How Well Balanced is Your Use of Cloud Computing?

The Benefits of Cloud Computing Before we get into the negatives presented by cloud computing, we should look at the benefits. Today’s cloud is a secure, reliable computing option that can provide a business the access to tools that can help their ability to coordinate, execute, and support their operations. Additionally, most computing tools that you can host yourself, you can host in the cloud. With different parts of your businesses needing different tools to function this can substantially decrease your capital output for your business’ IT. On top of the massive amount of workable options available, most cloud computing platforms are managed by the cloud provider, further removing the coordination and cost associated with IT support and system administration. For this reason, cloud computing is often looked on as having a lot of value, especially regarding solutions for collaboration, storage, backup, and communications.   So, What’s Bad About Cloud Computing? After listing all the positives, what could possibly be negative about cloud computing? In the cloud, companies often pay too much for their computing.  Now you have to understand, the ease of use, the scalability, and the anytime/anywhere access provides value of its own, no doubt, but if you pay too much for your business’ computing, you are still paying too much. While cloud computing does make a lot of sense for many businesses, if you overextend yourself with SaaS offerings, storage, or processing you may actually be renting for a lot more than you think. Think about your business’ computing like buying a house vs. renting. When you pay the per month rate from another provider, you are effectively renting your tools. Sure, owning your own house takes a lot more capital up front, but payments are less expensive and eventually, you’ll own it.  If you don’t like that analogy, then consider that a company that loses track of its cloud output, or overextends itself in the cloud, is throwing away money. If that goes on for a few months, it could have a major effect on your technology budget.  At SRS Networks, we want to help you make the best technology decisions for your particular situation. If you would like to get an assessment, or if you just want to talk to one of our IT professionals about how you can affordably improve your IT, reach out to us today at (831) 758-3636.

Tip of the Week: Identifying a Phishing Message Before You’re Hooked

While these potential threats are frustrating to look out for, that is exactly what needs to be done to prevent their success. Here are five tips to help you spot a phishing attack before it is too late. Extreme Urgency When somebody is trying to phish you, they often rely on you panicking and not fully thinking through the message. That’s why, whenever you receive an email labelled “urgent” and written in an intimidating tone, you need to take a few breaths and consider it a little more. There is no questioning that email is an extremely valuable communication tool, but at the same time, would it really be how you sent someone an urgent, time-sensitive message over something like a phone call? Even if it does come in via a phone call, any message you receive should be carefully considered before you act. Attachments Email gives business users so much utility, but that also lumps in those who make cybercrime their business as well. Email makes it much easier for a cybercriminal to send along a malware payload, hidden inside an attachment. Therefore, you should never click into an email attachment that you didn’t anticipate receiving, and even think twice about the ones you did expect. Many organizations—like financial institutions and the like—are favorite ruses of cybercriminals, despite the fact that these organizations will either use a dedicated solution to reach out to you or call you directly before sending along an attachment. Unless you know with confidence what an attachment contains, it is best not to click on it at all. Spelling and Grammar Errors Let me ask you a question: if you were to receive any kind of written correspondence from a business, whether it was an email, a letter, what have you, would you take that business seriously if it was riddled with mistakes and misspellings? Unlikely. Businesses are generally very aware of this, and usually put forth the effort to ensure that the materials and messages they send out are carefully edited before they distribute them for this very reason. Would you trust this blog if every other sentence featured a misspelled word or misused punctuation mark? In a phishing message, however, the individual writing it is actively banking that their reader won’t be paying too close attention, making such errors less important. While this isn’t a hard and fast rule, it is a good way to keep your business safe. Requests for Personal Information In a similar vein, does it make sense that a business that presumably already has your sensitive information would reach out and ask for it again via email? No, it doesn’t, and that’s why legitimate businesses tend not to do this. While this is also a generalization and there will be exceptions, a scammer will generally be the only party to request sensitive and personal information over email. A legitimate business will have a different tool they use to collect this data if they need it, as they need to abide by the compliance and security requirements that are likely imposed on them by some regulatory body. Suspicious Links Finally, we need to discuss links, particularly those that come included in a surprise email. Links are remarkably easy to manipulate, so while you may think you’re visiting another business’ website […]

What Makes CAPTCHA So Complex (and Consistently Chafing)?

