Contact Us Today!   314.394.3001   |   info@andersontech.com

Quotables: Why We Must Leave Windows 7 Behind (VAR Insights)

/in , , , /by

A timely recommendation from Anderson Technologies’ Farica Chang provides education and advice regarding the January 14, 2020 Windows 7 End of Life date.

A few thousand dollars spent now is better than tens or hundreds of thousands demanded by ransomware and the loss of confidence your clients in the future.

Read the full article on VAR Insights’ website:

https://www.varinsights.com/doc/why-we-must-leave-windows-behind-0001

Are you in need of expert IT consulting?  Anderson Technologies is a St. Louis IT consulting firm that specializes in system administration for small businesses.  Let us help you today!  Give us a call at 314.394.3001 or email us at info@andersontech.com.

What are Quotables?  This is a category in our posts to highlight any professional publications that benefit from our expert IT consulting advice and quote us in articles for their readers. 

windows 7 end of life windows 10 upgrade

End of an Era: Saying Sayonara to Windows 7

/in , , /by

January 14, 2020. Today marks the end of an era. As of today, Microsoft no longer offers support for its Windows 7 operating system.

If you’re still hanging on to outdated hardware running Windows 7, you’ll no longer receive updates, attack countermeasures, and security patches.

Your Windows 7 machines—and entire network—will be vulnerable to new breaches, exploits, malware and viruses.

It also means that, starting today, no Windows 7 computer is HIPAA compliant. Using hardware that cannot be protected with patches and updates means the Security Rule is not being followed, and if a breach does occur, you’ll probably be liable.

Anderson Technologies recommends upgrading all Windows 7 machines and other Microsoft offerings that also reach End of Life today, including Hyper-V Server 2008/Hyper-V Server 2008 R2 and Windows Server 2008/Windows Server 2008 R2.

What’s the Big Deal?

Businesses and organizations in every field should take end of support for an operating system seriously. Cyber crime is on the rise, and while many criminals continue to target anyone who will click their bait, many more see the value in targeting vulnerable access points to a network, knowing that the data and additional connections they unlock can really pay off. Recently, hundreds of nursing homes and veterinarians lost access to patient data, and multiple municipalities in Texas were effectively shut down due to their software and cloud providers being compromised by ransomware.

It’s not a question of if you’ll be targeted, but when.

For any business, staying up to date on all security and software patches is an essential part of the electronic era. After today, anyone running Windows 7 is holding the door open for cyber criminals once the newest zero-day threat is identified and exploited. Don’t count on your cyber insurance to cover any ransom or damages you incur in the event of an attack. Many cyber insurance policies require businesses to have certain security measures in order to pay out, and an updated and patched OS is one of the most basic protections you can have.

If you operate in the healthcare vertical, staying up to date is not just important, it’s the law. Under HIPAA, any Covered Entity or Business Associate must comply with the same standards. Having patched and routinely updated hardware is part of HIPAA’s Security Rule, and failure to comply won’t just mean trouble from cyber criminals. The Office of Civil Rights can levy significant fines for businesses that knowingly ignore cyber security guidelines.

In the accounting vertical, operating from an unsecured OS could leave you in breach of the FTC Safeguards Rule, and your client data will be vulnerable.

Staying up to date on all security and software patches is essential when fighting cyber crime. After January 14, 2020, anyone still running Windows 7 is inviting cyber criminals in through an unguarded, open door.

What Options Do I Have?

  • Extended Support for Windows 7. Microsoft’s extended support plan is only available to users running Windows 7 Pro or Enterprise through volume licensing. Contact your IT provider or Microsoft representative to determine if you are eligible. If you are, you can purchase up to three years of extended Windows 7 support, starting at $50-$100 per computer for the first year and doubling in price each year following. This is not a long-term fix, but it could allow you to spread out your upgrades over several years instead of upgrading your equipment all at once.
  • Windows Virtual Desktop. Microsoft is also offering three years of support for free with Windows Virtual Desktop. If you’ve been considering moving to the cloud, this might be a good time to look into Azure and reduce hardware costs.
  • Update OS to Windows 10. If hardware costs are holding you back from getting a fully-supported machine, updating your existing computers to Windows 10 might be the most cost-effective option to remain secure. Unfortunately, many computers running Windows 7 are not capable of efficiently running Windows 10.
  • Upgrade Hardware for Maximum Security. The most secure option moving forward is a secure OS (Windows 10) paired with up-to-date hardware built to run modern software and protect data.

