Author: Casserly Consulting

Categories
Casserly Consulting Blog

Blockchain is for More Than Cryptocurrency

block_chain_400.jpg

If you’ve heard of blockchain recently, there’s a pretty good chance it was in reference to cryptocurrency. With Bitcoin reaching record levels in December, the idea of using blockchain technology to develop digital currency was on a lot of people’s minds. However, the blockchain has a variety of other practical uses.

Content Management
In a world with an increasingly global economy that relies more and more on digital communications, it can be difficult for a content creator of any kind to ensure that their ownership is being respected. After all, there is little that is easier than copying something that is found online and reproducing it without recognizing its creator, let alone reimbursing them.

Blockchain technology can soon help to change that. Many companies have been developing blockchain tools to help protect content creators and their copyrights. From ensuring that proper attribution is preserved in content, to simplifying payments, all the way to proving who created content in the first place, the blockchain will likely soon be a common way of protecting content creators’ intellectual property while allowing them to share out their content.

Healthcare
With so much sensitive, personally identifiable information being necessary in the healthcare field, the privacy afforded by blockchain technology is a natural fit. This is especially true by merit of blockchain’s utility as a concrete record.

As a result, patients may soon find that their personal medical history is more protected than ever, with the risk of any document being lost eliminated once it is incorporated into the blockchain. Any physician that was granted access could update a patient’s complete medical history, whether or not the patient was in-network, allowing for improved record-keeping and thereby better-informed care.

Audit Trails
The blockchain itself can be considered a database, albeit one that keeps a complete record of any changes made to its contents. As a result, it can serve as an excellent means of tracking audit trails.

Through the blockchain, the progress of work (or even the shipment of materials) can be mapped out and monitored. This way, if there is ever an issue or error made, it is easier to identify where and why things went wrong. In turn, it is then easier to resolve these issues. Furthermore, the data within the documents stored in the blockchain gives details on when, and by whom, the documents were added.

This is useful when an organization needs to keep a concrete record of their documentation and the actions they have taken.

Secure Voting
Regardless of your views on the prevalence of voter fraud and other such concerns, the idea of making the voting process more secure only makes sense. As you’ve probably guessed, the blockchain has the potential to do so. By preserving voting results in the blockchain, they are safe from any tampering, which means that the results can be trusted as reliable.

While cryptocurrency may be the most exciting part of blockchain technology, there are many more practical uses. What do you think? Let us know in the comments.

Categories
Casserly Consulting Blog

CES 2018 Showcases Upcoming Technology

typewriter_with_mouse_400.jpg

If there is one thing you know about technology, it’s that it meets its demand. No matter if you are talking about the millions of Internet of Things products being created today, video games and entertainment, or business tech, demand drives the technology market.

The results of this demand were presented at the 2018 International Consumer Electronics Show, an event that took place from January 7th to the 12th in Las Vegas, Nevada. While the focus was admittedly directed toward consumer products, there were quite a few technologies present that could prove impactful to the business realm.

Perhaps most impactful to businesses was the continued discussion surrounding 5G wireless connectivity. Already discussed at length at CES 2017, 5G could prove to be of significant benefit to businesses that rely on cloud-based applications and wireless devices. Wireless carriers, including AT&T and Verizon, have plans to incorporate 5G in some markets by the end of 2018.

However, the question remains how much hardware will be able to support 5G connectivity in the coming year, and how quickly the term ‘5G’ will be adopted to describe something it isn’t.

There was also interesting news concerning laptops, even with the recent discovery of Spectre and Meltdown, the chip vulnerabilities that affect almost every single computing and mobile device in existence. Despite this setback, there was a noticeable trend in the laptops displayed at the event leaning more heavily on the kind of technology one would find in a mobile device. As a result, these devices could boast faster operating speeds.

Not everything at CES made very much sense, however. London-based Planet Computers launched the Gemini, an Android-powered mobile device that basically functions as a miniature clamshell laptop. While it is an effective device for what it does, it doesn’t make much sense in the business setting–but it may be an option for someone who often needs to take business on the road.

