Mark Anderson’s expert advice is featured in E-Commerce Times, providing context for the upcoming Windows 7 End of Life date.
The most visible threat to an unpatched OS is ransomware planted on your computer or network in an effort to extort money for returning your data. If you’re an etailer or other electronic business, losing your customer list, vendor information, and invaluable store data could leave you out of business for days, weeks or permanently.
Paying the ransom doesn’t ensure all the data will return or that you can return to normal operations in time to mitigate the costs. If you don’t have recent, secure backups that didn’t get compromised, your recovery options are severely limited.
Read the full article on the E-Commerce Times website:
Are you in need of expert IT consulting? Anderson Technologies is a St. Louis IT consulting firm that specializes in system administration for small businesses. Let us help you today! Give us a call at 314.394.3001 or email us at info@andersontech.com.
What are Quotables? This is a category in our posts to highlight any professional publications that benefit from our expert IT consulting advice and quote us in articles for their readers.
Computer technology moves at a blazing pace. Blink once and the world of tech steps forward a light year. Blink twice and suddenly what was once cutting edge is now commonplace. No day is the same in the tech world as the standards, methods, and products constantly change and improve.
We’ve written previously about how valuable human data is to the tech industry. Whenever you spend time on your internet-connected devices, virtual scouts track and collect your data to build human profiles. This data provides a wealth of information to companies, data brokers, and even potential cyber criminals, which is one of the reasons it’s so important to stay on top of the latest tech threats.
Artificial intelligence (AI) is a tech-industry term that’s been thrown around more and more when discussing cyber security—especially by industry innovators like Elon Musk. Depending on who you talk to, this futuristic-sounding technology is either the solution to every problem or the biggest threat to you and your business’s digital well-being. The best response to emerging technologies like AI is education, so let’s explore this concept and empower you to decide what to implement in your corporate and personal lives.
What Is AI, Anyway?
Artificial intelligence, also referred to as machine intelligence or machine learning, is a branch of computer science that pushes technology to learn and solve problems from sets of data. It’s a big part of what makes “smart” technology so smart. Systems that use AI analyze data patterns to develop algorithms that make programs work more efficiently. This “intelligence” mimics the human brain’s ability to learn and apply information to new problems.
These algorithms power the technology we use every day: inbox filters, social media feeds, predictive text, online shopping recommendations, and virtual assistants like Alexa and Siri. If you’ve used Google Home or iMessage today, you’ve already experienced AI technology. For example, iMessage’s predictive text algorithm analyzes the patterns in your text messages and uses it to suggest words and phrases as you type.
Artificial intelligence has so many different uses, and its breadth allows more than just the information technology field to benefit. Manufacturing companies, financial analysts, and even biologists use AI to process data and identify trends that would take human minds years of constant dissection to solve.
Is AI Dangerous?
AI has gained a bit of a negative reputation from sci-fi books and movies, often portrayed as a menacing force of infinite knowledge that aims to dominate humanity. Projects like Sophia the AI robot give a pretty face to this mimicry of human intelligence. However, these real and fictional depictions are far from the most common ways AI is applied. Real-life AI technology is, for the most part, innocuous without human motives behind it.
Pop culture has fun anthromorphizing AI, but in reality, AI machines are limited to the data sets they’re built to address.
Credible concerns about AI are rooted in its human weaknesses. The goal of AI research and development is to mimic human reasoning so problems can be solved faster than humans could physically achieve. Like any technology, AI requires real people to design, program, and evaluate it.
Self-driving cars have been in the news for the last few years, and despite several pedestrian and driver fatalities AI research preserves the dream of autonomous transportation. Imagery algorithms for drone technology and surveillance software (like the facial recognition you might use to unlock your phone every day) power these autonomous processes that read and react to data sets. But even with a human driver in the front seat, self-driving cars can’t realistically predict events they haven’t been programmed to respond to.
Imagery technology tends to make people apprehensive about their privacy as well as their safety on the roads. Beyond scanning your tagged Facebook photos or unlocking your iPhone, facial recognition software has the potential to elicit a global response. Government and immigration agencies are already using AI technology to implement policies, regardless of negative implications on citizens’ privacy. And the phenomenon of “deep fakes” has revealed a latent anxiety about taking online content of world leaders at face value. Regulation is still underway for most kinds of AI, leaving researchers and corporate funding to run rampant with a technology that’s growing faster than protective agencies can keep up with.
