Preventing Vulnerabilities from Entering Your Network

HP is a very common name for both businesses and household IT. For this reason, it was especially concerning when more than two dozen models of HP laptops were found to contain a keylogger that recorded keystrokes into a log file.

Although HP quickly released patches to remove the keylogger, the concern lingered. Customers have very high expectations for large vendors to have top security in today’s world. However, even the largest of companies often do not have the resources to ensure security for all products and software. Furthermore, even the most secure software has its weak-points.

In this case, the vulnerability was discovered in the Conexant HD Audio Driver package, where the driver monitors for certain keystrokes used to mute or unmute audio. The keylogging functionality was likely used to help developers debug the driver, but unfortunately became a serious security concern for customers.

Although It is believed that the vulnerability was left in inadvertently, many wonder why a static or dynamic code analysis tool could not detect the vulnerability.

Related Video: Why a keylogger is in the audio driver and how to make sure it is not running on your devices

Working with an IT Services Company
For instances such as this, there are companies responsible for monitoring vendors. However, they may not always be able to catch every vulnerability. It can be very beneficial for companies to work with their own third party IT services company to monitor products and software from vendors before they are used in their networks.

These IT professionals are able to install a company’s own image on an endpoint before deploying it. These images would be used to analyze with dynamic or runtime application security tools to determine if any common vulnerabilities are present.

Security threats are a very real concern for companies in all industries. Partnering with a trusted IT team has become a common practice that ensures enterprise networks are always properly maintained and secure, even without full-time IT staffLearn more about CCNY Tech’s Managed IT Services: Click Here

 

Five Networking Mistakes You Can Easily Avoid

When managing a network, it can be difficult to differentiate and diagnose issues. Even with constant monitoring and upkeep, IT is finicky and issues are not always readily apparent.

 

Here are five common networking mistakes to avoid when maintain a network:

1. Setting a priority on Voice over Internet Protocol (VoIP) data – When your telepresence system tags everything as data, you can very easily overwhelm your network.

2. Implementing Virtual Desktop Infrastructure (VDI) without the necessary infrastructure – VDI increases traffic to virtual machines and storage devices. It is crucial that you have an infrastructure ready to support the transition.

3. Uncertain routing changes – Making a routing change may result in decreased performance for some traffic. It is important to thoroughly understand your traffic needs before making adjustments.

4. Lack of secure guest network and BYOD – It is absolutely critical for you network that you have proper guest networks and security for Bring Your Own Device for employees and management. Without differentiating a guest network from the main network, you expose your company data to outside threats. Similarly, there must be protocol for outside devices used by employees.

Network security is another major concern for companies in all industries. Setting proper permissions, regulating password updates, keeping firewall and security software up-to-date are just a few of the critical steps in protecting a company network. With growing concerns over cyber attacks, network security is arguably one of the most important investments for businesses at this time.

5. Setting up a new router with a duplex mismatch – When setting up multiple routers, it is important that they are in the same duplex modes. A mismatched duplex is a link that operates ineffectively,resulting in reduced bandwidth.

Check out this video for configuring multiple routers in duplex mode:

These are a few of the more common mistakes that occur on a company network. Simple things like these can lead to major issues that are difficult to recognize and correct. It is a good idea for businesses to schedule routine network checks and regular maintenance to help diagnose, fix, and prevent networking issues along the way. A convenient way to ensure that your network is running smoothly is with Managed IT Services.

Managed IT Services allows you to set a budget for your IT needs. You choose a plan that works for your company network and important tasks such as IT Maintenance, emergency fixes, and phone support are readily available without any extra costs. Furthermore, you can have a plan which schedules regular network checks, ensuring that issues such as these are not happening behind the scenes. Learn more about the Advantages of Managed IT Services! Check out our website or call us at 315.292.1046 to speak to an IT professional about network security.

Truly understanding your IT infrastructure is the key to maintaining a successful network. It is crucial that you recognize your needs regarding speed, security, storage, and even physical space. There are countless server options when looking for expansions or upgrades.

