HTTPS Matters More for Chrome

HTTPS usage on the web has taken off as Chrome has evolved its security indicators. HTTPS has now become a requirement for many new browser features, and Chrome is dedicated to making it as easy as possible to set up HTTPS. Let’s take a look at how.

For several years, Google has moved toward a more secure web by strongly advocating that sites adopt the Secure HyperText Transfer Protocol (HTTPS) encryption. And last year, Google began marking some HyperText Transfer Protocol (HTTP) pages as “not secure” to help users comprehend risks of unencrypted websites. Beginning in July 2018 with the release of a Chrome update, Google’s browser will mark all HTTP sites as “not secure.”

Chrome’s move was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and the majority of Chrome traffic is already encrypted.

Here’s how the transition to security has progressed, so far:

  • Over 68% of Chrome traffic on both Android and Windows is now protected
  • Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
  • 81 of the top 100 sites on the web use HTTPS by default

HTTPS: The benefits and difference

What’s the difference between HTTP and HTTPS? With HTTP, information you type into a website is transmitted to the site’s owner with almost zero protection along the journey. Essentially, HTTP can establish basic web connections, but not much else.

When security is a must, HTTPS sends and receives encrypted internet data. This means that it uses a mathematical algorithm to make data unreadable to unauthorized parties.

#1 HTTPS protects a site’s integrity

HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one can tamper with the traffic or spy on what you’re doing.

Without encryption, someone with access to your router or internet service provider (ISP) could intercept (or hack) information sent to websites or inject malware into otherwise legitimate pages.

#2 HTTPS protects the privacy of your users

HTTPS prevents intruders from eavesdropping on communications between websites and their visitors. One common misconception about HTTPS is that only websites that handle sensitive communications need it. In reality, every unprotected HTTP request can reveal information about the behaviors and identities of users.

#3 HTTPS is the future of the web

HTTPS has become much easier to implement thanks to services that automate the conversion process, such as Let’s Encrypt and Google’s Lighthouse program. These tools make it easier for website owners to adopt HTTPS.

Chrome’s new notifications will help users understand that HTTP sites are less secure, and move the web toward a secure HTTPS web by default. HTTPS is easier to adopt than ever before, and it unlocks both performance improvements and powerful new features that aren’t possible with HTTP.

How can small-business owners implement and take advantage of this new interface? Call WAMS today at 800-421-7151 for a quick chat with one of our experts to get started.

Should you Worry About the New IoT Malware?

A malware infection is one of the worst things that could happen to your Internet of Things (IoT) devices. But some users don’t even know there are IoT-targeted attacks that threaten computers, networks, and data. Rebooting an IoT device is a simple way to remove malware, but for those already infected with the latest strain, it’s not that simple.

What is the Hide And Seek malware?

The Hide and Seek (HNS) malware has created a “botnet” by quietly infecting thousands of devices using advanced communication methods. Without getting too technical, a botnet adds or “recruits” computers to their network to carry out malicious acts, such as overloading a network by telling every infected device in the botnet to try and connect at the same time.

The new HNS can’t be removed by resetting the infected device, which is the solution for most IoT malware strains. The new strain can also exploit a greater variety of devices and in less time than its predecessors. Experts believe it has already compromised more than 90,000 IPTC cameras and other devices.

IoT devices are easily hacked if they connect to the internet, which is home to opportunistic cybercriminals. And because businesses and consumers are expected to acquire and use more IoT devices (the market is expected to reach $1.7 trillion by 2020), it’s imperative to take cybersecurity precautions.

How can I protect my IoT devices?

Luckily, there are steps you can take to keep your devices — and ultimately your network and data — safe from HNS and other forms of malware.

  • Turn off your IoT devices when not in use to reduce their exposure to fast-spreading malware.
  • Take simple precautions to keep your WiFi networks safe, like changing your network’s default settings (including your network’s name), and using complex passwords that are changed from time to time.
  • For those who use a large number and variety of devices, install a threat management system that will block intruders and secure common threat entry points.
  • Be sure that your IoT devices are updated with the latest firmware. If the device is old and not supported, or new firmware is not being release, these devices should be replace with more reliable devices.

With HNS and other malware strains expected to increase in number and complexity, it’s more important than ever to take a multi-layered approach to security. Call us today at 800-421-7151 to learn more about which cybersecurity solutions are right for your business.

Debunking the Top 4 Virtualization Myths

Unless you work in IT, you don’t need to understand the intricacies of most business technology. Complicated explanations usually just lead to misunderstandings, which is especially true for virtualization. Many of the things you’ve heard about it are false.

Myth #1 – Virtualization is too expensive for SMBs

Many people assume that the more advanced an IT solution is, the more expensive it is to install and maintain. That’s not the case for virtualization, which is a strategy to boost hardware efficiency and cut costs.

