Why Ransomware Pays

I’ve had many frustrated people as me why cybercriminals create and distribute ransomware. The answer is money, of course. But some new data from a report by Check Point software’s researchers is helpful because it shows just how much money we’re talking about.

Check Point focused on just one product: Cerber. The Cerber platform is software created specifically to be resold to create ransomware. Aspiring cybercriminal affiliates create their own ransomware campaign using Cerber and the deal is that Cerber gets to keep 40% of whatever their customers make with their ransomware attack.

Check Point was able to determine that Cerber had more than 160 participants at current count and that the combined direct sales plus affiliate revenue was almost $200,000 just in July – and this despite a victim payment rate of only 0.3%.

Doing the math means that Cerber is on track to net 2.4 million dollars this year.

So what’s the takeaway for businesses? Ransomware is a highly profitable criminal activity and you should expect to see increases in attacks on your business.

And that means that if you haven’t yet, you should get your organization up to speed both in terms of hardware/software preparedness, but also user training.

If you’d like to learn more, download our Executive Report: Ransomware Prevention Checklist for Your Organization or give us a call at 978.921.0990

Everyone stay safe out there!


 

 

Unbelievable Deal on a High End Multifunction Printer from Lexmark

I don’t often write about hardware deals. Quite frankly, there’s almost no money to be made on any of it so we leave it to the large national distributors, but once in a while I see something that actually impresses me enough to put the word out.

Lexmark has an unbelievable deal on their MX511de black and white multifunction printer. Regularly $999 and the best Internet price we’ve seen was $620 at Amazon, as a partner we’ve been offered a very limited number of these workhorses at $349 each (plus shipping). That’s brand new with a 1-year on-site warranty.

So if you’re sick of buying inkjet cartridges, complete the brief form below and we’ll have someone give you a call right back.


 

How the Chinese Stole the Secret F35 Fighter Plans – and Why it Matters to You

U.S. F-35 Fighter
U.S. F-35 Fighter

Starting in 2011, a Chinese citizen named Su Bin who lived in Canada orchestrated an elaborate hacking operation that stole over 50TB of classified data about the F35, B2, and other highly classified U.S. weapon systems. How did he do it?

It wasn’t elaborate technical penetration of firewalls or middle-of-the-night Mission Impossible-style burglary. It was simple email phishing.

With email phishing, a message is sent to employees appearing to be from a colleague or friend. The message contains a link and when the recipient clicks on the link, they are taken to a bogus website which then infected their computers with malware to harvest passwords and data.

While your company may not have top-secret information, you are almost 100% certain to be targeted in this same way by ransomware – software that encrypts your data – both local and Cloud – and you won’t get it back unless you pay a ransom to the cybercriminals.

The takeaway? Of course you need to implement all the best-practice technical safeguards and monitoring for your network, but equally important is that you need to train your employees to recognize phishing email messages so they don’t act on them.

If you’d like to learn more, click here to download our free Executive Report; Ransomware Prevention Checklist for your Business.


 

What Notebook Would You Take Into Space?

Think about it for a minute. There’s no FedEx for a quick delivery of replacement parts, so you want the absolute highest reliability and ruggedness in a notebook. So which do you choose? For the International Space Station, NASA selected Hewlett Packard’s ZBook 15 Mobile Workstation.

HP ZBook 15 in Zero Gravity

On April 8 SpaceX delivered (5) HP ZBook 15’s to the ISS aboard their Falcon 9 rocket. Here’s how they perform in space (and on earth):

  • Rugged. Not every computer can handle the demands of space. The ZBook 15 went through lots of tests—including getting blasted with radiation—to make sure it could still function optimally onboard the space station. It also withstood a rigorous battery of Military-Standard 810G testing including drop, shock and extreme temperatures, plus 10 years’ worth of radiation exposure.
  • Powerful processors. The ZBook uses new 6th generation Intel® Core™ processors.
  • Lightweight design. The ZBook 15 weighs in at a svelte 4.18 pounds, which makes rocketing them 240 nautical miles off the planet just a little easier.
  • A massive memory. ZBooks can handle up to 1 TB internal memory that lets astronauts save and organize their valuable research.

Curious about how they use them? According to HP and NASA, the notebooks are used for:

  • Command and control. The ZBooks will interface with the systems to provide command and telemetry functions which support vehicle control, life support and critical maintenance operations.
  • Mission support. The workstations will be used to support more than 500 experiments conducted each year.
  • Physical and mental health. HP ZBooks will be used to monitor and support the health of astronauts enduring the rigors of space. This includes everything from retina eye exams to video conferencing and IP Phone calls to support connectivity with family and friends to support mental well-being.

MicroData customers don’t take their notebooks and tablets into space, but they get some pretty tough use. That’s why MicroData recommends HP products and the ZBook series of notebooks is one of our favorites. If you’d like more info about HP products, please contact us.


 

Mac Users Beware ‘Easy Doc Converter’

Cybercriminals are increasingly targeting Mac users and the latest is a backdoor malware app which has been identified as ‘Eleanor’ by Bitdefender. This malware installs a backdoor that gives the bad guys almost complete access to the infected machine including all data and control of the built-in webcam.

Mac’s running OS X 10.6 or later can be affected – that’s would be circa 2007 or later.

This malware installs itself disguised as a fake file converter called ‘Easy Doc Converter’ and available on MacUpdate although not at the Mac App Store according to Apple.

Apple says they’ll be releasing an update to Xprotect to block the app but they haven’t detailed how they will patch the underlying vulnerability that permits Eleanor to do its mischief (execution of a script registered to system startup that allows an anonymous attack of the system). But in the meantime if you’ve already installed this app, the free Malwarebytes scanner has already been updated to remove it.

Everyone stay safe out there!


 

Glenn Mores Interviewed on CBS Pulse

Interested in learning about what the Cloud can cost and how secure it is? Check our Part 2 of my interview with Gillian Burdett on CBS Pulse.

And if you missed Part 1 where I talked about the benefits of Hybrid Cloud deployments, you can find it here.


 

Use GoToMyPC? Read this

If you are a user of GoToMyPC it’s time to change your password. In their blog this Sunday Citrix said that the service was hit by a “very sophisticated password attack.” Citrix is requiring all users to reset their passwords using the ‘Forgot Password‘ link.

Citrix didn’t go into detail but the implication is that a substantial number of accounts were compromised.

And of course if you used the same account/password at other sites you should change it at those sites as well.

Attacks against websites continue to grow as cybercriminals exploit security flaws. If you haven’t already, start taking a look at enabling two-step verification which many sites are now offering. With two-step verification, you receive a unique code to your cell phone or email each time you want to sign on.


 

Your TV Can Now Get Held for Ransom?

The concept of the Internet of Things is appealing in many ways. It allows connectivity and interaction with devices which were not capable of being managed/monitored in the past. And when there one platform to link them all together, it gives a nice, consistent user interface and experience. But like most things in life, there’s a dark side to consider.

Consider FLocker – an Android based lock-screen ransomware. This one has been out there for a while but it’s being continuously being updated by the cybercriminals that produced it to keep it one step ahead of the firewall and antivirus companies. The latest version pretends to be from some law enforcement agency and accuses potential victims of crimes they didn’t commit. It now will also infect Smart TV’s that run the Android OS – effectively locking you out of your TV.

Consider a fully ‘smart home’ of connected devices and you can immediately see the possibility of them all getting infected and operation disrupted. Vendors haven’t thought this through yet, but they’ll need to – and soon.

Everyone stay safe out there!


 

Google’s New Free Website Tester

Everyone wants their website to be friendlier for users and rank better in searches. Now you can quickly see exactly what Google is looking for in terms of how your site delivers pages, both on desktops and on mobile devices.

The neat part is that after running the test (which only takes about 30 seconds for an average business site), Google gives you a report of findings and exactly what you should work on. Just forward that off to your web developer and have them get to work!

You can access the Tester here.


 

eBay Scam: Alert Your Users

With phishing email messages, the key for cybercriminals tricking you into divulging passwords and account information is to make a plausible-looking message that gets you to click on a link. Then you’re taken to a bogus website where you are asked to ‘log in’ and boom, they have full access to your account.

The latest is a fake eBay message supposedly from a user demanding to know why you haven’t sent them info about something they allegedly purchased from you. They threaten to contact the police and PayPal if you don’t respond.

ebay

Remind your users to stop and think. Note that the message isn’t personally addressed to you. A threat in a message is another giveaway as is poor grammar. Tell your users just to delete the message without clicking on anything.

Everyone stay safe out there!


 

MicroData on CBS Small Business Pulse

Heard about Hybrid-Cloud and wonder what all the hype is about? Check out the Part 1 of the interview I did on May 20 with Michelle Guilbeau of CBS Small Business Pulse.


 

Just What is a Strong Password?

Most websites now require/encourage you to create a strong password when you set up an account. But what exactly is a strong password? What one site considers a strong password another site will tell you is moderate or weak.

Regardless of what any specific site tells you, a strong password should have the following characteristics:

  • at least 8 characters
  • doesn’t contain your actual name, your user name, or your company name
  • doesn’t contain a complete real word
  • is significantly different than previous passwords
  • contains an upper case, lower case, numerical, and symbol character


 

Android Phishing Trojan Cleans Out Your Bank Account

From our friends at KnowBe4 comes an alert about a really nasty piece of malware which goes after Android phone users and targeted smartphone banking apps.

It works by inserting a fake login screen over the actual login screen in the app. When you log in you’ve actually just given the cyber criminals full access to your account and they promptly transfer all funds to an overseas account.

Android devices get infected by either installing an app outside of the Google Play Store (called a sideload), or by downloading a ‘Required Flash Update’ needed to view video – usually at an adult site.