If upgrades just aren’t feasible—maybe essential software isn’t compatible with Windows 10 or you’re operating on Virtual Desktop—security should be at the forefront of your mind. Move forward with updates and upgrades when you can, and until then:

  • Do not connect Windows 7 computers to the internet.
  • Don’t store client data on unsecure systems.
  • Back up your business data daily and make sure these backups are configured to adequately protect them against cyber attacks.

The time to act is now. Don’t be caught with your IT systems wide open to the next cyber attack. Upgrade to Windows 10 before it’s too late. Anderson Technologies can help. Contact us at 314.394.3001 or info@andersontech.com.

2020 Cyber Security Essentials Checklist

/in , , /by

The start of a new decade brings a sense of changing times and new beginnings. For your cyber security, it marks a good time to review how the state of cyber threats has changed since the time of Y2K or the 2013 Yahoo data breach. With the evolving threats and methods deployed in cyber crime, basic security standards have also progressed to keep your network safe. Do you know the basic security measures you should take to protect your business in 2020?

Download your copy of Anderson Technologies’ Cyber Security Essentials Checklist for 2020!

Verify everything!

We’ve talked before about the Zero Trust model for IT security. Even if you aren’t ready to bring your entire IT architecture up to Zero Trust standards, several of its security measures are now common-sense protections against modern cyber threats.

MFA

Multifactor Authentication (MFA) is quickly becoming the gold standard for preventing unauthorized access to your systems. In an age of Have I Been Pwned’s free credential checking and the all-too-often reuse of passwords, the question is no longer if your usernames and passwords have been stolen, but when and which ones.

MFA is the most basic way to prevent someone with stolen credentials from accessing your systems, and comes in various iterations, from an email or text code to authentication apps and security dongles like or RSA SecurID tokens. It’s a simple measure that ensures the bad actor needs more than a stolen credential to compromise your systems.

Access Controls: Minimum Necessary Use (Need to Know)

The days of free access within an organization are over. Clearly defining user roles and necessary access permissions is essential. There’s no reason for an intern to have the same access to your systems as the office manager or IT staff. Segmenting user access to the minimum necessary for their job performance means that if one employee is compromised, the bad actor won’t be able to reach every part of your business.

Stop Viruses and Malware in Their Tracks!

It’s common knowledge that anti-virus and anti-malware are required in this day and age, but remember that if your software firewall or anti-virus program catches an intrusion, the threat has already made it into your systems.

Know Your Hardware

Businesses need to understand the difference between a hardware firewall and a software firewall. You need to have the best protection against cyber threats, but many business owners don’t realize they are missing the necessary hardware firewall. Go to your IT closet and take a close look. Can you identify your modem, router, and hardware firewall? They are three different pieces of equipment, and if you aren’t sure which is which, talk to your IT staff or MSP to make sure all three are in place and properly configured for maximum protection and minimum interference.

Training and Filters

Firewalls and anti-virus programs won’t be of much use if an employee clicks a link in a phishing email and lets the bad actors in. Blacklisting certain websites and installing email filters like Proofpoint are great first steps for keeping malicious links and emails from getting through, but the biggest way to prevent phishing is training your employees how to recognize it. These tactics are too prevalent not to invest in comprehensive employee training.

Update! Update! Update!

Nothing invites bad actors into your systems like an unpatched computer, such as Windows 7 which stops receiving updates after January 14, 2020. Security updates are not just slight improvements; they often fix known bugs and zero-day threats that bad actors can use to infiltrate or bypass the implemented security safeguards. Without keeping up to date with your security updates, criminals can exploit unpatched vulnerabilities to breach your security and either install malware on or extract valuable and private information from your systems. So, when an update appears, make sure it gets installed right away and upgrade un-supported software as soon as possible.

Be Prepared for a Breach

The era of small businesses being too little to be profitable to hackers is long gone. Small, medium, and large business are all targets for cyber criminals and it’s essential to think not in terms of if you are breached, but when you are breached. How can you mitigate the risk or minimize the damage a breach could do to your business?

Backups

No business in 2020 should be without comprehensive and secure daily backups of their IT systems. Properly configured and tested backups are your insurance against ransomware and natural disasters. If you know you can restore all your data effectively and quickly from backups, there’s no need to pay a ransom for the hope you can get all your data back.

But don’t just grab the first out-of-the-box backup solution you find. Make sure your backup provider doesn’t keep only one iteration, meaning if your backup gets infected, you have no other options. Configure the solution correctly to back up all the information you need.

Encryption

If you are in a HIPAA-regulated industry, encryption is not optional. It’s the best way to prevent unauthorized breaches when mobile devices and laptops are lost or stolen. A properly encrypted laptop lost on a business trip isn’t a breach even if ePHI is on it, since the encryption prevents anyone who finds the machine from accessing the data.

