31
Aug, 2016
net_worth_tracking_400.jpg

Tip of the Week: How Tracking Your Net Worth Can Benefit Your Long-Term Goals

net_worth_tracking_400.jpg

Tracking your net worth might not be the same as tracking how many much money you have in your account, but it’s a good start. By tracking your net worth, you’ll have a good idea of how your finances fare in the big picture of things. Doing this may even help you worry less so that you can focus more on improving your situation.

Finding Your Net Worth
To many people’s relief, their net worth takes into account much more than just their paycheck. You can basically think of your net worth as the grand total of all of your assets, minus your liabilities; or, rather, what you have minus what you owe. It’s actually quite easy for your net worth to increase over time, since you’ll owe less and obtain more.

Therefore, the first step toward determining your net worth is putting together a list of what you currently own, versus what you currently owe.

What You Own

  • Home (its current value)
  • Other real estate
  • Automobiles and other vehicles like RVs and ATVs (leased vehicles don’t count)
  • Jewelry and collectibles
  • Household items, like furniture, appliances, etc.
  • Retirement accounts, bonds, stocks, mutual funds
  • Cash value of life insurance
  • The balance of checking and savings accounts
  • Cash

What You Owe

  • Home mortgage principal
  • Other mortgage principal
  • Auto loans
  • Student loans
  • Credit card debt
  • Other loans

Once all of these items are in order, you need to plug this information into an online net worth calculator:

http://cgi.money.cnn.com/tools/networth/networth.html

http://www.creditcardfinder.com.au/net-worth

Tracking Your Net Worth
Now that you’ve attained your net worth, you can use a spreadsheet to track the growth–or (gasp) decline–of your net worth. Here are four ways that focusing on your net worth can be beneficial.

  • Financial progress: It’s in our human nature to evolve and make progress, and keeping track of your net worth gives you some solid statistics that you can focus on. It’s always great to look back on the previous month and see how much your financial situation has improved.
  • Confidence building: Keeping track of your net worth can be empowering. For example, saving an extra $1,000 in your emergency fund, or increasing your 401K with a bigger contribution can make you feel proud of yourself, and can help you stay focused on accomplishments rather than your debts.
  • Keeps you from focusing on assets: On the other hand, you need to keep yourself aware of more than just how much you currently have. Having $200k in assets is great, but you should also keep your $100k of debt at the top of your mind.
  • Acquiring loans: Your net worth could become a major factor when you apply for a loan in the near future. You want to ensure that you keep track of your net worth so that you aren’t unpleasantly surprised in the event that you need a cosigner for a loan.

Can tracking your net worth be help achieve your financial goals? Try it out and let us know in the comments how it goes.

29
Aug, 2016
ransomware_money_400.jpg

Alert: Microsoft Outlook Users Be Wary of New Ransomware

ransomware_money_400.jpg

Ransomware is a particularly nasty strain of malware that continues to pop up in unexpected forms. In the case of a new variant of called Cerber, it targets users of Microsoft Outlook using a zero-day vulnerability via phishing messages. To make matters worse, Cerber can also utilize DDoS attacks, which is a major cause for concern.

Distributed Denial of Service attacks utilize previously-infected “botnets” (networks of infected computers) to slam the targeted system with a ferocious amount of traffic. The legs of the targeted system eventually buckle, and the organization’s operations are crippled by downtime. Now that ransomware is using DDoS attacks, it becomes much riskier to ignore a ransomware warning. Plus, the infected computer is brought into the botnet and used to torture other poor souls who are unfortunate enough to get infected.

Cerber demands a ransom of 1.24 Bitcoins to unlock the ransomware. As of this time of writing, 1.24 Bitcoins are valued at approximately $718.

The intended victim receives an email containing the ransomware which, when activated, adds three files to the desktop of the victim’s computer. Each contains the same message; one is a simple TXT file, another is HTML, and the third is a Visual Basic Script that converts to an audio message. Their message reads: Attention! Attention! Attention! Your documents, photos, databases and other important files have been encrypted! To add insult to injury, this message will trigger every time you boot your computer.

The hackers make it quite easy for users to pay the ransom. The two files contain instructions to navigate to the Tor payment site, while also offering some inspirational advice: “What doesn’t kill me makes me stronger,” transcribed in Latin. In most cases, we recommend against paying the ransom, but sometimes it’s unavoidable; particularly if you don’t have a secure data backup. Still, there’s no guarantee that the hacker will ever release your files, and contributing funds will only further their goals to attack others like yourself.

There’s currently no known way to eliminate Cerber, which makes it crucial to protect your systems from infection. In particular, you should focus on security best practices and identify phishing scams, as this is the primary mode through which ransomware spreads. As the business owner, you need to ensure that your organization follows these practices, from the top-down.