Let’s take a few minutes to examine the ramifications of this improvement, and how it will impact how users can identify themselves as legitimate in the future. What is CAPTCHA? CAPTCHA, or Completely Automated Public Turing Test to tell Computers and Humans Apart, is what Google uses to catch automated spam before it assaults the Internet. The idea is that there are certain ways that humans will interact with content differently than automated spam can. Therefore, by requiring a certain task to be completed in a certain way, the legitimacy of a user can theoretically be verified. At the turn of the century, CAPTCHA was highly effective against spambots by simply requiring the user to identify the text shared in an image. Alas, this was not to remain the case. Why CAPTCHA Has Gotten More Challenging The trouble really started after Google was able to take possession of CAPTCHA and—more importantly—utilize it to help digitize Google Books. The issue here was that, by doing so, the text used to verify users needed to become much more distorted to fool the optical character recognition programs available. No easy feat, especially as human beings were also giving the optical recognition programs the data needed to improve their capabilities as they solved them. The creators of CAPTCHA saw this coming, predicting that machine intelligence would overtake human capability when it came to passing these tests. Adding to the issue, these tests need to be universally approachable, free of any cultural influence or bias. This eventually led to CAPTCHA being replaced by NoCAPTCHA ReCAPTCHA in 94 percent of websites that implemented it. Focusing more on user behavior, the implementation of NoCAPTCHA ReCAPTCHA has not stopped the development of even more secure methods, seeing as many threats are now focused on replicating how a user would interact with the system. The fact of the matter is that automated tools and bots are now more effective than most people when it comes to solving CAPTCHA prompts. In 2014, a machine learning algorithm went head to head against users to test how accurately the traditional distorted-text variety could be bypassed. The bot was successful 99.8 percent of the time. The humans were successful 33 percent of the time. Making things worse, CAPTCHA-solving programs and services are also available, providing a cost-effective way to undermine the security measure. How Can CAPTCHA Be Made Secure Again? While CAPTCHA has the potential to still be effective, there undoubtedly needs to be some way to make it easier for a human being to complete but confounding to a machine. To accomplish this, various tactics have been considered, some more likely than others to be implemented: Requiring users to classify faces based on various guidelines, like their expression, gender, and ethnicity. This method is least likely, considering today’s amplified social awareness. CAPTCHAs that rely on regionalized trivia and nursery rhymes, with these targeted questions helping to prevent bots and distant hackers from succeeding. Image-based CAPTCHAs that use more subjective content like cartoons and optical illusions.  Gamified CAPTCHAS with contextual hints for instructions that a computer wouldn’t pick up on. Cameras and augmented reality being used to enable physical authentication. Of course, there is also the continued research into behavior-based authentication that uses metrics like cursor accuracy and other traffic patterns. Google has […]

Do You Need to Keep the Devices You Rarely Touch Charged Up?

Everyone has those devices that they pull out once in a great while, but don’t really use on a day-to-day basis. Maybe your business keeps a small video camera handy for events, social media content, and the like. If it isn’t used all the time, however, the battery could become subject to an assortment of issues as it sits idle. Battery life duration could diminish, or the battery itself could become unstable and replicate those found in the explosive Samsung Note 7. Think about how many devices you have that feature a rechargeable battery and are stashed away somewhere for safekeeping. That’s a considerable risk that’s piled up for some time. How to Charge These Devices Safely When storing these devices for extended periods of time, it is recommended that you level out these devices at 50 percent charge before packing them away, refreshing them every three to six months. Try storing it someplace cool and dry. If it’s been a while since a device has been used, make sure that you double-check that there’s no sign of damage or other issues before plugging it in again. And, if you do need to dispose of some older technology, make sure that you’re doing so properly. When it comes to the smartphones, tablets, and laptops that you likely use more often than some of these other devices, the rules are a little different. These devices tend not to lose any battery life until after they have been fully drained and charged back up about 500 times, and they can be left plugged in without doing too much to the battery in terms of wear and tear. This doesn’t count towards that 500 count, either. Why Does This Matter to Businesses? How many spare devices does your business have lying around? How much would it cost your business to replace these devices if the need should arise? More likely than not, quite the sum. Therefore, it is important to know how to maintain your technology so that it can be relied upon when you need it, and to have a resource at the ready should it need to be repaired or replaced. SRS Networks can be that resource for you. Give us a call at (831) 758-3636 to find out more about what we have to offer.

Tip of the Week: 3 Ways to Make Online Meetings More Productive

Identify an Agenda, and a Moderator to Enforce It The first step to having a productive meeting is to have a general idea of what will be discussed in the time allotted for it. Not only will this help to minimize tangents and other conversations that aren’t conducive to the meeting’s goal, sharing it ahead of time gives the participants a chance to organize their thoughts. Once the meeting is underway, you also need to make sure that it stays on the track that your agenda set for it. This means that it needs to be somebody’s responsibility to guide the meeting’s trajectory. Giving one of the participants the capability to mute and unmute other participants as needed is a useful option to consider, if need be, along with these responsibilities. Selecting the Solution There are a lot (repeat for emphasis) of collaboration and remote meeting options available right now, so you have plenty to consider implementing to support your operations. While we aren’t going to make any specific recommendations, we want to go over a few key considerations to keep in mind as you weigh your options: What functions and features will your remote meetings require? How many people does the conferencing platform need to support? Can your other tools and solutions play a role, either via integrations or concurrent use? With the answers to these questions in mind, you’ll be better able to select the option that fits your precise needs. Compare Notes Finally, when your meeting is over, it helps if everyone contributes to the meeting’s record. This helps prevent steps from being missed and can clarify everyone’s goals after the fact. By sending this summary to all involved once it is prepared you can ensure that your meeting has concluded with everyone (almost literally) on the same page. What have you done to make the most of your remote meetings? Share your tips in the comments!