Encryption is a good idea for any business that uses laptop and mobile devices for work purposes. The last thing you need is someone finding a lost phone or laptop and suddenly having access to sensitive business information or programs.

The Daily Routine

Sometimes it’s the little things that end up being the source of a cyber intrusion. These security measures may seem like common sense, but that doesn’t mean you shouldn’t have a clear policy for them. Failure to follow basic procedures everyday can open the door for cyber criminals.

Passwords and Password Managers

Reusing or only making minor alterations to passwords across applications is a major problem. Too many passwords are hard to keep straight, but people struggle even more to remember secure randomized passwords. This can lead to the worst-case scenario of employees writing down passwords that anyone could find. Having a long phrase or sentence the employee can remember is best practice, but if you have a lot of programs that require passwords, you don’t want employees using only one across the board.

Password managers like Myki or LastPass are a great solution to this problem. Employees can create the long, randomized alpha-numeric passwords, which are considered most secure, without the need to write them down or repeat the same password over and over. These services also provide apps for mobile phones so employees don’t need to be at the desk to access their passwords.

Screenlocks

Not every company institutes a screenlock timeout procedure for their business, but it’s a simple and effective security measure, especially if parts of your business are open to the public (HIPAA requires it). Even if you don’t have any public areas, screenlock policies can prevent insider threats from gaining access to an employee’s computer or information simply because they forgot to lock the computer before they left their desk. Make sure the screenlock requires a password and isn’t delayed to the point it’s useless to protect your information.

If you don’t have these basic policies and procedures in place, it may be time to re-evaluate the security measures you are using. Were they created for a different time and threat landscape? Can they continue to protect you against modern cyber crime? If not, it’s time to step up your basic security measures and stop criminals before they sneak into your business.

 

If you need help determining if your current security measures are adequate to protect your business, contact us today for a free consultation!

Robots? Working with Me? It’s More Likely Than You Think

/in , , /by

Remember Roomba? Maybe you have one, zipping around your home, getting caught under furniture and amidst wires. That seemingly simple machine, armed with programming and dust-sucking, became seamlessly integrated in the lives of millions. But even at the height of the Roomba revolution, there wasn’t a lot of talk about smart vacuums stealing our jobs or taking over our homes.

Everyone is fascinated with artificial intelligence right now. It is hard to deny the buzzword power of the term. Tinged with fear or awe, AI often feels like the answer to everything—or our impending downfall.

The reality is far from either. As it stands now, AI like the programming in Roomba, or Roomba’s grown-up relatives found at Walmart and Giant Foods, is a powerful tool. Limited to specific tasks or deep learning, AI may just be the best coworker you’ve ever had.

Is AI Coming for Our Jobs?

Here’s the truth: For employees whose primary job function may easily be replaced by single-task AI, the job hunt may be on. Computer-screen ordering interfaces and shipment-sorters may in fact reduce hours for the humans who previously held those positions and others like them. Fortunately, many businesses are utilizing AI as an opportunity to free their employees for more complex and customer-facing tasks.

For every job that might be eliminated or reduced, there are many more that just don’t work without human hands and minds.

And because thankless tasks are becoming automated, human workers can now spend their time and energy immersed in the more creative aspects of their jobs.

AI and IT: Working Together for You

It may not surprise you to learn that IT is currently the field most welcoming to our AI coworkers. For IT managed services firms that balance the cutting edge with enhanced security, a cautious approach still finds that within specific, defined roles, AI provides valuable services.

Tools like firewalls, antivirus, and remote monitoring, among others, are IT staples that frequently employ AI. There is a firewall AI, for example, that can be programmed to track traffic patterns (volume, uploads and downloads, behavior on websites), and if something appears contrary to what has been deemed “normal” patterns, the associated software can automatically isolate a user’s workstation and alert a human team member that there has been a potential compromise.

Deployed on a larger scale, this type of monitoring and pattern-detecting AI frees IT professionals from manually watching the same traffic. This means billing hours go to solving problems and providing meaningful solutions instead of wondering if a large file download is suspicious.

AI also has the potential to detect patterns and flag issues that human experts can’t identify themselves. Given data sets and known problems, machine-learning AI may move the IT industry into truly predictive safeguards. If used widely, this could mean no more frantic break-fix calls after hours because AI team members have long since identified the developing issue, and human counterparts have already fixed it.

AI as part of a managed services offering doesn’t have to feel inhuman. As a tool utilized by humans in order to provide an enhanced, fuller package of IT services, AI improves experiences.

