Blog

hacker

The Anatomy of a Hacker 
An Interview

How did you decide to become a hacker?

“I’m not really sure what it means to become a hacker. Sounds like some guy in a hoodie who types really fast, and stays up all night writing code and cracking passwords.  That’s not me. I just spy on people and see what makes them click.  It’s not a bad job.”

So, you consider this a job?

“I put a lot of work into this. I’m not lazy. It takes research to figure out the key players and learn all about them, their families, their friends, what they care about.  You have to understand the company’s organization. I get a lot of my information from the sales department because they’re always so quick and eager—They’re hungry.  People trust too easily.  They don’t look at the details.  I do.  Details matter.  That’s what I’m good at.  It has to look completely believable. It has to look familiar. This is where research is important. It’s not some generic piece of spam. It’s an email from their boss with their company signature. It’s written in the voice of the boss. It’s what he would say if he was writing this.”

What about the malware itself?  How does it work?

“Somebody out there already wrote all the code that does the actual attack. I’m just using the attachments.  My skills and ability are getting a bunch of people to click on that attachment. I always wonder what it’s like when the whole thing unfolds on their end when the panic sets in.”

Do you feel bad about releasing all the personal information, all the financials, the money that was lost?

“All I did was get the files. I’m not the one who decided to release them. I’m not the one who shorted the stock. Somebody else had their reasons for that. That’s above my pay grade.  I was paid to do a job, and I did it well. And that’s what’s expected of anyone, isn’t it?  Anyway, markets bounce back.”

The FBI says ransomware will be a $1 billion dollar market this year.

Ransomware is the most malicious and frequently used form of malware today.

The best way to protect your organization from ransomware is to prevent it from landing on your computers in the first place.

Don’t Fall Victim to A Ransomware Attack.
We Can Protect Your Data and Business from This Top Security Threat.

Ransomware attacks are on the rise. It’s part of the top 10 threat predictions by security experts around the world. And for businesses that are victimized, the consequences can be paralyzing and destructive.  When ransomware infects your computers or mobile devices, you’ll be denied access to your computer and may even lose your data.

Ransomware blocks access to your data and demand payment through an anonymous system like Bitcoin to restore access. In the past few years many large and small businesses, government agencies and private users have been victims of ransomware. The criminals who distribute and operate these attacks are making millions of dollars. They extort money from you in exchange for a promise to unlock your computer files.

Contact InfiNet Solutions.  We can help your employees recognize ransomware and malicious IT threats. And we have technology solutions to keep your data secure.  For more information call (402) 895--5777 or email us at: [email protected]

The Anatomy of a Hacker 
An Interview
Read More »

Cybersecurity Tips for Non-Profits  

Is Your Charitable Organization at Risk?

If tomorrow’s headlines read your non-profit organization’s data and donor info was breached, what would be the ramifications?  Are you taking enough appropriate steps to stop cybersecurity threats?

Nonprofits

Is Your Charitable Organization at Risk?  Cybersecurity Tips for Non-Profits

Almost weekly, we hear about an internet or computer security breach at a large retailer, bank, or recently, a major credit reporting service.  These breaches create problems for not only the companies involved but for their customers.  Personal information is often exposed, and the carefully crafted reputation a company may have built for years or decades can be destroyed.

As of yet, we haven’t heard of any major breaches at a non-profit organization.  The key words are “as of yet.”  Non-profits often store a significant amount of data about their board members, employees, volunteers, donors, corporate supporters, and more.  A security breach for a non-profit will not only be embarrassing but it could have significant adverse effects on future funding. These are some of the reasons non-profits should be proactive in taking steps to button up computers and online security.  Here are nine cybersecurity tips of which non-profits should take note.

