562.225.4222

Facebook
Twitter
YOUTUBE
LinkedIn
GOOGLE

Tag Archives: office 365

Balancing Humans And Society

There are no shortage of philosophies when it comes to computer and network security. Keeping data secure and private should be the number one priority for all those philosophies. One thing that is usually missing from these philosophies are the human component.

As IT Technicians, most of the time we forget that the users we help are just trying to do their job with minimum amount of interruption. Users most of the time will prefer efficiency over security when it comes to their computer system. If a security measure stands in their way, clever users can find a way around it. An example is when computers started to become popular, yet they were not as mobile as they are now, hospitals started having computers on carts so that doctors could have access to patient’s digital records when the doctor visited them in the hospital room. However, doctors forgot to lock the computer when they walked away, leaving the patient’s health records exposed to anyone passing by. The hospitals IT Staff responded by adding proximity sensors to the carts that will lock the computer when the doctor walks away. This meant that the doctor would have to type in the computer password (if they remembered it) again when they returned, even if they only left for a very short time. To prevent it from locking, the doctors would put their coffee cup on top of the sensor, thus preventing the computer from locking if they moved away. This took security back to square one. Listening to the Doctor’s feedback and some education on the IT staff’s part was crucial to solving this issue.

In an office setting, it’s common for users to forget their passwords, especially if the Sys Admin have stringent rules like password change every 90 days, along with high complexity requirements. Getting calls about resetting passwords, on top of other usual calls can amount to a lot of unnecessary calls. Even on the user’s side, they want to avoid calling the sys admin to get their password reset. A common way users prevent forgotten passwords is to write it down on a post-it note and keeping it somewhere secure (like taping it to the lower right quadrant of the monitor). Frivolity aside, this is a security risk for that system. If this is at a reception desk, anyone who walks in can get a glimpse at the login credentials. For a hacker, this is enough to get in to their system and do what they please.

There are ways around this issue, like a fingerprint scanner, or having a facial recognition software on the computer to make sure only the person that is assigned to that computer can unlock it. This can be expensive, like needing to buy software, accessories, or even upgrade the whole system. However, the financial benefits of having a secure computer are on a long-term basis. Skimping on security solutions and ignoring the human element can be an atrocious combination for a company. Being aware of both and knowing how to strike a balance is key to protecting from outside threats as well from unintentional internal ones.

TRA consulting not only focuses on Home Personal security, but also in SOHO (Small Office/Home Office) security. Our goal is to provide full IT support to growing small businesses who are too small to have a full time IT staff, yet big enough that they need one. We have many highly satisfied customers in the Long Beach, Orange County, San Diego, Southbay, and Los Angeles area. Contact us today, and let us take care of all of your computer security needs. Our prices are reasonable and our services are top notch. Call us today for a free consultation!

 

Windows 10 Preview

Windows 10 is slated to come out later this year, with the goal of not just superseding the oft maligned windows 8 (and windows 8.1), but actually replacing it. Microsoft will offer Windows 10 as a free upgrade to users with devices. This is good for consumers who love their device and want to try the new Windows 10 without having to buy a new one.

One of the new features of the new Windows OS are a new redesigned browser that replaces Internet Explorer, called Microsoft Edge. Microsoft Edge is a minimalist internet browser that touts faster browsing speed, increased readability, and the ability to write and draw on a touch screen without the need of a stylus. This is great for tablet and windows users who do not want to get an expensive stylus to go with the handheld. Cortana is also being embedded in many features of windows, similar to what she was able to do in Windows phones. You can ask her questions and she will answer, whether they are things that can be found on the internet or windows options, like how do I project a screen (answer: Windows key + P). It is still not known whether she is an upgraded version of the Windows Phone Cortana or if it’s just her but ported to Windows 10.

One of the more exciting features that Windows 10 promises is the integration of the HoloLens with the Windows 10 and its apps. HoloLens is an augmented reality head set that merges everyday surroundings with holograms which the user can interact with. Those Holograms can be in the form of windows apps, which the user can control using their hands (a la Kinect), voice, and even gaze.

