Latest Post

Blog

New malware threats on Mac computers

No computer is safe from malware, not even Macs. Even though incidences of viruses and malware are rare for Apple computers, they can still occur with disastrous consequences. Based on one security software firm’s report, MacOS malware grew by 744% in 2016, but the number of attacks were still fewer than attacks on Windows computers. So even though they’re safer, you still need to know how your Mac is vulnerable to a growing number of malware threats.

How the new malware attacks Macs

The new strain of malware targeted at Macs is called OSX/Dok, which was first discovered in April 2017. OSX/Dok infiltrates Macs through phishing attacks, whereby users receive a suspicious email with a zip file attachment. Like all phishing attacks, it contains a message that tricks the recipient into opening the attachment purportedly about tax returns.

Mayhem ensues once the malware is in the system, gains administrator privileges, takes over encrypted communications, changes network settings, and performs other system tweaks that put the users at its mercy.

What the malware does

The malware targets mostly European networks, but it’s expected to spread into other regions. Even more alarming is its ability to bypass Gatekeeper, a security feature in the MacOS designed to fend off malware. This is because its developers were able to obtain a valid Apple developer certificate, which makes the attachment appear totally legitimate. Although Apple has addressed the issue by revoking the developer’s certificate of the earliest versions of the malware, the attackers remain persistent and now use a new developer ID.

How to avoid the mayhem

The Mac-targeted OSX/Dok malware is easy to avoid if you keep your wits about you when receiving zip files from unknown senders — these files should be treated as high-risk and be reported to your IT team, quarantined, or junked. Whether you’re using a Mac or a Windows computer, clicking on suspicious ads can download and install apps from third-party sources that put your system at risk.

Mac users are not completely safe, and complacency with security could only result in compromised and irreparable systems, ruined reputation, and lost profits for businesses. For this particular malware, a simple act of vigilance may be all it takes to avoid having your Apple computer bitten by bugs. If you want to double the layer of protection for your business’s Mac computers, call us for robust security solutions.

Published with permission from TechAdvisory.org. Source.

Ugly websites cost your business big time

Good things come to those who wait, and this is especially true for small- and medium-sized businesses that plan on creating an eCommerce website. According to Vistaprint’s study on 1,800 consumers, 42 percent of respondents are “very unlikely” to buy from unprofessional or ugly websites. Go through your site and ensure everything is in order. These key indicators might help:

A variety of clean photos
Always take photos under professional lighting to really get the best images of your products. When customers are browsing, it’s normal for them to want to see as much detail as possible, so try to include as many photos, from as many angles your prospects might want.

Clear descriptions
The last thing you want to do is to confuse your customers. That’s why it’s important to include all of your products’ technical information and dimensions before creating simple and straightforward product descriptions.

Establish policies
Returns and refunds are an inevitable part of online shopping. In fact, a large percentage of online shoppers make purchase decisions based solely on how streamlined the returns policy is. Make sure to establish clear policies for returning and refunding items that are easy to find for customers.

About page
Customers unfamiliar with your brand need a story they can relate to on your website. In your About Us page, include information on who you are and what you do that sets you apart from the competition. Whatever you write, make it accessible from any page on your site.

Navigation
Fix broken links, make navigation straightforward, and remove outdated pages. You can’t sell 404 pages to customers, and if your site doesn’t make it easy to find what they’re looking for, game over.

Design
Not everyone is a web design expert, luckily you can always hire one. If your budget is tight, there are DIY site builders specifically geared toward small businesses. Or with a relatively low monthly expenditure, you can hire a managed website provider.

With more revenue originating online, small- and medium-sized-business owners can’t afford to overlook the importance of creating a fully functional eCommerce website. Prior to going live, it’s essential to go through your entire site and resolve any mistakes before consumers see them. For further information on completing eCommerce websites, feel free to call us today!

Published with permission from TechAdvisory.org. Source.

Extending your laptop’s battery life

Whether you prefer a quick fix or a long-term solution, extending your laptop’s battery life should be among your priorities if you’re a heavy laptop user. Replacing an old battery with a new one or purchasing a new laptop shouldn’t be your only options, especially if you operate a business with limited resources. Here are some more economical ways to extend your laptop’s battery life.

Manage your laptop’s power settings

Computer manufacturers are aware that battery life is an important consideration for most users, which is why many Windows and Apple computers have settings that help reduce battery consumption. Windows laptops have a Power Plan setting that lets you choose either a standard setting or a customized power plan; Energy Saver under MacOS’ ‘System Preferences’ offers a setting that allows you to adjust display and sleep controls.

