Back to Top

Tech, Web, Cloud & Cabling Services

Category: Security

Security Category

10 New Security Products to Check Out

1. IBM z13s mainframeIBM z13s mainframe

Image: IBM

Security standards are constantly changing. Here are some of the latest software and hardware products to help keep your organization secure.

In February 2016, IBM announced the IBM z13s, a mainframe with cryptographic features built directly into the hardware. According to IBM it can decrypt at twice the speed of the generations before it.

2. Cisco Firepower NGFW

Cisco Firepower NGFW

Image: Cisco

Cisco recently announced its Firepower series appliances with its next-generation firewall (NGFW) technology. There are 16 models in the series that include integrated NGIPS and advanced malware protection.

3. Illumio

Illumio

Image: Illumio

Illumio is a startup that provides adaptive security for the data center and cloud environments. The company recently achieved unicorn status as its value topped $1 billion, and it is consistently named a top enterprise security provider.

4. GOTPass

GOTPass

Image: University of Plymouth, H. Alsaiari, M. Papadaki, P. Dowland, and S. Furnell

GOTPass is a graphical authentication system developed by researchers at the University of Plymouth. It uses images to authenticate instead of traditional passwords.

5. Skyport Systems SkySecure

Skyport Systems SkySecure

Image: Skyport Systems

SkySecure is an out-of-the-box enterprise security solution to protect application workloads. The systems includes hardware, software, and management tools.

6. Spikes Security Isla

Spikes Security Isla

Image: Spikes Security

The Isla is an enterprise appliance that “isolates and eliminates all browser-borne malware.” It was launched in mid-2015, but it was independently certified as invulnerable to web malware exploits in early 2016.

7. Blackphone 2

Blackphone 2

Image: Zack Whittaker/CNET

The Blackphone by Silent Circle is an Android-powered smartphone with a built-in security center to lock down your data. The most recent iteration, the Blackphone 2, released late last year.

8. Imation IronKey Enterprise H350

Imation IronKey Enterprise H350

Image: Imation

The IronKey Enterprise H350 is a rugged, military-grade encrypted hard drive. It is available in multiple capacities and is FIPS 140-2 Level 3 certified.

9. Bitdefender Total Security 2016

Bitdefender Total Security 2016

Image: Bitdefender

For home users and small businesses, the Total Security 2016 by Bitdefender is a great option. It stacks up well against key competitors and includes device anti-theft features.

10. Qubes OS 3.1 rc2

Qubes OS 3.1 rc2

Image: Qubes

Qubes OS is a Linux-based, security-oriented OS that is focused on compartmentalization using VMs. It’s been around for a few years, but the latest version released in January 2016.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

10 Commandments of Windows Security

With the introduction of Windows 7, many PC and notebook users may feel more secure than they did using older versions of the Microsoft operating system. Newer OSs have more security features, offer better out-of-the-box security settings and have closed many of the historical security holes. Windows 7, for example, has changed the default User Account Control level so that it’s harder for rogue programs to run without first explicitly gaining the user’s permission.

[Also read 3 steps to protect your personal data]

However, feeling too secure can be dangerous. With that in mind, here are 10 tips–commandments, if you will–for ensuring your desktop or notebook computer can be used productively as well as safely. Many of the recommended tools are free, and all are affordable–and certainly less expensive than the potential problems of an unsecured computer. Similarly, many will take you only a minute or two to perform–again, far less time than you’d spend recovering from a security problem.

Yes, Windows 8 is on the way; it’ll be many years before that version runs on a majority of the installed base. So these tips are focused at the computers you are actually using today–especially Windows 7 computers, though most of the advice also applies to Windows Vista or XP machines.

1st commandment: Start with new hardware

Today’s new hardware–motherboards, BIOS, CPUs, hard drives, and the system as a whole–includes more security “baked in,” even before the operating system is installed. Examples include Trusted Platform Modules (TPM), which embed cryptographic security directly into the hard drive or other component, Unified Extensible Hardware Interface (UEFI) firmware instead of the traditional BIOS, and Intel’s vPro security and management technologies. For example, machines with UEFI and TPM will, as part of each boot-up, check the computer’s firmware and boot-up binaries to confirm they have not been infected with malware.

If you are working with an existing machine, consider doing a fresh install of the operating system, after completing one (or several) full backup. Ideally, the operating system would be the newest version rather than what was previously installed. (Products like LapLink’s PC-Mover can reduce the effort of saving and migrating settings and even application software–although applications should be freshly installed if possible, as well.)

Even if you’re working with an existing machine, consider swapping in new hard drives that include built-in encryption. Drives that support the OPAL Storage Specification standard enable companies to manage encrypted drives from multiple vendors–and have also helped reduce the extra cost for an encrypted drive from $100 to nearly zero. After-market drives often include migration tools to speed and simplify a drive swap.

If a self-encrypted drive isn’t an option, look at using full-disk encryption software, such as Windows’ BitLocker (available only on Enterprise or Ultimate Windows Vista, 7 or 8 ) or a third-party tool.

2nd commandment: Use current OS versions and automatically get OS and application updates

If you aren’t using the most current commercial version of the operating system, it’s time to upgrade. Additionally, make sure you set the software to automatically apply updates (not just the OS, but all applications) and periodically turn off the computer, which is when many updates are auto-applied. An appalling number of security breaches occur because applications lack important security fixes that have been available for a year or more.

The computer vendor may also include helpful update tools. For example, Lenovo includes an update process that is designed to show all BIOS and driver updates available for that particular model. You can also manually start the update-check apps process. This may take several cycles, particularly for the first time around, if some updates require other updates.

“Third-party software is usually the vector that security intrusions come through, not the operating system,” says Ed Bott, a Windows expert and ZDNet blogger. Flash, Adobe Reader and Java are three of the biggest targets, Bott says. While many programs include their own automatic update checker, Bott urges using a tool like Ninite orSecunia Personal Software Inspector, which automate update checking for all the applications on your computer.

3rd commandment: Use Windows’ new security tools (and/or third party software)

Windows 7 includes a number of security controls and tools through its Actions Center (which replaces the Security Center), and other tools are available via the Control Panel, including:

  • Windows Firewall: With its basic settings, this wards off basic attacks, and you can use its advanced settings for more specific control. There are also third-party firewall programs available.
  • Microsoft’s Microsoft Security Essentials and Windows Defender. These tools secure your computer against viruses, spyware
    and other malware.

Obviously another option is to invest in third-party security software, like individual anti-virus, anti-spam and other programs, or a security suite, such as Symantec’s.

