Back to Top

Tech, Web, Cloud & Cabling Services

Category: Security

Security Category

Critical iPhone Spyware Fix Released

Apple has updated its software for iPhones to address a critical vulnerability that independent researchers say has been exploited by notorious surveillance software to spy on a Saudi activist.

Researchers from the University of Toronto’s Citizen Lab said the software exploit has been in use since February and has been used to deploy Pegasus, the spyware made by Israeli firm NSO Group that has allegedly been used to surveil journalists and human rights advocates in multiple countries.

The urgent update that Apple (AAPL) released Monday plugs a hole in the iMessage software that allowed hackers to infiltrate a user’s phone without the user clicking on any links, according to Citizen Lab. The Saudi activist chose to remain anonymous, Citizen Lab said.

Apple credited the Citizen Lab researchers for finding the vulnerability.

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Ivan Krsti?, head of Apple Security Engineering and Architecture, said in a statement.

Krsti? said Apple rapidly addressed the issue with a software fix and that the vulnerability is “not a threat to the overwhelming majority of our users.”

Still, security experts encouraged users to update their mobile devices for protection.

In a statement, NSO Group did not address the allegations, only saying, “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime.”

The firm has previously said its software is only sold to vetted customers for counterterrorism and law enforcement purposes.

Researchers, however, say they have found multiple cases in which the spyware was deployed on dissidents or journalists. In 2019, Citizen Lab analysts alleged that Pegasus was used on the mobile phone of the wife of a slain Mexican journalist.

In a lawsuit filed in 2019, Facebook accused NSO Group of being complicit in a hack of 1,400 mobile devices using WhatsApp. (NSO Group disputed the allegations at the time.)

The proliferation of easy-to-use mobile hacking tools has given governments around the world a new and stealthy means of targeting adversaries. Sophisticated spyware made by NSO Group and other vendors has been reportedly used from Uzbekistan to Morocco.

The surge in spyware prompted a United Nations panel of human rights experts in August to call for a moratorium on the sale of such surveillance tools. The UN panel said the ban should remain in place until governments have “put in place robust regulations that guarantee its use in compliance with international human rights standards.”

iPhone Wi-Fi Hack Alert: Fix Issued

If you use Wi-Fi on your iOS device, get this security update

The tech giant says there is a new cyber threat, but has taken steps to thwart the attack.  According to the reports, “Apple has now issued a critical security patch for all iOS devices and for Mac computers against a potential hack that could come remotely via Wi-Fi.”


The virus is being considered a potentially serious threat, so the company is urging users to install the updates to protect their devices.

The latest cyber threat is also a risk to Android device users, but Google has taken steps as well to block the virus.

“The vulnerability also has the potential to attack Android devices, but Google issued its own security patch earlier this month.”

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Tim Cook: FBI Wanted iOS Backdoor

The most important Tech Case in a Decade

Customer Letter – Apple

February 16, 2016

A Message to Our Customers

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.

Answers to your questions about privacy and security

The Need for Encryption

Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.

All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.

Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.

For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.

The San Bernardino Case

We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime. We have no sympathy for terrorists.

When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.

We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

The Threat to Data Security

Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.

In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.

A Dangerous Precedent

Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.

The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.

We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.

While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

Tim Cook

Answers to your questions about privacy and security

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Most Business PCs Haven’t Upgraded to Win10

According to a new study released by Softchoice, less than 1% of business machines have upgraded to Windows 10, opting instead for Windows 7.

Windows10controversy

Windows 10 has been one of the more controversial OS releases of recent memory, bringing privacy concerns, bugs that disable certain hardware, and other nasty surprises. And the enterprise, it seems, is avoiding it altogether.

According to a recent study by IT services firm Softchoice, less than 1% of Windows machines were actually running Windows 10. That means that, one year after the release of the latest Microsoft OS, more than 99% of machines haven’t yet made the switch.

The study was performed as part of a TechCheck analysis by Softchoice, which looked at more than 402,814 Windows devices operating among 169 organizations. So, what were these firms choosing instead of Windows 10? Overwhelmingly, they were running Windows 7.

