CMIT will be exhibiting at the NCCPAP National Conference tomorrow, Nov. 19th through Nov. 21st!
CMIT will be exhibiting at the NCCPAP National Conference tomorrow, Nov. 19th through Nov. 21st and presenting a 90 minute lecture on identity theft. Looking forward to seeing our CPA clients at the event!
NCCPAP Conference Brochure
http://higherlogicdownload.s3.amazonaws.com/NCCPAP/507c5965-daa4-4d69-87d7-64ba0d6cec2a/UploadedImages/Documents/2014%20LITPS%20Brochure.pdf
NCCPAP Conference Brochure
http://higherlogicdownload.s3.amazonaws.com/NCCPAP/507c5965-daa4-4d69-87d7-64ba0d6cec2a/UploadedImages/Documents/2014%20LITPS%20Brochure.pdf
IMA Ethics Training Breakfast
CMIT Solutions is a proud sponsor of the IMA Ethics Training Breakfast on Tuesday, October 28th. For more information visit their website at http://longisland.imanet.org/events/category/ima/
Internet Explorer update!
Microsoft has issued a patch for the internet explorer vulnerability that we reported last week. CMIT has tested and pushed the patch to all CMIT managed PCs within hours of Microsoft releasing it. If you are a CMIT client please be sure your PC is restarted ASAP so the patch can be applied. And be sure that your PC remains on each night so we can scan, patch, maintain and protect it. If you are reading this and are not protected by our service please be sure you run windows updates and restart your PC once the updates are installed. This is a critical patch and must be installed ASAP.
Heartbleed May have Compromised Your Sensitive Info!!
WHAT IS IT?
Heartbleed is a bug that MAY have exposed sensitive user information via a coding error in the commonly used online security protocol OpenSSL. This has rocked the technology world to its core and generated some scary headlines... The New Yorker called it “as bad as a security flaw can be.” The New York Times described it as “a stark reminder that the Internet is still in its youth and vulnerable to all sorts of unseen dangers.” Cryptography expert Bruce Schneier said Cryptography expert Bruce Schneier said “catastrophic is the right word to describe Heartbleed… on a scale of 1 to 10, this is an 11.”
Current Status?
The good news is that CMIT has verified that our systems and websites are NOT infected and are not using the vulnerable code. Our help desk email solution have also been tested and they are clean… We also verified that the routers we sell and support (sonicwall and netgear) are not affected, although other brands have admitted vulnerabilities.
• Because the bug can be exploited at any time, by anyone on the Internet, without leaving behind a single shred of evidence.
WHAT TO DO?
On April 10th, Mashable reported that the following sites, which collectively account for nearly two billion users, may have been affected, had applied security patches, and were urging users to change passwords:
Facebook, Twitter, Instagram, Pinterest, Tumblr, Google, Yahoo, GoDaddy, Intuit, DropBox, LastPass, OKCupid (Check back for updates)
If you want to proactively check a site that is not listed above (and we think you should) go to https://lastpass.com/heartbleed/ and type in the website you want to check. If it comes up clean, change your password; if it does not, contact the vendor or your IT support person for the next steps.
Heartbleed is a bug that MAY have exposed sensitive user information via a coding error in the commonly used online security protocol OpenSSL. This has rocked the technology world to its core and generated some scary headlines... The New Yorker called it “as bad as a security flaw can be.” The New York Times described it as “a stark reminder that the Internet is still in its youth and vulnerable to all sorts of unseen dangers.” Cryptography expert Bruce Schneier said Cryptography expert Bruce Schneier said “catastrophic is the right word to describe Heartbleed… on a scale of 1 to 10, this is an 11.”
Current Status?
The good news is that CMIT has verified that our systems and websites are NOT infected and are not using the vulnerable code. Our help desk email solution have also been tested and they are clean… We also verified that the routers we sell and support (sonicwall and netgear) are not affected, although other brands have admitted vulnerabilities.
• Because the bug can be exploited at any time, by anyone on the Internet, without leaving behind a single shred of evidence.
WHAT TO DO?
On April 10th, Mashable reported that the following sites, which collectively account for nearly two billion users, may have been affected, had applied security patches, and were urging users to change passwords:
Facebook, Twitter, Instagram, Pinterest, Tumblr, Google, Yahoo, GoDaddy, Intuit, DropBox, LastPass, OKCupid (Check back for updates)
If you want to proactively check a site that is not listed above (and we think you should) go to https://lastpass.com/heartbleed/ and type in the website you want to check. If it comes up clean, change your password; if it does not, contact the vendor or your IT support person for the next steps.