  • Users need to understand email security best practices. This includes being wary of unsolicited messages that contain attachments or suspicious links.
  • All of your organization’s mission-critical data should be backed up and stored in an isolated location. This way, even if your network becomes infected with ransomware, you can just restore the backup to avoid paying the hackers.
  • Keep your systems updated with the latest versions of software solutions, and always keep your antivirus solution updated with the latest threat definitions. Malware designers are always trying to outpace security professionals, so stay one step ahead to help keep yourself secure.

For more information about cyber security and other best practices, reach out to NuTech Services at 810.230.9455.

26
Aug, 2016
managed_it_services_400.jpg

It Pays to Outsource Your IT

managed_it_services_400.jpg

Technology can be fickle at times. When it’s not working properly, it can hold your business back from reaching its maximum potential. Therefore, in order to maximize your bottom line, it becomes common sense to ensure that your technology is in proper working order at all times. The problem lies in the fact that you may not necessarily specialize in technology management, and don’t have the time or budget to perform maintenance yourself. What’s the SMB to do?

In the past, break-fix IT services allowed users to get the technical support they needed, but at a steep cost. IT companies would tell the user what was wrong with the technology, and offer a price for what it would take to fix it. By nature, this type of IT maintenance is designed to thrive off of the user’s technology failing to work properly. Therefore, from a break-fix IT company’s point of view, there’s no real reason to put preventative measures in place that would save the user money in the long run.

In stark contrast, managed IT services do the exact opposite of their break-fix counterpart, and that’s to save businesses money by preventing issues from developing into costly and downtime-causing problems. This helps organizations keep their IT budgets intact, even if they don’t have a dedicated in-house IT department. Preventative maintenance detects small issues and resolves them in a timely manner, preventing them from becoming major problems.

Here are some examples of effective managed service offerings that can save SMBs money in the long run:

Server Hosting
Your server units are the hardware responsible for the safe storage and distribution of your organization’s digital assets. Therefore, it makes sense that you would want to guarantee that they’re being cared for properly. The problem here is that server maintenance and hosting requires a specific skillset that only a professional technician can provide, and that the SMB typically has a limited IT budget that doesn’t necessarily accommodate hiring new staff members for this purpose. This is often why organizations outsource this responsibility to a managed service provider that can guarantee consistent uptime and the prolonged health of server units.

Network Security
If your business doesn’t know the difference between viruses, malware, trojans, phishing scams, and other common threats, it’s a good idea to have a trained security professional on-hand to manage your network and endpoints. Businesses can outsource the responsibility of maintaining and managing solutions like firewalls, antivirus, spam-blocking, and content-filtering components, that are capable of mitigating threats and limiting exposure to dangerous situations.

Remote Maintenance and Management
There are times when technological issues aren’t immediately known to the user, and they can become disastrous problems later on if ignored. Technology professionals can identify these issues by remotely monitoring statistics like CPU usage, RAM consumption, and other critical factors, in order to prevent them from escalating into major unavoidable disasters. These issues can then be resolved remotely, without the need for an on-site visit from a tech, helping you keep your budget under control.

Backup and Disaster Recovery
Small businesses might be agile enough to respond to threats and disasters promptly, but this is only the case if they’re taking measures to keep their data safe. It’s been shown that businesses that fail to recover their data following a data loss incident, will likely go out of business within one year of the incident. Therefore, you need a comprehensive solution that’s designed to limit data loss and practically eliminate downtime.

If your business has difficulty managing and maintaining its technology infrastructure, why not reach out to NuTech Services to ask about what we can do for your business? To learn more about backup and disaster recovery, network security, and more, reach out to us at 810.230.9455.

24
Aug, 2016
distracting_-instant_messaging_400.jpg

Tip of the Week: 4 Ways to Make Sure Workplace Instant Messaging Enhances Productivity

distracting_-instant_messaging_400.jpg

Instant messaging has changed the way that individuals communicate with one another, both in their personal lives and in the workplace. Just as email threw a wrench in traditional mail’s plans, instant messaging threatens to jump start a new method of instantaneous communication, one which can be seen as a great benefit, but also an immense annoyance.

As reported by ITProPortal, over half of the respondents to a survey by BetterCloud believe that instant messaging will overtake email in the office; an impressive feat, especially considering how commonplace email is in today’s professional environment. However, this also means that businesses need to improve their instant messaging practices if they want to reap the benefits it provides, and to use instant messaging in such a way that it’s not a major workplace distraction.

If you want to improve your business’s instant messaging practices, try these tips.

Accurately Represent Your Current Online Status
You need to give your team a proper representation of whether you are currently available or not. If you don’t, they could be wasting valuable time trying to reach out to you when, in reality, you’re nowhere near your computer. Make sure that you change your status to indicate that you’re away from your computer, or logged off for the night; that way, your team can know that they would be better off contacting someone else who is available.

If It’s Going to Be a Long Conversation, Try a Different Communication Medium
Long IM conversations can waste time, especially if they aren’t particularly relevant to the task at hand. In this case, it’s better to simply pick up the phone and call the person you need to communicate with or arrange for a face-to-face conversation. This way, the details get ironed out and you don’t waste valuable time getting to the point. Plus, emotions are somewhat difficult to express through instant messaging, while voice chat and in-person meetings are easier to get a feel for.