“It appears businesses are hesitant to take advantage of the various Windows 10 upgrades and, at least for now, are satisfied with Windows 7,” Softchoice’s David Brisbois wrote in a press release. “Historically, OS upgrades have been viewed as major time and resource-consuming undertakings, and this may be influencing the decision today to hold off on Windows 10.”

The Softchoice looked at these Windows machines in both US and Canadian firms from January 1, 2016 through May 31, 2016. At the time, only 2,999 devices were running Windows 10, which accounted for a grand total of 0.75% of the whole.

In terms of business break down, 42 of the 169 businesses (25%) had no trace of Windows 10 in their environment. Additionally, 73 of the 169 (43%) had fewer than 10 devices running Windows 10 present in their environment.

In contrast, 91% of the machines were operating with Windows 7, which marked an 18% increase over the same period of time in 2015. The next largest group were the Windows XP holdouts, which counted for 5% of the devices. Devices running Windows 8 were at 4%, which is double from the 2% measured the year prior.

“It seems businesses don’t see an urgent need to move operating systems, so long as their cloud-based applications are still running fine on Windows 7,” Softchoice’s Microsoft director Craig McQueen wrote in a press release. “In addition to the security benefits, I think once organizations grasp the user benefits—such as touch and Cortana—we will start to see a boost in adoption.”

Although, some of those features may not be enough to sway some users. Cortana, for example, has proven very difficult to get rid of, and other updates have led to frozen machines. The most recent Windows 10 Anniversary Update actually broke some third-party webcams, without a workaround or fix until September. That’s bad news for a business that relies heavily on video conferencing.

Still, there are a host of new features and tools that could make it easier to get work done.

The 3 big takeaways for Readers

  • 1. A recent study by Softchoice has shown that less than 1% of enterprise organizations have upgraded their Windows devices to Windows 10, even a full year after the OS was released.
  • 2. Most business were still running Windows 7, according to the study, as Windows 8 also saw poor adoption rates after its release.
  • 3. A plethora of concerns over privacy and functionality, combined with the effort it takes to upgrade a whole organization, likely led to the low adoption numbers for Windows 10.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

5 Malware Tools and VR Terms to Know

There’s plenty of free, effective anti-malware protection available. Just don’t let it push your browser around.

Although malware was once predicted to become extinct, it remains a constant threat. Thankfully, countless tools are available to help protect your PC against such security threats—including the popular (and free) anti-malware products on this list.

: AVG AntiVirus Free

AVG AntiVirus Free (Figure A) provides protection for your computer, your browser, and your mail client. Like many other free products, AVG AntiVirus Free tries to sell you a paid license, which includes an enhanced firewall, anti-spam protection, and a few other features.

Figure A

AVG-SJTechies

Although AVG AntiVirus Free seems to do a good job protecting systems against viruses, you have to be careful about the options you choose when installing and configuring this product. Otherwise, AVG will attempt to “hijack” your browser by installing AVG Web TuneUp, changing your search page, changing your new tab pages, and changing your home page.

2: Malwarebytes Anti-Malware Free

Malwarebytes Anti-Malware Free (Figure B) offers basic protection against malware. There are two main things I like about this app. First, unlike some of the other free anti-malware products, it doesn’t try to change your browser settings or install unwanted toolbars. Second, it has a clean and intuitive interface that doesn’t leave you guessing about what to do.

Figure B

antimalware-SJTechies

The disadvantage to using Malwarebytes Anti-Malware Free is that unlike the premium version, it does not support real-time protection. You can scan your PC for malware at any time, but you won’t be alerted to infections in real time unless you upgrade to the paid version.

3: Avast Free Antivirus 2016

Avast Free Antivirus 2016 (Figure C) is probably the most comprehensive antivirus tool on this list. It offers 12 components, including Rescue Disk, Browser Cleaner, Web Shield, and File Shield. The installer lets you choose which components to install.

Figure C

Avast-SJTechies

During the hour or so that I used Avast Free Antivirus, it did not attempt to take over my browser or engage in any other obnoxious behavior. The software does, however, prominently display a warning message during the installation process telling you in no uncertain terms that Avast Free Antivirus 2016 collects personal information. At least it gives you a way to opt out of this data collection.

