14, 2020 End of extended support for Windows 7

As indicated in the above table, if you did not extend support for Windows 7, then the problem of extended support expiring on January 14, 2020, does not apply to you. If you had purchased that extended support, then you need to pay attention and determine what you want to do because a year will be over before you know it.

What will happen after extended support for Windows 7 expires on January 14, 2020?

Come January 14, 2020, if you are still using Windows 7, rest assured your desktop will still work; Windows 7 will continue to work beyond 2020. The issue here is your extended support.

Come January 14, 2020, extended support expires and with that expiration ends any updates to your PC. That means your system is vulnerable because the latest, most advanced security updates will not be available to you.

Who will be affected by Microsoft’s decision to end support for Windows 7?

It is important to be clear that not all Windows 7 users will be affected by the January 14, 2020 extended support expiration date. In fact, in September 2018, Microsoft announced that some business users can pay for an additional three years of security updates. Unfortunately, this does not extend to home versions.

In other words, if your windows license type is an original equipment manufacturer or a full package product, there will be no extended security updates for you, and this includes all home versions. However, if you purchased a volume license (i.e., Enterprise or Open Value) for Windows 7 Pro or Enterprise, then you can purchase the additional three years of security updates — so primarily only business users can receive the updates at a cost.

What are your options after Microsoft Windows 7 support expires?

If you absolutely must keep Microsoft Windows 7, then you have options, though they may not be optimal options. These options include:

  • Playing with the idea of purchasing an upgrade to Windows 10 and then downgrading your rights to Window 7;
  • Continuing to run Windows 7 without security updates, but this is not a good option because as computer desktops and software advance, so do the hackers capabilities (home users if careful, can consider it, but it is probably not an option for business users due to legal and liability risks);
  • Disconnecting any Windows 7 PC from the internet, but this means disconnecting you to the very thing that keeps you connected to the world, so it may not be your best option either.
  • Migrating from Windows 7 to another operating system, e.g. Windows 8 or preferably Windows 10.

What does Windows 10 offer you?

Some PC users are hesitant to switch to Windows 10 because it does have its drawbacks. Some specific Windows 10 drawbacks include:

  • The increased sense that Microsoft is invading our privacy with its default settings. Most of these setting can be changed but you must go in and manually make these changes.
  • The ability to control your updates is limited when compared to Windows 7. Plus, these updates are made without user knowledge — which only entrenches the sense that PC users are being spied on when something happens to their system without their knowledge, even if it is for their own security.
  • The interface is less customizable (e.g., can’t change colors) — and this is unfortunate in an age where we celebrate our differences, including how we set up our interface system.
  • Older programs do not run well on Windows 10, so if you have older programs, you may be in need of identifying additional and newer products or software.

That said, it is good to be reminded that even though you love your Windows 7 whether it’s because you simply love it or love it because it’s what you are familiar with, Windows 7 has its own drawbacks, too. Windows 7 drawbacks include:

  • Windows 7 was released in 2009. This was a time when iPad was a rumor and mobile phones were not as advanced. Today you want software that works across all your platforms. Windows 7 can’t do this most likely, but Windows 10 can.
  • If you ever needed to use a virtual desktop then you know this feature is not available in Windows 7 unless you use Desktops v2.0 software. Virtual desktops allow you to organize your space better and have become an essential tool for modern-day users. Windows 7 does not offer this capability easily but Windows 10 does.
  • We all know Apple’s Siri and Google Now. These are convenient built-in assistants to help us do anything from scheduling tasks or appointments, dictating notes, playing music, adding reminders, and much more. Windows 7 does not have a built-in assistant but Windows 10 does: Cortana.
  • Ever been in your Windows 7 and want to search the web from your desktop and then realize you can’t. To search the web, you have to navigate to the right tab and then look something up. Windows 7 does not offer a convenient search feature for the internet, but Windows 10 does: the search bar allows you to search anything from your folders, apps, files, Windows store, and the Internet.
  • Gaming is another thing so many of us like to do today aside from work. Windows 7 has always been a trusted gaming platform — so this is not a drawback except for the fact that Windows 10 has built on Windows 7 gaming capabilities to make it even better. So, if you like gaming, whether it’s DirectX 12, PC Game DVR, or Xbox one game streaming, among others that you like to use for gaming purposes, then Windows 10 offers the best performance for you.