Overall, events like these just go to show that even if a device is labelled as a consumer product, it may just have a place in a business setting. Even if it doesn’t, it may inspire the development of a similar device that is more focused on a business user’s needs.

What would you like to see developed in 2018? Let us know in the comments, and make sure to subscribe to our blog!

Categories
Casserly Consulting Blog

Tip of the Week: The Internet of Things Poses Threats to Your Organization’s Network

internet_of_things_all_connected_400.jpg

The Internet of Things has become one of the central parts of connectivity in a tech-centric world. Despite the incredible convenience that these devices offer to users, they come with considerable security risks that absolutely need to be kept in mind. We’re going to discuss some of the ways you can keep the IoT from being a security hazard while optimizing how much you get out of it.

Does the Device Need Connectivity?
The first question you should ask about your IoT device is if it actually needs to be connected or not. The reason for this is simple; the more connected devices on your company’s network, the more risk will be involved with your network. Certain IoT devices could be leveraged by hackers and other dangerous entities to spy on you, steal your data, or track your current location. If the device is worth the risk, you could potentially take advantage of great services that you might otherwise not get. If it’s not worth it, though, perhaps you’re better off not using the device. If the device is that of an employee, you should ask them to leave it disconnected during the day.

Have You Optimized Security?
In any environment where you’re using an IoT device, you need to make sure that security is at the top of its game. Ensure that all of your firmware is updated, as well as any security patches to fix any major vulnerabilities that might be present on your network have been applied. To make things easier, this process can largely be automated. You should also consider investigating your router to make sure that it’s updated properly as well.

It is also worth mentioning that your router may support guest networking, which means that you can use this capability to protect your business network from the risks of the IoT. By relegating IoT devices to the guest network, you can protect the business side of things from potential issues.

Passwords are a great way to make sure that security is at its maximum. You should never reuse passwords for devices or accounts. If these guidelines are followed, you’ll have easier time keeping your accounts from being compromised.

Make Sure Your Devices Are Maintained and Monitored
Your business should have practices put into place that promote transparency with the ongoing use of Internet of Things devices. For example, you should be monitoring user permissions.

Most of your IoT device issues can be resolved just by asking yourself one simple question: Do you even need the devices in the office? If not, they shouldn’t be there.

If your business needs help with managing devices in the workplace, reach out to COMPANYNAME at PHONENUMBER.

Categories
Casserly Consulting Blog

Perpetrators of Three Major Cyber Crimes Have Pled Guilty

keyboard_gavel_400.jpg

Every so often, it’s nice to hear about when the good guys win and cybercriminals get their comeuppance. Three such cybercriminals have entered guilty pleas to charges related to major cybersecurity events.

Mirai
Mirai was a malware strain that creates a botnet out of enslaved Internet of Things devices. By leveraging the resources of these IoT devices, Mirai took down networks and websites. 20 and 21-year-olds Josiah White and Paras Jha have pled guilty for developing and leveraging Mirai.

The duo were co-founders of Protraf Solutions LLC, a company that would mitigate DDoS attacks. Their business model was to sell their solutions to their DDoS victims, or use the DDoS attack the old-fashioned way: as a means of collecting ill-gotten monies from those desperate enough to pay them to stop the attack. Along with 21-year-old Dalton Norman, White and Jha also used Mirai to power a click fraud scheme that net them about 200 Bitcoin, Norman alone netting 30.

Mirai ultimately went on to power one of the biggest attacks the world has ever seen, using IoT devices to take down Dyn, causing many major websites to go down.

Ultimately, the three young malware developers were each charged with click fraud conspiracy, earning each a $250,000 fine and a stay of up to five years in prison. Jha and White plead guilty to conspiracy charges for writing and using Mirai and were each sentenced to an additional 5 years in prison and $250,000 fine, as well as three years of supervised release.

