Notice: The United States Computer
Emergency Readiness Team (US-CERT) has issued a security advisory.
There is a proven vulnerability in
the heartbeat extension of Open Secure Sockets Layer (OpenSSL), protocol
versions 1.0.1 through 1.0.1f.
It states: “There has been a recent
increase in activity for this vulnerability. There are also reports that this
vulnerability is currently being successfully exploited for obtaining sensitive
data from vulnerable servers.”
While the vulnerability is not applicable
to most systems under management, we are currently conducting extensive
verification against all managed systems to verify any systems running the
OpenSSL protocol are appropriately protected, and patched with the latest
It’s just one more way we help
ensure our customers’ data is as safe as possible.
We also recommend the following
extra safety precautions:
- Remind your users to not visit
untrusted websites, or to follow links provided by unknown or untrusted sources.
- Inform and educate users regarding
the threats posed by hypertext links contained in emails or attachments,
especially from untrusted sources.
- Change your passwords on any public
sites that are/were using OpenSSL/TLS, giving priority to high-value accounts.
If you have any questions or need clarification, feel free
Harry Broadwell Jr. has joined Allied Technology Group, LLC as a Network Consultant.
Harry is an expert in network infrastructure with 27 years of information technology and project management experience. He comes to us from Stephens, Inc. where he worked since 2000 as a Senior Network Analyst.
We are honored to be recognized for the 3rd straight year as a member of the 2013 CRN Next-Gen 250.
The annual list highlights up-and-coming solution providers that are new to the market, and who take a smart and different approach to solution selling and integration.
The Next-Gen 250 honors those solution providers zeroing in on lucrative and emerging technologies, among them cloud computing, mobility, virtualization, unified communications, business analytics, and business intelligence. These companies stand out from the pack when it comes to transforming their business or breaking into new technologies.
A sampling of the 2013 Next-Gen list is featured in the August issue of CRN Magazine and is featured online at www.crn.com. The complete list of 250 companies will be available in the CRN Tech News app, available for iPad and Windows 8.
It’s important for you as a consumer to be aware that malware is targeting point-of-sale systems. We don’t tell you this to scare you, and there is a solution to this problem – but we want to keep you informed of these issues as they arise, so you can remain an informed consumer. When you purchase something from a retailer, that transaction goes through a Point of Sale or POS system. This can mean the hardware used to swipe a credit card, or the computer or mobile device attached to it. It can also mean the software that tells the hardware what to do with your information.
When you use your credit or debit card, the information from the magnetic strip is processed by a computer or device, that information is called Track 1 and Track 2 data. Track 1 is the information associated with the actual account like your name, and account number. Track 2 is the actual card number and expiration date.
We all know cyber criminals, and criminals in general seek out consumer information so they can steal identities or money, but you may not know about skimming.
Skimming is when criminals attached an actual physical device to the POS system to collect your personal information. You may have heard about this on the news recently involving gas station pumps.
While fraudulent charges to your personal credit card can often be handled quickly by the issuing financial institution with little to no impact on you, it can take a lot of time an effort on your part – and not many people have that kind of time. Unauthorized withdrawals from a debit card, however, could have a cascading impact to include bounced checks and late-payment fees which could take months to remedy.
So what’s the solution?
It’s a good idea to change your debit card’s PIN occasionally to prevent fraudulent charges, or you can visit your bank’s website to learn more about fraud protection programs. There are also services such as Life Lock that help protect consumer’s identity, where all of your card numbers can be entered and protected for a fee.
If you think your identity has been stolen, or someone has tampered with your cards, you can contact the Federal Trade Commission (FTC) at (877) 438-4338 or via their website at www.consumer.gov/idtheft or law enforcement to report incidents of identity theft.
Best practices for business owners:
- Use Strong Passwords: Business owners should change passwords to their POS systems on a regular basis, using unique account names and complex passwords.
- Update POS Software Applications: Ensure that POS software applications are using the most recently updated software applications, and software application patches.
- Install a Firewall: A firewall can prevent unauthorized access to or from a private network by screening out traffic from hackers, viruses, worms or other types of malware specifically designed to compromise a POS system.
