Find the latest news and information here.
Webinar Replay: Important Considerations & Communication Tools for Remote Workers
Did you. miss our latest webinar? You can find our recording here on Important Considerations & Communication Tools for Remote Workers.
Don’t Get Hacked at Home: A Guide to Secure Remote Work
By: Adam Boyle, Business Consultant
The COVID-19 pandemic has many of us working from home offices. While it’s a critical step for keeping ourselves and others safe from contracting and spreading the novel coronavirus, cybercriminals look for any way to exploit weaknesses in systems. Protect your computer, your data, and your company from cyberthreats by taking precautions and employing security best practices while working remotely.
Hackers play on fear
Cyber criminals use fear tactics to try to manipulate you into taking an action that grants them access or information they can exploit. Mounting uncertainties and the unknowns about the COVID-19 pandemic typify the exact scenario hackers will use to send phishing or spearphishing emails.
Even though your environment is different, take the same precautions you would at the office about opening emails, clicking links, and downloading files. Remember that hackers use a sense of urgency to pressure you to take an action. Cybersecurity is a frame of mind, and the most powerful thing you can do is slow down and think. Call up a co-worker to verify a strange email or request. Be suspicious of unexpected emails. Double-check with the source before downloading any attachments.
Additionally, hackers are designing malicious websites disguised as information sources about the spread of the coronavirus. Some sites are showing up on Facebook designed as sophisticated live feed maps of the spread of the disease with real-time updates. But the sites are embedded with malware, which will slow your computer.
Use verified sources
Use trusted sources. Don’t click on Facebook links. Stick with verified sources like government and news channels. A few verified sources include:
- Kansas Department of Health and Environment
- Centers for Disease Control and Prevention
- World Health Organization
We are all under higher levels of stress than normal. Be aware that stress can make us more vulnerable to do things we wouldn’t normally do. Having awareness and taking precautions will go a long way toward keeping you safe.
The best way to access the server at the office while working from home is by a virtual private network, or VPN. It passes through your company firewall with a secure tunnel that lets you work with files and systems on your workstation at the office just like you were there.
At Networks Plus, we use and trust LogMeIn as a secure remote access. It allows users to securely access their computer desktop as if they were sitting in front of it. Users can store, share, and collaborate on files with one click, and even print documents from a remote computer to the nearest printer.
Keep software and applications up to date
Hackers not only exploit fear, they exploit system weaknesses. Make sure your computer is safe and secure by updating all operating systems, applications, and software when patches are released.
Set updates to happen at night so they don’t interrupt your workflow. Just don’t forget to install them.
Your security and firewall should work from anywhere
Computers taken off premise to a home office don’t have to adhere to firewall rules set up at the office, because those rules are bound geographically. Setting up managed DNS (domain name system) on work computers makes the rules specific to the device, and they apply no matter the location of the computer.
Managed DNS works by redirecting web traffic through a cloud-based, DNS security solution. That means businesses can enforce the same web access policies and regulatory compliance when employees are working remotely. Even better, it stops the vast majority of threats before they come near the network or endpoints. At Networks Plus, we recommend Webroot Managed DNS.
Consider new protection measures
There are promising new cyber security developments called real time threat detection that go a long way toward keeping users safe from computer malware, ransomware, viruses, hacking, and all kinds of systems exploitation.
Real time threat detection works by using artificial intelligence to detect user signatures. The threat detection monitors how employees use their machines on a daily basis. If the program detects something suspicious or unusual, it will notice the anomaly and send an alert to the monitoring team so threats can be stopped in real time.
For example, if an employee who uses their computer on a daily basis but never accesses the security feature suddenly goes in and starts making advanced changes, real time threat detection would trigger an alert.
Real time threat detection also scans PDF files for malicious content before the user opens them. It’s the next generation of antivirus software, and we expect it to grow in usage quickly. At Networks Plus, we recommend a program called Sentinel One real time threat detection software.
Call Networks Plus for help
Cybercriminals never back off, even when the world is in crisis. Don’t let the transition to remote work put your systems at risk. Give us a call and let us help you keep your systems and business safe.