 

Do you have questions about AI and what it could do to improve your business’s IT systems and cyber security? Call Anderson Technologies today at 314.394.3001 or send us an email at info@andersontech.com.

malware - ecommerce times

Quotables: Windows 7 End of Life (E-Commerce Times)

/in , , , /by

Mark Anderson’s expert advice is featured in E-Commerce Times, providing context for the upcoming Windows 7 End of Life date.

The most visible threat to an unpatched OS is ransomware planted on your computer or network in an effort to extort money for returning your data. If you’re an etailer or other electronic business, losing your customer list, vendor information, and invaluable store data could leave you out of business for days, weeks or permanently.

Paying the ransom doesn’t ensure all the data will return or that you can return to normal operations in time to mitigate the costs. If you don’t have recent, secure backups that didn’t get compromised, your recovery options are severely limited.

Read the full article on the E-Commerce Times website:

https://www.ecommercetimes.com/story/86366.html

Are you in need of expert IT consulting?  Anderson Technologies is a St. Louis IT consulting firm that specializes in system administration for small businesses.  Let us help you today!  Give us a call at 314.394.3001 or email us at info@andersontech.com.

What are Quotables?  This is a category in our posts to highlight any professional publications that benefit from our expert IT consulting advice and quote us in articles for their readers. 

driverless car

AI: Should We Fear the Demon? (Not Yet)

/in , /by

The world of Artificial Intelligence (AI) may not have a more well-known figure than Elon Musk, entrepreneurial head of Tesla and SpaceX. In a 2014 interview, Musk stated: “With artificial intelligence we are summoning the demon. In all those stories where there’s the guy with the pentagram and the holy water, it’s like yeah, he’s sure he can control the demon. Didn’t work out.”

While Musk’s concerns haven’t been proven completely unfounded, AI today functions strictly within the realm it is programmed for. Becoming a “demon” with expanding abilities and intelligence out of our control is currently beyond its limited capacity. Even AI that is designed to “learn” only learns within the confines of what it has been specifically programmed for, and as driverless cars show us, learning and doing are two different things.

Driverless Limitation

One of the most glaring examples of AI’s current limitations is in the rise in autonomous vehicles. General Motors, Uber, Waymo, and Tesla’s Autopilot are only a few in the race to true self-driving cars. Driverless car software utilizes machine learning, and the software is far from perfect.

Recognizing a bicycle and then anticipating which way it’s going to go is just too complicated to boil down to a series of instructions. Instead, programmers use machine learning to train their software. They might show it thousands of photographs of different bikes, from various angles and in many contexts. They might also show it some motorcycles or unicycles, so it learns the difference. Over time, the machine works out its own rules for interpreting what it sees. – Zachary Mider, Bloomberg

But as much as a computer learns about what potential hazards might look and act like, computers still have no grasp of three basic concepts: time, space, and causality. This approach, while it does keep a self-driving car from becoming KITT or Herbie, also keeps self-driving cars from being truly 100% error free. Unlike human drivers, cars will never be able to fully understand consequences or anticipate randomized behavior that may be apparent from factors these cars haven’t been programmed to recognize.

And what about scenarios that self-driving cars aren’t being trained for? In October 2019, testing by AAA indicated that dummy pedestrians crossing the road were hit 60 percent of the time, even in daylight and at low speeds. Such obvious limitations should, and do, give users pause.

While self-driving technology may be improving in some ways, seven in ten Americans still have no interest in using—or even sharing the road with—driverless cars. Driver-assist technology, on the other hand, is far more popular. Human input and supervision, it seems, still offer something that machine learning cannot replicate. Driver-assist technology allows users to benefit from the areas where AI has excelled, such as alerting drivers when they veer from the center of a lane or back up too close to an obstacle, but humans still stay in control to make split-second decisions on the road.

Functioning in Limited Capacities

While driverless car technology dominates headlines, AI is being used successfully in more limited capacities. Where machine learning does excel is in analyzing data sets far too large for human processing.

Using publicly available data and AI, university student Anne Dattilo discovered two exoplanets. Footage from Kepler space telescope tracked “100,000 stars in its field of view.” Dattilo’s modified AI was programmed to identify and flag stars that, due to light fluctuations, appeared to have planets. Dattilo and human colleagues confirmed the findings.

Elsewhere, scientists are using AI to sift through audio recordings for the sounds of elephants in the rainforests. This data is then used to count the animals, helping to provide a more accurate picture of population and poaching rates.

These highly focused uses of AI have proven successful in accomplishing what humans alone could not. Success in the science field, however, doesn’t seem to translate to highways or a grander intelligence.

