Hardware Shouldn’t Be Bought Willy-Nilly

The term ‘hard’ in hard drive shouldn’t refer to the difficulty many experience when they set out looking for a new one. It’s hard to deny the importance that hard drives still have to computers of all shapes, sizes, and operating systems — but like the elusive concept of soulmates, how do we know which one is right for us? We’ve put together a list of five things you should take into consideration prior to buying new hardware.

Hard Disk Drive VS. Solid State Drive

Firstly, you have to know which type of data storage you plan to use: Hard Disk Drive (HDD) or Solid State Drive (SSD).Capabilities of HDDs are on par with SSDs — but that doesn’t mean there aren’t any pros and cons. An SSD is a type of drive that uses flash memory for storing data, as opposed to spinning metal disks found in the traditional HDD — think of it like an extra large USB thumb drive.
On the upside, SSDs are faster at reading and writing data. They require less energy, are silent, and generally have longer lifespans. Downsides include small data capacities and a heftier price tag. It all boils down to what you’re going to your needs. Go for HDDs if you have budget restrictions or are looking for a backup/external drive; go for SSDs if the drive will run frequently-accessed files and programs.

Physical size and interface

After deciding between an HDD or SSD, you now have to choose a form factor. Luckily there are only two choices: the 3.5-inch drive and the 2.5-inch drive. The right one will likely depend on your current setup. With traditional HDDS, data is stored on spinning metal disks, meaning that more disks will be needed to expand data capacity. Because of this, desktop HDDs tend to be 3.5 inches with a maximum capacity of 4 TB, whereas laptops are 2.5 inches with a maximum capacity of 2 TB. SSDs are made smaller since they don’t require any removable parts, meaning they’ll fit easily into the 2.5-inch form factor. Adapters are available if you need to use the SSD in a 3.5-inch connector.

Specifications and performance

Now that you know what kind of drive to buy, it’s time to narrow down the candidates and find the best one that suits your needs. Here are some factors you need to consider:
Storage capacity – HDDs come in various sizes, but due to physical limitations, they cap off at 4 TB. Whereas SSDs are much smaller and doesn’t exceed the 1 TB mark – some consumer-level SSDs rarely exceed 512GB.

Transfer speed – Performance of consumer-level HDDs are determined by multiple factors, and revolutions per minute (RPM) is an important one. Higher RPM means faster data transfer between drives.

Cache space – If a hard disk needs to transfer data from one section to another, a special area of embedded memory known as the cache is utilized. Larger cache enables data to be transferred faster (because more information can be stored at one time). Modern HDDs have cache sizes ranging from 8-12 MB.

Access times – HDDs have a couple of factors that impact their performance. One is the time it takes for the reader to start reading or writing data from the drive. For SSDs, you want to look for sequential read and write speeds (also known as sustained reading and writing speeds). Just as long as the speeds are within the SATA connector’s max speed, you’ll be fine.

Failure rate – Though all things mechanical gradually wear and tear over time, not all HDDs are the same. Some models last six months where others make it past six years. You must do adequate research on a per-model basis before making a purchase.
External VS. Internal

The final step is to decide whether you want the hard drive to reside within of if it will get its own compartment outside. External drives are ideal for storage and backup purposes; they generally connect with a USB 2.0 that caps out at 480Mb/s — newer models that support USB 3.0 boasts a max of 5.0Gb/s. Unless the model you get is USB 3.0 compatible, the speed will likely be insufficient when it comes to running an operating system.
Speed issues aside, they’re portable and can be shared with multiple computers. They can even be plugged into TVs and media centers for direct playback. If portability falls second to speed, or if your current system lacks a working data drive, internal is the best choice.

Now that you’re armed with the necessary information, buying your next hardware should be a pleasant experience, like a walk in the park. If you have further questions or would like to know more, feel free to contact us by phone at 800-421-7151 or email alopp@wamsinc.com; we’re more than happy to help.

Virtual Networks: the Future of Security

For the average business owner, a virtualized network may not seem groundbreaking. And until recently, even the team at VMware didn’t realize just what they could do with it. Now that they’ve publicly announced what they’re calling “Project Goldilocks,” we finally see how relevant it is. Every small- or medium-sized business is concerned with endpoint security, and that’s why you absolutely must read on to learn about this new form of virtualization.

A virtual network is a way to connect two or more devices that aren’t physically linked by wires or cables. From the perspective of machines on a virtual network, they’re essentially sitting in the same room — even if they’re on opposite sides of the globe. The advantages of this setup range from ease of management to reduced hardware costs. AT&T and Verizon have begun offering these services, and small- and medium-sized businesses have slowly begun to adopt them.