Setting Up for Successful Work at Home
By: Kelly Gillespie, Business Consultant
The impact of COVID-19 has touched virtually every aspect of our daily lives, disrupting social interactions, family life, communities, careers, and how we do business. Many schools and universities have shifted to online learning for the remainder of the school year. Many companies suddenly have most–if not all– their employees working from home for the first time. In an overwhelming time as this, here are simple ways employees can set themselves up for telecommuting success.
Set Up Your Workspace
While we don’t know for certain how long social distancing may be necessary or required, set up your home office space in an area that is dedicated solely for work for as long as remote working is necessary. This should be a place you are able to focus and feel comfortable, with minimal distractions. If you will be video conferencing, consider your background as well.
Establish A Routine
When you’re working from home – and especially during a shelter-in-place order – it’s easy to fall away from a regular routine, from waking at a specific time to even getting out of your pajamas. Professionals who have been telecommuting since long before Coronavirus was a household word recommend waking early and getting fully ready for the day, as if you were going to an office building for your work day. Doing this not only physically prepares you for the day, it helps set you up mentally to take on your work tasks.
If you’re able, keep your routine and schedule the same or similar to your pre-telecommuting days. Structuring your day at home in the same way you did at the office may help keep you focused and on task. There is also something to be said for feeling that sense of normalcy and stability in a time when things feel “off” and uncertain.
Plan Your Day
For those fortunate enough to have flex in their work schedule, identify when you’re most productive and plan your day accordingly. If you have children home with you at this time, schedule a two hour “quiet time” in the middle of the day for reading, napping, or screen time so you can focus on work.
Plan tomorrow’s meetings, tasks, and lunch today. Things may come up that require a shift in plans, but if you plan ahead you are more likely to have a clear expectation of what needs to be accomplished that day. And if lunch is planned, you won’t waste time looking through your pantry and refrigerator deciding what to eat.
Remember to also plan breaks in your day. It can be easy to get distracted with laundry that needs done or other home chores when you’re working from home. If this is a distraction for you, plan 5-10-minute breaks in your daily calendar and schedule those types of tasks. This allows you to focus on work during the appropriate times, knowing you have time planned to get those things done later.
Schedule regular check-ins with colleagues via a video platform. The face-to-face communication is a good way to stay connected as a team and keep each other informed. Stay on task and on time, but allow for a bit of the social chatter that you would normally have when in office together. Working from home can be isolating, but especially so during a shelter-in-place order.
Employees with Children
For employees with kids, some of the above won’t be feasible. It is important to have a schedule, or at least a framework, and establish routine for your day and theirs. In addition to the tips above that you are able to adopt, here are a few more ideas.
You likely won’t be able to work a regular 8-hour day. You may have to break your day up into early morning hours before the kids get up and/or at night after they go to bed. When planning tomorrow’s tasks today, list your top priorities and tackle those first. Be sure to also communicate with your employer and coworkers that your kids are home, too.
Plan Supervision-free Activities
Arrange virtual playdates for your kids to Facetime grandma so she can entertain them by reading a book, dancing, or playing games. Here are ideas for activities kids can do with minimal supervision.
A solid foundation to success when working from home lies in the systems, connection, and security measures the company has in place. At Networks Plus, we’re here to make sure you and your team are set up securely for success.
Tools to Keep Your Business Going in the Isolation Age
By: Jerry Horton, Technology Director
America has entered into relatively unknown territory – social distancing, stay-at-home orders, and businesses struggling to maintain operations when their staff may need to work from home. These are trying times for all of us, to be sure, with challenges that we have rarely, if ever, been faced with previously. While there are difficulties, for most businesses, remote work can be accomplished with a bit of planning, technology, and good old American ‘can-do’ attitude! The purpose of this article is give everyone some hints, tips, and (of course) technology advice to make sure that you and your staff can overcome the hurdles for remote work and help America ‘flatten the curve’.