4th commandment: Set up (or remove) user accounts

Historically in Windows, the default account had administrator privileges–meaning that programs capable of taking unwanted insecure actions wouldn’t have to first ask the user if they could run. Starting with Vista, Microsoft added User Account Control (UAC), which asked non-administrator users for permission to run certain programs or actions. With Windows 7, UAC still protects systems but less intrusively.

Even so, managing which user accounts are–and aren’t–available contributes to security in the following ways:

  • Establishes non-administrative user account(s) for each user.
  • Disables or removes user accounts that aren’t used or shouldn’t be there.
  • Disables the “guest” account, unless it’s needed. If it is needed, a password should be required for elevating privileges, to prevent unauthorized changes to the system.

Consider renaming the administrator account so that it’s not obvious to an intruder. Since this account can’t be “locked out,” password attacks can be performed indefinitely; changing the name makes the account less of a target.

5th commandment: Set passwords

Set the main Windows password, as well as the Power/Time to lock the system, with a screen saver, and require a password to resume activity.

Also, depending on the sensitivity of information on your system (did someone say “online banking”?), consider password alternatives, such as:

  • Smartcard reader (contact or contactless)
  • Biometric facial recognition
  • RSA software and external token
  • Password “gesture” (e.g., Android tablets)

Another option is two-factor authentication, such as requiring both a fingerprint and a password.

6th commandment: Add/activate anti-theft tools

Invest in, install and activate anti-theft tools that can either lock the system; conduct an IP trace; report, take and send pictures; and even wipe the computer when a lost or stolen computer reconnects to the Internet. An example is Absolute Software’s Lojack for Laptops.

Vendors like Lenovo are embedding Absolute’s CompuTrace Agent into the BIOS, so even if somebody erases or replaces the hard drive, the agent is automatically re-installed.

Computers that include Intel Anti-Theft technology in their hardware let you add additional security services, such as automatically locking the main board until it receives the “unlock” password, lock or wipe if a machine goes too long without connecting to the Internet or if a user fails the login process too many times. Intel Anti-Theft is typically part of third-party security products like CompuTrace, adding perhaps $3/year, and as the anti-theft option on WinMagic’s full disk encryption product.

7th commandment: Turn off sharing and other unneeded services

Windows allows you to share resources that are on your computer, like file-sharing (Shared Folders) and print sharing. Your computer’s Internet connection management utility (Windows includes one, but many systems have their own) lets you define each network as either Public, Home or Work. If you mis-set a connection, your Shared Folders will be visible to other computers on the network.

Suggested Desktop Security Reading

  • Windows 7: Explore New and Improved Security Features (Microsoft)
  • Security checklist for Windows 7 (Microsoft)
  • Enhancing Endpoint Security for Windows Desktops,” Derek Melber, President and CTO of BrainCore.Net
  • Best Practices: Windows Desktop, IT Security for the University of Missouri

If you are behind a firewall, when your computer’s Internet connection manager tool asks you what kind of location/connect it is, you can call it either a Home or Work network, Bott says. But specify Public network if you are connecting directly to the Internet (e.g., at home or in the office), if you don’t have a hardware router but instead are directly connected to the cable modem, or if you are connecting to a public network like a Wi-Fi hotspot or a hotel or conference Ethernet. This will ensure that no local sharing is allowed.

In general, disable any services and remove programs you don’t need. For example, if you’re sure your applications won’t need it, you may want to uninstall Java. If your machine has Internet Information Services (IIS) running but doesn’t need it, disable that, as well.

8th commandment: Secure your Web browser and other applications

Web browsers access Web sites that neither you nor your company control (and these sites, in turn, may have ads or link to other content that they don’t control). Any of these may try to inject malware onto your computer.

[Also read 10 ways to secure browsing in the enterprise]

Today’s browsers include more security, like “private browsing” session modes that prevent any personal information from being stored, or don’t save cookies or history for a session. However, this may interfere with productivity.

Check each browser’s security options and select the ones that look useful, like Firefox’s “Warn me when sites try to install add-ons” and “Block reported attack sites.”

Set Microsoft Internet Explorer to have the highest security setting you can tolerate (since higher security often means you have to click more often), suggests Tom Henderson, Managing Director of ExtremeLabs.com, an Indianapolis, Indiana technology testing lab.

Additionally, look for browser “extensions” and add-ons that increase your browser’s security, in a more per-tab, per-site or per-tab-session way. For example, the popular NoScript Firefox add-on allows JavaScript, Java, Flash and other plug-ins to be executed only by trusted Web sites of your choice.

PDF readers may also be vulnerable to JavaScript attacks within the documents they’re rendering. Make sure your PDF reader is secure; consider disabling JavaScript within it.

9th commandment: Rope in Autorun

AutoRun is a major threat vector for viruses and other malware in Windows XP and Windows Vista. [Editor’s note: Simson Garfinkel called Autorun an “OS design flaw” all the way back in 2006.] With this function, the operating systems automatically begins executing a program when it sees an autorun.inf file in the root directory of a new drive, such as a network drive, a CD or a flash drive. So, if you haven’t yet moved to Windows 7, make sure you’ve got all the security updates for the OS version you are running. (See MS Security Advisory: Update for Windows Autorun.

With Windows 7, all the security settings are “No Autorun.” When you attach external media like CDs, DVDs, SD cards and USB flash drives, they will give you a dialog box offering to run a program, but by default, nothing happens automatically.

10th commandment: Consider application whitelisting and other controls “Whitelisting” refers to a list of everything you allow on your computer, including e-mail addresses your mail program can accept, Web sites your browser is allowed to connect to and applications the operating system is allowed to run. Whitelisting may not be a match for e-mail or Web browsing, but for preventing unwanted applications from running–such as malware or zero-day attacks–it may be a good additional tool.

Windows 7 includes AppLocker, a whitelisting utility, or you can buy third-party white-listing products for either individual computers or groups of networked computers. For home users, Windows 7 has fairly robust parental controls that can restrict access by time-of-day or by site, and log Web access, Bott says.

Conclusion: It’s easy to become more secure

As you can see, there is a lot you can do affordably, even to existing Windows systems, to increase their security. It shouldn’t take a lot of time or money to do; however, it may take a lot of both if you don’t do anything and something avoidable goes wrong.

To View Entire Article Click Here

Windows 10: 5 Reasons Not to Upgrade

From privacy to compatibility and control, these are the reasons why you might want to give the upgrade to Windows 10 a miss.

getwindows10

At the end of this month Windows 10 will, at least for now, cease to be available as a free upgrade to Windows 7 and 8 users.

Microsoft is engaged in a final push to get users to upgrade, stressing the new OS introduces fresh features to Windows and overhauls its design. However, is Windows 10 right for you? Here are some of the reasons you might not want to upgrade.

