Rick Richardson's Views On Technology
  • Home
  • Blog

Five Cybersecurity Best Practices for Small Businesses with Remote Employees

3/31/2019

0 Comments

 
Picture
Currently, 3.9 million Americans work remotely, which marks a 115% increase from 2005. Estimates indicate that more than one-third of employees will work remotely in the next ten years. The desire for greater flexibility and work/life balance is partially responsible for this trend, in addition to an ever-increasing number of businesses that are based entirely online. With cloud and mobile technologies making it easier than ever before to communicate and collaborate regardless of location, organizations are embracing remote work as a way to cut costs and satisfy employee demand.

Despite the productivity and cost-saving benefits of remote work, the concept introduces serious cybersecurity risks that have the potential to devastate entire businesses. For example, if an employee logs on to their email via a coffee shop’s public Wi-Fi, that individual runs the risk of sending their work emails, customer information and other business data directly to hackers rather than to the Wi-Fi connection point.
Small and medium businesses (SMBs) are particularly vulnerable to remote work security risks, as they usually have fewer resources to prevent or recover from cyber-attacks proactively.

Here are five best practices that will help establish the proper level of control over cybersecurity threats.

Enforce Basic Cybersecurity Hygiene.An organization's cybersecurity is only as strong as its weakest link, and all it takes is one employee – even a well-intentioned one – to cause that chain to break. Enforce cybersecurity best practices such as using strong passwords, not sharing passwords across multiple accounts, implementing two-factor authentication (often free) and accessing sensitive files only from trusted devices and VPNs. Also, some simple and inexpensive employee cybersecurity awareness training can ensure employees are familiar with the most common and current attack schemes and educated on how to handle a situation if they think a cybersecurity incident has occurred.

Reign in 'Shadow IT.'Shadow IT refers to computer systems, applications or devices being used without explicit organizational knowledge or approval. For example, do any of your employees access their work email from their personal cell phone? Attempting to completely shut down Shadow IT isn't realistic, nor is it necessarily helpful to your business. However, it's essential to identify any apps or devices that could pose the highest risk. Clearly communicate which products or services are forbidden and explain why so your employees don't feel unjustly blocked and circumvent the rules. Also, consider putting processes into place that allow your IT team to quickly approve or disapprove new applications in which employees express interest.

Organize Back-End Technologies. Cloud-based apps can be a godsend for ensuring a seamless work environment for remote employees, and many also provide the invaluable service of backing up all of the data being generated outside an office's walls. Services such as G Suite or Microsoft Office 365, for instance, can allow employees to create, edit, organize, share and automatically back up documents, spreadsheets, presentations and more, no matter their location or device. Consider migrating some or even all of your file storage to a trusted cloud provider to optimize flexibility and more efficiently manage, secure and backup your business data.

Duplicate Storage.With its infinite scalability and relative affordability, cloud technology can be an ideal data storage resource. However, rather than relying entirely on the cloud or trusting your employees to only use secure cloud services with automatic backup capabilities, duplicate your most critical business data, so at least one copy is kept separate from cloud data centers and stored offline via encrypted backup tapes. This is an essential action to protect your business from the impact of a ransom attack, where a hacker blocks access to your systems or data until a ransom is paid.
​
Get Cyber Insurance.Cyber insurance is an important, final step for protecting your business against the dangers of employees working remotely. Considering the significant financial demands many SMBs face as a result of a security incident, look for plans that cover immediate business costs (e.g., lost revenue due to the interruption of business, ransom, regulatory or legal fines). Also, be sure to implement coverage that includes such crisis response services such as coaching and guidance on how to respond to a breach.

0 Comments

Next for Windows 10– What to Expect from the April Update

3/24/2019

0 Comments

 
Picture
The next big feature update for Windows 10 is right around the corner, which means it's decision time for businesses that are still planning their upgrade strategy. Here's why this update might be different from its predecessors.

Windows 10 is nearly four years old. In a bygone era, its replacement would have been delivered last year, and early adopters would be eagerly awaiting Windows 11 Service Pack 1.