The cryptolocker virus is still surfacing and spreading via email!!!
Two recent emails have the following titles: PCI DSS Compliance Programme & Statement of Account. As with all email it is essential that you not open emails from unknown senders, that you have excellent anti virus, a quality spam filter and most importantly: on and offsite backups. This virus encrypts all files on local and backup drives and demands a ransom to unlock them.
CRYPTOLOCKER'S FRESH LEGS - AND THE BITCOIN CRAZE KEEPING IT GOING
When the CryptoLocker ransomware virus first
appeared in September, few IT experts expected it to stick around for so
long. But in 2014, the ransomware, which generally appears as a .ZIP, .PDF, or
.EXE file attached to an unfamiliar email, is still infecting computers at an
alarming rate, according to a
Dell SecureWorks analysis. A University
of Kent survey released in March revealed that 1 in 30 users have been hit
by the virus — and 40% of those had paid the ransom.
Once CryptoLocker infects a machine, it encrypts all accessible files and attempts to extract hundreds or even thousands of dollars in payment to de-encrypt them. The payment is requested in Bitcoin, a digital currency rising in mainstream visibility but still lurking in the shadows of legitimacy.
Here’s a Bitcoin primer: the open-source, peer-to-peer payment network was introduced in 2009, quickly becoming the chosen currency of the online world’s dark underbelly thanks to the fact that it requires no exchange of notes or tokens between buyer and seller. Instead, buyers request an update to a public transaction log, called a “blockchain,” that is maintained via a decentralized network of Bitcoin “miners” who verify timestamp payments.
By 2013, Bitcoin was dominating mainstream news stories, thanks to extreme price volatility, US Senate hearings, and China’s decision to heavily regulate the currency. Bitcoin is gaining acceptance among legitimate vendors and merchants, including Virgin Atlantic, OkCupid, and Reddit. And many economists say Bitcoin use could become more widespread due to ease of use and lower transaction fees.
Bitcoin plays a big role in one nasty endeavor, though: the aforementioned CryptoLocker virus. After an initial requirement that affected users pay the ransom in MoneyPak prepaid credit cards, later iterations changed their payment method to Bitcoin. The only problem was that Bitcoin enjoyed a stupendous surge in value around the same time, raising the ransom’s going rate from around $300 per “coin” to, in some cases, over $4,000.
Many IT service providers admitted that computer users who didn’t have sufficient backup and disaster recovery systems like CMIT Guardian probably would have to “pay up” to recover their CryptoLocker-affected files. But security officials deplored the practice, saying it would only encourage Bitcoin’s continued use as ransom. “If even a few victims pay, then the cybercriminals will think they have got a viable business model and keep infecting people and asking for ransoms,” Dmitri Bestuzhev, a spokesman for anti-virus behemoth Kaspersky, told The Guardian in 2013. “If nobody pays, they will stop these campaigns.”
For now, here are 5 steps to avoid CryptoLocker infection:
• Implement regular, remote backups and a sound disaster recovery plan
• Never open ANY attachment from ANY sender you don’t recognize
• Validate ANY link in ANY unfamiliar email before clicking by hovering over it and looking for legitimate IP addresses, not long strings of unrelated characters
• Ensure that solid firewall, anti-virus, anti-spam, and malware programs are in place
• Have a trusted IT professional assess the security of your systems
Why Data Breaches Keep Happening - And What You Can Do to Avoid Them
With the end of 2014’s first quarter upon us, we decided to interrupt our longing gaze at the warm, sunny weather in the near future and take a look at top trends affecting the technology world since January 1st.
Unfortunately, the one story that continues to dominate tech news is data breaches, data breaches, and more data breaches. Although its massive breach affecting over 100 million customersoccurred last year, Target reported in January that its Q4 profits fell by nearly 50%, while 2013 profits declined by more than 33%. In a sign of how significantly the breach has shaken the company, last week, Target’s Chief Information Officer Beth Jacob even resigned, while CEO Gregg Steinhafel announced an overhaul of information security practices.