Communication, communication, communication…
Businesses, no matter what the products and services they produce, run on a constant stream of communication. While it is certainly true that email has become a common way for business communication to occur, it is simply a small part of the day-to-day exchange of information that actually drives the business. How many meetings do you have? How many times a day do you pick up the phone or pop into someone’s office to discuss project details? How many impromptu hallway or coffee break conversations occur to solve a problem? Needless to say, these are all essential to the communication chain inside a business. Moreover, we humans are a gregarious lot and, in general, don’t function very well in isolation; this means that your business will not function any better than your staff can. That’s the bad news. The good news is that there is a plethora of technologies right at your fingertips to make remote communications the next best thing to being there.
Chat programs have been around for a long while; Internet Relay Chat or IRC was pretty much one of the first widely adopted Internet applications. Any business that has multiple offices probably already use some version of chat to keep communications near real-time between a widespread staff, so chat is one of the first things you need to implement. However, not all chat is created equal or even close to being secure. Most ‘free’ or commercially available chat programs, such as Facebook Messenger or Yahoo Chat, should be avoided as a business tool. It would be surprising if you haven’t read about the privacy issues with Facebook and Yahoo, but suffice it to say that personally identifiable information (which you are required by law to protect for most businesses) is not at all safe over these types of platforms, let alone your business processes and intellectual property. In short, when it comes to using public chat platforms, DON’T. So, what then can you do to take advantage of chat as a business tool?
If you are using Office 365 with the right licensing, the problem is already solved for you! Teams is an Office 365 application which is specifically built to keep your staff in communication via chat, collaborative file sharing, and audio/video meetings. Teams is designed specifically to be secure as it is configured out of the box to be an internal communications platform – assigned specifically to your license and not available to the outside world. If you have Office 365 Business Premium or Essentials (Enterprise versions, as well), congratulations! You already have access to Teams and might need no more than an hour or two to configure it and hit the ground running. If you aren’t sure, contact your professional IT consultant to assist you.
There are other chat servers available, many of them open source (low to no cost to acquire), but they do require an onsite server and a fair amount of work to make them operational and secure. If you don’t have one in place already, your best move is to set up Microsoft Teams using Office 365.
Many of you might be rolling your eyes and saying ‘Duh, Jerry…’ but having someone’s home phone or cell phone number simply isn’t enough to run a business. How do you answer incoming calls or transfer them? If your customer service representatives are on the phone already, how do you know which of them are on the phone, who is available, and how the call flow will work? Most businesses have a Private Branch Exchange (PBX) phone system to handle all of these tasks; unfortunately, most PBX systems don’t deal with remote stations well at all, often requiring very expensive remote cabinets to extend their reach beyond the walls of your business, not to mention the fairly high cost of additional phone lines to run those cabinets and the costly handsets. What to do?
The best technology answer to this is to replace your PBX with a hosted VoIP system. VoIP is tailor-made to support remote/home offices with some fairly minor configuration and relatively inexpensive equipment. However, if you don’t have one yet, it may be a while before you can get one installed and operational (that is a typical 6-8 week timeframe), so the most efficient path would be to contact the vendor for your PBX to see if you have other options in the meantime. That being said, you can use Teams to help facilitate a temporary way of using a combination of cell/home phones, presence information, and even the built-in telephony features of Teams to make a functional, if not flawless, way to keep in touch with your customers and vendors.
This is another that should be no surprise to anyone who has sat in on a webinar or web demonstration within the last 5 years. Full motion web meetings are a great way to get work done and minimize the feeling of isolation. The great news is that web meetings are probably the easiest thing to accomplish – all you need is a web browser, web cam and microphone (built into every laptop made for the last several years), and a good Internet connection. GoTo Meeting and Zoom are great commercial platforms that even offer free accounts (with significant limitations, sure, but it is an easy way to get started). Of course, Teams is also a fabulous way to get this done without any external accounts. I know that it may seem as if I am shilling for Microsoft here, but the truth is that Teams is purpose built to answer most of these needs.
Ok, we can all ‘talk’ now, but what about getting the rest of the business working?
Actually, communications are typically the most difficult part of remote work, so you’ve already done a lot of the hard work. That being said, let’s talk about the ideal way to set up remote work for your staff. You may or may not have some of this in place, so in the interim, focus on what you need to acquire or configure.
Seems as if this should be simple, right? Just set up a workstation that people can access from the outside world and you are done, correct? In a word, NO.
