508-909-5961 [email protected]

A simple Google search of “ransomware” returns just over 9 million results. So, too, does a search for “Three Mile Island,” the location of the late-70’s Pennsylvania nuclear meltdown. And while we don’t mean to equate the near catastrophe of the latter to having your company’s data hijacked by computer hackers, ransomware can in many […]

2016August1_Security_BA simple Google search of “ransomware” returns just over 9 million results. So, too, does a search for “Three Mile Island,” the location of the late-70’s Pennsylvania nuclear meltdown. And while we don’t mean to equate the near catastrophe of the latter to having your company’s data hijacked by computer hackers, ransomware can in many cases end in disaster for your business.

The way in which these nefarious operators commandeer your information and deny you access usually involves some fairly sophisticated stuff. The ransomware they install on your system is essentially a virus that “locks up” your data, and it can’t be unlocked unless you pay them for the keys.

Some of these data-encrypting viruses are strong, such as the CryptXXX strain. It has been infecting businesses for the past few months, and its latest mutation can’t be quelled by decryption programs found for free on the internet.

Two relatively new types of ransomware aren’t quite as virulent as CryptXXX, but we’d like to bring you up-to-date on them nonetheless. Here’s a look at what they’re called, what they do, and how you can defeat them should your business be impacted.

PowerWare

The first of these recent ransomware varieties is called PowerWare, which also goes by the name PoshCoder. It imitates a more complex ransomware program called Locky, although with less effectiveness.

This spring, PowerWare was discovered attacking healthcare organizations through Windows PowerShell, a scripting application used for systems administration. Fortunately, programmers at hi-tech security firm Palo Alto Researchers were able to quickly create a decryption tool named “powerware_decrypt.py” that unlocks ransomed data with relative ease.

Implementing the fix, however, does call for a bit of technical know-how, so if your IT department is experienced in this area it shouldn’t be a problem. The code that can cure you from PowerWare is published online and is free.

BART

The second new ransomware breed that we should address is called BART. Instead of employing intricate information-encrypting algorithms to take command of your data, BART will stash away your files inside password-protected ZIP folders… and you have to pay for the password.

These infections aren’t hard to identify as the imprisoned files will appear with “.bart.zip” added to their original name (for example, “spreadsheet.xlsx.bart.zip”). Thankfully, not only are they easy to detect, but for antivirus firm AVG, they are easy to decode.

Applying the remedy that AVG has produced requires an unaffected copy of one of the files that’s been locked up. And if you can’t locate one somewhere on your network, a good IT services firm will be able to. The BART decryption tool is also available online at no cost.

The fact is, there are some shady, technologically savvy characters out there who are willing to do us harm. Keeping them at bay takes vigilance. So if your business doesn’t have the resources to stay safe and secure from threats like ransomware - or, in the event that you’ve been hit, you’re not sure how to recover your data without paying the ransom - call us today to talk things over.

Published with permission from TechAdvisory.org. Source.

Read More

Keeping your company data safe and secured is not an easy job, especially as cyberattack threats get more and more sophisticated every day. But fret not, there are a lot of simple solutions that can be achieved with almost any level of tech expertise. In this article, we’ve listed 5 of our favorite cybersecurity tips […]

2016July14_Security_BKeeping your company data safe and secured is not an easy job, especially as cyberattack threats get more and more sophisticated every day. But fret not, there are a lot of simple solutions that can be achieved with almost any level of tech expertise. In this article, we’ve listed 5 of our favorite cybersecurity tips that will help you deal with the ever increasing threats to the safety of your data.

1. Two-Factor Authentication

Did an attacker get your password? With two-factor authentication they’ll still need your mobile device to do any damage. Here’s how it works: every time you log into a service that requires a password, the service will send a code to your mobile device for another layer of authentication. Nowadays, most internet services have this option: Google, Facebook, Twitter, Instagram, Skype, Slack, etc. Check a full list here to see if you could be using two-factor authentication on any of your online accounts.

2. Password Manager

Say goodbye to the bygone era of memorizing a long list of different passwords for the various websites and services you use. Password manager software may have been around for a long time, but it’s still a viable solution for improving your login integrity. After installing it, all you need to do is create one secure master password and let the software do the rest. It will store and encrypt all of your passwords in one place for future reference and help generate random, more secure passwords for any new logins.

3. Keep All Software Up to Date

Update all of your software and your operating system as often as possible -- it’s that simple. New versions come with better protection and fix any newly discovered loopholes. If you are too busy or can’t find the time to do it, check for an automatic update option. Any excuse for postponing updates will feel a lot less valid when it means a security breach or system crash.

4. Disable Flash Player

Adobe Flash Player may be what allows you to play Candy Crush during your work breaks, but it has boasted such a poor security record that most experts recommend that users block the plugin entirely. Most internet browsers have the option to block Flash by default, while allowing you to enable blocked content you deem acceptable by simply right-clicking and selecting Run this Plugin.

5. HTTPS Everywhere

When dealing with technology, long acronyms tend to scare off novice users before they even make it to step two. But don’t panic, there’s only one step to this trick. ‘HTTPS Everywhere’ is a browser extension that forces your browser to automatically navigate to sites using a secured encryption, if the site allows it. The thing is, a significant percentage of websites offer HTTPS connections but don’t present them as the default. When that’s the case, ‘HTTPS Everywhere’ gives your browser a gentle nudge in the right direction.

While in-depth security measures need to be implemented and managed by experts, little steps like the ones listed here can be just as important. Check back often for more helpful cybersecurity tips, but if you have more urgent security needs for yourself and your business, our experts are ready and waiting to offer a helping hand -- why not reach out to us today?