If You Have a Short, Specific Request, Try to Put It at the Beginning of the Conversation
There’s no point in drawing out a conversation when all you need to do is ask a question. Doing so isn’t just wasting your time; it’s wasting the recipient’s time too. Be courteous and respectful of your colleagues’ time and ask questions as soon as you can.

Take Full Advantage of Your IM System’s Features
Many instant messaging platforms also allow for several other functions. If you fully take advantage of these features, your team can be more productive with your IM solution. For example, if your system allows for voice chat, using it can be a great way to clear up confusion or explain a particularly difficult concept. If you need to rope in another person, try adding them to the conversation when they need to be there. The idea is to play around with what works and what the limits of your IM system are. This way, you can help your team better understand how to take advantage of the features.

By following these best practices, your organization will see a more fruitful use of instant messaging features. What are some of your favorite ways to use instant messaging, and do you have any specific practices that you follow at your organization? We’d love to hear about them. Let us know in the comments, and be sure to subscribe to our blog for more best practices and tech tips.

22
Aug, 2016
cyberwar_is_the_best_400.jpg

For NATO, Cyberspace is Today’s Frontlines

cyberwar_is_the_best_400.jpg

It’s clear that security professionals have waged war with hackers since the Internet’s inception, but NATO has reaffirmed that cybersecurity is not just a localized problem; it’s a nation-state-wide issue, and one that needs to be addressed. Just like land, air, and sea, cyberspace is now an operational domain, a place that can be considered a battlefield.

NATO has declared that cyberspace qualifies as an area where conflict can occur, (it surprisingly took this long). While many cyber attacks tend to be limited to only data infrastructures, there are plenty of instances where attacks have moved from the cyber realm to the physical world. Some examples include a Ukrainian electrical grid hack from just last year, as well as a supposed Iranian hack of a United States dam control system. In other words, technology systems have the capabilities to cause quite a bit of damage, like blackouts or shutting down critical systems.

NATO Secretary General Jens Stoltenberg made a valid observation concerning the decision to add cyberspace to the list of operational domains: “Cyber defence is part of collective defence. Most crises and conflicts today have a cyber dimension. So treating cyber as an operational domain would enable us to better protect our missions and operations.”

Technology has become such a commodity in today’s world that even warfare is assisted by it, through providing access to important data and applications. Networks that are used to deploy this data could be hacked, causing important information to be either lost or stolen; thus, putting real-world lives at risk. Plus, if a hacking attack rendered citizens without heat, electricity, and other necessities, it could redefine what the world thinks of as a war of attrition.

NATO plans on securing networks and focusing on helping other countries secure their own. Additionally, NATO wants to help others identify where attacks come from, and what can be done about them. In 2014, NATO changed its policies to allow them to respond to any attacks against nations involved with the organization, so this shows that cyber warfare could potentially become a major factor in ongoing conflicts in the future.

Granted, measures that could be put into place are easier to talk about than to actually implement. Cyber security is generally handled on a state level, and while the US and UK have invested heavily in cyber security, other countries tend to think of it as a low priority, or don’t foresee it affecting them in the near future.

This decision by NATO should drive the importance of cybersecurity in the workplace, and reaffirm that your organization needs to take a cautious and proactive stance. Additionally, you’ll need to use best practices in order to minimize the risks of working online, as you’ll probably realize far too late that you’ve been infiltrated by hackers. It’s in your best interest to take a preventative stance on network security, regardless of how much risk you feel your business is at.

To learn more about IT security, reach out to us at 810.230.9455.

19
Aug, 2016
autoscaling_cloud_solutions_400.jpg

Why True Autoscaling is Out of Reach for the Average SMB

autoscaling_cloud_solutions_400.jpg

Shopping for a cloud solution can be difficult. You’ll be sold on plenty of impressive-sounding features that you may not know anything about. One feature that you may have seen floating around is autoscaling, which sounds great on paper, but may not live up to its expectations. The only problem, though, is how you can identify those that deliver, and those that don’t, before investing in a project.

The idea of autoscaling for your cloud solution seems to be great. Workloads can automatically be adjusted depending on the scale and specific amount of resources they need to perform a task. The idea is that these processes are automated so that you can focus on doing your job. This always-on feature keeps your network monitored, preventing bottlenecks and traffic spikes from derailing operations. Supposedly, cloud autoscaling can handle all of this without any human intervention whatsoever.

Unfortunately, this simply isn’t the case.

The reality of the situation is that autoscaling to this degree requires an immense amount of human oversight and intervention, that the “auto” in autoscaling is hardly a qualifying term. ITProPortal explains, “To create a truly automated and self-healing architecture that scales with little or no human intervention requires custom scripts and templates that can take months for a skilled team to get right, and many organizations have neither the time nor those resources to make it work.”