Unfortunately, making sure you can connect to internal resources securely is the very first concern you should have, but it is also fairly easy to solve. Most modern business-grade firewalls have the ability to set up an SSL-VPN. This is the simplest method of remote access to network resources and is typically very quick to implement once you answer a few simple questions:
- Who needs access?
- How many need access at the same time?
- Where do they need to access from?
- What do they need access to?
The answers to the first three questions will help you design a secure remote access policy and ensure that you have enough licenses to get the job done. The last question is a bit trickier. If you are running some simple line-of-business applications, the solution may be to just add a bit of extra memory to your server and bandwidth to your Internet connection. It may not run perfectly, but it will get the job done. If, however, you have high security concerns or complex applications, the answer is much murkier and will require some planning and possibly a fair bit of expense to suit the needs of your business. Contact your professional IT consultant to help you get these answers turned into action.
If you are using cloud-based applications, such as Office 365, Microsoft Dynamics, Adobe Creative Suite, or even Quickbooks Online, a lot of the hard work of remote access is already done for you, although you may need to modify how and where you store files for everyone to work on (hint: if you have Office 365, it is simple).
The hardest part of setting up a good, secure remote access solution is the remote computer itself. Many companies provide laptops – a perfect remote work solution – or require certain software and configurations to be made on personally-owned computers to facilitate remote access. If you don’t have a bunch of laptops sitting around with the right configurations, this is going to be tough, but you aren’t out of luck yet!
First, most of the major manufacturers ramped up their production of laptops as the outbreak of Coronavirus began, so there is an available supply from Dell, HP, and Lenovo, to name a few. Some manufacturers may have leasing programs available as well if you are only needing a short-term supply.
Second, many software vendors offer cloud-based versions of their applications, so a simple phone call or email to your software vendor may be all you need to get the ball rolling.
In summary, this is a trying time for all of us in so many different ways. Even if you have never thought about operating without being dependent on the traditional brick-and-mortar, many businesses can be converted to telecommuting remote work with a little planning, team effort, and (yes, there will be some) expense. To recap, below is a short list of what you will need to set up a workable remote office:
- A sufficiently sized Internet connection at both the office and remote ends. Talk to your professional IT consultant and ISP for the best advice.
- A communication plan to keep your staff in the loop, provide project teams and workgroups working seamlessly, and keep external communications with customers and vendors flowing.
- A business-grade firewall that supports enough SSL-VPN connections to support the number of remote workers you will have connected simultaneously.
- Laptops or tablets capable of running your line-of-business applications.
- If you will allow your remote users to operate their personal computers in your business environment, set a minimum standard for hardware and security configurations.
- Convert applications to a cloud-based version if it is practical and cost-effective.
- Prepare your internal servers for remote access. This may require additional hardware and configurations to ensure the highest level of security.
From all of us at Blue Valley Technologies and Networks Plus, please stay healthy and safe. Together, we will all get past these times of trial and come out stronger!
Why multi-factor authentication matters for your business
By: Brad Jepsen, Senior IT Sales Engineer
A single lock on a home is not enough to protect loved ones and the valuables inside. That’s why we use deadbolts, security systems, cameras, and other layers of security as fail-safes.
That same principle applies to valuable data, personal information, and proprietary business information. If it’s worth securing with one lock, it should have other layers of protection too.
At Networks Plus, we recommend any computer system connected to the internet use multi-factor authentication. Multi-factor authentication is exactly what it sounds like: a security measure that only grants access after two or more credentials are verified.
The best firewalls, antivirus software, and other security technology can’t protect you if a hacker has your password. That’s why multi-factor authentication is such a vital part of business security protocol.
Three types of multi-factor authentication
Implementing multi-factor authentication looks different between companies depending on the systems in place, user workflows, and other variables. Most multi-factor authentication is two-factor, which simply means two credentials are required to gain access.
Many software companies offer multi-factor authentication built into their program, it’s just a question of activating or customizing those controls. This includes most email services and social media platforms.
Other systems and software may need third-party protection from an app or security program to be fully secure.
Authentication generally falls within three categories:
- Knowledge: The user enters secret information such as a password, a pin, a combination, or a code word.