Meanwhile, another sector of the IT world has been making its own advances. Cutting-edge hardware firewalls are beginning to offer internal segmentation as a method of separating pieces of your internal network to keep them safe from threats that spread internally. The more segments you have, the safer your network is from poorly protected neighbors. But there are limits to how much capacity one of these hardware firewalls has for segmentation.

Virtualization giant VMware has taken notice and developed a prototype to combine these two services. In the hopes of unleashing ‘microsegmentation’ from the limits of physical hardware, Project Goldilocks will essentially create a virtual firewall for every virtualized application. When one of these applications is created or installed, it will come with a ‘birth certificate’ outlining every acceptable function it can perform. When making requests to the operating system, network, or hardware the application is installed on, Goldilocks will cross-reference the request with the birth certificate and deny anything that hasn’t been given permission.

Segmenting virtual networks and applying them to individual applications rather than entire networks or operating systems could revolutionize the market for endpoint security. Not only would it be easier to block malware infections, but those that made it through could be quarantined and terminated immediately because of the virtual nature of their location.

While virtualization may be a complicated state-of-the-art technology, all it really takes is a helping hand. With our full team of specialists, we’re ready to pull you into the next stage of your virtualized infrastructure. All you need to do is reach out us at 800-421-7151 – why not do it today?

IT Jargon: A Glossary of Cybersecurity Terms

Everyone hates jargon. It’s ostracizing and off-putting, but somehow we just keep creating more and more of it. For those who have adopted an “if you can’t beat ‘em, join ‘em” philosophy, we have just the list for you. Let’s take a look at some of the most relevant cybersecurity terms making the rounds today.

Malware

For a long time, the phrase ‘computer virus’ was misappropriated as a term to define every type of attack that intended to harm or hurt your computers and networks. A virus is actually a specific type of attack, or malware. Whereas a virus is designed to replicate itself, any software created for the purpose of destroying or unfairly accessing networks and data should be referred to as a type of malware.

Ransomware

Don’t let all the other words ending in ‘ware’ confuse you; they are all just subcategories of malware. Currently, one of the most popular of these is ‘ransomware,’ which encrypts valuable data until a ransom is paid for its return.

Intrusion Protection System

There are several ways to safeguard your network from malware, but intrusion protection systems (IPSs) are quickly becoming one of the non-negotiables. IPSs sit inside of your company’s firewall and look for suspicious and malicious activity that can be halted before it can deploy an exploit or take advantage of a known vulnerability.

Social Engineering

Not all types of malware rely solely on fancy computer programming. While the exact statistics are quite difficult to pin down, experts agree that the majority of attacks require some form of what is called ‘social engineering’ to be successful. Social engineering is the act of tricking people, rather than computers, into revealing sensitive or guarded information. Complicated software is totally unnecessary if you can just convince potential victims that you’re a security professional who needs their password to secure their account.

Phishing

Despite often relying on face-to-face interactions, social engineering does occasionally employ more technical methods. Phishing is the act of creating an application or website that impersonates a trustworthy, and often well-known business in an attempt to elicit confidential information. Just because you received an email that says it’s from the IRS doesn’t mean it should be taken at face value — always verify the source of any service requesting your sensitive data.

Anti-virus

Anti-virus software is often misunderstood as a way to comprehensively secure your computers and workstations. These applications are just one piece of the cybersecurity puzzle and can only scan the drives on which they are installed for signs of well known malware variants.

Zero-day attacks

Malware is most dangerous when it has been released but not yet discovered by cybersecurity experts. When a vulnerability is found within a piece of software, vendors will release an update to amend the gap in security. However, if cyber attackers release a piece of malware that has never been seen before, and if that malware exploits one of these holes before the vulnerability is addressed, it is called a zero-day attack.

Patch

When software developers discover a security vulnerability in their programming, they usually release a small file to update and ‘patch’ this gap. Patches are essential to keeping your network secure from the vultures lurking on the internet. By checking for and installing patches as often as possible, you keep your software protected from the latest advances in malware.

Redundant Data

When anti-virus software, patches, and intrusion detection fail to keep your information secure, there’s only one thing that will: quarantined off-site storage. Duplicating your data offline and storing it somewhere other than your business’s workspace ensures that if there is a malware infection, you’re equipped with backups.

We aren’t just creating a glossary of cyber security terms; every day, we’re writing a new chapter to the history of this ever-evolving industry. And no matter what you might think, we are available to impart that knowledge on anyone who comes knocking. Get in touch with us today and find out for yourself.

What Can We Learn from Delta’s IT Outage?