Plenty of new breaches have occurred in 2014, as well. Sally Beauty Supply revealed an attempted breach in February, Sears launched an investigation into one in March, and everyone fromKickstarter to the University of Maryland to Smucker’s has announced their own vulnerabilities. And that’s not even digging into the many small health care-related breaches coming to light daily thanks to the recently enhanced HIPAA Breach Notification Rule, which requires public reporting of any incident affecting more than 500 individuals.
As John Pirc of security organization NSS Labs told SC magazine last week, “The trend in breaches in 2014 will be like the movie ‘Groundhog Day’ — we will be reliving the same scenario day after day.” The worst part? Symantec and the Ponemon Institute estimated in an analysis last May that the average total cost of a data breach is nearly $200 per record affected.
So what can you do to avoid such a devastating occurrence?
• Implement a trusted remote backup and disaster recovery service. CMIT Guardian, for instance, employs top-flight encryption levels for data both at rest and in transit, while also providing a failsafe backup in the event a data breach does affect your business. At this point, unfortunately, it’s more a matter of when than if — so preparing for that possibility is the smartest way to survive it.
• Understand that even the most stringent security measures may still not be enough. We’ve said it before, and it bears repeating: every employee, workstation, and mobile device represents a possible vulnerability. Most high-profile data breaches are the result of coordinated cyberattacks, but many smaller ones stem from a single stolen thumb drive or employee that inadvertently opens an infected email attachment.
• Strengthen your passwords. The rash of recent data breaches makes this common-sense practice even more important. The Adobe breach in October that affected over 38 million users revealed a wealth of information. For instance, “123456” was the service’s most popular password, followed by “qwerty,” “abc123,” and “123456789.”
Worried about how data breaches can negatively affect your business? Afraid your information isn’t properly protected? CMIT Solutions can and will help. We understand the critical nature of data security and the impact a breach can have on your business. Contact us today to put our encryption, backup, and disaster recovery solutions to work for you.
Why Hire a Professional IT Company to Help Your Business?
As a small to medium-sized businesses owner, many questions come to mind when thinking about how to implement technology that is essential to your business. You may have thought about hiring a technology company but did not because you assumed such a service could be performed on your own. For example, you may currently have a friend working full-time that helps you out, or you may have an administrative assistant or another employee that dabbles in technology to help around the office. Other options include buying your own equipment, plugging in the computer, and hoping it works.
This may work for some, but if you want to
get the most out of your technology, you need a professional to handle such
critical equipment just like any other professional services company. For
example, you would probably not hire an inexperienced college student to
prepare your taxes and file tax returns for your business. You would hire a
professional tax preparer or CPA, right?
Small and medium-sized businesses can get the
most out of their technology by understanding what the most critical aspect of
their business is. They need to break down all the important parts of their
technology and ask themselves, “What if that piece of technology was not available
to me at the most critical time of my business?”
Would clients be impacted?
Would employees not be able to do all or part of their work?
Would the business owner lose money?
Would the business owner lose clients?
Is the business owner’s reputation on the line?
Proactive
vs. Reactive
Many business owners think reactively and
don’t realize that having a proactive technology plan will protect them from
the inevitable moment when they realize “Our
computers are down!” While no professional IT company can guarantee a
business 100% availability to all their systems, mitigating much of the risk by
hiring a professional IT services company can provide a huge lift to small and
medium-sized business owners.
As a small business owner myself, I understand that diverse
businesses have different needs. Just like I would hire the right professional
for the job of mitigating risks and adding value to my business, a professional
IT company can provide the same service.
Some business owners today look at their technology as a necessity but
try to implement the technology themselves by buying their own computers,
laptops, and routers and then installing it themselves. Many technology vendors
today also develop their products to give consumers the ability to have that technology
work as soon as you plug it in and install it. But while the device may work
and does what you need, how do you know it was implemented correctly?
For example, I met a prospect who told me his backups
have been running for eight years; he gets daily email alerts about whether those
backups succeeded or failed. When we checked the backups, they were only
backing up the “application” directory and not the “data.” For eight years, he
thought his backups were working — and technically they were — but they were
not backing up his actual data. When I told him this, he realized he could have
lost all his data, putting his business and clients at risk.
Having a professional IT company can also help you determine
what’s necessary for your company. Business owners know they will need a
computer or a laptop, but they may not realize they can benefit from certain
technology like a server or firewall, or that they can recover important emails
even if they already deleted them from their inbox. Professional IT companies
can provide long-term benefits to businesses by helping them come up with
informed technology decisions.