Adjust display and system settings

You can also make adjustments to your laptop’s display and system settings to reduce brightness, turn off screensaver, disable Bluetooth and Wi-Fi (when they’re not used), and trigger the system to hibernate instead of sleep. A “sleeping” laptop consumes a little energy, but a “hibernating” laptop consumes absolutely none.

Use a battery monitor and other maintenance tools

If you think your laptop battery drains unusually fast, access your system’s battery maintenance tool to check its status. If your laptop doesn’t have one, you can download an application that creates a battery health report. That report will include charge cycle count, which determines the number of charge cycles your laptop has; and battery life estimate, which states how much longer the battery will provide power based on its current settings.

Keep your laptop operating efficiently

One way to accomplish this is by managing your web browser usage. Having many tabs opened on your browser drains your battery’s power and reduces your productivity. If you really must have a handful of tabs opened, consider switching to power-saving browsers such as Windows Edge or Opera. When multitasking, close unused apps and programs — especially those that download files or play media, as they consume the most power. This not only helps reduce battery consumption, but also helps the user stay focused on the task at hand.

Handle your laptop with care

Laptops are delicate and require safe handling and a cool temperature. With the exception of a few models (e.g., Apple’s MacBook Air), many devices are designed with a cooling system that keeps its CPU, graphics processor, and other components from overheating; and not to mention, its battery from depleting fast.

For that reason, handling your laptop with great care ensures longer battery life and better overall performance. When using your laptop on-the-go, make sure you don’t block its vents from circulating air, which means you should never put it on a surface such as a bed or similar soft surface that could prevent its cooling fans from working. And while it may seem harmless — and appropriate — putting your laptop on your lap is actually unsafe.

For businesses with remote workers and/or bring your own device (BYOD) policies, a laptop that lasts all day allows employees to be more productive and saves your company from having to spend on new laptops or replace batteries as a result of neglect. For cost-effective strategies on business technology, call us today.

Published with permission from TechAdvisory.org. Source.

Microsoft Word bug: What you need to know

Software developers and hackers are in a constant game of cat and mouse. When cybercriminals find new security bugs to exploit, tech companies have to quickly release a solution that secures those vulnerabilities. Just this month, Microsoft released a patch to eliminate a Word exploit designed to steal user information. If you’re an avid Microsoft Word user, here’s what you need to know about the bug.

The attack
On April 10, cybersecurity firm Proofpoint discovered scammers running email campaigns to trick people into clicking malware-ridden Word attachments. The fraudulent emails, simply titled “Scan Data,” included attached documents that were named “Scan,” followed by randomized digits.

Although the emails seem harmless, clicking on the documents triggers a download for Dridex malware, a Trojan virus designed to give hackers direct access to your banking information. From there, they can simply log in to your online account and make unauthorized transactions under your name.

In 2015, the distribution of Dridex allowed cybercriminals to steal approximately $25 million from European accounts. And if your business fell victim to this malware, there’s a possibility your company might not be able to recover from the loss.

The solution
Fortunately, two days after the discovery of the bug, Microsoft released a security update to disable the dangerous documents, urging users to install the patch as soon as possible. But even though Dridex was inoculated relatively quickly, employees continue to be the biggest problem.

Like most malware attacks, Dridex was distributed via phishing campaigns that preyed on a victim’s trust and curiosity. Hackers added barely any text to the email, yet people were still fooled into clicking on dangerous links.

To make sure Dridex never reaches your company, you must provide comprehensive security awareness training. In your sessions, encourage employees to practice safe computing habits, which include being cautious of online links, setting strong passwords, and avoiding downloads from untrusted and unknown sources.

Much like updating your software, keeping your staff’s security knowledge up to date on the latest threats is also imperative. Ultimately, your goal is to have employees with a security-focused mindset when browsing the web.

Of course, if security training and cybersecurity solutions are not your company’s specialties, you can always rely on a trusted managed services provider like us to protect your business. We can update and secure your systems regularly, and make sure your staff are actively doing their part to reduce security risks. Contact us today!

Published with permission from TechAdvisory.org. Source.

Best new features in Windows 10

Creators Update contains the most significant upgrades to Microsoft’s Windows 10. Some of the stand-out features include application enhancements, improved user experience, and a few productivity features that may seem too small to be noticed. These upgrades were recently rolled out, giving reason to personal and business users alike to get excited.

Controlled updates

If you’ve been using Windows 10, you’re familiar with this scenario: While you’re on your computer, the system automatically reboots for automatic updates, interrupting your workflow. Although automatically having your system updated on time has advantages, it can also be a burden and a nuisance because it leaves you with no option to decline or delay an update — which you might want to do especially when you’re in the middle of a critical task.