- Possession: The user possesses a device such as a mobile phone, key, smart badge, or security token (a portable device that can generate a unique pin from the originating server).
- Identity: The user is authenticated by fingerprint, retina, voice, or some other physical characteristic.
Combining security with efficiency
One of the most common reasons businesses don’t implement multi-factor authentication is the fear of bogging down efficiency in their processes. It’s an understandable assumption: does another step means additional time and lost productivity?
The authentication technology now available is designed to be convenient. It’s not a choice between keeping your data secure or keeping workflows moving. You can have both.
The marriage of efficiency and security comes with apps that are tied to your systems. Secure login can be as simple as a push notification directed to a mobile phone that allows the user to verify they are logging in with the tap of a finger.
For example, LastPass is a web extension that lets your team store and access encrypted passwords online. We’ve found it to be a useful and easy-to-use tool for many of our Networks Plus clients.
Another useful system is Duo Security, a multi-factor application that protects logins and helps verify the device security of users who are logging in from offsite.
These are just two options–there are countless more that are customizable based on your business needs and security preferences.
You don’t have to multi-factor alone
When evaluating multi-factor technology or any security measure, determine:
- How much risk your company is willing to accept.
- The cost to implement a workable solution and whether it fits your budget.
If you’re not sure where to start evaluating the risks your company could face, give Networks Plus a call. The cybersecurity experts on our team can help you figure out the level of protection you need and make sure it works for you.
Networks Plus is IT that’s personal.
Put the PRO in productivity with Microsoft 365 Teams
By: Karron Swift, Senior IT Technician
Office work is increasingly not in one office anymore. With staff working remotely, on the road, and in multiple locations, working together while working apart can be a challenge.
That’s the exact situation we faced internally at Networks Plus. With four locations and technicians who spend most of their time assisting our partners onsite, we needed a streamlined system that allowed us to work collaboratively and communicate effectively, no matter where we happened to be.
That’s why we started using Microsoft 365 Teams. Now it’s a central hub for everything we do, including:
- Hosting online meetings
- Hosting webinars
- Communicating with messaging threads
- Scheduling meetings
- Project management
- Building forms
- Developing surveys
- Making presentations
- Screen sharing
- Sharing content and files
Teams is all in one
Microsoft 365 Teams meeting hosting is similar to Webex, and GoToMeeting, with comparable project management functions to Slack. However, we’ve discovered its integration with the rest of Office 365 tools such as Outlook, Excel, Word, and Powerpoint takes streamlined and functional workflow to the next level.
After using Teams internally within Networks Plus for a year, we started helping our partners onboard their systems to use the platform about six months ago. Since then, we’ve been hearing about increased productivity, enhanced communication, and collaboration that doesn’t depend on being in the same room.
Using Teams is easy
At Networks Plus, we’ve found the user interface for Teams to be easy to navigate and organize.
Projects and communication categorize intuitively by team. Most partners we’ve worked with choose to organize teams by department, but it’s flexible to any structure you prefer.
Making changes to documents, organizing tasks, customizing the interface, and tracking activity is as simple as a click.
Maximizing Office 365 for your team
If your company has a business or enterprise subscription to Office 365, Teams is already included in the suite of products available to you. It’s accessible as a web app, desktop app, and for mobile. This allows your team to access the platform anywhere they have internet or cell service.
There is also a free version of Teams available outside Office 365 that includes tools like unlimited chat and search, video calling, up to 10 GB of team and personal file storage, and connectivity with Microsoft Office.
Networks Plus can help you integrate Microsoft 365 Teams
Whether you need Teams training, consulting on how to transition your organization from your current project platform, or serving as the systems admin for your company, Networks Plus can help.
Tell us your needs and we’ll get you up and running and more productive!
Top Three Business Trends from The Consumer Electronics Show
By: Jerry Horton, Technology Director
The 2020 Consumer Electronics Show – the unfathomably large annual showcase of the latest developments in technology – is over and we’re sharing the biggest trends impacting businesses and consumers.
The internet of things is becoming the intelligence of things
The internet of things constitutes products that use a sensor to report information to a data repository. Think of your Fitbit that reports your steps to its app on your phone.