Choosing the Right IT infrastructure for Your Business

IT infrastructure can be a daunting task but is an absolutely necessary investment of time and resources. Particularly in today’s world, your daily operations, company and customer data, and competitive advantage likely revolve around your technology. It is important to understand and upkeep your systems. Partnering with a professional IT services company gives you access to experienced teams that can help you create a plan, tailored to the needs of your business.

Check out our website or call us at 315.292.1046 to speak to an IT professional about network security.

The Latest on the Data Breach at Uber

UBER Data Breach Was Not Reported For 1 Year

Yesterday it was reported that the transportation company Uber has suffered a data breach, revealing personal information of some 57 million people around the world. It has been confirmed by Uber that they knew of the year-old attack and had covered it up. The company could now face legal action, as those affected may have claims for any loss suffered as a result of the misuse of their private information.

The New York state Attorney General has opened an investigation into the massive data breach and the company’s failure to secure personal information. This breach violates the UK’s Data Protection Act of 1998, and the New York state law that requires companies to notify the Attorney General and consumers if data is stolen.

Uber acknowledges paying hackers $100,000 to destroy the stolen information in this ransomware attack. Thus far, there is no evidence of malicious misuse of the stolen information. However, the cover-up will present Uber with a higher fine than if they had come forward with the information.

Britain’s Deputy Information Commissioner James Dipple-Johnstone said “If U.K. citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed.”

UK officials are working with the National Cyber Security Center to verify the severity of the problem for British Uber clients and drivers.

Related Article: Equifax Data Breach 2017

Protect Your Data from Ransomware Attacks
This breach, and those like it, demonstrate the importance of your constant cyber security efforts. Securing company and customer data is critical in today’s world to help protect your trusted reputation. It is crucial that companies in all industries evaluate and maintain their networks with the latest in IT security.

CCNY Tech’s team of IT professionals understand the ins and outs of security weak points, the latest threats, and the best preventative measures. Visit our website or call us at 315.292.1046 for a Network Audit.

Related Article: Is Ransomware an Overblown Concern?

What is a Computer Worm?

Although ransomware attacks have been the hot topic of cyber news lately, computer worms are still a common form of attack on individual and company computers. A computer worm is a malicious software program which can infect computers and self-replicate to spread, while remaining active on infected systems.

How it works

Computer worm are a form of malware which runs invisibly in the background, overtaking parts of an operating system. They are generally only recognized when systems are slowed down and resources are consumed.

These attacks are especially effective, as they can spread without user interaction. Once a computer won is active on an infected system, they are able to spread throughout a network. In the past, computer worms used to attack through infected storage media; while USB drives are still a common vector for worms, it is not essential.

Computer worms are effective through vulnerabilities in networking protocols. Emails are a common gateway for these worms to spread, as they can create and send outbound messages to all addresses in a user’s contact list.

The main differentiation between computer worms and viruses is that a worm is a self-replicating program that spreads without user interaction. Viruses, on the other hand, generally require some action on the part of a user to spread (although they are also self-replicating).

Related Video: 5 of the worst computer worms ever:

Defense against computer worms

There are many ways to prevent and detect computer worms and viruses. It’s important to be proactive with cyber security and IT maintenance. Here are a few key steps to keeping your network clean:

  • Updates – continuously updating operating systems and software will ensure that you have the latest security patches.
  • Caution – It is crucial to be up-to-date with threats, to be careful with links in emails, avoid pop-ups and other suspicious attachments. These are all means for the spread of malicious software.
  • Firewalls – firewall and antivirus software can help to reduce system access and prevent cyber attacks from running in the background.

Detection – What to look for:

  1. Decreased system performance
  2. Freezing or crashing
  3. Unusual sounds or messages
  4. Unfamiliar icons or files
  5. Warning messages for operating system or other software
  6. Email messages sent without user interaction

Computer worms can be difficult to detect and remove. It is important to use best practices for network security in homes and workplaces. It is especially important for businesses to train employees about security awareness.