4: Panda Free Antivirus

Panda Free Antivirus (Figure D) is another free anti-malware solution that requires a bit of caution during the installation process—otherwise, Panda will install a browser toolbar and change your home page and your default search provider.

Figure D

PandaAntivirus-SJTechies

The free version of Panda Antivirus offers real-time protection against malware, but it does try to get you to upgrade to the paid version. That version, which Panda refers to as the Pro Edition, adds a firewall, Wi-Fi protection, and VIP support.

5: YAC

YAC (Figure E) stands for Yet Another Cleaner and—you guessed it—it’s yet another free tool for blocking threats and removing malware from an infected system. It offers a simple, easy-to-follow interface, and it doesn’t try to hijack your browser (which is a personal pet peeve, in case you hadn’t noticed). In fact, the software gives you a way to lock your browser settings so that your preferred home page, default browser, and default search engine can’t be changed without your consent.

Figure E

YAC-SJTechies

In addition to its basic anti-malware capabilities, YAC includes some nice extras, such as a tool for speeding up your computer, an uninstaller, and an ad blocker. The primary disadvantage to using YAC is that you have to upgrade to the paid version if you want to receive real-time protection. Otherwise, you’ll have to initiate anti-malware scans manually.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

49% of Businesses Hit by Ransomware

Ransom is the top motivation behind cyber attacks, according to a report from Radware, and IT professionals are most concerned about data loss. Here’s what you need to know.

Nearly half of businesses report that they were the subject of a cyber-ransom campaign in 2016, according to Radware’s, Global Application and Network Security Report 2016-2017.

Data loss topped the list of IT professionals’ cyber attack concerns, the report found, with 27% of tech leaders reporting this as their greatest worry. It was followed by service outage (19%), reputation loss (16%), and customer or partner loss (9%).

Malware or bot attacks hit half of all organizations surveyed in the last year. One reason for the pervasive attacks? The Internet of Things (IoT). Some 55% of respondents reported that IoT ecosystems had complicated their cybersecurity detection measures, as they create more vulnerabilities.

Ransomware attacks in particular continue to increase rapidly: 41% of respondents reported that ransom was the top motivator behind the cyber attacks they experienced in 2016. Meanwhile, 27% of respondents cited insider threats, 26% said political hacktivism, and 26% said competition.

While large-scale DDoS attacks dominated the headlines of 2016, this report found that only 4% of all attacks were more than 50 Gbps, while more than 83% of DDoS attacks reported were under 1 Gbps.

“One thing is clear: Money is the top motivator in the threat landscape today,” said Carl Herberger, vice president of security solutions at Radware, in a press release. “Attackers employ an ever-increasing number of tactics to steal valuable information, from ransom attacks that can lock up a company’s data, to DDoS attacks that act as a smoke screen for information theft, to direct brute force or injection attacks that grant direct access to internal data.”

Despite the growth in attacks, some 40% of organizations reported that they do not have an incident response plan in place, the survey found.

The report listed five cybersecurity predictions for 2017:

1. IoT will become an even larger risk. The Mirai IoT Botnet code is available to the public, making it more likely that cyber criminals of all experience levels are already strengthening their capabilities. “In 2017, exponentially more devices are expected to become targeted and enslaved into IoT botnets,” the press release stated. “IoT device manufacturers will have to face the issue of securing their devices before they are brought to market, as botnet attacks from these devices can generate large-scale attacks that easily exceed 1 Tbps.”

2. Ransomware attacks will continue to grow. These attacks will target phones, laptops, and company computers, and will likely take aim at healthcare devices such as defibrillators in the future, the press release stated.

3. Permanent Denial of Service (PDoS) attacks on data centers and IoT operations will rise. PDoS attacks, sometimes called “phlashing,” damage a system to the degree that it requires hardware replacement or reinstallation. These attacks are not new, but Radware predicts they are likely to become more pervasive in 2017 with the plethora of personal devices on the market.

4. Telephony DoS (TDoS) will become more sophisticated. These attacks, which cut off communications in a crisis, “could impede first responders’ situational awareness, exacerbate suffering and pain, and potentially increase loss of life,” the press release stated.

