Hackers’ Newest Trick Hides Ransomware While It Encrypts Victims’ Files

A ransomware variant known as Snatch is now more dangerous than ever. Learn about the newest trick that cybercriminals are using to make this ransomware harder to detect while it is encrypting files.

Cybercriminals have been using a ransomware variant known as Snatch to encrypt files on Windows computers since 2018. Recently, researchers at SophosLabs discovered that hackers have added a new capability that makes Snatch more dangerous. The ransomware now reboots infected computers into Safe Mode before encrypting the files on their hard drives. When a computer is rebooted into this troubleshooting mode, a limited set of software is loaded. Most security software does not run in Safe Mode, letting Snatch avoid detection while it encrypts victims’ files.

Snatch is also dangerous for another reason. Before encrypting files and holding them for ransom, it steals massive amounts of data from victims.

Because of the increased threat, it is a good idea to have a basic understanding of who is behind this attack and how it is carried out.

The Group Behind the Snatch Attacks

The cybercriminals behind Snatch are big game hunters. Instead of using mass-distribution methods (e.g., phishing emails) to get ransomware installed on as many computers as possible, big game hunters select and study specific targets and use sophisticated delivery methods to get ransomware installed in their networks. The targets are typically companies and other types of organizations because they are more likely to pay big ransoms.

To see whether the Snatch victims have been paying big bucks to get their files back, the SophosLabs researchers contacted Coveware, a company that specializes in extortion negotiations between ransomware attackers and their victims. The researchers learned that Coveware had negotiated with the Snatch cybercriminals on 12 occasions between July and October 2019. The ransom demands ranged from $2,000 to $35,000 [USD].

How the Attacks Are Carried Out

Because the Snatch cybercriminals are big game hunters, they do not sit around and wait for an employee to fall for a phishing email ruse to get the ransomware installed into a target’s network. Instead, they typically pay for the information they need (e.g., purchase compromised credentials on the dark web) or work with another hacker to breach the target’s network. In the latter case, they sometimes launch an automated brute-force password attack to crack the password of an exposed service account. Once they have a foothold, they use various tools and techniques to access other machines in the network.

In one case, the cybercriminals were able to access a company’s network by cracking the password of an administrator account on a Microsoft Azure server, which they logged in to using the Remote Desktop Protocol (RDP). They then leveraged the administrator account to access a domain controller in the network.

The Snatch cybercriminals used the domain controller to gather some initial data about the network. Based on what was learned, they installed various programs on key machines, including additional surveillance apps, remote access malware so they could easily access those machines, and a Windows utility that enabled them to discover even more computers to target on the network. They then continued to gather and steal data.

Eventually, the hackers downloaded the actual ransomware component to the compromised machines. The ransomware installed itself as a Windows service named SuperBackupMan and added a registry key that enabled the service to run in Safe Mode. The ransomware then issued a command that forced the machines to reboot into Safe Mode.

Once a computer was in Safe Mode, Snatch went to work. It first deleted the existing Volume Shadow Copy Service files (aka shadow copies) and then encrypted the files on the machine’s local hard drive. The shadow copies were deleted to prevent the company from using them to recover the files that were encrypted by the ransomware.

What You Can Do to Protect Your Company

Although Snatch is sophisticated ransomware, there are some surprisingly simple ways to help mitigate an attack:

  • Use two-step verification (aka two-factor authentication) for service and administrator accounts. That way, even if an account’s password is compromised, it cannot be used to gain access to the account. If using two-step verification is not possible, at least use strong account passwords and implement an account lockout policy to thwart brute-force password-cracking attacks.
  • Disable or secure RDP. Cybercriminals like to use RDP to remotely access computers in companies’ networks. For this reason, you shouldn’t enable RDP if it isn’t needed. If your business uses remote access, you need to secure RDP. There are several ways to do this, such as using an RDP gateway.
  • Regularly back up files and systems, and make sure the backups can be successfully restored. Although having restorable backups will not prevent a Snatch attack, you won’t have to pay the ransom if the attack is successful.

For the most effective protection, these measures should be part of a comprehensive security strategy that includes other defenses such as applying the principle of least privilege and regularly updating software to patch known vulnerabilities. We can help you create and implement a strategy that will help protect your company against all types of malware.

Update Your iPhone or iPad to Patch the AirDoS Bug

If your iPhone or iPad is not running the latest system software, you could fall victim to an attack that could make your device temporarily unusable. Here is what you need to know about the vulnerability behind this attack.

Devices running iOS 13.2, iPadOS 13.2, or earlier versions of these operating systems contain a vulnerability that hackers can use to launch a Denial of Service (DoS) attack.

The Vulnerability and How It Is Exploited

The security researcher who discovered the vulnerability refers to it as “AirDoS” because it can be exploited to launch a DoS attack that involves the AirDrop feature. This built-in feature lets iPhone and iPad users share files (e.g., documents, photos) with each other via a Wi-Fi or Bluetooth connection.

Hackers can exploit this bug to attack all nearby iPhones and iPads that are not patched. In the attack, an AirDrop box pops up, indicating that someone wants to share a file with you. The box gives you the option of accepting or declining the file. No matter which option you choose, the pop-up box immediately reappears. This creates an endless loop that prevents you from being able to use your device. The pop-up box will persist even if you lock and then unlock your device.

What to Do

What should you do if you fall victim to an AirDrop attack? First, try moving out of range. The attack occurs over a Wi-Fi or Bluetooth connection, so the attacker has to be nearby.

If moving out of range is not possible (e.g., you are on an airplane), you can ask Siri to turn off Wi-Fi or Bluetooth. Alternatively, you can lock your device, access the Control Center from the lock screen (assuming this capability is enabled), and turn off AirDrop, Wi-Fi, or Bluetooth from the Control Center.

While stopping an AirDoS attack is possible, it is better to prevent one altogether. The best way is to upgrade your iPhone to iOS 13.3 or your iPad to iPadOS 13.3. This will patch the vulnerability. Before upgrading, though, be sure to back up your device.

To prevent similar attacks in the future, you should also configure AirDrop so that only people in your contacts list can share files with you. You might also consider keeping AirDrop, Wi-Fi, and Bluetooth disabled when not in use.

4 Trends to Track in 2020

It is important for companies to keep track of IT developments that can affect their businesses. Here are four trends to watch in 2020.

The IT world changes often. While it would be impossible to keep abreast of every change that occurs, knowing about and keeping track of important IT developments is important. This information can help companies seize opportunities and avoid mistakes.

Here are four developments that businesses should watch in 2020:

  1. Smaller Businesses Will Increasingly Turn to AI as a Service

Artificial intelligence (AI) can help companies increase productivity, reduce costs, improve responsiveness, and much more. However, smaller businesses typically do not have the resources or expertise to develop AI-based solutions on their own.

Fortunately, a growing number of cloud service providers will offer AI-based business solutions as services.  “During 2020, we will see wider adoption and a growing pool of providers that are likely to start offering more tailored applications and services for specific or specialized tasks,” predicts AI author and futurist Bernard Marr. “This will mean no company will have any excuses left not to use AI.”

The Forbes Business Council foresees that AI as a Service (AIaaS) will be particularly beneficial for cybersecurity. Adversarial machine learning has been found to be effective at detecting breaches, but the cost of setting up this type of solution is high. As an AIaaS offering, smaller companies will be able to afford taking advantage of it.

  1. More Consumers Will Join the Fight to Protect Their Data and Their Privacy

After another year of numerous data breaches and controversial data practices being uncovered, consumers are joining together in a chorus of “We aren’t going to take it anymore.” Instead of shrugging their shoulders and resigning to the thought that there is nothing they can do, consumers are taking a more active role in protecting their personal data and their privacy.

One action that more consumers will take is to fight for their data privacy rights in court. Forrester predicts that privacy class-action lawsuits will increase by 300% in 2020. Plus, consumers will begin to push harder for data privacy regulations as well as take advantage of new tools being offered that can stop their personal data from being collected.

Some marketers will get onboard as well. “In 2020, we predict that some marketers will get ahead of the curve by curbing their reliance on third-party data,” stated Forrester. “Marketers will move away from laborious and often unwanted personalization efforts. Instead, they’ll seek to authentically connect with customers through targeted experiences.”

  1. Companies Will Be Able to Take Advantage of 5G Sooner Rather Than Later

Last year, Gartner expected that public 5G networks would not be capable enough to meet the needs of companies by 2025 because the wireless carriers would initially concentrate on providing 5G services to consumers. While the carriers have been concentrating 5G coverage for consumers, they have not forgotten about businesses. For example, Verizon worked with Newport News Shipbuilding to set up the first 5G shipyard. The carrier also worked with organizations to set up 5G service in 16 football stadiums and 5 indoor arenas.

“2020 is likely to be the year when 5G really starts to fly, with more affordable data plans as well as greatly improved coverage, meaning that everyone can join in the fun,” foresees Marr. So, businesses might want to explore how they could benefit from 5G and start making plans accordingly.

  1. Securing IoT Devices Will Tie Up Companies’ IT Resources

Nowadays companies often connect unconventional devices such as thermostats, lights, sensors, and security cameras to the Internet. These items are referred to as Internet of Things (IoT) devices.

In 2019, there were more than 25 billion IoT devices — and that number is expected to triple by 2025.

This proliferation of IoT devices means that companies will have more devices and software they need to protect. Half the battle will be trying to find all the devices that have been connected to the web, according to Marr. “Tech teams may well find themselves spending less time at their desks and more time up ladders and poking around and playing find-the-unsecured-device than they are used to.”

One area where the tech teams will need to look is at the edge of their networks. Gartner predicts that there could be more than 20 times as many smart devices at the edge of the network than in conventional IT roles by 2023.

Company Was Hacked More Than 20 Times Over Nearly 2 Years

For nearly two years, a business was unaware that a cybercriminal was repeatedly hacking its IT systems, which lead to the cybercriminal stealing the personal data of 1 million people — and an FTC investigation. Here is what the FTC found and the lessons that you can learn from this case.

For nearly two years, InfoTrax Systems, a provider of direct-sales solutions, was unaware that its IT systems were being repeatedly hacked. InfoTrax only discovered the breaches after a data archive file created by the cybercriminal maxed out the server’s storage capacity, prompting an alert. In all, the company’s server and client websites (which were maintained by InfoTrax) were hacked more than 20 times between May 2014 and March 2016. In March 2016 alone, the hacker stole the personal data of 1 million people.

In response to the breaches, the U.S. Federal Trade Commission (FTC) launched an investigation. The FTC found that InfoTrax failed to use “reasonable, low-cost, and readily available security protections to safeguard the personal information it maintained on behalf of its clients”. These findings led the FTC to sue InfoTrax and its former CEO Mark Rawlins for violating the FTC Act. On November 12, 2019, InfoTrax and the FTC reached an agreement to settle the case. To understand the settlement, it helps to take a closer look at what the FTC found and how the data breaches occurred.

A Closer Look at the Case

The FTC found that InfoTrax engaged in a number of unreasonable data security practices, according to the FTC complaint. For starters, the company stored consumers’ personal information in plain text on its network. This data included not only their full names, physical addresses, and telephone numbers but also their social security numbers (SSNs), payment card information (including account numbers, card verification values, and expiration dates), bank account numbers, and login credentials.

In addition, the FTC found that the company failed to:

  • Implement measures (e.g., file integrity monitoring tools, an intrusion prevention and detection system) to detect anomalous activity and cybersecurity events
  • Adequately segment its network to ensure that one client could not access another client’s data on the network
  • Adequately assess cybersecurity risks by performing code reviews and network penetration testing
  • Detect malicious file uploads by implementing protections such as input validation
  • Adequately limit the locations to which third parties could upload unknown files on the company’s network
  • Have a systematic process for inventorying consumers’ personal information and deleting the data that was no longer needed

A cybercriminal had taken advantage of the lack of security measures and hacked into InfoTrax’s server. Once inside, the intruder uploaded malicious code that gave him or her the ability to remotely control the server. The hacker was able to access data, upload new files, and perform other actions. The cybercriminal also hacked into client websites that were maintained by InfoTrax.

In March 2016 the hacker stole data from InfoTrax’s server and client websites on four separate occasions. In all, the intruder got away with the personal data of 1 million people, including distributors and their customers (aka end consumers).

It wasn’t long before the stolen personal data started to be used. For example, the data breach response team hired by one of InfoTrax’s clients received more than 280 reports of alleged fraud from that client’s distributors and end consumers. The acts of fraud included unauthorized credit card charges, new lines of credit being opened, tax fraud, and misuse of information for employment purposes.

The Settlement

To settle the case, InfoTrax agreed to not collect, sell, share, or store personal data unless it implements an information security program that would address the security failures identified in the FTC complaint. In addition, InfoTrax is required to obtain an objective, third-party assessments of its information security program after the first 180 days and thereafter every two years for the next 20 years. Each violation found can result in a civil penalty of up to $42,530.

In a press release, InfoTrax CEO Scott Smith responded to the settlement. He commented:

“Without agreeing with the FTC’s findings from their investigation, we have signed a consent order that outlines the security measures that we will maintain going forward, many of which were implemented before we received the FTC’s order.”

“We deeply regret that this security incident happened. Information security is critical and integral to our operations, and our clients’ and customers’ security and privacy is our top priority.”

Two Important Lessons Learned

There are two important lessons to be learned from InfoTrax’s experiences. The most crucial one is that U.S. companies can be held liable for safekeeping personal information even if they do not fall under the jurisdiction of regulations such as the United States’ Health Insurance Portability and Accountability Act or the European Union’s General Data Protection Regulation (which applies to U.S. companies if they have customers who live in the European Union).

Section 5(a) of the FTC Act (15 USC §45) prohibits “unfair or deceptive acts or practices in or affecting commerce.” The five FTC commissioners unanimously agreed that InfoTrax violated this provision. They wrote:

“… the failure to employ reasonable data security practices to protect personal information — including names, addresses, SSNs, other government identifiers, and financial account information — caused or is likely to cause substantial injury to consumers that is not outweighed by countervailing benefits to consumers or competition and is not reasonably avoidable by consumers themselves. This practice was, and is, an unfair act or practice.”

The other lesson to heed is the importance of implementing measures to detect IT system intrusions and data breaches. The average time it takes for businesses to identify that a data breach has occurred is 206 days, or about 7 months, according to a 2019 data breach study. It can take much longer, though, if no measures are in place to detect intrusions and data breaches. For example, in InfoTrax’s case, it took the company around 22 months to realize its systems and data were being breached. The longer it takes to identify and contain a data breach, the more costly it will be for the company, according the data breach study.

We can help you avoid this costly mistake by recommending ways to identify suspicious activity in your network. We can also make sure that your network has other safeguards in place to keep your business’s data out of hackers’ hands.

Flaws in Qualcomm Chipsets Are Leaving Android Devices Vulnerable

The Qualcomm chipsets in many Android smartphones have vulnerabilities that could let cybercriminals gain access to passwords and other highly sensitive data stored in the devices. Here is what you need to know about these flaws.

Cybercriminals access the area where passwords, fingerprint scans, payment card numbers, and other highly sensitive data are stored. Check Point security researchers found and were able to exploit these vulnerabilities in Samsung, LG, and Motorola phones. Many other phones are also likely vulnerable, as other mobile device manufacturers use Qualcomm chipsets as well.

Where the Flaws Lie

The security researchers discovered that the vulnerabilities lie in Qualcomm’s Secure Execution Environment, which is the company’s implementation of the Trusted Execution Environment (TEE). Simply speaking, TEE is a secure system environment inside a processor. One of the hardware technologies used to support TEE is TrustZone from Arm.

Arm Cortex-A processors use the TrustZone technology to create two virtual cores — a secure (aka trusted) area called the “Secure World” for security operations and a not-as-secure (aka non-trusted) area known as the “Non-Secure World” or “Normal World” for normal operations. The two worlds are hardware separated, each with its own operating system, storage area, apps, and other components. In the Secure World, trusted apps implement crucial security features such as fingerprint recognition and cryptographic operations. Mobile device manufacturers can also add their own trusted apps for any purpose.

Apps in the Non-Secured World cannot directly access the trusted apps or other resources in the Secure World. Work that must occur between both worlds takes place through software referred to as the “Secure Monitor”. The command handler of a trusted app receives a data from the Non-Secured World through the Secure Monitor.

Despite the separation of the two worlds in Qualcomm’s Secure Execution Environment, researchers found that they could hack the area where highly sensitive data is stored in the Secure World. They did so by using a technique called fuzzing — the injection of a massive amount of random data into a program or system to find bugs and security vulnerabilities in it. In this case, the researchers built a feedback-based fuzzing tool that injected random data into the command handlers of trusted apps on Samsung, LG, and Motorola phones. They found vulnerabilities associated with several of those trusted apps.

The Aftermath

The researchers alerted Qualcomm about the vulnerabilities when they initially discovered them in June 2019. In mid-November 2019, Qualcomm let the researchers know that it fixed the issues and sent updates to the various mobile device manufacturers.

Samsung, LG, and Motorola indicated that they have incorporated the patches into the firmware for the smartphone models they offer or are in the process of doing so. They will be sending the various versions of their updated firmware to the appropriate cellular carriers. The carriers will then test the updated firmware to make sure the changes do not cause any problems. If there aren’t any issues, the carriers will push the updates out to phone users.

What You Need to Do to Protect Your Mobile Device

The vulnerabilities found in the Qualcomm chipset firmware are serious, as hackers could exploit them to steal highly sensitive information. So, if you have an Android smartphone with a Qualcomm chipset, you need to make sure that the latest updates are being installed on your device.

Keeping a mobile device’s firmware and software updated is a good practice no matter who manufactured your phone and its chipset. It is one of several precautions you can take to secure your smartphone. If you would like to learn about the other security measures you can take to protect it, let us know.

Two New, Unconventional Ransomware Programs Might Be Coming Your Way

Two new ransomware variants — AnteFrigus and PureLocker — made the rounds in November 2019. Learn why these programs caught the attention of security experts.

Although numerous ransomware variants exist, they often exhibit common behaviors and use similar tools and techniques. But that’s not the case for two variants discovered in November 2019. AnteFrigus and PureLocker are unconventional ransomware programs that have caught the attention of security experts.


When it comes to ransomware programs, security researchers aren’t usually left wondering why the creators designed the programs they way they did. However, AnteFrigus has left researchers scratching their heads, wondering “Why did its creator do that?”

Typically, ransomware programs find out what drives and network shares are accessible on a computer and then try to encrypt the files on those drives and shares. The local C drive is of particular interest, as this is where most people store their files.

AnteFrigus, however, does not encrypt any data on the C drive or on unmapped network shares. Instead, it only targets a computer’s D, E, F, G, H, and I drives. Security experts are uncertain whether this peculiar behavior is a feature or a flaw in the ransomware code.

The experts do know, though, how AnteFrigus is spread. Cybercriminals are using malvertising to redirect people to a page that installs the RIG exploit kit. In this case, the kit looks for Microsoft Internet Explorer vulnerabilities that it can exploit to install AnteFrigus on the victim’s computer. If successful, the ransomware encrypts files on the aforementioned drives and displays a ransom note that contains a link to the Tor payment site. On that site, the victim is given the ransom amount and a Bitcoin address to which to send the payment. In one test, the ransom was listed as $1,995 [USD] but the victim is warned it will increase to $3,990 if not paid in four days.


While not as peculiar as AnteFrigus, PureLocker also displays some unconventional behavior. PureLocker is being used in targeted attacks against companies’ production servers. As a result, it does not immediate start encrypting files once installed like most ransomware programs do. Instead, PureLocker conceals itself by masquerading as a Crypto++ cryptographic library, which allows it to evade sandbox detection. Plus, it periodically checks to see if it is being scrutinized. If any of the checks fail, it will exit without deleting itself to avoid raising any red flags. PureLocker executes only when certain conditions are met. In one case, PureLocker waited more than three weeks before executing, evading detection the entire time.

Another oddity that sets PureLocker apart is that it is written in PureBasic. Cybercriminals seldomly use this programming language to write ransomware programs.

Like AnteFrigus, PureLocker displays a note that does not specify the ransom amount. Instead, the note provides a unique Proton email address that the victim must use to find out this information.

How to Defend Your Business

To defend against AnteFrigus, PureLocker, and other ransomware variants, consider taking these precautions:

  • Use security software. It can help detect and block known ransomware.
  • Make sure the operating system software and apps on your business’s computers are being updated regularly. Cybercriminals like to use exploit kits that target programs with known vulnerabilities so they can access victims’ computers. Patching these vulnerabilities reduces the number of exploitable entry points.
  • Educate employees about the importance of avoiding questionable websites and any sites marked as potential security threats by their web browsers or security software. These websites might contain malvertising or other malicious code that could lead to a ransomware attack.
  • Educate employees about other ways ransomware can get on computers, such as through phishing emails. Warn them about the dangers of clicking links and opening attachments in these emails.
  • Keep email filtering tools up-to-date. These tools use various filters to help weed out phishing emails. Most email programs include filtering tools, but you can also purchase advanced filtering solutions.
  • Make sure that Microsoft Word and Excel macros are disabled on computers running those apps. A ransomware attack can be initiated by malicious commands hidden inside a macro.
  • Regularly back up your files and test those backups. As AnteFrigus and PureLocker demonstrate, cybercriminals are constantly creating new ransomware variants, so you need to be prepared for the possibility of a ransomware infection. If you regularly back up your systems and data, you won’t have to pay the ransom.

We can help you take the actions necessary to protect your business from ransomware.

5 Problems That You Can Solve With Effective Document Management

Managing paperwork can be a burden, but there are ways to make it better. Here’s how to fix a handful of common document management problems.

Some people will tell you that there is only one constant in this world: change. Businessmen, on the other hand, will tell you that there’s at least one more constant that they must contend with, namely paperwork. Every company on the planet has a way of keeping track of their documents. Yet, in spite of the technological advancements made over the years, many businesses are still relying on outdated methods.

Modern document management technology uses software and scanners to store digital copies of your documents as well as the digital information in your databases. This technology can help you avoid some of the difficulties faced by companies that use outdated or poorly structured document management systems.

Here are 5 problems that you can solve with effective document management:

1. Unable to Find the Right Document

If you can’t find a file when you want it, then your document management system isn’t doing its job. A quality system ensures that your files are organized and easily accessible. It should also feature a good search function, so that you can quickly look up a document.

2. Working on the Wrong Version of a File

It is amazing how much time is lost because an employee was working on the wrong version of a document. A 2013 survey from the Harris Interactive market research firm showed that 83% of knowledge workers in the US and UK lose time every day due to versioning issues. Nearly half of them have sent the wrong version of a document to a client, colleague, or supervisor and 57% are often confused about whether or not they are working on the right version.

Companies that use high-quality document management systems don’t have to worry about this problem. These systems show when a document was changed and who made the changes, so you’ll always know whether or not you are working on the most up-to-date version. Similarly, you can read through and work on older copies of a document, in case you need to find something that didn’t make it into later versions.

3. Forced to Merge Documents Manually

According to the Harris Interactive survey, 56% of knowledge workers have to manually merge the different versions of their documents. They often lose a lot of time cross-referencing between these versions while looking for changes that were made in one copy but not the other. In contrast, a good document management system will let you avoid this issue entirely, since they automatically merge versions of a document.

4. Loss of Productivity

As noted above, 4 out of every 5 knowledge workers lose time because of document versioning problems. However, nearly three-quarters of employees lose time when simply looking for files. The fact of the matter is that bad document management systems severely damage your team’s productivity. Using a top-of-the-line system, on the other hand, can save your staff time.

5. Employee Frustration

A bad document management solution can do more than just hurt your staff’s productivity. It can also create widespread job dissatisfaction and tension at the workplace. In some cases, employees have become so frustrated with their document management systems that they’ve started to yell at their computers. Many workers think that working with a bad document management system is more frustrating than locking their keys in their cars, and a majority of them have said that they would rather work on a weekend than deal with these systems.

Difficult Problems, Easy Solutions

With the right document management system, you can avoid these exhausting difficulties. A quality solution can simplify the way that your staff handles documents, which in turn can create a better workplace environment. By letting you rely on digital documents instead of physical ones, these systems can cut costs as well as boost productivity. Talk to a trusted IT partner about the best way to upgrade your document management system.

6 Considerations When Choosing an Anti-Spyware App

Cybercriminals use spyware to record keystrokes, copy files, read emails and much more. One of the best ways to keep spyware off your devices is to use an anti-spyware program. Here are six things to consider when selecting one.

Spyware is a type of malware that can send chills up the spine of even the most hard-core Internet user. Once it is on your device, cybercriminals can use it to record your keystrokes, make copies of your files, snap pictures, read your emails, and much more — and you’ll be unaware this is occurring because spyware runs silently in the background. The information it collects about your activities is then sent to the cybercriminals via your Internet connection. They often use the information to steal money, personal data, and intellectual property.

One way to minimize the risk of being spied on is to use an anti-spyware program, which detects and removes spyware. You might already have one installed on your device and not realize it, as many security solutions include spyware protection.

If your security solution does not offer this protection, you can purchase and install a standalone anti-spyware app. All anti-spyware programs are not created equal, though. Here are six considerations to keep in mind when selecting one:

  1. Is the Anti-Spyware App from a Reputable Provider?

Many free and paid anti-spyware programs are available. Some free apps, though, contain spyware or other types of malware. For this reason, you need to research any anti-spyware app you are considering, especially if it is free. In addition, you should obtain the anti-spyware program directly from a reputable vendor’s site or another trusted source. Don’t get it by clicking links in Internet ads, pop-up ads, unsolicited emails, or untrusted sites.

  1. Is the App Compatible with Your Existing Security Solution?

If you already have a security solution on your device, you need to make sure the anti-spyware program you are adding is compatible with your existing security solution. Conflicts can slow down your device and leave you less protected.

  1. How Big is the Database?

Anti-spyware apps detect spyware using heuristic (rules-based) methods or downloaded definition files that identify known spyware programs. If an app uses definitions files, you need to make sure the provider’s database has a sizable number of definitions and it is continually updated. The larger the database, the more spyware the app can identify and remove.

  1. Does the App Support Automatic Updates?

Like other forms of malware, spyware is continually evolving. Reputable providers of anti-spyware programs know this, so they are constantly updating their code and their databases (if applicable). While all providers will offer updates, it is best to choose an app that features automatic updates. Manually downloading and installing updates can be time-consuming and risky if you forget to do so.

  1. Does the App Actively Monitor the Device?

Some anti-spyware programs detect and remove spyware only when you manually perform a scan. A better alternative is to use an app that actively monitors the device to find and remove spyware. That way, the spyware might not be installed in the first place.

  1. How Effective Is the App at Detecting and Removing Spyware?

An anti-spyware app needs to be good at detecting and removing spyware. You don’t want an app that fails to detect a lot of spyware programs or gives many false-positives (i.e., it says a program is spyware but it isn’t). Plus, the app needs to effectively detect and remove spyware without affecting your device’s performance or your productivity. Sorting out which apps are the best at detecting and removing spyware requires research. We can help you research and sort through the options so you have the best anti-spyware app on your device.

Online Holiday Scams & How to Protect Your Data

December is the busiest shopping month of the year with several gift giving holidays within. Companies send out more email volume during this time to past purchasers or potential buyers and hackers are aware of this busy shopping season and will attempt to steal your information.

Earlier this month, the Department of Homeland Security issued a release with tips to avoid phishing and malware scams which are worth paying attention to. We list popular ways hackers are tricking shoppers and how to protect yourself this holiday season. Happy online shopping!

Picking up YOUR packages                                                            

Companies are tailoring their purchase process to easier consumer methods such as buying products online that are picked up at a physical location. Make sure when purchasing this way that the merchant has a secure method to picking up the products in person, as well as a secure checkout page when purchasing beforehand.


Similar to skimming a card and stealing that information, e-skimming works on the checkout page with javascript running in the background that steals your card details. Sometimes the hacker’s code looks like an application installing to complete the checkout process, which should never be the case. Use protective tools your browser offers to protect your information with encryption, and make sure the website is secure with an ‘https’ before the URL.


Bank and credit cards are now equipped with chip enabled technology to crack down on skimming, a method where criminals attached a device to a transaction machine which were commonly attached to gas stations. However, with advancement of secure technology comes the threat of criminals cracking the technology to steal your card information, and have now started “shimming” chip cards successfully. Hackers place a “shim” or a thin device into the slot where you would stick the chip end of your card and will save your card information and used in instances where chip technology is not required, such as online purchases. You can protect yourself by setting up transaction alerts every time your card is used or use the contactless feature when paying so information cannot be stored and sold to third parties later.

Quick Checklist

While there are always new methods of hacking your secure information there are easy solutions and methods you should use when shopping online:

  • Don’t download shopping apps directly from a link as it could be malware installing onto your device.
  • Make sure you have researched the party purchasing from.
  • Check the URL to be sure you are on the correct page, and not a 3rd party page claiming to be the original company.
  • Make sure the site is ‘https’ enabled, not ‘http.’
  • Do not shop on public wi-fi, use private wi-fi that is secure and password protected.
  • Setup transaction alerts to monitor your accounts.

Whether holiday shopping online or sending secure data for business operations, don’t allow an unsecured network put your financial data at risk. Ask how our secure network monitoring services can improve your online security.

The E.U. – U.S. Privacy Shield Review is in

The E.U. Commission had their 3rd annual review of the E.U. – U.S. Privacy Shield this October, with the goal to evaluate the compliance of the agreement in place and the green light to continue.

In 2016, the Privacy Shield agreement was designed by the U.S. Department of Commerce and European Commission for companies to have a mechanism in place to comply with data protection requirements when transferring personal data. While entirely voluntary, this agreement encourages companies from either side to benefit from the Framework’s requirements. All companies that enroll benefit from an organization created to show a commitment to data security, and provides added security to potential clients that their data will be held to the highest of standards.

This year, the annual review focuses on the day-to-day functionality of the E.U. – U.S. Privacy Shield and to ensure an adequate level of protection for personal data transferred under the agreement. There are currently 5,000 companies currently participating under the agreement.

The Good News

The E.U. Commission maintained that the Privacy Shield agreement continued an adequate level of protection and that there were improvements from the previous year’s review, including appointing a permanent Privacy Shield Ombudsman, that completes the staff vacancy for the first time since the agreement’s inception.

The Uncertain News

During the review assessment, several recommendations were made that include:

  • Strengthening the re-certification process for companies that want to participate. The report shows that companies remained on the “active” list too long without being re-certified continuously.
  • “Spot” checks. The report asks to expand these spot checks to additional areas such as investigating false claims of being associated with the agreement.
  • The report also expects the FTC (Federal Trade Commission) to step up its investigations into compliance, and creating a joint guidance of additional data issued by the DOC, FTC, and EU Data Protection Authorities.