  1. Increase the difficulty of your passwords and change them at least quarterly. If your organization is using simple passwords because it is “easier”, you should keep in mind it also makes it easier for others to gain access.  Many experts agree that the most secure passwords should be a random series of eight letters and numbers with at least two capital letters included in the sequence.  With the frequent turnover in staff members and volunteers, passwords should be changed at least every three months.  Don’t allow staff to write their passwords on Post-It notes attached to their computers.    It happens.
  2. Set security protocols for staff and volunteers in writing.  Don’t assume those around you know about phishing and spear phishing and the dangers lurking behind pop-up ads and downloads. Many non-profit organizations have older volunteers who may not be aware of the latest dangers and tactics being used to gain access to data.  Having staff and volunteers sign off on a one-sheeter acknowledging they understand basic security guidelines can demonstrate they are aware of the potential problems.
  3. Upgrade security software. Of course, non-profit budgets are tight but they will get much tighter if there is a breach in your data and donors feel their information is not secure.  Make it a point to get security software from a major supplier that you can feel comfortable with and keep it updated.  Providing a secure firewall or malware protection after experiencing a cybersecurity attack will do little to build confidence in your organization.
  4. Upgrade computers and hardware.  The older your equipment is, the more likely it is susceptible to a cybersecurity threat. Board of directors may not be willing to invest in new computer systems just because of the bells and whistles they include.  If the security of their sponsor and donor data is at risk, however, it may get their attention and provide support for new equipment.  If your non-profit has not looked into TechSoup for deep discounts on software and hardware, it should.  The application process can be a bit tedious but the savings are significant.
  5. Make sure your online donation processing is impregnable.  It is critical your donors have absolute confidence when making online donations. While services like PayPal are simple and relatively easy to set up, they may not instill the confidence of a more robust payment system.  Giving donors payment options can also help facilitate more and more frequent donations.
  6. Limit access to important files and data. One of the benefits of working for a non-profit is that there is often a team atmosphere, with staff and volunteers working toward a common goal.  Unfortunately, this can lead to sloppy security and over-sharing of files and data.  Computers may be left unlocked when not in use and unnecessary personnel may have access to sensitive files.  Limiting access will not only protect your information in-house but will help in limiting external access.
  7. Back up data on an external drive.  How quickly can your organization restore current data and software if you had a significant hard drive crash? Computers are generally more stable than ever, but this can lead to a false sense of security and even complacency about backing up data.  Make sure data is backed up regularly and frequently and the back up is kept off-site.  This can be done in the cloud, on a CD or on an external hard drive.  If the hard drive on your computer or server were to irretrievably crash today, what would the ramifications be?  If you don’t know or if the word “disaster” comes to mind, create an off-site backup and restoration plan.
  8. Get professional assistance.  If you are not confident in the steps you are taking in keeping your organization’s data secure from threats, get the advice of someone experienced in the field. Discuss cybersecurity with other profit and non-profit organizations you may come in contact with and ask for recommendations.  Cybersecurity doesn’t have to be that complicated when it is made a priority but if you are not comfortable taking it on, get the help of an expert.
  9. Document the steps your organization takes to protect the security of its data. In the event of a cybersecurity attack, it won’t take long for fingers to be pointed and blame to be placed.  This is why it is important to have a security plan in place and document what is being done.  This can demonstrate, even after the fact, that your organization was aware of the possibility and was taking proactive steps to keep its computers and data safe.  This should include how your social media is handled and who is responsible for it.

Make cybersecurity a priority, get everyone involved, and document your plan and processes. Greater awareness can go a long way in protecting the data of your non-profit organization.

Cybersecurity Tips for Non-Profits   Read More »

Office 365 Archiving

Have You Utilized All the Advantages of Office 365 Email Archiving?

Office 365 gives you benefits of email archiving that deliver users a variety of impressive features that make it the perfect solution for companies of all sizes. For example, you can benefit from an in-place email archive, in-place hold and litigation hold, an integrated management interface, unlimited storage, as well as deleted item recovery and deleted mailbox recovery. Office 365 email archiving truly is one of the businessman or woman’s best friends.

You can even set retention policies, and users can access archive email from within their inbox, from Outlook and the Outlook Web App. There will also be encryption between clients and Exchange Online Archiving, as well as between on-premises servers and Exchange Online Archiving.

There are many companies that are regulated by government compliance guidelines and have some form of retention requirements. Moreover, these companies may get into civil litigation or they may be asked for some 5- or 6-year old emails by the audit structures. With all these requirements it’s obvious that it is better to perform Office 365 email archiving with some third-party tools like the ones InfiNet provides.

