Posts Tagged ‘information technology’

Beware of Meltdown Computer Vulnerability

Chris EdwardsBy Chris Edwards
Manager, IT Services

A critical new vulnerability in computer systems has been revealed that could pose a significant threat at any person or organization that wants to safeguard its private information. Called Meltdown, it’s the hottest topic right now in information technology circles.

Meltdown lets an attacker access any information in your computer’s memory, including passwords, financial data and anything else you’ve accessed or used on your computer. It is severe, and it can be executed remotely. This vulnerability may also affect some smartphones and tablets.

Meltdown is not a virus, but a vulnerability in the processing chips made by Intel after 1995, which are used in many computers running the Microsoft, Apple or Linux operating systems, as well as some mobile devices.

Without getting too deep into the technical weeds, Meltdown breaks down modes and processes running on the same device, allowing a rogue process (possibly triggered by a website) to access memory it shouldn’t be able to. A similar but less severe vulnerability called Spectre was revealed around the same time, but it is much more difficult to perform.

The major operating systems are all working furiously on patches to address the Meltdown and Spectre vulnerabilities, and should be available soon. Look for an alert with instructions from your company’s internal IT team or contractor about how to install this important patch.

The downside is that fixing this vulnerability will significantly reduce the performance of the computer. You can expect anywhere from a 10% to a 30% performance reduction, based on current estimates.

Google discovered these vulnerabilities six months ago, and notified the manufacturers and operating system creators. AMD processors are not affected by this particular vulnerability. Some ARM processors are affected, but most are not.

If your Android device has the latest security patches, it should already be protected, but Android phone manufacturers often do not issue updates in a timely manner. Apple iPhones and iPads use their own processors, and are not listed on the vulnerability list.

In the meantime before the patches are released, remain extra vigilant about clicking on strange links or opening unfamiliar files. To execute Meltdown, someone has to be able to run a program on your computer, generally through some other vulnerability.

Keep running ad-block software in your web browsers, or install it if you don’t already have it. And don’t visit websites that ask you to turn it off. Be wary of all files sent to you via email, including through ShareFile or similar file transmission services.

If you need to consult with an information technology expert about the vulnerability of your organization’s systems, please call Chris Edwards at (317) 613-7855 or email cedwards@sponselcpagroup.com.

A Simple Solution to Increased Productivity: Multiple Monitors

Chris EdwardsBy Chris Edwards
Manager, IT Services

One of the simplest and least expensive methods of increasing an information worker’s productivity is to provide them with more screen space in which to work. This seems like it would be obvious: if you have more workspace, you can do more work.

A study from the University of Utah, first published in 2003 and then updated in 2008, shows that an increase in virtual desk space increases productivity. But the productivity increases taper off after a total screen size of approximately 26 to 30 inches on the diagonal, or 2560 x 1440.

At the time that study was first reported, multiple monitors were uncommon and generally considered expensive. This is no longer true. Almost any computer can be fitted with a USB video card to allow another monitor at a cost of around $50, plus the cost of the second monitor you choose. It’s easy to find lower-end or refurbished models for under $100.

I would recommend you try to keep all the monitors about the same size, shape and height from the desktop. Horizontal or vertical alignment seems to help the eye keep more focused on the information.

Technically, you can provide this screen space with one single, larger monitor. Multiple monitors provide added bonuses, however, in the way they treat applications.

If you’ve been using the latest versions of Windows on multiple monitors, for example, you know how easy it is to drag a window into another screen and have it maximize, making things like comparing documents or referring to references easy. Windows does have a method of performing this action in a similar way on a single monitor, but it is not as intuitive or quick.

If your employees use laptops, a second screen can immensely improve productivity easily. Most laptops already provide the needed connection; you just need the additional monitor and a cable.

Additional monitors are even a viable option for workers who are often on the move. Portable USB monitors, powered via the cable directly from the laptop, can be found in 17-inch screen sizes for approximately $150 on Amazon, and can be easily transported for your workers who travel. They can be set up and broken down very easily.

As noted above, productivity gains do fall off after a certain amount of additional space. It becomes a case of too many things to pay attention to, or the specific tasks do not benefit from the additional room.

You should tailor the setup for the particular task at hand. If your worker needs to review multiple documents at the same time, perhaps two or more additional monitors will allow them to view all the documents simultaneously without printing them out and laying them across their desk. The degree of productivity improvement is highly dependent on the sort of tasks required of your staff.

If your organization hasn’t moved to multiple monitors for its information workers, it can be a great low-cost option to explore in the new year. It’s a good bet they’ll find it to be a very positive benefit to their workflow.

If you need to consult with an information technology expert about increasing worker productivity, please call Chris Edwards at (317) 613-7855 or email cedwards@sponselcpagroup.com.

Multi-factor Authentication Critical to Protecting Your Information

Chris EdwardsBy Chris Edwards
Manager, IT Services

Today’s digital world can often feel very alarming and insecure. Stories abound of identity theft, hackers stealing information from hundreds or thousands of victims, and email scams to swipe your account passwords.

How can you protect yourself and your organization?

Identity theft and hacked information often stem from circumstances outside your control, but losing your accounts and other access points is something you can protect yourself from with plenty of diligence and a touch of skepticism.