1. You’re worried about privacy

By default Windows 10 collects more data than many users are comfortable with. This includes information about how Windows and Windows apps are used, what you type, your contacts, your location, calendar appointments and more. If the virtual assistant Cortana is enabled, this data extends to web browsing history, voice commands and even more information about your activity.

Users of Home and Pro versions of Windows 10 can only reduce this data collection to the “Basic” level. On this setting, Windows 10 collects information about security settings, quality-related info (such as crashes and hangs), and application compatibility. Microsoft describes this information as being essential for maintaining and improving the quality of Windows 10 and says that only “anonymous identifiers” are transmitted.

However, questions remain about the information that Windows 10 sends back to Microsoft, even when you turn the data gathering settings down a minimum. Tech website Arstechnica found that even with the virtual assistant Cortana disabled, Windows 10 sends a request to www.bing.com that appears to contain a random machine ID that persists across reboots. Similarly, even when Microsoft OneDrive cloud storage was disabled and Windows 10 was not tied to a Microsoft account, the OS still seemed to be sending information to a server connected to OneDrive. While Microsoft stressed there is no query or search data being sent, Arstechnica queried the inclusion of a machine ID.

ZDNet’s Ed Bott has said the very basic telemetry data collected by Microsoft is anonymized and doesn’t reveal anything more than very high-level information along the lines of an unidentified Windows 10 user ran a particular app for half an hour.

However, for some users, even the gathering of anonymized usage data is more than they’re willing to put up with.

2. It might cause pain for older machines

Windows 10 can run on a computer with relatively modest specs, working on many older PCs that shipped with Windows 7. But just because you can run Windows 10 on paper, you may not be able to in practice.
While the Get Windows 10 app that schedules the upgrade from Windows 7 or 8.x should check your system compatibility, some users that pass this test complain the upgrade still fails or devices don’t work properly.

As Microsoft states: “The upgradability of a device includes factors beyond the system specification.”

Microsoft gives you the option to rollback your machine to its previous OS, but there are reports from multiple people who claim the upgrade left their machine virtually unusable. In these cases either the rollback feature didn’t work or it did work but the earlier OS is no longer stable, with previously working programs crashing.

f the upgrade process completes successfully, missing driver and firmware support has also caused difficulties for some Windows 10 users. Those affected cite problems such as monitors not working at their native resolution. Some of the Intel integrated graphics chips used in older laptops are also incompatible with Windows 10, though Windows 10 should warn of this fact.

These problems don’t seem to affect the majority of upgraders, but it’s worth being aware they exist, particularly if upgrading an older machine.

On a less serious level, upgrading to Windows 10 may not break your machine but it could mess with your settings. Microsoft has come under fire for Windows 10 changing users’ default settings in a number of areas, such as swapping the default browser to its own Microsoft Edge.

3. Less control over updates

Windows 10’s update process happens both more frequently and less obviously, with Windows Home and Pro users automatically receiving updates when they’re available.

Windows Home users have less control over how long they can postpone updates for, and less easily-available information about what changes these updates will make.

The lack of control that Home users have over when updates are applied led to a group of users petitioning Microsoft to let them delay and refuse these downloads. Their reasoning was that since forced updates can crash machines, for instance via bad firmware or driver updates, all users need control over how updates are applied.

Another core concern for some users when it comes to Windows 10’s frequent updates is the amount of data downloaded, with updates often weighing in at hundreds of megabytes. However, Windows 10 does allow users to block all but essential updates by toggling on ‘metered connection’ in the WiFi settings.

4. You don’t like the new look

As much as Windows 10 has won people over by bringing back elements of the classic Windows desktop and Start menu — anyone fresh from Windows 7 will need to adjust to Windows 10’s new look.

Unlike Windows 7, Windows 10’s Start Menu takes up far more room, thanks to a menu full of tiles that is bolted onto the side. While most users should be able to quickly adjust to these cosmetic and layout changes, other alterations may grate more. Perhaps the most controversial tweak to the Start Menu is theinclusion of adverts for apps in the Windows Store. These promoted apps are tiles that link to the Windows Store or to apps that have been automatically installed on your PC by Microsoft. With the latest Anniversary Update, the number of these promoted apps will double, from five to 10.

And while it can be argued that Windows 10 is arguably easier to navigate, with its search function built directly into the Taskbar, the new OS introduces some significant changes that may confuse new users.

Whereas Windows 7 allowed users to adjust their system settings using the Control Panel, Windows 10 has both the Control Panel and Settings pages — with some configuration options exclusive to one or the other. This mix and match approach has been described as disorientating by some users.

5. Missing features

Windows 10 may add many new features — the virtual assistant Cortana, the new Edge browser — but it also lacks some key elements of earlier Windows operating systems.

Perhaps the biggest omission are the placeholders for Microsoft’s OneDrive cloud storage service. In Windows 8.1, placeholders, also called smart files, let users see all of the files stored in the OneDrive service, whether those files were stored on the device or not. This feature was removed from Windows 10.Microsoft appears to be working on reintroducing placeholders, although there is still uncertainty about when they will be brought back.

Windows Media Center, the software for TV, music and movie playback is also gone from Windows, so if you are particularly attached, and not willing to mess around with an unofficial version, you may want to pass on the upgrade.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

10 Killer Cheap Upgrades for Your PC

Looking to put more pep in your PC’s step? These surprisingly cheap PC upgrades and accessories do the trick without breaking the bank.

PCupgrades1

No need to break the bank

Sure, swanky new Surface Pros and $1,200 graphics cards may capture all the headlines, but on a practical level, the real story is that PCs aren’t cheap. But if your computer’s starting to feel pokey, there’s fortunately no reason to rush out a spend hundreds on a new one.

Investing small amounts in key new PC hardware can keep your computer running strong for years to come. These upgrades—most costing well under $100—breathe new life into slow machines. You just have to be strategic and make sure you’re putting your money in the best place for your particular system.

PCupgrades2

Speed up your PC with an SSD

Let’s start in the most obvious place. If your PC still runs with a mechanical hard drive, swapping it out with an SSD will make it feel like a whole new computer. SSDs inject face-melting speed into a PC, drastically improving boot times, file transfers, and overall system responsiveness.

A lot of PCs don’t have SSDs, for two reasons: Solid-state drives use to be extravagantly expensive, and computer makers often charge hefty mark-ups for upgrading to an SSD. Fortunately, SSD prices have plummeted in recent years. Superb models like theSamsung 850 EVO ($89.39 for 250GB on Amazon) and the OCZ Trion 150 ($45 for 120GB on Amazon) can be found for well under $100 online. If you find the storage capacities a bit too tight, you can always install the SSD as a boot drive alongside your current hard drive.