- Use Antivirus: Antivirus programs work to recognize software that fits its current definition of being malicious and attempts to restrict that malware’s access to the systems. It is important to continually update the antivirus programs for them to be effective.
- Restrict Access to Internet: Restrict access to POS system computers or terminals to prevent users from accidentally exposing the POS system to security threats on the internet. POS systems should only be utilized online to conduct POS-related activities, and not for general internet use.
- Disallow Remote Access: Remote access allows a user to log into a system as an authorized user without being physically present. Cyber criminals can exploit remote access configurations on POS systems to gain access to these networks. To prevent unauthorized access, it’s important to disallow remote access to the POS network at all times.
Online holiday shopping continues to grow in popularity. According to American Express, for the first time, more people are expected to shop online on Cyber Monday than visit brick and mortar stores on Black Friday. Shoppers are expected to spend nearly $62 billion online throughout the holiday season this year, up more than 15% from 2012. The use of mobile devices for online shopping (mcommerce) is projected to reach almost $10 billion for the 2013 holiday season, as more consumers are using these devices to compare prices, research products, locate stores, and make purchases to a larger degree than ever before.
Whether you’ll be conducting transactions from your desktop, laptop or mobile device, keep these tips in mind to help protect yourself from identity theft and other malicious activity on Cyber Monday, and throughout the year:
- Secure your computer and mobile devices. Be sure your computer and mobile devices are current with all operating system and application software updates. Anti-virus and anti-spyware software should be installed, running, and receiving automatic updates. Ensure you use a strong password and unique password, which is not used for any other accounts. Set a timeout that requires authentication after a period of inactivity.
- Use mobile applications with caution. As devices such as smartphones and tablets, continue to gain popularity for online shopping, so too will the volume of attacks against them. Malware could be downloaded onto the device from seemingly legitimate shopping apps that can steal credit card and other sensitive information for transmission to cyber criminals. Update all apps when notified and disable Bluetooth and Near Field Communications when not in use to reduce the risk of your data—such as credit card number—being intercepted by a nearby device.
- Know your online merchants. Limit online shopping to merchants you know and trust. Only go to sites by directly typing the URL in the address bar. If you are unsure about a merchant, check with the Better Business Bureau or the Federal Trade Commission. Confirm the online seller’s contact information in case you have questions or problems.
- Consider using an online payment system or credit card. Where available, you may want to use online payment services, which keep your credit card information stored on a secure server, and then let you make purchases online without revealing your credit card details to retailers. If you do pay online directly to the retailer, use a credit, not debit card. Credit cards are protected by the Fair Credit Billing Act and may reduce your liability if your information is used improperly.
- Look for “https” before you click “Purchase.” Before you submit your online transaction, make sure that the webpage address begins with “https.” The “s” stands for secure, and indicates that communication with the webpage is encrypted. A padlock or key icon in the browser’s status bar is another indicator. Also, make sure your browser is current and up-to-date.
- Do not respond to pop-ups. When a window pops up promising you cash, bargains, or gift cards in exchange for your response to a survey or other questions, close it by pressing Control + F4 on Windows devices, or Command + W for Macs.
- Do not use public computers or public wireless access for your online shopping. Public computers and Wi-Fi hotspots are potentially insecure. Criminals may be intercepting traffic on public wireless networks to steal credit card numbers and other sensitive information. Care should be taken that the settings on your computer or device prevent it from automatically connecting to Wi-Fi hotspots.
- Secure your home Wi-Fi. Make sure you control who has administrative access, and that any users on your network authenticate with a strong password. Encryption settings should be enabled and strong - using WPA2 is recommended.
- Be alert for potential charity donation scams. Cyber criminals try to take advantage of people’s generosity during the holiday season and can use fake charity requests as a means to gain access to your information or computer/device. Think before clicking on emails requesting donations. Don’t give your financial or personal information over email or text. Contribute by navigating to the trusted address of the charity, never through a link in an email. To check if an organization is eligible to receive tax-deductible charitable contributions, visit the IRS website.
