What do you think happens when you go to a website and there is a big warning that says this website is not secure? Do you think you will go back to that website? That is going to happen to millions of websites beginning in July when Chrome version 68 is released.
Google is forcing all websites to begin using HTTPS for all websites which means that the connection between the website’s server and your computer is encrypted. Google believes it will make the web a more secure place and if you don’t do it, they will announce to the world that you are not secure.
If you want more information, click here, otherwise if you need help with installing an SSL certificate to have HTTPS on your website, please contact OptfinITy.
Making sure your website is updated with the latest patches is very important as new vulnerabilities are discovered almost daily – so what happens when the latest update stops your updates from working?
On Monday, WordPress released version 4.9.3. The very next day, WordPress released version 4.9.4. Although version 4.9.3 fixed 34 bugs, it also introduced a new bug that prevents automatic background updates from updating automatically! This bug causes WordPress to encounter an error when attempting to update itself to the latest version.
Four years ago, WordPress added the self-update feature allowing users to keep their website secure and bug-free so users have not had to think about updates. This means that there are millions of unmanaged WordPress sites that expect their site to automatically update itself. So if you are an admin of a website running WordPress, make sure to update now or if you need help with your website, give OptfinITy a call at 703-790-0400.
Data is the lifeblood of your organization.
If your systems were struck by a disaster,
How much data could you recover?
How much downtime would you experience?
To ensure your business continuity is to proactively protect your systems and data against disasters of all types. When we consider the amount of data we store and how much we rely on infrastructure to communicate and compete in today’s world, it’s easy to see how one system disaster can cause serious damage to a business.
Join OptfinITy at our February Lunch and Learn (catered by Pure Perfection Catering) where will not only discuss a great solution but will demonstrate an actual computer disaster to help you understand the threats to your data and the solutions to protect it.
For an agenda, here are the items we will be covering on February 22, 2018. Go here to register.
• Traditional Backup vs. Business Continuity
• Cyber threats of 2018 – Who is behind them, what to look out for, and where does Business Continuity fit in to your 2018 Cyber Security Plan
• Calculating the cost of downtime
• Live demo of how quickly you can virtualize your systems, and get your business back up and running
As a Sonicwall partner, we were pleased to find out that Sonicwall routers were not susceptible to the latest vulnerabilities per their release shown below.
On Jan. 3, two processor vulnerabilities, known as Spectre and Meltdown, were published by Google’s Project Zero security team. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and Arm.
A successful exploit of this vulnerability allows an attacker to access sensitive information (e.g., passwords, emails, documents) inside protected memory regions on modern processors. Because the OS-level memory isolation is usually considered trustworthy, this data is most likely to appear in plaintext in memory when processed by the OS and applications.
Your SonicWall customers are not susceptible to Spectre and Meltdown vulnerabilities. No updates are needed at this time.
The SonicWall Capture Labs investigated the Spectre and Meltdown vulnerabilities and found the following:
• The full range of SonicWall TZ, NSA and SuperMassive firewalls are not vulnerable to the Meltdown or Spectre vulnerabilities.
• All other SonicWall products, including Email Security, Secure Mobile Access and Global Management System, also are not at risk. These products are hardened and do not run third-party code, which is a prerequisite for this attack.
Meltdown and Spectre are the latest named vulnerabilities to appear in the news and they are in fact very problematic because the attacks could be used to read system memory that *should* have been inaccessible. What happens is an attacker could steal sensitive information such as passwords or encryption keys from your computer’s memory. And because these flaws are in your computer’s chips, it’s not a problem that is particularly easy to properly fix without a hardware replacement.
The solution at this point besides replace your computers? Change the low-level software that speaks to the hardware. Since the hardware can no longer be trusted to do what they were supposed to be doing, the software will limit the capability.
The good news is that these flaws have been known about for months and there are already plans to release these patches with some including Microsoft already releasing server versions on January 3, 2018. The researchers who discovered the problems disclosed them to chip manufacturers and software vendors, who have been feverishly working on fixes. The bad news is that we are at the mercy of some of these companies but the goal is to release patches soon. If you are managing your own hardware, then you should make sure you are updating all items (Phones, routers, computers, etc.). If we are doing it for you, you are all set as OptfinITy will roll out the patches as they are available.
Researchers at the University of Washington are trying to store small amounts of data on smart fabrics. These magnetized garments would be readable by a magnetometer and not need any electronics or batteries to function. This would be useful for invisibly labeling items or using clothing or accessories in place of a password or key card.
While connected textiles have been around for years, they haven’t yet made it to the mainstream. Some reasons include high prices, limited functionality, and durability; not to mention lack of precision with things such as gloves for smart phones.
Soon, though, you might be able to buy ties, belts, and bracelets that may be programmed to help you open doors, unlock phones, or give you access to your laptop. And you can bet when these new gadgets become mainstream in the workplace, Optfinity will be there to assist our clients manage their usage, security, and updates.
In December 2015 (2 years ago), DFARS 225.204-7012 required DoD contractors to implement NIST 800-171 “as soon as practical, but not later than December 31, 2017. That is this month! This deadline is now less than 30 days away, and many contractors are not complaint. What is worse, is that many have not taken steps to begin to comply, putting their business at risk.
There is a lot of debate over what is and what is not Controlled Unclassified Information (CUI), and many small businesses think they do not have to comply because they are subcontractors, or they think they don’t hold any CUI. However, the problem is that the big, multi-billion dollar DoD prime contractors (you know who they are) are not taking ANY chances with NIST 800-171 at all. If you are a government contractor and you fall anywhere within the DoD supply chain, you need to comply with NIST 800-171.
For more information on compliance and what you can do from a technology perspective, please contact us at OptfinITy.
It’s the Holiday Season once again, but remember it is also a holiday for the bad guys as well, but not in the way you might think. Hackers go into scam-overdrive mode during this time of the year to prey on the heavy shopping done by consumers. This time of year is the busiest for on-line shopping and scammers are out to get rich off of your money. So what should you look out for?
There are too-good-to-be-true coupons that offer free or discounted phones, tablets, and countless other cool items all over websites and social media; don’t fall for them! Make sure the offers are from a legitimate company. While you’re at it, watch out for alerts via email or text informing you that you just received a package from FedEx, UPS or the US Mail. These notifications will then ask you for some personal information; don’t be fooled into giving them anything!
The price of security, especially now, is constant alertness and willingness to fight back. Remember to only use credit cards online, never debit cards, as your liability is limited with a credit card and the money does not come straight out of your bank account. Be super-wary of spam email with crazy good BUY NOW offers and anything which looks slightly “off”. Remember, if it seems too good to be true, it probably is. And if you’re still wanting to take advantage of that offer, double check with the company directly.
If you think you might have been scammed, stay calm and call your credit card company right away, nix that card, and get a new one. It is always better to be safe than sorry.