Instead of investing so much time and effort into making a truly automated system, it’s often best to just have human oversight involved in your cloud solution. This is done best by allowing trusted IT administrators to keep tabs on network traffic and intelligent scaling. Besides, isn’t a human system better than an automated system in the first place?

This type of oversight for a cloud platform is important, especially since network computing can be unpredictable at times. For example, what would happen if your website was hosted in the cloud, and your business was featured in a TV spotlight on the local news? Your website might crash from the unexpected amount of traffic it receives. Any solution connected to the Internet is vulnerable to such a threat, particularly DDoS attacks, which are frequently used by both fledgling hackers and experienced criminals alike. If a network is being monitored with the proper oversight, the needed resources can be allocated and scaled to suit the situation, and (hopefully) prevent the attack.

However, nothing is as simple as it seems, even when people are involved. For a small business, it can be difficult for the IT budget to procure a salary for a dedicated IT technician who can constantly oversee their network. Furthermore, even if you can accommodate an in-house IT technician, you know how busy they can get. ITProPortal explains: “They don’t have time for this either. Couple it with the fact that they are chastised when systems are under-provisioned or fail, that re-starting a system may land it on an unfortunate server filled with noisy neighbors, and that all of this is happening at the scale of dozens or hundreds of servers at a time – and this feels like a great time to just over-provision everything and leave well enough alone.”

The SMB seems to be stuck at an impasse here; with true autoscaling being difficult, if not impossible to achieve, and onboarding new IT technicians being out of scope, the most effective way to achieve a semblance of autoscaling for your cloud solution is to use a managed cloud service. NuTech Services’s managed services provides affordable and accessible IT solutions for small businesses, which can include the oversight you need for your cloud solution.

In the end, you won’t be doing any of the work, so it’ll be just as good as any automated cloud solution could be. To learn more, reach out to us at 810.230.9455.

17
Aug, 2016
used_computer_400.jpg

Tip of the Week: 4 Guidelines When Buying Used Computer Equipment

used_computer_400.jpg

One way that your business can save money is by purchasing used computer equipment, but only if you do your research and perform a meticulous analysis of where it’s been, and why it’s no longer being used. If you’re serious about purchasing pre-owned computing equipment, consider these four tips.

The Hard Drive’s Age
One of the most critical components of a computer is the hard drive. It can be difficult to judge the condition of a hard drive by observation, so keep this general rule in mind; the average lifespan of a hard drive is about five years, so you don’t want to purchase one that’s four or more years old. Or, rather, you should prioritize finding those that have more life left in them, as an older hard drive is typically at a higher risk of crashing.

However, an older hard drive doesn’t necessarily have to be technically useless. This five-year rule only applies to hard drives that see continuous use. If you find one that’s been used sparingly during its lifetime, it will probably have more life left in it than you might initially think. In general, the five-year rule isn’t something that you need to hold to. Just like any technology solution, there will be hard drives that can outlast others; some are known to exceed even 10 years without experiencing issues. Solid state drives are capable of bypassing this rule altogether, as they’re built to last for much longer than the hard disk drive.

In the end, you want to make your decision based off of what you need your hard drive to do. If it’s something that absolutely cannot fail, you may be better off just purchasing a new one outright. Or, you could use a reliable data backup and disaster recovery solution, like a BDR, and hope for the best.

Also, be sure to give the computer a test before you actually purchase it (if possible). If it’s making strange noises, it’s not a safe investment for your business.

Clean Up Your Used Technology
As you’re well-aware, computers are known to collect all kinds of grime, germs, and dust. This is important to keep in mind when you purchase a new PC, seeing as it might not be the cleanest machine in the world. It’s your responsibility to clean it up and make sure that it, or any of its components, are ready for use. Of course, depending on how long this process takes, you may just come to the conclusion that it’s too much of a hassle.

Additionally, there are some other components of workstations that are way too germy to be passing around the office. One example is the keyboard, a device so filthy and foul that it collects more germs than toilet seats. Just let that sink in before you pass on a used keyboard to another user. You might come to the conclusion that it’s better to just buy a new one.

The Parts Might Be Damaged
Whether you want to believe it or not, there’s a reason why someone is selling their used technology. Either it doesn’t work, or they found something that works better. Basically, it comes down to functionality. There’s no point in shopping around and investing in used technology if you wind up getting something that doesn’t work as intended. You would have been better off just purchasing a new part altogether, but you may not realize this until it’s too late.

This is what’s known in the technology industry as risk management. Some sources, like reputable online dealers, will be more reliable to purchase used technology from. Others, however, may not be so trustworthy. We’re looking at you, Craigslist.

Consult the Professionals
Here’s one last tip for procuring quality computer equipment: contact the IT professionals at NuTech Services. We’ll provide a clear risk assessment, identify quality sources of used IT equipment, and suggest new and affordable solutions that you may not even have known existed. It never hurts to ask for a second opinion.

If you’re finding that technology solutions are difficult to come by, reach out to us at 810.230.9455.