AI systems are susceptible to human biases, even if we don’t deliberately program them that way. Without actual human reasoning, perfect AI function takes a lot of trial and error. This is why spam email sometimes ends up in your inbox while an account verification email gets sent to the junk folder. AI needs constant human refinement. Pop culture has fun anthromorphizing AI, but in reality, AI machines are limited to the data sets they’re built to address.
What Should I Know About AI Technology?
As AI technology continues to develop, it provides exciting opportunities to strengthen cyber security. Managed service providers like Anderson Technologies integrate new AI-powered software into existing practices. AI technology can chew through mountains of seemingly unrelated data and uncover previously hidden relationships and patterns, allowing MSPs to bring to bear more robust solutions for their clients. For example, to address a universal threat vector, adding an intelligent email-filtering software like Proofpoint serves as a very strong first layer of defense against malicious emails.
As a business owner, it’s wise to stay on top of upcoming technologies, whether or not you decide to implement them in your daily work. AI enables more powerful systems—but the same applies to cyber criminals. Intelligent machines can learn which users and programs are susceptible to certain threats, and they’re also very skilled when working with patchy data sets. A human hacker might overlook patterns that an AI-powered program is designed to seek out and exploit.
Machines have strengths in areas where humans are weak, and vice versa. As AI continues to trickle into more of our everyday experience, concerns about privacy and regulation become more tangible. While AI itself has no virtue signal, the people directing it prove it has frightening potential. But, just like jokes from Sophia the robot, with cautious exploration AI seems set to do more good than harm.
Do you have questions about the application of AI for your business? Contact Anderson Technologies today and stay tuned for more articles discussing the emerging technology of artificial intelligence.
Do you trust your computer’s security to anonymous department store employees?
For many, the low price, high convenience, and ease of taking a home computer or laptop to a store like Office Depot or OfficeMax for maintenance or repair far outweighs any risk that would normally be associated with a stranger sifting through your files. A solid reputation for service makes a free scan from stores like Office Depot seem like the perfect solution to minor computer issues.
Unfortunately, between 2009 and 2016, one corporation violated the trust that comes with that reputation.
PC Health Check
During this time, Office Depot/OfficeMax utilized an application called PC Health Check and ran the program as part of its in-store computer services. The program’s free scan was marketed to check the “health” of PCs by scanning for malware. However, instead of actually checking the computer, if any one of four signs of probable malware were selected by the user, PC Health Check automatically reported the presence of malware and suggested the user pay for PC cleaning and repair.
PC Health Check was licensed to Office Depot and OfficeMax by Support.com, who received a percentage of each purchase. In late March, the FTC reported on their ruling that the companies will now be prohibited from making deceptive claims, and will pay $35 million in fines to the FTC, which the government will then distribute as refunds for fraudulently-triggered purchases.
Exposed!
Ars Technica reported that in November of 2016, this scam was exposed by Jesse Jones of news station KIRO 7 in Seattle. The investigations team ran six brand new computers through PC Health Check, and four of the six were flagged with symptoms of malware, even though the computers had never been connected to the internet. These same computers were found to be malware-free by an independent IT services provider!
After this report, Office Depot/OfficeMax pledged to take appropriate action and pay the agreed-upon fine. According to the FTC, that had not yet happened, though the PC Health Check program’s use was discontinued.
This FTC ruling should serve as a warning to anyone soliciting unneeded maintenance and repair, but it’s also a warning for consumers. The security of your business machines and network shouldn’t be trusted to just anyone.
Ask questions. What evidence does the IT services expert have for the action they propose? Does the software they utilize for diagnostic purposes have a solid reputation? Have other individuals and businesses experienced positive results after working with the expert or team?
At Anderson Technologies, we recommend cultivating a relationship with your IT services provider over time. The best results come from managed services providers who interact with all levels of your network and computer systems. Of course, emergencies happen, often when we least expect it. In those cases, resist the temptation of a quick fix even from a brand name.
Could you be eligible for a refund from the FTC in this case? Click the Get Email Updates button on their announcement. Seeking an alternative to cookie-cutter IT support? Contact Anderson Technologies and see how we’ve earned our reputation over twenty-plus years.
At Anderson Technologies, we take reports of zero-day threats very seriously. So when Google disclosed one in their popular Chrome browser, our IT experts moved swiftly to patch our managed IT services clients’ devices immediately.