The Future of the Agreement

While the EU Commissioner’s report overall approved the framework of the program to proceed another year, the Court of Justice in the E.U. is reported to give a ruling next year whether E.U. citizens’ personal data can legally be shipped to the U.S. If the court rules the U.S. surveillance programs violate its citizens’ privacy, then companies will have to halt data moving oversees, such as payroll information. This poses quite a disruption to corporations should the ruling be denied, but will have to wait until spring of 2020 to know the final decision. Until then, the E.U. – U.S. Privacy Shield agreement remains in place.

Using Galaxy S10 or Note10? Be Sure to Install the Biometric Update

The Galaxy S10, S10+, S10 5G, Note10, and Note10+ smartphones have a flaw that allows any fingerprint to unlock the devices when certain screen protectors are used. Learn why this problem is occurring and how to fix it.

The Galaxy S10, S10+, S10 5G, Note10, and Note10+ smartphones have a flaw that allows any fingerprint to unlock the devices when certain screen protectors are used. While concerns about using screen protectors with these devices have been raised in the past, the problem took center stage when The Sun published an article about a Galaxy S10 user who found that anyone could unlock her phone after she put a gel screen protector on it.

Even worse, since the same biometric authentication system is used to log in to online service accounts, this flaw could potentially allow unauthorized individuals to access financial service accounts. This threat prompted several banks to temporarily suspend their mobile banking services for Galaxy S10 and Note10 users.

In a public statement, Samsung confirmed this problem exists and promised to deliver a patch to fix it. The company also issued an apology and again promised a patch in a message sent to customers through Samsung Members, its customer support app.

The Problem

The root of the problem lies in the technology being used for fingerprint authentication. The Galaxy S10, S10+, S10 5G, Note10, and Note10+ phones have a new type of fingerprint sensor. (The Galaxy S10e does not use this new sensor.) Instead of using a capacitive fingerprint reader on the side or back of the device, they use an ultrasonic fingerprint reader that is located underneath the display screen. The ultrasonic sensor uses sound pressure waves to read a finger’s 3D surface area.

Certain types of screen protectors can interfere with the ultrasonic fingerprint reader’s sound pressure waves. Plastic screen protectors typically do not pose a problem. However, the same cannot be said for tempered-glass and silicon (aka gel) screen protectors, which can leave a small air gap that interferes with the scanning. In addition, some silicon protectors have a textured surface on the inside that might be erroneously recognized as a fingerprint.

The Solution

Samsung has kept its promise and has rolled out a patch to fix the problem. Called the Biometric Update, it installs version of the Fingerprint firmware. Affected users will receive a notice to install this patch.

Once the update is installed, users will need to restart their devices. In addition, if they scanned and registered their fingerprints when a screen protector was in place, they should delete the fingerprints and register them again without a screen protector on their device. Samsung also recommends that people avoid using screen protectors, especially if they have a textured surface on the inside. If users do not want to follow this recommendation, they should at least get one that is certified by the company.

Since the Biometric Update is a staged rollout, it might take a while to reach everyone, especially if cellular carriers test it first. While waiting for the patch, Samsung recommends that Galaxy S10 and Note10 users take some precautions. They should remove their screen protectors, delete their registered fingerprints, rescan and re-register their fingerprints, and refrain from putting the screen protectors back on.

4 Ways You Can Make Microsoft Edge More Convenient to Use

Customizing your web browser will make it easier to use, which can make you more productive. Here are four ways you can customize Microsoft Edge.

Microsoft Edge provides many ways you can customize it. Having a browser tuned to your likes and dislikes will make it easier to use, which can make you more productive. Here are four ways you can customize Edge.

  1. Personalize the Opening Page

By default, Edge automatically opens to its start page, which includes a search bar, news stories, and ads. However, you can configure Edge so that it instead opens a web page you specify, a new tab page, or the pages you had open when you last closed the browser.

To customize the opening page, perform these steps:

  1. Click the “Settings and more” icon (it looks like an ellipsis) in the top right corner of Edge.
  2. Select “Settings” at the bottom of the menu that appears.
  3. Find the “Open Microsoft Edge with” option in the right pane and select one of the following settings: “New tab page”, “Previous pages”, or “A specific page or pages”. If you select the latter, you will need to enter the desired site’s address and click the “Save” icon. You can use the “Add new page” option to specify the addresses of any additional sites you want automatically opened.
  4. Double-click somewhere outside the settings box to save the changes and close the box.
  1. Change the Default Search Engine

Bing is the default search engine in Edge. If you typically use a different search engine (e.g., Google), you can configure Edge to automatically use it instead, assuming the engine uses the OpenSearch technology.

To set a different default search engine, do the following:

  1. Go the website of the search engine you want to use (e.g., www.google.com).
  2. Click the “Settings and more” icon in the top right corner of Edge.
  3. Choose “Settings” at the bottom of the menu that appears.
  4. Select “Advanced” in the left pane.
  5. Click the “Change search provider” button in the “Address bar search” section at the bottom of the right pane.
  6. Select the desired search engine from the list, as Figure 1 shows.
  7. Click the “Set as default” button.
  8. Double-click somewhere outside the settings box to save the changes and close the box.
  1. Add a Home Button

Google Chrome, Mozilla Firefox, and other web browsers have a home button that lets users quickly open a favorite site they have specified as the home page. Many people do not realize that Edge also has a home button because it is disabled by default.

Here is how to enable the “Home” button and set the home page to one of your favorite sites:

  1. Click the “Settings and more” icon in the top right corner of Edge.
  2. Select “Settings” at the bottom of the menu that appears.
  3. Move the “Show the home button” slider from “Off” to “On”.
  4. Choose “A specific page” in the “Set your home page” drop-down list, enter your favorite site’s web address, and click the “Save” icon.
  5. Double-click somewhere outside the settings box to save the changes and close the box.
  1. Show the Favorites Bar

Like the “Home” button, the Favorites Bar is disabled by default in Edge. This bar displays icons for any web page you have marked as a favorite site and saved in the “Favorites Bar” folder.

Displaying the Favorites Bar is simple:

  1. Click the “Settings and more” icon in the top right corner of Edge.
  2. Select “Settings” at the bottom of the menu that appears.
  3. Move the “Show the favorites bar” slider from “Off” to “On”.

CCleaner: A Tale of Two Attacks

CCleaner has been the target of hackers twice in the last three years. Here are several lessons that you can learn from these attacks.

CCleaner — a popular app designed to clean up unused data, unnecessary settings, and other leftovers that can make computers run slower — was the target of hackers once again. In 2017, when Avast was in the process of acquiring CCleaner’s developer, Piriform, cybercriminals breached Piriform servers and inserted a backdoor into the app during the build process. Neither the breach nor the backdoor was discovered at that time, so two versions of the utility (the 32-bit and cloud versions) were released with the malware in it. Avast cleaned up the mess, but not without taking a serious hit to its reputation given that it is a cybersecurity firm.

In September 2019, Avast discovered that cybercriminals once again breached company servers in an attempt to insert malicious code into CCleaner. This time, though, the intrusion was detected and thwarted before hackers could insert any code.

How the 2019 Attack Occurred

To provide transparency and to let others learn from its experiences, Avast shared what happened in the 2019 attack. On September 23, 2019, the company noticed suspicious behavior in its network, so it started an investigation. The investigators found that the hackers accessed the company’s network by stealing an employee’s virtual private network (VPN) credentials for a temporary VPN profile that was mistakenly left active. Two-factor authentication (aka two-step verification) was not required to log into the VPN, so the hackers were able to get inside the network using the stolen credentials. Although the VPN account had limited privileges, the cybercriminals used privilege escalation to obtain domain admin rights.

Fortunately, Avast discovered the intrusion before the hackers were able to do any damage. To protect against future attacks, Avast has since implemented numerous security measures, including resetting all employee credentials.

Lessons Learned

There are several lessons that you can learn from Avast’s experiences. For starters, its experiences show that using only passwords — even strong, unique ones — is often not enough. Cybercriminals are frequently able to steal passwords or trick employees into revealing them. So, besides using unique, strong passwords, businesses should use two-factor authentication for business accounts. It adds an extra layer of protection that can prevent unauthorized access to your business’s online accounts. A 2019 research study by Google found that it prevents 90% of targeted attacks.

Another lesson learned is that even apps from reputable software providers can contain malware or security vulnerabilities. For this reason, it is a good idea to keep the number of software programs installed on your business’s computers to a minimum. Each app you use increases your company’s attack surface, especially if you do not patch or update it regularly.

Finally, Avast’s experiences highlight the fact that cybercriminals like to launch new attacks on companies that have been successfully hacked in the past. A 2019 report substantiated that companies that have been breached once are much more likely to be targeted again. That’s why you always need to be vigilant about securing your company’s IT environment. We can help by assessing your business to identify any weaknesses.

Microsoft Q&A: A New Site to Get Questions Answered

Microsoft is replacing the TechNet and MSDN forums with the new Microsoft Q&A site. Discover why this change is being made and what will happen with the existing information in the old forums.

For many years, users of Microsoft products and services have turned to the TechNet and MSDN forums to get their technical questions answered. However, the MSDN and TechNet forums are no longer meeting users’ needs. 

“We know how important it is for customers to have access to fast, accurate answers to questions about Microsoft technologies. However, the MSDN and TechNet forums are outdated,” according to Microsoft. “To provide the set of capabilities that our customers need and want, we created a robust, scalable, and reliable new platform called Microsoft Q&A.”

Introducing Microsoft Q&A

In the Microsoft Q&A site, participants will be able to ask and answer questions about all of Microsoft’s products and services. The site is part of the Microsoft Docs platform, so they just need to log in using the same credentials. Microsoft Q&A is a moderated site.

Microsoft has launched a preview of the Q&A site, which Figure 1 shows, so that people can explore how to ask and answer questions, search for existing Q&As, bookmark content, and perform other tasks. In the site, people can already post real questions and answers about a limited set of topics, most of which are related to Microsoft Azure at the time of this writing. Microsoft will continue to add more topics over the coming months. The goal is to get all topic areas on the site by the middle of 2020.

The preview site also includes links to an overview of Microsoft Q&A as well as a frequently asked questions (FAQ) page. Visitors can also use the “Site feedback” link to provide suggestions and feedback on the site.

What the Future Holds for the TechNet and MSDN Forums

Once the Microsoft Q&A site is running at full capacity, people will not be able to ask or answer questions in the TechNet and MSDN forums. However, they will still be able to view existing content. This is important because the forums’ existing content will not be migrated to Microsoft Q&A. 

Have a Question?

The new Q&A site was created to provide a one-stop shop to ask technical questions about all of Microsoft’s products and services. We are also an excellent resource for getting your questions answered and will provide you the personal touch you will not get with Microsoft. We can quickly provide accurate information about the products and services provided by Microsoft as well as other software and hardware companies.

New Firefox Version: Another Look

Mozilla has released version 70 of its Firefox web browser. Find out the main changes the company made to better protect your privacy.

Mozilla released version 70 of its Firefox web browser in October 2019. Its push this year has been building privacy-centric features that are enabled by default in its products, according to company officials. Toward that end, Mozilla has rolled out the free Privacy Protections report and other privacy-related features in Firefox 70.

The Privacy Protections Report

A new feature in Firefox 70 lets you view the Privacy Protections report within the browser. The report shows you:

How many trackers the Enhanced Tracking Protection service has blocked on your behalf. The Enhanced Tracking Protection service is a collection of Firefox features designed to protect your privacy when you are using the Firefox browser. The service is enabled by default and works behind the scenes, so you might not even be aware that it is running.

The Enhanced Tracking Protection service blocks different types of trackers that collect information about you. Besides cookies, it blocks:

  • Third-party trackers (trackers placed by websites you have not visited)
  • Social media trackers (trackers that social media sites place on other websites so they can see what you do online)
  • Fingerprinters (scripts that collect settings from your browser and computer)

The service also blocks cryptojacking scripts, which are designed to siphon your computer’s processing power.

How many known data breaches have exposed your personal information. In September 2018, Mozilla introduced Firefox Monitor, a free tool that you can use to see whether any of your email addresses have been compromised in publicly known data breaches. The Privacy Protections report lets you know at a glance if your email addresses have been compromised in any data breaches and whether any of your passwords have been exposed as a result.

How many passwords you have stored in Firefox Lockwise. Firefox Lockwise is a free password management suite. The Firefox Lockwise browser extension stores your passwords within the browser on your desktop computer. You can sync the passwords with Android and iOS mobile devices via a mobile app. With this setup, the passwords you save in Firefox will be available on all your mobile devices, without having to install the Firefox browser on them.

The Privacy Protections report lets you know how many passwords you have stored in Firefox Lockwise and how many mobile devices you have synced. In addition, you can quickly view your saved logins with the click of a button.

Other Privacy-Related Features

Mozilla has made other privacy-related changes in Firefox 70. For example, Firefox now strips path information from the HTTP referrer (i.e., data sent in an HTTP connection) sent to third-party trackers to prevent additional data leaks. In addition, it has added a random password generator to Firefox Lockwise so that you can create strong passwords to protect accounts containing personal information.

We can show you how to further ensure your privacy when using Firefox or any other browser when you are online. For instance, we can show you how to set up and use a virtual private network (VPN) when using the Internet.

5 Things You Should Know about Phishing

The more you know about phishing, the better you will be able to spot phishing attacks. Here are five phishing fundamentals that can help you avoid becoming the next victim.

Only 66% of working adults correctly answered the question “What is phishing” in 2019 Proofpoint survey. This means one-third of adults do not know that phishing is a form of fraud in which cybercriminals try to scam people into providing sensitive information (e.g., login credentials, account information) or performing an action (e.g., clicking a link, opening an email attachment) in order to steal money, data, or even a person’s identity.

Being able to answer the question “What is phishing” is a good start. However, the more you know about this type of attack, the better you will be able to avoid becoming the next victim. Toward that end, here are five things you should know about phishing:

  1. Phishing Isn’t Just about Emails

People commonly associate phishing with emails. However, hackers carry out phishing attacks through other communication channels as well, including websites, text messages, and phone calls.

Most often, cybercriminals use emails and websites in their phishing attacks. Sometimes they even use both channels in the same scam. For example, they might try to get people to click a link in a phishing email, which sends the victims to a phishing site. Similarly, cybercriminals might try to get people to click a link in a text message, which leads to a phishing site.

Phishing calls are also becoming common. Mobile scam calls rose from 3.7% of all calls in 2017 to 29.2% of all calls in 2018, according to researchers at First Orion. This upper spiral is expected to continue throughout 2019.

2. Phishing Sites Can Be HTTPS Pages

Cybercriminals are increasingly using HTTPS sites for phishing. Hackers are counting on people being lulled into a false sense of security when they see the “https” designation and the accompanying padlock icon in their web browser’s address bar. When some people see these two elements, they assume that a site is safe. However, the “https” designation simply indicates that any data sent between the browser and the website is encrypted. It does not signify that the website is legitimate or free from malware.

More than half of all phishing sites are HTTPS sites, according to Anti-Phishing Working Group’s “Phishing Activity Trends Report, 2nd Quarter 2019“. The situation is getting so serious that the US Federal Bureau of Investigation (FBI) issued a public service announcement in June 2019 warning people about this.

3. Hackers Like to Reel In Certain Types of Victims

While phishing attacks were initially targeted at consumers, cybercriminals quickly discovered that businesses are also lucrative targets. In 2018 alone, 83% of businesses experienced phishing attacks, according to Proofpoint’s “2019 State of the Phish Report“.

Small and midsized companies are often targeted. In 2018, for example, employees in smaller organizations received more phishing emails than those in large organizations, according to Symantec’s “2019 Internet Security Threat Report“. Small and midsized companies are sought because they typically do not have the expertise or resources to properly secure their businesses against phishing scams and other types of attacks.

Cybercriminals are also selective about who they target within companies. Security experts note that popular phishing marks include:

  • Executives are highly sought because they typically have access to sensitive business information and the authority to sign-off on financial transactions such as electronic fund transfers.
  • Administrative assistants. Administrative assistants work closely with the managers and executives they assist. As a result, they often have access to information (e.g., an executive’s schedules) and accounts (e.g., a manager’s email account) that can help phishers plan and carry out scams.
  • Human resources (HR) staff. Cybercriminals like to target HR professionals because they have access to sensitive data such as employee records. Plus, they regularly respond to queries from employees (including manager and executives) as well as handle unsolicited communication from people outside the company (e.g., job applicants).
  • Sales team members are common marks because their contact information is often readily available. Furthermore, they are usually very responsive to unsolicited communication (e.g., emails, texts, or calls from potential customers).

4. Cybercriminals Don’t Take Holidays Off

Hackers go phishing 365 days a year, which means people should not let their guard down, even on holidays. In fact, people might want to be more cautious around holidays, as cybercriminals often ramp up their efforts during certain seasonal events such as Black Friday, tax season, and even Amazon Prime Day. Cybercriminals also try to capitalize on unforeseen events, such as natural disasters. Preying on people’s compassion, they pretend to be collecting donations for disaster victims.

Nearly 80% of phishing attacks occur on weekdays, according to Vade Secure researchers. This isn’t too surprising given that hackers like to target businesses. Tuesdays and Wednesdays are the top two days cybercriminals carry out their attacks.

5. Phishers Are Skilled Impersonators

Cybercriminals commonly impersonate legitimate contacts and companies to carry out their phishing scams. When targeting a business, cybercriminals often pretend to be someone within the company (e.g., an executive or employee) or an organization that does business with the company (e.g., a supplier or lawyer).

When targeting consumers, hackers typically masquerade as representatives from popular companies. For instance, in the second quarter of 2019, the top 10 companies that hackers pretended to be representing were:

  • Microsoft
  • PayPal
  • Netflix
  • Bank of America
  • Apple
  • CBIC
  • Amazon
  • DHL
  • DocuSign

A Serious Threat

Phishing attacks are a serious threat for not only consumers but also companies. We can help your business devise a comprehensive strategy to deal with phishing attacks, no matter if they are carried out through emails, websites, text messages, or phone calls.

Gift Card Payouts: A New Trend in Business Email Scams

Cybercriminals are increasingly conning companies into sending gift-card numbers and PINs. Learn about this new trend in business email compromise (BEC) scams and what you can do to defend your business.

Cybercriminals have been using business email compromise (BEC) scams for years because they are profitable. Between June 2016 and July 2019, for example, they used BEC attacks to steal more than $26 billion from companies, according to a September 2019 report.

In a BEC scam, cybercriminals pose as executives and other business professionals to con companies out of money. They typically use spear phishing emails, social engineering techniques, and other tools to carry out their attacks. Until recently, cybercriminals mainly tried to get businesses to send money via wire transfer. But that is no longer the case. Researchers at Agari found that 65% of the BEC scammers now try to get businesses to send gift-card account numbers and PINs.

The payouts from gift-card scams ($1,562 on average) are significantly less than payouts from wire-transfer cons ($64,717 on average), according to the Anti-Phishing Working Group’s “Phishing Activity Trends Report, 2nd Quarter 2019“. However, gift cards are easy to launder and hard to trace, making them the most popular payout method.

How Gift-Card BEC Scams Work

Here is how gift-card BEC scams typically work: Posing as a person of authority (e.g., an executive) at the targeted company, the cybercriminals craft a polished email that is specific to the business being victimized. The recipient will be an employee who is authorized to purchase gift cards on the company’s behalf.

In the email, the scammers will spin a tale of why they need the employee to purchase gift cards for them. Cybercriminals study their victims, so the reason will make sense to the employee. For example, if the company has an “Employee of the Month” award program, the scammers might say that the gift cards will be used to reward upcoming winners. Or, if it is December, they might say they want to give the company’s top clients or suppliers a holiday gift.

The cybercriminals will also tell the employee to send them the gift-card information — including the gift card account numbers and PINs — for their records once the cards are purchased. The most common gift cards requested by BEC scammers are Google Play, Steam Wallet, and Amazon, according to the “Phishing Activity Trends Report, 2nd Quarter 2019”.

The scammers will then send the email using a spoofed email address or hijacked email account to make the email seem legitimate. If the employee buys the gift cards and sends the card information to the scammers, they will immediately cash out the value of the cards.

How to Defend Your Business

To avoid becoming a victim of this type of BEC scam, you should:

  • Educate employees at all levels about BEC emails in general and gift-card BEC scams in particular.
  • Tell employees to be wary of an email request to buy multiple gift cards or a gift card with an unusually high amount, even if the reason for the request seems legitimate.
  • Educate employees at all levels about how to spot spear phishing emails, including how to check emails for spoofed addresses in the “From” field.
  • Be careful about what you post on your business’s website. Cybercriminals can use some types of information (e.g., employee job descriptions, email addresses) to determine who to impersonate and who to send the gift-card BEC email to.

If you would like to learn more ways to protect your company against BEC scams and other types of cyberattacks, contact us.

The iPhone 11 Is Here But Is It Worth the Cost of an Upgrade?

Apple has rolled out the new iPhone 11, but many iPhone users are wondering whether its enhancements are worth the cost of an upgrade. Here is how the phone compares to its predecessor.

The iPhone 11 — the newest version of Apple’s renowned smartphone — is now available in digital and physical stores worldwide. Keeping with tradition, Apple released the iPhone 11 on the heels its predecessor, the iPhone XS, with only a year separating their debuts.

Like its predecessor, the iPhone 11 is available in three models:

  • The entry-level iPhone 11 (starts at $699)
  • The standard iPhone 11 Pro (starts at $999)
  • The premium iPhone 11 Pro Max (starts at $1,099)

Many iPhone owners, though, are hesitant about switching to one of these newer models. A question on many of their minds is whether the enhancements in the iPhone 11 are worth the cost of an upgrade.

To answer this question, it helps to know what has and hasn’t changed between the three iPhone 11 models released in 2019 (iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max) and the three iPhone XS models released in 2018 (iPhone XR, iPhone XS, and iPhone XS Max). Toward that end, Table 1 compares key features in these six models.

What Hasn’t Changed

When looking at Table 1, it becomes evident that some elements have not changed in iPhone 11. Elements that have largely stayed the same include:

  • Screen type and resolution. The screen type and resolution are basically the same between the comparable models in the 2018 and 2019 releases. The standard and premium models have organic light-emitting diode (OLED) screens, while the entry-level models have liquid-crystal display (LCD) screens. Because the entry level models have LCD screens, the resolution of their displays is not high as that in the standard and premium models.
  • Screen size. The amount of screen real estate has not changed between the comparable 2019 and 2018 models. Interestingly, the entry-level models have a larger screen than the standard models.
  • Operating system. All six models run Apple’s iOS operating system. Although the 2019 models come with a higher version (iOS 13) than the 2018 models (iOS 12), you can easily upgrade the operating system in the 2018 models to the most recent version.
  • Face ID authentication. All six models offer Face ID authentication. Thanks to this feature, you can use your face instead of a password to unlock your iPhone and log in to apps.

What Has Changed

Table 1 highlights some important differences between the iPhone 2019 models and their 2018 counterparts. The most noteworthy changes were made to:

  • The chip. The new A13 Bionic chip in the iPhone 11 models contains 8.5 billion transistors (the A12 Bionic chip has only 6.6 billion) and has been optimized for machine learning. As a result, the A13 Bionic chip’s two high-performance cores are 20% faster and consume 30% less power than the high-performance cores used previously, according to Apple. Plus, the chip’s four high-efficiency cores are 20% faster and consume 40% less power than previous high-efficiency cores.
  • Battery life. Improvements made to the lithium-ion batteries and the phones’ systems have resulted in longer battery life in the iPhone 11 models. According to Apple, the iPhone 11 Pro Max’s battery lasts up to five hours longer than the battery in the iPhone XS Max. Similarly, the iPhone 11 Pro’s battery lasts up to four hours longer than the one in the iPhone XS. The iPhone 11’s battery, though, lasts only one hour longer than the one in the iPhone XR.
  • Camera and video systems. Apple added an ultra-wide 12-megapixel (MP) camera to the backside of the iPhone 11 models. This means that the iPhone 11 Pro and iPhone 11 Pro Max have four cameras (one in front and three in back) and the iPhone 11 has three cameras (one in front and two in back). Plus, Apple included new features such as the Night mode for taking photos in low-light conditions and the ability to take “slofies” (slow-motion selfie videos). While the jury is still out on how useful the slofies feature will be, the Night mode is already receiving good reviews.
Table 1: Comparison of Key Features Found in the iPhone 11 and iPhone XR Models
iPhone 11iPhone 11 ProiPhone 11 Pro MaxiPhone XRiPhone XSiPhone XS Max
DescriptionThe entry-level model released in Sept. 2019The standard model released in Sept. 2019The premium model released in Sept. 2018The entry-level model released in Oct. 2018The standard model released in Sept. 2018The premium model released in Sept. 2018
Screen size6.1 inches5.8 inches6.5 inches6.1 inches5.8 inches6.5 inches
Screen resolution1792 × 8282436 × 11252688 × 12421792 × 8282436 × 11252688 × 1242
Pixels per inch326458458326458458
ProcessorA13 Bionic chipA13 Bionic chipA13 Bionic chipA12 Bionic chipA12 Bionic chipA12 Bionic chip
Neural engineThird generationThird generationThird generationSecond generationSecond generationSecond generation
Operating systemComes with iOS 13Comes with iOS 13Comes with iOS 13Comes with iOS 12Comes with iOS 12Comes with iOS 12
Face ID authenticationYesYesYesYesYesYes
Total number of cameras344233
Front cameraTrueDepth 12MP cameraTrueDepth 12MP cameraTrueDepth 12MP cameraTrueDepth 7MP cameraTrueDepth 7MP cameraTrueDepth 7MP camera
Rear camerasUltra-wide & wide 12MP camerasUltra-wide, wide & telephoto 12MP camerasUltra-wide, wide & telephoto 12MP camerasWide 12MP cameraWide & telephoto 12MP camerasWide & telephoto 12MP cameras
Type of batteryLithium-ionLithium-ionLithium-ionLithium-ionLithium-ionLithium-ion
Battery lifeLasts up to 1 hour longer than iPhone XRLasts up to 4 hours longer than iPhone XSLasts up to 5 hours longer than iPhone XS Max
Fast-charge capableYesYes (includes 18W adapter)Yes (includes 18W adapter)YesYesYes
Wireless chargingYesYesYesYesYesYes
Supports 5GNoNoNoNoNo

A Personal Decision

The iPhone 11 offers some notable enhancements. However, whether the enhancements are worth the cost of an upgrade is a personal decision each iPhone owner will need to make. We can, though, explain the enhancements in more depth so you can make an informed choice.

5 Problems That You Can Solve With Effective Document Management

Managing paperwork can be a burden, but there are ways to make it better. Here’s how to fix a handful of common document management problems.

Some people will tell you that there is only one constant in this world: change. Businessmen, on the other hand, will tell you that there’s at least one more constant that they must contend with, namely paperwork. Every company on the planet has a way of keeping track of their documents. Yet, in spite of the technological advancements made over the years, many businesses are still relying on outdated methods.

Modern document management technology uses software and scanners to store digital copies of your documents as well as the digital information in your databases. This technology can help you avoid some of the difficulties faced by companies that use outdated or poorly structured document management systems.

Here are 5 problems that you can solve with effective document management:

1. Unable to Find the Right Document

If you can’t find a file when you want it, then your document management system isn’t doing its job. A quality system ensures that your files are organized and easily accessible. It should also feature a good search function, so that you can quickly look up a document.

2. Working on the Wrong Version of a File

It is amazing how much time is lost because an employee was working on the wrong version of a document. Companies that use high-quality document management systems don’t have to worry about this problem. These systems show when a document was changed and who made the changes, so you’ll always know whether or not you are working on the most up-to-date version. Similarly, you can read through and work on older copies of a document, in case you need to find something that didn’t make it into later versions.

3. Forced to Merge Documents Manually

More than half of knowledge workers have to manually merge the different versions of their documents. They often lose a lot of time cross-referencing between these versions while looking for changes that were made in one copy but not the other. In contrast, a good document management system will let you avoid this issue entirely, since they automatically merge versions of a document.

4. Loss of Productivity

4 out of every 5 knowledge workers lose time because of document versioning problems. However, nearly three-quarters of employees lose time when simply looking for files. The fact of the matter is that bad document management systems severely damage your team’s productivity. Using a top-of-the-line system, on the other hand, can save your staff time.

5. Employee Frustration

A bad document management solution can do more than just hurt your staff’s productivity. It can also create widespread job dissatisfaction and tension at the workplace. In some cases, employees have become so frustrated with their document management systems that they’ve started to yell at their computers. Many workers think that working with a bad document management system is more frustrating than locking their keys in their cars, and a majority of them have said that they would rather work on a weekend than deal with these systems.

Difficult Problems, Easy Solutions

With the right document management system, you can avoid these exhausting difficulties. A quality solution can simplify the way that your staff handles documents, which in turn can create a better workplace environment. By letting you rely on digital documents instead of physical ones, these systems can cut costs as well as boost productivity. Give us a call at 800-421-7151 to discuss the best way to upgrade your document management system.

Using Strong Passwords Is Not Always Enough to Prevent Cyberattacks

Using unique, strong passwords is not always enough to prevent hackers from attacking your company. Learn about a better way to protect your online accounts and ultimately your business.

Cybercriminals commonly use compromised passwords in cyberattacks. For example, in ransomware attacks, compromised passwords have now surpassed phishing scams as the No. 1 way to gain access to the systems in which the ransomware is planted, according to F-Secure’s “Attack Landscape H1 2019” report. And compromised passwords is No. 2 on hackers’ list of tools to use to gain access to the systems from which they want to steal data, according to Verizon’s “2019 Data Breach Investigations Report“.

How Cybercriminals Get Passwords

Cybercriminals get passwords a variety of ways, including:

  • Phishing scams. Digital con artists trick people into revealing their passwords.
  • Data breaches. Hackers breach IT systems to get credentials and other stored data.
  • Key-logging software or hardware records victims’ keystrokes —including any entered credentials — and transmits the keystrokes to cybercriminals.
  • Dark web. Hackers buy compromised credentials being sold by other cybercriminals on the dark web.
  • Automated brute-force password-cracking tools. Hackers try a known user ID (e.g., an email address) with numerous possible passwords using automated tools.
  • Password spraying. Hackers know that people reuse passwords, so they try a victim’s known password with possible user IDs in an effort to access the victim’s other accounts.

With the exception of brute-force password-cracking, it doesn’t matter if the password is strong or weak. That’s because the cybercriminals already have the exact password.

So, What Should You Do to Protect Your Business?