So for your smartphone – iPhone or Android – follow these tips:

  1. Don’t sideload
  2. Don’t click on text messages you don’t recognize or expect
  3. Keep your device updated – both the OS and apps you use
  4. Don’t surf adult and inappropriate sites. Risk of infection is very high

If you’re concerned about malware and ransomware threats at your business or organization, check out our FREE download: Ransomware Prevention Checklist for Your Business

Everyone stay safe out there!


 

Why Using that Old Version of Office Puts You at Risk

I was born in Maine and had parents that clearly remembered the effects of the Great Depression. They weren’t yet born during the actual Depression but growing up, their parents who had lived through it, taught them valuable life lessons from those difficult years. And I got many of the same lessons although as the next generation, less poignantly. One central concept was Yankee-thrift, a big part of which means you don’t waste things and you don’t throw stuff away that could be re-purposed or re-used. Good advice – in most cases.

The problem is that this belief can get you into trouble with information technology. For example, we have many organizations we’ve worked with that use older versions of Microsoft Office. I’ve repeatedly heard over the years, “it works just fine and does what I need it to.” The problem is that it does some things you really don’t want it to do.

One of the biggest problems is the file format. Have you noticed how newer versions of Word save files with a .docx extension rather than the older .doc? There are many improvements that Microsoft built into the new file format, but one huge area of improvement was file security. In the new .docx format, Microsoft removed the ability for users to embed macros into the document. A macro is basically a set of self-executing instructions. Today, many variants of ransomware are being spread by macros in infected .doc and .xls files. With the older version of Word, you can just click and boom, you’ll find all your files encrypted and be looking at a ransom message and the prospect of paying hundreds or thousands of dollars to get your data decrypted.

So Yankee-thrift is a great concept, but not in business where you share files all the time. Keep your software versions current and if you’re not sure how old is ‘too old’, ask your IT professional who can guide you.

Everyone keep safe out there!


 

Angie’s List Scam – Heads up!

Alert your users to be on the lookout for a phishing email allegedly from Angie’s List. The subject line is ‘Invoice xxxxx from Angie’s List, Inc.’ and the message body looks like a QuickBooks generated invoice for $216.64 or some similar amount. The message body starts with ‘Dear Valued Customer’ which should be your tip-off that it’s a bogus message – legitimate email messages will have your personal info.

There’s a ‘View Invoice’ button which, if clicked, takes you to a website that will infect your computer with malware. Just delete the message without clicking on anything.

Want to train your users to better recognize phishing scams like this? Contact us to learn about online Security Awareness Training. The cost to train and educate your entire company for a whole year is less than $750 for an organization with fewer than 50 employees.

Everyone stay safe out there!


 

Have QuickTime on Widows? Uninstall it Now

QuickTime on Windows is an Apple product that has been widely used for years to play movie trailers and many Internet media clips.

Last week, Apple announced that it was no longer going to support the product and would not even patch two recently identified major vulnerabilities in the software that can allow hacker access to people’s computers.

The vulnerabilities are so serious that the U.S. Department of Homeland Security has sent out an urgent alert telling Windows customers to remove the program from their computers. So we’re advising everyone to check and see if you have this app on your computer and if so, uninstall it now.

Everyone stay safe out there!


 

Does Your Endpoint Protection Include this Important Ramsonware Tool?

Unless you’ve been away on a small island for the last couple of years, you know about the problems presented by Ransomware and probably know of an organization that’s been hit. But as a refresher, Ransomware is software that encrypts your computer, network, and Cloud data and your only recourse to get your data back is to pay a ransom, usually in Bitcoin and typically +$1,000.

What’s really tricky about Ransomware is that it isn’t delivered like a typical virus that sneaks onto your computer and runs itself. Ransomware is usually self-inflicted. A user gets an email that looks legit such as an efax or Word document – these are called phishing attacks. The attachment is actually the code and by the user clicking on it, the ransomware application gets started.

While there are many steps your organization can take to protect yourself, at a minimum you want a good quality antivirus/antimalware application on each user’s computer, and you want to make sure this antivirus solution does email content filtering. This is a basic but effective line of defense to stop a large percentage of these phishing messages from getting in to your organization.

Symantec, McAfee, Kaspersky, Sophos, F-Secure, and Vipre do not perform content filtering. Trend Micro’s Worry Free Business Security Advanced does provide content filtering which is why we recommend this solution.

If you haven’t looked at the capabilities of your organization’s Endpoint Protection software lately, with ransomware infections growing each month, now might be a good time.


 

Data Mishandling Could Cost CA Hospital $25,000 per Patient Record

Think that professional IT services are expensive? How about the cost of your current provider making a mistake? Last month a California state court judge finalized the highest ever per-plaintiff cash settlement in a data breach case. St. Joseph Health System, based in Irvine, is set to pay upwards of $28 million to settle a 31,074-member class action. The dispute arose out of a 2012 incident that exposed over 31,000 patient records to the Internet. The cause was not malware in this case but rather simple mis-configuration of the hospital’s intranet.

The takeaway? Security for your network and data needs to be one of your highest priorities. Even a small business can have thousands of customer records with sensitive information that must be secured.

If you’re not sure about your organization’s IT security, I urge you to take advantage of a special, limited-time promotion we’re offering where we’ll review your IT systems and provide you with a detailed 57-Point IT Systems Security and Performance Assessment – all for FREE. Click here to learn more.


 

Stealing Data with a Wheelbarrow

I was just reading a fascinating story on the U.S. Dept. of Justice website about a bank robbery and there’s a lesson in there for all of us about IT security. What made this story so interesting wasn’t the use of Mission Impossible-like technology or swarms of armed criminals, but exactly the opposite. Low tech, physical theft by one guy with a wheelbarrow. I’m not kidding.

Over a 2-month period, the defendant stole over $200,000 in quarters from a Federal Reserve coin storage facility at an Alabama Brink’s facility where he worked. He had noticed that the quarters were stored in ballistic bags – think large duffle bags – so he grabbed 4 empty bags, filled them with beads and just enough quarters to show through a small plastic inspection window, then he put them on a skid swapping them for legitimate bags full of quarters.

The lesson for IT? Don’t neglect physical security of your IT assets. Ask yourself how hard it would be for someone who gains access to your facilities to simply pick up a computer or server and carry it off. This is exactly why part of every yearly required HIPAA audit is to verify the physical security of key data processing equipment.

If you have any questions about your IT security – physical or electronic – we’d be glad to help you out. Get in touch here.


 

Ransomware Comes to the Mac

Ransomware is nasty stuff. Covert software gets onto your computer, encrypts all your files (and network files) with what’s effectively an unbreakable code, then extorts the user into paying a ransom – usually in untraceable bitcoins – to get the data back.

The cybercriminals that develop ransomware have traditionally gone after the Windows market as it’s large and predominately used in business, but now they’ve specifically started targeting Mac users.

This past weekend Palo Alto Networks wrote that they had found the ‘KeRanger’ ransomware app wrapped inside Transmission, which is a free and reputable Mac BitTorrent client. To make it worse, the infected version of the app was signed with a legitimate Apple developer’s certificate.

It’s not know how the hackers were able to upload an infected version of Transmission to the app’s website, but it worked. BTW, if you use Transmission the bad version was 2.90 and you should immediately upgrade to 2.12. This particular variant of malware waits for 3 days after being installed then does its deed.

And to make matters worse, it appears that this ransomware will try to encrypt files on Apple’s consumer cloud backup service, Time Machine. So an infected user could be looking at losing all their local and backed up data.

The ransom? 1 bitcoin or currently about $404.

The lesson? It doesn’t matter what kind of computer or operating system you have. Cybercriminals will target any group that seems profitable to them and they have the expertise and resources to be successful.

Everyone stay safe out there!


 

 

Bogus “American Express Fraud Protection Alert”: Heads Up!

Cyber criminals are at it again and this time they’ve come up with an interesting twist. The Phishing email is actually disguised as a fraud alert message from American Express! Here’s what to look for.

You receive a message with the subject line of Fraud Protection Alert with a ‘FROM’ address of American Express Customer Service. The message body looks like an Amex message with the logo and some footer information that seems pretty typical. But if you click on the hyperlink to ‘Verify’, you’re actually taken to a bogus Amex website where they tell you to log in. If you do you’ve just given the criminals access to your Amex account.

What are the giveaways this message is bogus? First, it isn’t actually addressed to you – it’s just Dear Customer. Second, there are some spacing problems in the message body that a real company like Amex would never do. Just sloppy. And finally, Amex and other credit card companies won’t ever include links to log in with any alert messages. They’ll instead tell you to call them at the number on the back of your card or to manually go to the credit card company’s website and log in normally. By the way, if there was a number included in the message don’t call it – those are often manned by fake ‘agents’ who will try to verbally get your credit card info.

Are your employees having difficulty with Phishing messages like this? Contact us about a new and very affordable company-wide training program we now have available to help educate your users.

Everyone stay safe out there!


 

A Simple Mobile HotSpot for Your Car

At the recent Mobile World Conference Samsung has released a dongle that plugs into an existing connector in your car and gives you and your passengers a mobile hotspot for full-time wifi connectivity.

Samsung

Called the Samsung Connect Auto, the device plugs into the car’s OBD II diagnostic port which provides power. Any car or light truck made in the last 20 years has an OBD II port – this is the port that your mechanic uses to read diagnostic codes for the car and if your state has an emissions test, that reading is obtained through this port, as well.

Initially it appears this will be available through AT&T at around $10 month and will offer LTE speeds. Look for availability around April or May.

Beware Tax-Season Scams

It’s tax season and the bad guys will use this opportunity to try and scam you – both by email and telephone. Last year over 360,000 people received harassing phone calls demanding payments and threatening jail. And there were millions of similar bogus emails.

By telephone, the routine is that you get a call supposedly from the IRS demanding payment for an overdue balance. The criminals will often even have the last 4-digits of your Social Security number to try and convince you they are legit. They demand immediate payment of the ‘overdue balance’ or threaten you with arrest. Typically payment is requested via Western Union or MoneyGram – both of which are very hard to trace.