Sure, a virtual server requires more support than a traditional one, but the capacity boost means you won’t need to purchase a second server for a long time – resulting in a net reduction of hardware and IT support expenses. Furthermore, managed virtualization services usually follow a pay-as-you-go model that costs just a few bucks per hour. It is important to also note the savings regarding power and cooling requirements; the lest physical servers you have, the less you are affected by these costs.

Myth #2 – Virtualization adds workplace complexity

Most people feel comfortable with the traditional computing model – one set of hardware equals one computer – but that doesn’t mean a new model has to be more complicated. With virtualization, one “traditional” computer can run as two or more virtual computers. The technical aspects of how that’s accomplished may be confusing, but the good thing is business owners don’t need to bother with those details.

Virtualization actually reduces complexity because it allows business owners to expand their IT systems whenever necessary without having to worry about hardware limitations.

Myth #3 – Support is hard to come by or inconvenient

You may be more familiar with The Cloud than with virtualization, but that doesn’t mean the latter is a niche technology. The value of the virtualization market in 2016 was $5.6 billion and supported by IT providers all over the country. It’s also a technology that works well with remote support, which means technicians can install upgrades or resolve issues without having to travel to your office.

When you choose to invest in the cloud, everything is virtualized. Amazon, Microsoft Azure, and Citrix are the most common vendors; any cloud service provider should steer you toward one of these.

Myth #4 – Software licensing is more difficult

There’s a misconception that if your server is running three virtual Windows 10 computers, you’ll have to jump through extra licensing hoops. In reality, virtualization follows the same licensing rules as traditional computing: one desktop, one license, which means you won’t need to rethink your software budget.

It’s natural for new technologies to cause confusion, and virtualization does require a new way of thinking about IT hardware. But as long as you have certified technicians like ours on hand, everything will run smoothly. Give us a call today at 800-421-7151 to find out how we can lower your hardware costs and simplify your IT support.

AI-Powered Advances in Customer Support

High-quality products and services can make a business successful, but exceptional customer service is what makes customers come back. This is why companies constantly try to innovate their customer service strategy — and some do it by adding artificial intelligence (AI) into the mix.

How AI capabilities enhance customer service

AI has two capabilities that enhance customer service: machine learning and natural language processing.

Machine learning studies historical customer data in your systems and equips your customer service staff with all the information they need to address concerns much faster and provide personalized product suggestions, discounts, and offers. It’s the same mechanism that enables Facebook to suggest friends and brands to add or follow, and allows Amazon to personalize product recommendations.

On the other hand, AI’s natural language processing capabilities make it possible for businesses to deploy computerized customer service systems that don’t require human support staff. AI-enabled systems can ‘talk’ to customers via software similar to that of Apple’s Siri, Google’s Alexa, and Windows’ Cortana.

Automated, accurate, and agile responses

Although well-trained employees can multitask and solve customer problems, humans make mistakes. Automated systems like chatbots provide accurate and quick responses because they can be programmed to respond rapidly and accurately, handle large volumes of queries, and be available 24/7.

For example, a restaurant chain that often receives queries about a branch’s opening hours can use a chatbot to handle questions about store hours, reservations, and other simple concerns. A retail store chatbot can also make online ordering seamless by answering questions about product sizes and/or availability.

Overall, AI-enabled chatbots can reduce or eliminate pain points commonly encountered with human customer service representatives, such as long wait times, inefficient escalation of complex concerns, and negative human emotions from irate customers, all of which affect customer satisfaction levels.

Cost-efficient support

Businesses spend thousands of dollars to hire and train customer service representatives. But based on studies, the high attrition rates in the call center industry cost them a lot of money. Some companies even let operations staff handle customer support, which then affects productivity and reduces profitability.

AI-powered platforms reduce the time and money spent on customer service because you don’t need to hire more support staff in case of business expansion. Instead, you can reprogram customer service software so that queries about new products or new business locations can be easily addressed.

Many customers still prefer to have their problems solved by humans. And for banks, hotels, hospitals, and businesses where complicated concerns require human customer service agents, an AI-powered support system can facilitate seamless issue resolutions.

Fortunately, there are plenty of technology options to make customer service and other functions more efficient. Call us today for innovative business technology solutions.

New Malware Infects SOHO Routers Worldwide

Talos recently warned that at least half a million routers have been endangered by a new form of malware called VPNFilter. After an earlier version targeted devices in Ukraine, VPNFilter has spread rapidly in around 54 countries, affecting home and small business routers.

How VPNFilter Works

Talos cited the vulnerable devices as Linksys, MikroTik, Netgear, and TP-Link networking equipment, as well as network-attached storage (NAS). Upon infecting a small office home office (SOHO) router, VPNFilter deploys in three stages.

In stage 1, the malware imposes its presence by using multiple command-and-control (C2) infrastructure to capture the IP address of the existing stage 2 deployment server. This makes VPNFilter so robust that it can deal with any unpredictable changes in C2. This stage of the malware persists through a reboot, which makes preventing reinfection tough in stage 2.