Published with permission from TechAdvisory.org. Source.

Read More

Here on earth, clouds are relatively simple phenomena: visible masses of water vapor making their way across the sky. But in the world of IT, “the cloud” is a bit more complex, referring to technology that allows businesses to take a more hands-off approach to managing their IT resources. And the “hybrid cloud” is rapidly […]

2016July7_Web_BHere on earth, clouds are relatively simple phenomena: visible masses of water vapor making their way across the sky. But in the world of IT, “the cloud” is a bit more complex, referring to technology that allows businesses to take a more hands-off approach to managing their IT resources. And the “hybrid cloud” is rapidly becoming the most popular variety.

Hybrid clouds, as the name suggests, are a version of cloud computing that are made up of two different components. They are a combination of private clouds (where data and applications that require tighter controls are hosted either internally or privately in the cloud space); and public clouds (which are operated externally by third-party providers with the express purpose of reducing a company’s IT infrastructure).

A recent “State of the Cloud” report indicates that 71% of all cloud users are now implementing hybrid cloud solutions, mainly because the ways in which they benefit small- and medium-sized businesses are so numerous. Here we’ve highlighted what we consider to be the 4 most significant benefits of hybrid cloud solutions.

Cost efficiency

Does your industry go through seasonal workload increases? With a hybrid cloud solution, you’ll be able to easily handle spikes in demand by migrating data from maxed-out on-premise servers to scalable, pay-as-you-go “servers in the sky” whenever needed, without incurring any extra hardware and maintenance costs.

Adaptability

Having the ability to choose between on-site/privately-hosted cloud servers and ones on the public cloud gives you more than just cost flexibility. It also gives you the capacity to pair the right IT solution with the right job, like keeping smaller projects on your local or private cloud, while utilizing the more robust computing resources on offer from the public cloud for your bigger projects.

Scalability

What exactly does this common IT buzzword mean for your organization? In a nutshell, it means that the hybrid cloud allows you to “scale up” or “scale down” on an as-needed basis. So if there are last-minute demand increases that your hardware can’t support, or if you’re simply planning for future expansion, hybrid cloud solutions allow for on-demand increases or decreases in capacity.

Security

Last, but certainly not least, are the security advantages of a hybrid cloud solution. SMBs are able to host within the private cloud their more sensitive data such as an e-commerce website or HR platform, while using the public cloud space for less sensitive data where it’s more cost effective and there is less likely to be major problems should there ever be a security breach.

SMBs can set up their hybrid cloud model in a few different ways, depending on their precise needs and the types of providers available to them:

  1. By employing one specialized cloud provider who offers soup-to-nuts hybrid solutions
  2. By integrating the services of a private cloud provider with those of a public cloud provider themselves
  3. By hosting a private cloud themselves and then adopting a public cloud service which is incorporated into their infrastructure
So as more of our customers' IT infrastructure moves to the cloud, we’re adapting and developing innovative ways to maintain hybrid cloud environments. What this means for you is we’ve got the know-how to provide outright cloud solutions, or at the very least the expert consultation you need, to ensure that your day-to-day operations transition to a hybrid cloud solution without interruption and in a cost-effective manner. Contact us today to learn more about the benefits that the hybrid cloud can bring to your business.
Published with permission from TechAdvisory.org. Source.

Read More

Although WordPress is more secure than it used to be, outdated installations can be a potential threat to your website and the data that is hosted on the servers. In an attempt to shut down hackers before they can exploit vulnerabilities, the WordPress security team recently rolled out a new version that patches security loopholes […]

Security_2016_July_5_BAlthough WordPress is more secure than it used to be, outdated installations can be a potential threat to your website and the data that is hosted on the servers. In an attempt to shut down hackers before they can exploit vulnerabilities, the WordPress security team recently rolled out a new version that patches security loopholes and fixes several known bugs. Read on to find out more about the update.

What’s new in WordPress 4.5.3?

The latest WordPress version includes fixes for more than two dozen critical vulnerabilities, including:
  • Redirect bypass in the WordPress customizer API
  • Two separate cross-scripting problems via attachment names
  • Information disclosure bug in revision history
  • Denial-of-service vulnerability in the oEmbed protocol
  • Unauthorized category removal from a post
  • Password change by stolen cookies
  • Some less secure sanitize_file_name edge cases
All vulnerabilities were found by members of the WordPress community. In addition to the security issues listed above, WordPress 4.5.3 fixes 17 maintenance issues from its predecessors 4.5, 4.5.1 and 4.5.2 (See full list).

WordPress update process

Many sites have an automatic background update, meaning that website admins will receive an email, confirming the update. If your website doesn’t support this feature, you can trigger manual updates by logging in to your WordPress dashboard and click on the ‘Please update now’ link, which is clearly visible on the top of the page.

Before you perform the update, however, we highly advise you to make a backup of your website. This is so that you can quickly restore your site in the event that something goes wrong. Once you have your backup ready, you can go ahead and update your site with the push of a button. Alternatively you can download WordPress 4.5.3 here and install it via File Transfer Protocol (FTP).

It’s important to update to the newest versions of WordPress to ensure that you have access to all of its functionalities and to keep your data and website visitors safe from potential security threats. Google will also demote websites that are running old versions of WordPress in its search results pages - all the more reason why you should regularly check for WordPress updates. If you have any questions about WordPress security, feel free to get in touch with our experts today.

Published with permission from TechAdvisory.org. Source.

Read More