22
Nov, 2021
NewRules_353881430_400.jpg

U.S. Government Making an Effort to Stop Exploits

NewRules_353881430_400.jpg

Earlier this year, there was a string of high-profile ransomware attacks leveraged against major companies. Now, the United States has issued an order that dictates guidelines for how to patch various vulnerabilities in affected systems within federal agencies and organizations. It’s a huge move in an effort to stop hackers and other cyberthreats from becoming more serious problems in the future.

The direction was issued by the Cybersecurity and Infrastructure Security Agency (CISA), and it essentially assigned due dates ranging from November 2021 to May 2022. CISA is urging all federal agencies and organizations to resolve certain known and exploited vulnerabilities during this timeline. There are some notable exceptions for national security-related infrastructures, though.

The catalog of known, exploited vulnerabilities is located on CISA’s website. This catalog contains information on each known vulnerability, and all of them (around 300 or so) are all believed to pose some kind of threat to the federal government. The catalog also links to NIST database entries for guidance on how to apply these patches and resolve these vulnerabilities.

This is obviously a huge undertaking and one that could lead to miscommunications, confusion, and more throughout the patching process. This is especially true when you consider that each department is responsible for deploying their own updates and are only accountable to CISA. Even so, CISA is applying pressure on these organizations to meet specific criteria within a timeframe.

This timeline varies, but within 60 days, agencies must review and update their policies on vulnerability management, and these new policies must be made available to CISA upon request. Agencies must also have a policy in place for carrying out the directive issued by CISA. Organizations must identify who is responsible for this, as well as how they plan to track and report on the implementation process.

If you think patch management is difficult for governments, then imagine how difficult it can be for small businesses with more limited spending power and fewer resources at their disposal. SMBs tend to patch vulnerabilities when they have the time and resources to do so rather than when they need to be deployed, which is not the correct approach. For each day you don’t resolve a vulnerability, you are giving hackers countless opportunities to break into your network.

NuTech Services can help your business with patch implementation and update deployment. We can make this process automatic and easy to take advantage of. You’ll find that there are countless benefits to freeing yourself from the worries associated with technology management and maintenance, and trust us when we say you’ll never have to worry about patches or updates again.

To learn more, reach out to us at 810.230.9455.

4
Jan, 2021
79265714_net_neutrality_400.jpg

Net Neutrality and the Digital Future

79265714_net_neutrality_400.jpg

In the United States, the political atmosphere in 2020 was extremely testy and one element that we typically keep our eyes on is the net neutrality rules that seem to change every few years or so. Today, we thought we’d revisit the issue and tell you what to expect over the first few months of the new administration. 

So, What is Net Neutrality?

Net Neutrality is the theory that the Internet should be viewed as a utility and therefore be regulated in a way where use of it is fair throughout. The debate rages between pro-net neutrality people and pro-business people who believe that by having so many rules in place, innovation of Internet-based technology suffers. Some variables that are part of the argument include how the services are deployed, how telecommunications companies set prices and service packs, and how to get the Internet to everyone who needs it (which is everyone these days).

The Federal Communications Commission, led by FCC director Ajit Pai, successfully oversaw the repeal of the net neutrality regulation in 2017, which effectively re-categorized Internet services from being a utility to an independent service. Of course, this was met with extreme frustration by the masses, who overwhelmingly believe that the Internet should be a universally regulated entity, just as electricity and water services are. 

Where We Stand Now

The Internet has been extraordinarily busy in 2020 as people socially distance because of the COVID-19 pandemic. ISPs, to their credit, did rally to provide some value to customers during the start of the pandemic. Months later they put together a list of how they’ve “Gone Above and Beyond” during the COVID-19 pandemic.

If net neutrality were still in place, who knows what would have happened, but you could bet that the FCC, as a regulatory body would have done what it could to ensure that lines of communication weren’t obstructed because of profitability issues. 

What Will Happen with Net Neutrality in 2021? 

Some people believe that net neutrality will be revisited in 2021; and, while that could happen, with everything that is going on today, and the changes in the FCC mandate, it will be interesting to see if the new administration thinks that it’s a big enough issue to address early on. First thing is first, a new FCC director will be named and that process could take months to iron out. One thing is for sure, the Internet has shown that it is extremely important today and should be protected against any entity that can make it difficult for people to gain access to it. 