How to determine what you should do about your Windows 7 come January 14, 2020?

If you are one of those PC users to be affected by the end of extended support for Windows 7 in January 2020, then you have to determine what you will do. The last section implicitly directs you in which way you may consider, but if you are not yet confident in Windows 10, ask yourself the below two sets of questions:

  1. Do you use your computer to access the internet? If so, do you keep private information online or conduct private matters online, i.e., financial information, tax information, banking, consumer purchasing via Amazon or other outlets, etc.?
  2. Do you like Microsoft’s operating system Windows? Do you want to stay with Windows (but not Windows 8)? If so, would you like something similar to Windows 7 but operates better?

If you answer yes to these questions, then it is safe to say you should consider Windows 10. A free upgrade to Windows 10 expired in 2016, but the price you pay today can save you in the long run.

So, now you have it. There’s a lot to consider if you use Windows 7 and like using it. If you are an owner of a volume license for business users, then you do have a viable and reasonable solution to the deadline: you can purchase another three years of security updates. This option provides you ample time to consider other options and train personnel on new desktop operating systems.

But if you are not a volume license holder, then you really need to consider what you intend to do. Security is highly important today in our virtual worlds and without it, you risk impacting your so-called “real” world. A hacker can destroy what you have built up over the years, from finances to projects to just about anything that is maintained or kept on your computer, in the cloud, or online. The issue of the January 14, 2020 expiration for Windows 7 extended support is indeed a serious one.

Windows 7: Under One Year Until Support Ends Read More »

Warning: Foreign Hackers Compromised Citrix Systems

Citrix Data Breach

Citrix said the FBI warned them on Wednesday, March 6th that hackers compromised its IT systems and stole “business documents.” Citrix doesn’t know precisely which documents the hackers obtained nor how they got in.

It’s suspected that this is a sophisticated cyber espionage campaign supported by a nation-state. The consequences of the Citrix security incident could affect a broader range of targets, as the company holds sensitive data for many companies, including critical infrastructures for governments and enterprises.

For more information click here. Feel free to contact us for assistance if you’re concerned about your IT security.

Warning: Foreign Hackers Compromised Citrix Systems Read More »

New Threat Advisory: TrickBot (Warnings/Recommendations)

TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.

Trickbot

Don’t Get Tricked By TrickBot

TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.

What Is TrickBot?

The Multi-State Information Sharing and Analysis Center (MS-ISAC) recently released a security primer on TrickBot. Originally developed in 2016 as a Windows-based banking Trojan, TrickBot has recently advanced its capabilities.

TrickBot is a modular banking trojan that targets user financial information and acts as a vehicle for other malware. It uses Man-in-the-Browser attacks to steal financial information such as login credentials for online banking sessions. (The majority of financial institutions consider Man In The Browser attacks as the greatest threat to online banking.)

Malware developers are continuously releasing new modules and versions of TrickBot— And they’ve done this once again.

How Is TrickBot Distributed?

TrickBot is disseminated via malspam campaigns. Malspam is a combination of malware and spam. It’s usually delivered through phishing or spear-phishing emails. Its goal is to exploit computers for financial gain.

These malspam campaigns send unsolicited emails that direct users to download malware from malicious websites or trick the user into opening malware through an attachment.

TrickBot is also dropped as a secondary payload by other malware such as Emotet. Some of TrickBot’s modules abuse the Server Message Block (SMB) Protocol to spread the malware laterally across a network. (SMB is an application-layer network protocol that facilitates network communication while providing shared access to client files, printers and serial ports.)