Computer worms, viruses, and ransomware are all real concerns for enterprise networks. It is important for businesses to consult IT professionals about cyber security. At CCNY Tech, our team of IT experts will perform full network evaluations, finding and correcting your security weak points and ensuring that all preventative measure are in place. To learn more, visit our website or call us at 315.292.1046.

Why Hybrid Cloud is the Future of Enterprise IT

Hybrid cloud is flexible and versatile; it is an ideal IT solution for companies.

Cloud computing has been gaining interest, particularly by businesses. It is a great way to save time, money, and space for an IT infrastructure. It allows companies to incorporate their current IT with a cost-effective extension and offers capabilities that their facility and hardware might not otherwise allow. It is also especially useful for small startups that cannot afford the latest and flashiest hardware and software. Hybrid cloud tech is creating quite a stir for a number of reasons.

Related Video: What is hybrid cloud computing?

Cost-Effective
Because our technology is advancing so quickly, it can be very difficult (and expensive) to keep up with the latest machines and software. Constant upgrades, replacements, installations, and learning curves can quickly overwhelm even the largest of companies. Cloud services can be an ideal solution for cutting maintenance costs, saving space, and reducing necessary full-time IT staff.

Cloud solutions are able to access and compute large amounts of data. Based on recent history, it is not surprising to know that greater computing capabilities will become increasingly more necessary for companies in all industries.

Not only is it cost effective in its abilities, it also removes a physical burnden. On-site hardware, while valuable, takes up space, must be maintained, and requires upgrades and replacements as technologies become obsolete. So even though on-site equipment still has its place, a hybrid system can be used strategically to cut down costs of upgrades and expansion.

The real value in this method stems from the flexibility. Companies are able to retain their own private cloud networks as well as utilize public cloud services. Properly incorporating all of these methods allows businesses to create a vast, well-managed computing environment.

Related Article: Cloud cost-effectiveness comparison – Click here

Next Gen IT
Hybrid cloud computing is argued to be the next big IT solution. Its capabilities and reasonable costs allow companies to push their IT reach new computing levels. Hybrid cloud allows for faster speeds, lower latency, and more controlled network bandwidth.

The business environment is already heavily reliant on technology. It is a safe assumption that we will continue to create new methods for faster communication, larger storage, and all-around greater computing. Right now, this is where hybrid cloud thrives. These solutions are currently used to alleviate pressure on a company’s private network. Cloud solutions can act as an expansion of an enterprise network. The hybrid cloud is also great for data analytics and is a means by which IT specialists can work across multiple cloud platforms.

One of the most crucial reasons for companies to advance their IT capabilities is customer expectation. It is key for companies to keep up-to-date with the latest IT developments in order to please customers, maintain reputation, and stay competitive. There is going to be a demand for seamless transition from public to private clouds as these solutions become more widely adopted.

Learn about how to evaluate your current IT architecture: – Click here

Possibilities
Hybrid cloud solutions offers a wide range of opportunities. It is growing more common by the day, as there are countless reasons for any business to give it a try. The future of IT is capable, flexible, and versatile. Hybrid cloud an ideal and cost-effective way to keep your IT, and your company, competitive.

CCNY Tech offers Hybrid Cloud solutions for any size company in any industry. Our IT professionals can help you to evaluate your current and future networking needs and will design a solution that works for you. Send us a message on our website or call us at 315.292.1046 to set up a consultation.

Attending Wordcamp Rochester

The CCNY Tech Marketing team was on the road this weekend to attend Wordcamp Rochester 2017.

The day of speakers and interaction centered around the WordPress community. Many speakers and attendees were from all corners of US and Canada.

The Keynote speaker was Bridget Willard, the founder WPGive and co-host of WPblab, a show on the WPwatercooler network.

One of the highlights of the Rochester event was a talk about Google Data Studio presented by Lee Hurst @helpfullee. It is simply amazing what you can do with this FREE app from Google. Using the IFTTT, BigQuery and Supermetrics the possibilities are nearly limitless. Data Studio puts enterprise tools to analyze and display data into everyone’s hands that has a gmail account.