A word of warning about SSDs, and all the hardware discussed in this article: You can often find lower prices if you sift through Amazon or Newegg for no-name or lesser-known brands. But you’re gambling on reliability and support when you move away from established PC hardware makers. Stick with name brand gear unless you absolutely, positively can’t afford it.

PCupgrades3

Mass storage is dirt cheap

Good news if your available storage space is filled to the brim: Traditional hard drives are even cheaper than SSDs these days. A 1TB Western Digital Blue hard drive spinning at a speedy 7,200rpm will only set you back $50 on Amazon, while a 3TB WD Blue drive is just $90 on Amazon (albeit at a slower 5,400rpm).

Hybrid drives blend the best of both worlds, combining a large amount of traditional storage with a small, speedy flash storage cache. The drive monitors your oft-used files and keeps them on the cache, where they benefit from SSD-esque speeds. A Seagate 1TB hybrid drive goes for $85 on Amazon with an 8GB SSD cache, or $114 on Amazonwith a 32GB cache.

PCupgrades4

Add RAM for more multitasking

If your computer’s having trouble running multiple tasks simultaneously, low memory is a likely culprit. Two gigabytes of RAM is the absolute minimum modern Windows systems need to run smoothly, and even PCs with 4GB of memory can start to feel pokey if you’re running several programs, keep a dozen Chrome tabs open, or game with some background processes still running.

Fortunately, memory is dirt cheap. Picking up an 8GB memory kit from Corsair ($36 for 2x4GB kit on Amazon) or Kingston ($36 for 2x4GB kit on Amazon)—two reliable brands I’ve had nothing but success with personally—will set you back less than $5 per gigabyte.

Just be sure to get the right type of memory for your PC! RAM comes in all sorts of different packages. The easiest way to tell what type of RAM resides in your PC is to download the free, superb CPU-Z software, then open the Memory tab and look for the “type” option.

PCupgrades5

MAYBE upgrade your CPU

A pokey PC may be the result of an outdated processor. Unfortunately, replacing your CPU often means replacing your motherboard too, making the endeavor pretty pricey. But not always—especially if you have an AMD-powered system.

AMD’s AM3+ and FM2 motherboards have been powering AMD’s CPUs and APUs, respectively, since mid-2012. Since many prebuilt AMD systems sport modest processors, upgrading to a modern CPU can give your PC a shot in the arm. If you’re on FM3+, the new Athlon X4 860K ($75 on Amazon) is a solid entry-level quad-core processor for gaming, while the 8-core FX-8320E ($130 on Amazon) is a great step-up option and price-to-performance champion. If you have an FM2-based system with an AMD APU, the A10-7860K ($110 on Amazon) could be a solid upgrade, complete withintegrated graphics that let you get into e-sports games at modest frame rates.

Intel switches out its motherboards and socket types much more often, and its chips tend to be much more expensive. Replacing Intel chips aren’t really an affordable upgrade in most cases.

It’s important to make sure your new chip is compatible with your existing motherboard! Before you buy, fire up CPU-Z and search for the “Package” entry in the main CPU tab to see what sort of socket your motherboard packs.

PCupgrades6

Gaming doesn’t have to be expensive

Want to dip your toes into PC gaming? Despite what fearmongers may tell you, gaming doesn’t have to cost an arm and a leg.

AMD’s Radeon RX 460 ($110 and up on Newegg) delivers great performance in e-sports games like League of Legends and Overwatch. It also lets you play modern games at a console-esque 30 frames per second with High graphics settings at 1080p, or up to 60fps at Medium settings. That’s damned good for a hair over $100. Even better: Many models pull their power directly from your motherboard, with no need for additional power connectors. That makes AMD’s budget card a great option for adding gaming capabilities to prebuilt “big box” PCs from the likes of HP and Dell, as they often pack modest power supplies that lack extra connectors.

Be careful though: Some of the more potent Radeon RX 460 models require extra 6-pin power connectors. You don’t want that if you don’t have one available—unless you want to buy a power supply, too. A 500 watt power supply from a reputable company doesn’t cost much, as evidenced by the EVGA 500 W1, which only costs $35 on Amazon.

PCupgrades7

Buy some canned air

No, seriously. If you haven’t cleaned out your PC in a year or more, mounds of dust and debris can be collected inside. Clogged fans and exhaust ports lead to overheating, which leads to your PC throttling back performance. Single containers of canned air can be relatively pricey; grab a four pack ($16.22 on Amazon) for a lower price and enough air to clean out your PC for years to come.

PCupgrades8

Improve your cooling, improve your performance

If your PC’s still running hot after blowing out the dust, the thermal paste coating the area where your CPU or GPU touches its cooler could be old, dry, and ineffective, especially if you’ve had the equipment for several years.

First, install SpeedFan and double check that your CPU or GPU is indeed overheating. If one (or both!) is, grab a syringe of thermal paste—Arctic Silver 5 ($7.43 on Amazon)—then use guides to installing a CPU cooler and refreshing your graphics card to help you apply new thermal paste after scraping off the old stuff.

Still running hot overall? Try adding a case fan or two. Case fans from reputable vendors are shockingly cheap ($7.91 from Cooler Master on Amazon, or $9 from NZXT on Amazon) and can be installed in mere minutes.

PCupgrades9

A better monitor

You spend most of your time interacting with your computer’s input and output devices, so it’s definitely worth investing in decent peripherals if you spend considerable time at your PC.

Start with your monitor. If you’re still using a lower-resolution display or (shudder) a fat CRT display, embracing a high-definition 1080p monitor will provide a huge step up in usability. It won’t break the bank either: You can buy a 1080p HP with a 21.5-inch IPS screen for just $100 on Amazon. IPS screens provide a much more vibrant image than the twisted-nematic panels found in most budget monitors.

Alternatively, if you’re a gamer with a Radeon graphics card, consider buying a monitor that supports AMD’s FreeSync technology. FreeSync synchronizes the refresh rate of your graphics card and display to eliminate stutter and screen tearing in games. While monitors with Nvidia’s competing G-Sync technology fetch steep price premiums, FreeSync adds minimal cost to a display. A 22-inch 1080p FreeSync display by ViewSonic costs just $110 on Amazon, for example.

PCupgrades10

Aural bliss

Treat your ears, too. The speakers that come bundled with prebuilt PCs tend to be utter garbage. While audio gear pricing can escalate to frightening levels, some of our favorite headsets will set you back less than a Benjamin.