If you use Office 365 in your daily business life you are probably aware of its archiving tools and of their limitations. Here’s a list of some benefits of Office 365 email archiving and backup tools that provide you with:

Flexible storage

You can use any public storage to keep your archived or backed up emails. You are not limited by your subscription plan. The only thing you need to pay for is the storage used.

Customizable retention

You can set up your own retention requirements when you archive your back up your Office 365 emails. Whether it would be 7 days or 7 years, you can set it up in your own way.

Advanced search option

Depending on the tool you choose to back up your emails or send them to the archive you will be provided with different ways of finding the granular emails that you need.

Granular legal holds

This is a legal hold that is applied at the message level and minimizes risk and cost during the audit process.

Different export formats

In some cases, you’ll need to perform some other export format than PST. The third-party archiving and backup tools that allow you to export files in different formats can save your time and money.

Outlook’s new feature allows you to hold onto deleted emails longer than ever. By setting a later purge date, you can hold onto important communications without cluttering your email folders.

More Office 365 Archiving Advantages

Most people have likely suffered the heartache of deleting an important email. You search and search again through your inbox and the communication is nowhere to be found. Although some providers archive emails automatically instead of deleting them forever, the emails are eventually purged from the server. With Outlook’s new feature you can hold onto emails longer and not worry about those emails disappearing for good a short month later.

Already convinced we’re the Omaha IT service providers to help you with sensible email archiving? Call us now at 402.547.4300 or email us at [email protected] for more information on how to get started right away facilitating greater business growth and IT productivity with safer, more secure Office 365 email archiving!

Why Save Deleted Emails?

In today’s business world, for each opened email you must make a critical decision: Do I archive or delete the email communication?

In some cases, like if you receive any spam, deleting the offending email is a no-brainer. However, emails from contacts are often different. For instance, if a colleague sends a link to a website you need, you may decide to delete the email after locating the URL.

However, a couple months down the road you may wish to bring up the email. If the email has yet to be purged, this saves you the headache of having to get in touch with your co-worker to ask for him or her to resend the information. Another case for not prematurely deleting emails is to retrieve contact information. If you accidentally delete an email without copying contact details, you may have a hard time tracking down the sender to get back in touch.

Office 365 Presets

In most cases, deleted Outlook emails are automatically set to purge from the system after 30 days. For onsite Outlook inboxes run on an Exchange server, an administrator is responsible for setting the length of time for emails to stay in the Deleted folder. This timeframe is managed through the system’s Messaging Records Management feature.

The default setting is for emails older than 30 days to get moved to a recoverable subfolder. The subfolder holds onto the emails for 15 days before completely removing them from the system. Onsite Exchange users were able to change this default setting in the past, but Office 365 administrators were stuck with losing emails permanently after 30 days.

Luckily, the retention policy is now changed for Office 365 and administrators have the option of allowing the purge to take place a maximum of 24,855 days (or 68 years) in the future! The date used by the system is the timestamp of the email or the last time the message was edited.

Don’t worry about any of these settings getting rid of your archived items. Once you save an email to a particular folder, the email can only be manually deleted from the server. Keep in mind there is a setting to delete expired items in Outlook within your Office settings. For instance, emails in your inbox have a default aging period of six months while outbox emails age after three months.

If you don’t have any system recovery options in place, prematurely purging Outlook emails can be disastrous. Make adjustments to your purge settings to have a holding place for emails you’re unsure if you should permanently delete or not.

We Cover Secure Office 365 Email Archiving and Much More

InfiNet is leading IT service providers in Omaha by focusing our expertise primarily on small business enterprises who want to optimize their computer-networking productivity and enjoy enterprise-level benefits for small-business service fees.

Contact us today at 402.547.4300 or by email at [email protected] for more info on how our Office 365 email archiving consulting will deliver the best results for your data management and business growth!

Have You Utilized All the Advantages of Office 365 Email Archiving? Read More »

Drive Office Productivity by Using These Popular Features in MS Word  

Microsoft Word is an incredibly powerful tool for office productivity, but you’re probably not using all of these fabulous time-saving features.  Get the scoop!  

