Author: Casserly Consulting

Categories
Casserly Consulting Blog

Attempts to Make Smart Cities Hit a Snag

smart_city_snag_400.jpg

At this point, the concept of the Internet of Things is a fairly familiar one, but that familiarity is to the Internet of Things on the micro scale–appliances with capabilities enhanced by an available connection to the Internet. There is another, more macro application to the Internet of Things: as a way to collect data in a municipal setting. However, like the IoT we are familiar with, these “smart cities” are host to many familiar problems.

The Concept of a Smart City
Like many technological developments, the idea of a smart city is built on good intentions. Through the use of technology (much of it based in the IoT), a smart city leverages collected data to functionally serve the public, embetter the services of government, and improve the quality of life for its citizenry.

That’s the idea, at least.

Unfortunately, like many of the ‘smart’ devices that the populace can interact with, the systems that these cities leverage tend to be susceptible to attack.

What These Attacks Could Do
In order to understand the potential ramifications of these kinds of attacks, it is important to first have an understanding of the kinds of systems that a smart city is built upon.

The true purpose behind creating a smart city is to make it a better place to live, and to do that, certain systems need to be put in place. These systems are powered by the data they collect. With that data, insights into correlated problems can be leveraged to solve them.

The sensors that these cities use to collect this data monitor a wide variety of factors, ranging from traffic conditions to the weather and even health-related factors like air quality and radiation. The data that is collected is then used, through the power of automation, to decide how to approach infrastructural concerns. For instance, if traffic is moving slowly in an area, these systems would deliver that data to decision-makers, allowing them to make the call to reroute traffic a different way to ease the congestion. This system just makes the decisions, too.

The big problem with this is that now, if these systems don’t have sufficient security measures in place, they leave the city’s infrastructure vulnerable to attack. Unfortunately, in an initial study of three companies who provide these kinds of smart city systems, 17 basic vulnerabilities were present in their products. These vulnerabilities included things like easily guessable passwords, bugs that could allow malware to be introduced, and opportunities for authentication requirements to be side-stepped.

Why This Matters
The harsh reality is that developing smart cities with these kinds of vulnerabilities is the geopolitical equivalent of intentionally wearing a “Kick Me” sign each and every time you went out in public. The United States of America have already learned this the hard way, as electoral systems and the energy grid have been hijacked recently. If appearances aren’t deceiving, actions are being taken to reinforce these vulnerabilities in these IoT devices, but it certainly doesn’t help if careless oversights are being made in the security of major metropolitan areas.

We’re not saying that bringing the Internet of Things to cities is a bad thing, but the security needs to be there. The same goes for businesses. If your business relies on devices that connect to the Internet, like physical security devices, smart appliances, and networking infrastructure, locking down these devices and keeping them patched is critical to keep your operations running without a hitch.

Give COMPANYNAME a call at PHONENUMBER to learn about the security options we have to offer you.

Categories
Casserly Consulting Blog

Tip of the Week: Set Your System up with the Apps You like to Use

totw_set_system_apps_400.jpg

Sometimes you’ll open up a document and it will open up in a default program on your computer that you never use, or one that you might not even know you have. This can happen with common types of file formats, like PDFs or MP3s, that could be opened by more than one program on your computer. Windows 10 makes it easy to customize your user experience through changing up the default applications for specific file types. We’ll show you how it’s done.

To change your default applications for Windows 10, just follow these steps:

  • Click on the Start menu in the bottom-left corner of the screen.
  • Click on Settings. It’s the option with a gear-like icon next to it.
  • Select the System option.
  • Click on Default apps next.

You’ll see your options for selecting an app in the form of categories. These categories are Email, Maps, Music Player, Video Player, Photo Viewer, and Web Browser. Once you’ve selected a category, you can choose a default app that will open anything related to that category.