So, what should you do to protect your online accounts and ultimately your company? For starters, you and your employees should continue using strong passwords for business accounts. This insight should not be used as an excuse to start (or continue) using weak passwords. Using unique, strong passwords is still an important line of defense in protecting your business. However, it is not the only security measure you should take.

Besides using unique, strong passwords, it is a good idea to use two-step verification (aka two-factor authentication) for business accounts whenever possible. With two-step verification, a second credential is needed to log in, such as a one-time security code. This adds an extra layer of protection that can prevent unauthorized access to your online accounts. It also helps defend against other types of cyberattacks. For example, Microsoft found that two-step verification blocks 99.9% of automated account takeover attacks. Similarly, Google found that it prevents 100% of automated bots, 99% of bulk phishing attacks, and 90% of targeted attacks.

Most popular online services now offer two-step verification. For example, Microsoft Office 365, Google G Suite, Dropbox, and LinkedIn all offer it. If you would like additional information about using two-step verification, let us know.

Business App Upgrades You Might Want to Add to Your 2020 IT Budget

Microsoft will no longer support many business apps in 2020 because they are reaching the end of their lifecycles. Find out which popular programs are reaching this point so you can plan any needed upgrades and adjust your 2020 IT budget accordingly.

Running into unanticipated expenses can blow a business’s IT budget. For this reason, it helps to know about business apps that are reaching the end of their lifecycles. When apps reach this point, the software developers typically stop providing security updates. Running programs that do not receive security updates puts companies at greater risk of cyberattacks.

Three popular Microsoft business apps — Office 2010, Windows 7, and Windows Server 2008 — are reaching the end of their lifecycles in 2020. Many other business apps are also facing the same fate. If your company is running any of these apps, it is a good idea to find out the upgrade options, select the best one for your situation, and adjust your 2020 budget accordingly.

Office 2010

After October 13, 2020, Microsoft will no longer support Office 2010 apps, no matter whether they were procured as part of an Office suite (e.g., Office 2010 Professional) or purchased individually. This means that popular business apps such as Outlook 2010, Word 2010, Excel 2010, and PowerPoint 2010 as well as lesser used apps like Access 2010, Publisher 2010, and OneNote 2010 will no longer receive security updates.

If you decide to upgrade, you have several options, with the main ones being:

  • Subscribe to Office 365. When you subscribe to Office 365, you pay a monthly or yearly subscription fee for each person using the cloud service. Microsoft has many business subscription plans that offer different combinations of Office apps, services, and storage options. With most of the plans, each licensed user can install the Office apps on five desktop computers (Windows or Mac), five tablets, and five smartphones.
  • Purchase the Office 2019 suite or standalone apps. With this option, you make a one-time purchase of Office 2019, which is on-premises software and not a cloud service. Five versions of the Office 2019 suite are licensed for business use: three versions for companies with five or more users and two versions for organizations with fewer than five users. Each licensed user can install the Office apps on only one computer. You can also make a one-time purchase of standalone Office 2019 apps (e.g., Outlook 2019, Word 2019) for use on one computer.
  • Subscribe to Microsoft 365. In Microsoft 365, Office 365 is bundled with other cloud-based services that enable companies to automate business processes as well as secure and manage Windows 10 desktops. The specific services depend on the subscription plan chosen. For example, Microsoft 365 Business is tailored for businesses with 300 or fewer employees, whereas Microsoft 365 Enterprise is designed for larger companies.

Windows 7

All support for Windows 7 ends on January 14, 2020. Besides eliminating free security updates for this operating system, Microsoft will no longer provide them for Internet Explorer web browsers running on Windows 7 machines. That’s because Internet Explorer is considered an operating system component, so the browser follows the lifecycle of the operating system in which it is installed.

Assuming you do not want to switch to a different vendor’s operating system (e.g., Apple macOS), your options include:

  • Upgrade to Windows 10. To entice Windows 7 users to switch to Windows 10, Microsoft initially offered free upgrades. However, that promotion ended long ago (July 2016), so you now need to purchase Windows 10. If you subscribe to Microsoft 365 Business and your computers are running Windows 7 Professional, though, you can upgrade at no additional cost.
  • Purchase Extended Security Updates. Microsoft is offering Extended Security Updates for Windows 7 (which will include updates for Internet Explorer) through January 2023. On October 1, 2019, Microsoft announced that these updates will be available to any business of any size. Previously, it was planning to make these updates available to only Windows 7 Professional and Windows 7 Enterprise customers with volume licensing agreements.
  • Use Windows Virtual Desktop. This desktop and app virtualization service runs in the Microsoft Azure cloud. Companies can use it to virtualize Windows 7 desktops. Companies doing so will be provided with free Extended Security Updates through January 2023.

Windows Server 2008

Companies rely on servers to perform crucial duties — referred to as roles — such as authenticating users, hosting applications, issuing public-key certificates, and storing files. Because servers carry out these roles, they need to be well secured — and not having security updates would make protecting them a difficult task. For this reason, you need to take action soon if your business is using Windows Server 2008 or Windows Server 2008 Release 2 (R2). On January 14, 2020, these server operating systems will reach the end of their lifecycles, which means they will no longer receive free security updates.

Microsoft recommends taking one of the following upgrade paths if your servers are running Windows Server 2008 or Windows Server 2008 R2:

  • Upgrade to a newer Windows Server version. If you want to keep your servers on-premises, you can upgrade to Windows Server 2019 or Windows Server 2016. However, you cannot directly migrate to one of these newer versions. Instead, you need perform several upgrades (e.g., first migrate from Windows Server 2008 to Windows Server 2012 R2, then upgrade to Windows Server 2016, and finally move to Windows Server 2019).
  • Purchase Extended Security Updates. Because of the complexity involved, upgrading to a newer version of Windows Server by January 14, 2020, might not be a viable option. To give you more time, Microsoft is offering Extended Security Updates through January 2023. These updates will be available for the Standard, Enterprise, or Datacenter editions of Windows Server 2008 and Windows Server 2008 R2.
  • Permanently migrate to Microsoft Azure. You can permanently move your Window Server roles to Microsoft Azure, which is Microsoft’s public cloud computing platform.
  • Temporarily rehost workloads in Azure. You can temporarily move your Windows Server 2008 or Windows Server 2008 R2 operations to virtual machines in Azure until you are ready to either upgrade your on-premises version or migrate permanently to Azure. If you decide to temporarily rehost the workloads in Azure, you will get three years of Extended Security Updates at no additional charge.

The End Is Near for Many More Business Apps

Office 2010, Windows 7, and Windows Server 2008 are not the only business apps reaching the end of their lifecycles. Many other programs share the same fate. Table 1 lists some of the more notable ones.

We can assess your IT environment to see whether it is running any of the apps that will no longer be supported in 2020 as well as help you decide on the best upgrade option. Making plans now will ensure a smooth migration and help you keep on-budget in 2020.

Table 1: Some of the Business Apps That Microsoft Will No Longer Support in 2020

Business AppEnd-of-Support Date
Exchange Server 2010January 14, 2020
FAST Search Server 2010October 13, 2020
Forefront Unified Access Gateway 2010April 14, 2020
Hyper-V Server 2008January 14, 2020
Hyper-V Server 2008 R2January 14, 2020
Office 2010October 13, 2020
Project 2010October 13, 2020
Search Server 2010October 13, 2020
SharePoint Server 2010October 13, 2020
System Center Service Manager 2010September 8, 2020
Visio 2010October 13, 2020
Windows 7January 14, 2020
Windows MultiPoint Server 2010July 14, 2020
Windows Server 2008January 14, 2020
Windows Server 2008 R2January 14, 2020

How to Handle Those Annoying Auto-Play Video Clips in Microsoft Edge

Video clips that automatically start playing when a web page opens can be disruptive, especially at work. Find out how you can quickly mute them or stop them from playing altogether in Microsoft Edge.

If you regularly use the Internet, you have probably encountered those annoying video clips that automatically start playing when you open certain web pages. Because these clips play without warning, they can startle you. Even worse, they can be disruptive, especially at work. If a clip grabs your attention, chances are you will end up watching it rather than working. And if a clip is annoying, you will likely stop working so that you can find and click the video player’s pause button.

Fortunately, Microsoft Edge has several features to manage auto-play clips. For starters, Edge is designed to automatically silence these clips on background tabs — in other words, on web pages that are open but not currently being displayed. (Their tabs are greyed-out.) Edge also lets you mute auto-play clips on individual web pages as well as stop clips from running automatically on individual websites. All of these features are available in Edge if you are running it on a Windows 10 device and you have installed the Windows 10 October 2018 Update.

How to Mute a Tab

Muting an auto-play clip on an individual web page is known as muting a tab. When an auto-play clip is running on a web page, Edge displays a speaker icon the page’s tab. To mute the clip, all you need to do is click that icon. (Alternatively, you can right-click the tab and select “Mute tab”.) The video will continue to run — you just won’t hear it.

You can also mute a background tab by right-clicking it and selecting “Mute tab”. You might be wondering why you would do this, given that Edge automatically silences auto-play clips on background tabs. When Edge mutes a background tab, the clip will run when you view the page, as it is no longer a background tab. However, when you manually mute a background tab, the clip will be silent when you view the page.

It is important to note that muting a tab is a temporary fix. Once you close the tab, the page returns to the default setting, which means the clip will not be muted the next time you open the page.

How to Stop Auto-Play Clips from Running in a Specific Site

Edge gives you the ability to stop auto-play clips from running in a domain (aka website). So, for example, if you block auto-play clips in the ZDNet domain (www.zdnet.com), Edge will not allow these clips to run when you view any of the pages in that site.

To block auto-play clips in a specific site, follow these steps:

  1. Open a web page that is in the target site. It can be any page, even one that does not contain an auto-play clip. Edge will extract the domain from the URL.
  2. In the browser’s address bar, click the lock icon next to the web page’s URL. (If you are on a HTTP site, the icon will contain the letter “i” instead.)
  3. Select “Media autoplay settings” in the “Website permissions” section.
  4. Select “Block” from the “Media autoplay” drop-down list, as Figure 1 shows.
  5. Refresh the page.

Although the auto-play clips won’t automatically run, you can still watch them if desired. You just need to click the clip that you want to run.

In Figure 1, note the warning about the possibility that a site might not work as expected when auto-play clips are blocked. If you find that’s the case, you can allow them to play again by clicking the “Clear permissions” button.

How to Stop Auto-Play Clips from Running in All Sites

If you do not want any auto-play clips to run, Edge has a global “Media autoplay” setting you can use. Here’s what you need to do:

  1. Click the ellipses button in the upper right corner of Edge.
  2. Select “Settings”.
  3. Choose “Advanced” in the navigation pane of the box that appears.
  4. Select “Block” from the “Media autoplay” drop-down list.

Because Edge provides both global- and site-level “Media autoplay” settings, you can highly customize which sites can and cannot run auto-play clips. For example, you can allow your favorite sites to play clips but block all other sites by configuring the global-level setting to “Block” and your favorite sites’ settings to “Allow”.

How Using E-Signatures Can Help Your Business

Electronic signatures are as legally binding as handwritten signatures. Find out how they can improve productivity and cut down on paperwork.

Governments around the world recognize electronic signatures (e-signatures) as a legal way to sign a document. For example, e-signatures have the same legal standing as physical signatures in the United States, thanks to the Electronic Signatures in Global and National Commerce Act of 2000.

Many people think that e-signatures and digital signatures refer to the same thing. However, that is not the case. Both e-signatures and digital signatures, though, offer important benefits.

E-Signatures vs. Digital Signatures

An e-signature is the electronic version of a handwritten signature. When you use a stylus to sign your name after swiping a credit card through a retailer’s point-of-sale terminal, you are creating an e-signature. You are also creating one when you enter your name or click an “I agree” button in a website form. An electronic signature creates an audit history. The audit history includes information such as who signed and sent the electronic document, when it was sent, and the party that received it.

A digital signature is a more secure type of e-signature. Besides creating an audit history, it uses public key cryptography to validate the signer’s identity and confirm that the signed document arrived intact. Digital signatures are often compared to fingerprints. Like a fingerprint, a digital signature contains a unique set of data that is used for identification purposes.

The Benefits of Using E-Signatures

All types of e-signatures offer important benefits, including improved productivity. Employees at companies not using e-signatures have to perform a lot of steps to sign and return a document received via email. They need to print the document, sign it, scan the signed document, and email the scanned file back. However, your employees can skip this hassle if they use e-signatures. They just need to electronically sign the document and email it back. This can save your employees a lot of time and effort.

Your employees will also save time when they need to find a signed document. With e-signatures, you can keep all your signed documents in electronic form. Searching through electronic documents is much faster than searching through paper documents stored in file cabinets or boxes.

Another benefit is that you will be better able to track and audit your signed documents. Tracking a physical document through the signing process is difficult. If you do not have a face-to-face meeting to get a document signed, you need to use such measures as registered mail and notary services to track your document’s journey.

With e-signatures, you can easily keep tabs on your documents through the signing process. Comprehensive systems let you track and audit:

  • When the document is created
  • When a notification about the document is sent to each signer
  • When each signer consents to using a digital signature
  • How each signer is authenticated, and whether that authentication is successful
  • When each signer receives the document
  • When each signer applies a digital signature
  • When each signer returns the signed document

Besides better tracking and auditing, digital signatures offer better security. Physical signatures are relatively easy to fake. Digital signatures, though, have built-in tools for proving who signed a document. Plus, signers often need to enter a password to access the document they need to sign.

The Benefits of Using an E-Signature Service Provider

You can create e-signatures on your own. Doing so can be hard, though, especially if you want to use the more secure digital signatures. To avoid this hassle, you can use an e-signature service provider.

E-signature service providers use different systems, but the general concept behind them is the same. You upload a document and specify where a signature needs to go. The service provider adds a signature box and sends the document to the intended recipients. They electronically sign the document and send it back to you.

Some e-signature service providers offer document-building tools. You can use these tools to quickly create basic contracts and forms. Many of them also provide dashboards. With just a glance, you can find out which documents have already been signed and which are still waiting for signatures.

Several e-signature service providers also have options for people to sign documents using their fingers on mobile device touchscreens. Companies that ask customers to sign a lot of forms often find this feature useful. Customers can receive copies of these forms via email or physical mail.

E-Signatures Can Help Your Business

E-signatures are perfect for companies looking to improve productivity and cut down on paperwork. If you are interested in getting an e-signature system for your company, ask your IT service provider to help you find a solution that caters to your specific needs.

3 Ways to Weather a Cloud Service Outage

If you use a cloud service, you will likely see it go down at some point. Discover three ways you can prepare for an outage so that your business stays up and running.

You cannot assume that your cloud services will always be available when you need them. In 2016, many cloud service providers experienced outages, including Microsoft Office 365Google G SuiteSalesforceAmazon Web Services, and Microsoft Azure. Even a short outage can be disruptive to your business, so you should take steps to prepare for one ahead of time.

Here are three ways to prepare for a cloud service outage so that your business stays up and running:

1. Make Sure Employees Have Local Versions of Essential Applications

If any of your essential business applications are in the cloud, you should make sure that employees have local versions of those programs on their computers. Otherwise, they will not be able to use those applications if the associated cloud service goes down.

For example, if your employees do not have a local copy of the cloud-based productivity suite that your company uses, you might consider upgrading the subscription to one that includes this option. Alternatively, you could install an open-source productivity suite (e.g., OpenOffice, LibreOffice) on employees’ computers for use when the cloud service goes down.

2. Keep Local Copies of Important Files

It is important to keep local copies of files that employees need to perform essential job functions. That way, employees will be able to access the files during a cloud service outage.

If your cloud service supports file syncing by default, you’ll already have local copies of your files available. Otherwise, you can periodically download your files from the cloud to a secure location on your local network. That way, you’ll always have access to the most recent versions of all your files.

3. Store Your Resources in More Than One Location

To help protect against service disruption, some cloud service providers give you the option of storing your applications, data, or other resources in multiple locations, which are often referred to as availability regions and zones. If the cloud service goes down in one location, you can use the resources in another location to avoid a disruption.

Now Is the Time to Prepare

At some point, one of your cloud services will likely go down, so it is important to have a plan in place. We can help you determine the best way to deal with an outage so that your business stays up and running.

How to Protect Your Sensitive Business Files with Passwords

Protecting a file with a password can provide an extra layer of security for sensitive business documents. Learn how to password-protect your files in Microsoft Word, Excel, and PowerPoint.

This can come in handy if you want to, for example, email a report that contains your company’s sales figures or bring it along on a business trip.

Three Microsoft Office apps — Word, Excel, and PowerPoint — offer the ability to password-protect files. As Table 1 shows, this feature is available in nearly all supported versions.

Table 1: Microsoft Office Apps in Which You Can Password-Protect Files

Word for Office 365*Excel for Office 365*PowerPoint for Office 365*
Word 2019*Excel 2019*PowerPoint 2019*
Word 2016*Excel 2016*PowerPoint 2016*
Word 2013**Excel 2013**PowerPoint 2013**
Word 2010**Excel 2010**PowerPoint 2010**
  * Uses 256-bit AES encryption
** Uses 128-bit AES encryption

Before you protect a file, though, you should take the time to come up with a unique, strong password for it. Otherwise, it might be easy for someone to guess or crack it. And if you tend to forget credentials, you might want to keep a copy of the file’s password in a safe location. While not ideal, it beats not being able to open and use the file ever again. The apps do not have the ability to recover or reset a forgotten password.

How to Password Protect a File

Protecting files with a password is a straightforward process. Plus, the steps are easy to remember, as they are basically the same no matter whether your password-protecting a Word document, Excel workbook, or PowerPoint presentation.

To password protect a file, open it in the appropriate app and follow these steps:

  1. Click the “File” tab in the upper left corner.
  2. In the “Info” section, click “Protect Document” if you are in Word, “Protect Workbook” if you are in Excel, or “Protect Presentation” if you are in PowerPoint.
  3. In the drop-down menu that appears, select “Encrypt with Password”.
  4. Enter the password you want to use and click “OK”.
  5. Re-enter the password and click “OK”.
  6. Save and close the file.

When you later open the file, you will be prompted to enter the password you selected.

How to Remove Password Protection

You can remove a file’s password protection at any time. To do so, open the file in the appropriate app and follow these steps:

  1. Click the “File” tab in the upper left corner.
  2. In the “Info” section, click “Protect Document” if you are in Word, “Protect Workbook” if you are in Excel, or “Protect Presentation” if you are in PowerPoint.
  3. In the drop-down menu that appears, select “Encrypt with Password”.
  4. Delete the displayed password (it will be masked with asterisks) and click “OK”.
  5. Save and close the file.

You will no longer have to enter the password to open the file.

New Android Ransomware Spreads Through Forum Posts and Customized Texts

Cyber extortionists have created new ransomware that encrypts files on Google Android devices. Find out how this ransomware infiltrates devices so you can avoid becoming a victim.

A new family of ransomware known as Android/Filecoder.C has been discovered. The initial infection occurs when Google Android device users download a malicious app by means of a link or quick response (QR) code in a forum post. Once on a device, the ransomware tries to spread itself by sending text messages to everyone on the victim’s contact list. Each message is customized with the recipient’s name to make the text seem more legitimate.

This ransomware could become a serious threat if the cybercriminals start targeting broader groups of users, according to security researchers. To avoid becoming a victim of this ransomware and similar variants, it helps to dissect past Android/Filecoder.C attacks to see how the ransomware infiltrated victims’ devices.

The Infiltration

When it comes to ransomware, looking at past attacks can help you prepare for new ones. Here is how the Android/Filecoder.C attacks in July and August 2019 were typically carried out:

To initially get the ransomware onto devices, cybercriminals posted messages in popular online forums such as Reddit and XDA Developers (a forum for mobile software developers). While most of the comments were porn-related, some dealt with technical topics.

The posted messages contained a malicious link or quick response (QR) code. In some cases, the hackers used the Bitly URL shortening service (aka “bit.ly” links) to hide the links’ real addresses. Other times, the hackers made no attempt to hide the links, which typically ended in “.apk”. Android Package Kit (APK) files are used to distribute and install mobile apps on Android devices. Cybercriminals sometimes hide malware in these files.

People who clicked the links or scanned the QR codes in the forum posts had Android apps containing Android/Filecoder.C automatically downloaded to their devices. When the victims launched the malicious apps, the apps displayed whatever was promised so the victims would not be immediately aware their devices were infected with ransomware. Nor were they aware that the ransomware was sending text messages to the people in their contact lists. The text messages tried to lure the recipients into downloading malicious apps. The messages included the recipients’ names to make them seem more legitimate.

Once the text messages were sent, the ransomware went to work encrypting more than 175 types of files and appending the file extension “.seven” to the original filenames (e.g., ProductPhoto0057.jpg.seven, QuarterlyReport.docx.seven). However, unlike some ransomware, Android/Filecoder.C did not lock the devices’ screens or prevent the devices from being used.

After the all files were encrypted, Android/Filecoder.C displayed its ransom note. The victims were instructed to pay the ransom in bitcoins. The amounts varied, usually ranging from $98 to $188 [USD]. Although the ransom note stated that the victims would lose their data if they did not pay within 72 hours, security researchers found nothing in the ransomware’s code to support that claim.

Be Cautious

Being cautious can go a long way in avoiding becoming a victim of Android/Filecoder.C and similar ransomware variants. For starters, you should avoid clicking links (especially if they end in “bit.ly” or “.apk”) and scanning QR codes in online forums and similar public venues. Typically, anyone can post messages — including cybercriminals — in forums. Even clicking links and scanning QR codes in a moderated forum can be risky. Forum owners might initially allow all messages to be posted, with a moderator reading them days later or only if there is a complaint.

Similarly, you should avoid clicking links in text and email messages from unknown sources. Clicking links can be risky even if a message is supposedly from someone you know. As the Android/Filecoder.C ransomware demonstrates, hackers know how to hijack text accounts. They are also skilled at hijacking email accounts. So, if a text or email message supposedly from someone you know seems odd, you might want to give the person a call to see if they sent it.

Besides being cautious about links and QR codes, you should be leery about installing apps from third-party sources on your device. It is best to install apps only from official stores like Google Play. Although a few malicious apps find their way into these stores, the risk is much greater if you download apps from third-party sources.

Even if an app is in an official store, you should research the app before downloading it. Reading the app’s reviews in the store and conducting Internet searches on the app might reveal security issues. Plus, you should find out the apps’ permissions. If they seem excessive for the types of functions performed by the app, you should avoid downloading it.

Be Proactive

Besides being cautious, you need to take preemptive measures to protect your device from Android/Filecoder.C. If you do not already have a mobile security solution installed on your device, it is time to get one. Mobile security solutions detect and block known types of malware, including ransomware. Some security solutions even scan apps for suspicious activity before you download them.

Another important measure is to make sure the software on your Android device is being regularly updated so that known vulnerabilities are patched. This reduces the number of exploitable entry points in your device. By default, the Android operating system and any apps you install from Google Play are automatically updated. It is a good idea, though, to make sure the updates are being installed. Plus, you need to make sure that updates for other apps are being installed.

Regularly backing up your mobile device is also important when it comes to ransomware. Although having restorable backups won’t help prevent a ransomware attack, you won’t have to pay the cyber-extortionists to get your files back if an infection occurs.

4 Common Fees When Storing Data in the Cloud

When shopping for a cloud storage service provider, you need to find out what additional fees might be charged in addition to the base rate. Learn about four fees that cloud storage providers often charge.

Over the years, the popularity of cloud storage has increased while its base pricing has decreased. However, like many banks and airlines, cloud storage service providers often charge additional fees beyond their base pricing, which can raise the cost. Thus, it is important to know about the possible additional charges you might incur when storing your company’s data in the cloud. Here are four common fees that cloud storage service providers often charge:

  1. Cloud Seeding Fees

To use a cloud service, you need to get your company’s data into the cloud, which is referred to as ingress. A common way to do this is to use a wide area network (WAN) connection. Typically, cloud storage service providers do not charge for ingress when a WAN connection is used.

However, a business might have a massive amount of data to ingress, and transferring it though a WAN connection would take a very long time. To handle this situation, some providers offer another option known as cloud seeding — a company copies its data onto portable media, which it ships to the provider. The provider then uploads the data into the cloud storage facility. Providers that offer this service usually charge a fee for it because staff members need to manually load the data into the cloud.

  1. Egress Fees

Moving data out of a cloud is known as egress. Common reasons for egress include:

  • Companies need to transfer some of their data to a different region within the current cloud storage service provider’s network.
  • Companies want to move some of their data back on-premises.
  • Companies decide to adopt a multi-cloud strategy, so they want to move some of their data to different providers’ clouds.
  • Companies decide to switch providers, so they need to move all of their data to different providers’ clouds.

Most providers charge an egress fee for moving data. These fees can add up if a company moves data often (e.g., regularly transfers data between regions).

  1. Retrieval Fees

Cloud storage service providers often add retrieval fees when companies access (i.e., read from or write to) their data. Retrieval fees often come into play with tiered storage. Many providers structure their storage services into tiers delineated by how often the data will be accessed. For example, a provider might offer three storage tiers:

  • Tier A for frequently accessed data, which has the highest base pricing but is not subject to retrieval fees
  • Tier B for occasionally accessed data, which has moderate base pricing and moderate retrieval fees
  • Tier C for is rarely accessed data, which has the lowest base pricing but the highest retrieval fees

Selecting a tier without being aware of the retrieval fees can result in higher bills than anticipated.

  1. Early Deletion Fees

Cloud storage service providers that use tiered storage sometimes stipulate that the data stored in the tiers reserved for infrequently accessed data must remain there for a minimum amount of time. This is referred to as the minimum storage duration. For instance, the provider in the previous example might specify a minimum storage duration of 30 days for the data in Tier B (occasionally accessed data) and 60 days for the data in Tier C (rarely accessed data). Companies that delete or move their data sooner than the specified time frame will encounter early deletion fees.

Avoid Being Unpleasantly Surprised

Besides the basic pricing, it is important to know about possible additional charges that you might incur when storing data in the cloud. Otherwise, you might be unpleasantly surprised when your first bill arrives.

However, you should not pick a cloud storage service provider based on price alone. There are equally important criteria, such as the security measures a provider takes to protect its infrastructure and customers’ data. We can help you select a cloud storage service provider that is a good fit for your company based on cost, security, and other measures.

Mac OS Tips for Windows Users

If you are a Windows user and need to make the switch to MacOS, it can seem difficult at first to navigate with the slight differences between the two operating systems. Here is a quick list of shortcuts and explanations for the MacOS system to make the transition easier.

The Dock

Like the Windows Taskbar at the bottom of your screen, Mac has one that is similar called, The Dock. These icons within the Dock function have a few differences. There is a split within the Dock, where apps and shortcuts live on the left side, and document icons are on the right.

Left Side – On the left side of the Dock, are application icons and Finder. To add an application to the Dock, drag any application over or if the application is running, hit Ctrl + Click and select “Keep in Dock” so it will always appear. If you want to remove an application from the Dock to another location, drag the icon anywhere outside and the icon will disappear from the Dock.

Right Side – On the right side of the Dock, are documents and minimized windows. You can drag a document or folder to the Dock and it will stay there for quick opening. You can remove these folders and documents by dragging the icon outside of the Dock. To add a minimized window to the Dock, click the yellow circle in the open window. To restore the window, click on the icon within the Dock.

The Right Click

In Windows, your mouse allows you to right click to get property information, save and print options, etc. However with Mac OS you will notice you cannot right click, unless you turn it on manually. To do this, head over to the System Preferences in the Dock, and select Trackpad. Within the Point & Click section, checkbox the “Secondary Click” and select the drop down menu to complete setup. Now you can right click with options similar to Windows.


There are a few different ways to get the screenshot you need.

To capture the entire screen press Shift/Command/3 (or Shift-Command-5 for MacOS Mojave) on your keyboard and a menu of options will appear. Click “Capture Entire Screen.” Your pointer will shift to a camera icon that you can click anywhere on the screen. You will then be able to find the screenshot on your desktop.

To capture a single window, it is almost the same method as above. Press Shift/Command/4 (or Shift/Command/5 for MacOS Mojave) to have the menu appear. Click “Capture Selected Window” and your pointer will shift to a camera icon. Click the window you want to capture and a thumbnail of the screenshot will briefly appear in the corner of your screen where you can edit or take other actions. You will then be able to find the screenshot on your desktop as well.

To learn about how to screenshot the Touch Bar, portion of the screen, or Menu, click here for Apple’s support on these topics.

Closing Browsers and Programs

When closing a window browser or application (program) in Windows, you can click the X in the top right corner. In Mac OS, there is a red button on the top left but will only close the front most window but the application will still be open. Over time this can slow down your system and create frustration. To close out the application, there are a few methods: On the Dock, there will be a dot underneath all applications that are currently open. You can right click the icon and the option to close will appear. You can also go to the opened application, and head to the top left and select the dropdown and there will also be an option to close out the program.

The Finder

The Finder is similar to Windows File Explorer, where you can find files and folders on your hard drive or network. This is located down on the far left of the Dock. To see the path where the file/folder in question is, go to the View menu and select Show Path Bar. To see how many files are within a folder you are searching for and how much free space is available on your hard drive, head to the View menu again and select Show Status Bar. At the top you will see icons that allow you to change how you view the files. If you select the Icon view, at the bottom right there will be a slider that will allow you to enlarge or shrink the icons.

Cut, Copy, & Paste

Copy and Paste are similar in Windows and Mac where you will select Command/C for Copy, and Command/V for paste. To Cut, you will have to copy first, then hold the Option key while pasting which will cut the selected file.

Learning a new Operating System can feel frustrating, but Mac is designed with users in mind to easily navigate. For more short tips on the Mac OS as a Windows user, go to Apple’s support section here.

Critical Security Vulnerability Allows Hackers to Take Over Cisco Routers

A severe security vulnerability in several types of Cisco routers allows cybercriminals to gain full control of the devices. Discover which routers are affected and what you need to do to patch the hole.

Companies often use routers to connect and control traffic between two or more networks. On August 28, Cisco Systems announced it found a critical security vulnerability (CVE-2019-12643) that affects some of its routers. The vulnerability has been given the highest-possible severity rating in the Common Vulnerability Scoring System because it allows cybercriminals to bypass the login process and gain full control of the routers.

The Affected Routers

The vulnerability affects four types of routers, all of which run the Cisco IOS XE operating system:

  • Cisco 4000 Series Integrated Services Routers
  • Cisco ASR 1000 Series Aggregation Services Routers
  • Cisco Cloud Services Router 1000V Series
  • Cisco Integrated Services Virtual Router

The security hole lies in one of the tools that companies can use to manage these routers. Rather than using the routers’ command-line interface to manually manage functions, companies can automate some management tasks with the Cisco REST API application. This application uses a set of RESTful APIs — application program interfaces (APIs) based on the representation state transfer (REST) technology — to automate functions.