Microsoft Word

There are few software packages that are as pervasive in a variety of different industries as the Microsoft Office productivity suite that includes Word, Excel, PowerPoint, and Access.  The ability to quickly and easily edit, share and distribute documents is a massive draw for organizations, schools, and students, but few people fully master these powerful programs. Most people use only a small percentage of the tools that are available, which is unfortunate. There are significant productivity gains available to anyone who takes the time to dig deep and master the capabilities of these full-featured programs.  Ready to shave some time off your document editing or processing tasks?

Keyboard Shortcuts

The design of the ribbon across the top with commands also makes it straightforward to find the information that you want, with commands that are used regularly garnering spots in plain sight. Even with the ribbon available, there are repetitive tasks that could be simplified by using a keyboard shortcut.  There are plenty of options that will help you navigate through the system and make your work more efficient, here’s just a few that you may find yourself using on a daily basis:

  • Ctrl+A – A great way to select all the text on the page
  • Ctrl+Y – Redo or Repeat your last action, to quickly apply formatting as you work through a document
  • Ctrl+K – Insert a link to the document at the point of your cursor
  • Ctrl + DEL – Delete word to the right of the cursor
  • Ctrl + Backspace – Delete word to the left of the cursor
  • Ctrl + Home – Move cursor to the beginning of the document
  • Ctrl + End – Move cursor to the end of the document
  • Ctrl + 1 – Single-Space Lines
  • Ctrl + 2 – Double-Space Lines
  • Ctrl + 5 – 1.5-Space Lines
  • F7 – Run spell check on any selected text or the entire document
  • Shift + T – Insert the current time
  • Shift + D – Insert the current date

If you’re spending a big part of your day editing within Word, these keyboard shortcuts alone could save you time, effort and frustration!

Section Breaks

Part of the beauty of Word is the ability to create well-structured documents that make it easy for users to find what they need quickly and easily.  All it takes is a little planning and foresight — and a solid understanding of sections and styling — to output Word documents that your users will be pleased to use and that are ready for publishing in print or online.  Sections in Word allow you to differentiate between areas of the document, such as the title page, table of contents, main document and any appendices.  Create a section break in Word by accessing the Page Layout menu, and look under ‘Breaks’.  A section break allows you to change formatting, almost like having a mini-document inside your main document.  If you’ve ever struggled with setting different page number styles on your Title page than on interior pages, this tip alone will be a lifesaver.

Working with Large Documents

When you’re editing a book, school paper or other large documents, it’s important that you apply the correct styling to ensure consistency of design and structure.  If you need specific fonts, font sizes, paragraph styles or another formatting, it makes sense to take the time to edit your styles before you even start typing.  You can begin defining your styles for the entire document by editing the presets under Heading 1, Heading 2, Heading 3 and Normal text — all of which can be found in the Style menu in the ribbon.  Select the style you’d like to edit, and making the change is as simple as making changes in the pop-up window and saving your adjustments. When you wish to apply that particular style to a block of text, select the text and then choose the level of style you would like to apply.

Using styles allows you to make universal changes to your documents.  For example, your boss wanted you to use Comic Sans font for all headers, but then when they realized how difficult that font was to read wanted it all changed back to Arial.  If you’ve properly applied and used your styles, this is the matter of a few clicks to update the entire document.  Styles are also very helpful when you’re creating a Table of Contents, which you can do by clicking on the References tab and then clicking Table of Contents to insert your selection.  Header levels are translated immediately into levels in the Table of Contents, saving you valuable time and clicks.

Track and Compare Changes

It’s not unusual to need to review someone else’s Word document, whether you’re in a contract review or simply editing out some sections of a marketing document.  The handy ‘Tracked Changes’ feature in Word provides you with a way of seeing exactly the changes someone else made in your document and allows you to accept or reject each change — and even add comments.  Access this feature by going to the ‘Review’ tab and clicking ‘Track Changes’. Changes are highly visible and tagged to the user who made the adjustment.  What happens if you forgot to turn on tracked changes before you sent a document?  Don’t despair, the ‘Compare Changes’ feature allows you to compare two documents with ease.  Click ‘Tools’, ‘Track Changes’, ‘Compare Documents’, and the modifications will be listed for your easy review.

Need to upgrade your Microsoft Office installations or considering moving to Office 365 in the cloud?