A Constrained Approach

Some researchers hold the belief that machine learning and AI as it exists now simply may not hold the keys to the change promised by innovators and fiction writers, and the ways AI has been used so far seem to support this.

According to skeptics like [Gary] Marcus, [professor of cognitive psychology at NYU,] deep learning is greedy, brittle, opaque, and shallow. The systems are greedy because they demand huge sets of training data. Brittle because when a neural net is given a “transfer test”—confronted with scenarios that differ from the examples used in training—it cannot contextualize the situation and frequently breaks. They are opaque because, unlike traditional programs with their formal, debuggable code, the parameters of neural networks can only be interpreted in terms of their weights within a mathematical geography. Consequently, they are black boxes, whose outputs cannot be explained, raising doubts about their reliability and biases. Finally, they are shallow because they are programmed with little innate knowledge and possess no common sense about the world or human psychology. – Jason Pontin, Wired

While AI may provide some incredible shortcuts in daily life and populate wells of information, these limitations mean that fears of an all-powerful, all-knowing “demon” remain far from tangible. The need for oversight and limits in AI is no joke, and Elon Musk may yet prove to be a technological prophet of sorts. But the truth is, we have no reason to fear our robot overlords today.

 

Are you interested in the ways AI can enhance your life and business? Are IoT devices creating gaps in your carefully maintained cyber security? Contact Anderson Technologies today for enlightened solutions to all your technological troubles. We can be reached by phone at 314.394.3001 or email at info@andersontech.com.

Downtime Lifeline: One Law Firm’s Battle with Outdated Tech

/in , , /by

When companies, non-profits, or entire city governments find themselves victims of cyber crime, it can feel like they’re frozen as the world moves on around them. This feeling, to a lesser degree, might also come as you’re sitting in front of your office computer every morning, twiddling your thumbs waiting for it to boot up so you can finally start your work day.

Ransomware looms as one of the biggest business tech threats of 2019. Organizations of all sizes are finding themselves in the cross-hairs of cyber crime actors who seek high payouts from insurance agencies and panicked data hostages. Why are some companies so quick to pay off the ransom?

Too often it’s the fear of downtime, or money lost while hackers obstruct you from your data and your business’s day-to-day operations. However, while ransomware dominates the tech industry news, a much more common and avoidable cause of downtime significantly affects organizations without raising alarms—outdated technology. A minute lost every time you try to access a file or launch your internet browser adds up quickly over the course of days and weeks. These wasted (and often-unnoticed) minutes can mean thousands in lost revenue for your company.

Let’s explore the real-life implications of business downtime due to hardware and software that has long been ready to be replaced. Luke Bragg, Lead System Administrator at Anderson Technologies, witnessed this firsthand.

Efficient Until Obsolete

A St. Louis business law firm reached out to Anderson Technologies in 2018 for help. Their old server was dying. It hadn’t been patched or updated in over a year, leaving it vulnerable to ransomware and other cyber attacks.

“Security was a major concern,” Bragg says. Slow speeds and cyber vulnerabilities were starting to impact the firm’s daily operations. Days after contacting us for help, the firm’s aging server experienced a catastrophic system failure and died altogether: “The server completely failed, and we had to keep them functional on emergency hardware while we put a new server in place.” Thankfully, the failure wasn’t caused by ransomware or another cyber attack, but the law firm felt how close they came to experiencing futile downtime.

Read more about the effects of downtime on a business here!

Downtime can be detrimental to any business, but some may feel the effects more strongly than others. Law firms constantly collaborate with other businesses and clients, as well as government organizations and the judicial system. Timing can be what makes or breaks a potential account. “Every business is different in how much downtime they can tolerate,” Bragg explains.

“This is a law firm, so their workflow is very critical with very little room for outages.”

Tell Old Tech to R.I.P. (Replace Itself Promptly)

The crashed server was a wake-up call, and acted as a jumping-off point for replacing more of the firm’s outdated hardware. Their workstations and wireless network benefited from a sprucing up as well.

Aside from the obvious security breaches, law firms and all kinds of other organizations suffer from negative effects of downtime due to antiquated tech. Employee productivity suffers when hardware is sluggish or undependable. Similarly, websites that aren’t mobile-optimized or user-friendly could turn away potential clients and impact your company’s digital presence.

Law firms especially run ethical risks when using outdated technology. “Technological competence” is a modern addition to the American Bar Association’s Model Rule 1.1. The last thing a law firm wants is a law suit because negligent treatment of the devices they use every day caused harm to a client. A big part of the work Anderson Technologies did for this law firm involved maintaining uptime and strengthening security during the hardware upgrade.