Contact the seller or the site operator directly to resolve any issues. You may also contact the following:
For More Information:
For additional information about safe online shopping, please visit the following sites:
· OnGuard Online
· Privacy Rights Clearinghouse
· Internet Crime Complaint Center
The information provided in the Monthly Security Tips Newsletters is intended to increase the security awareness of an organization’s end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization’s overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Brought to you by:
What Is Governance?
What is IT Security Governance? I was recently asked this question and like others in my field, I started to explain it in a complicated way.
We love to answer this question with specific and formal language like:
“It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives”.
“...a structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes”.
Thirty seconds into my answer, I noticed our account manager shared a smirk and an eye-roll with the potential client. “What is this?” I thought. I couldn’t believe the very person who invited me to the meeting would turn his back on me and use me as comic relief!
Not to be outdone, I quickly shifted tactics. After completing my 90-second text-book description of IT Security Governance, I paused… took a dramatic breath… and continued, saying:
“Or, to put it more elegantly, IT Governance is just paying attention to stuff. And IT Security Governance is protecting that stuff.”
Whether it is a computer hard-drive, a printout of a contract, or a single record in a database stored in a remote data center, these information assets must be managed, maintained, and given attention.
This article is intended to provide both a high level summary to executives responsible for IT Governance Oversight, as well as specific guidance to directors and managers tasked with implementing the often misunderstood “IT Governance Initiative”.
The primary goal of IT Governance is a consistent and thorough understanding and approach to the ways the organization uses to address information assets. The term “Information Asset” is a difficult concept. It is the first definition on which the stakeholders within an organization must agree.
Information Assets can be defined as narrowly as to include only the physical resources owned or operated by the organization. The definition of Information Assets can be as complex as to include not only physical and tangible resources (databases, spreadsheets, physical paperwork, etc.), but also intangible resources.
Pertinent questions might be:
“Should governance address the way in which application developers produce and distribute source code?”
What procedures do we follow during the in-processing and out-processing of employees with access to sensitive corporate records?”
These are but a few of the possible items to include for consideration.
Regardless of scope, IT Governance should always address the development, documentation and implementation of standardized policies, guidelines, procedures, and standards for the organization.
The final and most often overlooked goal is the true reason to implement IT Governance. It is not to save money (which is important), or is it to meet regulatory requirements (although these needs can be helpful in budget justification). It is also not to ensure the CIA (Confidentiality, Integrity, and Availability) of information assets, a common argument made by security professionals.
The most important goal of IT Governance is to provide outstanding customer service. Often overlooked, in today’s globalized and socially connected infrastructure, the customer service of an organization is arguably the most important asset it can maintain.
Customer service can provide uncontrollable amounts of unsolicited marketing through social media tools. These can be either uplifting or detrimental to the organization. Following consistent and approved governance policies will provide a consistent and repeatable experience for the customer. This will in turn promote more consistent and positive feedback for the organization.
Who Should Govern?
The Executive Team, Human Resources and Organizational Key Players must all be directly involved in the defining what IT Governance means for the organization. Great care must be taken to ensure each of these groups maintains active participation and accountability for the development, implementation and ongoing maintenance of IT Governance.
Without this ongoing organization-wide support, the system will break down and the organization will run rampant with “Lone Wolf” behavior, where each division takes ownership of their own IT needs without including IT stakeholders.
Internal customer service within the organization ultimately enables and supports organizational agility and the ability to respond to changing demands. Potential revenue streams from unexpected avenues are missed due to the inability to more quickly respond to issues.
The common theme is each of these goals can assist the organization by transitioning IT away from the traditional role of “Cost Center” to the more appropriate role of “Strategic Business Tool”.
If you are curious how your business can transition your IT or customer services departments to the next level, give us a call today. 501-372-4909
E-mail is one of the main tools we use to communicate in our society today. It is not uncommon to have multiple e-mail accounts. Many people have accounts for professional communication, personal communication, and a “throw-away” account they use for signing up for special offers and marketing programs. E-mail can be confusing, and can end up hurting you or your organization if not used carefully. In this article, we will discuss several of the most common mistakes people make that can easily be avoided.