15
Aug, 2016
irs_scam_400.jpg

Couple Jailed for Scamming More Than a Couple Dollars From the IRS

irs_scam_400.jpg

It all goes to show: don’t mess with the IRS. The prison system has two new residents, after Anthony Alika, 42, and his wife Sonia, 27, were sentenced for filing fraudulent tax returns through the often-exploited “Get Transcript” site maintained by the Internal Revenue Service. In addition to their incarceration, the Alikas will each be responsible to pay restitution to the IRS.

Ultimately, Anthony is to serve 80 months in prison followed by three years of supervision upon release, in addition to paying $1,963,251.75 in restitution for conspiracy to commit money laundering. Sonia was handed down a sentence of 21 months of jail time, also followed by three years of supervision, and an IRS restitution totalling $245,790.08 for structuring cash withdrawals to avoid the required bank reporting. Each pled guilty to their charges.

These sentences were passed after the Alikas were found guilty of laundering $1 million in money stolen from the US Treasury by filing fraudulent forms, specifically income tax returns populated with data stolen from the Get Transcript vulnerability. The Get Transcript function, meant to allow taxpayers to review their past returns with clearly spelled-out information, also allowed the Alikas to obtain the data they needed to make off with their ill-gotten funds.

The Alikas, along with co-conspirators, would purchase prepaid debit cards and registered them to the identities they had stolen, before filing false returns for those identities and receiving the refunds on the prepaid cards. They would then use these cards to purchase money orders, deposit that money into bank accounts, and withdraw their loot in multiple small increments to avoid the bank reporting of the transactions.

This isn’t the first time hackers have used the Get Transcript portal, either. In May of 2015, 100,000 tax accounts were stolen and used to take almost $50 million from the IRS. This is all because the authentication requirements to access the necessary information are flimsy.

Reacting to this case, the United State Department of Justice put out a press release outlining some best practices to keep personal information and accounts as safe and secure as possible.

File Early
A tax refund criminal can’t file a false return if the return has already been filed by the actual individual who should be doing the filing. The longer a return goes without filing, the more opportunity a criminal has to file one fraudulently.

Use Strong Usernames and Passwords
This one goes for any and all online accounts, but especially for those containing information as sensitive as a tax return does. If a close family member could get pretty close to the credentials with a guess, those credentials are nowhere near strong enough.

BONUS TIP: Randomized strings of upper and lower-case letters, numbers, and (if permitted) symbols are the most secure option when selecting a password.

For more tech security information to help keep your data–and yourself–safe, keep coming back to the NuTech Services blog.

12
Aug, 2016
verizon_network_security_400.jpg

Study: 95% of All Cyber Attacks are Financially Motivated

verizon_network_security_400.jpg

Businesses need to take security into account and make it a priority. In fact, security is so important that Verizon has compiled a report of the various types of attacks and data breaches that occurred in the past year. This is Verizon’s Data Breach Investigations Report, or DBIR, and it offers insights into how you can protect your business and secure your assets.

The DBIR has a method of outlining data breach types into nine separate categories. In particular, your business should focus on four of them. We’ll provide you with a basic outline of what the threat entails, as well as how your organization can protect itself from them.

Crimeware
The DBIR reports that crimeware is one of the most common trends in the business environment, citing that 39 percent of all attacks in 2015 involved ransomware. The DBIR’s definition of “crimeware” is quite large, and is used to refer to “any use of malware that doesn’t fall into a more specific pattern.” This lack of predictability makes crimeware rather dangerous, and only serves to show business owners just how many different types of threats exist that fall into this category.

The DBIR recommends that all workstations and servers be patched and maintained at all times, and that organizations have backup and disaster recovery solutions put into place to prepare for the worst. Additionally, it’s recommended that you monitor your systems for any changes to system configurations.

Web Application Attacks
E-commerce platforms are some of the most common targets, and it’s simple to understand why. In the DBIR, 95 percent of all web application attacks had some sort of financial motivation. These attacks are caused by successful phishing attempts to steal credentials and infiltrate networks. Additionally, content management system data breaches have become quite common, with some aiming to infiltrate and repurpose sites as phishing centers.

The DBIR suggests using two-factor authentication, and to promptly update and patch software as needed.

Cyber Espionage
Some criminals will primarily target intellectual property. These cyber-espionage tactics will stick to your typical methods of network breaches and utilize sophisticated means to meet their goals if simple tactics don’t work. Therefore, many of these attempts to steal sensitive data can be undermined by basic protection, like firewalls and antivirus, but these solutions shouldn’t be counted on to keep out more advanced threats.

Additionally, you need to take advantage of advanced security solutions, like remote monitoring and management, to ensure that your infrastructure’s configurations aren’t being tampered with, and implement a mobile device management solution to protect your organization’s mobile data infrastructure.

Miscellaneous Errors
This category consists mostly of mistakes of all kinds that leads to compromised security. Verizon reports that around 40 percent of miscellaneous errors are caused by server issues, and about 26 percent are caused by simple employee mistakes, like sending a message filled with sensitive data to the wrong person.