With the Creators Update, you can choose to pause updates for a week. It also lets you set Active Hours, an 18-hour window when Windows won’t install updates. It’s a minor enhancement that should be a welcome feature to users who like having better control over their system updates.

Improved privacy controls

When Windows 10 was launched, privacy was a big concern among users, mainly because of the amount and nature of data being collected. Users and certain regulatory bodies were alarmed that Microsoft, through Windows 10, didn’t have enough control over how it processes and collects data. Microsoft initially responded by announcing that setting up privacy protocols will be easier when it launches its new updates.

And now, Microsoft has taken steps to address these privacy issues. Creators Update introduces a Privacy Dashboard, which offers a more seamless and user-friendly way to control privacy settings, specifically in terms of location, speech recognition, diagnostics, tailored diagnostics data, and relevant ads.

Another privacy enhancement is in Windows Defender, which now features improved scanning options and better reporting of your PC’s performance and health.

Other small changes

Other interface enhancements and updates to the Windows 10 ecosystem also add a nice touch to the overall user experience. These updates include more vivid themes, a bluetooth-enabled lock function called Dynamic Lock, new display settings, videos and maps writing capabilities, and more.

Among the other new features, users might not immediately notice the upgraded storage settings. If you’re worried about all these new applications and programs taking up space in your PC, don’t fret. The new update also comes with a storage setting that auto-deletes unnecessary files when your storage space is about to run out.

All in all, businesses that use Windows 10 can expect better privacy, controlled updates, improved security, and a smoother user experience with the Creators Update. Microsoft is expected to introduce even more updates later this year, and if you want to know how you can make the most of these and other Microsoft features, we’re here to help.

Published with permission from TechAdvisory.org. Source.

The phishing craze that’s blindsiding users

Most phishing attacks involve hiding malicious hyperlinks hidden behind enticing ad images or false-front URLs. Whatever the strategy is, phishing almost always relies on users clicking a link before checking where it really leads. But even the most cautious users may get caught up in the most recent scam. Take a look at our advice for how to avoid the newest trend in phishing.

What are homographs?

There are a lot of ways to disguise a hyperlink, but one strategy has survived for decades — and it’s enjoying a spike in popularity. Referred to as “homographs” by cybersecurity professionals, this phishing strategy revolves around how browsers interpret URLs written in other languages.

Take Russian for example, even though several Cyrillic letters look identical to English characters, computers see them as totally different. Browsers use basic translation tools to account for this so users can type in non-English URLs and arrive at legitimate websites. In practice, that means anyone can enter a 10-letter Cyrillic web address into their browser and the translation tools will convert that address into a series of English letters and numbers.

How does this lead to phishing attacks?

Malicious homographs utilize letters that look identical to their English counterparts to trick users into clicking on them. It’s an old trick, and most browsers have built-in fail-safes to prevent the issue. However, a security professional recently proved that the fail-safes in Chrome, Firefox, Opera and a few other less popular browsers can be easily tricked.

Without protection from your browser, there’s basically no way to know that you’re clicking on a Cyrillic URL. It looks like English, and no matter how skeptical you are, there’s no way to “ask” your browser what language it is. So you may think you’re clicking on apple.com, but you’re actually clicking on the Russian spelling of apple.com — which gets redirected to xn—80ak6aa92e.com. If that translated URL contains malware, you’re in trouble the second you click the link.

The solution

Avoiding any kind of cybersecurity attack begins with awareness, and when it comes to phishing, that means treating every link you want to click with skepticism. If you receive an email from someone you don’t know, or a suspicious message from someone you do, always check where it leads. Sometimes that’s as simple as hovering your mouse over hyperlink text to see what the address is, but when it comes to homographs that’s not enough.

In the case of homographs, the solution is unbelievably simple: Manually type in the web address. If you get an email from someone you haven’t heard from in 20 years that says “Have you checked out youtube.com??”, until your browser announces a fix, typing that URL into your browser’s address bar is the only way to be totally sure you’re safe.

For most, this trend feels like yet another development that justifies giving up on cybersecurity altogether. But for small- and medium-sized businesses that have outsourced their technology support and management to a competent and trustworthy IT provider, it’s just another reason to be thankful they decided against going it alone. If you’re ready to make the same decision, call us today.

Published with permission from TechAdvisory.org. Source.

Mac Pro gets revamped

Mac Pro users have long awaited the release date of the new workstation, and who could blame them when the current model has been available since 2013. Thankfully, Apple just confirmed that the revamped Mac Pro is on its way. From specs, features, and design changes, here’s the latest information we have about Apple’s high-end desktop.