The REST API application runs in a virtual service container, which is delivered as an open virtual application (OVA) package. The vulnerability resides in the REST API virtual service container. It is the result of an improper check performed by the code that manages the REST API authentication service.

Even though the vulnerability is in the container and not the operating system, the entire router is at risk. “This is because exploiting this vulnerability could allow an attacker to submit commands through the REST API that will be executed on the affected device,” explained Eugenio Iavarone, a member of Cisco’s Product Security Incident Response Team.

The vulnerability is exploitable when all of the following conditions are present:

  • The router contains an old version of the REST API OVA package (release 16.9.2 or earlier). This file could be on a router without users realizing it because the package came bundled with some releases of the Cisco IOS XE operating system. The bundling practice was discontinued starting with Cisco IOS XE 16.7.1, at which point the OVA package became a separate download.
  • A REST API virtual service container is installed and configured on the router. The Cisco Virtual Manager is used to install and configure these containers.
  • The REST API virtual service container is enabled. By default, it is disabled.

If any of these conditions are not present (e.g., the container is disabled), cybercriminals won’t be able to use the security hole to hack the router.

The Fix

Cisco has fixed the security vulnerability in version 16.9.3 of the REST API OVA package. This package (iosxe-remote-mgmt.16.09.03.ova) has been released and is available for download in Cisco’s Software Download site.

In addition, Cisco has added several safeguards to the next version of Cisco IOS XE. For example, the operating system will prevent the installation and activation of a vulnerable REST API virtual service container on a router. At the time of this writing, Cisco had not yet released the next version of Cisco IOS XE.

Check Your Company’s Routers

Due to the serious nature of the vulnerability, it is important to check whether your network includes any of the affected Cisco routers. If so, you need to make sure they do not have an old version of the REST API OVA package on them. Any old OVA packages should be immediately upgraded to version 16.9.3. We can take care of checking your routers and upgrading their software for you if you do not have the time.

3 Things to Keep in Mind When Flying with Mobile Devices Powered by Lithium Batteries

Most mobile devices use lithium batteries because they are powerful. However, they can be dangerous, which is why the United States and many other countries have aviation regulations concerning them. Here are three things you need to keep in mind when flying with your mobile device.

No matter whether you are traveling for business or pleasure, you will probably take at least one mobile device with you. Most modern portable electronic devices use lithium batteries — either lithium-ion or lithium-metal — because they are more powerful than their dry-cell counterparts (e.g., alkaline and nickel-cadmium batteries). However, lithium batteries are also more dangerous. Besides being very flammable, they can generate a significant amount of heat and even self-ignite under certain conditions.

Due to the dangers, many countries have aviation regulations concerning lithium batteries. For example, in the United States, the Federal Aviation Administration (FAA) has several regulations governing what airplane passengers can and cannot do when flying with lithium-battery powered devices and uninstalled (aka spare) lithium batteries. Here are three things you need to keep in mind when you are getting ready for your flight:

  1. You Cannot Put Spare Lithium Batteries in Checked Baggage

The FAA does not allow uninstalled lithium batteries or portable battery chargers that contain lithium batteries in checked baggage. That’s because FAA researchers found that lithium batteries can self-ignite under specific conditions, such as when they are heated to extreme temperatures, short-circuited, or physically damaged. In addition, certain external conditions and internal malfunctions can cause lithium batteries to overheat through a process called thermal runaway — the temperature and pressure inside the batteries’ cells increase faster than the heat can be dissipated. Batteries in thermal runaway can reach temperatures above 1,100 degrees Fahrenheit, which is hot enough to ignite paper and cardboard.

You are allowed to keep spare lithium batteries and portable battery chargers in carry-ons, as the environmental conditions in the passenger cabin are much more palatable for them. You just need to protect the battery terminals from short circuiting, which can be done by simply covering them with tape or putting the battery in a protective pouch. Even if a battery were to experience thermal runaway due to an internal malfunction, the problem would likely be noticed and dealt with much quicker in the passenger cabin than the cargo hold.

Before you pack your spare batteries, though, you need to be familiar with a few requirements. A lithium-metal battery cannot have more than 2 grams of lithium in it, and a lithium-ion battery cannot exceed a rating of 100 watt-hours. These limits shouldn’t pose a problem for the average passenger, according to the FAA. If you happen to have a larger lithium-ion battery (e.g., a spare extended-life battery for your laptop), you can ask the airline for permission to bring it onboard. With airline approval, passengers can carry up to two larger (101-160 watt-hours) spare lithium-ion batteries. Other than that quantity limitation, there are no other restrictions on the number of lithium batteries you can put in your carry-on, provided they are for personal use.

  1. You Can Put Lithium-Battery Powered Devices in Carry-Ons or Checked Baggage

The FAA prefers that you store your lithium-battery powered devices in a carry-on. However, if that is impractical, you can put them in checked baggage.

If you are going to store a lithium-battery powered device in checked baggage, it is important to take a few safeguards. You need to turn off the device, but before doing so, you should disable any features that could turn it back on, such as an alarm clock. In addition, you need to pack your device so that it is protected from accidental activation and physical damage. For example, if an unprotected device is placed next to a hardcover book in a suitcase, rough baggage handling or turbulence could cause the book to shift and inadvertently turn on the device.

  1. You Need to Fix Before You Fly

Physically damaged lithium batteries can cause fires and other serious problems. Thus, it isn’t surprising that you are not allowed to take damaged batteries on flights, no matter whether they are spares or inside devices.

You are also not allowed to take defective lithium batteries and lithium-battery powered devices with battery safety issues on flights for the same reason. The FAA uses the US Consumer Product Safety Commission’s Recall List to determine what defective items to ban. For example, the FAA has banned certain Apple MacBook Pro laptops and HP ProBook notebooks based on this list. Apple and HP have recalled these devices because their batteries can overheat and cause a fire. If you have one of these devices, you are required to have the problem fixed per the manufacturer’s instructions before you fly with it.

While most people would agree that banning physically damaged lithium batteries is a good idea, there is no easy way to enforce the ban. Transportation Security Administration (TSA) agents might notice that a spare battery is damaged when checking carry-ons, but they do not check the batteries inside devices. A device owner might not even realize damage exists, as opening the device to check the battery might need to be done by the manufacturer or an authorized service provider.

Similarly, these is no easy way to enforce the ban on recalled lithium batteries and lithium-battery powered devices. The FAA admitted this in a Safety Alert for Operators (SAFO) report:

“It should be noted that is often difficult to distinguish products that are subject to a recall from those that are not. Many product recalls only affect certain batches of serial numbers of the same product model. Other recalled products carried by passengers or shipped as cargo may have already been repaired or had the defective lithium batteries replaced. Therefore, active screening methods at the point of acceptance or check-in may be difficult.”

So, if your lithium battery or lithium-battery powered device has been recalled and you haven’t had the problem fixed yet, you probably could get away with bringing it on your next flight. But given the seriousness of the potential risks, you probably wouldn’t want to anyway.

Have an Android Smartphone? Beware of Agent Smith

Agent Smith is frightening Google Android users around the world. This malware has replaced legitimate apps with malicious versions on 25 million Android devices. Here is what you need to know.

Around 25 million Google Android devices have been infected with a new variant of mobile malware. Once on a device, it replaces legitimate apps with malicious versions, which has led researchers to refer to this malware as “Agent Smith” — the iconic villain in “The Matrix” movie trilogy who transforms from a system agent (i.e., an AI program) to a self-replicating virus that spreads itself at an alarming rate.

The malicious versions of the apps bombard victims with ads from which the cybercriminals profit. While most of the victims are located in India (15.2 million), there are nearly a half a million victims in the United States and the United Kingdom.

How the Malware Works

Agent Smith is sophisticated malware that works in three stages:

  1. Cybercriminals trick people into installing a “dropper app” from an app store or website. A dropper app is a repacked legitimate program that contains an encrypted malicious payload. Because the payload is encrypted, it is not initially identified as malware by basic mobile security software. The dropper apps are typically weaponized games, photo utilities, media players, system utilities, and adult entertainment programs. Researchers even found 11 apps in the Google Play store that contained dormant code related to Agent Smith. (Google has removed these programs.)
  2. The dropper app decrypts the malicious payload into its original form — an Android installation (.apk) file — and uses known vulnerabilities to install the core malware. The core malware is usually disguised as a Google-related updater or “com.google.vending” file. Plus, its icon is hidden, making it even harder for users to know the malware is installed on their devices.
  3. The malware cross-checks the list of apps installed on the device to the list of apps that the hackers have weaponized. If there are any matches, it replaces the legitimate apps with the weaponized ones.

Although Agent Smith is designed to display fraudulent ads at this point, it has the potential to carry out more dangerous types of activities. The researchers noted that “it could easily be used for far more intrusive and harmful purposes such as banking credential theft and eavesdropping. Indeed, due to its ability to hide its icon from the launcher and impersonate existing user-trusted popular apps, there are endless possibilities for this sort of malware to harm a user’s device.”

How to Protect Your Android Device

To protect your Android device from Agent Smith and other mobile malware, you can take several precautions. For starters, you should not install apps from untrusted sources. Although malicious apps are sometimes found in the Google Play store, it is still safer to download apps from Google Play than third-party app stores and websites.

Another important measure to take is to install operating system, app, and firmware updates as soon as they are available. This will help protect your device from malware that exploits known security vulnerabilities. With the vulnerabilities patched, cybercriminals might not be able to install their malware on your device.

Finally, you should use an advanced mobile security solution. Security software that uses advanced threat detection and prevention technologies will better protect your device against sophisticated malware like Agent Smith. We can help you pick the best mobile security solution for your device.

Fake eFax Messages: A New Spin on an Old Phishing Trick

Hackers are again using fake eFax messages in phishing attacks, but the latest campaign has a new spin. Learn about their latest ploy.

In July 2019, security researchers announced the discovery a phishing scam that involved fake eFax messages. For years hackers have gone phishing using fake eFax messages, but this latest campaign caught the researchers’ attention. They found that it has a new spin. It infects victims with two different types of malware — a banking trojan and a remote access tool.

How the Scam Works

This latest phishing scam begins like its predecessors. Recipients receive an email supposedly from eFax. This fake eFax message tells the recipients they have received a fax. To view it, all they need to do is download the attached ZIP file and open the file inside it with Microsoft Word. However, the ZIP file actually contains a Microsoft Excel spreadsheet instead of a Word document. The spreadsheet contains a malicious macro — a series of commands that the hackers put together for nefarious purposes.

If the recipients open the spreadsheet and enable the macro, the commands initiate a process that results in the Dridex banking trojan and the Remote Manipulator System Remote Access Tool (RMS RAT) being installed on their computers. Dridex is designed to steal bank account credentials. RMS RAT lets the hackers remotely access and manipulate the victims’ computers. For example, they can transfer files, log keystrokes, and tamper with Windows Task Manager and other system utilities.

Having both types of malware installed lets hackers wreak twice as much havoc. It also gives them a backup communication channel in the event that one of the malware programs is detected and removed, according to researchers.

How to Protect Your Business

There are multiple measures you can take to protect your company against this type of attack. For starters, you can train employees on how to spot phishing emails. In this instance, there were several red flags. Although the message sported the official eFax logo, it included spelling and grammar errors. Plus, the message said to open the attached file with Word when it was an Excel spreadsheet.

During the training on how to spot phishing emails, it is important to let employees know they should not open attachments from unknown senders. In this case, a much safer alternative is for employees to view their faxes from the eFax website.

Another measure you can take to protect your company is to configure Excel and Word so that employees cannot enable macros. Macros are automatically disabled by default, but users are notified this has occurred and are given the option to enable them. You can change the macro setting so that macros are automatically disabled without any notification. That way, employees will not get a notification or the option to enable them. Alternatively, if your company uses digitally signed macros, you can select the option that disables all macros except those that are digitally signed.

There are additional measures you can take to defend against banking trojans, remote access tools, and other types of malware. We can go over your options and help you develop a comprehensive security strategy.

Equifax to Pay up to $425 Million to People Affected. Are you Included?

In 2017 Equifax publicly announced that a data breach occurred and exposed personal information of 147 million people. Find out if you’re eligible to claim benefits.

The Federal Trade Commission posted information about the settlement late July on its website and encourages claims to be filed immediately. The credit-check company, Equifax, has reached an agreement with the FTC to offer a cash settlement, or free credit monitoring, and additional cash to those affected by the breach in terms of costs associated to repairing credit, accounts, etc.

To file a claim, go to EquifaxBreachSettlement.com. The deadline to file is January 22, 2020.

To find out if you are eligible to file a claim, go to the eligibility page and enter in your last name and last 6 digits of your social security number.

Claim Benefits

You may choose between two options of benefits:

  1. Ten Years of Free credit monitoring – This includes four (4) years of free credit monitoring between all three major bureaus and up to $1,000,000 of identity theft insurance. An additional six (6) years extra of free monitoring within the bureau (Equifax.)
  2. Cash Payments (capped at $20,000 per person) – This will be awarded to those that can prove losses from unauthorized charges to accounts, the fees associated with your accounts freezing, and any professional fees paid due to the data breach.

Initially, cash payment options were announced at $125 per person but with the inundated amount of claims that are being received, there will be less payout per person as the settlement is capped. $31 million of the $425 million settlement is set aside for automatic $125 payment claims, but may be a lower individual amount according to amount of claims. If you have already filed a cash payout claim and want to change to the credit monitoring option, the administrator will email to all filed claims the option to switch before payouts are issued. Payments will go out to those directly affected and proving costs associated with the breach with higher priority.

If choosing the cash payment option, beware that payouts will not be administered until January 23, 2020 and may be delayed further until allowed by the court. To learn more about the Equifax settlement, visit the FTC Data Breach Settlement page directly.

How to Determine Which IT Policies Your Company Needs

Having too few or too many IT policies can lead to problems. Here is a common-sense approach you can use to determine which IT policies your company needs.

Having too few IT policies can lead to problems. Policies are needed because the rules and requirements documented in them help ensure that a company’s IT resources are being used appropriately, productively, and securely.

Having too many IT policies can also be problematic. Policy overload can make employees feel that they are not trusted or allowed to think on their own, which can cause discontentment. It can also lead to employees not reading the policies, which means they might not be adhering to crucial ones.

To find the right balance, you can use a common-sense approach to determine which IT policies your company needs. This approach is also useful when determining what to include in those policies.

What to Do

Lists of must-have IT policies are easy to find. However, creating IT policies based on a one-size-fits-all list can result in unnecessary or missing policies. A better approach is to first identify the situations in which your company needs documented rules and requirements and then create policies to meet those needs. Common situations include:

The need to comply with laws or regulations that include IT-related requirements. An increasing number of laws and regulations are including IT-related requirements, such as the need to protect people’s privacy and properly secure their personal data.

If your company must comply with any laws or regulations that include IT-related requirements, you should check to see whether they mandate the creation of certain IT policies. For example, if you collect personal information from California residents on your company’s website, California state law requires you to post a privacy policy on that site that lets people know the types of personal data being collected and other pertinent information. Similarly, both the Security Rule and Privacy Rule of the US Health Insurance Portability and Accountability Act (HIPAA) stipulate that organizations under its jurisdiction must establish and implement policies to comply with the rules’ provisions. Even if a law or regulation does not specifically state that certain policies must be created, it is a good idea to do so. Having IT policies in place will help ensure compliance.

The need to document and formalize privacy practices.Laws and regulations like HIPAA are impacting most businesses, even those that do not have to comply. They are bringing to light people’s desire to have more control over their personal data and the assurance that their data is being properly handled and secured. If you want to let your customers and employees know that you are serious about protecting their privacy and personal data, it is important to create a privacy policy, assuming the information is not covered elsewhere (e.g., in the policies mandated by HIPAA). In the privacy policy, you can document how your company is collecting, storing, using, and disposing of customers’ and employees’ personal data.

Not sure where to start? We have helped many of our clients write their IT policies and we can help you get your act together as well! It is vital to have set policies in place. Give us a call at 800-421-7151 to learn more.

Windows 10 Mobile Is on Its Way to the Digital Graveyard

Microsoft is ending all support for Windows 10 Mobile devices. Here are some dates you need to remember if you are using this device.

Windows Mobile devices will soon join Palm Pilot PDAs, BlackBerry devices, and Betamax players in the digital graveyard. On December 10, 2019, Microsoft is ending all support for Windows 10 Mobile. It is the official end to the software giant’s failed foray into the smartphone market.

What to Expect

Windows 10 Mobile smartphones and their apps will still work on December 10, 2019, and beyond. However, Microsoft is recommending that customers move to a Google Android or Apple iOS device before then — and for good reason. Once the support ends, Microsoft will no provide feature updates, free technical assistance, or new online technical content for the Windows 10 Mobile operating system. More important, the operating system will no longer receive security updates. As a result, it will not be protected against new mobile malware or new attack vectors, making the operating system more vulnerable to cyberattacks. To make matters worse, hackers often launch new attacks that target unsupported operating systems.

Although Microsoft is ending support for the operating system on December 10, 2019, it is gradually phasing out the Windows 10 Mobile backend services. For example, users will be able to create new device backups until March 10, 2020. Even better, they likely will be able to restore their devices from existing device backups until December 10, 2020. Other services such as photo uploads will also likely continue until December 10, 2020.

The lifecycles of apps on Windows 10 Mobile devices are independent of the operating system’s lifecycle. Thus, it is up to the app developers to decide whether or not they want to continue support for their apps once support for the Windows 10 Mobile operating system ends.

Time to Move On

If you or your employees are still using a Windows 10 Mobile device, it’s time to start looking at alternatives, such as Android or iOS smartphones. We can help you sort through your options and recommend viable alternatives based on your needs.

5 Ways to Protect Your NAS Device from Ransomware

Network-attached storage (NAS) devices are common targets of ransomware attacks. Find out why NAS devices are often attacked and what you can do to protect your storage device and the data in it.

Small and midsized businesses often use network-attached storage (NAS) devices for file sharing, storage, and backups. Because these devices are used to store a large amount of data and are often connected to the Internet, they are prime targets for ransomware attacks. For example, on July 19, 2019, cybercriminals launched ransomware attacks against NAS devices made by Synology. And on July 10, 2019, researchers sounded the alarm about ransomware attacks against NAS devices sold by QNAP Systems.

If your business uses a NAS device, you need to protect it against ransomware and other types of malware. Here are five measures you can take to protect the device and the data in it:

  1. Change the Default Credentials

In both of the July 2019 ransomware campaigns, cybercriminals used brute-force attacks to initially gain access to NAS devices through the administrator account. In brute-force attacks, automated tools systematically try account name and password combinations in hope that default or weak credentials are being used for the administrator account.

To protect your NAS device, you should disable the default administrator account (which is often named “admin”) and create a new admin account with a hard-to-guess account name. (Typically, you cannot simply rename this account.) When you are setting the new account’s password, make sure it is strong and unique. If your NAS device supports two-step authentication, it is a good idea to use it.

  1. Make Sure SSL Is Enabled

Secure Sockets Layer (SSL) should be enabled if any employees access your NAS device remotely through a web portal. When SSL is used, the connection is encrypted so hackers won’t be able to see the credentials (and any other data) being transmitted to the device. A quick way to see whether or not the connection is encrypted is to check the portal’s URL. If it begins with “https:”, the connection is encrypted. If it starts with “http:”, you should enable SSL.

  1. Update the Software Regularly

NAS devices include operating system software. Regularly updating this software is crucial, as the updates often fix recently discovered security vulnerabilities. For instance, the ransomware used to attack QNAP Systems’ NAS devices exploits known security vulnerabilities. Although QNAP Systems has released updates that fix those issues, the ransomware victims did not have those updates installed on their NAS devices. Had the updates been installed, the attacks wouldn’t have been successful.

Similarly, it is important to regularly update other applications that are installed on your NAS device.

  1. Back Up the Data Regularly

Cybercriminals are constantly devising new and more sophisticated ways to spread ransomware. So, despite your best efforts to secure your NAS device, a ransomware attack might still be successful. To avoid having to pay the ransom, you should routinely back up the data on your NAS device. Some NAS device vendors even offer a cloud backup service for this purpose.

  1. Take Advantage of Built-In Security Options

NAS devices often include security options that you can use. For example, they might have:

  • An auto-block option. This feature blacklists IP addresses after a certain number of failed log-in attempts. This can thwart hackers’ attempts to use brute-force credential-cracking tools to access the devices.
  • The ability to encrypt the data being stored. Some NAS devices encrypt data when it is at rest. That way, if cybercriminals somehow get ahold of the data, they won’t be able to see or use it.
  • A built-in firewall. NAS devices sometimes have built-in firewalls that will automatically block connections that the devices do not recognize. You can usually customize the firewall’s rules so that you can keep certain connections open but block all other connections.

Don’t Forget about the Network

In addition to protecting your NAS device and routinely backing up the data on it, you need to secure the network in which the device is placed. How to do so will depend on your network’s components and configuration. We can assess your network and create a customized plan to better secure it.

Apple Is Recalling MacBook Pro Laptops Due to Possible Fire Hazard

The batteries in some 15-inch MacBook Pro laptops are overheating. Find out how to check whether your laptop is affected and learn about some other Apple devices being recalled.

Apple is recalling certain 15-inch MacBook Pro laptops due to a potential fire hazard. Apple has received 26 complaints about the laptops’ batteries overheating and causing minor burns, smoke inhalation, and minor damage to nearby personal property, according to the US Consumer Product Safety Commission.

The 15-inch MacBook Pro laptops were sold primarily between September 2015 and February 2017 through Apple’s website, Apple’s retail stores, and other electronics stores. Around 458,000 were sold in the United States and Canada.

How to Determine If Your Laptop Is Part of the Recall

Not all of the 15-inch MacBook Pro laptops sold are affected. To determine if your device is part of the recall, you need to check your device’s serial number. Follow these steps:

  1. On your laptop, select “About This Mac” from the Apple menu.
  2. On the “General” tab, check to see if the model is “MacBook Pro (Retina, 15-inch, Mid 2015)”. If that is not the model listed, your laptop is not part of the recall. If that is your model, proceed to the next step.
  3. Write down your computer’s serial number, which will also be listed on the “Overview” tab.
  4. Go to the 15-inch MacBook Pro Battery Recall Program web page and enter your computer’s serial number in the box provided.

If your laptop is one of the models being recalled, you should stop using it. Apple will replace the battery for free in an Apple Repair Center. You can drop off your laptop at an Apple retail store or Apple-authorized service provider. Another option is to mail your laptop to the Apple Repair Center, but you first need to contact Apple Support to arrange it. Apple estimates that it will take one to two weeks to service your laptop.

Before you get your battery replaced, it is important to back up all the data on your laptop. If you need assistance performing the backup, give us a call.

Other Apple Devices Being Recalled

Other Apple devices are also being recalled for various reasons. Here are four other recalls issued in 2019:

  • The keyboards in certain MacBook, MacBook Air, and MacBook Pro devices are not working correctly. Letters or characters might repeat unexpectedly or not appear at all. Plus, keys might feel “sticky” or respond in an inconsistent manner. For more information about this recall, see the Keyboard Service Program for MacBook, MacBook Air, and MacBook Pro web page.
  • The display backlight in some 13-inch MacBook Pro laptops works incorrectly or stops working entirely. For more information, see the 13-inch MacBook Pro Display Backlight Service Program web page.
  • In “very rare” rare cases, the Apple three-prong AC wall plug adapter is breaking and creating a risk of electrical shock if exposed metal parts are touched. The adapters are primarily used in the United Kingdom, Singapore, and Hong Kong. For more information, see the Apple Three-Prong AC Wall Plug Adapter Recall Programweb page.
  • The main logic board in certain 13-inch 2018 MacBook Air devices are experiencing power issues. Although Apple has not yet listed this problem on its Exchange and Repair Extension Programs page as of July 1, 2019, an internal memo to repair staff members states that they should replace the main logic board in affected devices at no cost to customers.

5 Common Misconceptions about Hybrid Clouds

The concept of a hybrid cloud is still hazy in many people’s minds. Here are five common misconceptions about hybrid clouds set straight.

Despite being introduced back in 2011, the concept of a hybrid cloud is still hazy in many people’s minds. This is understandable given that there are many misconceptions about what hybrid clouds are and how businesses use them.

Here are five common misconceptions about hybrid clouds set straight:

  1. Hybrid Cloud Deployments Contain Hybrid Clouds

In cloud computing, there are three main cloud deployment models: private, public, and hybrid. This concept is often expressed as simply “there are three types of clouds: private, public, and hybrid”.

Although accurate, the shorter version is a bit vague. As a result, it can lead to an erroneous assumption that hybrid cloud deployments contain hybrid clouds, just like public cloud deployments contain public clouds and private cloud deployments include private clouds.

In reality, hybrid cloud deployments contain both private and public clouds. The private and public clouds operate independently, but data or applications move between them. The latter is a key element in hybrid clouds. If data or application portability is not present, it is simply an environment in which both private and public clouds are used.

  1. Few Companies Use Hybrid Clouds

A common misconception is that few businesses use hybrid clouds — and those that do are large companies. However, many companies of all sizes have hybrid cloud environments. One 2019 report found that 35% of small and midsized businesses and 58% of large companies have hybrid cloud strategies in place. And the numbers are expected to rise. Gartner is even predicting that using hybrid clouds will become the standard.

  1. Hybrid Clouds Are Only for Retailers

Retailers often use hybrid clouds to deal with spikes in IT demand during the holiday shopping season. They run their applications run in a private cloud. When the private cloud reaches its capacity, the overflow is sent to a public cloud. This is known as cloud bursting.

While well-suited for retail operations, cloud bursting is not limited to retailers. Other types of businesses can use this approach to handle spikes in IT demand. For example, a tax preparation service might use cloud bursting to handle the additional workload during tax season.

Plus, businesses in any industry can use hybrid clouds for tiered storage and disaster recovery. In the latter case, a company can set up its primary site in a private cloud and use a disaster recovery service in a public cloud for the secondary site. With this setup, crucial operations can quickly failover to the secondary site if disaster strikes.

  1. Data Management Is More Complex in Hybrid Clouds

People often think that managing data is more complex in a hybrid environment because both public and private clouds are used. However, the public and private clouds do not work in isolation. Thanks to the portability systems linking the two clouds, companies can easily move any amount of data at any time between the clouds.

Companies also have greater control over where data is handled and stored, making it easier to manage and secure the data. For example, they can use a public cloud to store non-sensitive data while storing sensitive data in a private cloud. Doing so lets companies prioritize their security efforts. They can concentrate more of their IT assets on securing the sensitive data, which can help mitigate the risk of noncompliance with regulations such as the European Union’s General Data Protection Regulation (GDPR).

  1. Hybrid Clouds Can Be Set Up Following a Standard Template

One of the elements in a hybrid cloud is the public cloud. Companies sometimes use the same public cloud services, which can lead to the expectation that there is a standard template companies can follow when setting up a hybrid cloud.

However, no such template exists, as hybrid clouds are tailor-made. The private cloud must be designed to meet a business’s specific needs. Similarly, the data and application portability systems need to be customized for the business.

We can help you design and implement a hybrid cloud optimized to meet your business’s requirements.

Slack is Now Public. Here’s Why it’s Different

On June 20th, 2019 the popular enterprise software business went public in a non-traditional method through a direct listing. Find out what this means for the $16 billion dollar tech company.

If you work in an office setting, chances are you have heard or have worked with the software sharing platform. This tool allows you to instant message and create separate channels for communication, file sharing, screen sharing, and searchable archive across all devices. A notable competitor of the software giant is Zoom Video Communications who went public this past April.

A Closer Look

Slack is only 5 years old and has claimed 10 million users on a daily basis, used by 65 of the Fortune 100, and in over 150 countries. That’s a powerful claim in the months leading up to the announcement of going public. With a projected growth rate of $590 million for 2020, Slack is gaining a 50% traction of growth when compared to the previous year’s earnings. This projects a strong pattern to continued growth, with estimators projecting almost $900 million in the 2021 fiscal year.

It was reported that Slack suffered a loss of $141 million in the past fiscal year. However, that is not deterring its estimated value rising with about 600 million shares now entering the New York Stock Exchange.

Going Public Through a Direct Listing

Slack went public on June 20th on the New York Stock Exchange under the ticker WORK, with its current 600 million shares starting at $38.62 per share. They are currently maintaining their rough value at $37.50 by the close of business on Friday, June 28th. When Slack announced they were going public, they stated it would be through a direct listing instead of the traditional manner. A direct listing means the company will not create and offer any more shares than the existing shares. Traditionally, shares are created in addition to those existing in order to raise money for the company. This means that once public, it’s up to its shareholders if they want to trade their shares. If no one wanted to, there would be none available for trade. With an opening price of $38.50 per shares, $12 higher than originally estimated at $26 per share, puts Slack’s market cap value at $17+ billion.  Spotify was another company to go public through a direct listing and was successful while others like Uber and Lyft saw a loss on their share value through direct listing.

With a powerful entrance into the public stock market, and its CEO Stewart Butterfield’s innovative ideas for the company’s future (which includes the idea to do away with email entirely), Slack won’t be slowing down.

Valuable Lessons Learned from the Massive AMCA Data Breach

Hackers stole the personal, financial, and medical data of more than 20 million patients who had used the online payment portal of a US medical bill and debt collector. Here are some valuable lessons you can learn without having to experience a data breach.

A US medical bill and debt collector, American Medical Collection Agency (AMCA), was the target of a data breach that persisted for seven months. Hackers stole the data of more than 20 million patients who had used AMCA’s online payment portal between August 2018, and March 2019.

By examining this data breach, you can learn some valuable lessons without having to experience one firsthand.

The AMCA Fiasco

When monitoring the dark web marketplace, Gemini Advisory security analysts discovered a database for sale that contained compromised US payment cards with accompanying information such as social security numbers, birthdates, and medical information. Upon investigation, they found that the database was likely stolen from AMCA’s online payment portal.

The security analysts attempted to notify AMCA by phone on March 1, 2019, but they did not get any response from the messages they left. So, they immediately contacted a federal law enforcement agency, which contacted AMCA. AMCA officials then confirmed that they had been breached.