5. Public transportation system attacks will rise. As cars, trains, and planes become more automated, they also become more vulnerable to hackers, Radware stated.

You help your business avoid ransomware attacks and other cyber threats by keeping software up to date, backing up all information every day to a secure, offsite location, segmenting your network, performing penetration testing, and training staff on cyber security practices.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Is Your Yahoo Password in 450K Leak?

Takeaway: Hackers have posted 450K Yahoo email addresses and passwords online, and hint Gmail, Hotmail, other services are next. How can you check if your users’ accounts are among them?

Hackers posted more than 400,000 Yahoo Voice and email names and passwords and the posting might not be over yet.

Yahoo reps say they are working on the compromised system–not great timing for a beleaguered company enduring what Yahoo chair Alfred Amoroso called a “tumultuous” time for the company. The firm apologized in an online statement and did not comment further at this writing.

Not a Yahoo user? IT pros and security experts worry this most recent hack on Yahoo – allegedly perpetrated by a group calling itself d3dd3 – is likely “way bigger than Yahoo,” said Marcus Carey, in a Reuters report. Hotmail, MSN, Live, Gmail and other personal services are at risk, too, he said.

NOTE: If you want to check your own or other users’ Yahoo emails to see if they are part of the current leak, there’s an easy way to check here at Sucuri Malware Labs. Just type in the email address and search.

Plan for next time

Change passwords. Consider training customers on utilities like Lastpass. IT pros we interviewed across the board said users in enterprises who use open cloud-based email services, or other non-enterprise communication methods like Skype or Google Groups, should, at the very least, be using such utilities, which provide more control and protection in case of events like this one.

With so much data potentially compromised via users relying on such BYOD services as these, “the process (to avoid future attacks) is much easier if (users) have Lastpass,” said John Livingston, a tech pro for the American Red Cross in Savannah, Georgia. “Time to change your Yahoo, Google, Hotmail, and AOL passwords. And with LastPass, each site and service has a unique password, which limits damage if the password does get out. Changing passwords then is quick and easy. Plus if you’re a manager you don’t have to worry about remembering a new password.”

“Once this clears, I will be changing the passwords for Gmail, even though there’s no confirmation on that (hack) yet,” said Brian Geniesse, who works the IT tech desk at his firm in Monominee, Michigan. “Also be careful. Password managers can be hacked just the same.”

Yahoo is to blame ultimately, most IT pros we interviewed told us.

“Shame on Yahoo for not running normal security audits on (its) networks – and services that would have detected the SQL injection vulnerability (reportedly) used in the attack,” adds Dan Phillips, an IT pro in Cambridge, Ontario, Canada.

Geniesse expanded on that with a message that will resound with most IT pros and CTOs. Most people use weak passwords–see below.

“You can preach the use of LastPass and the like until you are blue in the face but users will never change their habits unless you force them,” Geniesse said. And “Yahoo needs to force some kind of password complexity to help protect their users.”

So many folks are checking the hack post, the hackers allegedly responsible are having trouble maintaining traffic load. Due to high traffic on this group’s site, the page with the Yahoo hacked emails and passwords is going up and down. We caught part of it in a cut and paste.

When it was up earlier today, it read in part:

We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call … not as a threat …

There have been many security holes exploited in webservers belonging to Yahoo … ?that have caused far greater damage than our disclosure (today). Please do not take (the posting) lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage …

The author quotes author Jean Vanier from his book, Becoming Human: “Growth begins when we begin to accept our own weakness,” Vanier wrote.