Processor

The new Mac Pro is rumored to feature the next-generation Intel Xeon E5 processor. While the current models are configurable up to 3.5GHz for the six-core option, 3.0GHz for the eight-core option, and 2.7GHz for the 12-core option, the 2018 model could offer up to 14 or 18 cores per processor. What’s more, each model will likely come equipped with the Iris Pro Graphics P580, a highly powerful graphics processing unit (GPU) that will make heavy file renders a breeze.

However, there’s a small chance that Apple might abandon Intel chips altogether and move to AMD’s RYZEN 7 CPUs, which just set a new standard for high performing CPU processors.

RAM and storage

The new Intel Xeon chips are rumored to have DDR4 memory controllers, and if that’s true, you can expect uber fast memory and low latency without having to worry about issues with overheating. Currently, the 15-inch MacBook Pro comes with 16GB RAM, so it’s likely that you could expect the same RAM with the updated entry-level model of the Mac Pro. And because Apple knows that users usually work with very large files, an option for 2TB flash storage could be possible.

Ports

Claims that the new Mac Pro might offer more Thunderbolt ports in the form of USB-3 are also up in the air. This makes sense as it brings Thunderbolt to USB-C at 40Gbps which ensures faster data transfer speed.

While a number of users wish Apple would offer PCI slots so they could add faster SSDs and more powerful video cards, looking back at the company’s previous releases, we don’t think you should get your hopes up just yet.

Design

According to Apple, the triangular design of the Mac Pro’s thermal core was what limited them from offering updates to the machine. Because of that, we’ll probably see a completely new design in the 2018 model.

Prices

Apple just rolled out some minor updates to the current Mac Pro, including enhanced specs at lower price points. For the $2,999, you now get a 6-core Intel Xeon processor, dual AMD FirePro D500 GPUs and 16GB of memory. And for $3,999, you now get an 8-core processor and dual D700 GPUs.

Having said that, you can expect slightly higher prices for the new Mac Pro than the current models, like with most new Apple releases.

Release date

The timeframe is 2018, but keep in mind that the present Mac Pro was unveiled at WWDC in 2013 and supply was so restrained that people didn’t get theirs until the following spring. Therefore it’s highly possible that the new model will be launched at WWDC 2018 during summer and won’t probably ship until the end of the year.

Stay tuned for more updates on the new Mac Pro. And if you’d like to know more about other Apple products, or learn how they can streamline your operations, give us a call and we’ll be happy to help.

Published with permission from TechAdvisory.org. Source.

Why you need to back up your mobile devices

There was a time when mobile phones were used exclusively for calling and texting. Now, they can do so much more. Regardless of your level of tolerance or skill for managing documents in such a small gadget, mobile devices allow you to send and receive email, download and upload media files, store data, and even close business deals. As mobile devices became indispensable in everyone’s personal and professional life, the security risks have also increased — and backing up became more critical than ever.

Malware on mobile

More than 50% of the world’s adult population use a mobile phone with internet connection, so dangers in these handy devices are to be expected. Scarier than the thought of being offline is being online and exposed to malware.

If you use your mobile devices as an extension of your work computers, backing up is a must. Mobile phones have become as vulnerable to malware as laptops and desktops have, especially if you consider the fact that many professionals and business owners use them for emailing confidential documents and storing business-critical files.

Device disasters

Other than malware, other types of disasters can happen on your device. Because you carry it wherever your go, your device can easily be stolen, misplaced, or damaged. They may be easily replaceable, but the data contained in them may not. Having completely backed up data on your devices helps prevent a minor inconvenience from turning into a disastrous situation.

Backup options

Performing backups in iPhone and Android devices is a seamless process. Their operating systems require only minimal effort from users, and backing up entails nothing more than logging into their Apple or Google account. However, other users have different devices with different operating systems, slightly complicating the process.

Mobile devices’ safety is essential to business continuity plans. So whether your office users are tied to a single operating system or prefer different devices, there are options to back up all your organization’s mobile devices. There are cloud backup services that enable syncing of all devices and that back up files, contacts, photos, videos, and other critical files in one neat backup system. These mobile backup tools are offered on monthly or lifetime subscription schemes, which provides small businesses with enough flexibility to ensure protection.

Mobile phones have become so ubiquitous to how people function that many feel the need to have two or more phones, mostly to have one for personal use and another for business. With all these options on hand, there’s no excuse for not backing up data on your mobile devices.