What are your thoughts about net neutrality? Are you of the belief that ISPs need oversight to maintain fair practices or do you think that the natural market competition will keep ISPs from taking advantage of their positions? Leave your thoughts in the comments section below.

15
Jun, 2020
202171506_social_media_400.jpg

Social Media is Being Scrutinized

202171506_social_media_400.jpg

It’s probably fair to label social media as one of the greatest inventions of the 21st century. Nearly half of the world’s population are active users of social media; and, that number would almost certainly be higher if more people had access to unencumbered broadband. Over the past few weeks, however, one of the most utilized social media services, the microblogging website Twitter, has sparked some controversy after they added an amendment to a tweet sent by the U.S. President Donald Trump suggesting it contained “potentially misleading information”. Today, we’ll briefly discuss what this showdown with the White House means for social media companies. 

To start, let’s go back a few years. In the aftermath of the 2016 Presidential election, another major social media company, Facebook, was under fire for allowing foreign companies to influence the outcome of the election through insite advertising. Google and Twitter were also caught up in the mess, but the scrutiny Facebook saw during the ordeal, well…really hasn’t gone away. 

The result was hearings, lots of hearings. The debate whether social media advertising–if it is broadcasting hateful, divisive, or misleading information–should be allowed on these platforms rages forward. Facebook stood by the First Amendment, even as it was embroiled in the Cambridge Analytica mess. Twitter, took a different approach. They enacted a Civic Integrity Policy. This policy allows them to mark political posts that contain false information. CEO Jack Dorsey stated, “We’ll continue to point out incorrect or disputed information about elections globally. And we will admit to and own any mistakes we make.”

This action was implemented on a Presidential tweet, and it has drawn the ire of the White House. They immediately stated that this policy allegedly prioritizes perspectives that ignore a conservative point of view. Twitter denies this.

Trump’s reaction to this was swift. The President signed executive order #13925 – Preventing Online Censorship, which gives the Federal Communications Commission the power to regulate social media’s censorship practices.

Soon after, the Center for Democracy and Technology filed a federal lawsuit with the President as the defendant stating that the executive order is unconstitutional and violates the company’s First Amendment rights. Whether a company is entitled to rights, will be a major point of contention in the days ahead. The CDT went on record stating that, because of the executive order, tech company executives believe it will actually work to limit free speech, as businesses will err on the side of caution to avoid risk of crossing federal regulators.

Do you believe that it is responsible for social media companies to warn viewers that powerful people could be lying? Leave your thoughts in the comments section below. Please be respectful.

17
May, 2019
199393098_rights_400.jpg

What Does Internet Rights Advocacy Mean?

199393098_rights_400.jpg

The Internet is a vast and amazing place. Some have even argued that it is one of people’s best-ever inventions. Some would push it further by actively attempting to outline what rights an Internet user has. Advocacy groups have been popping up, and while it has had a marked effect on public policy in more progressive nations, some nations look on these groups with disdain. Today we will take you through human rights advocacy on the Internet, and what to expect going forward.

Initially, the advocacy of Internet Rights was just that: the right to have access to the Internet. While this isn’t a problem for as many people as it once was, some places still don’t have fair, affordable access to high-speed Internet service. Some nations, despite providing access, have Internet laws that subdue use due to an overlaying censorship. This issue, and the monetization of collected consumer data, are two of the hot-button issues today for Internet Rights advocates.

Lead Up

The Internet is a relatively new technology, especially in the manner it is being used by people today. As a result, there are different views on how these technologies are disseminated, who profits from them, and how non-controlling entities have their rights repressed. As a result, you’ll find from the early days of Internet rights advocacy, the largest voices were from organizations that found the equitable portion of the Internet either unnecessary or repressive to the rights of consumers.

Notice that the access to the Internet was not even on the roadmap. The nature of the early commercial Internet was such that it could be successfully described as libertarian. Through the end of the 1990s, as the first round of dot com investments started to tank, it became obvious that the technology would end up bigger than anyone had anticipated and needed regulation.

In the U.S. many fights have been undertaken in the subsequent 20 years. Many of which were pushed by Internet rights advocates. One of the most famous is:

Reno v. American Civil Liberties Union (1997)

In an attempt to clean up what some people considered indecent content on the Internet (pornography and the like); and more accurately, to keep kids away from this content, Congress passed the Communications Decency Act. The ALCU, which is a well-known civil rights advocate group, filed suit. The provision was eliminated by two federal judges before being heard in front of the Supreme Court, which upheld the lower courts’ rulings. This was a major blow against censorship; paving the way for free expression on the Internet.