Budget
and Cost
Professional IT companies have many different cost
structures. Depending on the needs of the client, those costs can vary from one
business to another. If you are a small or medium-sized business owner, many
times you have a budget and allocate spending towards technology. During the
budget process, it is beneficial for both the business owner and professional
IT service provider to be involved in helping you make the right decisions.
Even if you don’t have a formal budgetary process, you can work with an IT
professional to help you.
It is also very important to consider costs for hardware,
software, and support. There is always going to be a cheaper way of
implementing your technology, but the most important question business owners
need to ask is, “What value can I get by hiring a trusted IT professional?” Aside
from hiring a professional IT company, business owners have several options, including
hiring someone full-time to handle technology. Typically, hiring someone full-time
can be costly, and you have to weigh that cost against outsourcing or hiring a
professional IT company.
As a business owner, you may think that hiring a
professional IT company is too expensive. To help you fully appreciate the
costs of your network going down, you can use this example for your own company
to determine the cost of lost productivity and calculate the benefit of hiring
an IT professional to help you with your technology costs.
Let’s say you run a small law firm with 50 employees who
have an average salary of $50,000. Your network is down and you cannot access
your email, applications, or data files. Since you don’t have an IT
professional, you call a few companies to come onsite and fix the issues. If
your employees are down for two hours, and generally full-time employees work 2,000
hours a year, the average hourly rate for each employee is $25 ($50,000 / 2,000
hours). If you multiply two hours of downtime at $25 an hour by 50 employees,
you paid your employees $2,500 for the time they were unable to perform their
job duties. Additionally, the cost of an IT company coming to perform its work
would result in additional expense.
Also, there is a cost associated with the attorneys and
staff not being able to work on billable client hours, which would result in
additional hours of lost revenue. For example, if the billable rate in the law
firm is $250 an hour, and 10 of the 50 employees were working on clients that
were billable hours, you would have a loss of revenue of two hours X $250 X 10
employees, which equals $5,000 of lost revenue.
You can see how a $7,500 loss of productivity and revenue
can easily affect your business bottom line. Working with an IT professional
can help budget and mitigate the costs associated with downtime and
support.
Hiring a professional IT company can provide you with many
major advantages. Some IT companies have the ability to get better pricing on
hardware and software and also provide support solution package that helps
reduce downtime. Additionally, having a trusted advisor means someone can
answer all of your questions about certain technologies like cloud services,
new applications, or new hardware.
As a business owner, it is important to remember that hiring
a professional IT company can help your business get the highest return on your
technology investment. Doing it yourself or hiring someone that is only
available at night or on weekends is not going to help you in an emergency. It
is important to consider the costs of hardware and software and how you would
potentially be affected by downtime before making this important decision.
Helping you transition away from Windows XP! Time is running out!
In 40 days, Microsoft will end all support for the outdated operating system. If you don’t act now, your computers and critical data will be vulnerable to increased cyberattacks, system insecurity, and severely decreased performance.
But shaking off Windows XP won’t just boost productivity and efficiency — it’ll also help you save money in the long run. Microsoft estimates that a move to Windows 7 or 8 can deliver a return on investment (ROI) of nearly $1,400 in three years.
How can CMIT Solutions help you avoid getting dragged down by XP’s demise?
• We’ll determine whether an upgrade to Windows 7 or 8 is possible with your existing equipment — or whether it’s best to start fresh with new machines.
• We’ll provide financing options to make any decision you make more affordable.
• We’ll fast-track a post-XP transition to get your systems protected before XP’s April 8th expiration date.
• We’ll deliver world-class support to help your business benefit from a more modernized computing environment.
How can CMIT Solutions help you avoid getting dragged down by XP’s demise?
• We’ll determine whether an upgrade to Windows 7 or 8 is possible with your existing equipment — or whether it’s best to start fresh with new machines.
• We’ll provide financing options to make any decision you make more affordable.
• We’ll fast-track a post-XP transition to get your systems protected before XP’s April 8th expiration date.
• We’ll deliver world-class support to help your business benefit from a more modernized computing environment.
Very Important Information about Windows XP!!
"Microsoft will discontinue extended support for XP effective April 8, 2014. After this date, Microsoft will no longer provide regular security patches, technical assistance, or support for XP. "
YOUR PRIVATE INFORMATION WILL NO LONGER BE PROTECTED! Read more..
Subscribe to:
Posts (Atom)