Emotionally Charged E-mails
One of the most dangerous activities you can engage in can be driving your vehicle while you’re in a
state of high emotion (being really happy can be just as troublesome as being really upset), which
impairs judgment and can affect response times. The same is true when writing an e-mail. If you
must write that scathing e-mail, make sure the To/CC/BCC lines are empty! You might also save the
e-mail as a draft and later take the time to reread what you have written after you have had a chance
to calm down and collect your thoughts. Bing once told me, “Draft today, send tomorrow”, which
seems like wise advice.
Remember, e-mail has very few privacy protections. Many organizations follow legal counsel’s advice
and require a disclaimer in e-mail signatures. This provides no actual privacy enhancement. Your email
can be easily forwarded to someone else, posted on a public forum, and archived forever for the
Internet community to read for all times. If you have something truly private to communicate, e-mail
may not be the best option.
Operationally speaking, the delivery of e-mail to a specific person, or even delivery of an e-mail at all,
is not guaranteed. The exception to this rule is typically within a single organization’s e in-house email
system. You should consider the delivery of any e-mail message as a “best effort” activity, and
act accordingly. Typically, if an e-mail cannot be delivered within three (3) days, you will receive an
NDR (Non-Delivery Report) with the specific reason why the e-mail was not delivered.
Finally, many e-mail clients have a feature that will help you remember e-mail addresses by
attempting to auto-complete the e-mail address to which you are sending. I have received many emails
intended for a different “Jeremy”. I typically respond to these e-mails to let the sender know
they sent it to the wrong person. But, take a moment to verify to whom you are actually sending the
e-mail. You may save yourself a potentially embarrassing reply.
Jeremy Ausburn is a Senior Consultant at Allied Technology Group, LLC. Feel free to contact him at
Over the past year one of the questions I’m most often asked by clients is “Can we attach our
tablets to the network?” Sounds simple right? But for those of you with whom I’ve had this
conversation you know the answer is far from simple.
Most users simply want to check company email on their tablet. It’s easy to set up, manage,
and it’s relatively secure. However, if you need a secure, fully functional device that can
replace your work laptop then the answer, at least until now, was no. Besides the obvious
physical challenges of a tablet versus a laptop (screen size, lack of a keyboard/mouse) the
current products on the market are focused on the consumer, not business users. Many
business applications simply can’t be run on these devices without an expensive terminal
application and even then, there remain major management and security concerns. Can it be
done? Yes. Does it work well for most users? Again, the answer is no. So are we destined to
carry two or more devices around until the end of time? If Windows 8 lives up to the hype,
Feel free to contact us with any technology consulting needs that you may be having.
We are excited to announce that Jeremy Ausburn has joined Allied as a Senior Consultant. Jeremy has over 13 years of experience working in Information Technology. He has a BA in Technical Writing, is a Certified Information Systems Security Professional (CISSP) and a Microsoft Certified Systems Engineer. Jeremy brings to Allied a broad range of experience and expertise in Storage, Network Security, Virtualization, and Network Design, Implementation, and Administration.
Allied Technology Group is happy to announce that we have been listed in the 2012 CRN Next-Gen 250. This award recognizes managed service solution providers that are on the cutting edge of technology and business model shifts. Notable companies are selected based on their focus on markets such as virtualization, cloud computing, data center and mobility.
View recognition details here: www.crn.com
This is the second consecutive year Allied Technology Group has been recognized by CRN Next-Gen 250. We credit this success to our ability to implement emerging technologies such as cloud hosting services, disaster recovery, and other managed IT services better than most managed it service companies. We forge strategic partnerships with our clients to better understand their needs in order to deliver the best technologies for their business.
Read more about Allied Technology Group consulting and managed IT services.
Voice over Internet Protocol, VOIP, is not a new technology, businesses have been dabbling with it for almost a decade. It’s safe to say that VoIP has become so commonplace that we hardly think about it. While it’s common, small businesses with a PBX - Private Branch Exchange - have had little choice when it comes to digitizing their systems. There is one option at their disposal however, SIP trunking.
SIP trunks blend together voice, telephone and data - Internet - connections, which allows your voice to travel over data lines. In other words: You pick up your phone, dial a number outside the office. Your call goes through the PBX - Private Branch Exchange - which tells the call where to go. The SIP picks this up, digitizes it, mashes it together with your data connection and sends your voice over the Internet to the recipient where it drops down to the original telephone lines.