It wasn’t until the beginning of June that patients were notified. Soon thereafter, numerous lawsuits were filed against AMCA and two of its clients Quest Diagnostics and LabCorp. The lawsuits were filed for two main reasons:

  1. Failing to protect patients’ data. The US Health Insurance Portability and Accountability Act (HIPAA) takes a serious stance on the relationship between a US healthcare provider and organizations (aka business associates) that protect health information on the provider’s behalf. HIPAA mandates that a healthcare provider must contractually ensure that its business associates comply with HIPAA’s Privacy Rule, which is why Quest Diagnostics and LabCorp are named in many of the lawsuits. Plus, the business associate itself is responsible for complying with HIPAA, which is why AMCA is named in many of the lawsuits.Both Quest Diagnostics and LabCorp have had security problems in the past. In November 2016, one of Quest Diagnostics’ Internet applications was breached. The hacker obtained the personal data of about 34,000 patients. In July 2018, LabCorp was the target of a ransomware attack, which caused the company to take certain systems offline for several days.
  2. Failing to notify patients about the breach in a timely manner.HIPAA mandates that healthcare providers notify patients within 60 days of first discovering a breach. However, AMCA didn’t notify potential victims until June 6, which is about three months after first finding out about the breach.Quest Diagnostics also notified victims in early June. However, the company contends that AMCA did not notify Quest officials in a timely manner. According to the Quest Diagnostics website, they received notification about “potential unauthorized activity” on May 14. But it wasn’t until May 31 that Quest officials found out how many patients were affected and the types of data stolen. The number of victims and the types of data stolen are eye-opening. Around 11.9 million patients had personal information (including Social Security numbers), financial records (including payment card and bank account numbers), and medical information (but not laboratory test results) stolen.Around 7.7 million LabCorp patients had personal and financial information stolen, but not their Social Security numbers since that information was never given to AMCA. Some LabCorp patients were upset that the company didn’t send them notification letters. LabCorp submitted a US Securities and Exchange Commission (SEC) filingabout the breach on June 4 and posted information about the incident on its website but did not send notification letters as of July 1. Notification letters might be sent in the future, though. The website noted “LabCorp will take additional steps that may be appropriate, including making any required notifications, once more is known about the AMCA incident.”

The victims weren’t the only ones upset about the AMCA data breach. Two US senators, the attorneys general from at least three states (ConnecticutIllinois, and Michigan), and other officials have launched investigations. The senators, for example, sent letters to Quest Diagnostics and LabCorp demanding to know about their security processes and teams, why the breach was not detected sooner, and how they manage their vendors. The senators sent a similar letter to AMCA.

On June 17, AMCA’s parent company, Retrieval-Masters Creditors Bureau Inc., filed for bankruptcy as a direct result of the data breach. The company experienced a “severe drop-off in its business”, according to bankruptcy papers. Quest Diagnostics and LabCorp were its largest customers. Like many other clients, they terminated their business relationship with AMCA once they found out about the breach. The high costs incurred because of the breach was another reason why the company filed for bankruptcy.

Lessons Learned

You can learn some valuable lessons from the AMCA data breach:

  • Companies can be held liable for their suppliers’ data breaches. Businesses that must comply with data privacy regulations such as HIPAA and the European Union’s General Data Protection Regulation (GDPR) can be held accountable for their suppliers’ data breaches. Since data privacy regulations are becoming more common, it is a good idea for businesses to consider this when selecting suppliers.
  • Businesses need to continually monitor their IT operations for suspicious activity that might indicate a data breach is occurring. Unlike ransomware, data breaches are typically carried out covertly. Knowing what to look for and continually monitoring for those signs can mean the difference between having a breach discovered in seven hours rather than seven months.
  • Companies must notify the victims affected by a breach in a timely manner. This is not just a HIPAA requirement. All 50 US states have legislation requiring private and government entities to notify individuals of data breaches if their personal data was stolen. Moreover, poorly handled notifications can exacerbate the impact of the data breach. Promptly notifying victims in a thoughtful manner can help lessen some of the negative feelings.
  • Data breaches are costly. In the bankruptcy filing, AMCA noted that it incurred substantial costs due to the incident, including having to spend $3.8 million to mail millions of notices to patients. It also spent $400,000 to hire IT experts to identify the source of the breach, diagnose its cause, and implement appropriate solutions.
  • Data breaches often lead to lost business — and worse. A data breach can result in losing existing customers, missing out on future business opportunities, and even having to file for bankruptcy or go out of business.

Bad News for Most Everyone Involved

Data breaches are bad news for everyone involved, except the perpetrators. Customers are at risk of getting their money or identities stolen because their personal data is up for grabs. Companies can lose their customers, reputation, and money. Due these serious ramifications, businesses need to strengthen their security defenses as well as have incidence response plans in place. We can help by discussing and assessing your company’s security measures and formulating an effective strategy to defend against data breaches. Call us 800-421-7151 to learn more.

Edit Microsoft Office Files in Google G Suite

Gone are the days of having to manually convert Microsoft Office documents to G Suite files. Find out how you can now read, edit, and comment on Office files in G Suite, without having to convert them.

Although Google G Suite is the leader in the productivity suites market (it has 62% of the market share as of July 1, 2019), Microsoft Office 365 still has a sizeable chunk (38%). As a result, it is not uncommon for G Suite users to need to open Office files. For example, they might need to work with Word files that customers, suppliers, or remote office workers send them.

In the past, G Suite users had to manually convert an Office document to a G Suite file in order to open and edit it. Alternatively, they could use the Office Editing for Docs, Sheets & Slides extension in the Google Chrome web browser. In either case, the resulting file was saved and stored as a G Suite file in Google Drive.

Those days are now over. In June 2019, Google rolled out an G Suite update. Once installed, users are able to read, edit, and comment on Office files in G Suite, without having to convert them. The documents are saved and stored in their original Office file type in Google Drive. G Suite users do not need to have Office installed on their computers to use this feature, which Google refers to as “Office editing”.

The ability to open and work with Office files in G Suite will be especially beneficial for collaboration. Both Office and G Suite users can work on the same Office document. As a result, they won’t have to keep two copies of the file (one in each file type) or have to continually convert the file.

Types of Files Supported

The Office editing feature is available in three G Suite apps: Google Docs, Sheets, and Slides. The free versions of these apps also have it. The Office file types that can be converted are:

  • Word files (.doc, .docx, and .dot)
  • Excel files (.xls, .xlsx, .xlsm, and .xlt)
  • PowerPoint files (.ppt, .pptx, .pps, and .pot)

Word, Excel, and PowerPoint files older than Office 2007 can be opened and edited. However, they will be automatically saved in a newer file format.

How to Use the New Feature

The Office editing feature is enabled by default, so there is only one task you need to do before using it. You must remove the Office Editing for Docs, Sheets, & Slides extension if it is present in your Chrome browser.

The new feature is easy to use. For example, if you want to edit a Word file that is in Google Drive, you follow these steps:

  1. Double-click the Word file in Google Drive.
  2. Click the “Open with Google Docs” option that is near the top of the preview pane that appears.
  3. Edit the document. When the file is in Google Docs, you will see its file type in the upper left corner, as Figure 1 shows.

All your changes will be automatically saved to the original Word file. If you want to save the edited file as a Google Doc instead, you can select the “Save as Google Docs” option in the “File” menu. Remember that we do not recommend editing files with sensitive personal information in Google Docs ever; there are more secure ways to collaborate. Call us at 800-421-7151 to learn more.

5 Ways You Can Better Protect Your Windows 10 Computer Thanks to the May 2019 Update

More than a billion adults have been the victims of cybercrime. Here are five security-related improvements rolled out through the Windows 10 May 2019 Update that can help you avoid becoming the next victim.

People fear cyberattacks more than physical attacks or robbery — and for good reason. More than 1 billion adults have been the victims of cybercrime, with 800 million of them occurring in 2018 alone.

Taking measures to protect your devices can help mitigate the risk and fear of becoming a victim. The more security measures you implement, the better protected you’ll be. Toward that end, Microsoft keeps adding new and improved security tools and functionality to Windows 10 through feature updates. Here are five security-related enhancements that Microsoft rolled out through the Windows 10 May 2019 Update (version 1903) that you might want to take advantage of to better protect your Windows 10 computer:

1. New Password-Less Way to Create and Sign In to Microsoft Accounts

Microsoft believes that passwords are “inconvenient, insecure, and expensive” so it is on a quest to create “a world without passwords”. As part of this endeavor, Microsoft has been providing alternative authentication methods through Windows 10 feature updates and other venues. The Windows 10 May 2019 Update introduces a new way you can set up and log in to your Microsoft account that does not involve using a password.

This is how it works: When you first sign in to Microsoft on a new or reset computer, you provide the phone number that is associated with your Microsoft account. Microsoft will then send you a text message that contains a security code, which you enter in the sign-in screen. Once logged in, you finish setting up the account. Afterward, you need to select and set up an alternative authentication method. For example, you can use Windows Hello to set up biometric authentication (e.g., face or fingerprint recognition).

2. Redesigned “Sign-in options” Page in the Settings App

Microsoft redesigned the “Sign-in options” page in the Settings app to make it easier for Windows 10 users to select and set up an alternative authentication method if desired. Once the May 2019 Update is installed, the “Sign-in options” page — which you can find in the “Accounts” section of the Settings app — clearly outlines the available authentication methods. For example, the indistinct “Windows Hello” option has been replaced with the three main authentication methods available using this solution: “Windows Hello Face”, “Windows Hello Fingerprint”, and “Windows Hello PIN”. Plus, the “Sign-in options” page now includes the “Security Key” option so that you can set up a physical security key (e.g., USB security key) directly from that page.

Besides making it easier to select and set up alternative authentication methods, Microsoft has redesigned some of the supporting processes. For instance, the process used to reset Windows Hello PINs has been streamlined. It is now more like the process used to reset passwords online.

3. Enhancements in the Windows Security App

The Windows Security app lets you view and manage Windows 10’s built-in security tools, such as Windows Firewall and Windows Defender Antivirus. Two enhancements to Windows Security are being rolled out through the May 2019 Update:

  • “Tamper Protection”. This new feature is designed to protect against unauthorized changes to security settings in Windows 10. It alerts you if someone or something (e.g., an app) is trying to change an important security setting.
  • Redesigned “Protection History” page. This page shows the actions taken by the Windows Security app to protect your computer. It now includes information about attempts to access controlled folders but were blocked by either the “Controlled folder access” tool in the Windows Security app or an Attack Surface Reduction Rule. Microsoft also made the information about the threats detected by Windows Defender Antivirus more detailed and easier to understand.

4. Windows Sandbox

You can save money by using free apps from the Internet. However, there is always the risk that the apps contain malware. The new Windows Sandbox provides you with a safe way to test potentially dangerous apps.

When you launch Windows Sandbox, it uses virtualization technology to create an isolated desktop environment, which is called a sandbox. You then install the untrusted app in the sandbox and run it. If the app contains malware, it won’t infect the computer. When you close Windows Sandbox, the app and all its files are permanently deleted. Windows Sandbox is available in Windows 10 Pro and Windows 10 Enterprise only.

5. Better Control Over Who Can See and Hear You

Spyware is a threat to both individuals and businesses. Hackers use it to get sensitive data or images, which they sell on the dark web marketplace. One way cybercriminals spy on their victims is by using the computers’ microphones and cameras.

To help detect spyware, the May 2019 Update adds a new icon that appears when a computer’s microphone is being used. You can find out which app is using it by hovering your mouse over the icon. If more than one app is using the microphone, it will display the number of apps using it.

In addition, you can now specify whether websites can use your camera and microphone if you use Windows Defender Application Guard. When Application Guard is enabled, Windows 10 launches Microsoft Edge in an isolated virtualized environment so that malicious web pages won’t harm your computer. Application Guard is available in Windows 10 Pro and Windows 10 Enterprise only.

Save Time by Setting Up Rules in Outlook and Gmail

Slogging through numerous emails every day takes time. Declutter your Inbox by taking advantage of Microsoft Outlook’s and Google Gmail’s filtering functionality.

If you are like most people, you receive numerous emails at work. Employees receive an average of 126 emails per day, according to one study. Having to slog through that many emails takes time — time that you could put to better use. However, you’re afraid that if you don’t take the time, you might miss seeing an email that needs your attention.

In situations like this, you can have your email program automatically move, archive, or delete emails so that you do not have to periodically declutter your Inbox. To do so, you just need to set up a few rules. Both Microsoft Outlook and Google Gmail offer this functionality.

For example, suppose you subscribe to several email newsletters that you read when you have the time. You can move them to a folder named “My Newsletters” so they do not clutter up your Inbox, letting you easily see the other emails that have arrived. Here is how to create the rule that will automatically move the newsletters for you in Outlook and Gmail.

Automatically Moving Emails in Outlook

Like most operations in Outlook, there are several ways to create rules. Here is the easiest way if you are moving folders:

  1. Open Outlook and create a folder named “My Newsletters” in the list of folders. (Right-click where you want to put it, select “New Folder”, and enter the name.)
  2. In your Inbox, find one of the email newsletters you want moved, right-click it, and select “Rules”.
  3. In the submenu that appears, select the option “Always Move Messages From: xxxx” (where xxxx will be the newsletter’s display name or email address).
  4. In the “When I get email with all of the selected conditions” of the “Create Rule” window, select the option “From xxxx” (where xxxx will be the newsletter’s display name or email address). Make sure the other two options in this section are not selected since you want all emails from this source moved.
  5. In the “Do the following” section, check the “Move the item to folder” box and click the “Select Folder” button.
  6. In the “Rules and Alerts” window that appears, select the “My Newsletters” folder, and click “Okay”.
  7. In the “Confirmation” window that appears, specify whether you want to run the rule on messages already in your Inbox and click OK.
  8. Repeat steps 2 through 7 for your other email newsletters.

These steps work in Outlook for Office 365 and Outlook 2007 and later.

Automatically Moving Emails in Gmail

To set up the same rule in Gmail, follow these steps:

  1. Open Gmail and create a label (aka folder) named “My Newsletters” in the menu on the left. (Click “More”, select “Create new label”, enter the name, and click “Create”.)
  2. In your Inbox, find one of the email newsletters you want automatically moved. Check the box next to the email.
  3. Click the vertical ellipsis near the top of the page and select “Filter messages like these”.
  4. In the window that opens, you will see the newsletter’s email address or display name in the “From” field. Click the “Create filter” button at the bottom of the window.
  5. Check the “Skip the Inbox (Archive it)” box, as Figure 1 shows. Selecting this option is important. If you do not select it, the newsletters from this source will appear in both your Inbox and the “Read Later” folder, which will clutter rather than declutter your email app.
  6. Check the “Apply the label” box and select the “My Newsletters” folder you created.
  7. Check the “Also apply filter to x matching conversations” box, where x will be how many existing newsletters from that source you currently have in your Inbox. By checking this box, those newsletters will also be automatically moved to the “My Newsletters” folder.
  8. Click “Create filter”.
  9. Repeat steps 2 through 8 for your other email newsletters.

You can do much more with rules. We offer training to help you get the best out of your applications. Email us at training@wamsinc.com. We can help you set up more advanced rules so you can save even more time.

Is Your SaaS Data at Risk?

Companies that assume their SaaS provider will restore application data they accidentally lose are risking permanently losing that data. Learn why SaaS providers are not required to restore this data and what you can do to avoid permanent data loss.

Software as a Service (SaaS) is the largest segment of the cloud computing market, with revenue expected to reach $113 billion by 2021. A large part of this revenue will be from businesses. They have wholeheartedly embraced using applications hosted in public clouds, thanks to such offerings as Adobe Creative Cloud, Google G Suite, Microsoft Office 365, Salesforce, SAP Cloud ERP, and Slack.

Using SaaS applications is popular in the business community because companies do not have to purchase or maintain the applications they are using. The SaaS providers own the applications, which they typically offer on a subscription basis. The providers maintain the applications and the infrastructure on which the programs run. As a result, they are responsible for protecting against data loss due to operational failures such as the infrastructure breaking down. However, the vast majority of SaaS providers explicitly state in their terms and conditions that subscribers are also responsible for protecting against data loss, according to a Forrester report. Specifically, subscribers need to make sure protections are in place so that they do not permanently lose their application data due to events such as data being accidentally deleted, data becoming corrupted, and insider attacks. One crucial protection is being able to restore data from backups.

Most SaaS providers have robust processes in place for backing up and restoring application data in case an operational failure occurs. Although they could potentially use these backups to restore data that subscribers lose due to accidental deletions and other misfortunes, it is up to each provider to decide whether or not to do so. In other words, if a subscriber loses data through no fault of the SaaS provider, the provider is not obligated to use its backups to fulfill the subscriber’s request to restore the lost data.

Some providers choose to offer a data restoration service. However, it’s not uncommon for them to charge a hefty fee, build in lengthy turnaround times, or impose restrictions on what types of data they will restore.

Dangerous Assumptions

Despite the facts, 95% of companies assume their SaaS provider will restore any application data they lose, according to a IDG Research study. Companies that make this assumption are putting themselves at risk. They could permanently lose application data if the provider’s policy is to not restore data that subscribers have lost.

It is also risky for companies to assume that they never will lose any data. Data loss is common. For example, 58% of businesses participating in the IDG Research study reported they suffered a data loss of some kind in the past year. The top three reasons for the loss were accidental deletions, data lost during migration, and inadvertently overwriting correct information with incorrect data — all events that fall under the companies’ responsibility.

What You Can Do to Protect Your Company’s SaaS Data

If your company uses a SaaS application, you need to make sure you will be able to restore both large and small amounts of your application data. A good starting point is to check your service level agreement or talk with your SaaS provider to see whether it handles data restoration requests for subscribers that have lost application data. If your provider offers this service, it is important to find out how long it typically takes, whether there are any restrictions, and the fee.

While a few SaaS providers offer comprehensive restoration services that are fast and fairly priced, many do not. If your provider falls into the latter category or does not offer a data restoration service, your options include:

  • If your SaaS provider offers a restoration service but the terms are unacceptable, you might try negotiating with the provider. For example, you might be able to negotiate a quicker turnaround time or lower fee.
  • Manually exporting application data. Some SaaS providers offer tools that let you manually export application data. However, restoring individual records (e.g., individual files or emails) from exported application data is usually impossible, so you would need to restore all the application data.
  • Using an on-premises backup solution. On-premises solutions designed specifically to back up and restore SaaS application data are available. You purchase the backup software and install it on a computer in your facility, which means you will have full control over the backup and restoration processes. These solutions typically have a user-friendly interface and advanced search capabilities so you can easily find the data you want to restore. Restoring one record or all of them is fast since the backup files are onsite. However, you are responsible for installing, configuring, and maintaining the software. You also need to purchase, set up, and maintain the storage infrastructure that will house the backup files.
  • Using a cloud-to-cloud backup service. With cloud-to-cloud backups, a service provider backs up your SaaS application’s data to another public cloud or a private one. Since this service falls under the SaaS umbrella, the service provider (and not your company) is responsible for purchasing, installing, configuring, and maintaining the backup software and the storage infrastructure. Like with on-premises solutions, the cloud-to-cloud backup services typically feature an easy-to-use interface, advanced search capabilities, and the ability to restore one or many records. However, the restoration process might take a bit longer if the backup files are being stored in a public cloud.

When deciding which option to pursue, it is important to know that on-premises and cloud-to-cloud backup solutions are currently available for popular SaaS offerings like Office 365, G Suite, and Salesforce. However, finding an on-premises or cloud-to-cloud backup solution for less popular SaaS applications might prove difficult, as both markets are not mature yet. In time, though, these types of backup solutions will become increasingly available for lesser known SaaS applications.

We can help you evaluate your options based on the SaaS applications your business is using. With this information in hand, we can devise a backup and restoration strategy that will protect your SaaS application data against permanent data loss. Give us a call at 800-421-7151 to get started.

Running WhatsApp on Your Smartphone? Make Sure It Has the Latest Update

A dangerous security vulnerability has been found and exploited in WhatsApp. Here is what you need to know.

A security hole in the WhatsApp messaging app enables hackers to infect Google Android and Apple iPhone smartphones with malware. The vulnerability was discovered after hackers exploited it to install spyware on the phones of several lawyers and human rights activists. The spyware took over the functions of their devices’ operating system software.

A Dangerous Vulnerability

Security experts are calling the vulnerability in WhatsApp “very scary” — and for good reason. It allows cybercriminals to install malware through the app’s phone call feature. Worse yet, the targeted individuals do not even need to answer the phone to become infected. Plus, the malicious calls often disappear from the devices’ call logs.

WhatsApp has pushed out a patch to fix the vulnerability but is urging users to make sure it was installed on their phones. If you have an Android device, follow these steps:

  1. Open the Play Store.
  2. On the menu, tap “My apps & games”.
  3. Find and select “WhatsApp Messenger” in the list of installed apps.
  4. Tap “Read more” and scroll to the bottom.
  5. Under “App info”, make sure the version listed is 2.19.134.

If you have an iPhone, do the following:

  1. Open the App Store.
  2. Select the “Updates” tab.
  3. Scroll until you see WhatsApp under either “Pending” or “Updated recently”.
  4. Tap “More”.
  5. Make sure the version listed is 2.19.51.

If your device is running a version earlier than 2.19.134 (Android) or 2.19.51 (iPhone), you should update WhatsApp.

Smartphones Are as Vulnerable as Computers

The WhatsApp’s vulnerability and its exploitation highlight the fact that smartphones have become as unsecure and vulnerable as computers, according to security experts. For that reason, it is important to regularly update the apps and operating system software on your smartphone. Taking advantage of automatic updates makes this task effortless. If an app does not have an automatic update feature, you will need to regularly check for updates and manually install them.

Besides updating, it is a good idea to run security software. It can help detect known malware that gets unknowingly installed. Give us a call at 800-421-7151. We can recommend which security software to use as well as provide additional information on how to secure your smartphone.

Nearly 1 Million Windows Computers Have Serious Vulnerability

If any of your business’s computers are running older versions of Windows, you need to make sure they receive a patch that fixes a vulnerability known as BlueKeep. Discover what Windows versions have this dangerous vulnerability and where you can find the patches.

Nearly 1 million computers have this security hole, according to one report. To make matters worse, the proof-of-concept code demonstrating how the vulnerability can be exploited was partially released.

The vulnerability is found in Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003. It lies in the pre-authentication system used for Remote Desktop Services (formerly known as Terminal Services). This security hole is so serious that Microsoft has even released patches for Windows Vista, Windows XP, and Windows Server 2003, which have reached the end of their lifecycles and therefore are no longer officially supported.

Why the Vulnerability Is So Serious

BlueKeep has been rated as a critical vulnerability. One reason for this rating is that it’s “wormable”. This means that “any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” said Simon Pope, the director of incident response at the Microsoft Security Response Center, in a TechNet blog.

Pope reiterated this concern in a subsequent blog, adding that it only takes one vulnerable computer connected to the Internet to provide a gateway into a company’s network. Once inside, malware could spread from the initially compromised machine to other computers, even those that are not online. “This scenario could be even worse for those who have not kept their internal systems updated with the latest fixes, as any future malware may also attempt further exploitation of vulnerabilities that have already been fixed,” said Pope.

What to Do

No matter what versions of Windows your business is running, you should disable Remote Desktop Services if it is not being used. This is true even for Windows 10, Windows 8, Windows Server 2019, Windows Server 2016, and Windows Server 2012 machines — which do not have the BlueKeep vulnerability. Disabling this service will reduce your business’s attack surface.

Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003 machines need to be patched, even if you disable Remote Desktop Services on them. Here is the information you need to know:

Let us know if you need assistance in checking for or installing the patches to fix the BlueKeep vulnerability.

7 Ways Businesses Can Use Office 365 More Securely

Microsoft Office 365 has become a popular target for hackers. Here are seven measures your company can take to keep them at bay if you are using this cloud service.

Microsoft Office 365 has grown in popularity, which has made it a prime target for hackers. Threats in Office 365 have grown by 63% in the last two years, according to McAfee’s 2019 Cloud Adoption and Risk Report.

Companies subscribing to Office 365 Business and Microsoft 365 Business plans can take measures to use the cloud service more securely. Here are seven measures you might consider taking if your company is using Office 365:

  1. Use Two-Step Verification

More than 7.8 billion online accounts have been compromised through data breaches. These compromised passwords pose a significant threat, especially given the common practice of reusing passwords. A Virginia Tech study of 28.8 million online account holders over an eight-year period found that more than half of those individuals reused passwords or used slightly modified versions of them. Cybercriminals are aware that people reuse passwords, so they often try compromised credentials on multiple accounts using automated attacks.

Therefore, requiring employees to use unique, strong passwords for their Office 365 accounts might not be enough to protect those accounts. Requiring employees to use two-step verification is a much better strategy. With two-step verification, employees need to provide two pieces of information — such as a password and a security code — to log in. That way, even if the password has been compromised, a cybercriminal won’t be able to use it to hack the account. The US Cybersecurity and Infrastructure Security Agencynotes that this is the best mitigation technique to protect against credential theft for Office 365 users.

2. Use Administrator Accounts Only for Their Intended Purpose

Office 365 administrator accounts should only be used for their intended purpose — managing Office 365, according to a Microsoft report. Employees with administrative access should use separate user accounts for their other job duties. Two-step verification should be set up for the administrator accounts.

Microsoft’s Security Team, which is responsible for securing the company’s internal infrastructure, has a few other recommendations for protecting administrator accounts, including:

  • Using a separate device for administrative operations. Besides setting the device’s security controls at high levels, it is a good idea to not allow administrative tasks to be executed remotely.
  • Creating administer accounts in a separate namespace or forest that cannot access the Internet.
  • Providing non-persistent access by giving no rights to administrator accounts. When privileges are needed, they should be given for only a specific amount of time.

3. Change the Macro Settings

A macro is a series of commands grouped together. Some Office 365 apps (e.g., Word, Excel, PowerPoint) provide macro functionality so that people can use them to automate routine tasks. However, cybercriminals sometimes use macros to spread malware.

By default, macros are automatically disabled in Office 365 applications. However, users are notified when macros have been disabled and are given the option to enable them. To tighten security, businesses can change the setting so that macros are automatically disabled without any notification. When this setting is chosen, users will not get the security notification or the option to enable them. Alternatively, companies that use digitally signed macros can select the option that disables all macros except those that are digitally signed.

4. Make Sure Mailbox Auditing Is Enabled

Office 365 mailbox auditing tracks and records various actions performed by mailbox users, administrators, and delegates. For example, it documents when messages are deleted or moved to different folders. The information in the mailbox audit log is useful for investigating security issues and troubleshooting other types of problems.

Starting in January 2019, Microsoft enabled mailbox auditing by default. Prior to that date, companies had to manually enable it for user mailboxes. For this reason, it is a good idea for businesses to make sure it is currently enabled, especially if they have been using Office 365 before January 2019. When doing so, they can also learn what actions are being auditing and customize the audited actions if desired. Similarly, they can customize the length of time records are kept in the mailbox audit log. By default, records are deleted after 90 days.

5. Disable or Limit Support for Legacy Email Protocols

Businesses sometimes use legacy email protocols (e.g., IMAP, POP) to provide email services to users with older email clients that do not support modern methods of authentication (e.g., two-step verification). In some circumstances, cybercriminals are able to exploit support for legacy email protocols to bypass two-step verification and hack email accounts.

For example, during a six-month study of major cloud-service tenants, Proofpoint security researchers discovered that hackers were using IMAP to hack Office 365 and Google G Suite accounts. They analyzed more than 100,000 unauthorized logins across millions of cloud user accounts and found that about 60% of Microsoft Office 365 and G Suite tenants were targeted with IMAP-based attacks, with a quarter of the attacks resulting in successful account breaches. These attacks went unnoticed because they were designed to avoid account lockouts and look like isolated failed logins, according to the researchers.

Because such attacks are common and hard to spot, the Cybersecurity and Infrastructure Security Agencyrecommends that companies using Office 365 disable support for IMAP and other legacy email protocols. If certain employees have older email clients that need this support, businesses should limit the use of legacy email protocols to just those users.

6. Block Risky Email Attachments

Cybercriminals like to attach malicious files to emails. Opening the attachments starts a chain of events that can lead to the computer being infected with malware or compromised in some other way.

Word (.doc and .dot) and executable (.exe) files are most often used as malicious attachments, according to Symantec’s 2019 Internet Security Threat Report. Table1 shows other file types that are commonly used.

Table 1. Types of Files Commonly Used as Malicious Email Attachments*

Office 365 provides companies with the ability to block email attachments of certain file types. For example, businesses might want to block emails that contain an attached executable file.

Although Word and Excel files are often used to spread malware, companies do not necessarily have to block emails with those types of attachments. The attack vector in Word and Excel files is often a malicious macro. Changing Word’s and Excel’s macro settings so that macros are automatically disabled without any notification can mitigate much of the risk.

7. Block the Automatic Forwarding of Emails to External Addresses

Cybercriminals who gain access to an employee’s mailbox can configure it to automatically forward the person’s email messages to an external email account. By design, the auto-forwarding process operates silently in the background, so the employee won’t know it is occurring.

Hackers typically auto-forward employees’ emails to steal sensitive data or get the information they need to launch other types of attacks (e.g., Business Email Compromise attacks). To prevent this data theft, companies can configure Office 365 to block any emails being automatically forwarded to external email addresses.

Help Is Here

If you need help in implementing the seven security measures discussed, contact us at 800-421-7151. We can also provide additional recommendations on how to securely use Office 365.

5 Ways the May 2019 Update Can Make You More Efficient When Working with Windows 10

Microsoft has released the Windows 10 May 2019 Update. Here are five enhancements in this latest feature update that can improve your productivity.

On May 21, 2019, Microsoft released the Windows 10 May 2019 Update (version 1903). Learning from past mistakes, Microsoft did not rush to get the update out the door. Instead, it kept the update in the preview stage for a longer time in an effort to discover and fix all the major installation kinks.

To distribute the May 2019 Update, Microsoft is using a phased rollout through the automatic update feature in Windows Update. As a result, it might be several months before it reaches your computer. If you do not want to wait, you can manually initiate the installation process.

Since the May 2019 Update is a feature update, it includes many enhancements to Windows 10’s functionality. Here are five of them that can make you more productive:

  1. Update When It Is Convenient for You

Feature updates take a while to install, which can be a problem if you are busy much of the time. The May 2019 Update includes enhancements that give you more control over the Windows update process. For starters, all Windows 10 users will be able to pause feature updates for up to 35 days. Previously, only users of the Windows 10 Pro and Enterprise editions had this capability. Plus, when you click the “Check for updates” button in the Windows Update page of the Settings app, feature updates will no longer automatically install. You will have the option to download and install them immediately or schedule a time.

The May 2019 Update also enhances the Active Hours feature in Windows Update. You use this feature to let Windows Update know when you typically use your computer. That way, it won’t install updates or perform reboots during that time. The active hours are set from 8 am to 5 pm by default, but you can manually change them. After the May 2019 Update is installed, you will have another option: let Windows Update automatically adjust your active hours based on your machine-usage patterns.

  1. Search Without Cortana Bugging You

In the May 2019 Update, Cortana and Windows Search are going their separate ways. The task bar now has a Cortana button for voice queries and a search box for text searches rather than an all-in-one box.