The email messages are similar but will add a link to a site where you can ‘make payment’.

The IRS never initiates official business via telephone or email. They will always send a letter.

So if you get one of these phone calls just hang up. And delete the email messages, too.

Everyone stay safe out there!


 

Stolen iPhone Scam

A new sneaky scam is out there targeting iPhone users. Thanks to our friends at KNowBe4 for this tip.

This scam is proving effective because users are generally pretty upset about losing their phone and often not thinking calmly. So here’s how it goes.

You iPhone is lost or stolen so you jump online and turn on the Find My iPhone Activation Lock. In no time you receive an email  message that the phone has been found but you need to go to a website to verify your Apple ID. You do this and boom, you’ve just given the thieves your account info so they can unlock your phone. Your phone is now for sale somewhere.

The bad guys can do this because an iMessage can always be sent to the address that the phone says it has been locked by.

What’s catching people is that they aren’t noticing the ‘From’ on the email message they receive is spoofed (faked). So make sure you tell your users that if they lose their phone and receive an email message, don’t take any action it suggests. Instead get in touch with your company’s IT department to report the loss.

Everyone stay safe out there!


 

Comcast Business Internet Slow?

Are you thinking about upgrading to a faster Comcast Internet service because your current connection is slow, sites are timing out, or users are getting kicked off the Internet? Don’t do it! We find that in over 70% of cases, the speed of the Internet connection isn’t the problem.

We’ve helped many New England area organizations fix these types of problems and for a limited time, we’re offering a FREE check of your environment. We’ll review routers, modems, and systems and give you a report detailing exactly any problems found and what’s required to fix them.

We’re receiving a huge response to this promotion and have limited appointments times available, so don’t wait to respond if you’d like to take advantage of this offer.

To learn more or reserve your free audit, go to www.microdata.com/comcast or call us at 978.326.8205. Mention promo code 1215


 

Dell Tech Support Scam

If you have any Dell computers, here’s a scam you want to be sure to alert your users about.

Users receive a call claiming to be from Dell support. They even have the service tag from your computer and potentially other personal information. The caller then tries to get you to provide them with remote access to ‘fix the problem’. If they get access they will then infect the computer with ransomware and also potentially ask for a credit card for a ‘required service charge’.

At this point it’s not clear where the bad guys have got the Dell service tag information, but with that in hand they have an extra degree of credibility, so make sure your users don’t fall for it.

Everyone stay safe out there!

 


 

New MicroData Website is Live!

I’m pleased to announce that our new website is live! It was more than just a refresh although that was certainly part of the motivation for a change. We really wanted to de-clutter, focus our message, and also wanted a fully responsive site that worked much better on tablets, phones, and other mobile devices.

Any feedback is always welcome – plus I’m sure that a few errors are still in there in spite of all the testing (and we haven’t yet migrated all this blog). So let us know what you think!

 


 

Apple Phishing Scam – heads up!

Tell your users to be on the lookout for a phishing scam that looks like it comes from Apple. An email is received supposedly from Apple Support threatening to suspend your iCloud and Apple ID account because you did not reply to an earlier verification email. The phishing email has a link that allows you to ‘verify now’ but if you click the link you land on a bogus webpage that looks like it’s Apple but is a fake. The page prompts the user to enter their account and password and then boom, you’re done.

Everyone stay safe out there!

 


 

“Your PayPal Invoice is Ready” Ransomeware Scam

This scam is sneaky because the cybercriminals are using the exact same phrase that PayPal uses when monthly invoices are sent out.  Users receive an email with the subject line of ‘Your PayPal Invoice is Ready’ and the body of the message asks you to ‘Please open the attached file to view invoice’. The attachment is a .zip archive which, if opened, executes code that will encrypt your hard drive files (and files on any mapped hard drive) requiring you to pay a ransom in Bitcoin to get your files back. Short of a complete restore of the affected system(s), there’s no other way to avoid paying the ransom.

Aside from training your users not to fall for these types of messages, what else can you do to try and protect your company? Here are a few suggestions.

  • Block all .zip type of attachments in your email system
  • Pre-clean your email by running it through a filtering services such as MicroData’s hosted Barracuda service
  • Install better quality antivirus software that specifically looks for these types of threats. We recommend Trend’s Worry Free Business Security Advanced

As always, we’re glad to help organizations with issues like this. You can learn more or contact us anytime.

 


 

“Order” or “Case” Email Viruses Surging: Heads up!

There’s a rash of email messages appearing where the cyber criminals are trying the less-is-more approach. The subject line just has the word ‘Order’ or ‘Case’ and a string of letters/numbers. The message body references a ‘Total Amount’ or $30,000+, a ‘Timestamp’, and a ‘State’ reference. The message then asks you ‘Please open the enclosed Doc file’ – referencing an attached Microsoft Word file.

Opening the file will run a macro infecting systems that haven’t been updated and patched.

Remind your users to stop and think before they act on messages they receive, especially if it’s from someone they don’t know, contains an attachment, or uses fear or greed to try and encourage action.

Stay safe out there!

 


 

‘Secure’ Email Message Scam

The bad guys are relentless in trying to steal your information. The latest is a email with a subject line of “You have received a new secure message.” The body of the message has some graphics and prompts you to open the attachment which is a Word file named ‘Secure Message.doc’ (or similar).

Opening the file on a system that’s missing Microsoft Office security updates infects your system via a macro that exploits the unpatched vulnerabilities.

What can you do to help keep your organization safe? From a corporate perspective, make sure you have a good firewall installed, properly configured, and regularly updated. Also make sure that all user endpoints – Mac or PC – have installed, configured, and current antivirus software. And consider using an email filtering device or service to ‘pre-clean’ much of the junk like this scam.

Remind all your users to stop and think before they act on an email message they receive. Everyone stay safe out there!

 


 

Is Your VoIP Phone Killing Your Entire Network?

We just finished an audit for a new client and ran into this again, so I thought it might help to explain why using the data loop-through on your VoIP phone is generally a bad idea.

First, most VoIP phones are 10/100 networking devices. Many offices only have a single networking wall jack, so if you plug your gigabit computer network adapter into your phone and then the phone into the wall, you’ve just decreased your computer’s network throughput by a factor of 10. For networking performance, this is really like throwing out an anchor and returning your network to 1995 standards.

Second, having your VoIP phones on the same subnet (network address segment) as your computers can introduce a potentially very serious security problem. Here’s why. When purchasing or leasing a phone system, most companies also purchase an ongoing support agreement from the vendor to help with programming, moves, troubleshooting, etc. This means that your phone system vendor (and most likely the carrier) has access not only to the phone system and phones, but also to the data packets containing your computer networking data. If your organization has mandated compliance (HIPAA, PCI, etc.), this immediately creates a condition where you have uncontrolled 3rd party access to your data. And even if your company operates somewhere with no compliance or privacy laws (hard to imagine where that might be), your organization’s intellectual property is still being put at risk.

The solution? Always put your VoIP phones on their own wiring, connected to their own switches, and the system connected to a separate external IP address. While the additional wiring of a second CAT5e run can add to costs initially, you can recoup much of that immediately. 10/100 PoE switches can be purchased for the phones instead of more expensive gigabit PoE switches, and for the regular network, non-PoE switches can be deployed – another significant cost savings.

 


 

‘Email account quote exceeded’ malware

Alert your users that there is another email phishing attack making the rounds of corporate America. Users receive an email with the subject of “EMAIL ACCOUNT QUOTE EXCEEDED…” with a couple or email addresses listed including their own. The body of the message contains a simple bar graph that seems to indicate that the mailbox is running out of space. The message then urges the user to “Sign back in a continue your usage.”

Clicking on the link redirects you to a malicious webpage that will try to exploit your browser (if not updated) and install malware on your computer and will further try to get you to reveal credentials. Just delete the message without clicking on anything.

Remind your users to stop and think before acting. Everyone stay safe out there!

 


 

iOS 9 ‘Wi-fi Assist’ Charges Users without Warning

Heads up Apple iOS users. One feature in the recently released iOS9  update has the potential to bite users on fixed data plans. The new ‘Wi Fi Assist’ feature doesn’t do anything to make it’s presence known, but the feature defaults to an ‘on’ state in the iPhone 6S and in earlier iPhones that have upgraded to the latest OS.

Wi-Fi Assist works by supporting the phone’s data connection in weak wi-fi coverage areas by augmenting the signal with mobile data. This can make data usage unpredictable for users on fixed data plans. Some users have found mobile data usage to have doubled or tripled since the update.

If you’re uncertain about your devices settings and have a fixed data plan, find Wi-Fi Assist and toggle it off to be safe.

 


 

MicroData selected 7-years in a row to the Best of Beverly Awards

We’re pleased to announce that we’ve been selected for the 7th year in a row to the Best of Beverly award in the Computer System Designers & Consultants category as presented by the Beverly Award Program.

Each year, the Beverly Award Program identifies companies that have achieved exceptional marketing success in their local community and business category. These are local companies that enhance the positive image of small business through service to their customers and our community. These exceptional companies help make the Beverly area a great place to live, work and play.

 


 

Walmart Labor Day Voucher Scam

Going into the holiday weekend make sure you tell you users and friends to watch out for this one. You receive an email with a subject of “Use your Walmart Labor Day Voucher” with some referenced date. The message body then references a “$50 Walmart Bonus” available “this weekend only”. The message may come from ‘Walmart_Bonus_Points’ or something similar.

The links in the message take you to a fake page which will try to install password and financial account/credit card stealing malware on your computer.

Just delete the message.

Everyone stay safe out there and enjoy your holiday weekend!

 


 

Tips for Using WiFi Hotspots Safely

Having an available wifi hotspot can be incredibly helpful if you need to do some business on the road. But you should take some precautions to ensure that the person on the other side of that coffee shop isn’t stealing your identity, draining your bank account, or having a shopping spree with your credit card. Here are some of the safety tips we give our own customers.