We also want to spread the word on how to mitigate this threat.
The Exploit
Dubbed CVE-2019-5786, this zero-day Chrome exploit can bypass security measures and run a Remote Code Execution. This allows malware or other code to be loaded onto your computer without detection from the browser’s built-in security.
Update Chrome. It’s as easy as that. Google’s already fixed the problem and issued a patch.
Your Chrome browser may already be updated. To check, go into Chrome “Help” in the options button (the three vertical dots in top-right corner) and click “About Google Chrome.” The current version should be 72.0.3626.121. If you don’t have this version, you’ll need to update Chrome immediately.
While the world celebrated the New Year, Microsoft enjoyed their own major milestone as Windows 10 was finally declared more popular than Windows 7. Previous iterations of the Windows operating system couldn’t sway many Windows 7 corporate holdouts (Windows 8 and Windows Vista, for example), but for several years Windows 10 has demonstrated the stability and performance necessary to support business users.
More than half of enterprise machines run Windows 10 today. However, many others still use Windows 7. Experts consider these active machines a security risk—not to mention their poor performance due to aging hardware. Now Microsoft is forcing everyone’s hand. Exactly one year from today, Windows 7 joins other aged operating systems in “end of life,” placing any machines still running it on a deadline.
If a single Windows 7 machine is attached to your network after January 14, 2020, it becomes the weakest link and an open door for cyber criminals to compromise the rest of your machines.
What Does This Mean for Your Computer and Your Business?
Windows 7 reaches end of life on January 14, 2020. After this date, Microsoft will no longer develop countermeasures or fixes to address new breaches, exploits, viruses, and attacks, leaving Windows 7 computers vulnerable. Some businesses may require a machine to stay on Windows 7 to run legacy software, but these machines should not be connected to the network as they will be a high-value target, giving hackers easy access to an otherwise secure network.
The compromised security of each machine, your network, and the data it contains is the most powerful reason to upgrade. Criminals become more skilled every day at finding vulnerabilities and ways inside your network, and the value of business-essential or confidential data continues to rise. Your business has probably already encountered some form of cyber security risk – and will again. In fact 61% of small and medium businesses were attacked in 2018.
For businesses that are Covered Entities or Business Associates under HIPAA, this cannot be ignored. Starting January 14, 2020, no Windows 7 computer will be considered HIPAA compliant. The ability to patch known security issues is required by the Security Rule to avoid reasonably anticipated threats to ePHI. Failure to do so could lead to serious liability if a breach occurs.
This deadline is an opportunity. Consider it a countdown to more efficient work spaces, more secure transactions, and features that integrate seamlessly with the Cloud and mobile devices. Speed, usability, and security all see major upgrades in Windows 10—upgrades that can make a huge difference for your business.
Want to begin the process of upgrading to Windows 10? Contact Anderson Technologies at 314-394-3001 to speak to one of our IT experts about the best plan forward.
Even managed service providers receive scam emails and phone calls.
These serve as a reminder that education on phishing, scareware, and ransomware is an ongoing process, one that even IT experts need to stay sharp on.
But let’s assume you aren’t an IT expert. How can you best determine the validity of these messages and if they have malicious intent?
As with any learning process, practice is important. You may want to start with our phishing quiz. Know where you stand with gut instinct and some important clues.
Can you spot the phish? Take our quiz today by clicking on the image above!
Whether the attempt is made by email or phone, there is always something just a bit off about a phishing attempt. The phisher may have some accurate personal information—like your name, or the fact that you have Yahoo! email or an AT&T phone account—and see if you’ll take the bait.
It is easy to panic at the threat of suspension or an overdue bill and put aside any unease because of the urgent matter apparently at hand. This is exactly what phishers and scammers hope will happen.
The goal of these calls or emails is to collect even more information about you, fleshing out a profile for future scams, which the phisher can sell to other scammers, or—the jackpot—to collect banking or credit card information and cash in.
Because these phishes do have some truth mixed in, many do fall victim.
False Blackmail
It might sound like an episode of Black Mirror—in fact, the tactics used in this blackmail email are eerily similar to those dramatized in a recent episode of the Netflix series depicting fictional futures—but scammers are now using direct emails as a method to extort information or Bitcoin from unsuspecting users.