Companies can pay a hefty sum if they ever experience any downtime. In fact, Delta Air Lines had a bad bout of severe downtime just last month. In just three days, the airline company cancelled 2300 scheduled flights and suffered $150 million in income loss. That doesn’t even account for the considerable reputational damage from delayed service. So how do you avoid sharing the same, expensive fate? Here are some valuable business continuity lessons we can all learn from Delta’s IT outage.

Expect 100% Redundancy

According to Delta’s chief information officer, a power failure caused the company’s data center to crash, grounding thousands of would-be passengers. Although power was restored six hours after the incident, critical systems and network equipment failed to switch to a secondary site, corrupting valuable data in the process. And while some systems failed over, other vital applications didn’t; this created bottlenecks, decreased revenue, and diminished customers’ confidence.

Delta’s case is a massive wakeup call not just for the airline industry but for every business – no matter how large or small. Companies must implement disaster recovery plans for their data centers, on-site technology, and Cloud applications to continue servicing customers while fixing the main issue with their primary systems. Companies also need to get rid of the false notion that redundancy plans to assure service continuity is restricted to larger corporations. DR and business continuity solutions are extremely affordable today, and a partnership with a provider can help you in more ways than one.

Always Test Your Backups

So although Delta had a plan to bring its business back to normalcy, the DR plan left a lot to be desired in practice. This begs the question as to whether the airline company is actually testing, reviewing, and reinforcing its vulnerabilities to different disasters.

The point is that even though your company may have a failover protocol in place, that protocol adds no value to your business unless it has been rigorously tried and tested. In order to avoid the same fate as Delta, make sure to find out whether your disaster recovery plan is capable of running mission-critical applications like email and customer service applications before – not after – downtime occurs.

Account for Different Types of Vulnerability

In an interview with the Associated Press, Delta CEO Ed Bastian said, “We did not believe, by any means, that we had this type of vulnerability.” Indeed, it’s often hard to foresee what threats and vulnerabilities a natural disaster, power outage, or hacker can produce. But it’s not impossible.

By conducting a comprehensive audit of your data center security and disaster protocols, your business will be more aware and adept at minimizing the risk of potential disasters. This also means evaluating and preparing for disasters that are likely to happen to your business depending on its geographic location. Southern US, for instance, is prone to hurricanes and flooding.

Call For Help

These lessons and strategies are all crucially important, but pulling off a DR and business continuity solution on your own may be difficult. For this reason, it’s critical to have a planned partnership with a managed services provider that can assess, plan, test, and install the continuity solutions your business needs in order to minimize the impact and avoid encountering a Delta IT outage of your own.

To find out more about business continuity and guaranteeing complete IT redundancy, contact us today at alopp@wamsinc.com or call us at 800-421-7151.

Ransomware Appears as Fake Windows Update

Unlike those who attend Hogwarts, magicians rely mainly on subtle sleight of hand to convince others that they managed to make coins disappear into thin air. The same concept applies to ransomware. How can it complete its mission in a suit labeled with the word “Villain”? Nowadays, ransomware fashions various disguises that render it undetectable. A case in point is Fantom — here are some of the reasons why you should steer clear of this technological spook.

AVG security researcher Jakub Kroustek recently spotted Fantom coded atop an EDA2, a ransomware-building kit that was open-sourced but eventually taken down. EDA2 contained certain flaws that allowed researchers to obtain decryption keys from its C&C server, yet these flaws have since disappeared, indicating that Fantom coders might have found and fixed them before anyone else had a chance to.

Very little is known as to how Fantom is distributed. As for the method of deployment, cybercriminals plant the file onto the target’s computer via spam email or exploit kits. Fantom-infected files are namedcriticalupdate01.exe; they utilize a “Windows Security Update” to prompt targets into running the file.

After activation, the ransomware starts by locking the user’s screen while displaying fake Windows Update graphics, complete with a fully-functioning percentage-based loading timer that mirrors the original Windows Update screen. However, beneath this pleasant facade, Fantom is encrypting your files right before your eyes. Luckily, the temporary lock screen is removable before it reaches 100% — simply press CTRL+F4. Unfortunately, the encryption process remains intact.

The MalwareHunterTeam states, “The ransomware uses classic ransomware encryption by locking files using an AES-128 key and then encrypting this key with a dual RSA key, with the private key stored on the crook’s server, and a public key left on the user’s PC.”

In order to retrieve the private key to unlock your files, you must contact the perpetrators by email. The email address is listed in the ransom note that appears after the process of encryption is complete. Fantom displays ransom notes in the form of HTML and TXT files, while changing the user’s desktop with a custom screenshot that lists the contact details. Lastly, after completing all its operations, Fantom cleans after itself by running two batch scripts wiping all the installation files clean.

