Should You Be Concerned About Cloud Security?

If you think that working with the cloud doesn’t have risks, think again. It’s inevitable that you’ll face security compliance concerns when it comes to your cloud-based data. If your organization has data stored in a cloud-based environment, you’ll want to pay particularly close attention to how compliance laws affect the way that you access and store this information. How can you make sure that your cloud-based data isn’t in violation of some cloud compliance laws?

First of all, if you work with a cloud provider, you’ll have to ask them specific questions about how compliance is handled. You should also make sure that any and all information you discuss with your cloud provider regarding compliance be put into a written agreement so that you can adequately document who is responsible for what. Here are some of the details that you will want to consider.

The Cloud Can Be Interfered With
Since data is being stored in an online environment, there will naturally be concerns regarding how it is being managed, maintained, stored, and transferred. Of course, this also means that any traffic going to and from the source of the data could be tampered with and cause problems. Data can be intercepted while it’s in transit, which is a considerable issue if you hope to remain compliant. Your goals should be to make sure that your data can’t be changed without your consent or knowledge.

If you’d like to make sure that your organization is protected in the event of a cloud compliance mishap, start by thinking about the legal issues that could surface from not knowing who is hosting the data or how it’s maintained. It’s also critical that you understand who can see this data. The differences between the private and public cloud also make this a challenging prospect, as depending on the way it’s hosted, there could be further complications associated with it. For example, if someone else is hosting your data, are they the one responsible for its security? Ultimately, it all comes down to figuring out who is responsible for what–for compliance’s sake.

What You Should Do
The best way you can improve your organization’s cloud compliance is by taking the above ideas and applying them directly to how your business approached cloud-based data hosting. First, ask yourself just how much cloud computing your organization actually uses or needs. If certain data is particularly important, perhaps it’s better to simply host it in-house rather than rely on a third party to take care of it for you. The best way to achieve compliance is a proper blending of private and public cloud hosting, so knowing which data is most sensitive or important is of the utmost importance.

Next, start thinking about who should be managing this data, as well as any agreements that you’ve made to ensure its safety. Is it an in-house department or an outsourced agency? Depending on whether it’s outsourced or not, you’ll need to make sure that you’re aware of whose responsibility it is to adhere to compliance guidelines. Furthermore, you should also plan for having data backups to protect assets in the event of the worst.

To learn more about how you can ensure cloud compliance, reach out to us at 216-503-5150.

Watch Out For Rise In Microsoft Office Attacks

Menlo Security has recently published a new report that will probably dismay you if you’re a business owner.

Microsoft Office has been named as the attack vector of choice for hackers around the world. The most common form of the attack is a malicious Word document or other office document attached to an innocent looking email.

There are, of course, plenty of other ways to take advantage of various security weaknesses in MS Office and Office 365.  These include the use of remotely hosted malicious components embedded within documents that deliver zero-day exploits when the document is opened.

The reason MS Office is such a wildly popular choice isn’t because it has an unusual number of security loopholes that can be exploited (although it’s certainly got its share).  Rather, it has everything to do with the overwhelming popularity of the office suite.  Simply put, lots of people use it on a regular basis, and that means the pool of potential victims is enormous.

As the report explains:

“There is likely to be an increase in attacks via malevolent email attachments using stealthily embedded, remotely hosted malicious components that leverage applications and operating system vulnerabilities, both old and new.

With CVE-2018-8174 and CVE-2018-5002, the attackers leveraged Word as a vector to exploit Adobe Flash Player and Internet Explorer.  By using Word as the vector, the attackers were able to exploit a browser, even if it is not the default browser, and exploit Flash, even though Flash is blocked by most enterprises…Microsoft is therefore undoubtedly going to become the platform that attackers leverage most to deliver their zero-day exploits.”

All true, and beyond troubling.  If your business uses Microsoft Office or Office 365 (and odds are excellent that it does), continued vigilance is the key.

Why (and How) SMBs Should Strategically Adopt Technology

There is no question that a small business can benefit from technology, as has been proven time and time again. However, an issue can arise if a business bites off more than it can chew, so to speak, and ultimately creates a spike in costs. A responsible business owner will resist this temptation and prioritize the solutions they need over the ones they want – building profitability and generating capital needed to make other improvements.

In this blog, we’ll examine some of the implementations that can deliver a good return on investment to a small business.