Other topics we about internet and personal security presented by Sitelock and Internet Marketing & Lead Management.

Should You Be Concerned About The Ransomware Threat?

Many are wondering if the recent malware attacks are really as serious as they sound.

Cyber crime and has been on the rise in recent years and has been a hot topic as of late. The Equifax breach and other large attacks have created quite a stir, and companies in all industries are worrying about their security. Customers are especially concerned, as cybercriminals have everyone unsure about the safety of their data.

Learn more about how the Equifax breach impacts your data security: Click Here

However, people want to know if these attacks are actually all they are made out to be.

In 2016, it was predicted that they would collect over $1 billion in ransomware attacks in that one year. However, in the FBI “2016 Internet Crime Report,” it was stated ransomware accounted for losses of only $2.43 million. These statistics are part of the reason people believe cybercrime might be overblown.

While the numbers are not as alarming as predicted, the FBI states that it is only because about 15% of cyber crimes are actually reported, and that percentage may even be low when it comes to ransomware attacks.

Furthermore, many companies do not report compromises by ransomware because, they are not always required to do so. The Health Insurance Portability and Accountability Act, for example, does not require reporting if protected health information is encrypted. So while exact figures are difficult to track, it is certain that attacks are increasing and are becoming very costly for businesses and customers, alike. Companies have actually lost millions from the WannaCry and Noteya attacks alone.

WannaCry Explained video: Click Here

So, are these attacks really that serious?

The answer is yes. One of the major issues with cyber attacks is that they are not events that affect any single company; they exploit widespread vulnerability. The spread of NotPetya was so vast that it likely did more than $1 billion in damages. Similarly, an estimated conducted by insurer Lloyd’s of London and risk-science from Cyence found that such an attack could possible cause $10 billion in business losses in North America and Europe, and possibly reach $29 billion. With figures like that, attacks mean more than just hurting businesses and disgruntled customers – it means true economic impact.

With these figures and estimates, its crucial that companies and customers take cyber security very seriously.

If you are in need of IT security or would like to learn more, check out our website or call 315.292.1046.

One step businesses can take is begin training all employees on best practices for IT security. Learn more here

Google Chrome to Label HTTP Pages ‘Not Secure’

It may be time for your business to purchase an SSL certificate; here’s why:
Google has announced that it will be marking all HTTP pages in Chrome as “Not secure” as of this month. This marks the next phase for Google as it started in January, labeling some pages as non-secure with the release of Chrome 56. The first phase affected pages that transmit sensitive information; the second phase, however, will not have these same stipulations.

The not-secure label indicates that data is being communicated on an unencrypted connection. This is especially worrisome for users on websites that contain login information, and/or financial information on the web. HTTPS is the secure version of HTTP, where the website has purchased an SSL certificate. (An SSL certificate allows for end-to-end encryption and security).

HTTPS sites offer better protection against someone on the same network viewing or modifying the traffic. This is known as a man-in-the-middle-attack. During October, Chrome will label all HTTP pages where a user can input any data. This will apply to any page with a search box.

The expanded warnings will likely add pressure to site owners to setup HTTPS on their web servers, as visitors may begin looking for these labels. However, thus far, these warnings only apply to Chrome search engine. Firefox has not yet said whether it would follow in these footsteps but has begun displaying “in-context” warnings for payment and login pages.

“According to Google’s HTTP Transparency Report, over half of all pages are viewed over HTTPS on the desktop. For Chrome OS, 71 percent of pages are loaded over HTTPS, while 58 percent are for Chrome on Windows.”

It is important for site owners, particularly ecommerce sites to keep watch over this development. Now may be the time to purchase an SSL certificate for your company site.

Call us to learn more about cybersecurity for your company and customer data. (315) 292-1046 or check us out at www.ccnytech.com

elit. Phasellus tempus in eleifend ut