The DBIR suggests that business owners or technology professionals strengthen control over how sensitive data is distributed. Verizon suggests the thorough and proper disposal of any unneeded or irrelevant hardware, and we’d like to mention how employee education as a preventative measure. By ensuring that your team is informed of industry best practices and data management techniques, you’ll drastically cut down user errors.

The takeaway: Basically, the majority of security discrepancies were due to, with varying degrees, human error. This is natural, as hackers actively look to exploit the weaknesses of the human mind. Therefore, if the people that make your business tick are the weakest link in the chain of operations.

What can you do to safeguard your data? For starters, stay up-to-date on the various trends in security breaches, and always keep your systems prepared by installing patches and security updates. To learn more about cyber security and preventative technology solutions, reach out to NuTech Services at 810.230.9455.

11
Aug, 2016
alert_windows_and_edge_updates_400.jpg

Alert: Microsoft’s Latest Patches Address 27 Vulnerabilities

alert_windows_and_edge_updates_400.jpg

Microsoft recently issued security patches to fix 27 vulnerabilities, many of which are critical in nature. The vulnerabilities are significant and popular titles are affected like Windows, Microsoft Office, Internet Explorer, and the new Edge browser. Microsoft users that ignore these security patches are putting their system at unnecessary risk.

If you’ve already applied the security patches, then rest assured, your computers are safe and what follows is an informative read of what you’re protected from. On the other hand, if you haven’t yet applied the security patches, then we’ll go over why you’ve got good reason to worry.

In relation to the critical vulnerabilities affecting Microsoft Office, Internet Explorer, and Edge, hackers have found a way to remotely execute malicious code through Office documents or web pages. Microsoft goes into detail about this in the following security bulletins:

Microsoft has also found and fixed vulnerabilities with the Windows Graphics Component, which affects Windows, Microsoft Office, Skype, and Lync. Hackers can exploit this vulnerability to remotely execute code through malicious documents and web pages.

Perhaps affecting the most users is a vulnerability discovered in Windows PDF Library, which comes bundled with Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2012, and Windows Server 2012 R2. This vulnerability involves a critical remote code execution flaw. The Edge browser is uniquely affected by this vulnerability, giving hackers an opening to exploit a malicious PDF document hosted on a website, which they’ll use to trick users into downloading.

Not all vulnerabilities fixed by Microsoft are categorized as “critical.” The security patches also take care of vulnerabilities deemed “important.” Still, the lessened severity of the threat doesn’t mean users can afford to ignore the patches.

Have you already applied Microsoft’s security patches? It’s important that you do and NuTech Services is standing by to assist if you require our services. To make this happen, simply call us at 810.230.9455.

We should also mention that NuTech Services clients who are taking advantage of our managed IT service have no need to worry about applying the security patches; our techs have already remotely performed this task for you. This is the case with all security patches and major software updates, meaning that you can rest easy knowing that your system is protected.

10
Aug, 2016
working_remotely_400.jpg

Tip of the Week: 4 Easy Ways to Make Working Remotely Work for You

working_remotely_400.jpg

Working remotely is made much easier thanks to today’s modern technology solutions. Many organizations have at least part of their workforce working remotely, but without the proper support, remote work wouldn’t be possible. With the latest technology and a couple of best practices, the remote worker can be just as productive, if not more so, than the in-house worker.

Here are four ways that you can maximize your productivity while working remotely.

Have a Dedicated Office
In the office, you might have your own cubicle or workspace. However, when you work remotely, the world is your office. As long as you have Wi-Fi, you could turn a restaurant booth into your desk, or a living room into a home office. Yet, this can often lead to counterproductive or distracting circumstances. Rather than let these distractions take over your workday, you should instead invest in a dedicated home office, where you have plenty of space and privacy. This is the place you want to go to if you need to get pressing work done. This also helps you avoid busy public places, like restaurants.

Set Specific Rules for Family and Visitors
Working remotely means that you’ll need a dedicated workspace, and as such, you should keep distractions out of it; this includes family or visitors, who may drop in unannounced. You should set clear boundaries to when they can (and can’t) drop by. Furthermore, you should keep your daily chores to a minimum while you’re working remotely. It might be tempting to do the dishes or clean up a bit so that you don’t have to do it later, but you’re working remotely to do your job, not clean.

Work Until the End of the Day
Sometimes you might get the impression that, since you’re working remotely, you could cut out early at the end of the day and nobody would notice. While you might be right, doing so could become a slippery slope that could affect your daily productivity. Before you know it, fifteen minutes could turn into a half-hour, then an hour, and so on. Be sure that you don’t abuse the privilege.

Implement the Right Technology Solutions
Since your remote workers aren’t in the office, they’ll need the proper technology to do their jobs as if they were in the office. This includes making your infrastructure as accessible as possible, but not without ensuring its security. A virtual private network and Voice over Internet Protocol can help your remote team stay connected to the office. If your business needs assistance making your infrastructure mobile-friendly, NuTech Services can help.