The developers behind TrickBot have continue to add more features via modules to this potent trojan virus. It can download new modules that allow it to evolve if left unchecked.

How Does The TrickBot Malspam Campaign Work?

The malspam campaigns that deliver TrickBot use third-party branding looks familiar to you and your staff such as invoices from accounting and financial firms. The emails typically include an attachment, such as a Microsoft Word or Excel document. If you open the attachment, it will execute and run a script to download the TrickBot malware.

And, TrickBot is really tricky. It runs checks to ensure that it isn’t put in a sandboxed (quarantined) environment. Then it attempts to disable your antivirus programs like Microsoft’s Windows Defender.

And even worse, TrickBot redeploys itself in the “%AppData%” folder and creates a scheduled task that provides persistence. Persistence is the continuance of the effect after its cause is removed. So, even after you remove TrickBot, it can still create problems.

What Happens If Your Network Gets Infected With TrickBot?

TrickBot’s modules steal banking information, perform system/network reconnaissance, harvest credentials and can propagate throughout your network.

TrickBot:

  • Will harvest your system information so that the attacker knows what’s running on your network.
  • Compares all files on your disk against a list of file extensions.
  • Collects more system information and maps out your network.
  • Harvests browser data such as cookies and browser configurations.
  • Steals credentials and configuration data from domain controllers.
  • Auto fills data, history, and other information from browsers as well as software applications.
  • Accesses saved Microsoft Outlook credentials by querying several registry keys.
  • Force-enables authentication and scrapes credentials.
  • Uses these credentials to spread TrickBot laterally across your networks.

What’s New With TrickBot?

In November 2018, a module was developed and added that gave TrickBot the ability to steal credentials from popular applications such as Filezilla, Microsoft Outlook, and WinSCP.

In January 2019, three new applications were targeted for credential grabbing: VNC, Putty, and RDP.

In addition, it can also steal credentials and artifacts from multiple web browsers (Google Chrome/Mozilla Firefox/Internet Explorer/Microsoft Edge) including your browsing history, cookies, autofills, and HTTP Posts.

How Can You Protect Your Organization From TrickBot?

We recommend that you contact us and arrange for the following to protect against the TrickBot malware:

  • Implement filters at the email gateway to filter out emails with known malspam indicators such as known malicious subject lines, and block suspicious IP addresses at the firewall.
  • Use managed antivirus programs on clients and servers, with automatic updates of signatures and software. Off-the-shelf antivirus isn’t enough.
  • Arrange for vulnerability scans to detect TrickBot or other malware threats that are hiding in your IT systems.
  • Apply appropriate patches and updates immediately after they are released.
  • Provide Security Awareness Training for your users. Regular training will ensure that they can recognize social engineering/phishing attempts, and refrain from opening attachments from unverified senders.
  • Help you employ a Password Management solution so your usernames and passwords aren’t disclosed to unsolicited requests.
  • Deploy a managed Anti-Spam/Malware Solution with the latest signature and detection rules.
  • Review security logs for indicators of TrickBot. If any are found, we can isolate the host and begin investigation and remediation procedures.
  • Make sure you adhere to the principle of least privilege, ensuring that users have the minimum level of access required to accomplish their duties. We’ll also limit administrative credentials to designated administrators.
  • Implement Domain-Based Message Authentication, Reporting & Conformance (DMARC). This is a validation system that minimizes spam emails by detecting email spoofing using Domain Name System (DNS) records and digital signatures.
  • If you don’t have a policy regarding suspicious emails, we can help you create one and specify that all suspicious emails should be reported to security and/or IT departments.
  • And more…

Don’t let TrickBot use its tricks to steal your confidential data. Contact us for comprehensive IT Security Analysis and Remediation to keep TrickBot out of your network.

New Threat Advisory: TrickBot (Warnings/Recommendations) Read More »

Call Now Button