If you’re a Star Wars, Star Trek or comic book fan, just change your passwords right away, other observers add. And talk your users into it to. Check this out: CNET’s Declan McCullagh wrote a program to analyze the most frequently used passwords using data from the post of 450K email addresses and passwords. He listed:

  • 2,295: The number of times a sequential list of numbers was used, with “123456? by far being the most popular password. There were several other instances where the numbers were reversed, or a few letters were added in a token effort to mix things up.
  • 160: The number of times “111111? is used as a password, which is only marginally better than a sequential list of numbers. The similarly creative “000000? is used 71 times.
  • 780: The number of times “password” was used as the password. Apparently, absolutely no thought went into security in these instances.
  • 233: The number of times “password” was used in conjunction with a few numbers behind it. Apparently, the barest minimum of thoughts went into security here.
  • 437: The number of times “welcome” is used. With a password like that, you’re just asking to be hacked.
  • 333: The number of times “ninja” is used. Pirates, unfortunately, didn’t make the list.
  • 137,559: The number of Yahoo credentials that were leaked.
  • 106,873: The number of Gmail credentials that were leaked. Hotmail, which was the next most frequently cited e-mail service, had fewer than half the number of users hit.
  • 161: The number of times “freedom” is used, suggesting a lot of patriotic users. “America” was used 68 times.
  • 161: The number of times the f-word is used in some combination. There are a lot of angry people out there.
  • 133: The number of times “baseball” appears as a password. It’s the most popular sport on the list, proving that it is indeed America’s national pastime. It just may not be the best password.
  • 106: The number of times “superman” is used as a password. That’s nearly double the amount of times “batman” is used and triple the frequency of “spiderman.”
  • 52: The number of times “starwars” is used. The force is not with this password.
  • 56: The number of times “winner” is used.32: The number of times “lakers” appears. It tied with “maverick,” although fortunately “the_heat” or “celtics” weren’t on this list.
  • 27: The number of times “ncc1701? is used as a password. For those of you who aren’t trekkies, that’s the designation code for the Starship Enterprise. “startrek” is used 17 times, while “ncc1701a,” the designation for the Enterprise used in later Star Trek movies, is used 15 times.

3 Ways to Boost Password Security

The must-read IT business eNewsletter

Encrypted passwords

“There is no such thing as perfect security,” says Jim Waldron, Senior Architect for Platform Security at HP. If you can access a website or server, consider it vulnerable to security breaches. That’s why so many businesses account for fraud in their business models—they expect to lose a certain amount each year to security leaks, lost IP, and more.

While you can never be 100% secure from hackers while connected to the internet, there are steps you can take to help protect your personal and professional data. All you need to do is activate features that are increasingly common (or easy to manage) on modern business-class PCs: Multi-factor authentication, client-based user authentication, and password best practices.

Multi-factor authentication
Multi-factor authentication is a simple but effective security system that involves the use of at least two factors (or methods) of authentication. It groups different factors together so that even if one is compromised, the data remains protected. Under this system, factors are divided into three domains:

HP support

 

  • Something you know: Password, PIN, etc.
  • Something you have: ATM card, smartcard, etc.
  • Something you are: Fingerprint, iris, etc.

For multi-factor authentication to be successful, you want to pull from at least two different domains, with a maximum of three domains. A common example of multi-factor authentication is when you withdraw cash from an ATM. To do so, you insert your ATM card (something you have) and enter your PIN (something you know). Without both factors you can’t access your account—and neither should anyone else.

Businesses are taking notice too, and multi-factor authentication’s popularity is rising. In 2014, 37% of enterprise organizations surveyed used multi-factor authentication for the majority of their employees, and that number is expected to grow to 56% by 2016.

What you can do now
If you have a business-grade PC, chances are your PC already includes the technologies you need to start using multi-factor authentication. In fact, HP offers multi-factor authentication on all of its business PCs. Consult your manual or HP Support, and identify the factors your PC supports in addition to traditional passwords, such as fingerprint or smartcard readers. Just make sure to choose factors from separate domains.

Client-based user authentication
Every time you log into a system, your identity needs to be authenticated by that system. This process occurs one of two ways: server-side authentication or client-based authentication. With server-side authentication your unencrypted information—such as your password or fingerprint—is sent to a server where it is compared against that server’s records. With client-based authentication, the authentication process—e.g., “Does this fingerprint match the one in our records?”—is performed on the client device, such as your work PC.

While client-based authentication is not as common as its counterpart, it is far more secure. In fact, “In almost all authentication scenarios it is preferable to perform the direct authentication on the client and then communicate an ‘Identity Assurance’ to the relying party,” says Waldron.