An easier way to do this is by right-clicking the file you want to open. You then need to select Open with. Choose the app that you’d like to use to open the file, or you can select Choose another app if you don’t see the one you want. You can either select it for this one instance or you can have Windows remember your choice for the future.

If you need to reset your default apps, it’s as easy as can be. Just follow the steps below… just in case you set a default app you don’t like.

  • Click on the Start menu.
  • Select Settings.
  • Navigate to System.
  • Click Default apps.
  • Click the Reset button at the bottom.

Once you’ve finished, your Windows 10 device will reset to its default applications. It’s really that easy.

Don’t fall behind the times with your tech knowledge. To keep learning more about your favorite business solutions, subscribe to our blog.

Categories
Casserly Consulting Blog

UTM is a Strong Solution to Ward Off Hackers

utm_is_strong_400.jpg

When your employees think about hackers and network security, do they picture some cloaked or hooded figure in a dark room typing away at a keyboard? Do they see a recluse living in their mother’s basement? Popular culture has given many users a false sense of reality regarding hacking attacks and the culture surrounding them, and it can come at the detriment of your business.

While there are, of course, amateur hackers who aren’t necessarily well-versed in how to do it, there are other, more professional hackers who “know their stuff,” so to speak. This is similar to just about any kind of profession or industry. You have the hackers who have no idea what they’re talking about, and you have the seasoned professionals who know the ins and outs of how to infiltrate a network. Unlike other industries, however, the cybercrime industry is effective regardless of the proficiency of those involved with it.

If you think about it, this makes sense. It doesn’t matter what kind of threat is installed on your computer. A virus is a virus, and malware is malware. It’s troublesome at best and dangerous or downright threatening at worst. Therefore, if you don’t take network security seriously, you could put the future of your business at risk.

Traditional Hacking Attacks
Many users might look at hacking attacks and think about the more traditional threats. This includes the typical viruses and malware that users associate with suspicious online activity. These threats can have varying effects, but they generally make life difficult for businesses and individuals alike. This is about the extent of the average user’s knowledge regarding hacking attacks. They know they are bad, but they might not know the real ramifications of such attacks.

Emerging Threats
Nowadays, security threats are much more advanced and dangerous, capable of crippling entire networks. Some examples are dedicated spear phishing attacks in which hackers take on the identity of someone close to your organization, tricking users into downloading the wrong email attachments or sending a wire transfer to an offshore bank account. Other times, it’s installing a backdoor on a network that lets hackers access a network at their leisure. The most dangerous of all–ransomware–literally locks down your business’ files and demands a ransom for their safe return, putting businesses between a rock and a hard place. Suffice to say, these advanced threats aren’t always identifiable by the average user, and some can’t be identified until it’s far too late and damage has already been done.

Don’t let your business remain in harm’s way any longer. COMPANYNAME can equip your business with solutions that can both prevent hacking attacks and respond to them quickly and efficiently. We do this through the use of a Unified Threat Management (UTM) tool that combines enterprise-level firewalls, antivirus, security blockers, and content filters together to create a comprehensive, preventative, and proactive way to keep your network safe. It’s the best way to approach network security, hands-down.

To learn more about how you can get started with a UTM, give us a call at PHONENUMBER.

Categories
Casserly Consulting Blog

Reduce Setup Costs with IT Consulting

it_consulting_400.jpg

It’s always exciting when the idea of a business becomes real by finding a space to conduct operations. It’s extra exciting when a business has outgrown its space and has to move into a new space. Whatever situation you are encountering, it can be excruciatingly difficult to affordably move into new offices.

COMPANYNAME can do several things for any business, whether you are a startup or an established company that’s moving or expanding. Our consultants are trained IT professionals; and, as a result, they can work with you to plan an efficient (and connected) use of your available space.