Ransomware isn’t new, but the ways that cybercriminals utilize them are. Who would’ve thought that the ever so familiar Windows Update window has fallen prey to malicious intent? Pretend that you’re the Little Red Riding Hood and that the wolf is the ransomware that cybercriminals have disguised as your grandmother. They no longer wait to trap you, instead, they wait for you to walk straight into one instead.

The issue of ransomware is as extensive as it is meticulous. If you have any questions about Fantom or would like to request more information, feel free to get in touch with us! Give us a call at 800-421-7151 or send us an email at alopp@wamsinc.com. Our dedicated staff are more than happy to help.

Why You May Need to Leave Dropbox

In 2012, cloud storage firm Dropbox was hacked with over two-thirds of its users’ details dumped all over the internet. While the company initially thought a collection of email addresses was the only thing stolen, it was wrong — passwords had been compromised as well. If you are currently using Dropbox, it may be time to reconsider. This new information came to light when the database was picked up by a security notification service. So it may be time to move away from Dropbox and seek a more secure solution.

Despite the unfortunate incident, Dropbox has implemented a thorough threat-monitoring analysis and investigation, and has found no indication that user accounts were improperly accessed. However, this doesn’t mean you’re 100 percent in the clear.

What You Need to Do

As a precaution, Dropbox has emailed all users believed to have been affected by the security breach, and completed a password-reset for them. This ensures that even if these passwords had been cracked, they couldn’t be used to access Dropbox accounts. However, if you signed up for the platform prior to mid-2012 and haven’t updated your password since, you’ll be prompted to do so the next time you sign in. All you have to do is choose a new password that meets Dropbox’s minimum security requirements, a task assisted by their “strength meter.” The company also recommends using its two-step authentication feature when you reset your password.

Apart from that, if you used your Dropbox password on other sites before mid-2012 — whether for Facebook, YouTube or any other online platform — you should change your password on those services as well. Since most of us reuse passwords, the first thing any hacker does after acquiring stolen passwords is try them on the most popular account-based sites.

Dropbox’s Ongoing Security Practices

Dropbox’s security team is working to improve its monitoring process for compromises, abuses, and suspicious activities. It has also implemented a broad set of controls, including independent security audits and certifications, threat intelligence, and bug bounties for white hat hackers. Bug bounties is a program whereby Dropbox provides monetary rewards, from $216 up to $10,000, to people who report vulnerabilities before malicious hackers can exploit them. Not only that, but the company has also built open-source tools such as zxcvbn, a password strength estimator, and bcrypt, a password hashing function to ensure that a similar breach doesn’t happen again.

Is It Enough?

At WAMS, we have never recommended using Dropbox for business; especially not for law firms. Dropbox is working to become more secure and we are happy for the sake of its users that the company is taking security more seriously, but at the end of the day it is not the best solution for your documents and your files. The company is not held to the same compliance laws and it is not WAMS’s recommended solution for document management. Give us a call at 800-421-7151 to discuss moving you to a safer solution and to learn more about keeping your online accounts secure.

Go Mobile Without Killing Your Data

What if you could tap into the top talent in your industry, no matter where in the world they are? With the power of the mobile web, your all-star team is now – literally – at your fingertips.

Consider this: 83% of workers report that they prefer using cloud apps over those deployed on-premise. Millennials, who will make up almost 50% of the available workforce by 2020, are “digital natives.” And don’t forget how much money remote workers allow you to save on real estate and office equipment.

Yet there are risks. Spreading your network around the world on a variety of devices you don’t control can expose your data in more ways than ever before. The key is to find the right balance between protection and productivity. Here, then, are five ways to effectively “mobilize” your workforce – without endangering your data:

Collaborate In The Cloud – A plethora of online collaboration tools have sprung up that make it easy for a geographically dispersed team to access and share the same files in real time. These tools not only make sharing easy and instantaneous, they help your team communicate quickly and effectively. Tools like Slack, HipChat, Asana, Podio, and Trello – to mention just a few of the most popular options – are proving to make teams more productive. That includes keeping critical data safe and secure.

Expand Elastically – In-house investments in IT hardware, software, and staff can lock you into a rigid structure that can’t easily adapt to changes in demand. A cloud-based mobile workforce is able to contract and expand more easily as needs arise, and with very little loss of capital. Bottom line: use a VPN (virtual private network) and cloud-based collaboration tools to remain agile, flexible, and competitive.

Cut Costs Dramatically – Physical work areas, equipment, software, and on-site security expenses can add up. Instead of spending money on office space, equipment, and infrastructure, invest it in innovation and refinement. Combine the power of the cloud with a well-designed workflow to reduce the number of people needed to get things done. That will free up your key players to focus on more important tasks – the ones that boost productivity and ROI.