One powerful tool in guarding against hacking is the use of multi-factor authentication (MFA). Simply put, this means requiring more than one step or piece of information to access an account. More and more services and websites are offering this as an option, and it’s something you should definitely take advantage of.

You likely already use MFA in your regular personal banking. If you’ve ever used an ATM, you’ve used multi-factor authentication. Possession of the card and knowledge of your PIN act as two separate ways of verifying your identity to access your accounts. If a thief has your PIN but not your card, or vice-versa, they can’t get into your bank account.

Online banking has long been at the forefront of this, from asking for multiple pieces of information to separate physical tokens like bank cards or even devices which generate a second password.

But now, as our online and social media accounts become more valuable and thus more likely to be attacked, more and more providers are offering similar services to help protect your account. Facebook and Twitter both offer MFA options to help protect your account. Chances are your email provider does as well.

Using these methods to increase the security of your accounts does make them slightly more ponderous to access. It often involves having a temporary access key sent to you via text message in addition to your regular login information. If your bank requires an application on your smartphone to access your online account, you must have a smartphone, and you must have it with you in order to do online banking.

But having a vastly improved layer of security can be well worth the price of adding a few seconds every time you access critical accounts.

There are also quite a few services you can utilize to provide two-factor authentication to your staff and even to your customers, depending on your needs. Some of this would require a dedicated professional to implement, but the additional protection provided by ensuring that it takes more than a username and password to breach your security is worth that expense.

A hacker can potentially obtain an accounts password, but how would they also obtain that user’s cellphone?

When a service provider offers this additional layer of security, you should take advantage of their offer. If you provide online services, either to staff or to clients, it is well worth your time to provide the same offered security to them.

While multi-factor authentication cannot solve all of your digital security issues, it provides an easy-to-use method of determining that a person is who they say they are when they try to access an account online, and blocking nefarious people looking to do you or your organization harm.

If you need to consult with an expert about protecting your company’s information systems, please call Chris Edwards at (317) 613-7855 or email CEdwards@sponselcpagroup.com.

Ransomware: Take Action to Protect Against It

Chris EdwardsBy Chris Edwards
Manager, IT Services

Ransomware has been around for a number of years, but has increasingly become a larger problem, both at home and in the business world. It is a type of malware that installs covertly on a victim’s computer, and then literally takes it hostage: blocking access or functionality until a ransom payment is made to restore it.

McAfee Labs researchers identified 4 million samples of ransomware in the second quarter of 2015 alone, and expects those instances to grow in 2016, according to Security Magazine. One “Trojan” piece of ransomware, CryptoWall, accrued more than $18 million before being taken down by authorities.

The Atlantic even reported on a string of ransomware attacks against police departments in Massachusetts, Tennessee and New Hampshire! They had to pay ransoms between $500 to $750 to have their systems restored. Clearly, ransomware hackers are not lacking in boldness.

Here are the things you need to know, as well as preventative steps you can take, to head off the ransomware threat.

Ransomware comes in two forms. The first is a screen which seems to lock you out of your computer. Most IT and security staff can help you clear this up with some time and effort.

The second form encrypts your files, both on your local computer and your network, and demands a fee for the key to decrypt them. While at times the virus has had errors allowing security professionals to defeat it, that is no longer the case.

In the past, it was advisable to not cooperate; as much as 75% of paying parties never received any further communication or their decryption key. Unfortunately, the FBI now advises that victims pay the ransom.

Most ransomware is transmitted via links or files in email, usually made to look legitimate. It can also be transmitted via pop-ups in a web browser. The key is to get the victim to click on the link, causing the virus to be downloaded where it will install itself.

Once installed, it will immediately begin to encrypt every data file it can access, and does so extremely quickly. It will leave behind numerous files with instructions on how to pay the ransom. While the FBI now advises most victims to pay, there is never any guarantee that payment will result in decryption, and there is no recovering the time lost while systems are restored.

The best defense is to never become infected. Teach your staff and remind them regularly to avoid clicking on links that appear suspicious. If the email isn’t expected or looks like something that person wouldn’t send them, chances are it is illegitimate.

Use a virus scanner to scan email attachments. Most cloud-based spam filtering services will now also scan your email for these links and virus attachments, but their success rate isn’t 100 percent. And just one failure can lock every document and data file you have.

Have your staff use pop-up and ad-blocker software in their web browsers as these viruses have been transmitted this way from popular sites like Yahoo and Forbes. Limit the access your staff has to key files; their computers do the encrypting at the behest of the ransomware, and if people can’t edit the files they can’t inadvertently encrypt them.

Finally, make sure you have a regular backup of all the documents necessary to run your business, and have it tested frequently as well. Keep a copy of these backups off-site, either through a cloud service via the internet or by taking the files physically off-site, such as on a tape backup.

Doing so keeps the backups from being potentially damaged or infected, and also protects you in case of damage from fire or other natural disaster affecting your data’s physical storage devices.

With a regular backup, you can restore the files that were encrypted, avoid paying the ransom, and at worst lose the amount of work between when the backup occurred and the encryption was discovered.

If you need to consult with an expert about protecting your company’s data, please call Chris Edwards at (317) 613-7855 or email CEdwards@sponselcpagroup.com.

Popular Tags