Moving Offices
When your company becomes too big for its britches you have to get some new ones. The problem is that you can’t just move everything over at once over one day; it’s a process. There are things that you can do, however, to make the move less of a headache. They include:

  • Choosing your Internet service provider – Having the necessary bandwidth to meet your business’ needs is crucial to its ability to run efficiently. If your new place of business needs to be rewired it could take up to a couple of months for it to get completed. At COMPANYNAME, we have good working relationships with several area ISPs, and can make sure that when it’s time to move in to your new building, you’ll have access to the bandwidth you need.
  • Property Assessment – While there won’t be any furniture or technology in place, walking through the property with our team to get a sense of where the technology will go can be helpful. This will simultaneously provide a chance to ascertain what will go where, and to make sure that all connections are in place.
  • Plan the logistics – If you expect your business to remain functional during a move, you need to plan how it is going to happen. Who is moving the hardware? Do the phones need to be connected? Is all the furniture there? There are over a dozen vendors you have to deal with when you are moving to a new location and making sure everything is squared away logistically is essential to a successful transition.

At COMPANYNAME, we provide the kind of technological expertise and vendor management services that make us a perfect partner for a rapidly growing company. Call us at PHONENUMBER today to talk to one of our knowledgeable consultants about how we can help make your transition easier.

Categories
Casserly Consulting Blog

Tip of the Week: How to Find Success With Remote Workers

success_work_remote_400.jpg

Thanks to mobile devices and remote access, businesses around the world are freeing their employees from the tethers of their desks and allowing them to work remotely. Some companies have employees that work remotely all of the time, which presents the question of how you keep them connected to the workplace, productive with their time, and part of your business’ culture. This week we’ll go over some tips to help your remote employees be as successful with their time as possible.

Accessible Solutions
Communication technology is important for your in-house workers, but it’s practically essential for your remote workers. Think about the following solutions before you implement any sort of remote work for your business:

  • Virtual private networks: If your employees need to access sensitive information while out of the office, a virtual private network is the best way to do it. A VPN provides an encrypted connection to keep prying eyes away.
  • Voice over Internet Protocol: A phone system makes communication much easier, but it’s a little messy to have employees use their personal phone numbers while they make calls to clients or contacts. Instead, you can have them use VoIP, a software-based phone system that can be used on desktops, mobile devices, or laptops.
  • Remote desktop software: Sometimes you have employees who only work remotely half the time. These employees likely still have computers on-premise, so they can use a remote desktop software to access important data and files on their work computers while out of the office.
  • Cloud-based applications: Applications hosted in the cloud are great for employees both in and out of the office, as they can be accessed on any approved device–not just the workplace’s desktops.

Ensure Proper Documentation
Project management is one of the keys to get the most out of your remote workers, as they aren’t always there to witness all developments on a project as they happen. Breakthrough moments happen all the time in the workplace, and the remote worker doesn’t get to witness these or be aware of them as they occur. This makes proper project management incredibly important, as without documenting all of the progress on a project, tasks could be repeated unknowingly and resources might not be available. Smart project management makes it easier to get work done while staying connected to the workplace.

Be Inclusive
Even if they aren’t in your office, you need to remember that remote employees are still a major part of your team. Since you don’t see them every day, it can be easy to forget they exist. Be sure to check up on them once in a while, as remote workers don’t receive the social aspect of the traditional workplace. They’re sure to appreciate the human interaction, and it will help them feel valued by your organization.

COMPANYNAME can help your business’ remote employees stay connected to your workplace. To learn more, reach out to us at PHONENUMBER.

Categories
Casserly Consulting Blog

The Major Points of A Secure Email Solution

email_security_encryption_400.jpg

It’s not out of the ordinary for employees to not know the best practices surrounding email management, but it’s something that any self-respecting employer needs to consider. How are your employees using their email, and are they putting your organization at risk? The best way to address these issues is taking a two-pronged approach involving training employees on proper best practices, as well as taking technical measures to keep the risk of a breach to a minimum.

We’ll go over some of the most viable options for keeping your email communications as secure as possible, including encryption, spam protection, and employee awareness.