“Law firms tend to have constant workflows that are time sensitive,” Bragg says. “The key to success is being extremely detailed and properly communicating every step with the client so that scheduled downtime for things like network upgrades or system replacements is properly planned and the client’s expectations are factored into the equation.”

Anderson Technologies is now focused on replacing the firm’s outdated Windows 7 machines before the January 14, 2020, end of life deadline. “No other major projects are on the horizon at this point,” Bragg says, and the firm can rest easy knowing their new server is secure.

Businesses in need of a top-notch attorney wouldn’t wait until the last minute to seek out critical legal advice.  Similarly, this St. Louis law firm discovered the value of employing knowledgeable and proactive IT experts well before the threat of downtime surfaced.

 

You don’t want to find yourself drowning in downtime because of outdated technology equipment. To find out if your business could use a tune up, contact Anderson Technologies today.

5 Fraud Trends and How to Beat Them: Top Tips to Implement for Cyber Security Awareness Month

/in , , , /by

Every October, Cyber Security Awareness Month is a time to learn, assess, and make changes to protect yourself and your business from the latest, most sophisticated dangers. Beyond damages to reputation and production, monetary costs from cyber crime add up in the billions of dollars.

Stay safe and aware this October. Here are five fraud trends that you’ll want to know:

Fabrication

Synthetic identity fraud is a cyber crime long game. First, a hacker procures a social security number by theft or purchase on the Dark Web, and then fabricates an associated name, DOB, email account, or phone number. From there, the fake identity is legitimized and nurtured.

Once a fraudster is able to become an authorized user for lines of credit, a process that typically takes 5 months, the “bust-out” is ready to be executed. This leaves creditors and businesses with dummy accounts filled with credit card maximums, loans, and cell phone/utility plans.

Ransomware

Ransomware can send chills down the spine of any business owner, and for good reason.

Two cities in Florida were forced to pay over a million dollars in aggregate bitcoin ransom after losing access to phone and email systems for multiple weeks. A quick glance at data breach headlines on any given week will reveal SMB attacks as well. Ultimately, ransomware boils down to economics, and it will require a concerted effort by organizations to shift the paradigm, refuse to pay criminals, and protect data before attacks.

Business Email Compromise (BEC)

A sophisticated scam, BEC targets anyone who regularly processes requests for electronic fund transfers. The scammer compromises an email account through phishing or intrusion tactics and requests that transfers of funds or personal information such as W2 forms be sent immediately.

Because the request comes from a familiar face, and may even be routine, this scam is highly effective—and very expensive. As of July 2019, total dollar loss has exceeded $26 billion.

Account Takeover (ATO)

The commoditization of crimeware and “spray-and-pray” techniques have led to a higher frequency in breaches, many of which are executed by non-sophisticated hackers. Solving ATO fraud at the small and medium business level in today’s world requires purpose-driven teams and technologies that can protect your business in a smarter, more efficient way.

Dark Web

Security researchers estimate that in the first half of this year alone, over 23 million credit and debit card details were being sold in underground forums. What’s worse, nearly two out of every three originated in the United States (64%), followed by the UK (7%) and India (4%). Once such data dumps hit the Dark Web, cyber criminals will exchange stolen information and credentials in order to orchestrate damaging fraud schemes.

Now that you know some of the trends in cyber crime, here are several helpful solutions.

Guard yourself and your business against these threats. Here are our Top 12 Cyber Security Tips:

  1. Involve all stakeholders in raising cyber security awareness across your organization.
  2. Backup key data regularly and perform scheduled test restores to ensure their integrity.
  3. Enable multi-factor authentication company-wide and establish and enforce an appropriate password policy for all users.
  4. Install enterprise-grade anti-malware and spam-filtering solutions with anti-phishing capabilities across your network.
  5. Leverage internet content filtering to block phishy websites.
  6. Prepare for cryptojacking attacks.
  7. Purchase SMB security suites that include Dark Web monitoring.
  8. Assess your organization’s cyber security policies and procedures and review annually.
  9. Ensure that all third-party partners have cyber security protocols and policies in place.
  10. Build a cyber security incident response plan and democratize key information.
  11. Bind an appropriate level of cyber security insurance to cover your company in case of a breach
  12. Partner up with expert managed IT services providers to train your employees and implement the above.

Awareness and action go hand in hand. This Cyber Security Awareness Month, contact Anderson Technologies to protect your business from the newest threats, and enhance business functions every day.

AI: The Danger of IoT Data Collection

/in , /by

Smart cars. Smart lights. Smart shoes… Smart… water bottle?

The smart phenomenon that is the backbone of the Internet of Things (IoT) may be reaching coming-of-age.