About a month ago, Mark Anderson, Principal of Anderson Technologies, received a blackmail email scam. “As you could probably have guessed, your account was hacked, because I sent message you from it,” the scammer began in broken English. They first boasted by showing an unencrypted old password—probably acquired from Yahoo’s 2013 data breach.
The email continued to outline the threat. “Within a period from July 7, 2018 to September 23, 2018, you were infected by the virus we’ve created.” This virus, they suggested, gave them access to “messages, social media accounts, and messengers.” This apparently wasn’t enough intimidation for most scam victims, because the email then amped up the threat.
Users all over the internet report similar threats; the scammer creates a scenario that, if true, would serve as ample motivation to give in to their demands. The scammer says that video of the user was recorded while visiting “adult websites,” and that, unless 700 dollars is transferred to the scammer’s Bitcoin wallet within 48 hours, this footage would be released and they would “show this video to your friends, relatives, and your intimate one…”
So, with a relatively low payout amount, and a previously accurate (but very old) password, how did Anderson know this threat was a scam? He knew what they’d accused him of was false, not to mention he didn’t have a webcam as they’d suggested. But other clues included:
While the email appeared to be sent from Anderson’s old account, this can be accomplished through spoofing.
The password they listed was not the current (or even recent) password for that account.
Broken English isn’t always a giveaway but combined with the generic threat, it seemed like a form letter.
Googling some of the email text brings up threads of other users exposing the scam. We’ve censored some of the less savory aspects of the original email, but the full text and break down can be read online.
If you receive this email or a similar threat, your first step should be to research the threat online or reach out to an IT expert. Never pay a blackmail, ransom, or other request for money. Instead, update your passwords, run anti-virus and anti-malware scans on affected devices, and consider implementing multi-factor authentication on your accounts in order to bolster your security profile.
Are you looking for an IT expert to help guard your small business from scams like this? Contact Anderson Technologies by phone (314.394.3001) or email (info@andersontech.com) today.
In the past two years, 63 percent of small and medium businesses (SMBs) began using an online or cloud-based backup service.
Clutch, a B2B research firm, recently surveyed 304 SMBs who use cloud-based, online backup solutions to determine how businesses use the technology and what they think about it. Mark Anderson, Principal and IT Strategist for Anderson Technologies, was one of several industry experts to review and provide feedback for Clutch’s publication on the survey’s findings. Specifically, he pointed to three factors that SMBs should consider when selecting a backup solution.
Level of Service Offered
A big name does not automatically equate to big results for your business. SMBs surveyed listed Apple iCloud as the most popular backup solution used at work, followed by Google Drive and Dropbox.
However, despite these services’ popularity, they do not have full-service offerings. They may not meet a business’s more complex backup and recovery needs.
The prevalence of these three services point to companies focused on performing more file-level backups versus “bare-metal” backups. Companies wouldn’t be able to quickly and efficiently recover an entire server this way, and depending on their tolerance for downtime, they should investigate augmenting these offerings with other, more robust options.
Capability to Perform Dual-Destination Backups
Do you want to store data both on-premise and online? If so, make sure your online backup solution can perform dual-destination backups. This setup provides peace of mind in the case of total data loss.
An overwhelming majority of SMBs — nearly 90 percent — already use both online and onsite backup.
In the event of a physical disaster, backing up data to the cloud allows SMBs to get back on their feet quickly.
The ability to perform a dual-destination backup gives clients the option of quick on-premise file restores as well as cloud recovery in the case of complete office loss due to fire, flood, or other natural disasters.
Meanwhile, having the option of on-site backup can assuage fears of the cloud’s potential failures since many businesses remain wary of the technology’s ability to keep data secure.
For years, on-premise was the only option available to businesses. This history is ingrained in IT departments the world over, and the fact that you can physically control the process is very compelling. However, it’s important to consider the cloud option in parallel.
Cost Breakdown
Cost is one of the top three challenges SMBs face when deciding to use a cloud-based, online backup solution as well as one of the top fears that can prevent SMBs from adopting cloud services.
The majority of SMBs spend between $250-$5,000 yearly on their online backup. The top percentage (23%) spend $501-$1,000.
There are three primary factors influencing the price tag for online backup providers:
The number of systems that need to be protected
The amount of data being stored indefinitely
Provision of dual-destination backup
However, the cost of using online backups should be contrasted with an SMB’s ability to provide the same level of service in-house. The security and reliability of top-tier cloud vendors’ state-of-the-art data center infrastructure and the systems they put in place will be far more robust and stringent than what a small to medium-sized business can afford.