Managed IT Services
For the small or medium-sized business seeking maximum value for their dollar, managed IT is a great choice. For a predictable, scaled monthly fee, a managed service provider (also known as an MSP) will make sure that a company’s information technology solutions are functional before a problem or issue arises. What’s more, a relationship with an MSP can also provide invaluable access to specialized vendors, enabling you to leverage some of the best solutions available.

As alluded to above, one of the biggest values that an MSP provides is in the hands-on experience that its technicians have, both on-site and remotely. A company whose solutions aren’t in working order is a company that is hemorrhaging money via downtime, and so it is crucial that a company in this situation has the means to resolve and ideally avoid downtime, continuing its productivity and revenue generation.

One of the biggest benefits to investing in managed IT services is the speed at which you will see a return on that investment. Comparing the cost of an MSP’s services to the multitude of costs that these services help you avoid will help to illustrate how much an MSP can help you. How much are you spending on break/fix services, hiring and onboarding an in-house technician, updating and upgrading your hardware and software, and weathering downtime? All of these costs can be consolidated and/or eliminated with an agreement with an MSP.

Hybrid Cloud
The cloud is growing at an explosive pace, and for the business or organization with specific needs where accessibility and security are concerned, a hybrid cloud platform may be the best strategy to leverage this industry-shaking technology. Private clouds, while secure, are costly to implement and maintain. Public clouds are more affordable, but there are some major concerns among businesses at the thought of blindly entrusting crucial data to another organization. While the security of such methods is improving, there is an understandable need for control among many business owners that disqualifies the public cloud as a viable option.

The hybrid cloud is the integration of these two halves, joined together to eliminate the downsides while preserving the advantages. This also provides control over a business’ data and applications while allowing the scalability to leverage it as needed. Arguably best of all, the hybrid cloud can add the productivity that your business needs to increase revenue and profits. These reasons are large contributors to why the hybrid cloud is swiftly being considered an inevitability for all businesses by many industry experts.

Bring Your Own Device (BYOD)
Nowadays, just about every business has a wireless network. This has led, in conjunction with every employee coming to work with a smartphone in their pocket, to a need to manage the devices that connect to that network. Allowing employees to utilize their personal devices for work purposes brings great benefits but requires a solution to help eliminate the risks and threats that these devices bring in from the outside. There is also no shortage of incidents where inappropriate and shortsighted mobile behaviors on a wireless network have brought issues to a business. This is why you need to take the necessary steps to protect your network through the enforcement of BYOD policies.

A BYOD policy needs to take many things into account to be seen as having a worthwhile value to the organization, from how many devices are being brought into the company to the cost of the mobile device management software to the affect that introducing these devices into the workflow has on productivity and collaboration.

Of course, you should also keep in mind that some employees and most of the visitors you receive to the office will see no problem in using your business network to access things that aren’t conducive to your business operations, eating up resources that should be used for other things. This is why any BYOD implementation also needs to see to including access control and permissions within its mobile device management policies. This will provide you with benefits from heightened efficiency to enhanced security, leading to a potential boost in revenue generation – all the while enjoying the diminished costs that leveraging BYOD provides to your business’ budget.

It’s true that adding new technology solutions to your business can carry a hefty expense with it, but the right solutions can offset that cost with improved company operations and diminished security risks. The professionals at Net Activity, Inc. have the experience and know-how with IT solutions to ensure that the right solutions are the ones that go into your business, in the right way.

For more information about some of the things we can help you to improve in your organization’s IT, give us a call at 216-503-5150.

Updates and Patches are Critical to Your Infrastructure’s Security

When you get a new device, you’re getting more than just the physical device and whatever software is currently installed on it. You’re also getting any updates and patches that the manufacturer and software developers release. However, many users neglect to incorporate these key improvements. Today, we’ll go over why updates and patches are so crucial.

Why They Matter
When you first come into possession of a new device, whether its a PC workstation, laptop, tablet, or other mobile device, it comes with certain protections against threats and malware. However, these threats are constantly improving in order to overcome these protections, and furthermore, these protections aren’t always perfect.

As a result, if nothing is done, your device will swiftly become vulnerable to threats, and you will experience the ill effects that this malware causes.

This is precisely why manufacturers and software developers work to improve their creations, releasing their improvements in the form of security updates and software patches. These updates and patches are their retaliation against the malware developers and distributors who actively work to overcome the security that the devices you use have in place.