How a Penetration Test Plays Out

How is a Pen Test Carried Out? A pen test is carried out more or less exactly like any cyberattack would be. Using the same tools as the cybercriminals do, a sanctioned professional is set loose on a computing system to try and crack it as a cybercriminal would. Like any cybercriminal, the pen tester follows a basic process: Scoping – The professional and their client come to an agreement regarding the evaluation, and a non-disclosure agreement is signed. Information Gathering – The professional starts to collect any data they can on the company and its technology to help identify vulnerabilities. A shocking amount of this data is publicly available. Probing – The professional first approaches the network they are targeting, sending probes to collect any information they can. This information helps them decide which attacks are most likely to take root. Attack – Once their strategy is compiled, the professional attempts to actively penetrate the targeted system. Of course, their data collection activities continue throughout the process. This does not inherently mean that all identified vulnerabilities will be targeted. Camping – If the professional successfully gets into the system, their job is to then remain there for some time. They’ll install software that allows them to get back in when needed, even if a network administrator makes changes or reboots the system. Clean-Up – Once the professional has the data they need for their report, they remove the software they installed and effectively undo everything they did, leaving the system as it was when they first attacked. At this point, the professional submits their report to the client, prioritizing all identified vulnerabilities by severity. This report should serve as the blueprint for the security improvements that should be implemented. Oftentimes, the professional will attempt another breach after the improvements have been put in place. Why is Pen Testing Important? Hopefully, this much is obvious at this point. Without an objective pen test, your only way to evaluate your security’s practical effectiveness is through a legitimate threat. That certainly wouldn’t be the time to discover that your network is vulnerable, would it? No, it’s better to have these threats identified in a controlled environment. SRS Networks is here to help you shore up any vulnerabilities that may be identified. Give us a call at (831) 758-3636 to learn more about what it takes to secure your business without sacrificing productivity.

Keys to Warding off 2020’s Cyberthreats

Understand the Value of Your Assets Your data is valuable—but do you know how valuable it really is, and which would cause the most harm if breached? Prioritizing protections based on this knowledge is how the IT experts do it to mitigate as much harm as possible to a business and its reputation. Ask yourself: if you were a hacker, what would you steal from you? Work with Proactivity in Mind In order to sufficiently protect your network, you need to start early by creating a comprehensive response plan that could conceivably protect your operations from the worst-case circumstances. In doing so, you are preparing yourself to react to cyberattacks and other events as they come with strategies designed to minimize and mitigate the problem. Invest Time in Employee Training Who would you rather have protecting your network: a few trained people amongst your team, or everyone following best practices to reduce your vulnerability? With everyone on the same page as far as what they should be doing is concerned, cyberthreats can be made half as severe and limited to half as often. Teaching your team to spot different warning signs of a cyberattack can help keep your business from being breached. Continue Innovating As cyberthreats and other attacks are always being innovated upon and improved, you need to match these efforts with your cybersecurity by remaining up-to-speed on the various threats and the strategies to counter them. Knowing how to respond to a cyberattack is a good thing, being able to prevent these attacks in the first place to protect your business’ assets is better. Cybersecurity isn’t a quick and easy fix, but SRS Networks can help make it a little quicker and easier for your organization. To learn more about the strategies and solutions we can offer, give us a call at (831) 758-3636.