But those old days are gone for good. In the Windows-as-a-Service era, those every-three-years "big bang" releases have vanished, replaced by a rolling succession of smaller but still significant feature updates that now arrive every six months.

Since the launch of Windows 10 in July 2015, Microsoft has released six feature updates, each of which is the equivalent of a full Windows upgrade. A seventh, version 1903, is due for release any day. But this one is different from the rest.

Windows 10 version 1903 is the first update since Microsoft changed its support lifecycle late last year. The version 1903 update will have an 18-month support cycle for all editions, whereas the version 1909 release, due in October, will get a longer, 30-month support cycle for Enterprise and Education editions. (All Windows 10 Pro installations will be supported for 18 months, and Windows 10 Home cannot defer updates.)

The upshot of this new release cadence is that enterprise customers who want to minimize the disruption of Windows 10 feature updates will target those end-of-year releases. And if Microsoft is smart, they'll treat the H1 version as a significant update, with the H2 release smoothing the rough edges in its immediate predecessor and introducing minimal new features.

That strategy should make the fall 2019 update more appealing to enterprise customers, especially given that it will be the last Windows 10 update before the end of Windows 7 supportin January 2020.

So, what's new in version 1903? Here’s a list of a few of the most interesting new features:

          •  Windows Sandbox uses built-in virtualization to create a "safe" desktop where you can try out an
             untrusted program or visit a suspicious website without risking the integrity of your PC. When you
             close the sandbox, every trace of those actions is wiped out, and the next session starts fresh.


          • The default Start menu layout has been made cleaner, Cortana and Windows Search are now
​            separated, and there's a shiny new Windows Light theme.


        •  Several old-style management controls have now been moved into new Settings pages. Most notable  
           is the addition of a drag-and-drop interface for installing new fonts, but you'll also find improvements
           in the Search Indexing interface and the modern printing dialog box, as well as options for setting a
           manual IP address and DNS server settings for a wired Ethernet adapter.


But that list focuses mostly on visible parts of the user experience and doesn't include some of the equally substantive under-the-hood improvements.

For example, Microsoft has moved Start to its own process, called StartMenuExperienceHost.exe, and also changed the process, so it no longer suspends. Separating this process from the rest of the shell should make it faster and more reliable. If this change works as expected, you'll notice much snappier performance.
Microsoft continues to polish the update process, adding more notifications and, reportedly, giving you the option to postpone updates for up to 35 days on a PC running Windows 10 Home edition. 

One longstanding annoyance is reportedly fixed in this update. In current Windows 10 builds, if you adjust the display brightness and then plug in (or unplug) the charger, the brightness changes back to the default setting; as of version 1903, Windows now remembers your custom brightness setting as preferred, regardless of whether you're running on battery or AC power.

In sum, version 1903 contains enough new stuff to earn its status as a major feature update. As always, you can manually update immediately, or you can wait till Microsoft releases the update to your PC, a process that might take a month or two. And, of course, you always have the option to watch and wait as Microsoft fixes the inevitable glitches and hiccups in those first few months. For more details, click here.

For those organizations that have already made the move to Windows 10, there's plenty of time to refine the strategy for dealing with these updates. For those who are yet to begin the upgrade from Windows 7, the alarms are starting to sound in earnest.
0 Comments

Protecting Your Network – Microsoft’s Latest Recommendations

3/17/2019

0 Comments

 
Picture
Networks today are subject to many threats including ransomware, cryptocurrency-miner threats, or state-sponsored hackers.

In line with other security industry pros, Microsoft has confirmed in its 24th annual security intelligence report that ransomware has taken a backseat to pesky cryptocurrency miners. 

But the company also warns that supply-chain attacks are on the rise. These are where an attacker uses a supplier or business partner to spread an infection. 

Past examples include the NotPetya not-ransomware outbreakthat caused over a billion dollars in losses for global firms and the Dofoil BitTorrent attacks. 
    
"Supply-chain attacks are insidious because they take advantage of the trust that users and IT departments place in the software they use," Microsoft warns in the report. 