For more information about how to keep your remote workers productive, contact us at 810.230.9455.

8
Aug, 2016
steam_windows_10_400.jpg

New High Score for Microsoft: More Than 44% of All PC Gamers Use Windows 10

steam_windows_10_400.jpg

While we tend to focus on the latest technology solutions in the workplace, sometimes it helps to view them from a different perspective, like recreation. Specifically, Windows 10 has become a popular operating system amongst PC gamers, and has reached nearly half of the considerable total user base of the cloud-based gaming platform, Steam.

For the month of June, use of Windows 10 (both 32 and 64-bit versions) with Steam reached an all-time high of 44.6 percent; an increase of 3.41 percent from the previous month, and a 1.54 percent increase from the month before that. It’s safe to say that the free upgrade played a major role in this increase in use, but now that it’s no longer offered for free, is Windows 10 still worth the investment? We would argue yes, as do the gamers. After all, they want to take advantage of the latest Windows OS, and so should you.

Not all Steam users use Windows 10, though. Here are some statistics from the latest Steam OS check:

  • Windows 7: 36.97 percent, down 2 percent from last month
  • Windows 8.x: 12 percent
  • All Windows OS: 95.5 percent
  • Mac OS X: 3.6 percent
  • Linux: 0.8 percent

Regardless of whether or not you enjoy games, there’s a lesson that can be learned from these statistics, and it’s that the latest operating system can offer a significant improvement to your user experience. For gamers, their hobbies are a way of life, and they take it very seriously. They’re often known for their meticulous attention to PC performance and specifications, so it’s no surprise that they would be willing to adopt the latest Microsoft operating system.

If anything, these statistics are a strong endorsement of Windows 10, and warrant, at least, a consideration of an upgrade. If you’re unsure of how an upgrade can help your business or user experience, NuTech Services can help. We’ll work with your business to ensure that legacy applications and software solutions aren’t negatively affected by an upgrade. In situations like this, it’s always best to have professionals on hand to guarantee that you experience minimal downtime.

To get started with Windows 10, give us a call at 810.230.9455.

5
Aug, 2016
droidjack_hurting_companies_400.jpg

Download the Wrong App and Have More Than Pokémon Fever Infect Your Device

droidjack_hurting_companies_400.jpg

There’s a new augmented reality game on the market these days. Perhaps you’ve heard of it – a title called Pokemon Go, which lets you capture virtual monsters that “appear” on your smartphone’s camera. However, hackers have seized this opportunity to infect players’ mobile devices with a backdoor called DroidJack, which uses the mobile app’s immense popularity to its advantage.

As one of Nintendo’s most popular gaming franchises, it shouldn’t come as a surprise that Pokemon Go has experienced such a warm reception amongst both new and old fans of the series. It’s ranked as the #1 most downloaded app on both the Apple Store and Google Play store, and was so wildly successful that Nintendo’s stock surged following its release. With over 75 million users worldwide, it has more users than some of the most popular smartphone apps, including Tinder, Twitter, and Google Maps.

Of course, hackers have to ruin the most popular of things, and they made an attempt to exploit this in the form of a malicious APK (Android application package). The game experienced a soft release, probably in order to ensure that the servers (which many Pokemon Go gamers suspect is simply a closet full of potato electrodes due to frequent crashes) could handle the traffic volume, which left many countries around the world without access to the game at first.

Thus, impatient fans made attempts to download the APK file and “side-load” it onto their devices – a major no-no for any security-minded mobile device user. Basically, you have to allow app installation from unknown sources, which is frowned upon due to some apps containing malware, or unnecessary permissions. Yet, those who wanted to play the game didn’t think for one second that what they were really downloading was a backdoor into their devices.

Due to the exclusivity of the application in the days before its release, many users outside of a select few countries chose to download the APK from an unknown source and just rolled with it. Today, the app is available in many countries, but a modified APK that was released online prior to the official release allowed remote access to the device, and can provide full control over the victim’s phone. In worst-case scenarios, this vulnerability extends to the rest of any network that the device is connected to. Security firm Proofpoint suggests that it’s entirely possible that, should infected devices connect to your network, networked resources can also be put at risk.

Take a look at the DroidJack-infected app’s permission request, and see for yourself just how strange they might look.

https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig2.png
https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig3.png

This is a valuable lesson to anyone who uses a smartphone: be careful of what apps you download, and ensure that you aren’t giving your apps too many permissions. There’s almost no reason that a game of any kind should be able to access your text messages, make phone calls, modify your contacts, record audio, or anything else of the sort. Exploitation of the APK hasn’t necessarily been observed in the wild, but a development such as this, where hackers use popular apps to spread their infections, sets a dangerous precedent that cannot be ignored.

You should never install apps from unknown sources in the first place, especially on company devices and smartphones. It’s especially important that you only download apps from reputable sources, like the Apple store and the Google Play store.