NSA Data
An employee of the National Security Agency, Nghia Hoang Pho, pled guilty on December 17, 2017, to a charge of “willful retention of national defense information.” According to the United States Justice Department, Pho was hired in 2006 as a developer for the Tailored Access Operations unit. The Tailored Access Operations unit, or TAO unit, creates specialized hacking tools that are used to collect data from the information systems used by overseas targets.

Between 2010 and March of 2015, Pho removed classified data and stored it on his home computer, which utilized antivirus software from Kaspersky Lab. Kaspersky Lab is suspected of having been exploited by Russian hackers to steal documents, perhaps including the ones Pho removed and saved at home.

The United States Department of Homeland Security has since issued a directive that bans the use of Kaspersky software in federal agencies. Pho could face up to 10 years in prison and is scheduled for sentencing on April 6.

Yahoo
One of four men who faced indictment in March of 2017 has pled guilty to hacking into Yahoo and exposing the usernames, passwords, and account information for essentially every Yahoo user, with the number of victims counting to about one billion.

22-year-old Karim Baratov, a Canadian, has been charged with working for two members of the Federal Security Service of the Russian Federation. In his work for the FSB, Baratov hacked into 80 accounts, as well as a total of over 11,000 webmail accounts since 2010. Baratov also provided hacking services that enabled access to accounts with Google, Yahoo, and Yandex, via the use of spear-phishing through custom content and a malicious link.

For his activities, Baratov has pled guilty to a total of nine counts. One count, for aggravated identity theft, has a mandatory sentence of two years, while each of the other eight counts could net him 10 years in jail and a fine of $250,000. However, the federal sentencing guidelines established in the United States could reduce the final sentence considerably.

While it is nice to see those responsible for cybercrime paying their dues, it is even better for certain cybercrimes to be prevented in the first place. COMPANYNAME can help your business with that. Call us at PHONENUMBER.

Categories
Casserly Consulting Blog

Upgrading Your Technology? Be Careful of What You Do with the Old

computer_graveyard_ewaste_400.jpg

Take a moment to look around you and take in the amount of technology surrounding you. How often do you think this technology is replaced, and what do you think happens to the old tech? There needs to be more thought and effort put into its disposal than just throwing out a hard drive that no longer seems to function. Unfortunately, the amount of e-waste shows that may be the preferred method of disposal.

A discarded device follows the same path as the rest of the contents of your trash bin. Either your discarded piece of technology will find itself in a landfill, or left somewhere in a third-world country. Whichever option, the device is now a complete waste, as the materials used to construct it are now little more than bits of precious metals, glass that has almost certainly been broken by this point, and other bits and pieces.

The statistics surrounding e-waste can be pretty staggering. For example:

  • 2016 alone saw 45 million tons of electronics thrown away.
  • Only 20 percent of e-waste makes it to be documented and recycled.
  • The raw materials in devices that are thrown away value in at about $55 billion, smartphones contributing $9 billion to that total.
  • 76 percent of all e-waste goes unaccounted for.

Of course, as technology advances, there is going to be more and more e-waste produced. However, there is another issue regarding e-waste that your business could be especially affected by if your e-waste isn’t handled properly, and that’s your business’ data security.

Security Concerns
If your devices are discarded with information still on them, that data is at severe risk of being compromised, especially since the devices are no longer in your possession.

What if you got a new smartphone, and just toss out the new one? Sure, it’s dead now, but all it would take for any data it held to be compromised is someone with a charger cable and a basic knowledge of how to break into a phone. Now, any accounts that you used on the device, both business and personal, are at the mercy of your phone’s new owner. They could access your company’s data in the cloud with a discarded external hard drive.

To avoid this, not only do you need to dispose of your old technology properly, you need to also make sure that any information on them is properly wiped and/or destroyed before you do so. While you could destroy the device yourself, the better option is to reach out to the professionals at COMPANYNAME. We know how to properly see that your devices are destroyed without the risk of leftover data causing your company grief. We’ll even help you to recycle your device, so there’s less of a chance of it landing in a dump somewhere.