"The compromised software is often signed and certified by the vendor, and may give no indication that anything is wrong, which makes it significantly more difficult to detect the infection. They can damage the relationship between supply chains and their customers, whether the latter are corporate or home users.

"By poisoning software and undermining delivery or update infrastructures, supply-chain attacks can affect the integrity and security of goods and services that organizations provide."

While attacks are changing and Windows 10 built-in security is improving, the company's advice to customers remains the same. However, there are conflicting data about the best approach to staying secure.  
Microsoft recommends only using software from trusted sources, though this 'security hygiene' measure could be undermined in a supply-chain attack. 

The company also recommends "rapidly applying the latest updates to your operating systems and applications, and immediately deploying critical security updates for OS, browsers, and email."

Deploying patches quickly is generally a good idea. However, Microsoft recently revealed that vulnerabilities in its software are most likely to be exploited as a zero-daybefore the company has even had a chance to release a patch. 

However, its other tips don't present obvious security conflicts.  

"Deploy a secure email gateway that has advanced threat protection capabilities for defending against modern phishing variants," Microsoft warns, adding that businesses should "Enable host anti-malware and network defenses to get near real-time blocking responses from the cloud (if available in your solution)." 

The other important measures organizations should take include implementing access controls, and teaching employees to be suspect of messages that ask them to divulge sensitive information. 

Microsoft also recommends keeping "destruction-resistant backups of your critical systems and data" and using cloud storage services for online backups. 
​
"For data that is on premises, regularly back up important data using the 3-2-1 rule. Keep three backups of your data, on two different storage types, and at least one backup offsite," says Microsoft.

0 Comments

Formjacking Is the New Favorite Hack of Cyber Crooks

3/10/2019

0 Comments

 
Picture
Every month, thousands of retail websites are targeted by cybercriminals, who insert a small piece of malicious code that allows them to snatch customers’ credit card information. The hacking technique is called formjacking, and it’s the virtual equivalent of putting a device on an ATM to skim debit card numbers.
Affecting an average of 4,800 websites per month, formjacking is one of the newest favorite ways for hackers to steal personal data, according to security company Symantec’s annual Internet Security Threat Report.

Small and medium-sized businesses are still the most prominent targets of formjacking, according to Symantec, but in recent months, high profile brands including British Airways and Ticketmaster have also fallen victim to attacks. Symantec said it blocked more than 3.7 million formjacking attacks on websites in 2018, with one-third of those happening during the holiday shopping season.

“Formjacking represents a serious threat for both businesses and consumers,” Greg Clark, CEO of Symantec, said in a statement. “Consumers have no way to know if they are visiting an infected online retailer without using a comprehensive security solution, leaving their valuable personal and financial information vulnerable to potentially devastating identity theft.”

As returns diminish on older hacking techniques, formjacking has become a lucrative choice for cyber crooks, though it’s impossible to quantify the amount stolen from every formjacking attack in 2018. Symantec estimates criminals were able to steal “tens of millions of dollars” by using credit card information or selling the numbers on the dark web for around $45 each.

Meanwhile, instances of ransomware declined 20% overall for the first time since 2013, according to Symantec. One primary reason for this is the decreased value of cryptocurrency, which hackers use to demand payments.

Of course, hackers are expert shape-shifters and are always looking for new, sophisticated ways to sneak up and steal private information. Security experts recommend staying on top of threats by using antivirus software and by checking to make sure any website where you enter your credit card information has a lock icon next to the domain, indicating it’s a secure server.
​
Hackers have also been known to go old school, too, by sending targets phishing emails as a way to socially engineer them into sending personal information. But companies are increasingly on the lookout for these dangerous messages. Google even developed a phishing quizto help web users better identify potentially dangerous emails.
0 Comments

IBM Makes Watson Available Across Amazon, Microsoft, and Google Clouds

3/3/2019

0 Comments

 
Picture
For years, IBM has offered corporate customers its Watson data-crunching technology – but only if they used it on IBM’s cloud computing service. Now, to expand Watson’s reach, IBM is also making it available on competing cloud services.