After all, “Gotta catch ‘em all,” shouldn’t refer to malware infections.

3
Aug, 2016
secure_yourself_password_400.jpg

Tip of the Week: Why You Should Rethink Routinely Changing Your Password

secure_yourself_password_400.jpg

One of the main ways to keep an account’s credentials secure is by changing them consistently. However, we ran across an article recently that plays “devil’s advocate” on the password security issue, and they made some fair points about how changing passwords too frequently can lead to decreased security as a whole.

At first, this idea may not make a lot of sense. The reason that we change passwords so often is to prevent them from being used in attacks on sensitive accounts. If hackers steal passwords that don’t work, they can’t access the accounts. IT administrators often require user passwords to be changed on a regular basis, which may prompt users to choose passwords that are easy to remember or less complex than they should be.

In reality, there are several news outlets and security websites that suggest changing passwords regularly will lead to less-secure passwords as a whole. ZDNet, The Washington Post, and WIRED magazine, all suggest that frequently changing passwords, despite its intended purpose, can lead to watered-down security. Consider this scenario: you’re using a password, but are suddenly forced to change it. Would you be more likely to create a whole new password, or use a slight variation of your current password?

The Washington Post writes, “forcing people to keep changing their passwords can result in workers coming up with, well, bad passwords.” This statement is backed by research from a study performed by Carnegie Mellon University, which found that those who feel that their organization’s password policy was annoying, created passwords that were 46 percent less secure. Additionally, users who need to update their passwords constantly often leave patterns that connect old passwords to new passwords, like replacing a letter with a number or special character.

ZDNet explains that changing passwords for the purpose of securing accounts in case of stolen credentials doesn’t make sense, simply because “stolen passwords are often exploited immediately.” The security website also cites that “regularly changed passwords are more likely to be written down (another vulnerability) or forgotten,” which only seems to add to the frustration of changing passwords on a regular basis.

The fact remains that passwords may not be the most reliable way of keeping accounts safe, but there are ways that you can make using passwords, and account security, easier to handle. One way is to use an enterprise-level password manager. You can store all of your organization’s credentials in one secure location, where they will be called from and propagate in the required fields when needed. This helps you utilize complex passwords without needing to remember all of them.

Another way that you can improve account security is through two-factor authentication. This adds a second layer of security to your accounts by requiring a secondary credential, which can be sent to a smartphone via SMS message, voicemail, an alternative email account, and more. There are also biometric or GPS-tracking two-factor authentication methods that are viable (and effective).

If you’re ready to improve your business’s security practices, reach out to NuTech Services at 810.230.9455.

1
Aug, 2016
netflix_password_sharing_no_no_400.jpg

Warning: It’s Now a Crime to Share Your Netflix Password

netflix_password_sharing_no_no_400.jpg

“What’re you in for?” a prison inmate asks. “I shared my Netflix password with my sister,” you say. This conversation might be absurd, but according to a recent ruling in accordance with the Computer Fraud and Abuse Act, it’s one that could actually happen. Now, sharing your Netflix password to let someone catch up on their favorite TV show can be considered a federal offense.

In a two-to-one ruling, three judges from the Ninth Circuit of the United States Court of Appeals declared that password sharing is a federal crime. The case in question included a former employee of Korn Ferry, David Nosal, who was headhunting his former colleagues with the intention of obtaining valid user credentials to steal data from Korn Ferry.

As expected, this landed Nosal in court, and he was charged with hacking in violation of the Computer Fraud and Abuse Act (CFAA). The CFAA has an extraordinarily wide reach, and allows the Justice Department to go after anyone who does something as meager as violating the Terms of Service agreement issued to the user of any end product (like, say, an online streaming service).

Though Nosal managed to get off the hook for his 2011 charges, he was convicted of his 2013 charges due to a ruling by a federal jury. His sentence was set for one year and one day, and earned him a felony. Yet, the one dissenting judge feels that this kind of sentence is harsh; Judge Stephen Reinhardt, who sees the larger implications of such a ruling:

“This case is about password sharing. People frequently share their passwords, notwithstanding the fact that websites and employers have policies prohibiting it. In my view, the Computer Fraud and Abuse Act (“CFAA”) does not make the millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals.”

What this precedent sets is that even “generally harmless conduct,” like sharing your passwords for subscription-based streaming services like Netflix or HBO Go, can be penalized under law. Netflix only allows its service to be used in one “household,” on six different devices, with streaming capabilities on two devices at a time. The new ruling gives Netflix a reason to crack down on those who are sharing passwords without first asking them for permission to do so.

This particular interpretation of the CFAA makes it more important than ever to keep your passwords safe and secure from anyone besides yourself. After all, the more people who have access to a password, the more likely it is that the password will fall into the hands of hackers. Therefore, you should practice proper password security and keep sensitive information away from everyone who has no business accessing it.

For more trending tech news, tips, and tricks, be sure to subscribe to our blog.