Video Game Bugs & Your Business

, , ,

One of the world’s biggest video game companies has had two incredibly major bugs this month and it can kill your organization’s security if you don’t have the right policies in place.

Most organizations we bring on initially have a fuzzy line around what’s “work” equipment and what’s “personal,” and what can be used for what, the result is an insecure environment. On business machines, there is typically a security standard that is in place, a set of policies and procedures set by management and rules (set by IT) to keep the bad guys out and your confidential information inside. Personal machines typically have virtually none of this. security

If your organization allows business information on personal machines or personal use of business machines you’ve opened up the door to attackers. To use the video game example, this company doesn’t seem to count an entire category of bugs important enough to fix. If they sold to businesses, they would never get away with it. If you let your employees install this video game software on your computers, however, you just did. If you allow your employees to access your company information from their personal machines, you also just did.

It’s an easy fix: put in place a written policy that only allows access to confidential information from secured, company-owned machines.

BIG WARNING: Execs usually want to be exempted from these rules. They also typically have the MOST access to the most CONFIDENTIAL information. Then THEY become your biggest risk, and TARGET.

Policies are abstract and don’t often change. They are defined by specific procedures that change as your business changes (“our external IT partner will provide you with a work laptop from which you can access company information”) and enforced by technical rules (i.e., your MSP provider blocks access to company information from machines without your security policy in place).

Even if you can’t get all of your rules and procedures in place today, define and communicate your policies. The security of your organization depends on it, and your security is no less than your future.

Need help? Call us today: 865-240-2716.

/by

The Ticking Bomb Email

, , ,

One of the newest ways to get past email defenses is getting the least amount of attention: the changing link. Here’s how it works:

The Bad Guy emails one of your employees an email “from” your CEO/President whatever with a link that looks something like https://www.dropbox.com/ImportantShare but it goes to http://bit.ly/325JnYX (feel free to click those links!). This link intentionally is a redirect: it will take users from one URL to another, it has common legitimate uses.

At first, http://bit.ly/325JnYX goes to a harmless site, maybe Google, and gets past your email defense filters as a result. However, a few minutes later the Bad Guy changes it to go to a site that they control that phishes, distributes malware, whatever technique that they want to use to get into your organization. When you user clicks the link, it now goes to the bad site.

What do you? These new Bad Guy techniques require new tools to defend your organization and your data, tools that are always up-to-date with real-time information and that don’t check things only once — like your current email defenses — but do so continually.

Fortunately, there are new defense tools available for SMBs. If you are interested in understanding the options feel free to set up an appointment with us, info@jmaddington.com or 865-240-2716

/by

A Peak Into Ransomeware Retirement

, , ,

Earlier this week ZDNet profiled an incredible exit strategy of one of the largest Ransomware operators of the last 12 months, GandCrab.

Setting aside irony, the professionalism of the operation should catch the attention of any business owner. The operators have a Software as a Service (SaaS) business model, complete with online forum support for paying customers. They send out private emails to current customers about plans in change of service, including advising their customers to get their victims to cash in before it is too late. They are shutting down their service after claiming to have made and successfully laundered $150m.

Also, the operators plan to delete the decryption keys, so without a backup victims will be toast.

So what are the takeaways?

  • Ransomware has graduated to the level of truly organized crime: these are teenagers in their parents’ basements
  • The industry is so profitable AND competitive so as to have a “B2B” sphere, complete with customer support
  • It was true a few years ago that ransomware operations were largely opportunistic: today the money involved means you are an active target
/by

Baltimore Crippled by Ransomware

, , ,
Baltimore, MD had a crippling ransomware attack in 2019

Baltimore has been crippled by ransomware. Over 70% of attacks now actually target small and mid-size businesses. There are 3 simple things you can do to avoid catastrophe.

1) Assume it will happen to you, 2) plan on it happening to you, 3) test your plan.

Read more
/by

Goodbye Windows 7, Hello Ransomware

, ,

For the last several years ransomware has been on the rise. 2018 was a huge year for ransomware, more than doubling. It also was the first year we saw small and medium businesses actively being targeted.

In the past, large enterprises and municipalities were the most likely to be targeted: big targets, big rewards. However, as these high value targets have upped the defenses hackers have begun to actually target the smaller firms, instead of merely hitting them opportunistically.

The biggest opportunity for hackers in the next year is likely to be the end of Windows 7 (free) support by Microsoft, allowing security holes to go unfixed. It’s likely that there are already hacking organizations that are aware of holes in Windows 7 that they are hanging on to in order to use on January 15th, 2020. If you don’t have an active plan to upgrade to Windows 10 by then, you should start saving up to pay the ransom for your data.

/by

The Tariffs are Here: Now What?

, , ,

60 seconds after midnight US tariffs on thousands of Chinese products more than doubled. How is this going to affect your business?

Costs are going to go up across the board. The supply chains of virtually every industry cross through China at some point. It’s impossible to get away from it. Even if you are a low-tech company, China played a role in producing the goods and services you use or that your suppliers use.

Two simple non-tech examples: if you have employees you reimburse for mileage you are likely to see the reimbursement rise due to increased repair costs, due to increased part prices sourced from China. (Crude oil has also had upward pressure put on it from tariffs). Second, the tariffs hit on materials such as aluminum and copper increase costs for any industry that depends on them as a core component. That includes oil, manufacturing and construction for starters. The result will be increased expenses for anyone with an office building.

Finally, the tech sector depends heavily on China. From computer chips to memory, to the raw materials used to create these, mass amounts of tech manufacturing happens in China. Even low-tech companies will feel the pinch as the underlying costs for vendors they depend on (phones, email) see their costs go up and adjust prices accordingly. For organizations with larger tech initiatives, such as replacing aging Windows 7 machines, the cost will increase.

At JM Addington Technology Solutions we don’t expect to see price increases immediately but rather ramping up over the rest of the year. The threat of tariffs are not new so a lot of companies have had time to either adjust prices or deal with increased costs already. However, there has been and is broad market expectations that a deal will get reached. The longer that takes to happen, the more you will see your costs increase,

/by

Win10 Fall ’18 Update “Ready”

, ,
:Hand holds Windows 10 logotype printed on paper. Windows 10 is an operating system developed by Microsoft

Microsoft is re-announcing that the last major update to Windows 10 is ready for mass use.

Read more
/by

Why do I always have to change my password?

, ,

We know, you’re all tired of changing your passwords and hearing from IT that you’ve got to pick a new one you haven’t used before every 30 nanoseconds. The reason might not be what you think.

Read more

/by

Windows Update 1809: Just Don’t

, ,
Your Knoxville Managed Services Provider knows that the latest version of Windows is broken

At JM Addington Technology Solutions & Kairos Digital Dynamics we’re usually a tad bullish on Windows Updates: they’re put out for good reason(s). However, Microsoft’s latest “Feature Update” (read: a big one, the Fall Creators Update or 1809) has been plagued with issues:

This is definitely one to wait to install, maybe even until the next major update is released in the spring of 2019. If you’re a managed customer of either JM Addington Technology Solutions or Kairos Digital Dynamics we’ve you covered already. Otherwise, delay unless you’re either adventurous or ready to hire someone to come undo it for you!

/by