If you’re a gamer, our favorite all-around gaming headset is the Kingston HyperX Cloud($67.93 on Amazon). The sound quality is second to none in this bracket, the build quality is superb, and it’s extremely comfortable—though its microphone is merely average.

Don’t need a mic? Music lovers will find a lot to love in the Sennheiser HD 280 Pro ($99.95 on Amazon), which I’ve personally been using for years now. The comfortably snug cans lack the extreme bass kick of, say, Beats or Monster headphones, but make up for it by delivering rich, accurate, and dynamic audio across the full sound spectrum. They’re beloved among Amazon buyers for a reason.

PCupgrades11

Enhance the parts you physically touch

If you’re used to crappy bundled PC keyboards, or laptop keyboards, upgrading to a mechanical keyboard will change your life. The well-reviewed Logitech G610 Orion withCherry MX Brown or Red switches only costs $90 on Amazon.That’s probably more than most people have spent on a keyboard before, but it’s cheap by mechanical standards. Once you’ve tried it, you won’t be able to go back to a rubber-dome board.

Likewise, investing in a decent mouse makes interacting with your PC that much more pleasant. The Razer DeathAdder ($42.69 on Amazon) is ostensibly a gaming mouse, but its ergonomic design and high DPI sensor help it feel good in your palm and generate nice, smooth cursor movements. I’ve been using one for more than five years now, and grimace whenever i’m forced to use a cheap mouse bundled with a prebuilt PC.

PCupgrades12

But first…

Speeding up your well-loved PC doesn’t actually have to cost any money. You’ll find a few tips repeated from here—seriously, buy an SSD—but for the most part, it focuses on no-cost software solutions for potentially boosting your computer’s performance. Try those before dropping dough on new gear!

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

The 15 most frightening data breaches

data breaches

 

Ashley Madison (2015)

All data breaches are scary, but some just have that extra scream factor.

In arguably the most embarrassing data breach of the bunch, a group calling itself “The Impact Team” stole 37 million records from adultery website Ashley Madison, including many records that customers had paid to have deleted.

Virtually all of the company’s data was stolen in the hack, including records that suggest most female accounts on the site are fake, and that the company used female chat bots to trick men into spending money.

LivingSocial (2013)

Daily deals company LivingSocial had its network compromised in 2013, with hackers stealing roughly 50 million names, email addresses, birthdays, and encrypted passwords from its SQL database.

Sony PlayStation Network (2011)

Game over, man. In April 2011, hackers raided Sony’s PlayStation Network (PSN) service, stealing personally identifiable information from more than 77 million gamers.

Sony was further criticized for delaying the release of public information about the theft and for storing customer data in an unencrypted form.

The attack took Sony’s PSN out of service for 23 days.

Internal Revenue Service (2015)

Nigerian scammers pilfered more than $50 million from the U.S. Treasury via an embarrassingly simple 2015 hack of the Internal Revenue Service website.

Information scraped from previous data hacks was used to steal Americans’ identities and request copies of past tax returns on the IRS website. The crooks then filed new tax returns with falsified data, requesting big refunds.

The hack caused massive nightmares for the estimated 334,000 people whose records were stolen before the IRS shut down the transcript request service.

Target (2013)

Hackers installed point-of-sale malware on Target’s computer network sometime in 2013, resulting in the theft of more than 70 million customer records. Stolen data included payment card numbers, expiration dates, and CVV codes.

The retailer reached out to affected customers by offering free data monitoring (standard practice) and a 10% off discount on a future shopping trip. But it was too little, too late; same-store sales slid in the quarter following the hack.

Anthem (2015)

Anthem, the United States’ second largest for-profit health insurer, disclosed in February 2015 that it had lost 78.8 million unencrypted customer records to criminals. Names, social security numbers, email addresses, and income data was stolen.

The rare piece of good news: Financial and medical records were not affected.

Adobe (2013)

Adobe revealed in October 2013 that hackers had stolen 38 million active customer IDs and passwords, forcing the company to send out a wave of password reset warnings.

Weeks after, the news got worse for the company: The thieves also made off with the source code for its popular Adobe Photoshop software.

eBay (2014)

Talk about an inside job: In 2004, online auction house eBay suffered the largest hack in U.S. history, losing 145 million login credentials to a hacker using an internal eBay corporate account.

Names, email and street addresses, phone numbers, and birth dates were compromised, but thankfully, passwords were stored in encrypted form.

Home Depot (2014)

In September 2014, Home Depot admitted that it fell prey to hackers who installed antivirus-evading malware on its self-checkout registers. An estimated 56 million sets of customer payment card data were stolen in the attack.

The company’s losses related to the event are expected to top $1 billion when all of the lawsuits are finally settled. Only $100 million of that will be covered by insurance.

JP Morgan Chase (2014)

The September 2014 breach of JP Morgan Chase proved that even the largest U.S. banks are vulnerable to data theft. Online banking login details were not stolen, but crooks did get their hands on 76 million sets of names, emails, addresses, and phone numbers of bank customers, creating serious phishing concerns.

A group of Russian hackers is believed to be responsible for the attack.

PNI Digital Media (2015)

PNI Digital Media, the company that handles online photo printing for CVS, Walgreens, Rite Aid, Costco, and many more national chains, lost an unknown number of customer records to hackers in 2015.

Given that the company boasted more than 18 million transactions in 2014, it’s likely that this breach affected tens of millions of Americans.

Heartland (2008)

Credit and debit card processing firm Heartland Payment Systems became one of the largest data breach victims in U.S. history when hackers compromised more than 130 million accounts in 2008.

The criminal ring involved in the Heartland data theft was also found to be responsible for the 2005 hack of TJX Companies involving 94 million records.

TJX Companies (2005)

In a 2005 scheme dubbed “Operation Get Rich or Die Tryin,” a group of hackers used an unsecured Wi-Fi network at a Marshalls store to break into parent TJX Companies’ computer system and steal 94 million customer records, including payment card data.

Albert Gonzalez, the ringleader of the hack, is serving a 20-year sentence in Leavenworth.

U.S. Office of Personnel Management (2015)

Earlier this year, the United States Office of Personnel Management admitted that hackers had taken 21.5 million records belonging to those who had undergone government background checks or otherwise applied for federal employment. The hackers stole a wealth of sensitive data, including security clearance information and fingerprint data belonging to secret agents.

The Washington Post reported that the attack is believed to have originated in China.

Zappos (2012)

In January 2012, online shoe retailer Zappos stated that cybercriminals had stolen data of 24 million customers, including names, addresses, and the last four digits of their payment cards.