To learn more about proper device disposal, give us a call at PHONENUMBER.

Categories
Casserly Consulting Blog

Tip of the Week: Filters and Labels Help Organize Your Gmail Inbox

gmail_icon_current_400.jpg

Gmail is an excellent tool for business use, even more than many business owners may realize. Did you know that it even has the capability to keep itself organized? For today’s tip, we’ll go over how to use filters and labels to keep your Gmail inbox organized and easy to use.

An Intro to Labels and Filters
Labels and filters are just a few ways that Gmail can help to keep your messages organized. You can assign rules that are applied to messages as they come in. These rules make a filter, which analyze your incoming messages and ensure that these messages are sent to the right label. These labels allow you to view messages more conveniently, consolidating those that have certain factors in common.

For example, you could create a filter that assigns a particular label to any message that has “Quarterly Reports” in the subject line. That label can then be used to access any and all messages with “Quarterly Reports” in a single, consolidated list.

Creating a Filter
Creating a filter in Gmail is fairly simple.

  • Once in Gmail, click the down arrow in the search bar at the top. This allows you access to greater detail in your search criteria.
  • Fill in the details that you want your filter to pay attention to, whether it is who the email has come from, or if the subject line contains a particular word or phrase.
  • Once your criteria have been established in this window, click in the bottom-right corner of the window, where it says, Create filter with this search.
  • You will be given a list of options, including the option for the message to be automatically ‘starred,’ or marked as important. For our purposes, we are concerned with the option to Apply the label.
  • Next to the ‘Apply the label’ option, there is a drop-down menu labelled Choose label. You have the option to create a new label from here, or select from those you have already made.
  • Once your filter has been properly configured, click the Create Filter button.

Creating a Label
While creating your filter gives you the opportunity to create a label, there are sometimes that you may want to have a label prepared that you can add messages to manually, or to already have one to direct a filter towards. Fortunately, creating a label and adding it to a received message is also fairly simple.

  • In Gmail, click the More option on the left of the screen.
  • From there, click Create new label.
  • Name your label and click Create.

To add this label to a message:

  • Open the appropriate message.
  • At the top, click the Label button. You can also add a label to a group of messages by selecting them before you click the Label button.
  • Select each label to be added. You can also create a new label from this point as well by typing in a new name.

Now you’re ready to take even greater control of your Gmail inbox. For more handy IT tips and tricks, subscribe to the COMPANYNAME blog!

Categories
Casserly Consulting Blog

Four Major Benefits of Business Intelligence

pyramid_business_intel_400.jpg

Utilizing the data that you have acquired is a process that is referred to as business intelligence. Regardless of your business’ size, business intelligence solutions can deliver definite benefits. We’ll review a few of these benefits here.

Business Intelligence answers business questions
With the right tools, you can extract and analyze raw data in real-time to inform your business decisions. These tools will also organize this data into a comprehensive and often visual format. This enables any member of a team to potentially make informed decisions as needed, streamlining whatever process that resource is working on.
This data can also be leveraged to improve client profiles and target promising contacts. As a result, profits can be increased through decreasing wasted funds spent on poor fits. On the same token….

Business intelligence provides opportunities to cut costs and time investments
Through the use of metrics and data derived from business intelligence measurements, you can identify where your available funds are most effectively used, and when it may be more effective to allocate them to another effort.

Additionally, business intelligence can enable your business to leverage automation, eliminating the risk of human error while freeing up your staff to work on those tasks that automation isn’t well-suited for.

Business Intelligence delivers valuable insights
Without business intelligence tools, a company could be stuck waiting until the end of a campaign or initiative to discover whether or not it was effective. However, with BI at your disposal, your company can get a head start on tracking satisfaction, profitability, and other key metrics in real time. This allows you to identify and resolve issues in your campaign, so you can take the steps needed to fix them before the campaign is a wash.

Business Intelligence promotes collaboration and cooperation
Another great benefit to business intelligence software is the data sharing and exporting capabilities it usually has. In a business climate that relies on being in-the-know, your team needs to have the ability to access the latest data you have available without issue.