  1. Make sure your laptop or tablet security is up to date. This would include having a fully supported OS with all patches applied, an updated web browser, a personal firewall turned on, and current anti-spyware/anti-malware.
  2. Be aware of the hotspot you’re using. The hotspot at Starbucks is preferable to one you just happen to come across while you’re sitting around the mall. And a hotspot that requires patrons to use a password is better still.A new trend to watch out for is ‘hotspot fishing’. The bad guys target an area where there are many people looking for wifi access. An airport is a great example. They setup with their own laptop with hacking software and then broadcast an unsecured wifi hotspot – sometimes with the name of a nearby store or the airport’s name to try and fool users into thinking its safe. Then they wait for unsuspecting users to connect. Once they do, everything they transmit can be intercepted.
  3. Protect your passwords. When a website or your browser asks if you’d like it to remember your password, we suggest saying ‘no’. For someone that’s frequently on the road, it’s better not to have your password data stored anywhere on your computer. The exception would be if you are using an encrypted password manager like KeePass.
  4. Change settings. The default behavior on Windows systems when connecting to a new network will be to ask you if the network should be trusted or not – choose ‘Public’ or ‘Public Network’. But if your computer doesn’t ask you for some reason, make sure you turn off file sharing.
  5. Use a VPN. A VPN can encrypt your connection to a home or work network so consider connecting this way if possible.
  6. Avoid financial transactions. If at all possible, just have these wait until you get home or to a secure network. If you do have to do some e-commerce shopping, make sure the sites are encrypted and secured. Secure sites begin with an ‘https’ in the address.
  7. Be aware of your physical surroundings. When you’re engrossed in some online work it’s easy not to pay attention of people coming and going around you especially if you’re in a busy location like an airport or coffee shop. Bad guys are in many of these public areas and are ready to grab a briefcase or purse left on the floor when the owner isn’t looking.

Everyone stay safe out there!

 


 

Ashley Madison Scams: Warn your Users!

As probably everyone has heard by know, the hackers that stole over 35 millions records from the Ashley Madison site have now posted all the records for everyone to see.

The bad guys will be coming after users in a number of ways; phishing attacks, fake websites where you can ‘check if your spouse has been cheating on you’, or ‘verification’ if your own affair has come to light.

As you would probably expect, any of these 35 million users is a target and will probably be tempted to respond to threats to out them. So what can you do? We along with our friends at CyberHeistNews suggest sending out the following message to your employees and friends:

“Yesterday 35 million names, addresses and phone numbers of registered users at the Ashley Madison site (which makes it easy to cheat on your spouse) were posted on the Internet. All these records are now public, exposing highly sensitive personal information.

Internet criminals are going to aggressively exploit this in many ways, sending spam, phishing and possibly blackmail messages, using social engineering tactics to make people click on links or open infected attachments. Be on the lookout for threatening email messages which slip through spam filters that have anything to do with Ashley Madison, or that refer to cheating spouses and delete them immediately, in the office or at home.”

Everyone stay safe out there!

 


 

Windows 10 Keyboard Shortcuts

For those of us that are long-term computer users, we’ve learned many tricks to make our interactions a bit easier. And one big convenience to anyone that actually knows how to type are keyboard shortcuts. If you haven’t yet transitioned to Windows 10, you’ll be pleased to know that your favorite keyboard shortcuts are still there – plus, there are some new helpful shortcuts that Microsoft has given us. Here’s a sampling of some of these new shortcuts:

  • Windows Logo Key + A, Open Action Center
  • Windows Logo Key + S, Open Search
  • Windows Logo Key + C, Open Cortana in listening mode
  • Windows Logo Key + Tab, Open Task View
  • Windows Logo Key + Ctrl + D, Add a virtual desktop
  • Windows Logo Key + Ctrl + Left Arrow, Switch between virtual desktops on the left
  • Windows Logo Key + Ctrl + Right Arrow, Switch between virtual desktops on the right

And some old favorites:

  • Ctrl + C, Copy the selected item
  • Ctrl + X, Cut the selected item
  • Ctrl + V, Paste the selected item
  • Ctrl + Z, Undo an action
  • Alt + Tab, Switch between open apps
  • Alt + F4, Close the active item
  • Windows Logo Key + L, Lock your computer
  • Windows Logo Key + D, Display and hide the Desktop

 

 


 

iCloud/Apple ID Final Warning Scam

Tell your Mac users to be on the watch for this one. You receive an email purportedly from the ‘Apple & iCloud Support Team’ with a subject of ‘iCloud/Apple ID Final Warning‘ telling your that you haven’t reviewed and confirmed your Apple ID details. There’s a link to do this ‘validation’ which takes you to a bogus site where the bad guys hope you’ll actually enter your ID & password – effectively giving them your account.

Remind your users to stop and think before they click.

And did you know that a firewall with an active subscription can block many of these messages from even getting into your organization? Definitely worth considering if you are just using a plain old firewall. New technology in this area is surprising affordable and you can also get this functionality as a service for only a few dollars a month. Contact us if you’d like to learn more.

Everyone stay safe out there!

 


 

Tips for Selecting the Right Wireless Tech for your Network

Nearly every organization is now using wireless technology in their network. Here are some tips on how to do it safely and get great results.

Step 1Stay away from retail store products. The simple fact is that the $30 wireless router at Staples or Best Buy isn’t what you want. In fact, you almost certainly don’t want a router anyway – you want a Wireless Access Point (AP). And you want one that supports the latest 802.11ac standard. Consumer products at retail stores don’t have much horsepower and will just disappoint you in a business environment with multiple simultaneous users.

Business-class products support more simultaneous users, seamless roaming from one AP to another, and centralized management. One favorite of ours is the recently released HP M330 dual radio access point. We have special pricing on these if you’re interested – contact us.

Step 2Perform at least a basic wireless audit. Unless you have a one-room office with just a couple of people, you need to do some planning to make sure you cover all the work areas in your organization and also that you have enough capacity for the number of devices you’ll be supporting. Wireless signals don’t like metal and mass. Modern construction with steel stud walls as well as old buildings with brick and foil-backed insulation all greatly reduce wireless signal strength. There are low cost/free apps you can get for a tablet or smartphone that, while not true scientific tools, will allow you to observe wireless signal strength fluctuations as you walk through throughout your office. This will give you a basic idea of how far a wireless signal is likely to reach.

For capacity, a good rule of thumb with a decent quality AP is that it can support about 8 devices at a time.

And be realistic about the number of devices you’ll be supporting. In addition to the notebooks and laptops in your organization, what about everyone’s smartphones? And what about guests? There’s nothing worse that rolling out a new wireless network and finding out it’s maxed out on the first day.

Step 3plan. So once you’ve determined how many AP’s you’ll need, don’t forget that each one needs to be connected to a network jack. And each will need power. Some models have a plug-in wall transformer but many utilize Power-over-Ethernet (PoE) which requires adding a special type of network switch to your network.

Step 4Don’t forget security! Even the most casual non-techie knows that it’s important to secure wireless networks properly. Use at least WPA encryption, put guest wireless networks on a separate subnet, and consider using MAC address filtering. And if your organization is subject to HIPAA, CMR17, or a variety of other compliance laws, you have to get it right. If there’s any part of this you don’t understand, it’s worth getting an expert to help you.

 


 

Another Hybrid-Cloud Deployment

We just finished another Hybrid-Cloud deployment for a customer, this time utilizing an HP Microserver for the on-premises component.

HP Microserver
HP Microserver

Not familiar with Hydrid-Cloud? It’s a combination of local, on-premises equipment combined with Cloud resources. For many organizations the advantages are greater control over data, much faster performance, and substantially reduced monthly subscription costs.

In this case the project also took care of replacing old, unsupported software, increased security with a new firewall, and greatly increased secure remote access.

The HP Microserver is a favorite for SMB. Tiny, virtually silent, and inexpensive.

 

 

 

 

 


 

 

Information Technology Management Survey; We want to hear from you!

If you’re a small or mid-sized business owner or senior manager, we invite you to participate in a 5-minute online survey: Information Technology Management in SMB. MicroData is investigating how SMB manages IT, challenges that are being faced, and how new technologies are impacting organizations.

If you’d like see what your organization is doing compared to others, you may request a free copy of the summary report of the survey.  And as a ‘thank you’, we’ll randomly pick several responses to receive a free Amazon gift card. Any personal information will be kept strictly confidential.

Click here to begin


 

Walgreen’s Gift Card Scam

Tell all your users to be on the lookout for this phishing scam. You receive an email with the subject “Re: Your Walgreens Gift-Card (Expires 7/20/15)*”. There’s a large red graphic with a big ‘$50’ and even an official looking bar code. Clicking anywhere on the image or on the included link takes you to a foreign site where you’ll get prompted to reveal information to ‘confirm’ your gift card. What you’ll actually be doing is giving your info away to thieves. Just delete the message without clicking on anything.

Remember, stop and think before you click! Everyone stay safe out there!

 


 

Windows Server 2003 Survey: Shocking Findings

AppZero surveyed Fortune 1000 companies and reports that the majority won’t finish migrating away from Windows 2003 Server before the End of Service Date (July 14). And while we all know that projects can slip, the statistics from the report are surprisingly depressing:

  • Almost half (47%) are not even aware of the EOS date or have no plans (yet) for remediation
  • Only 21% of respondents have a remediation plan in place
  • Security compliance and vulnerability management remains the largest concern (>50%)
  • Fully one quarter (25%) of respondents still have more than 500+ Windows Server 2003 machines

So even with the multiple years of announcements from Microsoft and warnings from industry writers and support professionals, many organization are clearly going to be caught. As you can imagine the scammers are already gleefully planning to exploit these machines.

Learn more about Windows 2003 options at www.microdata.com/windows2003  or contact us.