The separation involves more than just a cosmetic change, though. Cortana and Windows Search are now distinct functions under the skin. As a result, Windows Search behaves more like its old self, before Cortana was introduced. The separation also means the settings to manage Windows Search’s permissions and history have moved. You can find them in the “Search Windows ” section of the Settings app.

  1. Automatically Turn On Focus Assist for All Apps Running in Full-Screen Mode

In Windows 10, a box periodically pops up letting you know that an email, text, or another type of message has arrived. These notifications can disrupt your concentration and even stop you from working since they cover the lower right corner of your screen. Focus Assist lets you block these notifications so that you can work more efficiently.

Up until now, you could either manually enable Focus Assist or configure it to run automatically:

  • During a certain time period each day
  • When you are duplicating your display (e.g., mirroring your computer screen for a business presentation)
  • When you are playing a game that uses DirectX technology in full-screen mode
  • When you are at home

The May 2019 update adds another option to that list. You can now configure Focus Assist to turn on when you run any app in full-screen mode.

  1. Remove More Unwanted Preinstalled Apps with Just Two Clicks

Like most operating system software, Windows 10 comes with apps that either Microsoft or the computer manufacturer preinstalls. Removing the built-in programs you do not want will clear up space on your computer, which can help boost your computer’s performance. When your machine works faster, so do you.

Windows 10 has always let you uninstall a few of the built-in apps from the Start menu by right-clicking the unwanted program and then clicking “Uninstall”. Thanks to the May 2019 Update, you can uninstall even more of the preloaded programs in this manner, including 3D Viewer, Calculator, Calendar, Groove Music, Mail, Movies & TV, Paint 3D, Snip & Sketch, Sticky Notes, and Voice Recorder.

  1. Insert Symbols Quickly

Including symbols such as dashes (—) and plus-minus signs (±) is common when writing emails, reports, and other business documents. However, getting those symbols into documents can be time-consuming because you need to open and click through several windows to find and insert them.

The May 2019 Update adds a quick way to access symbols. You just press the Windows and period keys (Win+.) on your keyboard at the same time and select the “Symbols” tab. You will also find “Emoji” and “Kaomoji” tabs, which let you insert emoticons.

1 Out of Every 101 Emails Is Sent by a Hacker

Does your business receive hundreds of emails each day? If so, there is a good chance some of them have been sent by hackers. Find out how to protect your business from malicious emails.

Most businesses receive hundreds of emails each day — and there is a good chance some of them have been sent by hackers. After analyzing more than 500 million emails sent in 6 months, FireEye researchers found that 1 out of every 101 emails sent is malicious. Spam is not included in this count. It includes only those emails sent by cybercriminals with the express purpose of pilfering money, stealing data, or compromising systems.

The vast majority (90%) of the malicious emails do not contain any malware, but they are far from being benign. They can be just as dangerous as those containing malware.

Hackers Are Using Both Old and New Tricks in Malware-Less Emails

Not surprisingly, around 80% of the malware-less emails were phishing attacks. In this type of attack, cybercriminals try to trick recipients into performing an action, such as clicking a link that leads to a malicious website. Phishing emails are generic so that they can be sent to a large number of targets, which is why the researchers found so many of them.

The remaining 20% of the malware-less emails were impersonation scams. These highly personalized emails try to con recipients into transferring money or revealing sensitive information. Cybercriminals spend a lot of time researching their targets in order to create legitimate-looking emails. Because these emails appear to be normal traffic, it is harder for email security solutions to detect them.

One of the cybercriminals’ favorite type of impersonation email is the business email compromise (BEC) scam. In this type of attack, cybercriminals masquerade as executives, supplier representatives, and other business professionals to con companies out of money. In 2017, hackers stole more than $675 millionfrom US businesses using BEC scams.

While the researchers found that hackers were still using old favorites like the BEC scam, they also discovered a new type of impersonation scam: impersonation emails that led to phishing sites, where login credentials were harvested or malware was uploaded to victims’ computers. By including phishing links, hackers can send out vaguer emails to a larger number of targets. Because these emails still include some personalization, the recipients are more likely to think the emails are from trusted sources and click the link compared to generic phishing attacks. As a result, the email open rate for this new type of impersonation email is similar to that for highly personalized impersonation emails, according to the researchers.

Common Ways in Which Hackers Try to Deceive Recipients

In both the new and old types of impersonation emails, the cybercriminals typically manipulate the entry in the “From” field to trick recipients into believing the messages are from legitimate senders. The techniques include:

  • Spoofing the display name of an email address (e.g., Jane Doe)
  • Spoofing the username (the portion before the @ sign) of an email address (e.g., JaneDoe@)
  • Creating and using a domain (the portion after the @ sign) that is similar to a legitimate one (e.g., @paypa1.com, @secure-paypal.com)

How to Protect Your Business from Malicious Emails

To protect your business from impersonation and phishing attacks as well as emails containing malware, you can use the stop, educate, and mitigate strategy:

Stop as many malicious emails as you can from reaching employees. To do so, you need to keep your company’s email filtering and anti-malware tools up-to-date. They can capture many phishing and malware-laden emails. You might even want to explore getting an email security solution that uses advanced technologies to catch malicious emails. In addition, make sure that employees’ email addresses and other potentially sensitive information (e.g., job titles) are not publicly available.

Educate employees so they can spot any malicious emails that reach their inboxes. While email filters often snag phishing attacks, they are not as good at stopping impersonation emails. Plus, most anti-malware software is only effective against known malware strains. Thus, it is important to educate employees about the types of malicious emails they might encounter and how to spot them (e.g., check for spoofed names in an email’s “From” field). As part of this training, be sure to inform them about the risks associated with clicking email links and opening email attachments. Plus, let them know how hackers find the information they need to personalize impersonation emails (e.g., social engineering).

Mitigate the effects of successful email attacks.Cybercriminals keep coming up with new ways to pilfer money, steal data, and compromise systems using email, so your company might fall victim to an attack despite everyone’s best efforts to prevent it. Taking a few preemptive measures might help mitigate the effects of a successful email attack. For example, since obtaining login credentials is the goal of many phishing emails, you should make sure each business account has a unique, strong password. That way, if a phishing scam provides hackers with the password for one account, they won’t be able to access any other accounts with it. Equally important, you need to perform backups regularly and make sure they can be restored. This will enable you to get your data back if an employee inadvertently initiates a ransomware attack by clicking a link in an impersonation email.

The Individual Steps

The individual steps for implementing the stop, educate, and mitigate strategy will vary depending on your business’s needs. We can help you develop and implement a comprehensive plan to defend against malicious emails; give us a call at 800-421-7151 to learn more!

How to Make Text Easier to Read in a Windows 10 Display

Not being able to read text because it is too small is a common problem on Windows 10 computer screens, especially on laptops that have small, high-resolution displays. Learn two ways to quickly solve this problem.

If the text in your Windows 10 computer screen is too small to easily read, you are not alone. It is a common problem in computers that have small, high-resolution displays. Even a person with perfect eyesight will likely have trouble reading the text on a laptop that has a 15-inch 4K display because it is so small.

Fortunately, you now have two ways in which to make text larger and easier to read if the October 2018 Update has been installed on your Windows 10 computer. You can change just the size of the text, or you can change the overall scaling.

How to Change Just the Text Size

The Windows 10 October 2018 Update provides the new “Make text bigger” slider. You can use it to enlarge just the text in Windows 10 systems (e.g., Start menu) and apps. The overall scaling remains the same.

To use the “Make text bigger” slider, follow these steps:

  1. Open the Start menu by clicking the Windows button.
  2. Click the gear icon in the lower left corner of the Start menu to launch the Settings app.
  3. Select “Ease of Access”.
  4. Choose “Display” in the menu on the left.
  5. Move the “Make text bigger” slider until the sample text is easy to read.
  6. Click the “Apply” button.
  7. Close the Settings app.

This feature might not make the text larger in third-party apps. If that is the case, you can check to see if the third-party app has its own option for changing the text size.

How to Change the Overall Scaling

After the October 2018 Update is installed, you still have the ability to change the overall scaling, like you have been able to do in the past. For example, you can change the scaling from 100% to 125%. When you do, all the elements in the display (e.g., text, images) will be larger.

You use the “Make everything bigger” option to change the overall scaling. Follow these steps:

  1. Open the Start menu by clicking the Windows button.
  2. Click the gear icon in the lower left corner of the Start menu to launch the Settings app.
  3. Select “Ease of Access”.
  4. Choose “Display” in the menu on the left.
  5. Select the desired scaling percentage from the “Make everything bigger” drop-down list.

Close the Settings app.

SaaS, IaaS, and PaaS: What’s the Difference?

You have probably seen the acronyms SaaS, IaaS, and PaaS before, but do you know what they mean? Discover what these acronyms represent and, more important, the differences between them.

The IT industry is embracing the shift from ownership-based business models to service-based ones. Vendors are increasingly offering their hardware, software, and other IT products as cloud services rather than selling the products themselves. This is good news for small and midsized businesses, as it typically makes the hardware, software, and other IT components more affordable.

There are three main types of cloud services. They are better known by their acronyms — SaaS, IaaS, and PaaS — than their names. Here are the differences between these three types of cloud services and what the acronyms represent.


SaaS stands for Software as a Service. It is probably the most recognized type of cloud service, thanks to such well-known offerings as Microsoft Office 365, Google G Suite, and Salesforce. SaaS is popular because all that the service subscribers need to do is open the software in a web browser or client program and start using it. They do not have to manage or maintain the application. Nor do they have to provide, manage, or maintain any of the hardware, networking equipment, or systems needed to run the application.

SaaS is popular for another reason as well. Many free SaaS offerings are available, such as Gmail, Dropbox, and Slack. These offerings help small and midsized companies save money.

The clouds services don’t have to be free to be helpful, though. SaaS subspecialties that alleviate companies’ pain points have been popping up. For example, instead of having to perform and store daily backups, companies can now turn to Backup as a Service (BaaS) providers. A BaaS firm will automatically back up business’s data and store the backup files at its facility. After the service is set up, the business does not need to manage any part of the backup process.


Some companies prefer to own and control their own software environment but not the underlying components needed to run it. IaaS, or Infrastructure as a Service, is designed for situations like this.

IaaS customers are responsible for providing, managing, and maintaining the applications, operating system software, and middleware (e.g., software that integrates two separate applications or systems, allowing them to work together). The IaaS providers are responsible for providing, managing, and maintaining the servers, virtual machines, networking equipment, and storage components. Amazon Elastic Compute Cloud (Amazon EC2), Google Compute Engine, and Rackspace are a few of the firms that offer IaaS.


There is a common misperception when it comes to PaaS, or Platform as a Service. Some people think that PaaS is only for companies that want to build and test new applications. While PaaS is well-suited for developing applications, businesses can also use PaaS to run existing ones. For instance, companies can move their on-premises database operations to a PaaS provider’s database platform.

With PaaS, companies are only responsible for managing their applications and any data those applications use. The PaaS firm provides, manages, and maintains everything else, including operating system software, middleware, servers, virtual machines, networking equipment, and storage components. PaaS solutions include Microsoft Azure, Oracle Cloud Platform, and Amazon Web Services (AWS) Elastic Beanstalk.

A Cost-Effective, Scalable Alternative

Despite their differences, the SaaS, IaaS, and PaaS business models have one thing in common: They offer companies a cost-effective, scalable alternative to owning, managing, and maintaining a room full of hardware and other equipment. If you would like more information on how about SaaS, IaaS, or PaaS might benefit your business, shoot us an email at info@wamsinc.com.

Watch Out for This Direct Deposit Scam

Cybercriminals are trying to scam businesses into depositing employee paychecks into their bank accounts. Learn about the variations of the scam and what you can do so that your business does not become the next victim.

Most companies use direct deposit to pay their employees. In the United States, for example, more than 80% of workers have their paychecks deposited directly into their personal bank accounts. This is providing many opportunities for cybercriminals to perpetuate their latest scam — trying to get businesses to deposit employee paychecks into their accounts.

Variations of the Scam

Different variations of the direct deposit scam have been surfacing. Most recently, cybercriminals have been posing as employees.

In some instances, the digital con artists use a multi-stage attack. First, they send an email to a member of a company’s HR department asking how to change the direct deposit information for their paychecks. After the HR staff member responds and explains how to make the change, the cybercriminals wait a short while and send a second email. In it, they tell the HR staff member that they tried to make the change as instructed, but it did not work. They then ask the person to make the change for them and include the new bank routing number and account number in the email.

In other instances, the cybercriminals take a more direct approach by sending a message such as:

“I need to change my direct deposit info on file before the next payroll is processed. Can you get it done for me on your end?”

If the HR rep takes the bait and agrees to make the change, the cybercriminals provide the person with the new bank routing and account numbers.

In earlier versions of the scam, the cybercriminals posed as HR staff members rather than employees. The cybercriminals sent emails to employees, instructing them to click a link. The link took the employees to a spoofed (i.e., fake) HR website, where they were asked to enter their login credentials to confirm their identity. The hackers then captured the credentials and used them to access the real HR site and change the employees’ direct deposit information.

The Same Tool

In all the versions of the direct deposit scam, the cybercriminals used the same tool to execute their attacks: spear phishing emails. These emails are similar to traditional phishing emails in that they use a convincing pretense to con recipients into performing an action. However, spear phishing emails take the scam up a notch. Cybercriminals take the time to perform reconnaissance so that they can personalize the email. When it comes to spear phishing, the more personalized the email, the less likely the target will become suspicious and question its legitimacy.

Despite being personalized, spear phishing emails often have one or more of the following common elements:

  • A request to update or verify information. Spear phishing emails often ask the recipients to update or verify account information. For example, as the direct deposit scam demonstrates, the recipients might be asked to change information in financial accounts. Or, they might be asked to log in to a spoofed web page to verify account information, allowing the hackers to steal their login credentials.
  • A deceptive URL. A deceptive URL is one in which the actual URL does not match the displayed linked text or web address. Deceptive links often lead to spoofed websites, where cybercriminals try to steal sensitive information or install malware.
  • An attachment. Hackers sometimes attach files that contain malicious code. Opening these attachments can lead to a malware infection.
  • A spoofed name in the “From” field. To trick the email recipient into thinking the message is from a trusted contact, digital con artists often spoof the name that appears in the “From” field so that it shows the contact’s name.

Don’t Let Your Employees Get Scammed

Some spear phishing email recipients fell victim to the direct deposit scam, but your employees do not have to share the same fate. Educating employees about spear phishing emails and the elements commonly found in them can help staff members spot these types of scams. Employees should also learn how to check for deceptive URLs and spoofed names in an email’s “From” field.

There are other measures you can take as well. You should make sure that employees’ names, email addresses, and job positions are not publicly available. Similarly, you should warn employees of the dangers of posting details about their jobs on social media sites. Limiting the amount of publicly available information will make it harder for cybercriminals to find the details they need to personalize the emails.

It is also important to keep the company’s security and email filtering programs up-to-date. These programs can catch many spear-phishing emails but not all. The more personalized and polished an email is, the less likely it will be caught by these programs.

More advanced solutions designed to catch spear phishing and other types of malicious emails are available. Give us a call at 800-421-7151. We can help you determine the best option for your business.

Don’t Let Your Phone Stalk You

Stalkerware is legal but often considered unethical. Find out what stalkerware is and how it can get on your smartphone.

The idea of someone tracking your whereabouts and eavesdropping on your conversations can be unsettling. Yet, more than 58,000 Google Android users had this happen to them. That’s because these individuals had stalkerware installed on their smartphones.

Stalkerware is not limited to Android phones. It can be installed on smartphones of virtually any make or model. (It can even be installed on other computing devices such as tablets and laptops.) To protect against this threat, you need to know what stalkerware is and how it can get on your phone.

Stalkerware 101

Stalkerware is commercial spyware offered by companies, not cybercriminals. Usually marketed as a solution to track employees or monitor children, it is set up like a Software as a Service (SaaS) offering. Customers pay a monthly fee to access data collected by a client app they installed on the phones they want to stalk. Although legal in many countries, stalkerware is increasingly being considered unethical because of the types of information it collects and how the data is gathered.

If a stalkerware app is installed on your phone, it will collect information on pretty much everything you do. For example, besides tracking the places you visit in both the physical and digital realms, it will log your calls, stockpile the photos you take, and amass the emails and text messages you send and receive.

All this information is sent to and stored on the stalkerware company’s servers. The customer (aka stalker) will have access to it as long as they continue to pay for the service. It typically costs between $16 and $68 per month, according to one report.

While some stalkerware apps will display a visible marker on the phone’s screen to let people know they are being watched, most operate in stealth mode. Several apps even go to great lengths to avoid detection, such as masking themselves as a system service in a phone’s installed applications list. Thanks to tactics like these, stalkerware victims are often unaware they are being tracked.

How Stalkerware Gets on Phones

Although stalkerware is legal, official app stores like Google Play and the App Store typically ban it. (Parental control software and programs designed to find lost phones are not considered stalkerware, which is why you will find them in app stores.) However, an Internet search will quickly reveal websites of companies that offer stalkerware.

The main method in which stalkerware apps get on phones is manual installation, according to security experts. The installation process is pretty straightforward — stalkers do not need to be techies to get the apps working. A few companies will even deliver phones with their stalkerware apps preinstalled to customers who are technically challenged.

The Dangers

Few people will contest that the kind of information gathered by stalkerware can be dangerous. Case studies have shown that it can lead to stalkers harassing, blackmailing, and even physically abusing their victims.

There are also other dangers that aren’t as obvious. Outsiders might see the captured data one of several ways:

  • Since the data gets stored on the stalkerware company’s servers, staff members might access and look at the data.
  • The data might get inadvertently leaked to the world at large. For example, millions of records collected by the mSpy stalkerware app were leaked because the company failed to properly protect its database. The leaked records included call logs, text messages, contacts, and location data.
  • Hackers might breach the data. For instance, Retina-X Studios was breached twice by the same hacker. The hacker accessed and exposed the photos collected by two of its stalkerware apps.

Help Is on the Way

Efforts to crack down on the stalkerware industry are being led by the Electronic Frontier Foundation (EFF). One action the EFF is advocating is for security software companies to treat stalkerware as a serious threat. Often, that’s not the case. A 2018 study found that most security programs do a poor job of detecting and flagging stalkerware as a dangerous app.

Partnering with EFF, Kaspersky Lab has taken the first step toward cracking down on stalkerware. Previously, its Internet Security for Android software flagged stalkerware apps as suspicious but then displayed a “not a virus” message, which was confusing for users. Now there is no question about the dangers. The software displays a large “Privacy alert” message for any blacklisted stalkerware apps it finds installed on phones. After explaining what the app can do (e.g., eavesdrop on calls, read text messages), the security software gives users the option to delete or quarantine the program. Alternatively, users can decide to leave the app on their devices.

How to Protect Yourself in the Meantime

The EFF hopes that other security software companies will follow in Kaspersky Lab’s footsteps. In the meantime, the best way to protect yourself from stalkerware is to prevent its installation on your phone. Since manual installation is the primary way it gets on devices, there is a simple but effective preemptive measure: Lock your phone when you are not using it.

Smartphones usually provide more than one authentication method to unlock them, so you can use the method with which you feel most comfortable. For example, you might want to use a password or biometric authentication (e.g., iPhone’s Face ID). If you use a password, be sure it is strong and unique — and do not share it with anyone.

If you suspect your phone already has stalkerware on it but your security software does not specifically flag this type of program as a threat, you can check the phone’s activity monitor for suspicious processes.

All It Took Was 52 Seconds for Hackers to Attack a Poorly Secured Server

Researchers set up honeypots to learn how cybercriminals find and attack poorly protected Secure Shell (SSH)-enabled servers. Learn what the researchers found so you can protect your devices.

Companies often enable Secure Shell (SSH) in servers, network attached storage (NAS), and other devices so that users can remotely access them. Security experts highly recommend using public-key authentication with SSH-enabled devices. However, some businesses still use password-based authentication, which leaves these devices vulnerable, particularly if questionable credentials are used.

To see just how vulnerable, Sophos security researchers set up 10 decoy SSH-enabled servers (aka honeypots) to use password-based authentication. The honeypots were set up in Amazon Web Services (AWS) data centers around the world, including California, Ohio, and Sao Paulo, Brazil.

It took cybercriminals only 52 seconds to find and attack the honeypot in Sao Paulo. Hackers did not waste any time attacking the other honeypots either. It took them less than 5 minutes to find the one in Ohio and less than 15 minutes to find the decoy in California. Overall, cybercriminals made 5.4 million attempts to log in to the 10 honeypots over a 30-day period. On average, each server was attacked 757 times every hour.

What the Researchers Learned

The speed in which the honeypots were found and the sheer number of login attempts confirmed the general assumption that hackers take advantage of automated tools to carry out SSH attacks. First, they run scripts to locate servers connected to the Internet. Then, they try to access those machines by using brute-force credential-cracking tools, which systematically try username and password combinations.

The honeypots recorded the usernames and passwords tried in the login attempts. After combining the login details from all 10 honeypots, the researchers found that “root” and “admin” topped the list of most-tried usernames. This didn’t surprise the researchers because they are the default usernames for many different types of devices. For example, most Linux devices ship with the default username of “root”, while Seagate, Verbatim, and Lacie NAS devices ship with the default username of “admin”.

Similarly, default passwords were frequently used in the brute-force attacks. For instance, hackers often tried “password” (the default password of Digicom routers and Lacie NAS devices) and “ubnt” (the default password of Ubiquiti Networks devices). Many weak passwords were also tried, including those based on keyboard patterns like “1q2w3e4r”.

The bottom line is that cybercriminals know some businesses use password-based authentication with SSH devices. They also know it’s not uncommon for people to leave the default credentials or change the default password to a weak one. So, hackers use automated tools to continuously scan the Internet for SSH-enabled devices and then attempt to access them with brute-force attacks.

What Happens after the Credentials Are Cracked

Besides wanting to learn how vulnerable SSH-enabled devices are when password-based authentication is used, the researchers wanted to know what happens after a cybercriminal compromises a device. To find out, the researchers allowed the honeypot hackers to log in if they used one of the credentials in a designated set of usernames and passwords. Once the cybercriminals gained access, the honeypot stored the commands they attempted to use.

The researchers found that hackers often used the compromised honeypot to launch attacks on other devices. The cybercriminals first made sure the compromised device had a valid Internet connection. If so, they used it to connect to another device. They then exploited the device, using the honeypot as a proxy.

Secure Your SSH-Enabled Devices So They Don’t Suffer the Same Fate

Using scripts and brute-force credential-cracking tools, hackers are able to easily find and compromise SSH-enabled devices. That’s why it is best to use public-key authentication rather than password-based authentication.

If that is not possible, it is crucial that you change the default username and password when you are setting up the device. The password should be strong, and the username should not be easily guessable. Plus, if your device supports it, it is a good idea to limit the number of login attempts. For example, on Linux servers, you can install and use the Fail2Ban software for this purpose.

To find out additional ways to protect your business’s SSH-enabled devices, contact us at 800-421-7151.

5 Things to Consider When Choosing a Password Manager for Your Business

Using a password manager is an effective way to ensure that employees use unique, strong passwords for online accounts. Here are five questions to answer so that you can find the best password manager for your business.

Having employees use unique, strong passwords for online accounts is a crucial component in companies’ security strategies. However, creating and memorizing numerous strong passwords can be challenging. This often leads to employees using weak passwords, reusing the same password for multiple accounts, and writing down passwords. Thus, many security experts recommend that businesses use password managers.

With a password manager, employees only need to create and remember one strong password — the master password — which is used to open the tool. Once opened, employees simply select the account they want to access. The password manager will then retrieve the account’s credentials from a repository, which is often called a vault. All credentials in the vault are encrypted.

Because of its benefits, the decision to use a password manager is a no-brainer for many businesses. However, the same can’t be said for deciding which one to use, as there are many business-grade password managers on the market. Answering the following five questions can help you determine which password manager will be the best fit for your company.

  1. Where Do You Want the Passwords Stored?

Some password managers store passwords in the cloud, whereas others store them on the local computer’s hard drive. If your employees use multiple devices at work, having a cloud-based vault might be preferable. They will be able to access their login credentials from any computer or mobile device that has an Internet connection. Plus, employees won’t lose all their passwords if they misplace their mobile device or it is stolen.

While convenient, some people are uncomfortable with storing passwords in the cloud because they have to rely on someone else to keep their employees’ passwords safe. Data breaches do occur. For example, OneLogin’s databases were hacked in 2017 and LastPass was attacked in 2015. If you are uncomfortable with cloud-based vaults, you can use a password manager that stores the vault on the local computer’s hard drive.

No matter where you want employees’ passwords to be stored, you need to make sure a strong encryption standard is being used to encrypt them. Ideally, the password manager should use the 256-bit Advanced Encryption Standard (AES).

  1. Is the Password Manager User Friendly?

The password manager you choose needs to be easy for employees to use. Otherwise, they will avoid it and go back to their old habits of creating weak passwords, reusing them, and writing them down.

Besides having an intuitive interface that doesn’t take hours to learn, the password manager should have a random password generator. That way, employees can quickly and effortlessly create unique, strong passwords for their accounts.

Another user-friendly feature is an automated password changer. It can automatically change employees’ old passwords to new strong ones on websites that support this capability. This can come in handy for the initial rollout of the password manager, as employees will likely have many passwords to change at that time. This feature also works well for periodic password changes.

The individuals who will be responsible for administering the password manager should also find it easy to use. For example, an administrative console that has central management capabilities can save them time and hassle.

  1. Do You Want Additional Security Measures?

Business-grade password managers offer a variety of security measures beyond password encryption. Measures that password managers might provide include:

  • Support for two-factor authentication (i.e., employees need to provide another form of verification besides their master password to access the password manager)
  • Employee-initiated password assessments (discovers any weak or reused passwords in a vault, which is particularly helpful if the vault includes passwords that were not created with a random password generator)
  • The ability to track password usage companywide and generate audit reports
  • The automatic closing of an employee’s vault when the person’s device is idle for a certain amount of time
  • A built-in VPN (adds another layer of security and privacy when using the password manager to log in to HTTP and HTTPS sites)
  • The ability to configure and deploy policies (e.g., policies that set requirements for the master password or restrict access to certain Internet sites)

The security measures offered by different password managers will vary, so make sure that the password manager you are considering has the ones you want.

  1. Does Your Company Have Shared Accounts?

Do you have employees who log in to shared accounts? If so, you should look for a password manager that lets you manage shared-account passwords.

For example, suppose you have a cross-functional project team that needs access to certain online resources. You can create a group named ProjectTeam, add the team members to the group, and share the login credentials to the online resources. The login credentials will then automatically appear in the password vaults of the team members.

  1. Do You Want Any Nice-to-Have Features?

Password managers often include nice-to-have features that increase their usefulness. For example, some password managers offer features such as:

  • An account recovery feature if employees forget their master passwords
  • Support for directory services integration so that onboarding, offboarding, and other password management tasks can be automated
  • The ability to generate a portable vault using a USB key
  • A digital wallet that stores payment information (e.g., bank account or payment card numbers)
  • The ability to encrypt and store sensitive files in a vault

Once again, the features offered by different password managers will vary, so make sure that the password manager you are considering has the nice-to-have features you want.

Software Supply Chain Attacks Are on the Rise

Software supply chain attacks are becoming more widespread. Learn what they are and how they occur so you can develop a strategy to help manage the risks.

The statistic is alarming. Software supply chain attacks increased by 78% in 2018, according to Symantec’s “2019 Internet Security Threat Report“. And security experts expect the number of attacks to continue to spiral upward.

If you haven’t heard of software supply chain attacks, you are not alone. It is important that you learn about them, though. You need to understand what they are and how they occur so that you can develop a strategy to help manage the risks.

What Software Supply Chain Attacks Are

The term “software supply chain attack” is not referring to a new hacking tool or the latest class of malware. These attacks have, in fact, been around for years. Rather, the term describes a strategy that cybercriminals use to attack companies. Instead of attacking them directly, hackers compromise the third-party software used by those businesses. This is done before the software reaches the companies’ doors, so the hackers do not have to worry about hacking into the companies’ networks and being detected.

Once the compromised software arrives, the hackers use it to initiate other types of malicious activities. For example, the NotPetya malware that paralyzed companies’ networks worldwide in 2017 was initiated by a successful software supply chain attack.

How Hackers Compromise Software

So, how do cybercriminals compromise companies’ software? The main ways include:

  • Hijacking software updates or update servers. If software update files are sent through unsecured channels (e.g., Wi-Fi networks) or posted on unsecured websites, hackers can replace a legitimate update file with one that includes malware. Malicious software updates can also result from a compromised update server. That is what led to the NotPetya malware attack, according to the security experts who conducted a forensic analysis of the attack. Cybercriminals hacked the server that was used to update an accounting program named MeDoc. The hackers used the application’s auto-update functionality to push malicious updates to the software users on three separate occasions. The updates created backdoors that allowed the hackers to remotely access the compromised computers and install the NotPetya malware.
  • Injecting malicious code into legitimate applications. Cybercriminals sometimes hack into a software provider’s development infrastructure and add malicious code to an application before it is compiled and released to the public. For instance, in 2018, hackers compromised a commercial antivirus program in order to steal South Korean classified military data, according to the Computer Security Resource Center at the National Institute of Standards and Technology (NIST), which is part of the US Department of Commerce.
  • Injecting malicious code into third-party code libraries. Applications often contain code libraries, frameworks, and other components created by third parties. Software can become compromised if a hacker inserts malicious code into a third-party component and then the developers use that component in the software. For example, in April 2019, security researchers discovered that several video games had backdoors due to compromised third-party components.

Hackers are not the only ones compromising software to carry out supply chain attacks. There have been cases of insiders inserting malicious code into programs.

How to Manage the Risks

Admittedly, there is nothing you can do to stop a hacker from inserting malicious code into software when the software is not under your control. That is one reason why software supply chain attacks are becoming more popular among cybercriminals. However, you can take steps to manage the risks.

At a minimum, you should list each application used in your company and its supplier. If you are not familiar with a supplier, do some research to make sure the company is reputable and no red flags pop up.

You might also want to look at NIST’s guide for managing risks in the cyber supply chain. It provides questions to ask suppliers to determine their security risk level as well as best practices to follow to manage the risks. If time is a factor, there are companies like BitSight Technologies and Security Scorecard that will evaluate and rate your vendors based on the security of their networks. However, they charge for this service.

Finally, you should take the basic security precautions (e.g., make sure your security software is up-to-date, perform backups of data and systems) in case you fall victim to a software supply chain attack. You might also want to consider getting a security solution that uses advanced detection methods (e.g., analytics, machine learning) to identify and block attacks. We can provide more information about those solutions if you are interested.