The Difference between Updates and Patches
While they serve largely the same purpose, there are a few key differences between patches and software updates. While both ultimately are intended to resolve security issues, the scope of these processes are different.

Patches are more or less what they sound like: a quick fix that covers a hole in your business’ security until a more permanent solution can be implemented. The software update is the relatively more robust solution, taking the patch and incorporating what it fixes into the new version of the software.

It isn’t uncommon for you to be prompted to install these enhancements as they are released. This only makes sense, as the developers of patches and updates don’t want to be held responsible for a user falling victim to whatever the patch or update was supposed to fix simply because the user wasn’t notified that a fix was available.

We’re Here to Help
Admittedly, when faced with the choice to install an update or patch and wait for the process to complete, or take that time and make progress on some of your work tasks, it can be very tempting to let the patch or update wait for a more opportune time.

At Net Activity Inc., we’re available to install these crucial updates and patches when your workforce isn’t active at their workstations. For more information on how we can assist you in your patching and updating, reach out to us at 216-503-5150.

All Work and No Play Makes Fewer Opportunities

The office is a workplace, so it most likely isn’t a place that is often associated with fun and games. However, different aspects of games have been shown to provide significant benefits when introduced into the professional environment. Today, we’ll explore some of the ways that a little frivolity may benefit your office.

How Games Can Be Used
Just as classrooms devise games to reinforce lessons, the same strategy can be used to help employees engage with and embrace a given task. Research already supports the idea that the happier the worker is, the harder they work. Why not promote that with some entertaining games? Furthermore, a workplace that welcomes some playfulness can present a few other desirable outcomes as well, including an influx of fresh talent, decreased stress levels, boosted motivation, and improved workplace relationships – or in other words, games can make people in an office more enjoyable to be around. As an added bonus, it also promotes the kind of behaviors that will benefit the workplace in its normal operations. These behaviors include the willingness to collaborate and the readiness to create something new.

Reflecting on these factors, it makes sense that many companies today find the time employees invest in playing games to be well worth it.

Understanding ‘Gamification’
This integration of games into the workplace is referred to as gamification. Chances are, you’ve experienced it yourself, or would at least recognize a few examples of it in action. For example, was part of your on-the-job training presented as a computer program, with quizzes that needed to be passed in order for you to progress? Have you ever participated in a team-building exercise that involved a group of people tossing a ball back and forth, the person who possessed the ball sharing a little about themselves?

These are just a few examples of gamification. By leveraging the innate cravings that the human psyche has, like community, self-validation and improvement, or even your employees’ FOMO (Fear Of Missing Out), this methodology can improve a team’s productivity and boost morale and satisfaction on an individual level.

Some Basic Workplace Games to Start With
If you want to try to utilize gamification tactics in your office to reap some of its benefits, you will first need to determine what it is you intend to accomplish through introducing a game element. Do you mean to boost communication among the members of your different departments? Are you trying to encourage them to work more as a team? Or is your goal to simply allow your staff to blow off some steam before it negatively affects their performance?

While this may sound like you’re putting too much thought into playtime, it is actually an important consideration. Much like the “joke” that a game like Monopoly can ruin friendships, you want to be sure that your chosen activity is conducive to accomplishing your goal, and won’t actually have the opposite effect. If you’re trying to inspire a team to work together, maybe playing a game of basketball between departments or sending each department on a scavenger hunt around the office would be a wiser, more effective strategy. Alternatively, if you are looking to inspire some interpersonal competition, maybe a more competitive activity would be a better option.

Games That Help Company Culture
Here are a few basic games meant to boost spirits and coworker understanding in the office to get you started:

• Two Truths and a Lie – This simple game is summed up in the title. Each participant writes three facts about themselves on a slip of paper, two of which are true and one being false. The rest of the group guesses who wrote these facts, and which of them is the lie.
• Secret Mission of the Day – In Secret Mission of the Day, each employee receives a message detailing their task for that day first thing in the morning. These tasks may be to slip a particular word into conversation or some other benign prank, while others may receive a warning and be told to identify the person carrying out a particular task. For instance, a group of employees may each be given an uncommon word (like woebegone or logomachy) and be told to use it in a meeting five times, the winner being the one who isn’t called out on their use of the word.
• Treasure Hunt – While this will take a considerably larger amount of forethought and planning, this activity can be a great way to get your employees thinking, working together, and sharing a positive experience. You can even reap some bonus team building benefits by gathering some of the creative types in your office to create the clues that their coworkers will need to follow. Hiding objects, devising riddles, and other challenges will make the treasure hunt ultimately more challenging, and ideally, more fun.