There are three main components of SIP trunks
- PBX. A PBX which can switch VoIP calls to traditional lines and vice versa.
- Internet Telephone Service Provider - ITSP. An ITSP is similar to your Internet Service Provider, only they focus on digital telephone transmission. Often times, the ITSP is a subsidiary of, or a branch of your Internet Service Provider.
- SIP trunk. The SIP trunk is a device that facilitates the two above networks, and allows them to work together to send out and receive voice and video calls.
There are some great benefits to SIP trunking including:
- Decreased phone bills. When you make calls, they are transmitted over data lines which cost a lot less than traditional phone lines, especially if you’re making long distance calls. You could even ditch your current phone provider, as all voice will be transmitted over data lines, freeing up funds which can be spent elsewhere.
- Don’t lose numbers. If you move offices you’ll be able to take your numbers with you, without having to pay to have them connected to the traditional phone networks.
- Calls can be easily rerouted. If your business is caught in a disaster, you can easily establish an SIP trunk in another location and have calls to your numbers routed through there.
- Don’t need to discard old phone system. Unlike VoIP, SIP trunking works with your old phone system, which means set up costs are considerably lower.
If you’re interested in SIP trunking for your business, or would like to learn more, please contact us.
Published with permission from TechAdvisory.org. Source.
Printing, when one thinks about it, is an important part of any company’s infrastructure. Many infrastructure elements of companies have been integrated with technology to make them more efficient, or reduce operating costs. This isn’t true for printing, many companies struggle with high printing costs, or inefficient output. Managed print services can help change this.
Managed print services is a service that’s designed to help businesses streamline their printing operations; reduce operating costs and waste, and increase productivity. It works much the same way as Managed IT services, you have a company work with you to develop a printing solution tailored to meet your needs. This could include consolidating print, scan, copy and fax into one machine, or, upgrading systems to connect to the network to allow for virtual printing.
The benefits of doing this can be far reaching and could include:
· Decreased IT costs. Many office printers and copiers are closed systems that require a qualified technician to fix, or at the very least takes up the time of current IT staff. If you have a managed service, you don’t have to pay for a technician to come fix the machine, and your IT staff can focus on priority tasks, thus reducing costs.
· Decreased material costs. Many managed print services use new technology, that while an investment in the short term, can quickly pay for themselves through increased output, decreased material cost and lower maintenance costs.
· Helps the environment. As managed print service companies use current technology, which itself uses less energy, you’ll find electrical bills to be lower. The technology also uses less ink and can reuse paper, thus reducing harmful waste and helping the environment.
· Increased productivity. By making printing systems more efficient, a company will see an increase in physical output, because they’re not constantly waiting for the printer.
If your company is looking for a new printing solution, you should ask yourself these three questions:
1. Will we see ROI? Many companies will see upwards of a 30% savings in printing costs with an optimized printing solution. It’s important to work with managed printing providers to ensure that you will actually save money with their systems, or at least see a return on your initial investment.
2. Can our technology support growth? Many small businesses are constantly changing and their current solutions may not meet needs in the future. You should analyze your current technology and see if it will be able to support you in the future.
3. How much does printer downtime cost you? If you’re using older technology that’s constantly breaking down, the cost of downtime can be quite high. This is a good indication of the need for managed print services.
4. Do you want to focus on printers? If your business is in need of a printing solution to help operations, and doesn’t focus on printing, or you want to spend less time thinking about printers and more time focusing on tasks, then going with a managed print service is a good choice for you.
If you’re looking to replace your printers, or would like another way to make your business more efficient please contact us, we may have a solution for you.
Published with permission from TechAdvisory.org. Source.
It’s common knowledge that the number of work related injuries is rising. While many traditional injuries happen while working high risk jobs, the majority of injuries are now happening to employees who sit for long periods of time. As many employees sit at a computer for a long period of time, they are at risk. Let’s face it, healthy employees are better for your business.
Here are five tips you can pass on to your employees to ensure they stay happy and healthy.