 


 

‘Dunkin Donuts Customer Loyalty’ Email Scam

Even coffee isn’t safe any more! The latest malware phishing scam is sending out email messages with the subject ‘Dunkin Donuts Customer Loyalty’ that promises a $100 gift card by clicking a link in the message. Except instead of a gift card, you infect your computer with spyware/malware.

Remind your users to stop and think before reacting to email messages. And if you haven’t already, subscribe to our blog with the link below so you can be notified of important alerts and info like this.

Everyone stay safe out there!


 

Sneaky New Malware Attack; ‘Stop spamming me’

Here’s a nasty new approach by bad guys trying to infect your computer and network and steal your data. You receive an email with a subject of ‘stop spamming me’ and a message body that contains the following text:

stop sending me offers from {your domain} i am not interested.
i have attached the email i received from {a legitimate email address at your domain}.
please stop

A Word document is attached which has a macro virus which, if opened in an unprotected mode on an unpatched computer, will infect your system with malware.

If you receive one of these just delete the message without opening it or looking at the attachment.

Everyone stay safe out there!


 

Federal Government Chinese Hack Fallout. Action Required!

It’s happened again. Federal employee databases have been hacked and now the cyber criminals have millions of employee records. You can expect this info to get sold quickly and then the email messages will start arriving trying to scare recipients into clicking on a link which will then infect their computer with malware or the message will try and manipulate users into giving out more personal information. If you’re concerned that you or someone you know may be affected, send your friends and users the following:

‘If you receive an email that claims your personal information has been hacked and that you need to click on a link, open an attachment, or even call someone to protect yourself, stop! Never click on such links, don’t open any attachments, and never call someone whose information is only provided in an email message. These messages are scams designed to scare you into taking action that would infect your computer with malware/spyware and potentially release even more of your personal info.”

Everyone be careful out there!

Windows 10 Available for Free Late July

If you’re running Windows 7 or higher, you’ll be able to take advantage of a free upgrade offer to Windows 10 from Microsoft. Look for the upgrade through your regular Windows Update utility.

Available in several versions that roughly correspond to current Windows offerings, Windows 10 will add some familiar operational features back to the current Windows 8.1 experience, plus add a range of neat new security and productivity solutions.

One of our favorite new security features is Windows Hello. Using camera technology, infrared lasers, multiple lenses, and a special processing chip, machines with this new technology will be able to work with Windows to authenticate users visually. Coupled with some other technologies in Windows 10 like Microsoft Passport, the end will be in sight for old-fashioned and vulnerable passwords.


 

Adult Friend Finder Phishing Alert

Adult Friend Finder is one of the most heavily trafficked sites in the U.S. for adults that are looking for casual encounters and has over 40 million registered users. The owners of the site owed a fairly large amount of money to someone and apparently, they didn’t pay. So in revenge, it appears that the site was hacked and 4 million accounts stolen and the info posted online. The problem is that given the highly personal nature of AFF, this opens up a perfect opportunity for scammers to exploit users who are worried about details of their AFF activities coming to light.

So imagine your users receiving an email blackmailing them or threatening to out them unless they click on a link or take some other action. We suggest alerting all your users to be on the lookout for threatening messages like this and delete them immediately.

Everyone stay safe out there!

 


 

Think you know HIPAA? Try our 6-Question Quiz and Get $200 Off

Most business owners know about HIPAA or at least know that it has to do with handling of patient information.

But did you know that if your company works with a organization that must be HIPAA compliant, you might need to be HIPAA compliant too? And if you need to be HIPAA complaint but aren’t, you may lose that business relationship regardless of how happy the customer is. That’s just one of the important facts that you need to know about HIPAA.

Take 3-minutes to complete our 6-question HIPAA Quick Check quiz. You’ll learn more about HIPAA and we’ll thank you with $200-off your next HIPAA Assessment.

 

 


 

Watch out for the ‘Copy of your Invoice’ Scam

You receive an email supposedly from some online company with a subject line of ‘Copy of your {company} invoice (xxx-xxxxxxxxx) and there’s a Microsoft Word attachment. You might recognize the company name or are just concerned about something being ordered in your name so you click and open the attachment. Boom – you just infected your computer with a key logging virus.

We’ll give the same advice we always give our customers; make sure your antivirus software is up-to-date and working correctly, make sure you have a good firewall either for your business or installed locally on your computer, and stop and think before you click.

Stay safe out there!

 


 

Windows 2003 End of Life. Rent a Replacement?

The countdown is officially underway as Windows Server 2003 approaches its end of life. On July 14 Microsoft will officially end support for this operating system. Having an unsupported operating system is a significant risk, and for many organizations subject to privacy regulation, not permitted.

Your traditional options are to purchase a new server or maybe lease it, but now there’s a 3rd very attractive possibility. You can rent a replacement server with the latest operating system.

Rentals are available on a month-to-month basis with no long term tie-ins. And prices are extremely affordable.

To learn more, contact us at www.microdata.com

 


 

Heads Up! IRS Refund Scam

From our friends at Knowbe4, here’s a nasty ransomeware scam that’s looking for victims. Share this with your friends and colleagues.

Cyber criminals are preying on American tax payers that have made the April 15th deadline and are now waiting to hear about their refund. There is a massive phishing scam going on right now which tries to trick you into opening a Microsoft Word attachment. But if you do, all your files will get hijacked and encrypted. If that happens, you only get your files back after paying around $500 ransom.

Remember, think before you click, and do not open any attachments you did not ask for!

 


 

MicroData SafeGuard = Disaster Recovery

Disaster Recovery for Information Technology basically means this; what does your business do when a critical server fails due to a mechanical or electrical problem? Or worse, how does your business recover if that critical server gets destroyed in a fire or flood? Sure, you can restore to a good backup but that can take hours with a local backup (if it also hasn’t been destroyed) or days if you’re using a cloud-based backup solution.

MicroData’s SafeGuard is a 2-part solution. The first part is a MicroData server (like the one below) that gets deployed at your location and takes a snapshot of your server(s) every 15 minutes. If your server(s) goes down for whatever reason, SafeGuard mounts a virtual server of your failed server and everyone goes back to work – often in as little as 15 minutes.

And what happens if that pipe in the ceiling bursts or a fire breaks out destroying everything? SafeGuard covers you by replicating it’s backups to the MicroData data center here in Beverly. We then put the latest snapshot onto a replacement SafeGuard server, deliver it to your temporary work location, and bring up a virtual server with data from the last snapshot.

Here’s a SafeGuard server getting prepped to protect a customer. Contact us to learn more.

MicroData SafeGuard Server
MicroData SafeGuard Server

 


 

Tiny PC – Check out the Picture!

We just received one of HP’s new EliteDesk 800 G1 Mini’s for a customer. Small in size but this example has an Intel I7 CPU and can drive dual monitors. Completely silent operation, too. Great way to get back some real estate on your desk!

HP EliteDesk 800 G1 Mini

200GB microSD Card

That’s not a mis-print. Sandisk will soon (late Spring) release it’s 200GB Class-10 microSD card. Aimed at smartphone users and photographers, the card should be good enough for 20 hours of full HD video or tens of thousands of raw digital camera images.

You can find out more info at the Sandisk website.

 


 

LogMeIn EMail Phishing Attack

Preying on the popular use of LogMeIn (an online meeting & collaboration service), the cyber criminals are trying a new tactic to infect your computer and steal your information.

You receive an email message from ‘LogMeIn.com’ with a subject line of ‘Your LogMeIn Pro payment has been processed!’. The content looks like a typical ‘Thank you for your payment’ sort of message and references a payment amount of $999. There’s an Excel spreadsheet attached that’s referred to as a receipt. Opening the attachment on a computer with a version of Excel that hasn’t been patched runs some code that infects your computer and begins stealing data.

Remind your users to stop and think before acting on email. And make sure your systems and all your software applications are updated regularly.


 

“The IRS is Suing You” Scam

Here’s one of a new breed of scams that’s circulating now – telephone. Based upon info that the cyber criminals have obtained about you, you receive a robo-call that goes something like this: “We have been trying to reach you. This call is officially a final notice from IRS, the internal revenue service. The reason of this call is to inform you that the IRS is filing lawsuit against you. To get more information about this case file, please call immediately on our department number 360-362-4254”

Cleverly, the 360 area code is in Washington outside of Seattle but it looks official when you see “Washington” on your caller ID.

Everyone be careful out there!


 

 

100GB of Free Online Storage for 2 Years

Do you like to use online storage? How about 100GB of space for free for the next 2 years? If this sounds good check out Bing Rewards to claim yours.

Microsoft is making this offer with really no strings attached. You do need a Bing Rewards account (no charge) and must agree to get promo email messages periodically – although you can unsubscribe to them.

This is a particularly great deal for Windows users as OneDrive is built into the OS. After the default 15GB that Microsoft gives you, after this offer you’ll have 115GB. Not bad.

Click here to sign in to Bing Rewards or to create an account.

 


 

Malvertisement Alert! Firefox and IE Users Affected

Trend Micro yesterday announced that they’ve found a vulnerability in Adobe’s Flash Player that permits systems with Internet Explorer or Firefox to become infected with Malware from Flash-based advertisements. This is a so-called Malvertisement.

These are particular insidious because a system can become infected simply by visiting a page – the user doesn’t need to click on anything.

The site where most of these infected ads are running is the popular dailymotion.com

Adobe is aware of the issue and is working on a fix that they’ve promised to release this week, but as of this morning it isn’t yet available (current build of Flash is 16.0.0.296).

What can you do? If your organization can block access to the payload URL, that’s a good action to take. Detailed info on that URL is available in the Trend blog. If your users are running Trend antivirus products with Browser Exploit Protection they are already protected. If you’re not sure have your users disable autoplay of plugins (see our newsletter that explains how to do this here). If you want to be 100% safe, uninstall Flash from systems until a fix is released.

Heads up! Child Predator Email Scam

Proving that cyber criminals will sink to any level to steal your information, here’s another scam to alert your users about. Thanks to our friends at Knowbe4 for an early warning on this one.