Gamification Can Help Sales
Utilizing games can help keep salespeople competitive. By setting quotas and a point system, you can have your sales team work towards earning rewards. You can establish an expectation of a certain quantity in sales each week or month, and then have a few rewards (gift cards, bonuses, or free lunches, for example) for the highest performers.

Tracking sales on a whiteboard or better yet, a flat-screen on the wall can help keep everyone’s eye on the prize. Longer term or more aggressively set goals could even lead to comparatively larger prizes; if a salesperson doubles their quota one month, they could be rewarded a cruise. You win, because they out performed and made the company more revenue, and they win, because they get to celebrate it a few miles offshore on the company’s dime.

Gamification Can Help Support or Customer Service
Similarly, a little friendly competition can help improve customer support. This can be a little more complicated, as you’ll need to come up with the KPI (Key Performance Indicators) of your staff to determine exactly what goals you are setting for the game, but it’s a great way to get everyone working towards the same goal. For example, if your goal is to get a customer answered and off the phone within three minutes, you could reward a point for each case where that happens. Then determine an average number of points a single employee should earn, and offer prizes and kudos when that is exceeded. Other examples might be having projects come in under budget, collecting shining reviews from customers, or exceeding other expectations. When you introduce fair and friendly competition in certain situations, it can lead to more getting done the way you’ve always intended it to.

What other team building activities and games can you think of to help bring an office together?

Google Cracking Down On 3rd Party Browser Extension Installs

Malicious code can wind up on your PC or phone by any number of roads.  Companies do their best to guard the digital passes, but invariably, things get missed and the hackers find a way in.  It’s a constant battle, and sadly, one that the good guys are losing.

Recently Google has stepped up its efforts, this time by focusing on Chrome browser extensions installed by third parties.  By the end of the year, no extensions will be allowed on Chrome except for those acquired via the Web Store.

James Wagner, Google’s Product Manager for the Extensions Platform, had this to say on the topic:

“We continue to receive large volumes of complaints from users about unwanted extensions causing their Chrome experience to change unexpectedly – and the majority of these complaints are attributed to confusing or deceptive uses of inline installation on websites.”

It’s a thorny problem, but industry experts broadly agree that Google is taking the right approach here.  Beginning in September, Google plans to disable the “inline installation” feature for all existing extensions.  The user will instead be redirected to the Chrome Web Store where they’ll have the option to install the extension straight from the source.

Then, in December 2018, the company will remove the inline install API from Chrome 71, which should solve the problem decisively.

Of course, hackers being hackers will no doubt find a way around that, but kudos to Google for taking decisive action here.  While browser extensions aren’t a major attack vector, it’s troublesome enough that Google’s attention is most welcome.

It should be noted that one of the indirect benefits of Google’s plan is that it further bolsters the importance of user ratings of extensions.  They’re highly visible on the Web Store, so anyone who’s considering installing something has a good, “at-a-glance” way of telling whether the extension is good or a scam. That’s information they wouldn’t get had the extension been installed inline.

Again, kudos to Google!

IT Budget Planning for Your Small Business

Over time, as technology has become a greater part of business operations, IT budgets have continued to grow, with small to mid-size companies generally outspending larger organizations when allocating dollars for technology investment. According to the State of the CIO report, the average small business (less than $50 million in yearly revenue) is investing 6.9% of their total annual budget on technology. Regardless of the actual dollars spent, the goal of any organization is to make wise and judicious decisions when planning IT expenditures. Like a project plan or IT roadmap, your IT budget provides direction and a holistic view of your department and its funding requirements. It lets you quickly determine whether resources are over committed in one area or another, and in the case of department-level IT budgets, lets you compare what you’re spending versus similar departments.

In order to produce a reliable IT budget, it’s critical that your organization lay out an IT investment strategy that aligns with the specific short and long-term goals of your organization.  Aligning these goals with the basic budgeting priorities that lay in front of you can be a challenge; here are suggested steps to keep in mind throughout the process. These steps will help you determine the best technology investments for the near-term, (we have a few suggestions), as well as keep your long-term investment strategy front and center.