While the ALCU isn’t exactly an Internet Rights Advocate, the landmark case ushered in a new world of free speech on the Internet; and, it sets the tone for Internet rights advocates to this day.

Personal Privacy

Today there are many organizations looking to protect people on the Internet. Sometimes their views overlap, sometimes they don’t. One of these groups, the Electronic Frontier Foundation (EFF), is a major player in the fight to keep speech (and content) free from censorship on the Internet, the fight against the surveillance state, and most notably, the ongoing fight for individual privacy.

Businesses of all kinds, as well as government agencies have grown to take significant liberties with people’s personal information. Organizations like the ALCU and the EEF work tirelessly to get the topic of personal data privacy in front of decision makers.

Have you ever wondered how you just had a conversation with your friend via some type of app about fingerless gloves and now your sidebar on every website is now filled with fingerless glove ads? Most users don’t fully understand that organizations that you interact with online keep a profile on you. All of your actions, any personal or financial information that you share, and more is stored in a file that is often packaged and sold off by those organizations to advertising firms.

These advocates, among the other issues they stand up for, are trying to push the issue of personal data privacy. The main point of contention is that companies profit off of the information people provide, and since this information is very clearly personal in nature, it is their belief that individuals are being taken advantage of. This debate has been ratcheted up significantly with the European Union’s General Data Protection Regulation (GDPR) that intends to protect individual information.

While it might be a matter of time before the U.S. gets a data privacy law in the same vein as the GDPR, Internet rights advocates will continue to act in the public’s favor on this issue, and many others.

Net Neutrality & Access to All

One of the biggest fights that Internet rights advocates are undertaking is against the companies that deliver the Internet itself: The Internet service providers (ISP). For those of you who don’t know, over the past several years the U.S. Government created mandates that forced ISPs to provide access to applications and content without favoring any, even if they are the ones that use the most bandwidth.

The theory is that the typical Internet user only does so much on the web. They typically access the same sites and use their Internet connection for the same things. This creates a situation where ISPs, using market adjustments would want to get more money per byte than if users used a variety of sites to do the same. With federal control, they were forced into charging a flat rate.

The net neutrality laws that were instituted in 2015 were repealed in 2017, as controlling bureaucrats argued that there were enough people without fair access to the Internet and the only way to persuade the ISPs to commit to investing in infrastructure that would curb this problem is by repealing the net neutrality laws. Needless to say, this caused quite a stir.

Internet rights advocates were quick to point out investment in Infrastructure is in these ISP’s best interest and giving them the ability to slow down Internet speeds as they see fit is not good for consumers. Unfortunately for most Americans, these ISPs are the companies you have to get your Internet service from if you want speeds that allow you to use it the way you want. Advocates are still trying to do what they can to educate people about the benefits of net neutrality and have set up websites with information and for people to give their support. Organizations like the aforementioned ACLU and EFF,  the American Library Association, and Fight for the Future, Demand Progress, and Free Press Action currently sponsor www.battleforthenet.com, a one-stop site for all things net neutrality.

Advocacy can go a long way toward giving a voice to people who may not think they have one. What Internet-related topics do you find to be problematic? Leave your thoughts in the comments and subscribe to our blog.

11
Dec, 2017
blog2_gavel_square_108943691_optimized.jpg

Net Neutrality Still Needs Your Help!

blog2_gavel_square_108943691_optimized.jpg

December 14th is the last day that our government representatives can vote whether or not to continue the Internet’s protection under the net neutrality rules established in 2015. Without these rules in place, your data can be analyzed by your Internet service provider, and they are free to act on that knowledge and manipulate your Internet in support of their own interests.

From the beginning of our democracy, there are a few basic freedoms that all citizens have been given through the First Amendment to our Constitution: freedom of speech, freedom of the press, and freedom of assembly. Rolling back net neutrality rules would allow your Internet service provider to analyze your web activity and adjust what you are able to access to support their agenda–or more realistically, that of the highest bidder–infringing on those rights in order to make themselves a bigger profit.

We recently discussed this in more depth in a post entitled Net Neutrality: Everything Business Owners Need to Know. Make sure you give it a read for more context into this issue.

How this Affects You
Small and medium-size businesses have enough competition to deal with from large corporations as it is. Without these rules, however, ISPs could essentially allow large corporations to pay for prioritization, making their website’s user experience better than yours, encouraging users to go to them instead.