Walk it off, stretch it out Many employees will often sit at their desk for hours at a time, only getting up to go for lunch, or for bathroom breaks. It’s a good idea to be getting up out of your desk at least once an hour. Encourage your employees to walk to each other’s office or desk if they need to chat instead of using instant messaging. Put up posters showing leg, neck, shoulder and back stretches and actively encourage employees to stretch before they start work and at least once an hour.
May as well go for a walk Another way to get employees more mobile is to make your meetings mobile. If it’s a nice day out, why not walk around the block as a group, or walk to the park and have a brainstorming session. As many employees and businesses use tablets or some form of mobile computing, it’s not hard to take the office with you, and work while you exercise.
H2O It’s important to stay hydrated, even while in the office. Many employees who complain of headaches or being lightheaded and dizzy may actually be dehydrated - they should be drinking at least 4 big glasses a day. These problems can be easily avoided by providing your employees with water. Put a water cooler in a central location, that all employees can walk to. This serves another purpose, as it also forces employees to get up and take a break.
Offer healthy snacks As many employees are working longer hours compared with even 10 years ago, your employees could be neglecting their diet. Having a vending machine with salty chips or sweet sodas isn’t helping. Instead, opt to stock low sugar drinks and healthy snacks like fruit. While this may cost more upfront, the long term savings in less sick days will more than pay for the investment in the long run.
Change the commute This can be one of the hardest changes to implement, but has positive benefits. Encourage your employees to ride their bikes or walk to the office, or implement some form of exercise within their commute. Be sure that if you do this, you have facilities where employees can change and take a shower - necessary if your business is in a warmer climate or weather is prone to change without notice.
Healthy and happy employees will go a long way in ensuring your company is operating at maximum efficiency. Beyond that, you’ll see a decrease in lost time and a potential increase in overall value of your business. If you’d like to learn more ways to increase your company’s value, please contact us.
Published with permission from TechAdvisory.org. Source.
In business, a properly formatted document can go a long ways in showcasing how professional your company is, and often times, is the the main way to set your company apart from other competing entities. If you have a longer document, say a proposal, you’re going to need a Table of Contents (TOC). Instead of struggling to make your own, you can use stylized headings and have Word create one with two clicks of a mouse.
Here’s how you can add and modify headings to your document and have Word create a Table of Contents for you.
Assign headings Many users will just bold titles and change the size of each heading to denote different levels of heading i.e., main headings are bold with a 16 point font, subheadings arebold with 14 point font and text is 12 point font. It’s recommended that you do this while writing the report so you can keep track of what’s what in your report.
When you’ve finished the report and have your headings and subheadings in place, it’s time to apply a heading style to them. First highlight your top level headings (not the main title of the report, but the headings for the main sections). On the Home tab, locate Styles and selectHeading 1.
For second level headings, or subheadings, highlight and apply Heading 2. Subheadings thereafter follow the same structure. The reason for doing this is that it will help Word create a TOC that’s properly structured and has links that will take a user to the section when clicked.
If the headline styles Word applies don’t appeal to you, you can change it by going to the Stylesgroup, pressing the grey arrow so the drop down menu opens. Right-click on the heading style you’d like to change and select Modify. You can also hit Ctrl-Shift-S. A window will open which allows you to customize the heading. Press Ok and Word will automatically change all headings that have that style. Note: changes made to a heading style will be saved.
Build a Table of Contents Once you’ve assigned styles to headlines and modified them to meet your needs, you can get Word to insert/build a TOC. First select where you’d like it to go, and make a little space - one blank line above and below should be enough. Click References from the menu at the top of the window, and select Table of Contents. Pick the format you’d like and Word will create the TOC for you.
It’s generally a good idea to apply the heading styles and Table of Contents after you’ve finished the document. If you do need to make changes to the document, you’ll need to update the TOC by right-clicking anywhere on it and selecting Update.
A consistently formatted document goes a long way in impressing external investors or parties, in fact, many now expect a readable document. If your company produces sloppily formatted documents that are hard to read, you could risk losing business. If you would like to learn more about Microsoft Word or other Microsoft Office products, please contact us.
Published with permission from TechAdvisory.org. Source.