First, make sure you have a clear picture of where you want to take your business, and what steps you need to take to get there. Start by looking at your business strategy over the next two to three years and determine which areas you plan to grow, change, or improve; this will help simplify the IT budget decision-making process, and make it easier to identify what new technologies and upgrades are the best fit for your organization.

Once you have your strategy in place, designate a member of your team to track IT trends and opportunities that might be available to your company.  Meet with this person regularly to discuss the key areas where your organization may need technological upgrades or changes.  Sit down regularly with this team member and list the key technology areas they should be monitoring based on your business needs. Are there new applications available that might enhance your business, or new web or wireless services to consider? What about your data warehousing?  Building this list allows you to assess what technologies are likely to impact your business and what growth opportunities they might provide. This list of technologies and opportunities is a way for you to narrow down your technology requirements and come up with a well-thought-out investment plan.

Once you have decided on a new IT spending plan, make sure to speak with a trusted IT consultant and run a cost/benefit analysis.  An expert can help you determine if your technology budget plan is realistic and whether or not there might be more appropriate solutions available to you. The 6-7% average budget mentioned above is a basic guideline, but the final number will depend on your company’s individual needs and goals.  Keep revisiting your IT budget every year, taking into account the cost of maintaining and supporting the technology you already have in place. It would be a huge mistake to use the same budgeting model year after year, without considering new technologies or current changes in the IT landscape (advancements in in computers, phones, tablets, POS systems, cloud storage, data backup, software etc.).  It’s critically important to monitor the newest in tech advancements to ensure that your company is making the best technology investments to promote profitability and productivity.

Next, create a list of those IT investments that you can not only afford, but will also help you achieve your stated business goals. Every business is different, and the technology that your organization decides to use should fully meet the needs of individual departments while still being flexible enough to integrate new technologies as needed, without compromising daily business operations. This is where your assessment and planning can really pay off, helping you determine where to best spend your technology dollars. Key areas you might consider for further IT budget and investment are cloud and mobile computing, Internet of Things (IoT) and advanced cybersecurity protection.

• Cloud Computing. These days, most businesses rely on cloud applications for streamlined operations. Cloud computing allows you to set up what is essentially a virtual office to give you the flexibility of connecting to your company anywhere, any time. Cloud technology is still relatively new and comes with its own set of risks – security, compliance, privacy. But the advantages are paying off as organizations from all different industries migrate away from the traditional IT model. With the growing number of web-enabled devices used in today’s business environments, access to your data is easier than ever. Cloud computing offers potential reduced overall IT costs, scalability, business continuity, collaboration efficiency, flexibility of work practices, access to automatic updates, and much more.
• Internet of Things. Despite being in its early stage, the Internet of Things (IoT) is already demonstrating a significant impact on the budget and technology planning decisions in all business sectors, and more than half of all businesses have made some investment in IoT devices. According to Gartner, Inc. more than 20.4 billion connected devices will be in use worldwide by 2020.  This explosive growth in IoT devices offers your business new opportunities to track and measure how your customers are consuming products and services, as well as track inventories, minimize system downtimes, and monitor facility and maintenance performance. By adopting IoT technology as early as possible, you’ll be giving your organization the ability to mine useful data from systems and devices that will become critical to future growth. For smaller businesses, starting small is a good first step.

• Mobile Computing & Devices. Many organizations and their employees are spending IT dollars on premium smartphone and tablet devices, as PC replacement rates continue to fall. During 2018, well over 200 million Americans will use a smartphone. And that number is projected to grow to over 80% in three years (Statista). Most cell phones and tablets have the capability of performing many tasks that a computer can. This allows for flexibility and availability, keeping employees and managers from being glued to a computer desk to perform their work. Another investment to consider in mobile computing technology is responsive optimization of your website(s). Without mobile optimization, most websites look and act unwieldy and make it a hassle for potential customers to use, potentially even driving them away from using your services altogether. Your website is the first impression of your business and its optimization is an invaluable and necessary investment.
• Advanced Cybersecurity Protection. As reliance on IoT and cloud technologies increases, so will cybersecurity budgets.  Within IT departments, a premium is being placed on security spending. Fifty-three percent of respondents said security will be a top priority in the 2018 budget.  This isn’t terribly surprising after high-profile 2017 breaches like the WannaCry, or WannaCrypt, attacks and the Equifax consumer data breach.  A Gartner study predicts that global expenditure on information security will grow to $96 billion in 2018, up from $86 billion last year. So, what should all this money be spent on?   As a small business or organization, you don’t want to lose customer data or let malicious groups take over your systems. Cover all the basics, including safeguarding sensitive business data and minimizing the risk of malware attacks.