Preying on the fears of any parent, users receive an email ‘warning’ them about a child predator ‘living near you!’ The email is delivered based upon zip codes so it might seem to have some legitimacy to a casual reader. The email contains a link to get more information and if you click on it, you infect your computer with malware that will attempt to steal passwords, account information, credit info, and even your identity.

Tell your users to delete the message without opening or clicking on anything.

Remember, stop and think!


 

HIPAA Technology Assessment Promo

MicroData is pleased to introduce our comprehensive HIPAA Information Technology Assessment service. This is the first solution of its kind; it integrates the mountain of network data that must be collected for the required annual HIPAA Risk Analysis and combines it with photos, observations, and required supplemental data.

If your organization works with patient data or if you work with the IT systems of a company that is required to be HIPAA compliant, then you are required to perform at least an annual IT Assessment.

To introduce this new service, we are offering a 25% discount from the regular price if an Assessment is scheduled and completed in February 2015. Please contact Steve Vozella at 781.608.2705 (mobile), 800.924.8167 x223 (office) or svozella@microdata.com for more information.

Intel Releases Computer on a Stick

Computers continue to get smaller to help us with moving data and processing where and when we need. Intel has now moved this idea to another level with its Compute Stick.

Intel Think Stick
Intel Think Stick

While there have been several small computing devices of this size in the past, what makes this unique is that it is available with either a full version of Windows 8.1 or Ubuntu. And it has a reasonable performance thanks to its Atom Bay Trail processor (by Intel, of course).

The Windows 8.1 version comes with 2GB of RAM, 32GB of storage, and plugs into any display’s HDMI input – instantly converting it into a full fledged computer.

Pricing is $149 – $89 for the Linux version.

 

 

Head up! ‘Fuel E-Bill’ Scam

Tell your users to be alert for an email message with a subject of ‘Fuel E-bill’ and a Microsoft Word attachment. Opening the attachment causes execution of some code which, on an unpatched computer, infects your system with malware. Just delete the message.

Make sure your systems are updated and that your firewall and workstations all have current antivirus and malware protection.

Be careful out there and have a good weekend!


 

‘Tiket Alert’ Email Scam – Heads Up!

Tell your users to be on the alert for an email message with a subject line containing ‘Tiket alert’. It has a .zip attachment with a filename of tiket_number.zip that, if opened, infects the system with malware. Users should just delete the entire email.

Remember to stop and think.

Everyone stay safe out there!


 

Black Friday Scam Alert!

It’s the Holiday Season for the bad guys too! But not the way you might think. They go into scam-overdrive mode. Black Friday and Cyber Monday are the busiest on-line shopping days and they are out to get rich with your money. So what to look out for?

  1. At the moment, there are too-good-to-be-true coupons that offer free phones or tablets on sites all over the Internet. Don’t fall for it. Make sure the offers are from a legitimate company.
  2. Watch out for alerts via email or text that you just received a package from FedEx, UPS or the US Mail, and then asks you for some personal information. Don’t enter anything. Think Before You Click!
  3. There is a fake refund scam going on that could come from Amazon, a hotel, or a retail chain. It claims there was a “wrong transaction” and wants you to “click for refund” but instead, your device will be infected with malware.

So, especially now, the price of freedom is constant alertness and willingness to fight back. Remember to only use credit cards online, never debit cards. Be super-wary of bulk email with crazy good BUY NOW offers and anything that looks slightly “off”.

If you think you might have been scammed, stay calm and call your credit card company, nix that card and get a new one. Happy Thanksgiving!

Looking for a Cheap Laptop?

While not a business class machine, we came across this Dell 15″ touchscreen notebook at Office Depot for just $219.99. Pretty hard to go wrong at that price. Great second machine for at home or for the kids. Details here.

 


 

CryptoWall v2 Virus; Get Infected without Clicking on Anything

In a nasty new twist, CryptoWall v2 now uses infected ads on dozens of popular sites like Yahoo, AOL, and Match.com to infect computers. The worst part is you don’t even need to click on the ads to become infected. Simply visiting the page with outdated software on your computer can infect your system.

For those of you not familiar with CryptoWall and similar ‘ransomware’ viruses, they work by infecting your computer and then encrypting all your data so you can no longer access it. Then it demands a ransom – $500 in Bitcoin in this case – in order to decrypt it. There is no practical way to decrypt it yourself. You either restore everything from a backup or pay the money.

In this particular case, the ads are infecting computers that have an outdated version of Adobe Flash installed that has a known vulnerability. Flash is used to allow many websites to broadcast video content through Web browsers. This vulnerability is exploited by code in the ads which causes your computer to download and install the virus. This is what we in the industry call a ‘drive-by-download’.

What should you do?

If you have Adobe Flash installed and you’re running Google Chrome or Internet Explorer on Windows 8 or newer, you’re probably OK as Flash automatically updates itself so it has already been patched against this exploit. You should still check to make sure you have the latest version as some website restrict software from being automatically installed.

To check if you have the latest version visit Adobe here: https://helpx.adobe.com/flash-player.html

If you don’t have Flash installed you don’t immediately have to worry about this. But you have ever watched a video in your browser, the odds are good you have Flash installed. So check to be sure.

Everyone stay safe out there!


 

Windows 7 End of Life

Do you like Windows 7? Have you been waiting to pick up another copy? Well, don’t wait too much longer.

Windows 7 Home Basic, Home Premium and Ultimate are going End of Life starting October 31, 2014 — meaning there will be limited availability to purchase them after that date.

So grab a copy while you can.

“Final Alert” shipping email scam

Warn your users to be on the lookout for this one. You get an email with a subject line of ‘Final alert for {your email address}’ with a message body that claims to have shipping and tracking info for something that isn’t identified – except that the claimed ‘order total’ is several thousand dollars.

The hope of the scammers is that the large number will frighten someone into clicking on the link to open the email. Doing that will open a browser window taking the user to a website that will then attempt to install malware onto the computer.

Remind your users to stop and think before they click.

Be careful out there!


 

Free Cloud Backup Accounts

Yes, free. Our partner, iDrive, offers 5GB cloud backup accounts for free. No strings attached.

Click here for instructions. Works with Macs or PCs.

And while you can purchase more storage space if you’d like, you can fit a lot onto 5GB. So go for it! Backups are good!

 


 

Heads up for Hacked eBay Accounts

If you use eBay watch out for the following scheme.

The bad guys use a phishing email to infect a user’s computer with a keylogger that records keystrokes. When an eBay login is detected, those credentials are used to access the account, set up a fake listing for a smartphone, TV, or some other popular item, and then the eBay account password is changed thereby locking out the legitimate owner of the account.

Unsuspecting buyers see a cool item at a great price and they check the feedback of the seller and see a 100% rating. So they click to buy but are instead taken to a fake eBay site where the victim is asked to log in and give out their bank details. Once they do this their bank account is cleaned out.

Remember – always keep your antivirus software up to date and current and stop and think before you click!

 


 

HP Microserver!

Another HP Microserver is getting ready to go to a customer. These are great solutions for a small business and for a hybrid-cloud option. Small, virtually silent, and uses less power than a typical light bulb. But powerful enough to run the latest versions of Windows Server!

HP Microserver
HP Microserver

Did you know that your organization can rent a Microserver from MicroData for as little as $49/month? Give us a call if you’d like to learn more. 800.924.8167


 

Home Depot Security Breach – What to Know & Do

Home Depot recently announced that info from thousands of customer’s credit cards had been stolen from its systems. It appears that the breach was carried out by the same group that hit Target earlier this year. If you’ve shopped at Home Depot in the U.S. or Canada anytime from April of this year onward and used a credit or debit card for payment, you are likely affected. Here’s what you need to do.

Home Depot has been very upfront about the problem and is offering free identity protection services to its customers for a full year through AllClear ID. You can read the official Home Depot statement here, and sign up for the free identity protection services at https://homedepot.allclearid.com

What else? Watch your card statements closely. If you haven’t done so already, sign up with your card provider’s online service so you can check charges before your paper statement comes in the mail.

Also, watch out for calls or emails claiming to offer some type of identity theft protection but are actually phishing schemes to try and get even more personal information from you.

 


 

5 Million Gmail Passwords Exposed

CNN yesterday afternoon reported that approximately 5 million Gmail addresses and passwords showed up on a Russian Bitcoin forum this Wednesday. Google says that it’s servers weren’t breached, but it’s unclear how the data in such large amounts was obtained – and how much of it is actually good.

It’s not uncommon for collections of such info to be summarized from multiple phishing and keylogging malware exploits and then offered for sale.

So if you have Gmail accounts, it’s probably a good idea to update your passwords.


 

iCloud Nude Photos Hack: Lessons to be Learned

With the news of dozens of female celebrities’ nude photos being stolen off iCloud over this past weekend, there are a couple of lessons to be learned.

  1. Apple devices aren’t somehow ‘safer’ or ‘immune’ to being compromised. Most likely the accounts in question were compromised by phishing attacks – targeted emails or sites designed to trick users into revealing account information.In some ways Apple users are more vulnerable because Internet legend tells them that Apple devices are immune to viruses and malware. Apple themselves does little to dispel this myth – most likely as it works so well for them.

    The reality? Any device including web-only appliances like Chromebooks are susceptible to phishing attacks. The only defense is to educate users.

  2. When you sync data from a local device to a cloud service then later delete it, the cloud data probably still exists. People tend to think about data as residing in the device that generated it but once you link to the cloud that isn’t the case. Just look at the IRS email scandal where it was claimed that Ms. Lerner’s email was ‘lost’ because her computer hard drive crashed. Only a copy of email makes it to the user’s local computer. All the email really exists on email servers which is why this claim is so ridiculous to people in the tech community.Remember that if you have any device linked to the cloud, a copy of everything is probably somewhere else.
  3. When your data is in a shared Cloud, you no longer control it. Apple has robust security on its cloud service. As does, Microsoft, Amazon, Yahoo, etc. But it’s still not in your control.This is one of the reasons we developed our Private Cloud service. With Private Cloud, your data is exclusive to you and isn’t co-mingled with anyone else’s data. Your organization maintains control.
  4. Think before you create data. It’s probably not a good idea to snap those nude photos or write that manifesto if you’d ultimately be uncomfortable about it get out into the public. Once created, data has a way of moving easily and silently around the Internet.