Why You Need Both a Disaster Recovery Plan and a Business Continuity Plan

It’s not uncommon for companies to think that disaster recovery and business continuity plans are one and the same. Learn why both plans are needed.

Tornados, hurricanes, fires, floods, and other natural disasters can destroy a business. Digital disasters like ransomware attacks can be just as deadly.

Most businesses realize that they need to plan for disasters in case one strikes. Disaster recovery and business continuity plans are tools to make that happen. However, it’s not uncommon for companies to think that disaster recovery and business continuity plans are one and the same. While both are designed to help businesses deal with disasters, they are separate documents. To be fully prepared for disasters, businesses need to have both a disaster recovery plan and a business continuity plan.

The Difference between Disaster Recovery and Business Continuity

To understand what needs to go into the two types of plans, you first need to understand the difference between disaster recovery and business continuity. To do so, imagine that you are a lemonade shop owner. You loved having a lemonade stand when you were a child, so you made your passion your business. You’ve come a long way from setting up your stand next to a big maple tree so customers could enjoy their beverages in the shade. Nowadays, your customers enjoy their lemonade in a cozy shop that offers free Wi-Fi service and other hi-tech amenities.

Then, disaster strikes. The big maple tree is now in your shop and has added a new skylight to it. You also have a new waterfall feature, thanks to the water gushing out of a damaged pipe in the ceiling.

To stay in business, you will need to recover from the damage caused by the disaster (disaster recover) while continuing to provide customers with lemonade (business continuity). Disaster recovery and business continuity plans provide roadmaps for doing so.

The Disaster Recovery Plan

Disaster recovery plans discuss how to get crucial infrastructures and systems running again after various types of catastrophes. Restoring the IT infrastructure is a large part of disaster recovery in most businesses. However, there might be other types of infrastructures and systems that need to be discussed as well, depending on the nature of a business. For example, if a company’s manufacturing process relies heavily on water, the plumbing infrastructure should be addressed.

Besides identifying who should do what after a calamity occurs, the disaster recovery plan should also identify what has to be done to prepare for disasters. For instance, it should mandate that data and systems be regularly backed up and the backups be stored in several locations (including offsite ones).

The Business Continuity Plan

Business continuity plans discuss how to restore business operations in the event of a disaster. A business impact analysis can help prioritize which business operations to restore first.

Business continuity plans also need to indicate the recovery time objectives (RTOs) and recovery point objectives (RPOs) for the business operations. The RTO is the maximum tolerable length of time an operation can be down after a catastrophe, whereas RPO is the maximum acceptable amount of data loss (e.g., transactions) after a disaster, as measured in terms of time. In a perfect world, the RTO and RPO would be 0 (i.e., no downtime and no data loss). However, in reality, that is not feasible. Realistic objectives need to be set in the business continuity plan, as the disaster recovery plan needs to detail how the objectives will be met.

Understandable Assumptions

In some businesses, recovering the IT infrastructure is crucial for restoring most of their business operations. That is why some people assume that:

  • Disaster recovery plans only cover IT infrastructures
  • Disaster recovery plans and business continuity plans are one and the same

However, these two documents serve different purposes. As a result, companies should develop both disaster recovery and business continuity plans. If you need assistance with developing and implementing them, let us know.

Hackers Infiltrated Citrix Using a Password Spraying Attack

A group of hackers used a password spraying attack to compromise Citrix’s internal network. Learn what password spraying is and how to defend against it.

If you never heard of “password spraying” before, you are not alone. It is a relatively unknown term — except to cybercriminals. In fact, a group of hackers known as Iridium is extremely familiar with password spraying. It used this technique to infiltrate Citrix.

On March 6, 2019, the US Federal Bureau of Investigation (FBI) warned Citrix that an international hacking group had likely accessed the company’s internal network. Citrix found that its network had indeed been compromised. In a blog about the incident, Citrix’s chief security information officer Stan Black noted that the hackers used password spraying to gain a foothold in the network.

At this time, not much is being said about what the hackers stole, except that they might have downloaded business documents. “The specific documents that may have been accessed, however, are currently unknown,” said Black.

Password Spraying 101

So, what is password spraying? It is a different approach to cracking login credentials.

To keep hackers out, accounts are protected by login credentials, which consist of a username — usually an email address — and a password. Most cybercriminals attempt to crack credentials by trying a known email address with a plethora of possible passwords. This is often done with automated brute-force password-cracking tools.

Password spraying takes the opposite approach. Hackers assume that at least one person is using a weak password (e.g., “F00tball “), so they try to find the email address of that person. They pair weak passwords with many different accounts in many different organizations, according to Alex Simons, the director of program management in the Microsoft Identity Division. “For example, an attacker will use a commonly available toolkit like Mailsniper to enumerate all of the users in several organizations and then try “P@$$w0rd” and “Password1” against all of those accounts,” explained Simons.

How to Defend against These Types of Attacks

To defend against password spraying attacks, large organizations sometimes use real-time detection and protection systems. These systems are often out of reach for small and midsized businesses, but they are not defenseless. Password spraying attacks still rely on weak passwords being used. As a result, small and midsized businesses can protect themselves by giving employees the tools they need to create strong passwords and using multi-factor authentication.

An important line of defense for any company is having employees create strong passwords, especially if those passwords are for IT system and service accounts. Trying to memorize many strong passwords, though, can be challenging. Thus, employees might be tempted to use weak, easy-to-remember passwords or variations of the same password for multiple accounts.

To help employees avoid these temptations, businesses can take advantage of password managers. With a password manager, people can easily generate and store strong passwords. All they have to do is remember one strong password.

Another measure to take is to use two-step verification (also known as two-factor authentication) for accounts. With two-step verification, a second credential is needed to log in, such as a security code. This means that even if hackers have the credentials for an account, they would not be able to access it.

If you would like more information about password spraying attacks and how to defend against them, let us know.

How to Choose the Default Apps Windows 10 Uses for Certain Tasks

Having more than one web browser or email app on a computer is common nowadays. When more than one app can be used for a certain task, Windows decides which one to use. Discover how you can make Windows 10 use the app of your choosing.

It is common for people to have multiple apps that perform the same function on their Windows 10 computers. For instance, people might have several web browsers or email apps. Similarly, people often can open certain types of files with more than one program. For instance, they can open PDF files with a web browser such as Google Chrome or a PDF program like Adobe Acrobat.

When more than one app can be used for a certain task, Windows will decide which one to use. However, if you do not like the choice it makes, you can tell Windows the app you want to use. In other words, you can customize the app that Windows uses by default for certain functions and file types. Here is how to make these customizations in Windows 10.

Specifying Default Apps Based on Function

Changing the default app used for certain functions such as web browsing and emailing is easy. For example, in Windows 10, the Microsoft Edge web browser is opened by default when you click a link in a non-browser program, such as Microsoft Word or the Slack desktop app. (If you click a link in a web browser, the new page will open in the same browser no matter which default app is specified.) If you want to change the default to Google Chrome, Mozilla Firefox, or another browser, follow these steps:

  1. Click the Start menu.
  2. Select the gear icon to open the Settings app.
  3. Choose “Apps”.
  4. Select “Default apps” in the pane on the left.
  5. Click “Web browser” in the “Default apps” section. Windows will then list the browsers currently installed on the computer as well as the option to look for an app in the Microsoft Store, as Figure 1 shows.
  6. Choose the browser you want to use. After a few seconds, it will then be displayed as the default app.
  7. Close the Settings app.

Specifying Default Apps Based on File Type

Changing the default apps used to open certain file types requires a couple more steps, but they are straightforward. For instance, in Windows 10, PDF files are opened with Edge by default, even if you have chosen a different default web browser. To open PDF files with another program, follow these steps:

  1. Click the Start menu.
  2. Select the gear icon to open the Settings app.
  3. Choose “Apps”.
  4. Select “Default apps” in the pane on the left.
  5. Click the “Choose default apps by file type” link, which is located under the “Reset” button. Windows will then compile a long list of file types, which takes about half a minute.
  6. Scroll down the list of file types in the left column until you find the “.pdf” file extension, as Figure 2 shows.
  7. Click the default app listed in the right column. Windows will then list the programs on the computer that can open PDF files. It will also present the option to look for an app in the Microsoft Store.
  8. Choose the app you want to use. Shortly thereafter, it will be displayed as the default app.
  9. Close the Settings app.

In some cases, you will see the message “Choose a default” in the right column, as Figure 2 shows. Clicking that icon typically brings up a message noting that there is no installed app for that file type, accompanied by a link to the Microsoft Store.

Be sure to check out our Webinars to learn more tips and tricks on how to work smarter in Microsoft!

Debunking 4 Common Myths about Complying with Data Privacy Regulations

The General Data Protection Regulation (GDPR) protects the data privacy rights of European Union citizens, while the California Consumer Privacy Act (CCPA) gives California residents more control over their personal data. Similarly, the Health Insurance Portability and Accountability Act (HIPAA) safeguards the medical information of US citizens.

Regulations that protect people’s privacy and data rights are becoming more common — and so are the myths about complying with them. Here are four myths debunked.

As more businesses try to adhere to these comprehensive policies, more myths about complying with them keep surfacing. Here are four of those myths debunked:

  1. We’re a Small Business, So We Don’t Have to Worry about Compliance

Size does not matter when it comes to complying with most data privacy regulations. For example, regardless of their size, all US healthcare providers, healthcare clearinghouses, and health plan providers must comply with HIPAA. Not surprisingly, health plan providers include health insurance carriers, health maintenance organizations, and government agencies that pay for healthcare (e.g., Medicare). But what people might not realize is that companies in other industries are also included. Any US company that offers but does not administer a healthcare plan to 50 or more employees is considered a health plan provider and thus must comply with HIPAA.

Size does not matter with GDPR, either. All companies that process or hold the personal data of EU citizens must comply with GDPR. However, businesses with under 250 employees have fewer requirements to meet when documenting their data processing activities. This stipulation is likely leading to the misguided belief that small companies do not have to comply with GDPR.

Another factor leading to confusion is that some data privacy laws use factors other than number of employees to determine which organizations need to comply. For example, businesses must comply with CCPA if they conduct business in California and meet at least one of these criteria:

  • Earn $50 million a year in revenue
  • Sell 100,000 consumer records each year
  • Derive 50% or more of its annual revenue by selling consumers’ personal information

So, most small and mid-sized companies that do business in California do not need to comply with CCPA. However, there are exceptions. For instance, a data broker that primarily sells consumers’ personal data would need to, even if it has only a few employees.

  1. It’s Our Cloud Service Provider’s Job to Make Sure Our Data Is Being Handled Properly

Cloud computing is now the norm in companies worldwide, but there is a common misconception among them concerning data privacy laws. Many companies think that cloud service providers are responsible for making sure their data is being handled in a way that is compliant with applicable data privacy regulations. This is wishful thinking.

Company accountability is a key factor in GDPR. It is the business’s responsibility to “ensure enforcement of the privacy principles not only within its walls but also across suppliers with whom it might share the data and subcontractors that might process data on its behalf,” according to GDPR experts. Cloud service providers fall into the latter category.

Company accountability is also a key factor in HIPAA. Although cloud service providers and other types of business associates can come under fire for not properly protecting data while it is in their care, the company is ultimately held responsible for compliance, according to HIPAA experts.

  1. Personal Data Only Includes Items Like Names, Addresses, and Credit Card Numbers

If you ask people to give examples of personal data, they will likely list items such as a person’s name, address, and credit card numbers. However, personal data encompasses much more — and companies that simply assume they know what is considered personal data in a data privacy regulation could find themselves in noncompliance with it.

Unfortunately, there is no standard definition of personal data among the various data privacy laws in existence. Each regulation has its own definition.

For example, in HIPAA, the data that needs to be safeguarded is referred to as “protected health information (PHI)”. It is defined as:

“…information, including demographic data, that relates to:

  • the individual’s past, present or future physical or mental health or condition,
  • the provision of health care to the individual, or
  • the past, present, or future payment for the provision of health care to the individual,

and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.”

So, PHI includes demographic information that can be used to identify individuals, such as their birthdates, phone numbers, email addresses, license plate numbers, and full-face photos. It also includes health-related data, such as admission and discharge dates, health records, health plan ID numbers, and billing information.

GDPR refers to the information that needs to be protected as simply “personal data”. It is defined as:

“… any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

The GDPR’s definition for “personal data” is more encompassing than HIPAA’s definition for PHI, which is to be expected given that GDPR has a broader scope than HIPAA. However, GDPR’s definition is also fairly vague, so it could be construed to include many different types of data. For instance, physical factors could be interpreted as physical characteristics (e.g., height, weight), while cultural factors could be construed as religious or political preferences.

The question to answer is: Can this particular piece of data be used to identity an individual by itself or in combination with other pieces of information? If the answer is “yes” or “possibly”, it is best to err on the side of caution and take measures to protect it.

  1. It’s All about the Fines

It is true that failure to comply with data privacy regulations can result in hefty fines. For example, there are four categories of violations in HIPAA. The fine for a violation can be high as $50,000 per violation in each category, with a maximum penalty of $1.5 million per category per year. GDPR fines can also be substantial. The maximum fine is €20 million (around $22.5 million USD) or 4% of a company’s annual global turnover (whichever is greater).

While HIPAA and GDPR regulators have the authority to levy very large fines, they typically do so only for willful, serious violations. The purpose of the data privacy laws is to protect people’s privacy and data rights, not raise money.

In the case of GDPR, the regulators’ main goal is to educate and advise organizations on how to comply with the law. “We have always preferred the carrot to the stick,” according to UK Information Commissioner Elizabeth Denham.

What You Need to Know about Foldable Phones

Foldable phones have been stealing the tech spotlight recently, but are they really all they’re cracked up to be? Here is what you need to know to make up your own mind.

Thanks to new offerings from Samsung and Huawei, foldable phones have been making a comeback. These mobile devices are smartphone-tablet hybrids. Vendors are hoping that they open up a new revenue stream in an otherwise saturated mobile device market.

But are foldable phones really all they’re cracked up to be? Here is what you need to know to make up your own mind.

What All the Hype Is About

The biggest selling point of foldable phones is that they increase the amount of screen real estate yet are still small enough to tuck in a large pocket or handbag. You can use them when they are folded or unfolded.

For example, Samsung’s Galaxy Fold, which is scheduled for release on April 26, 2019, has a 4.6-inch display when the device is folded. Opening the phone like a book reveals a larger 7.3-inch screen inside.

This is by no means the standard size and design of foldable phones’ displays. Because this is the first generation of the product, anything goes. For instance, Huawei’s Mate X, which is expected to be released in summer 2019, has a 6.6-inch display on the front and a 6.38-inch one on the back when folded. When you unfold the phone, they combine to become one 8-inch screen. Equally important, although the phone opens and closes like a book, the larger display is outward facing – like the cover on a book.

Eventually, some designs might prove to be more durable or beneficial than others and become standard on all foldable phones. This might the case when it comes to the phones’ hinges. Both Samsung and Huawei designed new hinge systems for their foldable devices.

Samsung is promoting the durability of its hinges and has even posted a short video on YouTube showing the hinges being tested. For this test, the phones were folded and unfolded 200,000 times, according to Samsung. This is equivalent to folding and unfolding the devices 100 times per day for more than 5 years.

Huawei is touting the sophistication of its hinge system, which it calls the Falcon Wing. According to Huawei, the smartphone and tablet modes transition seamlessly from one to the other, thanks in large part to this hinge. When unfolded, the screen is a perfectly flat surface.

Another notable feature of foldable phones is the ability to open and work with multiple apps on the display at the same time. For example, the Galaxy Fold lets you work on three apps simultaneously, while you can have two apps open in the Mate X.

Why You Might Want to Wait a While

While foldable phones hold great promise, you might want to hold off buying one. The reasons why include:

  • You don’t know what types of issues will crop up because it is the first generation of foldable phones. For example, real-world use might reveal that the polymer screens crease from being folded. Furthermore, it’s unknown what the repair process and costs will be like if problems occur.
  • More vendors are planning to enter the market, which will give you more choices. The list includes companies such as Motorola and TCL. Even Samsung is planning to release two more foldable phones in the near future, according to a Bloomberg report.
  • 5G networks will be more prevalent in the future so you can take advantage of 5G foldable phones. This might be an important point to consider when it comes to the Mate X. Huawei is planning to offer only a 5G version of the phone. Samsung will be offering both 4G and 5G models of the Galaxy Fold. The 5G model is expected to be released later in 2019.
  • The cost of foldable phones is currently high. For example, the price for the 4G Galaxy Fold is $1,980. The cost of the 5G Mate X is €2299 euros (around $2,600 USD). The cost will likely go down over time due to competition and the fact that the foldable phone will no longer be a brand-new technology.
  • Some experts are saying that people should hold off buying foldable phones until the devices have glass displays rather than polymer screens. While flexible, polymer screens are more prone to damage such scratches compared to glass. Corning and other manufacturers are currently working on creating highly bendable glass that could work on foldable phones. Experts predict that it will be available by the time foldable phones go mainstream.

An Important Note about Huawei

Some important information about Huawei needs to be mentioned. Although this Chinese-based company is not well known in some parts of the world (e.g., the United States), it is the second largest smartphone vendor. (Samsung is No. 1.) However, some governments believe that Huawei devices include backdoors that allow the Chinese government to snoop on users, which the company denies. For this reason, Section 889 of the John S. McCain National Defense Authorization Act bans US government agencies from purchasing Huawei telecommunications products. Regardless of this issue, Huawei’s Mate X provides a good idea of what to expect with foldable phones, which is why it is discussed here. Its inclusion is not an endorsement of the product.

Are Your Employees Inadvertently Exposing Your Company’s Sensitive Data?

The ease in which employees can now share information coupled with current cultural trends is causing accidental data leaks in many businesses. Learn how to prevent employees from accidentally exposing your organization’s sensitive data.

The number is eye-opening: 83% of companies believe that employee errors have put sensitive business and customer data at risk of exposure, according to a study by Egress. More than 1,000 security professionals at US-based companies participated in this study.

The study also identified the technologies that most often involved in this type of accidental data leak. Email services provided by both on-premises systems and cloud service providers (e.g., Google Gmail) topped the list. Examples of email-based accidents include sending emails to the wrong address (which can easily occur when the auto-completion feature is enabled) and forwarding messages that contain sensitive information.

Other technologies that are commonly involved in accidental data leaks by employees include:

  • File-sharing services (e.g., Dropbox)
  • Collaboration tools (e.g., Slack)
  • Messaging apps (e.g., WhatsApp)

The common denominator among these technologies is that they all are tools for sharing information.

The Perfect Storm and Its Aftermath

The ease in which employees can now share information coupled with current cultural trends is causing “the perfect storm” for accidental data leaks, according to Mark Bower, Egress Chief Revenue Officer and NA general manager. “The explosive growth of unstructured data in email, messaging apps, and collaboration platforms has made it easier than ever for employees to share data beyond traditional security protections,” said Bower. “Combine this with the growing cultural need to share everything immediately, and organizations are facing the perfect storm for an accidental breach,” he said.

The damage caused by this perfect storm could be grim. For example, suppose an employee emails a sensitive file that is not protected in any way to several coworkers for review. One of the coworkers might review the document on an unsecured personal device (e.g., a smartphone), opening up the possibility that it could fall into hackers’ hands. Or, the coworker might mistakenly forward the message to another employee, not realizing that the person should not be looking at the file.

Sending sensitive documents via file-sharing services adds another risk. Some of these services offer a feature that synchronizes files put in a shared folder across all registered devices. If an employee places a sensitive file in a shared folder without knowing that folder’s members, the file might be sent to multiple people who should not be seeing it.

How to Avoid Getting Caught in the Storm

To minimize the number of accidental data leaks caused by employee errors, companies might consider taking some of the following precautions:

  • Document the company’s rules regarding the sharing of sensitive data in a new or existing policy. If sharing is allowed, be sure to specify the conditions under which it is sanctioned and create procedures on how to properly share this data.
  • Provide employee training. After documenting the rules and procedures, let employees know about them. Be sure to discuss what is considered sensitive data and how accidental leaks can occur.
  • Use encryption. Encryption is one of the most effective ways to protect sensitive data that has accidentally fallen into the wrong hands. Various encryption strategies exist to meet different needs.
  • Limit employee access to sensitive data. Employees might not realize or might forget that certain types of data are sensitive. By using access controls, you can prevent them from obtaining and sharing that data.
  • Use a solution that automatically identifies sensitive files and prevents them from being copied into emails or other tools.

Every company should document its rules regarding the sharing of sensitive data and train employees. The other precautions to take, though, will depend on your business’s data, operations, and employees. If you aren’t sure where to start, give us a call at 800-421- 7151. We can explain the different encryption strategies, types of access controls, and other types of solutions so you can make an informed choice.

Hackers Are Hunting for Bigger Game with New Version of Ransomware

Pinchy Spider and GandCrab sound like scoundrels in a super-hero comic book, but they are real-life villains in the business world. Learn how to defend your company against the Pinchy Spider hacking group’s latest tactics and its newest version of the GandCrab ransomware.

Back in January 2018, a hacking group known as Pinchy Spider launched the GandCrab ransomware. It quickly became a dangerous form of ransomware, thanks to the group continually making adaptations to it.

Pinchy Spider has not slowed down in its quest to make GandCrab more deadly. Researchers recently discovered that a new version of the ransomware is making the rounds. Just as important, they discovered signs that Pinchy Spider is trying to catch bigger prey with it.

The Growing Trend of Big Game Hunting

Big game hunting is a growing trend among cybercriminals. To quickly increase revenue, hackers are turning to more targeted attacks of bigger game. For example, instead of sending phishing emails to the masses to spread malware, cybercriminals are using reconnaissance and sophisticated delivery methods to reach specific targets that will yield more profits.

Big game hunting fits well with Pinchy Spider’s “ransomware-as-a-service” business. In other words, it lets other cybercriminals (aka “customers”) use the malware it creates to carryout cyberattacks for a share of the profit. Typically, the hacker group uses a 60-40 ratio to split the profits, where 60% goes to the customers. However, Pinchy Spider is now advertising that it is willing to negotiate up to a 70-30 split for “sophisticated” customers. This change coupled with the fact that Pinchy Spider is actively recruiting hackers with networking, Remote Desktop Protocol (RDP), and virtual network computing experience is leading security analysts to believe that Pinchy Spider is hopping onto the big game hunting bandwagon.

GandCrab Well Suited for Big Game Hunting

GandCrab is well suited for targeted attacks of bigger game. While most ransomware is distributed through phishing emails, GandCrab takes a different route to its victims. It is distributed through exploit kits. Cybercriminals use these kits to find and exploit known software vulnerabilities in order to carry out malicious activities. In this case, Pinchy Spider created several exploit kits to look for weaknesses in the Java Runtime Environment, Adobe Flash Player, Microsoft Internet Explorer, and other software. If found, the kits exploit the vulnerabilities to launch VBScript, JavaScript, and other types of code that installs GandCrab.

Once the ransomware is installed on a computer, it does not immediately start encrypting the files on it. Instead, it lays dormant while the hackers try to use RDP and credentials they stole from the compromised machine to access and install the ransomware on other computers — preferably hosts or servers — in company’s network. In one instance, the cybercriminals were able to access a business’s domain controller (DC). They then used the IT systems management application installed on the DC to deploy GandCrab throughout the network.

When the hackers have finished infecting the targeted computers, they trigger GandCrab to start encrypting files with an RSA algorithm. GandCrab then demands payment in Dash (a form of cryptocurrency) to decrypt the files. While most ransomware blackmailers demand one payment to unlock the files on all the infected machines, Pinchy Spider and its customers request payment on a per-computer basis, especially if hosts or servers have been compromised.

How to Protect Your Business against GandCrab

Taking several measures can go a long way in protecting against a GandCrab attack:

  • Patch known vulnerabilities by regularly updating all software on each computer in your company, including workstations, hosts, and servers. Patching will eliminate many of the vulnerabilities that exploit kits use to access machines.
  • Make sure the security software is being updated on each computer. Even hosts and servers should be running security software. It can help defend against known ransomware threats and other types of malware attacks.
  • Secure RDP. Hackers like to exploit RDP to access businesses’ hosts and servers, so it needs to be secured. There are several ways to do this, such as deploying an RDP gateway and limiting who can use RDP to log in to the network.
  • Use two-step verification for the service and software accounts on your hosts and servers. That way, even if a password is compromised, it cannot be used to gain access to those accounts. If using two-step verification (also known as two-factor authentication) is not possible, at least use strong account passwords and implement an account lockout policy to foil brute force password-cracking attacks.
  • Regularly back up files and systems, and make sure the backups can be successfully restored. Although having restorable backups will not prevent a GandCrab attack, you won’t have to pay the ransom if the attack is successful.

We can help you implement these measures as well as provide recommendations on how to further protect against GandCrab and other types of ransomware. Give us a call at 800-421-7151 to learn more.

Malvertising Is Likely Coming to a Browser Near You

Cybercriminals are increasingly posting malicious ads on legitimate websites to obtain data and spread malware. Discover how malvertising works and what you can do to protect your business from it.

Cybercriminals do not take holidays off — in fact, they often use them to their advantage. That’s how a group of hackers celebrated President’s Day in the United States. They launched a massive malicious advertising (malvertising) campaign that involved more than 800 million ad impressions on legitimate websites between February 16-19, 2019, according to Confiant security researchers. The ads were designed to trick users into entering personal and financial information in order forms for fake products.

A Serious Problem

Malvertising is a serious problem. Avast notes that it is one of the top five endpoint threats affecting small businesses. That’s because cybercriminals are increasingly posting malvertising on legitimate websites in order to:

  • Obtain sensitive data. Like in the President’s Day campaign, hackers use malvertising to obtain sensitive data, such as payment card or bank account information.
  • Deliver exploit kits. These kits are designed to find known vulnerabilities in systems. If a vulnerability is found, it is used to install malware or carry out other types of malicious activities.
  • Deliver malicious payloads directly. Pop-up ads, for example, can deliver malware as soon as they appear or after people click the “X” button to close them.

The Devious Ways in Which Malvertising Works

To understand how malvertising works, you need to know how web browsers render web pages. When you visit a web page, your browser automatically receives the page’s content so it can display the page. So, for example, when you visit your favorite business news website, all the articles, pictures, ads (malicious or not), and other elements on the page are automatically sent to your browser.

What the malvertising does next depends on whether it includes malicious code. For instance, suppose hackers want to deliver an exploit kit. One way they can do this is to create ads that try to lure you into clicking a link. The ad itself does not contain any malicious code. However, if you click the link, you will be sent to a server that delivers an exploit kit. If the kit finds a vulnerability, it is used to install malware on your device.

Even worse, some malicious ads deliver exploit kits without you doing anything other than going to your favorite website. In this case, the malvertising contains code that automatically redirects your browser to a server, which delivers the exploit kit. The redirection occurs behind the scenes, without you clicking a single link.

How Hackers Get Malicious Ads on Legitimate Websites

Hacking into legitimate websites and inserting malicious ads is a lot of work. That’s why cybercriminals typically pose as businesspeople to get their malvertising online. This ruse is successful because there are many different ways to get ads on websites (e.g., through advertising agencies, using advertising networks) and there is no standard vetting process. The groups involved in getting ads often do not request much information from the people submitting them. Plus, while some groups check ads before accepting them, others do not.

Even if the ads are checked, hackers find ways around the screenings. For example, sometimes they submit their ads with the malicious code disabled and then enable it after the ad is accepted and put online. In addition, hackers often remove the malicious code from their ads shortly after they are posted to make it more difficult to detect and track their attacks.

How to Protect Your Business

While the digital ad industry knows about malvertising and is taking steps to mitigate the problem, it will be awhile before these ads are no longer a threat. Thus, you need to proactively protect your business. Here are some of the measures you can take:

  • Educate employees about malvertising. Be sure to discuss the dangers of clicking links in ads, as the ads might be malicious.
  • Tell employees about the dangers of allowing pop-ups and redirects. Most modern web browsers block pop-ups and redirects by default, but this functionality can be manually disabled. Let employees know this is dangerous since malvertising sometimes uses both pop-ups and redirects. Similarly, let them know they should not enable web content that has been disabled by their web browsers or security software, as it might contain malicious ads.
  • Uninstall browser plug-ins and extensions not being used. This will reduce the computers’ attack surface. For the plug-ins and extensions being used, consider configuring web browsers so that plug-ins and extensions are automatically disabled but can be manually enabled on a case-by-case basis.
  • Update software regularly, including browser plugins and extensions. Exploit kits look for known vulnerabilities in software. Patching these vulnerabilities helps eliminate entry points into devices.
  • Install ad blockers. Ad blockers remove or modify all ad content on web pages. However, they might unintentionally block non-ad content, causing a web page to display improperly or not at all.

We can help you develop a customized strategy to protect your business’s devices from malvertising and other types of cyberattacks.

Security Hole Is Putting Many Containers in the Cloud at Risk

A serious security vulnerability dubbed Doomsday Docker has been discovered. If your business uses containers, here is what you need to know.

serious security vulnerability dubbed Doomsday Docker is putting containers at risk. Cybercriminals can exploit this hole to attack the system that hosts the container as well as all the other containers running on the host system. Most containers in the cloud are vulnerable.

The security hole lies in a command-line runtime tool called runC. Popular container platforms such as Docker and Kubernetes use this open-source tool to generate and run containers. “As far as container runtimes go, runC is used by just about every container engine out there,” according to one security expert.

To exploit this vulnerability, cybercriminals just need to place a malicious container within a container system. The vulnerability will allow that container to overwrite the host’s runC binary code, letting the hackers gain access to the host system and potentially all the other containers running on it. This is done with minimal interaction by the hackers.

Container platform providers are patching their software to fix the vulnerability. We can check to see if your provider has issued a patch and make sure it is installed.

6 Ways to Make Your Passwords Easy to Crack

Passwords are an important line of defense against cyberattacks, yet many people make it easy for hackers to crack them. Here are six mistakes that people often make when creating passwords.

Serious consequences can result from cracked passwords. Cybercriminals might use them to steal money or data from the compromised accounts. Or they might change the accounts’ passwords and use the hijacked accounts for other malicious activities such as installing malware or sending phishing emails.