Email Encryption
Encryption is extremely important for keeping your data safe from prying eyes. Encryption is easy to understand when it’s explained in terms that aren’t mind-bogglingly complex. Data that’s sent through a connection that isn’t encrypted can be intercepted. When data is sent through an encrypted connection, it’s scrambled so that it can’t be read by those who might steal it while it’s in transit. Only those who hold an encryption key can unscramble it, making it a much more secure method of sending and receiving important data. Some industries, such as healthcare and government organizations, mandate compliance standards that may include encryption to send and receive email.

Spam Protection
Employees are almost certain to encounter email hazards like spam messages and phishing attempts, and if they don’t know how to identify these dangerous messages, they could expose your organization to data breaches. This is because hackers can ask employees for various information, such as passwords, usernames, and other credentials that aid them in infiltrating your carefully laid-out defenses. The best way to keep this from happening is to keep spam and phishing messages from hitting the inbox in the first place with spam protection systems.

Phishing attempts are a bit trickier, as they will need to be handled in a careful and calculated manner. Scammers often personalize messages to optimize their odds of the message being opened or an attachment being downloaded. Therefore, you need to consider employee training to properly defend against it.

Conditioning Your Employees for Security
Your network’s security can’t be complete without taking care of the ones actually using the technology. Since your end users are going to be using the organization’s email, it’s only natural that you prepare them for the act of keeping it secure. You can provide your users with a list of best practices for them to keep in mind while going about their duties. They are the following:

  • Check the sender: Who has sent the message? Is it a suspicious email address that can’t be traced to any of your contacts? Does it come from a strange email domain? If the answer to any of these is in question, you might have a spam message.
  • Identify the intent: Hackers want you to click on their spam messages as quickly as possible. Therefore, they will often try to incite immediate action to prevent you from thinking twice.
  • Check the spelling and grammar: Many hackers come from countries where English isn’t the hacker’s first language, making their messages quite identifiable compared to others. If you receive messages filled with these inconsistencies, you can bet they are either unprofessional or likely a hacker.
  • Don’t open unrequested attachments: Attachments are a big way for hackers to spread threats, as a lot of people don’t think twice before downloading a supposed receipt or statement. Double-check who sent the attachment before downloading it.
  • Don’t click sketchy links: Before clicking on any links in an email, make sure it’s going where you expect it to. You can do this by hovering over the link without clicking on it. If the link goes to a weird URL or an IP address (a string of numbers and periods), it might be a phishing attempt. The destination might look legitimate and ask you to log in, but it will capture your credentials and give access to the bad guys.

Of course, the biggest thing to keep in mind is when in doubt, ask your IT department about the message. For more information on how to keep your organization safe from spam and email threats, reach out to us at PHONENUMBER.

Categories
Casserly Consulting Blog

As Augmented Reality Grows, More Applications Appear

ar_car_400.jpg

“Augmented reality” is likely one of those terms that you’ve heard before, but that’s more or less your experience with it. However, A.R. has likely been a bigger influence than you may have imagined – especially with the prevalence of smartphones being what it is. Let’s examine augmented reality and how it might be used later on.

Modern A.R.
As we have inferred already, the smartphone has been instrumental in bringing augmented reality to the masses. In A.R. applications, the camera is used to capture the likeness of the user’s surroundings, while a virtual overlay is added for the user to interact with. This overlay incorporates stimulus from the Internet, the captured surroundings, and the user’s activity all at once.

This technology has been leveraged by developers to try to develop apps, some for fun, and some that are more practical. There have been plenty of examples of each thus far. Augment, the furniture application, allows users to “test-drive” a model in the environment it will be used in, which is much easier than buying said furniture only to return it when it clashes with the base molding. As for entertainment, one only has to look at the success of the Pokémon Go app. There are even browsers, like Argon4, which incorporate A.R.

What May Be Coming Next
Admittedly, not much has been developed completely just yet, but that hasn’t made A.R. any less promising. For example, imagine how much easier tutorials could become for particular tasks if A.R. was leveraged. Any task that can be broken into steps could be developed into an A.R. walkthrough.