 

MicroData’s President Glenn Mores Featured in the MRC Blog

MicroData’s President Glenn Mores, was recently featured in mrc’s Cup of Joe Blog story9 Signs that your Business Applications Need Replacing

 


 

Robin Williams Scam

As if the events surrounding Robin William’s death aren’t sad enough, the bad guys out there are already trying to use it to steal your data. Users get an email or see a social media post with a subject line with something like ‘See Robin William’s Last Words’. Clicking on the link gets the user’s system infected with malware/spyware.

So alert your users to stop and think before clicking!

 


 

HP 400 All-in-One’s Have Arrived!

Just in the shop for a customer – nearly 20 of the recently released HP 400-series all-in-one systems. The computer is built into the monitor so these save a ton of space. Plus, they are completely silent when operating. Built-in camera for Skype or Lync videoconferencing.

Electricity savings compared to a 5-year old clunker completely pays for these in a couple of years.

HP 400 AiO
HP 400 AiO

 


 

Personal Computers Making a Comeback

A recent report from Gartner about shipments of PC’s, Tablets, Ultramobile, and Mobile Phone shipments sheds some light on what technologies people are using. And what’s interesting is that we are seeing a revitalization in traditional desktops with an actual forecast increase in PC shipments of 5.3% in 2015. This meshes with HP’s recent announcement that they are seeing activity up in their Personal Systems Group.

So what about tablets and smartphones? It seems that as that technology matures growth has slowed. We’ve seen these same trends here at MicroData.

What’s driving this shift? We believe that while portables and smartphones continue to have utility, for the worker that has to go to the office every day and work on a spreadsheet, a desktop computer is still a much more useful solution. Like any new technology, tablets and smartphones had a certain momentum when they were new because they were different. It appears that ‘shine’ has worn off now.

E-ZPass Email Scam

In a relatively new twist, we’re now seeming a phishing scam by the bad guys centered around the popular E-ZPass toll system. Here’s how it works.

You receive an email with a subject line of ‘Indebted for driving on toll road’ or something similar. The message itself has an official looking E-ZPass logo and a brief message claiming that you have failed to pay tolls and that you need to take care of it right away.

Of course, there’s a link which if clicked takes you to a fake website where you are asked to verify your account by entering your credit card info.

The giveaways that it’s bogus? Poor grammar, non-personally addressed, a direct link to a document rather than a request that you just log in to your account normally, and if you hover your mouse over the included link, you’ll see that the destination has nothing to do with E-ZPass.

Remind your users to stop and think before they respond to email messages.

 


 

 

Kindle Unlimited; A Great Idea for Information Junkies

Amazon just announced Kindle Unlimited – access to over 600,000 books for a flat $9.99 per month. If you’re like me and read 3-4 books per month, this is a great deal. Particularly as there are many business & technical titles available. More info is available on Amazon

 


 

Microsoft ups Free Cloud Storage

Microsoft just announced that it is now offering OneDrive users 15GB of free cloud storage, up from the previous 7GB. This let’s Microsoft keep pace with Google.

Also, to encourage more users to try their Office 365 online solution at $9.99/mo, Microsoft is bundling in 1TB of cloud storage for those users. That’s up from 20GB.

More information on Microsoft’s free cloud storage can be found at https://onedrive.live.com

 


 

New Ransomware Targets iPhones & iPads

A new type of ransomware is appearing – mostly in Australia and the UK for now – that targets iPhones and iPads. The attack exploits the ‘Find My Phone’ feature to launch the attack and the bad guys have somehow got access to iCloud account info that’s used to lock the devices.

What happens is that suddenly your iPhone or iPad will lock itself and then you receive a message that you’ve been hacked by Oleg Pliss and you have to pay $100 US/EUR via PayPal to get the device unlocked.

Your best defense? Change your Apple ID credentials now.


 

KnowBe4 Offers to Pay your Crypto-Ransom if You Get Hit

In an impressively confident offer, the Internet Security training firm KnowBe4 has offered to pay the Crypto-Ransom if an organization that completes its user training subsequently gets hit by ransomware such as CrytoLocker, CryptoDefense, or CryptoBit.

Said Stu Sjouwerman, founder and CEO of KnowBe4, “We are so confident our training works, we’ll pay your ransom in Bitcoin if you get hit with ransomware while you are a customer.”

It’s refreshing to see a training company that’s so confident in its product and methodology that they’re willing to offer such a guarantee.

You can get more information at the KnowBe4 website  

 


 

 

“Incoming Fax Report” Scam

Here’s another scam to alert your users to watch for.

You receive an email with a subject line similar to ‘INCOMING FAX REPORT: Remote ID: xxx-xxx-xxxx’.

The message body includes some fax-like info including data/time, speed, connection time, pages, etc. It then includes the statement “Please use the following link to download your file:“.

The link provided will take you to a page that will infect your computer with spyware/malware.

Spam filters can’t block these types of messages – you have to rely on educating your users to the threat and reminding them to stop and think.

Everyone stay safe out there!


 

‘This Damaging Report Concerns You’ Scam

We’re all concerned about what info might be online about us, so this latest scam is sure to snag a few unsuspecting victims. Here’s how it works.

The bad guys send you an email with a subject line similar to this: “{username from your email address} this damaging report concerns you“. The message body typically has a reference to ‘damaging information leaked’ and the date and your email name again. There’s also a ‘record’ number and an admonition ‘Don’t let your reputation be ruined because of this published report

There are usually a couple of links – we’ve seen several to the naricbide.com domain which is a hacked system in Connecticut.

Clicking on the links infects your computer with keylogging malware designed to steal your data.

Antivirus and anti-malware software can’t stop these types of attacks so the key again is to educate your users. Always be suspicious of email messages received from a sender you don’t know, and if the message threatens you with something if you don’t act, it’s probably bogus.

Everyone be safe out there!


 

Use Craigslist to Hire? Read this Alert

You probably already know about CryptoLocker – the malware that encrypts everything on your local hard disk and then demands you pay from $500 – $1,000 or you’ll never see it again. Well now there’s a new threat and it comes into your organization in  way that greatly increases the chance of it successfully attacking your business.

The bad guys now search through Craigslist looking for companies advertising for help. They then send in an email response with an attached ‘resume’. The person in HR opens the attachment and boom, they’ve just infected the network with CryptoLocker.

What makes this doubly concerning is that typically the person in HR – or maybe even the business owner if its a small company – is the one looking at these resumes and they have a high level of access to files and data. This means that the potential damage can be much worse than for a lower level employee.

What can you do to protect your network? Employ some security ‘best practices’ such as removing certain attachments from email messages, restricting users ability to install software, maintaining robust web and email filtering, implementing and testing comprehensive backups and restores, and encrypting your sensitive data. But most important is to educate and train your users. As our friends at Cyberheist News are fond of saying, “Your weakest point in any security model is the person who touches the keyboard.”


 

MicroData Named to mspmentor.net Top 100

We’re pleased to announce that we’ve been recognized by mspmentor.net as one of the Top 100 Small Managed Service Providers in the U.S, as reviewed in the March 2014 issue of mspmentor.net!

Read the press release here.

Sony’s New 185 TB Tape Cartridges

Sony has just announced that it has developed a new technology that permits 185TB tape cartridges – that’s more than 5 times the current highest density.

So why does this matter? Because as volumes of data continue to grow, tape is still widely used for data backup. It’s thousands of times faster than cloud backup solutions, highly reliable, and easy to control and secure.

Look for the new technology to be available commercially later this fall.

 


 

Internet Explorer Vulnerability and Windows XP

As I wrote a few weeks ago, if you’re still running Windows XP you are officially ‘on your own’ as it relates to updates and patches. Just this week a problem was reported with Internet Explorer and is a perfect example of what I meant.

A so-called ‘Zero Day’ bug was found with most versions of Internet Explorer. If exploited it would allow an attacker to control a computer with the same rights as the person using it.

Microsoft will patch this as it routinely does with other issues – usually on ‘Patch Tuesday’ – Microsoft’s monthly security update release process. If they feel it important enough they’ll release a patch sooner – what they refer to as ‘out-of-cycle’.

But if you’re computer has Windows XP you won’t receive any patches or updates as they won’t be released for that OS. So if you still have Windows XP systems that you’re using, really think about moving them to Windows 7/8 ASAP.

 


 

 

Heads up! The Windows XP Scams Have Started

I wrote about a month ago that you should expect to start seeing the bad guys exploiting the end-of-support of Windows XP. They haven’t wasted any time and the latest tactic is particularly aggressive, so alert your users. Thanks to our friends at CyberheistNews for this latest tipoff. Here’s how this scam works.

The criminals either send an email or make unsolicited telephone calls and claim to be from Microsoft or your Help Desk. They then tell you a bit of truth about Windows XP being unsupported (which you already know if you’re running Windows XP and seeing the pop-ups telling you this) and then that there are exploits in Windows XP that can’t be fixed automatically anymore. But they then claim to have a patch they will manually apply if you give them access to your computer.

Once they’ve got onto the computer they ‘own’ it and can subsequently hack into the rest of the network with relative ease.

Remind your users that Microsoft and it’s partners never make unsolicited calls. If you get a call or email that purports to come from ‘Support’ or ‘Microsoft’ telling you that you need to do something, hang up and call your real IT support team.

Everyone be careful out there!


 

Heartbleed Bug. Is Your Organization Affected?