But artificial intelligence goes beyond those capabilities, affording everyday objects the capability and technology to analyze, customize, and respond to the data it collects.
It’s showing up everywhere in prototypes and products already on the market, from robot window washers, to autonomous delivery bicycles, to health diagnostic tools.
Because AI sifts through massive amounts of data quickly, It holds promising ramifications for cyber and data security. It can identify potential threats and automate fast security responses more rapidly than humans.
It also holds promise for enhancing the power of marketing by providing even further customization to consumers based on their needs and preferences. AI can make predictions about consumer behavior and help retailers eliminate guessing to ensure the right amount of product is on hand.
Wide use of biometrics
Biometrics uses human characteristics like thumbprints and facial recognition to authenticate identity. It’s the stuff of sci-fi and action movies, but we’re starting to see this technology used more on everyday items.
For example, one CES vendor demonstrated a padlock that uses a thumbprint instead of a key. With the biometric mechanism embedded, the technology generates a list of users who have accessed the lock. It’s extra convenient because the lock doesn’t require keeping track of keys–access can be granted or revoked instantly.
Developers continue to find a wide use for biometrics. Expect this technology to become more available and less expensive.
Companies using Blockchain to improve consumer trust
Blockchain is a digital ledger built by linking one block of information on top of another, creating a chain of trust and uneditable data. It forms a string of transactions that keeps an honest and consistent record that’s unalterable because it exists on every computer in the network. To change one record only makes it incongruent with other records in the network.
Right now blockchain is mainly used to keep records in cryptocurrency like Bitcoin, but it has a host of applications for business. AT CES, IBM highlighted Food Trust, a technology that uses blockchain to track every step of the food supply chain, reducing inefficiency, increasing food safety, and building brand trust. With the technology, vendors and consumers can trace the source of their food to its origins and track every step it took to their plate.
The technology is still in its infancy–not enough entities offer blockchain as a service to make it practical. But its future in the business realm is just a matter of time.
Networks Plus is on top of the latest
Technology changes at breakneck speed. At Networks Plus, we’re committed to staying on top of the latest developments to help our partners put smart strategies and tools to work for their business. Trust us to inform you of the latest developments in AI, biometrics, and blockchain, and all the other important trends so you don’t have to! We’re proud to serve you with IT that’s personal.
Why Anti-Virus Alone Just Isn’t Enough to Protect Your Email
Breaking Down a Breach – What Happened and How to React 2
Hello and welcome to the Breaking Down a Breach series!
It’s time to select a breach or cyberattack that has been in the news, analyze the information that is publicly available, and offer some recommendations for protecting your network against similar attacks. We will be looking at these attacks based on the five “P’s” of cyberattacks:
Our goal in this series is to uncover what happened, how it was accomplished, and what you can do with your environment to help protect yourself. Remember that there is no one ‘silver bullet’ for security! Rather, you have to build your technical measures in depth and, most importantly, develop a culture of security. There is no such thing as ‘My company is too small/large/unusual/whatever to be a target’. The cybercriminals know that you have something of value and will do whatever they can to get their hands on it.
Today, we will not be looking at a specific breach; rather, we will address a recently discovered vulnerability that has the potential for catastrophic impact worldwide – a serious flaw in Microsoft operating systems security trust systems. You might ask yourself if the words ‘security’ and ‘trust’ belong in the same sentence, let alone describing a core piece of the operating system software, so let me briefly elaborate.
Operating systems need to have a reliable method of determining whether patches or applications came from a source that follows the coding requirements to ensure safe and secure operation within the environment – in short, can the company who is providing the patch or application code libraries be trusted and validated? While this may seem like minor or simple detail, realize that Microsoft itself cannot test every third-party application or piece of code, so the simple expedient of only allowing the installation of applications and patches from trusted vendors was adopted. Even Microsoft’s own applications, patches, and services which require operating system functions – for instance, logging in to the computer – have to meet the trust standard. This is accomplished using a cryptography module and therein lies the problem.