Take auto maintenance. Most people spend significant amounts of money keeping their engine tuned up and their vehicle road-worthy by bringing it to an auto shop. While some issues are certainly better resolved by the likes of a professional, some fixes are very doable for a novice – assuming they had a comprehensive, step-by-step guide to show them how to do it right. An augmented reality application could be that guide, teaching these novices how to change their oil or replace a spark plug. We may see these kinds of apps change the way that schools teach their students, allowing lessons to be learned conceptually and practically.

Of course, more is also being developed now:

  • eCommerce: Using digital overlays, real-time and lifelike shopping experiences can be developed, boosting consumer satisfaction.
  • Gaming: Pokémon Go was just the beginning. A.R. has proved that video games and gamification can not only get people out of the house, they can get them interacting with other people, forming stronger communities.
  • Marketing: By incorporating A.R. into the consumer’s experience, marketers can add additional impressions and make their efforts more impactful.

While A.R. may not be everywhere just yet, we wouldn’t be too shocked if it started to pop up in more places sooner than later – and if it doesn’t, we’ll focus on making sure you get the best use out of whatever does. If you’re interested in hearing more about any of the services or technologies that we at COMPANYNAME are familiar with, give us a call at PHONENUMBER.

Categories
Casserly Consulting Blog

Know Your Tech: Social Media

kyt_sm_400.jpg

You see the term “social media” thrown around all the time, but what does it mean for both individual users and whole businesses? Organizations that understand the importance of social media have a unique advantage over other businesses in the same industry, be it a way to attract more consumers or a way to protect against common security threats that find their home on these websites.

What is Social Media?
Social media can be considered any website or service that is used to interact socially with other people. Some common examples include Facebook, Twitter, LinkedIn, and even Instagram. All of these services have common ground in regard to features that allow people to communicate or learn more about one another, whether it’s in the form of a terribly-worded Facebook post or a bite-sized glimpse into someone’s soul via Twitter. LinkedIn allows business professionals to learn more about each other by providing information about their work history or current situation, which can be quite helpful for learning more about a company or a prospective client.

Social media is generally used more for the former, though. It’s likely that your employees have at least one account on a social media platform, so it’s important that your organization understands what it means for the purposes of security.

Security Issues of Social Media
One of the biggest issues regarding social media is that it can provide hackers with a way to get into your organization’s network–or, rather, trick your employees into providing information that could aid them in their attack. Hackers can create fake accounts where they can impersonate people you may know. They then use this process to weasel information from your employees such as usernames or passwords. You need to make sure that your employees are aware of the telltale signs of social media attacks so you know they won’t be an issue for your organization.

Social Media as an Outreach Method
Many organizations have turned to social media as a way to directly interact with consumers. Take, for example, Verizon. If you tweet at their support account, there is a solid chance that they will address any problems you might be having with your mobile service. You can use social media in this regard to directly reach out to customers and get their feedback about your products or services.

How does your business use social media? Let us know in the comments, and be sure to subscribe to our blog.

Categories
Casserly Consulting Blog

The Best Way to Approach Data Backup

best_way_to_backup_400.jpg

All businesses hope that they’ll never have to use their data backup and disaster recovery plan, but the point stands that each business should have one, just in case of a worst-case scenario. For a small business with a limited budget, the prospect of investing in a solution they might never need is daunting. To help you get started, we’ve put together a couple of basic backup practices that you should keep in mind for your business.

Back Up As Much Data as Possible
If you’re wondering what data your organization should prioritize, the correct answer is all of it. Data is invaluable in the business world, and even if you think you can make do without some of it, chances are that you can’t guarantee it won’t be useful somewhere down the road. You should never accept data loss of any kind. Tape backup systems tend to take complete backups, but they often can only be performed once a day, making it difficult to take and deploy them adequately without running the risk of either operational inefficiency or losing at least some data from the past 24 hours. We recommend a cloud-hosted backup system that takes snapshots of data that has been changed recently, guaranteeing that all files are kept as up-to-date as possible.