Stage 2 involves deploying modules capable of command execution, and data collection and exfiltration. According to the United States Department of Justice (DOJ), this can be used for intelligence gathering, information theft, and destructive or disruptive attacks. Moreover, stage 2 malware has a “self-destruct” feature that once activated by the hackers will overwrite a critical area of the device’s firmware so it stops functioning. This can happen on almost every infected device.

In Stage 3, a module with packet-sniffing capabilities is added to enable monitoring of internet traffic and theft of website credentials. And yet another module is installed to deploy communication support for the Tor network, which can make communicating with the C2 infrastructure harder.

Taking Action

According to Talos, the likelihood of the attack being state-sponsored is high, something the DOJ later backed up. The DOJ attributed it to a group of actors called Sofacy (also known as APT28 and Fancy Bear), the Kremlin-linked threat group believed to be responsible for hacking the Democratic National Committee computer network two years ago.

On the night of May 23, the FBI announced that they have seized a domain which is part of VPNFilter’s C2 infrastructure used to escalate the malware’s effects. This forces attackers to utilize more labor-intensive ways of reinfecting devices following a reboot. With the seizure, the government has taken a crucial step in mitigating VPNFilter’s impact.

Stopping the Malware

Researchers agree that VPNfilter is hard to prevent. While vulnerability has been established, patching routers isn’t easy, something average users might not be able to do on their own. But as with any malware, the impact of VPNFilter can be mitigated, which is done by terminating the C2 infrastructure used.

To minimize exposure, the FBI recommends all SOHO routers be rebooted, which, according to a statement from the DOJ, will help the government remediate the infection worldwide. The justice department, along with the FBI and other agencies vowed to intensify efforts in disrupting the threat and expose the perpetrators.

For their part, Talos offers the following recommendations:

  • Users of SOHO routers and/or NAS devices must reset them to factory defaults and reboot them in order to remove the potentially destructive, non-persistent stage 2 and stage 3 malware.
  • Internet service providers that provide SOHO routers to their users should reboot the routers on their customers’ behalf.
  • If you have any of the devices known or suspected to be affected by this threat, it is extremely important that you work with the manufacturer to ensure that your device is up to date with the latest patch versions. If not, you should apply the updated patches immediately.
  • ISPs will work aggressively with their customers to ensure their devices are patched to the most recent firmware/software versions.

Combat the VPNFilter malware by rebooting affected devices. For more tips, contact our team.

What to Tweak when Setting Up Windows 10

There are steps that need to be taken after unboxing a new laptop. After installing Microsoft’s Windows 10, you need to unlock its full potential by tweaking some important settings. The best thing to do is get help from a technician, but there are a few things you can do without assistance.

#1 Check for updates

Your new laptop should check for updates automatically, but you can also check manually. Just click the gear icon above the Start button to go to the Settings, choose Update & Security > Windows Update and then click the Check for updates button. (Or, just type “updates” into the search box and click Check for updates.)

#2 System restore

If something goes wrong with your laptop, you can save a lot of time and hassle if you have a “restore point,” which is like a backup of your entire operating system.To set up a restore point, search for “restore” from the taskbar and click Create a restore point. You’ll be taken to the System Protection tab of the System Properties window.

From there you can choose what you want to be included in the back and then click the Configure button. Select the radio dial to Turn on system protection if it’s not already on. And then you can choose how much disk space to reserve, usually no more than 2 or 3 percent.

#3 Power plan

If you want to prolong your laptop’s battery life, one of the best things you can do is switch the Power Saver, High Performance, and Balanced power plans based on your needs. To choose a plan, right click the battery icon in the lower-right corner of your screen and click Power settings. Next, click Additional power settings to select a power plan.

#4 App installation tolerance level

To restrict which apps can be installed on your laptop, you can disallow anything that isn’t in the Windows Store. Go to Settings Apps Apps & features and you can choose whether to permit installations from only the Windows Store, any app installations (with a warning), or unrestricted app installations.

#5 Remove bloatware

Vendors package new laptops with lots of trial apps, which are mostly unnecessary and unwanted software called bloatware.

Windows 10 offers an easy way to see which apps are installed on your new laptop and a quick way to uninstall those you don’t want. Head to Settings Apps Apps & features and peruse the list. If you don’t want an app and are 100% certain your computer doesn’t need it, click the Uninstall button.

#6 Anti-ransomware

Ransomware is a form of malicious software (or malware) that makes all your data inaccessible until you pay a fee to hackers.

To combat it, type ‘Windows Defender Security Center’ into the search bar at the bottom of your screen, click it and go to Virus & threat protection > Virus & threat protection settings. Here, you’ll be able to enable a new option called Controlled folder access, which protects you against ransomware attacks. By default, the Desktop, Documents, Music, Pictures, and Videos folders are protected, but you can add others too.

Do you know what settings to change and update to optimize your laptop? This article barely scratches the surface of Window 10’s security and efficiency settings. Call us today at 800-421-7151 for a quick chat with one of our Microsoft experts about taking yours to the next level.