Your competitors could literally pay your service provider to give you an inferior service, slowly sending you out of business.

On a wider scale, the removal of these rules would also allow ISPs to deny access to any website whose agenda wasn’t in line with their own, censor content that they didn’t agree with, or block visitors from accessing a website belonging to a protesting labor union–all of which happened before the net neutrality rules were put in place, and will happen again if they are rolled back.

What You Can Do to Help
Regardless of your industry, this will affect you as a small- or medium-sized business owner. The time to act is now. Visit www.battleforthenet.com to contact your representative today and tell them to stop the FCC from doing considerable harm to the free and open Internet. Send an email, call their offices, make sure they know how opposed you–their constituent–are to this transparent attempt by the telecoms to abuse the Internet for profit.

9
Oct, 2017
auto_vote_digital_400.jpg

Security Concerns Have Led To New Voting Machines In Virginia

auto_vote_digital_400.jpg

Regardless of your feelings on the matter, the 2016 United States presidential election was an extremely divisive one–in no small part, due to the suspicion that the outcome of the election may have been significantly influenced by hacked voting machines. This uncertainty has led to some states making strides to ensure that their technology will no longer be responsible for such doubts.

Virginia is one of those states, deciding to remove direct-recording electronic voting machines in favor of those that produce paper documentation. In addition to that, there is now legislation in Virginia that will remove all touch-screen voting devices from circulation by November 7, 2017. This is when the next governor is to be elected, along with various other positions.

According to Politico, Governor McAuliffe has pushed for legislation to provide the necessary budget to replace new voting machines, but this legislation was denied two years ago. Things have changed since then, and now the state has little choice to obtain new machines, as the old ones will no longer be certified for use.

Other states have been recommended to emulate this decision by the Board of Elections, but again–it’s only a recommendation. While paper ballots do seem to be more reliable and authentic as the tangible option, counting them can be a drag. Therefore, it only makes sense that the states would want to expedite the process with technological assistance. Even so, there is the risk that this key democratic data can be manipulated and altered.

You can find a similar scenario much closer to home, in your very own business. If your systems aren’t painstakingly maintained–as many states’ voting machines are not–they can be vulnerable to numerous hacks and other attacks. Do you really want to risk your sensitive data when a solution is so easy to find?

NuTech Services’s technicians can help give you the ability to better prepare for a successful future for your business. One way is by equipping you with a Unified Threat Management tool that helps protect your business from threats before they have a chance to strike. Call 810.230.9455 for more information.

2
May, 2016
congress_to_hear_arguments_for_ecpa_reform_400.jpg

A Law From 1986 Shouldn’t Govern Email Privacy in 2016

congress_to_hear_arguments_for_ecpa_reform_400.jpg

Are you familiar with the protections in place that ensure that your digital communications remain private? What’s keeping an entity like the government from going through your emails? In the United States, the government uses a loophole in an outdated law to access the digital information they want from its citizens. If you’re concerned about privacy, you need to be informed about such laws and loopholes.

For the US government, this loophole is found in the Electronic Communications Privacy Act (ECPA). Key to this discussion is the fact that the law was originally passed in 1986. We don’t have to tell you how different the technological landscape was in 1986, much less digital communications like email. The loophole to ECPA is that it considers any stored electronic communications over 180 days old to be “abandoned,” and thus, law enforcement agencies can access it after the 180-day mark without a warrant. Obviously, the original version of ECPA was passed without having any idea how dependent the world would become on sharing and storing digital communications 30 years into the future.

Recently, legislative action has taken place to try and close this loophole. CompTIA reports:

On April 13th, the House Judiciary Committee unanimously passed an amended version of the Email Privacy Act (H.R. 699)… The Email Privacy Act would put an end to this outdated 180 day rule and require a warrant for law enforcement to access the content of all stored communications. While the current iteration of the bill is not perfect, we were happy to see that it does not contain a carve out to the warrant requirement for civil agencies, nor does it alter ECPA’s emergency exception procedures.

The idea here is to protect users of email and cloud services, along with the service providers themselves. As society continues to become more dependant upon digital communications, having discussions like this and knowing who has access to your data is increasingly important.

Were you aware of this loophole before reading this article? Do you feel this is cause for concern, or do you not care if the government reads your emails? Share your opinion with us in the comments.