Take Backups as Frequently as Possible
In the event your organization suffers from a disaster, you want to make sure that your backups are as recent as possible. This is to make sure that you lose as little progress as possible when disasters do happen. Imagine finding out that the only data backup you’ve taken was last month. This is why we recommend that your organization take backups as often as every fifteen minutes, guaranteeing that you’ll lose minimal data.

Restore as Quickly as Possible
Let’s imagine that your organization is struck by a disaster. To get back in the game following such an incident, you have to restore your data. However, if you don’t have an infrastructure or device put in place to get this happening as soon as possible, you start to suffer from downtime. This is any time that your organization isn’t functioning as intended, so it should include situations where your technology is failing, your employees can’t work, and your organization can’t take care of customers, among anything else that your business is responsible for. It quickly becomes clear that one of the biggest causes for businesses failing following a disaster is the crippling costs of downtime.

Notice a trend here? Time is of the essence when disaster strikes your organization, and the faster you can get back in action following a disaster, the less money you’ll waste on downtime. The traditional data backup solution isn’t as helpful in this regard as a hosted BDR solution from COMPANYNAME. Our BDR device can rapidly restore data directly to itself so that your organization can keep chugging along in the face of adversity.

Categories
Casserly Consulting Blog

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

dirty_little_secret_400.jpg

What would you do if a stranger claimed to have compromising webcam footage of you and threatened to share it with your contacts? A new, very convincing email scam is making some users very nervous.

The Sextortion Scam
It’s as screwed up as it sounds. A scammer emails you saying that they got access to your passwords, and then started to run amok to see how much trouble they could get you into. They even show you one of your passwords to prove it (the password will likely come from lists found on the dark web from online businesses and services that have been hacked and stolen over the years). Then the scammer admits they’ve been watching what you do on your computer and recording your webcam, and they happened to catch you at a very inopportune time… Well, let’s let the email explain it for us. 

“You don’t know me and you’re thinking why you received this email, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).”

The reader is then given the address to a Bitcoin wallet, where they are to send the ransom.

The email continues:

“Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately [sic]. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.”

This email comes in a few different versions in the wild, but all of them follow the same pattern and end with the same threat… fork over the cash, or everyone will see you in your most private moments.

Is This a Serious Threat?
This is a very real concern for many people, who will be relieved to hear that, no, there is no indication that these threats are for real. The first clue is the fact that the passwords that the email provides are usually a decade old, indicating that they came from some (relatively) ancient database from some long-forgotten hack.

However, in some ways, this is even worse news, because this threat has made a tidy sum of money: as of the 31st of July, the scam had brought in $250,000, as compared to just over $50,000 by the 19th. Clearly, this scam has been plenty effective for the perpetrators, and this won’t deter others from following its example.

Keeping Yourself Safe from an Actual Attack
Granted, this attack is just an unfair wager, but scams like this are more than possible for a criminal who actually means what they say/threaten. As a result, the security lessons we can take away from this particular attack still apply.

The first thing to remember is also the first rule of passwords – change them frequently. Again, this scam has made quite a bit of money based on a total bluff… a bluff that, paid in increments of $1,400, was worth $250,000 and counting. From this, we can infer that quite a few people who received this message had online activities that they wanted to hide, and more critically, that their passwords had remained the same for all those years.

This is an excellent example of why it is so crucial to regularly update your passwords, without repeating them – if an old database is hacked, as happened here, you won’t have to worry if your password is revealed – it won’t be any good anymore.

The second thing to remember? If you aren’t actively using your webcam, keep its lense covered up.

For more best practices to follow, including those that will improve your business’ security, make sure you keep checking back to this blog – and if you want to take more action, reach out to us at PHONENUMBER.