Once you’ve decided on investment in a new IT project, do a proper risk analysis. When investing in any new technology project take the time to do a complete risk analysis. The project that offers the greatest benefit may also be the one that requires the most time, money, and staff, and investing in one large project may mean you don’t have the resources to invest in others. Make sure you have identified the likely risks associated with the project, quantified the cost of these risks, prepared an appropriate response, as well as documented the analysis and plan. By performing this analysis and planning for possible overruns, you’ll have a more realistic idea of the costs and delays you could be facing. If the project comes in on time and on budget, it will be a pleasant surprise!

Finally, continue to update your IT budget and investment plan and monitor new technology developments. The last thing you want is an aged IT strategy that misses out on the current opportunities in the marketplace. Keep in constant communication with your trusted IT advisor, and once you embark on a project, update your investment plan with new deadlines or cost estimates.

As a small business owner or manager, its critical to remember that your IT expenditures are an investment into the operations and flow of your organization, rather than a cost of doing business. Instead of looking at the budget solely as an administrative process, regard it as a validation and support tool for your IT strategy. If you don’t have a formal or informal IT strategy in place, the budgeting process is as good a place as any to start investigating areas for improvement that will be cornerstones of your first attempts at more strategic IT management.

At Net Activity Inc., we are here to assist you in making the most of your IT assets and investment planning; let’s build your new IT strategy together. Contact us today to get started.

New InvisiMole Malware Turns Your System Into A Video Camera

Another week, another new threat.  This time, in the form of a new strain of malware that researchers are calling InvisiMole.  The new threat was discovered by researchers at ESET, who found it on a number of hacked computers in Russia and the Ukraine.

While the researchers have yet to trace the software back to the group that developed it, based on the available evidence, the campaign appears to be tightly targeted and highly selective.  Only a few dozen computers have been found to be infected, although all impacted systems are both high-profile and high-value.

As for the software itself, it’s a nasty piece of business capable of quietly taking control over an infected system’s video camera and capture audio. This allows them to both see and hear anything going on in the vicinity of the system.  Essentially then, InvisiMole turns your computer into a compromised Amazon Echo.

Based on the sophisticated design of the software and the fact that the researchers have yet to be able to trace it back to the source, it’s believed that it has been developed by (or at least in partnership with) an unknown state actor.  Although the current campaign is small and highly targeted, given its capabilities, InvisiMole could easily become a much more serious threat.

Even worse, it’s entirely possible that the original developers could lose control of the code, or that some other hacker group could reverse engineer it, causing it to spread far and wide.

Research into the software is still ongoing, and at this point ESET can’t say with certainty how the malicious payload is being delivered to target machines. Of course, at present, there is no antivirus software defense against it.  Stay on your guard.  You never know who might be watching.

Study Shows Employee Satisfaction Is Higher With Technology Improvements

A new study recently published by HPE Aruba called “The Right Technologies Unlock The Potential Of The Digital Workplace,” reveals some interesting details about technology in the workplace that’s worth paying attention to.

The study was conducted by collecting feedback from more than seven thousand companies of various sizes around the globe.  These were broken broadly into two groups: “Digital Revolutionaries,” which made more and better use of cutting edge technology, and “Digital Laggards” which were slower to adopt the latest and greatest technologies.

The headline statistic is that 51 percent of employees working in companies employing more technology reported greater job satisfaction, and an impressive 72 percent of employees in these companies reported a greater ability to adopt new work-related skills.

Other intriguing statistics include:

• 31 percent of respondents in the “Digital Laggard” category indicated that tech aided their professional development, compared with 65 percent in the “Digital Revolutionary” category
• 92 percent of respondents said that more technology would improve the workplace overall
• 69 percent of respondents indicated a desire to see fully automated equipment in more widespread use in the workplace

Joseph White, the Director of Workplace Strategy, Design and Management at Herman Miller said in a press release:

“No matter the industry, we’re seeing a move toward human-centric places as enterprises strive to meet rapidly changing expectations of how people want to work.  This depends upon combining advances in technology -which includes furnishings- with the cognitive sciences to help people engage with work in new ways.  This will not only mean singular, premium experiences for individuals, but also the opportunity for organizations to attract and retain the best talent.”