Our experts can provide practical advice on security for your business’s computers and mobile devices. Call us for mobile backup and other security solutions today.

Published with permission from TechAdvisory.org. Source.

Firmware: the threat most users overlook

For decades, one of the most foundational principles of cyber security has remained the same: Always update and patch your software. But for most people, hardware is exempt from this process. They think of hardware as nothing more than a vessel for software to occupy — and that’s totally incorrect. Read on to learn more about this oft-neglected aspect of IT security.

What is firmware?

Firmware is a very basic type of software that is embedded into every piece of hardware. It cannot be uninstalled or removed, and is only compatible with the make and model of the hardware it is installed on. Think of it like a translator between your stiff and unchanging hardware and your fluid and evolving software.

For example, Windows can be installed on almost any computer, and it helps users surf the internet and watch YouTube videos. But how does Windows know how to communicate and connect with your hardware router to do all that? Firmware on your router allows you to update and modify settings so other, more high-level, pieces of software can interact with it.

Why is firmware security so important?

Firmware installed on a router is a great example of why addressing this issue is so critical. When you buy a router and plug it in, it should be able to connect devices to your wireless network with almost zero input from you. However, leaving default settings such as the username and password for web browser access will leave you woefully exposed.

And the username and password example is just one of a hundred. More experienced hackers can exploit holes that even experienced users have no way of fixing. The only way to secure these hardware security gaps is with firmware updates from the device’s manufacturer.

How do I protect myself?

Firmware exploits are not rare occurrences. Not too long ago, a cyber security professional discovered that sending a 33-character text message to a router generated an SMS response that included the administrator username and password.

Unfortunately, every manufacturer has different procedures for checking and updating firmware. The best place to start is Googling “[manufacturer name] router firmware update.” For instance, if you have a DLink of Netgear router, typing “192.168.0.1” into a web browser will allow you to access its firmware and update process, assuming you have the username and password.

Remember that routers are just one example of how firmware affects your cyber security posture. Hard drives, motherboards, even mouses and keyboards need to be checked. Routinely checking all your devices for firmware updates should be combined with the same process you use to check for software updates.

It can be a tedious process, and we highly recommend hiring an IT provider to take care of it for you. If you’re curious about what else we can do to help, give us a call today!

Published with permission from TechAdvisory.org. Source.

Did Microsoft commit a security breach?

In case you didn’t know, Microsoft provides Office 365 users with a free document-sharing platform called docs.com. It’s a great new tool for publishing files intended for public viewing. The downside is, sensitive documents are published without the file owners’ permission. These include hundreds of users who might be unaware that their private files can be viewed by the public.

What’s the damage?

Usernames and passwords for various devices and applications; personal information such as home and email addresses, bank account details, social security numbers, and phone numbers; and medical info comprising patient treatment data and health insurance numbers — all these were some of the supposedly leaked documents, which were clearly meant to be private. A security researcher discovered that these sensitive files were accessible using docs.com’s search function.

After being alerted to the ‘leak,’ Microsoft responded by removing the search bar. However, most of the documents were already indexed by search engines, Google and Bing, which is how these docs remained available to the public despite disabling the search function.

Recent updates

To alleviate the damage, Microsoft launched an update that limited what users can do to uploaded files, such as restricting files to a read-only status. Although buttons to ‘like,’ download, add to collections, and share in social media are enabled, only users who enter an email address, phone number, or sign in using their Office or Microsoft account can perform any of these functions. Since anyone can easily create a Microsoft account, docs.com users may not feel at ease.

Microsoft’s final word

Docs.com is easy-to-use and is valuable to those eager to publish their documents. The site’s user-friendliness also makes it a popular choice for Office 365 users who wish to ‘spread their work to the world.’ Office 365 users can easily upload from their own computer, OneDrive, or Sway account, and share away. Being a free service also adds a lot of incentive for users to upload their Word, Excel, or any other file onto the site.

In an effort to solve glaring privacy issues, Microsoft has issued some key updates, such as a warning message reminding users that the document to be uploaded will be publicly available on the web. While it may seem like Microsoft committed a blunder, a stricter privacy setting and a few stronger, more visible warnings to users can help make docs.com a useful productivity tool rather than a hacker’s hunting ground.

Discerning Office 365 users can make the most out of docs.com, but they should use the service with caution. If you’ve uploaded documents with sensitive information on docs.com, now is the best time to remove them from the site, or review your privacy settings here and in other document-sharing services.

If you’re not sure how to proceed, or want to learn more about this and other Microsoft products and services, call us now for advice.

Published with permission from TechAdvisory.org. Source.