Drive Office Productivity by Using These Popular Features in MS Word   Read More »

New Ways That High Sierra Protects Your Privacy and Security  

Explore 7 Ways That macOS High Sierra Helps You Protect Your Privacy and Security  

macOS High Sierra

If you’re an Apple user, you have a lot of things to look forward to in the 13th release of the macOS operating system.  Some highlights include new features, improvements to existing features, and a few updates that will pave the way for future releases.  At the same time, device and internet security have become a growing concern with all internet and device users.  It’s a good idea to learn more about High Sierra security and privacy features, so you know what to expect and what to be careful of.

What Privacy and Security Features Does High Sierra Include?

The October 5 Password Patch

It’s worth mentioning that two security vulnerabilities with High Sierra made the news by the first day of its release on September 25.  These had to do with password hints and actual passwords stored in the keychain.  You can now upload a patch to fix these issues from Apple.  Apple released the patch on October 5.

Security analysts who had a chance to test the new operating system before it was released said they had notified the company about issues before release, so it is somewhat surprising that the company took several days to release this patch.  Prior to that, the company said that users who only downloaded apps from the Apple Store could protect themselves from these issues, but some security analysts weren’t so sure.  In any case, if you have already updated, you should certainly consider installing the patch.

High Sierra’s Built-In Privacy and Security

Besides the patches for these zero-day vulnerabilities, High Sierra also came bundled with plenty of new and updated privacy and security features on its own.

File System

Apple’s update to their new file system deserves the first mention.  Called APFS, or the Apple File System, it now relies on flash technology.  You should enjoy both better performance and improved security.

Improved security and protection features include:

  • Improved encryption capabilities
  • Crash protection
  • Easier backups

Since the upgrade may totally change the way that your device stores all of its data, it’s a good idea to ensure that you have backed up your system before you start installing High Sierra.

Browser Tracking Protection

You probably already know that advertisers try to track your actions as you use your internet browser.  They usually don’t have malicious intentions.  They simply want to gather data that helps them target advertising better.  At the same time, lots of Apple users would prefer to protect their privacy from this type of tracking software.  The Safari web browser now includes intelligent anti-tracking features that are supposed to be as smart as the advertiser’s trackers.

Advanced Secure Internet Connections

When you visited secure sites, like your bank, you probably noticed that you had an https:// connection and not a http:// connection.  Besides financial institutions, you might have also noticed this on many emails, downloads, or membership sites.  This is an example of improved security through a TLS connection.  This is important, but this kind of security relied upon SHA-1 certificates in the past.  These old-style certificates are no longer secure enough to perform as intended.

Currently, Apple wants all developers to move to SHA-256. certification, which uses much more advanced encryption to protect privacy and security.  This latest update actually applies quite a bit of pressure to get developers to change.  Before High Sierra, your Apple device would offer you a warning that the connection wasn’t truly private and secure.  Now, High Sierra will simply block your connection.  Before you upgrade, you may want to check any secure connections that you rely upon to make sure they will still work.

Weekly Firmware Validation

Once a week, High Sierra will automatically run a firmware check to validate your hardware against any installed firmware on your device.  According to Intego, most users should never see a warning from this check.  A warning could mean that your device has been maliciously tampered with, but it might just mean that you purposefully installed a hack to allow you to run this new operating system upon an unsupported computer.  If the weekly firmware validation does trip a warning, you will have the option to ignore it or to send a report to Apple for further investigation.

Kernel Extension Approvals

Some software will add kernel extensions that add certain functions to the operating system.  For instance, antivirus programs may do this legitimately in order to work.  Still, developers of malicious software may also add kernel extensions in order to cause mischief, so you should always know when it happens.

In any case, High Sierra will offer you a warning the very first time that any software tries to install a kernel extension.  If the extension was already loaded before you installed High Sierra or you have previously approved the extension with High Sierra, you won’t get a warning.  Some hackers have become clever at masking their work to look like legitimate software, so this system isn’t foolproof.

Mostly, High Sierra Offers Better Security and Privacy

This overview of new privacy and security features nitpicked a bit.  It’s important to understand how your device protects you and how that protection may be limited.  Mostly, you should enjoy better security and privacy with High Sierra than you have with your past macOS operating system versions.

 

New Ways That High Sierra Protects Your Privacy and Security   Read More »

Call Now Button