Need help putting business intelligence solutions in place? COMPANYNAME can help! Give us a call at PHONENUMBER today.

Categories
Casserly Consulting Blog

Unpaid Invoices Were a $825 Billion Problem Last Year

past_due_money_400.jpg

Businesses exist to make money. Regardless of what that money is intended for, be it to sustain someone’s lifestyle or to bankroll a cause, a business will cease to be without an incoming cash flow. Unfortunately, unpaid invoices can make that cash flow stutter and slow to a trickle, and many businesses experience this problem as billed money doesn’t come in.

This presents those who rely on a small-to-medium-sized business to make a living, from the CEO to the employees, with another problem. How can they be paid if the business isn’t receiving its payment for services rendered until 30, 60, or even 90 days later? Many industries have begun to make these their typical payment terms.
Resultantly, businesses have found it difficult to continue their operations without the financial inundation from their current clients. You may have encountered this kind of issue yourself.

If so, you are not alone by any stretch. Estimates attribute 5% of the entire national gross domestic product to unpaid invoices, with the average small business waiting to be paid around $84,000. 81% of these invoices are past due by 30 days, which is especially bad when one considers that the average small business only has 27 days of capital saved up and available to them.

All in all, estimates put the total amount owed to small businesses due to unpaid invoices at $825 billion.

Even without taking that sum into consideration, this is a clear issue that many businesses face whenever their invoices are not answered in a timely fashion. If these businesses don’t have any funds to spare beyond what is needed to stay in business (assuming they have even that), how will they ever make the improvements they will need to stay competitive? How many projects have you abandoned halfway because it caused too much financial drain?

While it may seem to make no sense to invest your much-needed capital after we’ve just announced that your company may fail without it, there is a simple way to save your business money as you work to get what you’re due. With managed services from COMPANYNAME, your capital spending on your technology management can be transferred into a predictable, and budgetable, consistent schedule. We can also provide you with the solutions to help you track who is repaying their debt to you, and who isn’t.

Call PHONENUMBER for more information.

Categories
Casserly Consulting Blog

Tip of the Week: A Secure 2018 Relies on Powerful Passwords

password_strength_400.jpg

Password security is one of the most important parts of using an online account. It seems that the average user runs into the paradox of password security by using either complex, hard-to-remember passwords, or simple and less-secure passwords that put their accounts at risk. Even if the user is aware of the benefits that come from using a secure password, chances are that they will sideline security in favor of ease of access.

According to a list of the worst passwords in 2017 compiled by Splashdata, some of the worst passwords included “password” and “123456.” These two have topped the list since at least 2010, when Splashdata made their debut survey. Other passwords included in the top five include “12345678,” “qwerty,” and “12345.” Even “starwars” made the list at #16. For further reference, you can view the list of the worst passwords in 2017 here .

Best practices for password security are relatively well-known, especially considering how many experts study this particular field. Here are some tips from the guidelines recommended by the United States Computer Emergency Readiness Team, or US-CERT. In fact, US-CERT was created by the Department of Homeland Security for the specific purpose of preserving online security against threats.

Some sites or applications force users to use these best practices when creating a password, so do yourself a favor and keep these in mind:

  1. Use different passwords on different systems and accounts.
  2. Don’t use passwords that are based on personal information that can be easily accessed or guessed.
  3. Use a combination of capital and lowercase letters, numbers, and special characters.
  4. Don’t use words that can be found in any dictionary of any language.
  5. Develop mnemonics (or spoken memory tricks) such as passphrases for remembering complex passwords.
  6. Consider using a password manager program to keep track of your passwords.

COMPANYNAME is of the firm mind that you should never underestimate the importance of network security best practices–particularly password security. To learn more about how you can secure your business, reach out to us at PHONENUMBER.

Categories
Casserly Consulting Blog

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

meltdown_spectre_four_400.jpg

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like COMPANYNAME are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to COMPANYNAME at PHONENUMBER.