Everyone wins when it comes to client-based authentication. The client no longer has to send unencrypted, private information over the internet or store that information on another party’s server, while the relying party no longer has to store sensitive client information on their server—reducing the amount of information that can be stolen if and when a hack occurs.

What you can do now
One of the easiest ways to use client-based authentication is with a hardened fingerprint sensor. The sensor authenticates your fingerprint directly in the hardware, rather than sending it to a server or hard drive, and returns a key that can be used to decrypt password vaults.

Password best practices
As we’ve mentioned before, passwords aren’t perfect. While implementing and using the above features might not seem practical for some of us, everyone can benefit from following basic password best practices. They are quick to implement, and can save you a lot of hassle down the line.

To make the most of your password security, your passwords should be:

  • Long—at least 16 characters. Use a password manager to store unique passwords and fill out log-in forms so that you don’t have to memorize them.
  • Complex—containing symbols, numbers, uppercase letters, lowercase letters, and spaces (if possible)
  • Unique—only use a password once, don’t recycle or repeat across accounts
  • Short-lived—the National Cyber Security Alliance suggests changing your password every 60 days
  • Difficult to guess—avoid common words found in a dictionary, all or part of your name, repeated letters, or combos that align to your keyboard layout, such as “QWERTY” or “123456”

If you are uncertain whether your password is secure enough or if it meets enough of the criteria above, there are several reliable services that will check your password strength for you. Microsoft’s Safety & Security Center offers a free password checker you can access through your browser, while Mac users can access Apple’s Password Assistant through the Keychain Access utility.

What you can do now
The first thing you can do—right this second—is revise your most important passwords to align with password best practices. That includes your work accounts, personal email, bank accounts, and any other services that contain sensitive data. If you need help remembering your new passwords, consider using a password manager such as HP Password Manager. That way you only have to authenticate once to gain access to all your systems. You can also adopt a system to make your passwords easier to remember. Using acronyms, for example, you can turn the phrase “I was born in 1986 and my parents still live on Lake Street!” into “Iwbi1986ampsloLS!”—creating a strong password that’s easy to remember.

Passwords are changing, and while they will never be perfect, they can still provide an effective first layer of defense against hackers and ne’er do wells. The above features and techniques are increasingly common on modern business PCs, making it easier than ever to protect your private data. All you have to do is use them.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Top 10 Cybersecurity Tips from the FCC

Cybersecurity is of paramount importance in today’s digital age as it plays a crucial role in safeguarding sensitive information, ensuring the privacy of individuals, and maintaining the integrity of critical systems and infrastructure. The Federal Communications Commission (FCC) in the United States recognizes the significance of cybersecurity and has provided recommendations and guidelines to help individuals, businesses, and organizations protect themselves from cyber threats. Here are some key points highlighting the importance of cybersecurity along with recommendations from the FCC:

 

  • Train employees in security principles – Establish basic security practices and policies for employees, such as requiring strong passwords, and establish appropriate Internet use guidelines that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data. We offer Security Awareness Training as an option for continuous security training for staff.
  • Protect information, computers, and networks from cyber attacks – Keep clean machines: having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available. We offer Managed Services & Support as an option for preventing cyber-attacks.
  • Provide firewall security for your Internet connection – A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall. We offer a Managed Network Services & Support as an option for firewall security.
  • Create a mobile device action plan – Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password-protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment. We offer Mobile Device Management as an option for a mobile device action plan.
  • Make backup copies of important business data and information – Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud. We offer various Backup & Recovery Solutions as an option for business continuity & disaster.
  • Control physical access to your computers and create user accounts for each employee – Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel. We offer Multi-Form Authentication Solutions as an option for computer login security.
  • Secure your Wi-Fi networks – If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router, so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router. We offer Managed Network Services & Support is an option for Wi-Fi security.
  • Employ best practices on payment cards – Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet. Risk Intelligence is an option we offer to identify potential vulnerabilities.
  • Limit employee access to data and information, limit authority to install software – Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission. We offer Network & Security Assessments that can scan data repositories for user permissions, security and much more.
  • Passwords & authentication – Require employees to use unique passwords and change passwords every three months. Consider implementing multi-factor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data to see if they offer multi-factor authentication for your account. We offer Cloud Security Assessments which are used to ensure proper password & security practices are in place.