Deal With BYOD – Let’s face it, BYOD (bring your own device) can be your greatest IT security threat. Yet, like it or not, workers will use their own devices on the job. Foisting strict controls without buy-in will just backfire. Yet doing nothing simply makes you a sitting duck for a cyber-attack. Solution? First, audit how your employees use their devices. Note the data they access and the apps they rely on. Group them by the levels of security and compliance they need to be governed by. A CEO, for example, may need to abide by financial regulations. An HR manager must deal with employment laws. Armed with information from your audit, you can roll out new policies as well as technical and process controls. Train your team in safe practices. And be sure to contact us for help in getting all this done securely and effectively.

Go Remote Without Risk – Whether you want to cut commuting time for your team, tap into the talents of experts outside your locale, or simply accommodate a worker caring for family members, mobilizing your workforce can have big benefits. The trick is defending it at all points. Make sure remote workers share files and communicate with other employees only via a secured network. Make sure they use adequate virus protection. And, if they are using WiFi, either at home or on the road, make sure they do it safely. For instance, ensure that their tablet isn’t set to automatically connect to the default wireless network. That’s often an easy access point for hackers.

Free Mobile Risk Assessment

For a free mobile risk assessment, email alopp@wamsinc.com or call 800-421-7151 and we will help you to keep control or your important information.

4 Things to Look for in a Business Projector

We know quite well how long your projector will last you, as the average projector lifespan is around 2,000 hours. That means it’s probably been a long time since you last went shopping for a new one. If you’re unsure what to be looking for in your next purchase, you’re not alone. With every year comes updated features and industry standards for your hardware, and we’re here to clarify what that means for a new office projector. You may not need one right this second, but we encourage you to archive this list for when the time comes and you may want a little guidance. Let’s take a look.

Brightness

If you haven’t had any hands-on experience with projectors yet, brightness will undoubtedly be the first thing you notice. Although no projector will ever match the brightness of an LED or LCD television, with some informed shopping you can easily mitigate this unfortunate drawback. A ‘lumen’ is a measure of brightness listed under the specifications of any new projector. Anything over 2,000 lumens should be appropriate for small-group presentations in a low-light room. For larger meetings with more ambient light, 3,000 lumens should be able to negate any added burdens. No need to go any higher than that unless you expect to host more than 100 viewers and let a little light into the room.

Resolution

While brightness may be the first thing you notice, resolution is probably the first thing you think of. Before deciding on a resolution, give some honest consideration to how essential it is for the projector’s intended use. If the plan is to set it up in the conference room for Excel budget presentations, WXGA (or 1280×800) should be plenty clear. This resolution is the most widely compatible with the dimensions of modern laptop screens and will making swapping the content source a piece of cake. However, if you have an existing projector and/or screen, you may want to stick with your existing XGA (or 1024×768) resolution. Of course, there is always the option for the gold standard. Whether it’s an overinflated budget or true necessity, HD (1920×1080) will provide you with the best possible resolution for your projections.

Portability

Behind their bolted-in conference room companions, portable projectors are some of the most popular for business professionals. In addition to brightness and resolution comparisons, make sure to examine how valuable portability is to you. Increased portability often brings a significant reduction in image quality and may not ultimately be worth it. If you’re forging ahead with a mobile option, some of which are small enough to comfortably fit inside your pocket, make sure whatever you choose has the ability to read data from a USB or SD storage device. There’s no reason to buy a model compact enough to leave the backpack at home unless you’re utilizing all its added bonuses. This means you might have the option to purchase a mini-projector with a battery integrated into the device; just remember that it’s unlikely you’ll have the picture quality or features to truly enjoy video and multimedia presentations.

Extra Features

What would any piece of hardware be without a few cool extra features? Top of the line projectors have a myriad of specialized add-ons that might be just what you need to make your final decision. We’ve already talked about USB and SD storage, but what about an iPhone or Android dock incorporated directly into the unit? And if that doesn’t tickle your fancy, cut the cords entirely with wireless-enabled projectors. Regardless of whether it’s one of these options, or something like internal storage capacity, always thoroughly test any special features before letting them factor into your final choice. There’s nothing worse than basing a decision on a total misnomer.

Our clients often forget to utilize one of our most useful service options: hardware consulting. If you’re ever in the market for new equipment at your organization, or need advice on how to get the most of what you currently have, don’t hesitate to ask. We’re an office full of gadget geeks who love the opportunity to talk about the latest and greatest the industry has to offer. Contact us today at 800-421-7151!