This week’s news has contained a lot of info about the so-called Heartbleed Bug. Here’s a quick snapshot of what you need to know as an organization and what your users should know.

First, Heartbleed is tied to what’s called ‘OpenSSL’ security implementation on computer systems – primarily Linux systems. Windows systems appear largely unaffected. SSL provides communications security and privacy over the Internet for applications such as web, email, instant messaging, and some virtual private networks.

The implications are pretty serious. In testing by Codenomicon, access was achieved to systems from the outside without leaving a trace and testers were able to gain access to user names and passwords, messages, emails, and business critical documents.

Netcraft has reported that many sites are already deploying new certificates in response to this issue including,  Yahoo, Adobe, CloudFlare, DuckDuckGo, GitHub, Reddit , Launchpad, PayPal, Netflix and Amazon’s CloudFront content delivery network.

If your organization has Linux systems you should immediately test them using publicly available tools and if you have a problem, deploy a new, fixed OpenSSL solution ASAP.

What do you do as a user? If you can connect to a site or appliance using HTTPS, and it’s not running on Microsoft Windows, consider it vulnerable until proven otherwise. Look for confirmation from the site that it has tested for the vulnerability and it has either corrected it or verified it isn’t affected. And of course, this would be a good time to change your passwords for any SSL secured sites – just as a precaution.

 


 

The Bad Guys are Waiting for April 8

Most of you are probably aware that Microsoft is ending support for Windows XP on April 8. That means no more patches, bug fixes, or updates. But what many of you may not know is that cyber-criminals have been hoarding discovered vulnerabilities, patiently waiting for April 9, so that they can then use or sell them. There are some estimates that there are hundreds of potential vulnerabilities out there waiting to be exploited.

What can you do if you still have XP machines in production? There are basically 3 options.

  1. Microsoft has created an incentive program called Get2Modern that offers discounted pricing on Windows 8 software upgrades. Expect around $140. But keep in mind that many older machines running Windows XP and many older applications may not be able to run on Windows 7 or 8, or may require hardware upgrades. And upgrading the operating system on a XP machine to Windows 7 or 8 isn’t trivial as there is no direct upgrade path. Expect to spend many hours for each machine.
  2. You can purchase/lease/rent new desktops or notebooks that come with the latest version of Windows – and a new machine warranty, as well. And prices are pretty attractive right now. For example, we just had a customer pick up some HP All-in-One desktops with Windows 8.1 Professional for less than $500. And monthly rentals with Windows 7 or 8 and the latest version of Microsoft Office are only $49
  3. If you must keep old XP machines around for a while, you can take certain steps to mitigate the exposure you have. See the article from our friends at KnowBe4 for details.

 


 

6 WiFi Deployment Tips for Business

Thinking about offering your guests wifi access at your business? It’s a benefit your customers will really appreciate, so here are some tips to get you started.

  1. Given regulatory compliance and not having your customers use up all your bandwidth, consider getting a separate Internet service and dedicating it for customer or guest use. Keeping your business data, POS terminals, and all your customer’s credit card info separate from whatever your guests are doing is a smart idea that doesn’t cost much. We often have our customers pick up an inexpensive DSL or cable circuit just for this purpose.
  2. If your business layout is complex or has multiple floors, get a vendor in who specializes in wireless networking and have them do a site survey. This will ensure that you get adequate coverage for all areas and also that you have enough access points to handle the number of end-user devices to be supported.
  3. Speaking of the number of devices to be supported, 8 or 10 is a realistic limit for a decent business class wireless access point, so don’t undersize to try and save money. Everyone that comes into your business will have at least one wifi device – kids usually have several. It’s better not to offer the Internet at all rather than have intermittent or painfully slow service.
  4. Make sure you set up your guest wifi using the latest technology access points that support both 5 GHz and 2.4 GHz devices. This helps support older devices, balances loads, and customers with newer equipment will enjoy the greater performance.
  5. Make sure your access points are MIMO devices – multiple input and multiple output. These devices offer significant increases in range and data throughput compared to the last generation of wireless access points. They also support a variety of antennas so support specific building layouts and even outdoor use.
  6. If you’re not sure what you’re doing, get some help from a company that specializes in wireless networking.

 


 

9 Characteristics of a Good Website

I’ve been in working in IT since before the Internet existed, so I’ve seen almost everything. Last week I discussed why most web-based businesses fail and why company websites usually don’t produce a positive return on investment. So what makes a website – particularly a website for a small or mid-sized business – profitable and deliver leads and sales? Here are 8 characteristics of good websites I’ve observed through the years.

  • Good websites actually work properly. Need I say more?
  • A good website often caters to a niche. Crafting your message for a group that you know well is a powerful strategy. Remember, it’s all about communication so the better your focus and the clearer your message, the more effective a site will be.
  • Good websites keep it simple. Flash and videos can be fun, but that often isn’t what communicates value. I’m not saying that good design and following proper HTML rules aren’t important – they are very important. But if your site is just entertaining, people will watch the show and then depart – leaving you with nothing.
  • Good websites often have unique or hard to find products. Selling or promoting the same thing as everyone else usually doesn’t work. When I mention selling unique items many business people don’t think there’s enough traffic to warrant it. But remember that if you’re extending your reach nationwide and hopefully worldwide – you’ve got a huge audience. And the great thing about the web and Internet advertising is you can rapidly try things and see what works.
  • Good websites connect with people. If you’ve ever visited a website and just found the entire experience pleasant and positive, then you’ve experienced a site that connects well. These sites present their goods or services in a positive way that literally clicks with their customers. This is where a good web designer can be really valuable as they have what I call web gestalt.
  • Good websites have lots of useful related content. Sure you’re trying to sell products or services, but having good supporting content makes it clear that you know what you’re doing. And it also makes it clear that you’re not just re-packing some someone else’s product which you actually know (or care) nothing about.
  • Good websites integrate well with their underlying business. If your site is selling products, it should be a natural extension of your brick and mortar business and not some awkward add-on. If someone calls about something on the website your conversation with them should be as easy and natural as if they walked in the door. This fit is what allows you to keep your website current and relevant – it’s easy when it’s what you already do.
  • Good website re-package things in unique ways. You might think that because you sell a service that you’ve got nothing to put on your website except your phone number. That’s wrong. You’ve got expertise and that’s valuable. Expertise is both factual knowledge and knowledge about how to apply the facts. Figure out how to package your expertise so you can capture the interest of visitors.
  • And good websites are useful. Simply having pages of content doesn’t make a site useful. In fact, it can be downright boring. The best websites cause people to immediately bookmark them because the user knows they’ll want to be back for more. How many people would bookmark your website?

“Most Web-Based Businesses Lose Money”

While Spring hasn’t really thought about showing up in New England yet, tax season has come with it’s usual painful  side-effects. One plus I always get from the experience is chatting with the partner in our CPA firm that services our account. If you really want to know how the economy and business are doing, talk to the people doing the taxes.

Anyway, this year the partner we work with at our CPA firm made an interesting comment. He observed that while one of my web-based businesses had done well in 2013, “most never turn a profit.” How can that be? The web and Internet are supposed to be the driving force of the new economy, right? The web allows you to reach to millions of customers all of whom are eager to find out about you because of all time you spend creating social media content, paying for SEO, and paying for clicks, yes?

Here are some observations as to why it doesn’t work out that way.

  1. Social media is turning into a collection of mostly junk. With fake users, fake news, fake product endorsements, and search engines bogged down by bogus content, people are more skeptical of what they see online or receive via email than of a used car salesman. Most users now expect that every click is just data for future marketers. I’m predicting that in 5 years social media will be unrecognizable from its present form. Could be bad news for the major search engines.
  2. Websites without content. I use the web constantly and I’m amazed by how bad some sites are – and I’m not talking about a mom-and-pop business with limited funds and knowledge, but large corporate sites that shouldn’t have an excuse. In some cases the sites have become so complex that they have reached beyond what might make them useful, but in other cases the corporate owners really don’t care.
  3. Websites with the same products as everyone else. This one is easy – if you’re just selling the exact same product or service that’s already available on Amazon or from Walmart.com, give up now. It’s not to say you can’t add value to make your web presence distinctive, but it requires a plan and some effort.
  4. A Web presence without a plan. Simply having a website doesn’t mean you’ll do more business or make any profits, yet it’s amazing how many business owners and executives think so. How does your website fit into your business plan? I tell business owners a website is like a hammer. If you buy and hammer and put it in a drawer, nothing will ever be built.
  5. Fuzzy Math. In some cases businesses just don’t do the math. Look at your margin then realistically look at revenue you can generate from the website or assign a value to the leads you’ll create. Are you being realistic about the payback? Especially when you consider that to keep your site relevant you’ll be constantly investing time and money.

In a future post I’ll talk about some of the secrets for websites that do work.

 


 

Will ATM’s Running XP be a Security Risk?

According to the ATM Industry Association most ATM’s will continue running Windows XP after Microsoft ends support for the OS. I can’t say that I’m surprised even though banks and financial institutions have had years of advanced notice of the retirement of XP.

In the US about half of ATMs are run by banks and the other half by independent operators. Upgrading is a significant effort (and cost) which probably explains why so many ATMs are still running XP.

Microsoft has specifically pointed out that the end of XP support means it will become vulnerable to future exploits, but that also doesn’t automatically mean that ATMs will become vulnerable. They are ‘closed’ systems that only perform a single task and there are safeguards that can be taken that will allow them to continue to achieve PCI SSC compliance – for a while.

But PCI compliance as well as several state laws – such as Massachusetts 201 CMR 17 – require that systems have software that’s supported by the manufacturer.

So will there be a security risk? Yes, but it’s not doubling overnight. But minimally the owners of the ATMs you use should have a plan in place for fairly immediate migration of the ATM to newer software standards.

And by the way, this problem extends far beyond ATMs. Most restaurant and retail store point-of-sale terminals also still run on Windows XP.