While no one wants to have their passwords cracked, many people make it easy for cybercriminals to do so. Here are six mistakes that people often make when creating passwords:

  1. Using Repeating or Sequential Characters

Want a password that is extremely easy to crack? Create a password that consists of:

  • Repeating letters or numbers, such as “aaaaaa” or “111111”
  • Sequential letters or numbers, such as “abcdef” or “123456789”
  • A combination of repeating and sequential characters, such as “abc123” or “aa123456”

SplashData’s 100 worst passwords list is full of these types of passwords. In 2018, the company analyzed more than 5 million passwords leaked on the Internet to find the most predictable, easily crackable ones in use. All the examples listed above are on this list. On an average computer, it would take a cybercriminal only one second to crack each of these passwords using a brute-force password-cracking tool, with one exception. It would take 32 seconds to crack “aa123456”, which is still a very short amount of time.

  1. Relying on Memorable Dates

While using your birthday, a family member’s birthday, or another memorable date makes a password easy to remember, it also makes it easier to crack. Hackers know people do this. With a little research, they often can learn their victims’ birthdates, anniversaries, and other special dates. If they cannot find the information on social media sites like Facebook or Twitter, they can search public records.

  1. Entering Keyboard Patterns

Although “1qaz2wsx” and “!@#$%^&*” might seem like random strings of characters, hackers know they are keyboard patterns. Hackers also know that people like to use keyboard patterns as passwords, so they check for them. In fact, “1qaz2wsx”, “!@#$%^&*”, “zxcvbnm”, and “querty” are all on SplashData’s 100 worst passwords list.

  1. Creating Short Passwords

Short simple passwords are easier to remember than long complex ones, but they are also much easier to hack. For example, passwords such as “football”, “Donald”, “banana”, and “whatever” take only two seconds to crack using a brute-force password-cracking tool.

Short passwords are dangerous even if you use letter substitution, such as replacing the number “0” for the letter “o” or substituting the “@” sign for the letter “a”. It would still take only three seconds to hack the passwords “f00tball”, “D0n@ld”, “b@n@n@”, and “wh@tever”.

Longer passwords are cryptographically harder to break than shorter ones. However, the long complex passwords that you are supposed to create — that is, long passwords that include mixed-case letters, numbers, and symbols — are hard to remember. As a result, people resort to writing them down or reusing the same password. This is why the US National Institute of Standards and Technology recommends using “memorized secrets” — passphrases that are simple, long, and easy to remember.

For instance, instead of using “football”, you might use “fond of flying footballs”. This passphrase would take more than 10,000 centuries to crack. As this example shows, including spaces is a good practice to follow, assuming they are allowed. Besides making the passphrase easier to enter, spaces make the passphrase harder to hack. It would take 58 centuries to hack “fondofflyingfootballs”. Although not as good as 10,000 centuries, 58 centuries is still a very long time.

  1. Reusing Passwords

People have to remember numerous passwords for both business and personal accounts. With so many passwords to remember, people often use the same password for multiple accounts. In one survey, 60% of the 1,000 participants admitted doing so.

However, cybercriminals know people frequently reuse passwords, so they try cracked passwords on multiple accounts. For instance, they sometimes launch an automated credential stuffing attack in which distributed botnets try using compromised credentials on high-value websites. This testing is done slowly using many different IP addresses to avoid setting off alerts (e.g., three unsuccessful login attempts) that could expose the attack.

  1. Modifying Passwords

To make passwords easier to remember, some people add or delete characters from passwords they are using at other sites. For example, they might use the passwords “cheese”, “cheese001”, and “cheese002” for three different accounts. One research study found that about 20% of passwords are formed this way.

More important, the researchers were able to create an automated cross-site password-guessing tool by applying common password-transformation rules to compromised passwords. If they can create such a tool, chances are so can cybercriminals.

7 Ways to Spend Less Time Dealing with Emails

Business professionals often spend a lot of time reading and responding to emails every day. If you are one of them, here are seven ways you can reduce the amount of time you spend dealing with emails.

In many businesses, employees use emails to communicate with each other, customers, suppliers, and other business associates. And the number of messages being handled is not small. Employees send and receive an average of 126 emails per day.

Dealing that many emails takes time. One study found that business professionals spend more than 25% of their day reading and responding to messages.

Fortunately, this doesn’t need to be the case. Here are seven ways you can reduce the amount of time you spend dealing with emails:

  1. Read and Respond to Emails Only at Designated Times

When you get a notification that an email has arrived, what do you do? If you are like most people, you stop what you are doing and look at the email. However, reading and responding to emails as they arrive can wreak havoc on your productivity. Even just quickly scanning an incoming email disrupts your concentration. It takes people an average of 64 seconds to recover from the interruption and return to their normal work rate.

Instead of reading and responding to emails as they arrive, a more productive approach is setting aside a block of time once or twice a day to go through all your messages. You should also consider turning off email notifications. That way, you can avoid the temptation of taking a quick peek at incoming emails.

  1. Manage Emails with Rules

Most email apps let you set up rules to manage messages. For example, both Microsoft Outlook and Google Gmail let you configure rules to automatically flag messages or move them to designated folders based on who is sending them or keywords in the subject line. Flagging and moving messages to folders can help you prioritize and organize emails.

  1. Make Sure an Email Is Necessary Before Writing It

Before you write an email, it is a good idea to ask yourself, “Is the email needed?” You should avoid sending emails about matters that are not important to business operations. “Nice to know” information can often be provided through other communication channels, such as a company intranet site. Only sending emails about pertinent business matters will save you time since you will be writing fewer emails. Plus, it will save time for others, as they won’t have as many emails to read.

  1. Be Concise When Writing Emails

You likely have gotten them — emails that ramble on and on rather than getting to the point. Don’t be one of those senders. When writing an email, get to the point quickly and keep the message as short as possible.

When a longer email is necessary, consider using elements such as bullets and numbered lists to help organize and call attention to items. If a matter needs to be discussed in-depth or will involve a lot of back-and-forth conversation, you might consider talking to the person rather than sending an email.

  1. Send Emails to Only the People Who Need the Information

When sending a message, you should make sure that you are emailing it to only those individuals who need the information. This is especially important when sending an email to a contact group (aka distribution list). Although entering a contact group in a message’s “To” field might be easier for you, it is better to enter the names or addresses of only those people who truly need the information. It will be one less email for everyone else in the contact group to read, saving them time.

  1. Repeat Important Points in Long Conversation Threads

When replying to a long conversation thread, it is a good idea to reiterate important information relevant to the matter you are addressing. For example, suppose you want to answer one of the questions brought up in a thread about company policies. Rather than say “To answer your question, we …”, it is better to say something like “In regard to the question about whether our company needs a social media policy, we ….”. This will make it easier for the email recipients to quickly understand what you are communicating. It will also save the recipients time, as they won’t have to reread all the previous emails in the thread to find the question you are addressing.

  1. Filter Out Spam

Although email servers filter out a great deal of spam, some messages inevitably make it through to users’ Inboxes. If you often see spam in your Inbox, you might want to filter it out using the spam or junk email filtering system provided by your email app or security software.

For example, you can use Outlook’s Junk Email Filter to move spam to the Junk Email folder. You have the ability to change the filter’s level of protection from the default of “No Automatic Filtering” to a more aggressive setting (“Low”, “High”, or “Safe Lists Only”). You might also create a blocked senders list. When you add a name or email address to this list, Outlook automatically moves incoming messages from that source to the Junk Email folder.

If this was helpful and you feel you may benefit from some other tips, check out the Webinars section of our Vlog for tips on how to work smarter in Outlook! If spam is your issue, give us a call at 800-421-7151 if you need to beef up your email security.

See How Much Power Your Apps Are Consuming on Your Windows 10 Computer

Once the October 2018 Update is installed on your Windows 10 computer, you can easily find out how much power each app and process is using. Here is how to access this information.

Windows 10’s Task Manager has many useful features and capabilities that let you monitor the apps and processes running on your computer. Once the October 2018 Update is installed, it is even more useful. The update adds two new columns to Task Manager’s “Processes” tab:

  • “Power Usage”. This column lets you see how much power each app and process is currently using.
  • “Power Usage Trend”. This column tells you how much power each app and process has used in the past two minutes.

In both columns, the possible values range from “Very low” to “Very high”, letting you know an app’s or process’s power-usage level at a glance. While the values in both columns are useful, the ones in the “Power Usage Trend” column can give you a better idea of how much power an app or process typically uses. Knowing this can be helpful, for example, if your computer’s battery is running low and you won’t have access to a power outlet anytime soon. By closing apps that typically use a lot of power, you can increase your battery’s life.

In addition, the power usage columns might flag when a cryptojacking script is siphoning a computer’s processing power. In this type of attack, cybercriminals steal computers’ processing power to mine cryptocurrencies.

To see the power-usage levels for your apps and processes, follow these steps:

  1. Right-click the Windows button and select “Task Manager”.
  2. If you see the “More details” option in the lower left corner of the Task Manager window, click it.
  3. Maximize the size of the window by clicking the square box in the upper right corner.
  4. Find the “Power Usage” and “Power Usage Trend” columns. They will be to the right of the “GPU Engine” column.
  5. If you do not see these columns, right-click any other column heading. In the box that appears, check the boxes next to “Power Usage” and “Power Usage Trend”.
  6. If you want to sort the apps and processes by the amount of power they are consuming, click the “Power Usage” or “Power Usage Trend” column heading. (By default, the apps and processes are sorted by name.)

If the “Power Usage Trend” column is blank for a particular app or process, don’t worry. When an app or process is launched, its entry in this column will be blank. The entry will populate after two minutes and then keep updating every two minutes.

What Is Digital Transformation and Why Are Companies Pursuing It?

Digital transformation is a popular topic of discussion in boardrooms. Learn what digital transformation is all about and why companies are interested in digitally transforming themselves.

IDC predicts that at least 55% of organizations will be digitally transforming themselves by 2020. But what exactly is digital transformation? More important, why are companies pursuing it?

What “Digital Transformation” Means

If you search the Internet for the term “digital transformation”, you will find numerous definitions of it. The definitions vary widely, so it can be hard to quickly learn what digital transformation is all about.

To understand what is meant by the term “digital transformation”, it is helpful to know what it is not. If a company simply moves applications to the cloud, upgrades its IT infrastructure, or implements some other one-off IT project, it is not digitally transforming itself.

Digital transformation involves more than just adding new digital technologies to business operations. It requires a company’s leaders to rethink how the organization does business at a fundamental level — how they can achieve their business goals by leveraging digital technologies in processes throughout the organization. Sometimes, companies are able to effectively integrate new technologies into existing processes. More often, though, they need to design new processes.

“Digital transformation marks a radical rethinking of how an organization uses technology, people, and processes to radically change business performance,” according to George Westerman, a digital transformation expert with the MIT Initiative on the Digital Economy. “Such sweeping changes are typically undertaken in pursuit of new business models and new revenue streams, often driven by changes in customer expectations around products and services.”

Meeting customers’ expectations is not the only driver of digital transformation. Increasing competition and meeting regulatory requirements (e.g., General Data Protection Regulation requirements) are some of the other drivers. Since customer expectations, competitors’ offerings, regulations, and other business influences are constantly changing, a digital transformation is not something a company does once and then moves on. It is an ongoing process.

Why Businesses Are Pursuing It

Because of its wide-sweeping nature, digital transformation can be disruptive. Plus, it is a never-ending quest. So, why are companies increasingly embarking on the journey? The benefits reaped from a successful journey are enticing. They include:

  • Improved customer satisfaction
  • More efficient operations
  • Improved decision making
  • Increased agility and innovation
  • Happier, more productive employees

Realizing these benefits ultimately leads to better business performance overall and increased profitability.

The Types of Digital Technologies Companies Are Using

While each company’s digital transformation is unique, businesses use many of the same types of digital technologies. For example, they use Internet of Things (IoT) devices and edge computing to collect and process data locally. To respond to customers’ online requests for information, they turn to chatbots. They also use other forms of artificial intelligence (AI) to connect and communicate with customers.

In the past, only big businesses could take advantage of AI technologies because of their cost. However, many cloud-app providers have embedded AI services in their platforms, so small businesses now have access to AI technologies.

If your business is embarking on digital transformation journey, we can help you determine which technologies can help you achieve your business’s goals. Call us at 800-421-7151 to find out how WAMS can begin your transformation.

Still Using Windows 7? Here Is What You Need to Keep in Mind

Windows 7 is still being used by many companies, despite it being in its final year of life. If your business is running this software, here is what you need to consider.

Many companies have not upgraded their computers from Windows 7 to Windows 10. The reasons why vary. For example, some businesses have not moved to Windows 10 because it is incompatible with their existing business apps or processes. Others have not switched because their existing hardware will not support Windows 10. While these are legitimate reasons for not upgrading, there is a new factor that needs to be considered: Windows 7’s end is near.

On January 14, 2020, all support for Windows 7 ends. Using Windows 7 after this date can be risky because Microsoft will no longer provide free security updates or product support. If the computers in your company are still running this operating system software, here is what you need to consider.

No Free Security Updates

After January 14, 2020, Microsoft will no longer provide free updates to fix newly discovered security vulnerabilities in Windows 7. Similarly, it will no longer provide free security updates to Internet Explorer web browsers running on Windows 7 machines. According to Microsoft, Internet Explorer is a component of the Windows operating system, so it follows Windows 7’s lifecycle policy.

This means that your Windows 7 computers and the Internet Explorer browsers installed on them will not be protected against cyberattacks exploiting newly discovered security vulnerabilities. As a result, your business will be at greater risk of data breaches, ransomware, and other types of cybercrime. To make matters worse, hackers often keep track of when vendors stop supporting popular apps. They then launch new cyberattacks that target those apps once the support has ended.

There is another less-obvious risk associated with using unpatched software. Since you cannot protect your Windows 7 computers from new cyberattacks, your company might not be compliant with regulations that govern the protection of sensitive data. Noncompliance can result in penalties, higher costs, and even lost business.

No Product Support

After January 14, 2020, Microsoft will no longer support computers running Windows 7. Nor will it support Internet Explorer browsers running on Windows 7 machines. This means that Microsoft will no longer answer any technical questions or help troubleshoot any problems. The only Microsoft resources that will be available are articles, webcasts, and other free online content that the company has posted about the software in the past.

Your Options

January 14, 2020, is approaching fast. It is a good idea to start planning now instead of waiting to the last minute. Here are your main options if your business is still running Windows 7:

  • Continue to use Windows 7 without any security updates or support. Windows 7 and Internet Explorer will not suddenly stop working after January 14, 2020. The apps will still work, so you can keep using them. However, doing so leaves your business at greater risk of cyberattacks.
  • Purchase Extended Security Updates. In September 2018, Microsoft announced that it will offer Extended Security Updates for Windows 7 (which will include updates for Internet Explorer) through January 2023. The Extended Security Updates will be sold on a per-device basis, with the price increasing each year. These updates will be available for Windows 7 Professional and Windows 7 Enterprise customers that have volume licensing agreements.
  • Upgrade to Windows 10. By moving to Windows 10, you will have free security updates, feature updates, and product support. If you subscribe to Microsoft 365 Business and your computers are running Windows 7 Professional, you can upgrade at no additional cost.
  • Switch to a different operating system. If you do not want to use Windows 10, you can switch to a different operating system, such as Apple macOS.

We can help you make the best choice for your business based on its needs and help you carry out that decision.

How to Use the Clipboard’s History and Syncing Features in Windows 10

The Windows 10 October 2018 Update soups up the Windows Clipboard with new history and syncing features. Here is how to enable and use these features.

The history feature lets you copy and store multiple items (text and images) on the Clipboard. In the past, you could only store one item at a time. The syncing feature lets you store Clipboard items in the Microsoft cloud so that the items will be available for pasting on all your Windows 10 computers.

You can take advantage of just one or both of these features. Before you can use them, though, you must have the Windows 10 October 2018 Update installed. You also need to enable each feature.

How to Enable and Use the History Feature

To enable the history feature, all you need to do is press Win+V to open up the Clipboard window and select “Turn on”. If you are unfamiliar with keyboard shortcuts, Win+V indicates that you press the Windows key and the letter v on your keyboard at the same time.

Once enabled, Windows 10 will automatically place the items you copy on the Clipboard. To paste an item that you copied earlier in the day, you just need to open the Clipboard window, find the item, and click it. The most recent items you copied will be at the top of the window.

You can store up to 25 items on the Clipboard. (Text, HTML, and images are supported.) Each item can be up to 4 megabytes. If you copy numerous items throughout the day, it is important to know that older items are automatically removed. To prevent this, you can pin items, which tells Windows 10 to keep those items on the Clipboard indefinitely.

To pin an item, you simply open up the Clipboard window, find the clip you want to save, and click the icon that looks like a pushpin. (It will be on the right side of the clip.) If you are going to be shutting down your computer, you also need to pin any items that you want to save. The Clipboard history is cleared every time you restart your machine. Only those items you pinned will remain on the Clipboard.

How to Enable and Configure the Syncing Feature

The Clipboard syncing feature comes in handy if you regularly use two (or more) computers, such as a desktop machine when you are in the office and a laptop device when you are on the road. For the syncing feature to work, the Windows 10 October 2018 Update needs to be installed on both machines. Plus, you need to use the same Microsoft account to log in to the computers.

The syncing feature needs to be enabled and configured. When setting up the feature, you will be given two options:

  • “Automatically sync text that I copy”. This is the default setting. If you keep this setting, all items that you copy will be stored in the Microsoft cloud and synced across your devices.
  • “Never automatically sync text that I copy”. If you select this setting, you need to manually open the Clipboard window and select the content you want to make available across your computers. If you often copy sensitive data, this option might be the best choice.

To enable and configure the syncing feature, perform these steps on both computers:

  1. Click the Start menu.
  2. Select the gear icon to open the Settings app.
  3. Choose “System”.
  4. Select “Clipboard” in the left pane.
  5. Scroll down to the “Sync across devices” section.
  6. Move the “Sync across devices” slider to “On” to enable the syncing feature.
  7. Choose either the “Automatically sync text that I copy” or “Never automatically sync text that I copy” option.

Clearing the Clipboard

At any time, you can clear items from the Clipboard. To remove individual items, open the Clipboard window, find the item you want to delete, and click the “x” icon in the upper right corner.

If you want to clear the everything except pinned items from the Clipboard, follow these steps:

  1. Click the Start menu.
  2. Select the gear icon to open the Settings app.
  3. Choose “System”.
  4. Select “Clipboard” in the left pane.
  5. Scroll down to the “Clear clipboard data” section.
  6. Click the “Clear” button.

This will clear the items from the Clipboard window and from the Microsoft cloud. If you want to clear pinned items, you will first need to unpin them.

If you have any questions about the new Clipboard features or run into issues using it, let us know.

4 Things You Might Not Have Known about Microsoft Teams

To help facilitate communication and collaboration in businesses, Microsoft offers a solution called Teams. Although it is a relatively unknown offering, its popularity is expected to grow. Here are four things it helps to know about Teams.

Teamwork is a mainstay in businesses. Although it has been in existence since November 2016, it is still a relatively unknown offering. That is expected to change, though. Experts predict that Teams will have the fastest growth of all the available business chat solutions over the next two years, according to a Spiceworks report released in December 2018.

So, it pays to learn about Teams. Here are four things you might not have known about it:

  1. Teams Is Microsoft’s Version of Slack

Like Slack, Teams is a communication and collaboration solution that offers a wide variety of services. The core services offered by Teams include:

  • Unlimited chat messaging and message searches that do not have a size limit
  • Audio and video calling (one-on-one or group calls)
  • The ability to host audio, video, and web conferences with anyone inside or outside a company
  • Built-in Microsoft Office Online apps (Word Online, Excel Online, PowerPoint Online, and OneNote)
  • Integration with more than 140 apps and services (both Microsoft and third party)
  • 10 gigabyte (GB) of storage per team for file sharing, plus 2 GB of storage for each team member
  • Screen sharing
  • Channel meetings
  1. There Is Now a Free Version

In July 2018, Microsoft launched a free version of Teams that does not require a Microsoft account. Teams is also included in some Office 365 subscriptions, such as Office 365 Business Essentials and Office 365 Business Premium.

The free version includes the core services just mentioned and a few others. The version provided with Office 365 subscriptions offers several extra features, such as administrative support, advanced security features, Microsoft Outlook, and additional file storage space.

  1. Teams Runs on Multiple Platforms

Teams runs on a variety of devices and platforms. Desktop versions are available for Windows 10, Windows 7, and Apple Mac OS X (10.10 and later). There are also mobile apps available for Google Android and Apple iOS devices. Download links for the free version of Teams can be found on the Get Microsoft Teams for Free web page.

  1. Teams Will Eventually Replace Skype for Business and StaffHub

Microsoft has announced that it plans to replace Skype for Business — a unified communications solution that is part of Office and Office 365 —  with Teams. Teams has already reached “feature parity” with Skype for Business, according to experts. Microsoft has not yet released a timeline for the retirement of Skye for Business. However, it might be coming in the not-too-distant future. On October 1, 2018, Microsoft stopped offering Skype for Business to new Office and Office 365 customers with fewer than 500 users. Instead, these customers are being set up to use Teams. Current customers with fewer than 500 users can continue to use Skype for Business. In addition, Microsoft is continuing to offer Skype for Business to existing and new Office and Office 365 customers with more than 500 users.

Although not nearly as widely used as Skype for Business, StaffHub will also be retired. Part of Office 365, StaffHub enables a manager to set work schedules for frontline employees, which they can then view. Employees can also use StaffHub to swap shifts and chat with each other. Microsoft has already incorporated StaffHub’s capabilities into Teams. The StaffHub mobile app will no longer be unavailable for download after April 1, 2019, and will stop working entirely on October 1, 2019

What Businesses Can Learn from Google’s Hefty GDPR Fine

Google was fined $57 million for not complying with the General Data Protection Regulation. Learn why Google was penalized so you can avoid the same data-privacy mistakes in your company.

Although it has only been enforced since May 25, 2018, companies are already being fined for not complying with the European Union’s General Data Protection Regulation (GDPR). In January 2019, Google was fined $57 million [USD] by France’s data protection authority, the National Data Protection Commission (CNIL). Google is the first US technology company to be penalized for GDPR noncompliance.

Learning why Google was fined can help you better understand what companies need to do to comply with data-privacy regulations. It is important for all businesses to have this basic understanding because legislation similar to GDPR is being passed in other parts of the world. For instance, in June 2018, the California State Legislature passed the California Consumer Privacy Act (CCPA). It gives California residents some of the strongest data-privacy protections in the world. CCPA will start being enforced in January 2020.

Why Google Has Been Fined

GDPR was created to provide data-privacy rights to EU citizens and protect them from data breaches. For example, EU citizens have the right to find out the types of personal data that companies are collecting about them, how the data is being used, and where it is being stored. Furthermore, businesses must ask customers for permission to collect and process their personal information. Companies must also make it easy for customers to withdraw their consent.

Two digital-rights advocacy groups made formal complaints to CNIL about Google’s data processing practices, especially when it comes to personalizing ads. Here is what CNIL found when it investigated the complaints:

Information is not easily accessible. CNIL found that is not easy for Google users to learn essential information about the types of data being collected about them, how that data is being used, and how long it is being stored. According to CNIL, the information is excessively disseminated, forcing users to access multiple documents and perform many steps to get it.

Some information is unclear and inadequate. CNIL discovered that, in some instances, Google’s explanations about how it is using the collected data are too vague, which impedes users’ ability to fully understand the purposes for processing that data. Similarly, the types of personal data being collected and processed is sometimes unclear. Plus, Google does not always specify how long it keeps the data.

There is a lack of valid consent regarding personalized ads. Although Google states that it obtains users’ consent to collect and process data for ad personalization purposes, CNIL found that it is not being validly obtained for two reasons:

  • Users are insufficiently informed about the total amount of data being collected and processed to make an informed decision. To personalize ads, Google collects data from many of its websites, apps, and services. However, Google does not tell users the specific sources from which their data is collected and how the various pieces of information are combined to provide personalized ads.
  • The consent is not specific. GDPR mandates that companies get customers’ specific, clear-cut consent to collect and use their personal data for each desired purpose. For instance, if a company wants to collect and process customers’ personal data for the purposes of displaying personalized ads and offering speech recognition services, it needs to ask customers for their consent for each purpose individually. Moreover, customers have to give their consent using a clear affirmative action, such as checking a box. (The box cannot already be preselected by the company.) According to CNIL, Google is not following these requirements. To create a Google account, users must select the boxes “I agree to Google’s Terms of Service” and “I agree to the processing of my information as described above and further explained in the Privacy Policy”. By doing so, users are giving their consent for all of Google’s various data collection and processing purposes (e.g., for ad personalization, for speech recognition services). While users can later configure their settings to stop their personal data from being collected and processed for the purpose of displaying personalized ads, this option is not easy to find. Furthermore, the option giving consent is preselected by Google.

Based on these findings, CNIL fined Google $57 million. The tech giant has already announced that it will appeal the penalty. Even if the appeal succeeds, Google will have likely spent a considerable amount of money and resources challenging the fine. For this reason and others (e.g., less prone to data breaches, increased customer satisfaction), it is a good idea for businesses to make sure they comply with GDPR if they have customers in the European Union.


Although Google Was the First, It Won’t Be the Last

Other well-known tech companies might be following in Google’s footsteps. Complaints have been levied against FacebookTwitter, and several streaming service providers(including Apple, Netflix, Spotify, and YouTube). Complaints and fines are not limited to large tech companies. Any business that processes or stores the personal data of EU citizens is required to comply with GDPR, regardless of its size or industry.

New Ransomware Is Masquerading as Apps and Games

Anatova has gained security experts’ attention. Besides being the first new ransomware in 2019, it poses a serious threat. Discover why it is so dangerous and how to protect your business from it.

A new form of ransomware is disguising itself as apps and games to trick people into downloading and launching it on their devices. Since January 1, 2019, cybercriminals have been using this dangerous ransomware, known as Anatova, to hold victims’ files for ransom. It has been found worldwide, with the largest number of victims in the United States.


How Anatova Works and Why It Is So Dangerous

Anatova typically masquerades as the icon of an app or game to trick people into downloading it. During installation, it requests administrative rights. After the ransomware makes sure it is on a legitimate computer, it encrypts the files on the machine. It also encrypts the files on any network shares connected to the device. Once all the files are encrypted, the victim is presented with a ransom note asking for 10 Dash. Dash is a type of cryptocurrency — 10 Dash is worth around $700 [USD] at the time of this writing. Victims are allowed to decrypt one JPG file for free as proof that the files can and will be decrypted if they pay the ransom.

While Anatova sounds like many other ransomware programs, security experts are warning that it is a serious threat. One reason why Anatova is so dangerous is that uses a variety of methods to prevent detection. For example, it uses dynamic calls that have been designed to not raise suspicion. Similarly, it uses techniques to deter analysis, such as memory cleaning functions.

Even more troubling is that cybercriminals can easily add new functionality to Anatova because of its modular architecture. Thus, they can quickly adapt Anatova to make it more effective. For instance, they might add new techniques to evade detection or new spreading mechanisms. The latter is of particular concern. Currently, Anatova has only been found on private peer-to-peer networks, but researchers believe it could be spread other ways in the future.


How to Protect Your Business

To avoid having your business become a victim of Anatova or another ransomware variant, you need to educate employees about ransomware. Topics to cover include:

  • What ransomware is and how cybercriminals commonly spread it. Besides covering how Anatova is being distributed through downloads, it is important to cover how ransomware can be spread through other methods, such as phishing emails.
  • Warn employees about the dangers of downloading and opening executables (e.g., apps, games) and files (e.g., PDF files) from peer-to-peer networks and the Internet. This is a good time to discuss your company’s policy regarding when employees are permitted to download executables and files and the sources where employees are allowed to get them.
  • Tell employees about other dangerous practices that can lead to a ransomware infection, such as clicking links and opening attachments in emails, especially if the emails are from unknown senders.
  • Stress the importance of avoiding any content flagged as a potential security threat by security software or web browsers, as it might contain malicious code.

Besides educating employees, you need to take other measures, including:

  • Making sure your security software is being updated on every computer in your business
  • Regularly updating the apps installed on your computers so that known security vulnerabilities are patched
  • Making sure you have restorable backups of your data in case a ransomware attack occurs

We can make sure that your business has covered all the bases so that it will be protected from Anatova and other ransomware variants.

Blackmail Emails Are Being Sent to the Workplace

Blackmail emails that were previously sent only to personal accounts are now being sent to business accounts. Find out what the emails are saying so you can be prepared in case you receive one.

In 2018, people were receiving emails in their personal accounts that tried to blackmail them into paying a ransom. People are now reporting that they are receiving similar emails at work.

In the emails, the blackmailers state they have evidence that the recipient has viewed a video on a pornography website because they hacked into the recipient’s computer. Specifically, they claim to have recorded what the recipient was watching and doing while viewing the video by using the device’s screen-capturing capabilities and webcam. The blackmailers then threaten to send the recording to everyone in the recipient’s email and social-media contact lists if the person does not pay the specified ransom.


The Blackmail Emails Are Actually Phishing Scams

The blackmail emails that people have been receiving at work and at home are actually phishing attacks being sent out by cybercriminals. The emails contain several classic signs of phishing scams:

  • Generic greeting. The emails do not include the recipients’ names in the salutation. Instead, they use a generic greeting such as “Good Morning my friend” or no greeting at all. In some cases, the recipient’s email address (or a shortened version of it) is used in the salutation.
  • Generic content. The emails do not contain any specifics about the incidents that were supposedly recorded. For example, they do not mention which websites the recipients were supposedly visiting when the recordings were made.
  • A sense of urgency and fear. To get people to fall for the scam, the emails try to create a sense of urgency and fear by first letting the recipients know that compromising recordings have been made and then telling them the recordings will be shared with their coworkers, friends, and family if the ransom is not paid.
  • Misspellings and grammatical errors. The emails contain misspellings and grammatical errors.

In some of the blackmail emails, the cybercriminals have been including a password that the recipient currently uses or has used in the past as “proof” they have hacked the person’s computer. However, email address-password pairs are often stolen in data breaches and can be easily purchased on the dark web. So, although alarming, the inclusion of a password does not prove the recipient’s computer has been compromised.


What to Do If You Receive This Phishing Email

If you receive a phishing email like this (or any other type of phishing email), here is what you should and shouldn’t do:

  • Do not panic or respond to the email.
  • Do not open any email attachments. In one instance, a blackmail email included an attachment. Opening an attachment could lead to spyware or another type of malware being installed on your computer.
  • Do not click any links in the email. Although the blackmail emails thus far have not included links, cybercriminals continually change their attack methods. Clicking a link could lead to malware being installed on your computer.
  • Follow company policy on how to deal with phishing emails if you receive one at work (e.g., forward it to the IT help desk, simply delete it).
  • Change your password if necessary. If the email includes a password that you currently use, change that password. If you used the password for multiple accounts, be sure to change each instance to a unique, strong password.

Scan your device for malware using your device’s security software as a precaution.