After the announcement, Zappos had to disconnect its phone lines to keep upset customers from calling in and overloading its phone system.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Don’t Get Hooked – Avoid Phishing

dont-get-hooked

Did you know more than 90% of data breaches start with a phishing email?

A successful ransomware attack can devastate any size organization. As examples from a recent survey, 50% of law firms, 42% of insurance brokers, 37% of non-profit organizations and 27% of retail companies lack a written incident response plan. And 34% said they don’t give employees phishing tests to determine their exposure to risk.

We have been actively recommending and implementing layers of security from the hosted level, firewall level, server level, computer level, policy level and now by the user level.

Organizations who have incident response plan (IRP) are able to respond more quickly and more effective than those without one. And for organizations in healthcare or financial services, having a plan may be required by law. If you don’t yet have an IRP, we can provide template plans for a variety of types of organizations and even can assist in writing one if need be.

We want to reduce your organization’s chance of experiencing a cybersecurity disaster by 70% security awareness training and provide an IRP if an attempt is made.

What is “phishing”?

Phishing emails look like they came from a person or organization you trust, but in reality they’re sent by hackers to get you to click on or open something that will give the hackers access to your computer.

Why are you at risk?

Hackers are actively targeting organizations because you have information that is valuable to them. Specifically, they may be interested in any type of valuable data, such as customer, patient, student, or employee data, intellectual property, financial account information, or payment card data.  If one employee falls for a phishing attack, the systems the employee uses can potentially be accessed. (We can run a report on your account to assess phishing attempts per account, contact us if you are interested in obtaining this report)

How to spot a phishing email

Hackers have gotten clever in how they design the emails they send out to make them look legitimate.  But phishing emails often have the following characteristics:

  • Ask you for your username and password, either by replying to the email or clicking on a link that takes you to a site where you’re asked to input the information.
  • Look like they come from the HR or IT Team
  • Have grammatical errors
  • Contain email addresses that don’t match between the header and the body, are misspelled (like @gmaill.com), or have unusual formats @company-othersite.com)
  • Have links or email addresses that show a different destination if you hover over them
  • Try to create a sense of urgency about responding

How can you prevent phishing emails?

Employees responding to phishing emails is still one of the biggest risks we see. Training your employees is an essential first step in making sure your data is never encrypted or held for ransom.

  1. To help educate your employees about what to watch for, we’ve attached an employee tip sheet. You can download it HERE
  2. The Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) within DHS also have useful collections that include tip sheets. Click here.
  3. In addition to tips we do have a solution that is a cloud-based training software that allows your business to train employees to aid with security awareness and phishing resistance. The platform allows us to setup and deliver simulated security threats and phishing incidents to educate and test employees. The training can be required and simulated emails will be sent, and if an employee falls for the threat testing, you would know and the employee can go through further testing. The cost is based per organization and is very reasonable. If there is an interest let us know.
  4. Last year we started “hardening” in Microsoft 365 to prevent phishing email attempts as a preventative measure for protecting your accounts.
  5. Similar to the “365 hardening” in #4 we have a new solution that is similar to the hardening but with more bells and whistles. The system works in an A.I. setup learning the types of emails you get and where they are coming from. Example. If you got an email from us regularly, but one email originated from a country in Europe not our usual IP address it would flag it. This system ties into 365 very nicely and even give the employees the ability to mark things phishing or safe, if needed. But once a message is marked safe the “outside email” banner will be removed for that email for the entire organization. The solution is a very reasonable cost per account, if there is an interest let us know.

CALL US TODAY @ (856) 745-9990

Microsoft announced Attack Simulator for Office 365 Threat Intelligence

 

Admins can send simulated phishing and attack emails to find security and training weaknesses.

A few weeks ago, Microsoft released a public preview for Attack Simulator for Office 365 Threat Intelligence. On April 17th Microsoft announced that Attack Simulator is now generally available. Attack Simulator for Office 365 Threat Intelligence is available to all Office 365 E5 or Office 365 Threat Intelligence customers.

With Attack Simulator, customers can launch simulated attacks on their end users, determine how end users behave in the event of an attack, and update policies and ensure that appropriate security tools are in place to protect the organization from threats.  The GA of Attack Simulator adds a new HTML editor so realistic looking HTML emails can be sent in simulations of spear-phishing.  Also, two spear-phishing templates are available for immediate use in the spear phishing simulation.

Attack Simulator includes the three attack scenarios from our public preview.

Display Name Spear Phishing Attack: Phishing is the generic term for socially engineered attacks designed to harvest credentials or personally identifiable information (PII). Spear phishing is a subset of this phishing and is more targeted, often aimed at a specific group, individual, or organization.  These attacks are customized and tend to leverage a sender name that generates trust with the recipient.

Password Spray Attack: To prevent bad actors from constantly guessing the passwords of user accounts, often there are account lockout policies.  For example, an account will lockout after a certain number of bad passwords are guessed for a user.  However, if you were to take a single password and try it against every single account in an organization, it would not trigger any lockouts.  The password spray attack leverages commonly used passwords and targets many accounts in an organization with the hope that one of the account holder uses a common password that allows a hacker to enter the account and take control of it.  From this compromised account, a hacker can launch more attacks by assuming the identity of account holder.

Brute Force Password Attack: This type of attack consists of a hacker trying many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found.

 

 

This video demonstrates how Attack Simulator can help organizations educate users to become more secure from cyber threats.  With Attack Simulator, admins can train all their end users, and especially those who are attacked most often.  This proactive training is a powerful way to ensure that your organization can prevent the impact from advanced threats.  Over the coming months, more threat simulations will be added to Attack Simulator so organizations can simulate the most prevalent threat types from the modern threat landscape.

Experience the benefits of Attack Simulator for Office 365 Threat Intelligence by beginning an Office 365 E5 trial today.  Also, learn more about how Microsoft leverages threat intelligence and the value of threat intelligence.

Wi-Fi-enabled ‘Hello Barbie’ records conversations with kids and uses AI to talk back

Today, Mattel released Hello Barbie, a WiFi-enabled doll that detects language and ‘talks back.’ But how will this high-tech toy impact real-life relationships?

Hello-barbie

She wears black flats, a motorcycle jacket, and skinny jeans. Her curly, bleach-blonde hair falls just past her shoulders. She has a permanent smile and large blue eyes. And, when you talk to her, she listens.

But this young woman isn’t an ordinary friend. “Hello Barbie” is less than a foot tall, weighs just under two pounds, and is made of plastic. And she is on sale for $74.99.

Mattel’s latest Barbie, marketed for children six and up, has just hit the shelves. She is unlike any doll before her—not only does she listen, but she can talk back.