In our previous introduction to artificial intelligence (AI), we discussed how machine learning has impacted the worlds of cyber security and research by processing millions of times the information a human worker can analyze in the same amount of time, detecting patterns and producing solutions.

How are these patterns detected? Patterns are determined by analyzing populated data sets. When it comes to consumers, where does that data come from?

The answer is smart speakers, smart thermostats, smart cars, smart lights, smart shoes, and yes, even smart water bottles.

These devices might make life a little easier, but they also collect data.

Similar to the practice of collecting data in exchange for free services (like social networking sites Facebook and Twitter), IoT devices provide a service to the user but also provides a glut of information for the developers. Developers state that this information is a tool for them to hone smart services, enhancing the users’ experience. It also happens to be true that the data collected by services and smart devices is worth a lot of money.

That isn’t to say that every single IoT device, or even every device referenced in this post, a) collects data, b) stores that data, c) stores that data in a way that connects it to a user’s identity, or d) monetizes or sells that data.

The real danger of IoT data collection frequently comes from users not being informed about what their smart devices are truly capable of.

Data for Dollars

The intersection of AI and IoT means that the massive amount of data collected on users is processed and patterns extrapolated. Those patterns amount to near-endless insights about identity, family, routine, device usage, shopping practices, purchase history, and search history.

Some makers of smart televisions use this information internally, providing users with tools and advertisements that are deemed beneficial and that they are more likely to be interested in. However, some sell that data to third parties. Facebook is now infamous for the internal and external monetization of user data. Companies like Cambridge Analytica sold processed data on the promise of hyper-targeted advertising possibilities and detailed demographic, and advertising susceptibility, breakdowns.

Are you planning an IoT purchase for your business? Anderson Technologies provides hardware and software consulting!

Data collected and the patterns gleaned from it are incredibly valuable to marketers . . . and cyber criminals.

And that doesn’t even cover the personal data lost in IoT breaches.

From smart homes to smart speakers to fitness trackers, security breaches of IoT devices have been in the news since smart technology began developing. Recent findings suggest that IoT devices are more susceptible to breaches than other technological devices. The 2019 Study on Third Party IoT Risk by the Ponemon Institute found that at least 18% of respondents experienced a data breach caused by IoT devices being unsecured.

For higher-value targets, unsecured IoT devices often act as an entry point into an otherwise secure internal network, and even if the network isn’t breached, IoT devices are often used by hackers to conduct Denial of Service attacks.

Are Data Collecting Devices Inherently Dangerous?

The fact is that there is a risk to almost any action. One of the hardest parts of being a digital citizen is staying aware of and educated about the tradeoffs you are making with your data.

Most smart devices or websites provide a service that is useful to the user. Whether the purpose of a device is information, connection, or convenience, the Internet of Things aims to streamline digital and physical life, which can be very attractive.

Insecure data and sale of personal information doesn’t have to be the norm. Many companies currently ensure that data collection is anonymized, keeping searches and voice commands tied to an algorithm rather than your name and face. In August 2019, the National Institute of Standards and Technology released their guide for cyber security recommendations for these devices, and with increasing public awareness of security flaws, the industry as a whole may be moving towards a more secure model.

For many, even the risks or sale of their data is worth the benefit of the smart device.

Despite news stories on privacy, breaches, and sale of data appearing daily, it doesn’t appear that the Internet of Things is going away.

Tips to Keep Your IoT Devices Safe

  • Fully research new IoT devices you plan to introduce to your digital ecosystem. Know the type and amount of data collected, how it is stored, and the history of the company building the device. Weigh potential risks against potential benefits.
  • Turn off tracking and reporting when you can.
  • Use Multi-Factor Authentication (MFA) to ensure that the only person accessing your account is you.
  • Protect your business and home networks with hardware firewalls and don’t use your IoT devices on unsecured WiFi.

 

Are Internet of Things devices a net positive for your business? Contact Anderson Technologies today for help using smart tools in a smart – and secure – way.

AI: Are We Planting the Seeds of the Robot Uprising?

/in , /by

Computer technology moves at a blazing pace. Blink once and the world of tech steps forward a light year. Blink twice and suddenly what was once cutting edge is now commonplace. No day is the same in the tech world as the standards, methods, and products constantly change and improve.

We’ve written previously about how valuable human data is to the tech industry. Whenever you spend time on your internet-connected devices, virtual scouts track and collect your data to build human profiles. This data provides a wealth of information to companies, data brokers, and even potential cyber criminals, which is one of the reasons it’s so important to stay on top of the latest tech threats.