On Jan. 14, 2020, Microsoft, the National Security Agency (‘NSA’), and the Computer Emergency Response Team (‘CERT’) all released high priority notifications of a ‘CVE’ or Common Vulnerability and Exposures issue regarding the issue with the cryptographic module. While such notifications aren’t anything new, the fact that the NSA not only discovered the vulnerability, but alerted Microsoft and then publicly disclosed the vulnerability in a very short time frame. In the past, this has not been the policy or practice of the NSA; as such, this openly public posture for a secretive agency only underscores how serious the problem really is.
What happened: On January 13, Brian Krebs, a well-known and highly respected security researcher, broke the story of the reported vulnerability and upcoming patch to be included in the first Microsoft Patch Tuesday of the year. There were rumblings in the security community that the patch was going to be important. So important, in fact, that NSA Director of Cybersecurity, Anne Neuberger, slated a call to release the information to the media, an unusual move for the NSA. On January 14, Ms. Neuberger divulged the vulnerability had been found by the NSA staff during normal research and consequently reported it to Microsoft. It was also noted that Microsoft has not yet seen any active exploitation of the vulnerability.
In this case, the vulnerability has the potential to create extensive damage to systems. The issue is that module itself is responsible for verifying the ‘chain of trust’ for software and services all the way back to an authoritative source which can validate the identity of the creator. The vulnerability would allow false information to be inserted, causing a ‘chain of trust’ to appear legitimate when it is not. Essentially, a cybercriminal could spoof the operating system into believing malware is trusted and safe to use. This would create situations where any such malware could persist in the system for long periods of time virtually undetected, pilfer information without creating error messages, make changes to protected system files, and become very difficult to trace and remove.
How it happened: It may seem that this is an egregious oversight on the part of Microsoft; however, it is estimated the Windows operating system contains over 50 million lines of programming code. Even with fairly rigorous testing prior to deployment, it is impossible to test every possible use case or combination of systems, applications, or scenarios.
Therefore, more stringent testing guidelines should be adopted. When I was in development (many, many years ago), one of the common tests for your programming was to feed purposefully bad data into the system to make certain that your logic tests would reject it properly and safely, without allowing the program to crash or otherwise perform dangerous operations. Since Windows is the most widely adopted platform on Earth, deployed to an estimated 95.86% of all computing devices in the world (as of December 2018), it behooves both Microsoft and application developers to be more aggressive in secure development practices. I am oversimplifying, but the argument is valid, especially in light of such a fundamental flaw in core system module.
At the same time, I want to praise the NSA for their approach to reporting this vulnerability. In the past, the NSA, one of the few agencies with sufficient skill and resources to uncover these types of issues, has been less than forthcoming and has even used unpublished vulnerabilities as tools (such as Eternal Blue, which in turn lead to WannaCry and NotPetya, once cybercriminals got their hands on the Eternal Blue code.) In my opinion, this new strategy, under the leadership of Ms. Neuberger and her worthy colleagues, will help close cybersecurity gaps more rapidly.
What you can do to protect your company: There are a couple lessons you can apply to protect your business:
- Patch, patch, patch. It can’t be said enough that all computing devices and applications require periodic updates and patches. Turning on Windows update is not sufficient; all patches need to be vetted and applied carefully to workstations, laptops, and servers, not to mention switches, firewalls, access points, mobile phones…you get the picture. Networks Plus offers a patching service which covers all Windows patches and many of the standard business application patches. Part of the service is to test and vet patches prior to deployment. Contact your Networks Plus business consultant for more information.
- Set internal security policies to prevent end users from installing any application and require applications be tested and approved prior to installation. While this may seem unnecessary, realize most end users have very little understanding of what an application may do to an operating system or network. Allowing end users to install that ‘weather’ app or background theme may lead to some very undesirable consequences.
- Education. Make sure to stay informed on potential threats. Training the entire company, including yourself, on security threats is no longer a luxury – it is a necessity in today’s always-on, always-connected world.
UPDATE – 01/17/20: To emphasize just how serious this problem is read more here.
At Networks Plus, cybersecurity is our focus. We want to ensure that your company can prevent and recover from cyberattacks. Contact one of our Business Consulting team to discuss how our products and services can help you build a strong and resilient network for your business.