To get started, kids simply download the Hello Barbie companion app. And to turn her on, you push a button on her silver belt buckle. Hello Barbie’s necklace is both a recorder and a microphone. Using WiFi, the jewelry will pick up a child’s questions and conversations—and transmit them back to a control center for processing. Speech-recognition software, operated through ToyTalk, will detect the input. Then, Hello Barbie will reply, using one of 8,000 pre-programmed lines. Examples include:

  • You know, I really appreciate my friends who have a completely unique sense of style…like you!
  • Here’s what’s up: I’m worried my sister Stacie is having a hard time finishing her homework. Does that ever happen to you?
  • I think Santa is real. There’s something very magical about the holiday season and I think he helps bring that magic to all of us!
  • So if you were planning the biggest, raddest, most unforgettable party of the year, what would it be like?
  • Of course we’re friends! Actually, you’re one of my best friends. I feel like we could talk about anything!

Hello Barbie’s dialogue, while perky and fashion-focused, reflects an attempt by Mattel to create a more well-rounded character than in the past. In 1992, Mattel pulled its string-operated Teen Talk Barbie from shelves after being criticized by The American Association of University Women for the inclusion of an unfortunate line: “math class is tough.” It is no mistake that Hello Barbie’s lines includes: “Oh nice! Fun with numbers! Teaching math sounds like a lot of fun. What kinds of things would you teach—Counting? Addition? Subtraction?”

Still, the implication that Barbie is being sold as a ‘friend’ is unsettling. “Hello Barbie can interact uniquely with each child by holding conversations, playing games, sharing stories, and even telling jokes!” boasts Mattel’s website. Hello Barbie, claims Mattel, is “Just like a real friend. [She] listens and remembers the user’s likes and dislikes, giving everyone their own unique experience.”

But is she really listening?

While Barbie may appear to listen and respond, “pretend empathy is not empathy,” said Sherry Turkle, professor at MIT and author of Reclaiming Conversation. Turkle worries about how children will understand their new ‘friend.’

“They are drawn into thinking that pretend empathy is the real thing,” said Turkle. “But objects that have not known the arc of a human life have no empathy to give. We put our children in a compromised position.”

Beyond the social implications of the doll, the capabilities of the recording technology raise privacy issues.

Using Hello Barbie involves recording voice data (see the privacy policy here) and requires parental consent. However, Mattel states that “parents and guardians are in control of their child’s data and can manage this data through the ToyTalk account.” The company also states that the recordings are protected under the “Children’s Online Privacy Protection Act,” and recordings containing personal information will be deleted once they “become aware of it.”

Still, the potential for misuse of this private data is a legitimate concern. “Obviously it is a security and privacy nightmare,” said Roman Yampolskiy, director of the Cybersecurity Lab at the University of Louisville. “[The] company [is] collecting data from kids—hackers [could be] getting access to private info.”

However, like Turkle, Yampolskiy is “more concerned about social development of the children interacting with it.”

“We are basically running an experiment on our kids and have no idea if it will make them socially awkward, incapable of understanding body language, tone of voice and properly empathize with others,” he said.

It all raises the question of what is meant, exactly by ‘real’ conversation? Turkle said, “Why would we take such risks with something so delicate, so crucial: Our children’s ability to relate to each other as human beings?”

Despite concerns, Hello Barbie is here, being shipped to homes across the globe beginning today. She is being turned on, spoken to, and listened to. And when children are finished with her, she is shut down, stood on a charger (Hello Barbie cannot stand on her own) and charged back up.

When she is turned on again, Barbie might ask: “Did you miss me at all?”

“Not even an itsy bitsy, eensy weensy bit?”

How children will respond remains to be seen.

Mattel did not respond to repeated requests for comment for this story.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

The 18 scariest computer viruses of all time

virus

 

Anna Kournikova (2001)

The Anna Kournikova virus is so named because it tricked its recipients into thinking they were downloading a sexy picture of the tennis star. Financial damages associated with Kournikova were limited, but the virus had a big pop culture impact: It became a plot point in a 2002 episode of the sitcom Friends.

Sasser (2004)

In April 2004, Microsoft issued a patch for a vulnerability in Windows’ Local Security Authority Subsystem Service (LSASS). Shortly after, a teenager in Germany released the Sasser worm to exploit the vulnerability in unpatched machines. Multiple variants of Sasser took out airline, public transportation, and hospital networks, causing $18 billion in damage.

Skulls.A (2004)

The Skulls.A is a legitimately spooky mobile trojan that affected the Nokia 7610 smartphone and other SymbOS devices. The malware was designed to change all icons on infected phones to Jolly Rogers and disable all phone functions, save for making and receiving calls.

F-Secure says Skulls.A caused little damage, but the trojan is undeniably creepy.

Zeus (2009)

While many malware programs on this list are little more than nuisances, Zeus (AKA Zbot) was a tool used by a complex criminal enterprise.

The trojan uses phishing and keylogging to steal online banking credentials, draining a cumulative $70 million from the accounts of its victims.

Melissa (1999)

Named after a Florida stripper, the Melissa virus was designed to propagate by sending itself to the first 50 contacts in its victims’ e-mail Outlook address book. The attack was so successful that the virus infected 20 percent of the world’s computers, causing an estimated $80 million in damage.

Virus creator David L. Smith (shown) was caught by the FBI, served 20 months in jail, and paid a $5,000 fine.

Sircam (2001)

Like many early malware scripts, Sircam used social engineering to trick people into opening an email attachment.

The worm chooses a random Microsoft Office file on victims’ computers, infects it, and sends it to all the people in the victims’ email contact list. A University of Florida study pegged Sircam cleanup costs at $3 billion.

Stuxnet (2009)

Stuxnet is one of the first known viruses created for cyberwarfare. Created in a joint effort between Israel and the U.S., Stuxnet targeted nuclear enrichment systems in Iran.

Infected computers instructed nuclear centrifuges to physically spin until they broke, all while providing fake feedback that operations were normal.

SQL Slammer/Sapphire (2003)

Taking up just 376 bytes, the SQL Slammer worm packed a lot of destruction into a tiny package. The worm slowed down the Internet, disabled 911 call centers, took down 12,000 Bank of America ATMs, and caused much of South Korea to go offline. It also crashed the network at Ohio’s Davis-Besse nuclear power plant.

Storm Trojan (2007)

Storm Trojan is a particularly sinister piece of email-distributed malware that accounted for 8 percent of all global infections just three days after its January 2007 launch.

The trojan created a massive botnet of between 1 and 10 million computers, and because it was designed to change its packing code every 10 minutes, Storm Trojan proved incredibly resilient.

Code Red (2001)

The Code Red worm, named after the Mountain Dew flavor preferred by its creators, infected up to one-third of all Microsoft ISS web servers upon release.