Artificial intelligence (AI) is a tech-industry term that’s been thrown around more and more when discussing cyber security—especially by industry innovators like Elon Musk. Depending on who you talk to, this futuristic-sounding technology is either the solution to every problem or the biggest threat to you and your business’s digital well-being. The best response to emerging technologies like AI is education, so let’s explore this concept and empower you to decide what to implement in your corporate and personal lives.

What Is AI, Anyway?

Artificial intelligence, also referred to as machine intelligence or machine learning, is a branch of computer science that pushes technology to learn and solve problems from sets of data. It’s a big part of what makes “smart” technology so smart. Systems that use AI analyze data patterns to develop algorithms that make programs work more efficiently. This “intelligence” mimics the human brain’s ability to learn and apply information to new problems.

These algorithms power the technology we use every day: inbox filters, social media feeds, predictive text, online shopping recommendations, and virtual assistants like Alexa and Siri. If you’ve used Google Home or iMessage today, you’ve already experienced AI technology. For example, iMessage’s predictive text algorithm analyzes the patterns in your text messages and uses it to suggest words and phrases as you type.

Artificial intelligence has so many different uses, and its breadth allows more than just the information technology field to benefit. Manufacturing companies, financial analysts, and even biologists use AI to process data and identify trends that would take human minds years of constant dissection to solve.

Is AI Dangerous?

AI has gained a bit of a negative reputation from sci-fi books and movies, often portrayed as a menacing force of infinite knowledge that aims to dominate humanity. Projects like Sophia the AI robot give a pretty face to this mimicry of human intelligence. However, these real and fictional depictions are far from the most common ways AI is applied. Real-life AI technology is, for the most part, innocuous without human motives behind it.

Pop culture has fun anthromorphizing AI, but in reality, AI machines are limited to the data sets they’re built to address.

Credible concerns about AI are rooted in its human weaknesses. The goal of AI research and development is to mimic human reasoning so problems can be solved faster than humans could physically achieve. Like any technology, AI requires real people to design, program, and evaluate it.

Self-driving cars have been in the news for the last few years, and despite several pedestrian and driver fatalities AI research preserves the dream of autonomous transportation. Imagery algorithms for drone technology and surveillance software (like the facial recognition you might use to unlock your phone every day) power these autonomous processes that read and react to data sets. But even with a human driver in the front seat, self-driving cars can’t realistically predict events they haven’t been programmed to respond to.

Imagery technology tends to make people apprehensive about their privacy as well as their safety on the roads. Beyond scanning your tagged Facebook photos or unlocking your iPhone, facial recognition software has the potential to elicit a global response. Government and immigration agencies are already using AI technology to implement policies, regardless of negative implications on citizens’ privacy. And the phenomenon of “deep fakes” has revealed a latent anxiety about taking online content of world leaders at face value. Regulation is still underway for most kinds of AI, leaving researchers and corporate funding to run rampant with a technology that’s growing faster than protective agencies can keep up with.

AI systems are susceptible to human biases, even if we don’t deliberately program them that way. Without actual human reasoning, perfect AI function takes a lot of trial and error. This is why spam email sometimes ends up in your inbox while an account verification email gets sent to the junk folder. AI needs constant human refinement. Pop culture has fun anthromorphizing AI, but in reality, AI machines are limited to the data sets they’re built to address.

What Should I Know About AI Technology?

As AI technology continues to develop, it provides exciting opportunities to strengthen cyber security. Managed service providers like Anderson Technologies integrate new AI-powered software into existing practices. AI technology can chew through mountains of seemingly unrelated data and uncover previously hidden relationships and patterns, allowing MSPs to  bring to bear more robust solutions for their clients. For example, to address a universal threat vector, adding an intelligent email-filtering software like Proofpoint serves as a very strong first layer of defense against malicious emails.

Read more about cyber security!

As a business owner, it’s wise to stay on top of upcoming technologies, whether or not you decide to implement them in your daily work. AI enables more powerful systems—but the same applies to cyber criminals. Intelligent machines can learn which users and programs are susceptible to certain threats, and they’re also very skilled when working with patchy data sets. A human hacker might overlook patterns that an AI-powered program is designed to seek out and exploit.

Machines have strengths in areas where humans are weak, and vice versa. As AI continues to trickle into more of our everyday experience, concerns about privacy and regulation become more tangible. While AI itself has no virtue signal, the people directing it prove it has frightening potential. But, just like jokes from Sophia the robot, with cautious exploration AI seems set to do more good than harm.

 

Do you have questions about the application of AI for your business? Contact Anderson Technologies today and stay tuned for more articles discussing the emerging technology of artificial intelligence.