The new Windows Store is revamped, allowing apps to work in all Windows platforms. This makes it easier for Developers to have their apps be accessible to all one billion windows devices. Before, a windows phone app would only work on (certain) windows phones, but now it can work on Tablets, Desktops, Laptops, Surface, and even Xbox One and HoloLens. Not only can windows apps run on all windows platforms, but iOS and Android apps can be run on windows, as long as the app is ported by the developer. Microsoft is working on making it easier for developers to do that, which would be a win-win if it works: Windows App store grows and becomes competitive, and developers have their apps available to an extra billion devices with minimal effort.

TRA consulting, we not only focus on Home Computer security, but also in SOHO (Small Office/Home Office) security. Our goal is to provide full IT support to growing small businesses who are too small to have a full time IT staff, yet big enough that they need one. We have many highly satisfied customers in the Long Beach, Orange County, Southbay, and Los Angeles area. Contact us today, and let us take care of all of your computer security needs. Our prices are reasonable and our services are top notch.

You’re Doing It Wrong

The list of the worst password for 2014 just came out, and it looks like the people’s favorite worst passwords are still at the top: “password” and 123456”. Other winners (or losers) are ‘12345’ (#3), ‘qwerty’ (#5), ‘abc123’ (#14), ‘football’ (#10), and my favorite ‘letmein’ (#13).

In my career as an IT professional, I’ve seen many devices like routers, AP’s and firewalls that have default passwords such as ‘password’ , ‘abc123’ and ‘admin’ (curiously, not on the list), but never have I been tempted to leave that password once the device goes live. It’s like leaving your house key under the ‘Welcome’ rug in front of the door.

Even though passwords are one of the easiest methods to authenticate, some people just don’t take them seriously. Now, I don’t mean that you should have to memorize a 16-character long randomly generated alphanumerical password for every account that you have (though I do know a system administrator that does something like that). Even though having such a strict password policy will dramatically reduce the number of unauthorized access, it’s just begging for the Sys-Admin to be flooded with requests for password changes. Giving users free range to create their own passwords will lead to the above mention passwords, which are begging to get hacked. There is a middle ground that lets users create their own passwords but they are subject to some complexity requirements.

The complexity requirements usually include having a mix of numbers, characters, symbols, and UPPER and lower case letters. The reason why is this makes the password less likely to be hacked by using a Dictionary attack. This type of attack includes trying every word in the dictionary, as well as frequently used passwords, like the ones in the top 25 worst passwords of the year. If you have any of those password in the list, you’ve got an increased chance of getting your account broken into.

Sure there are other ways to authenticate besides passwords. Laptops and mobile devices now have finger print readers, facial recognition software, and even the popular smart card readers. However, all these things you cannot customize yourself. Your fingerprints will not change much over your lifetime, and neither will your face. Maybe that’s a good thing, but if such authentication method gets compromised, it could become a liability. However, passwords are easily replaceable, can be made to fit the user, and ultimately they are the last line of defense in cybersecurity.

At TRA consulting, our philosophy is to be proactive when it comes to desktop and network security. We combine end point tools which can monitor, alert, patch, script, and have the ability to provide remote support. All these tools and more can help you keep your computer and network safe at a fraction of the price of a full-time IT staff. We have many satisfied customers in the Long Beach, Orange County, Southbay, Greater Los Angeles Area, San Diego, Arizona, and Midwest.

Our Motto is “Maximum Satisfaction, Minimum Fuss”. Call us today for a free consultation!

 

The Threat Within

What’s the biggest threat to a company’s network security? Viruses? Hackers? Worms? The NSA? It’s none of the above. The weakest point are the users. That’s right, the same people that you trust to use the computers that you want to protect are the ones that are putting it at risk, according to a recent study by the Ponemon Institute. 78% of companies that took part in this study blame their employees for being careless or negligent when following the company’s security policies. Think about it; no matter how secure a computer is (within reason, otherwise the user cannot do their job) the user is the one making security decisions every minute they spend in front of that computer. “Should I click on this Facebook banner ad?”, “This email looks official, let me download the attachment and unzip it”, “Looks like I won the Lottery, even though I’ve never played”

Email is one of the most likely vectors to get a computer infected. Some estimates say that 90% of all email traveling through the internet is spam. Even though that statistic is probably overblown, the amount of spam out there keeps growing by the day. A lot of that spam is not just trying to sell you prescription pills or knockoff watches, but they are also trying to get your personal information and/or delivering an infection. The worst thing is that they spammers are getting smarter and making some of their emails more and more difficult to tell from the real deal. This method of spamming is called Phishing, which is very common and can even evade most spam detectors.