It even took down whitehouse.gov, replacing its homepage with a “Hacked by Chinese!” message. Estimated damages due to Code Red were in the billions of dollars worldwide.

Nimda (2001)

Released just after the 9/11 attack, many thought the devastating Nimda worm had an Al Qaeda connection (never proven).

It spread via multiple vectors, bringing down banking networks, federal courts and other key computer systems. Cleanup costs for Nimda exceeded $500 million in the first few days alone.

ILOVEYOU (2000)

The ILOVEYOU worm, AKA Love Letter, disguised itself in email inboxes as a text file from an admirer.

But this Love Letter was anything but sweet: In May 2000, it quickly spread to 10 percent of all Internet-connected computers, leading the CIA to shut down its own email servers to prevent its further spread. Estimated damages were $15 billion.

Cryptolocker (2014)

Computers infected with Cryptolocker have important files on their hard drives encrypted and held at ransom. Those who pay approximately $300 in bitcoin to the hackers are given access to the encryption key; those who fail to pay have their data deleted forever.

Netsky (2004)

The Netsky worm, created by the same teen who made Sasser, made its way around the world by way of email attachments. The P variant of Netsky was the most widespread worm in the world even more than two years after its February 2004 launch.

Conficker (2008)

The Conficker worm (AKA Downup, Downadup, Kido), first detected in December 2008, was designed to disable infected computers’ anti-virus programs and block autoupdates that may otherwise remove it from computers.

Conficker quickly spread to numerous important computer networks, including those of the English, French, and German armed forces, causing $9 billion in damage.

Michaelangelo (1992)

The Michelangelo virus itself spread to relatively few computers and caused little real damage. But the concept of a computer virus set to “detonate” on March 6, 1992 caused a media-fueled mass hysteria, with many afraid to operate their PCs even on anniversaries of the date.

Sobig.F (2003)

The Sobig.F trojan infected an estimated 2 million PCs in 2003, grounding Air Canada flights and causing slowdowns across computer networks worldwide. This tricky bug-in-disguise cost $37.1 billion to clean up, making it one of the most expensive malware recovery efforts in history.

MyDoom (2004)

In September 2004, TechRepublic called MyDoom “the worst virus outbreak ever,” and it’s no surprise why. The worm increased the average page load time on the Internet by 50 percent, blocked infected computers’ access to anti-virus sites, and launched a denial-of-service attack on computing giant Microsoft.

The worldwide costs associated with cleanup of MyDoom is estimated to be just shy of $40 billion.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Trump administration to move all federal IT into the cloud: Is it realistic?

US president Donald Trump recently signed an executive order on cyber-security that mandated federal systems move to the cloud. But, questions remain on the feasibility of that goal.

On Thursday, US President Donald Trump signed his long-awaited executive order on cyber-security, laying out his plans for addressing security in federal IT and across US infrastructure. The most ambitious mandate was that all federal IT systems move to the cloud.

President Trump’s homeland security adviser, Tom Bossert, said in a announcement that the government had spent too much time and money “protecting antiquated and outdated systems.” Bossert cited the Office of Personnel Management (OPM) hack as evidence of failing legacy systems.

Bossert said, “From this point forward, the President has issued a preference in federal procurement in federal IT for shared systems. We’ve got to move to the cloud and try to protect ourselves instead of fracturing our security posture.”

The executive order officially states: “Agency heads shall show preference in their procurement for shared IT services, to the extent permitted by law, including email, cloud, and cyber-security services.” It also calls for a report to be completed within 90 days describing the legal, budgetary, technical considerations for “shared IT services, including email, cloud, and cyber-security services,” along with a timeline for the initiatives and their potential cost-effectiveness.

Peter Tran, the senior director of worldwide advanced cyber defense practice at RSA and former US Department of Defense employee, said the anchor for the executive order will initially be the NIST Cybersecurity Framework (CSF), to both assess current risk gaps and determine a strategy moving forward. This will be the pacesetter by which all building blocks will either rise or fall specifically on the call to action to go cloud in an expedited manner…..security being a forethought,” Tran said.

However, the effectiveness of a move to the cloud to improve security among these federal systems remains up to debate. John Pironti, cyber-security expert and president of IP Architects, said that it could create a double-edged sword.

“The idea of standardization of security controls and capabilities through a cloud-only mandate in theory may make sense to establish an enhanced baseline for security, but at the same time creates a central target and common set of controls and capabilities that adversaries can then focus their attention on in order to be successful in their attacks,” Pironti said.

Following a central set of control standards and common technology platforms, combined with the centralized nature of the cloud, could actually make the federal IT systems weaker than their current iteration, Pironti said, which utilizes “distributed and varied computing assets and security controls.” And if hackers can find and exploit a weakness in this kind of system, it could lead to a bigger impact.

Pironti said that he believes the mandate will start out with the proper intentions, but if the affected government agencies simply follow the prescribed behaviors with no deviation, they may not be able to keep up with the changing threat landscape. While Pironti said that he’s in favor of accountability, he believes that the approach should be risk-based instead of mandated.

“I do not believe all agencies should be forced into a cloud model or required to follow the same set of prescriptive security controls,” Pironti said. “If an agency can prove that they are effectively operating in a reliable, available, and secure fashion then they should be allowed to continue to do so.”

Another question raised by the mandate is the feasibility of moving these systems to the cloud. Tran said that the executive order builds on an existing foundation, but the “proof is in the pudding.” The order, like other security plans, must be executed in a timely manner and show clear improvements in boosting security visibility and early threat detection, but it also must clearly show what “good” and “bad” security looks like in cloud infrastructure, Tran said.

“That’s really hard to do under an average planning and deployment timeline. Your compass needs to be ‘dead on,'” Tran said.

The impact of the executive order could also be seen in the private sector, Tran said, driving the growth of stronger policy, compliance, and governance around cybersecurity.

“The unique aspect of this current environment is security can’t effectively operate in a ‘de-regulated’ fashion by the mere nature that it’s security… Imagine if the TSA and FAA had no security protocols and structure?” Tran said. “Cybersecurity is no different whether it’s brick-and-mortar or click-and-mortar.”

The 3 big takeaways for readers

  1. Trump recently signed an executive order on cybersecurity mandating all federal IT systems move to the cloud, but questions remain about the feasibility and effectiveness of such a mandate.
  2. The move to the cloud could help modernize the systems’ approach to security, but it could also create a central point of attack for hackers, an expert said.
  3. The executive order could also impact the private sector, leading to more regulation and compliance around cyber-security initiatives, an expert said.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

CALL US NOW!