While online backup solutions’ accessibility, cost efficiency, and security make them a smart choice for small businesses, it is necessary to consider the array of product choices carefully before selecting a service.
If you’d like to look into cloud backup services for your business with one of Anderson Technologies’ specialists, please give us a call at 314.394.3001 or send an email to info@andersontech.com.
We’ve all heard this popular term or even know someone whose company has embraced it…. But is the cloud right for your business? In its most basic sense, cloud computing enables users to run programs from the internet that traditionally would’ve run from an application installed locally on their computer.
Most clients are rightfully cautious when adopting new technology, especially when it comes to keeping their data secure. Previously, a server room of expensive equipment was the only option. This is no longer the case. Utilized correctly, cloud computing helps businesses on multiple fronts.
Here are eight benefits of cloud computing.
Accessibility
Applications and company data are accessible whenever and wherever you or your employees need them. Utilizing desktop computers, laptops, mobile phones, tablets – anything with an internet connection – you’re no longer limited to one physical location. Your programs and data are available from the office, home, while traveling – anywhere.
Immediate Data Updates
Most cloud providers synchronize data changes as they occur so others can see the updates almost immediately. This is especially helpful for co-workers who need to share data in real time.
File Versioning
Depending on subscription levels, many cloud providers offer file versioning for a period of time (i.e., 30 days). This allows you to undo saved changes or restore a file if it gets corrupted by going into the archive list and reinstating a previous copy.
User Permissions
With cloud computing systems, it’s easy to limit access to data through the implementation of granular user permissions. Users can only view and interact with files that their permissions allow them to access.
Data Redundancy
The cloud essentially enables users to have multiple copies of their data—a local copy and a copy in the cloud. If you experience a device failure, no problem! Your files are immediately available by logging into the cloud environment on the internet. Once the failed device is replaced, your data synchronizes back to you from the cloud copy to the new hardware.
Popular Software Integration / User Collaboration
Many cloud providers now offer direct software integration with popular productivity suites such as Microsoft Office, providing easy ways for teams to collaborate on projects that share files stored directly on cloud drives.
State-of-the-Art Data Centers with No Capital Expense
Commercial, enterprise-level cloud providers store your data in very secure data centers on redundant hardware in multiple locations. This would be cost prohibitive for most businesses to implement and maintain on their own.
Security
Another benefit to having your data in the cloud is the peace of mind gained from knowing your files are secure. If something were to happen to your PC or laptop, such as theft, you can remotely wipe the hard drive the next time it connects to the internet and safeguard your company’s sensitive data.
If you’d like to explore the potential of cloud computing for your business with one of Anderson Technologies’ IT specialists, please give us a call at 314.394.3001 or send us an email to info@andersontech.com.
Although this latest hack might not apply to you, we want to advise you about the latest malware, nicknamed KeyRaider. News sources are reporting KeyRaider only targets “jailbroken” iPhones. Here is a link to an article that provides more information.
Jailbreaking is a practice most common among tech-savvy users who wish to remove the restrictions and limitations imposed by their phones’ operating systems. “Unless you have jailbroken your phone, you don’t need to worry about this malware security alert,” said Mark Anderson, principal of Anderson Technologies, Inc. “This isn’t really an issue for most of our clients but it does point to a key principle. In general, security barriers are important safeguards put in place by phone manufacturers. Bypassing these measures can have disastrous results.”
If you have a jailbroken phone or any security concerns about your computer infrastructure, we can help! Please contact us at 314.394.3001 or send an email to info@andersontech.com.
A serious Android security flaw has been uncovered which affects devices running Android version 2.2 or later.
From the web:
“A full 95 percent of all Android devices — that’s about 950 million smartphones, tablets and other mobile gadgets — are at risk from one of ‘the worst Android vulnerabilities discovered to date,’ according to enterprise mobile security firm Zimperium. The security flaw, enabled by the Android operating system’s Stagefright media library, could allow hackers to access devices without users ever realizing that they’ve been compromised.”
Anyone using an Android device should apply the most recent patches.
As part of Anderson Technologies’ Managed Tech Services, we monitor the IT landscape and alert our clients about items we feel they should be aware of. If you’d like more information about that, please give us a call!
We use cookies to understand how you use our site. Click Accept to confirm your approval of this, or learn more in our Privacy Policy. AcceptPrivacy Policy