Educating the users is the best solution to keep computer and networks safe. There are many ways to keep a network safe with different devices and programs that will do an excellent job. However, at the end of the day, it’s the user who holds the power with their keyboard and mice to keep the computer out of dangerous situations. Now that companies are beginning to realize just how important is for their employees to be aware of the responsibility they have keeping the company safe from intrusion, it’s up to the company to find a way to better educate the employees at staying safe. This does not mean that traditional methods of security need to go out the window; these two philosophies are complimentary, not orthogonal, to each other.

Spending money in security is not the waste of money a lot of SMB’s (and even some big corporations) think it is. In fact, it’s the opposite; it helps the business to not lose money. Just like the saying, there is more than one way to skin a cat, there is more than one approach towards network security. Whatever your philosophy is, making sure it is well implemented is the biggest hurdle.

At TRA consulting, our philosophy is to be proactive when it comes to desktop and network security. We combine end point tools which can monitor, alert, patch, script, and have the ability to provide remote support. All these tools and more can help you keep your computer and network safe at a fraction of the price of a full-time IT staff. We have many satisfied customers in the Long Beach, Orange County, Southbay, Greater Los Angeles Area, San Diego, Arizona, and Midwest.

Our Motto is “Maximum Satisfaction, Minimum Fuss”. Call us today for a free consultation!

 

Beware of the Predator

As if there weren’t enough challenges for growing small and medium size businesses, there is another one to add to their list: Enterprise level malware software at affordable prices. Up to recently, the majority of Data breaches have been targeted at big corporation (Target, Staples, Home Depot, etc.), however now the targets have shifted to smaller companies due to the commercialization of similar malware/keyloggers. Predator Pain and Limitless are two keylogging malware programs that can be bought from underground markets for cheap prices and can be used to attack and spy on anyone. The majority of targets of these keylogging software has been small and medium size businesses, as shown by TrendMicro research. Even though the software can be bought for an inexpensive amount, it is not a rudimentary in its execution. It can steal web (including banking) and email credentials, as well as reconfigure the email account so that it send the victim’s emails directly to the hacker. It can also capture keystrokes and screen shots of the computer. On top of that, it will encrypt all the communications between the infected computer and the criminal’s computer.

The method that criminals use to infect the computers is usually a drive-by download or phishing. Once the computer is infected, the malware will start collecting data, keystrokes and screenshots of the computer. If you are infected with this keylogger, what can you do? Well, there is not much out there in the form of removal of this specific malware. A quick google search for “How to remove Predator Pain” reveals very little on how to properly remove this nasty keylogger. In fact, a lot of the results are about how to use the keylogger and where to get it (paid or free). The only one I was able to find is a bit complicated, and it includes editing the registry, something the average user is not recommended to do, as it could lead to even more problems. There are tools out there that can help get rid of this and other nasty malwares, like Malwarebyes, Spybot, SuperAntiSpyware, but the best solution is prevention.

Just like the saying, an ounce of prevention is worth more than a pound of cure. At TRA Consulting we specialize in IT Managed services geared for Small and Medium size businesses (SMB’s). We take care of all their IT needs, including but not limited to: Desktop support, server administration, Cloud Services integration, Network Administration/Security, etc.

With all the threats out there in the cyber-world, having us in your corner is one of the better decisions a growing business can do. . We have many highly satisfied customers in the Southern California area, including San Diego, Long Beach, Orange County, Southbay, and Los Angeles area. Contact us today, and let us take care of all of your computer security needs. Don’t let security threats stifle your business’s growth. Our prices are reasonable and our services are top notch. Call us today for a free consultation. At TRA Consulting, our motto is “Maximum Satisfaction, Minimum Fuss”

IT Consulting      |       Managed IT       |      Cloud       |       Desktop Support         |       Privacy        |       Term of Use        |       Sitemap        |       Contact Us