The study notes, however, that cyber security issues remain as challenging as ever.  Survey respondents reported lower than average cyber security awareness, which could lead to greater risks and exposure as workplaces become increasingly digitized.

While a small majority (52 percent) of respondents reported thinking about cybersecurity often (daily), fully a quarter have connected to unsecured WiFi and one in five reported using the same passwords across multiple web properties. These are the two most dangerous cybersecurity-related behaviors.

Clearly, increased technology has its risks.

Has Malware Made a Home in Your Router?

Hackers and cybercriminals, like most people, tend to gravitate towards high-reward activities. In this case, that means that focus is turning to creating malware that attacks the router, potentially infecting the users that leverage it to connect wirelessly to the Internet. Researchers at Kaspersky Lab recently discovered an example of such a malware, so today, we will review this threat and how to best protect your network.

Slingshot
This threat, codenamed Slingshot, targets MikroTik routers and utilizes a multi-layer attack to spy on the PCs connected to the router. By replacing a library file with a malicious alternative that subsequently downloads other pieces of the malware, Slingshot is able to bypass security solutions unscathed. It then launches a two-pronged attack, one leveraging low-level kernel code to give an intruder carte blanche access to a system, the second managing the file system and preserving the malware – allowing it to continue.

If this sounds impressive, it is – not only does this attack access additional code from an encrypted virtual file system, it does so without crashing its host. This quality and complexity led the security experts at Kaspersky Lab to conclude that this attack was state-sponsored. Based on reports, this malware can collect just about any data that it wants to from its target, from keystrokes to passwords to screenshots to network traffic.

According to MicroTik, their routing firmware has received a patch for this vulnerability, but it is still unknown if routers from other manufacturers are affected. If they have, Slingshot could suddenly become a much larger issue than it already is.

Other Router Malware
Of course, Slingshot isn’t the only issue that affects router security. The fail-safes and security measures baked into routers have been historically unreliable. This can largely be attributed to manufacturers building numerous products with no comprehensive strategy concerning their security and keeping it up-to-date. However, this doesn’t mean that the user is off the hook, either. It is up to them to actually update the router’s firmware, not something that is necessarily their first, second, or even twenty-third thought. Furthermore, the updating process can often be challenging, as well as time-consuming.

Hackers will often change the DNS server setting on a router in order to attack a network. Rather than directing you to the secure website you are trying to navigate to, the altered DNS will instead send you to a phishing site. Since these sites are often convincingly created and designed to fool their targets, you may not realize you are being victimized until it has already happened.

In addition to attacks like these, hackers will also often use methods like barraging their targets with ads or infiltrating them via drive-by download. Some attacks leverage cross-site request forgery, where a hacker will develop a rogue piece of JavaScript that will attempt to load a router’s web-admin page to alter the router’s settings.

How to Mitigate Damage to You
If you suspect that you are the target of a router-based attack, your first step should be to confirm that something is wrong. While there are assorted ways to accomplish this, the most effective is to check if your DNS server has been changed. To check, you’ll need to access your router’s web-based setup page, and from there, the Internet connection screen. If your DNS setting is ‘automatic,’ you should be okay. However, if it says “manual,” with custom DNS servers entered, you may have a problem.

In order to mitigate damage in the case of compromise, you’ll need to make sure that your router matches the specifications set by the manufacturer. To do this, make sure you:

• Promptly install firmware updates: Keeping your router’s firmware up-to-date will assist you in keeping your router secure.
• Disable remote access: By disabling the capacity for your router to be accessed remotely, you prevent the chance of someone changing the settings without your knowledge.
• Disable UPnP: While there is definitely some convenience to be had with the assistance of plug and play capabilities, UPnP could lead to your router becoming infected, as it is predisposed to trust any requests it receives.
• Change your access credentials: A simple means of upping your security is to change your access credentials away from the router defaults.

If you want to know more about your cybersecurity, the professionals at Net Activity are there here to help you keep your network and infrastructure safe. Call us at 216-503-5150.