Download the 10 Tips Below

SJT-QR-CyberSecurity-10 Tips

If you have any questions, please email us at support@sjtechies.com or call us at (856) 745-9990.

10 Reasons Windows 10 May Not Be Right

The end of Microsoft’s free Windows 10 upgrade offer is right around the corner. But while Windows 10 is great, there are valid reasons to reject it.

windows-7-to-windows-10

An offer you can refuse

The clock is ticking, folks. If you want to upgrade to Windows 10 for free, you only have until July 29, 2016 to do so. And most people should! Windows 10 is the best Windows yet, chock full of handy new features, sleek under-the-hood improvements, andheadache-killing extras.

But it’s not for everybody. There are some very real, very valid reasons not to upgrade to Windows 10.

If you’re on the fence about whether to accept or reject Microsoft’s freebie, read on for some concrete justifications for staying put.

windows-media-center

No Windows Media Center or DVD support

Before we dig into the meatier stuff, let’s take a look at what you’ll potentially give up if you upgrade to Windows 10, starting with some robust media playback options.

Windows 10 kills Windows Media Center off completely, after Windows 8 pushed it into a dark corner. There’s a reason for that: Windows Media Center is fairly niche, and not a lot of people use it. But if you do, you won’t want to upgrade to Windows 10 unless you’re prepared to dive into alternatives like Kodi, Plex, and DVR workarounds.

Oh, and if you’re on Windows 7, be aware that Windows 10 doesn’t offer native DVD playback, though there are no-cost alternatives you can use.

windows-gadgets

No desktop gadgets or widgets

Likewise, if you’re a big fan of Windows 7’s gadgets and widgets for the desktop, they aren’t available in Windows 10. Which is good, because they’re horribly insecure. Whether you choose to stay on Windows 7 or upgrade to Windows 10, you’d probably be better off using Rainmeter’s seriously slick interactive desktop software.

onedrive

No OneDrive placeholders

Windows 8.1 offered a handy feature for hardcore OneDrive users: placeholders. Placeholders showed everything stored in your OneDrive account in the Windows 8.1 file system, but only downloaded files to your PC when you opened them. It was a wonderful way to stay on top of your cloud-stored files without downloading all of them to every Windows device you logged into with your Microsoft account, especially if you’ve stashed dozens of gigabytes’ worth of stuff into OneDrive.

Unfortunately, users found it confusing, and Microsoft ripped placeholders out of Windows 10. There are hints that a similar feature may make an appearance someday, but it hasn’t yet, so if placeholders are a must-have feature for you, you’ll want to avoid upgrading to Windows 10. The new operating system’s less granular selective sync options just aren’t the same.

windows-10-updates

No control over Windows Updates

Aaaaaand here’s the biggie. Windows 10 utterly eradicates the ability to manually control your system updates. Windows 10 Pro will let you defer updates for a few months, but that’s the extent of it. If Microsoft pushes out an update, your system willinstall it eventually (though identifying your Wi-Fi connection as “metered” lets youchoose when updates download, at least).

This isn’t a big deal for people who stuck with Windows 7 and 8’s default Windows Update options, which downloaded patches automatically. But if you like to control your own update destiny, this could be a showstopper.

privacy

Privacy concerns

That segues nicely into another controversial Windows 10 “feature.” Microsoft’s new operating system tracks you far more closely than previous versions of Windows, especially if you use the express settings during the initial setup. The search bar utilizes Cortana, Windows 10’s digital assistant, and sends all your queries to Microsoft servers. Your Windows Store app usage is tracked for ad targeting. Windows 10 tracks your typing, location, Edge browser behavior, program installations and more.