 For more detail on the Five “P’s”, read the first Breach blog.
 For more information, here is my blog.
CES – Day 3
CES is the Consumer Electronics Show; an annual event where developers showcase their new technological and electronic innovations. Jerry Horton, IT Director for Blue Valley Technologies, is giving us a little glimpse into the future of all things technology.
What a week in Las Vegas! I was just one of about 200,000 attendees at the show and, believe me, I felt like Charlie when he visited Willy Wonka’s Chocolate Factory – overwhelmed, but completely in my element. There were so many exciting things to discover and learn about, mixed in with some things that, frankly, I just don’t get yet (check the pet dryer from my second blog last week for an example.) That being said, I saw some very exciting developments in precision agriculture, robotics, and general tech that I wanted to share.
n.thing is a South Korean company that is working hard on precision agriculture, especially focused on producing crops year round with minimal resources for maximum yield. They build hydroponic farming facilities in what are essentially shipping containers. These use no soil, have controlled environments, and require a minimum of human intervention to produce, using a combination of solid ag practice and smart tech.
South Korea isn’t the only country that is working on this concept. GRÕV Technologies is an American company based in Utah working on the same concept, but taking it a couple of steps further to include grain products, specifically targeting animal feed. I spoke to the GRÕV representative for quite a while and was very excited by both their technology and concepts. With their design, many kinds of crops can be successfully grown year round and they are testing new ideas all of the time.
Enhancing agriculture isn’t just an indoor sport! John Deere had a massive booth at CES to introduce its new self-propelled sprayer with a massive 120-foot carbon-fiber boom (it was so big that I couldn’t even get one whole side of the boom into a picture) and stuffed with advanced technology. John Deere also won a CES Innovation award for its new 8RX tractor. Given the size of this tractor, it was not on display at the convention but, I do want to send out a hearty congratulations to John Deere for winning this prestigious award. Keep up the great work!
Robotics aren’t new by any means, but they have approached science fiction proportions these days! I did see several industrial robots, but what really impressed me were the sheer number of service and companion robots on display.
Canbot is intended for commercial use as a service robot, but it does have a personality and is capable of carrying a limited conversation.
A simple industrial robot on display at the NXP Semiconductor building.
The AlienGo robot. This is not a commercially available product at this time, but it does follow you around like a dog. Seriously, a robotic canine…
Yes, this is a robotic shark. It is used for research in coral reefs and similar environments. Other marine robots are used for inspecting underwater pipelines or the hulls of ships.
Hancom Robotics had a display based around companion robots for children, including Toki, a kind of robotic nanny and study buddy for kids. Toki uses facial recognition to identify family members and will interact with each appropriately.
There were countless examples of gaming tech, including improved gaming chairs, keyboards, mice, headsets, and even haptic jackets (haptics involve the sense of touch or other tactile feedback.) The haptic jacket can be used with games similar to Call of Duty to ‘feel’ the action during the game.
To wrap it up, I did want to talk about an impressive piece of technology which I think could have a very positive impact. When it comes to autonomous driving, there is a lot of focus on cars, trucks, mass transit systems, and the like. While this technology is in widespread use in a limited way – adaptive cruise control and collision avoidance in most vehicles – even Tesla can’t make the claim that they have made a fully autonomous vehicle which is 100% safe and reliable without a human operator. However, autonomous bicycles show some real promise.
This bicycle was created by IAV, a German company as a delivery vehicle. IAV is working toward full autonomy for this bike to make deliveries for take-out, small grocery orders, or even as part of the Amazon fleet. However, it is currently in use by postmen and delivery people using the ‘follow-along’ feature, which allows the operator to walk between locations in a neighborhood and have the bike follow them to each stop. Very handy and efficient without the extra trips back and forth to climb on the bike.
Notice the barcodes on the apples? This is also part of the IAV project – a way to barcode each delivery so that a fully autonomous bike will track inventory and only open the cargo container for a person with the correctly matching code.
No doubt that CES was exhausting, both physically and mentally, but it was well worth the trip for Blue Valley to keep abreast of the latest technologies that will be useful for our customers! I hope you enjoyed these blogs as much as I enjoyed collecting all of the photos and information.