IBM said recently that it would allow businesses to use some of IBM’s Watson-related software with underlying data that is stored in rival cloud data centers like Microsoft’s Azure and Amazon Web Services. Customers will also be able to use Watson with data stored in their own data centers.

“It is enabling a level of openness that hasn’t been available to date,” said Rob Thomas, IBM general manager of data and AI.

The move marks a departure for IBM, which, until now, hasn’t seemed anything but open with its cloud computing service and Watson technologies. In 2016, for example, then-IBM CFO and current IBM senior vice president of global markets Martin Schroeter told analysts during an earnings call, “Watson runs on our cloud, and our technology will run on IBM’s cloud.”

But IBM is now shaking up its strategy to broaden Watson’s appeal. The change of heart comes as IBM’s public cloud languishes in third place, at best, in terms of market share behind AWS and Microsoft Azure.

Dan Kirsch, a research analyst at Hurwitz & Associates, called IBM’s new service “really significant” because businesses are increasingly seeking technology that’s not dependent on a single vendor.

Nick Patience, a founder and research vice president for 451 Research, said the move is “an acknowledgment by IBM that it’s a hybrid cloud world,” referring to firms wanting to use more than one cloud computing vendor as well as keeping some software running in their internal data centers.

 “We are confident in the IBM cloud that if clients try our products anywhere, they will eventually be drawn to IBM cloud and the uniqueness it provides,” said Thomas.

Although companies are concerned about being locked into a specific company’s cloud infrastructure when it comes to particular software and IT products, Patience said they are currently in the early stages of using AI and are still willing to upload their corporate data to cloud services like AWS and rely on them for machine learning software. Being locked into a particular vendor when it comes to machine learning projects isn’t yet much of a concern, but IBM is betting that will change.

He continued: “You could say IBM is trying to take back the initiative in machine learning here. The Watson brand has lost a little bit of luster over the years as others have come along. They are trying to take it back.”

0 Comments

    Author

    Rick Richardson, CPA, CITP, CGMA

    Rick is the editor of the weekly newsletter, Technology This Week. You can subscribe to it by visiting the website.

    Rick is also the Managing Partner of Richardson Media & Technologies, LLC. Prior to forming his current company, he had a 28-year career in technology with Ernst & Young, the last twelve years of which he served as National Director of Technology.

    Mr. Richardson has been named to the "Technology 100"- the annual honors list of the 100 key achievers in technology in America. He has also been honored by the American Institute of CPAs with two Lifetime Achievement awards and a Special Career Recognition Award for his contributions to the profession in the field of technology.

    In 2012, Rick was inducted into the Accounting Hall of Fame by CPA Practice Advisor Magazine. He has also been named to the 100 most influential individuals in the accounting profession in America by Accounting Today magazine.

    In 2017, Rick was inducted as a Marquis Who’s Who Lifetime Achiever, a registry of professionals who have excelled in their fields for many years and achieved greatness in their industry.

    He is a sought after speaker around the world, providing his annual forecast of future technology trends to thousands of business executives, professionals, community leaders, educators and students.

    Picture
    Picture
    Picture
    Picture
    Picture

    Archives

    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015

    Categories

    All
    Artificial Intelligence
    Audit
    Back Up
    Back-Up
    Blockchain
    Climate
    Cloud
    Collaboration
    Communication
    Coronavirus
    COVID 19
    COVID-19
    Digital Assistant
    Display
    Drone
    Edge Computing
    Education
    Enterprise
    Hardware
    Home Automation
    Internet Of Things
    Law
    Medicine
    Metaverse
    Mobile
    Mobile Payments
    Open Source
    Personalization
    Power
    Privacy
    Quantum Computing
    Remote Work
    Retail
    Robotics
    Security
    Software
    Taxes
    Transportation
    Wearables
    Wi Fi
    Wi-Fi

    RSS Feed

    View my profile on LinkedIn
Powered by Create your own unique website with customizable templates.