It’s a lot. To be fair, a lot of the concern roaring around this is overblown; most of Windows 10’s potential privacy concerns can be disabled. But there’s no way to turn off some of the telemetry data Windows 10 collects about your system and beams back to the mothership. Microsoft executives don’t consider this a privacy issue. If you do, Windows 10 isn’t for you.

get-office-windows-10-pop-up

Ads and more ads

Windows 10 doesn’t only track your Windows Store app usage for improved ad targeting; it frequently pushes ads of its own at you. By default, you’ll see pop-up notification ads imploring you to get Skype or Office (even if you have Office), ads for suggested Windows Store apps slipped into your Start menu, and even occasional full-screen lockscreen ads for high-profile Windows Store releases.

I loathe the idea that my paid-for operating system—and yes, Windows 10 isn’t truly free—is pushing ads in my face. Fortunately, all of the offenders can be disabled. But doing so requires diving into arcane system settings located in different far-flung corners of the operating system.

 windows-10-full-screen-prompt

Microsoft’s aggressive upgrade tactics

Microsoft’s been acting pretty shady in its aggressive quest to push Windows 7 and 8 users to Windows 10, employing unstoppable pop-ups, malware-like tactics, forced upgrades, intrusive full-screen takeovers, and nasty tricks to coax—and sometimes outright deceive—people into adopting the new OS. It eventually became so heavy-handed that some users have disabled Windows Updates entirely rather than suffer the barrage.

But you know that. If you’re still considering upgrading to Windows 10, you’ve lived through it.

None of that detracts from Windows 10’s underlying awesomeness. But it may have detracted from your desire to upgrade to Windows 10—and rightfully so. If you’re unhappy with Microsoft’s ethics and tactics in handling Windows 10 upgrades, you’re well within your rights to stay put where you’re at.

windows-xp-mode-windows-7

Software compatibility

In the wake of those forced upgrades, dozens and dozens of readers reached out to me with tales of woe, many revolving around software that simply doesn’t work with Windows 10. As my colleague Glenn Fleishman recently pointed out at Macworld, old software isn’t inherently bad software—but some of it won’t work in Windows 10.

If you rely on particular pieces of software, do a quick Google search to make sure they’ll work in Windows 10 before you upgrade. Office 2003—the last pre-Ribbon UI Office—isn’t compatible, for instance, nor is software that requires the use of Windows 7’s “XP Mode” compatibility, which isn’t available in Windows 10. Microsoft’s upgrade advisor is supposed to let you know if any software won’t work with Windows 10, but users report that it isn’t very reliable. Doing some homework now could save you some big headaches in the future.

printers

Hardware compatibility

Similarly, you’ll want to make sure Windows 10 works with your PC, too. No matter whether you’re running Windows 7 or Windows 8.1, I’d recommend running Microsoft’s hardware compatibility tool to scan your system. To do so, open the Get Windows 10 app—the taskbar icon that’s been tossing out all the upgrade pop-ups—and click on the compatibility report option.

But wait! That’s not all. The tool only checks your core PC reliably. Some people who upgrade to Windows 10 discover that their hardware peripherals won’t work, particularly older printers and scanners. If you have any aging peripherals connected to your PC, be it a printer or a beloved keyboard, I’d again suggest conducting some quick Google searches to ensure your gear won’t become paperweights if you decide to upgrade.

 windows-10-samsung-laptop

Ain’t broke, don’t fix it

This final reason applies more to people who resist change or aren’t very technically savvy. Yes, Windows 10 is stellar and absolved Windows 8’s worst sins. Getting used to the new operating system shouldn’t be too difficult for many PC users—but the transition isn’t entirely seamless. From Cortana to the introduction of the Edge browser to the radically new-look Start menu, and Windows 10’s evolution into being a more cloud-centric operating system, there are some big changes you’ll need to wrap your head around.

Do Windows 10’s new features and under-the-hood improvements make upgrading worthwhile? I think so. But if you aren’t comfortable dealing with changes on your computer, you might want to stay put. I know several less technically inclined people who paid technicians to revert their PCs to Windows 7 after they couldn’t wrap their heads around Windows 10.

Conversely, if you’ve perfected your workflow on your current operating system and don’t see much benefit in marquee Windows 10 features such as Cortana, the Windows Store, DirectX 12, and virtual desktops, it may not be worth the hassle to switch over to Windows 10.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

 

CALL US NOW!