6 Huge Benefits Businesses Gain from the Cloud

Data Redundancy One of the most crucial parts of any business’ computing infrastructure is its backup system. Data, especially important personal and financial data, needs to be protected,  sure, but it’s the operational data that, if lost, would be like throwing money away. Since most public cloud platforms are managed and maintained (and often guaranteed) by the host, they include comprehensive data redundancy in the cost of the service. This ensures that with cloud computing, your data and your business are protected from data loss. Enhanced Mobility If you are a business owner in 2020, we don’t have to tell you how important mobility is nowadays. With cloud computing you are paying for a service that can be accessed from anywhere with a broadband Internet connection from nearly any device you can have at any time. If that doesn’t improve your business’ mobility, I’m not sure what will. Improved Collaboration Businesses need to control their costs. That’s why they need to do more with less. One way to stretch costs is to leverage collaborative technology. Today’s cloud-based productivity and management platforms are built with collaboration in mind, giving organizations the resources they need to both promote strong productivity while keeping costs down Data Storage When a business commits to the notion that its computing isn’t as dependent on a single location as it once was, they can keep from spending huge amounts of capital on hardware refreshes and store their data securely in the cloud. Along with anytime/anywhere access, the cloud offers a reliable and secure platform for businesses looking for an alternative to purchasing expensive new hardware.  Scalability One of the most valuable aspects of using cloud-hosted resources is the ability to scale up and back and only pay for the computing your business needs. Adding accounts, terabytes, or complete software titles takes only minutes removing major hurdles and expense. There have been situations where the ability to scale cloud solutions up and back quickly have saved businesses so much money that it has paid for entire projects.   Communications The cloud is so reliable that many businesses are beginning to switch to cloud-hosted telephone and conferencing systems. This not only cuts major business expenses inside the office; hosted VoIP can pay for itself in the amount that it saves businesses on mobile fees. The reliability of cloud communications is better than ever and with so many businesses relying on remote workers and communications, the cloud provides a cost-effective solution.  If you would like to learn more about how the cloud can revolutionize the way you look at your business’ IT, call the IT professionals at SRS Networks today at (831) 758-3636.

How Can We Secure Our Use of Smart Assistants?

What Do Our Smart Assistants Actually Hear? We all know that person that claims that the smart assistants are being hacked into by the government and they are listening into our conversations. For the majority of us, that conspiracy doesn’t make a whole lot of sense. That said, these devices do listen, when they are prompted to. Here is how to trigger four of the most popular assistants:  Amazon Alexa devices respond to the term “Alexa,” ”Computer,” ”Amazon,” or “Echo.” Google Home devices wake up to “Okay/Hey, Google.” Apple’s Siri responds to “Hey Siri.” Microsoft’s Cortana reacts to its name, “Cortana,” or “Hey, Cortana.” There have, in fact, been instances where these smart assistants, and especially with the smart speakers, pick up some things they weren’t supposed to. If you have one of these speakers in your home, there have to be some natural security concerns, but they probably aren’t from the manufacturers.  The Analysis Researchers looked into the question of what exactly these smart assistants hear and formed a paper titled, Unacceptable, where is my privacy? Exploring Accidental Triggers of Smart Speakers. They analyzed when the terms that successfully activated the assistants were spoken, finishing with over a thousand phrases. They then further analyzed them into their phonetic sounds to try and ascertain why there were so many false positives.  Depending on how a user pronounced a word, some triggers were found, including: Alexa devices also responded to “unacceptable” and “election,” while “tobacco” could stand in for the wake word “Echo.” Furthermore, “and the zone” was mistaken for “Amazon.” Google Home devices would wake up to “Okay, cool.” Apple’s Siri also reacted to “a city.” Microsoft’s Cortana could be activated by “Montana.” Of course, these assistants are used on devices all over the world, and as a result found that when used in other languages had a lot of the same issues. For example, the German phrase for “On Sunday” (“Am Sonntag”) was commonly mistaken for “Amazon.” What Does This Mean for Individual Privacy? Even with the interesting nature of this analysis, the findings are a little more disconcerting. The study shows that once the wake word or phrase is recognized by the device, it immediately starts listening for queries, commands, and the like. So even though they claim to only start listening when prompted to, several different iterations of phrases can cause the assistant to start listening. The complications don’t end there, since the data is reviewed manually by people—which already destroys any notion of privacy—one of those technicians could potentially be given information that wasn’t intended to be captured by an assistant. This could potentially be devastating if the technician whose job is to manually check this information were to gain access to account information or some other PII and use it in an unethical way. The smart speaker, and smart assistant are useful products that need a little more refinement before we can completely trust them. To learn more about new technology and how it is being used, check back to our blog regularly.

Android’s Evolution Over Time

Android 1.0 (2008) In 2008, the Android platform debuted, lacking so many of the bells and whistles that were to be introduced and incorporated over time. Its integration of Google’s applications and tools was limited—a few early apps were built into the operating system, and Chrome was not yet included. Naturally, there was not yet an on-screen keyboard, as this was still in the age when tactile keyboards were all that was available. Android 1.5 Cupcake (2009) The Android platform as we would recognize it today really got its start in Cupcake, the first of many versions to be named for treats. The virtual touchscreen keyboard was introduced, and third-party app widgets were available for the first time. Cupcake was also the first Android OS to enable video recording. Android 1.6 Donut (2009) That same year also saw Android Donut, which allowed a wider variety of devices to use Android as it now supported more screen sizes and resolutions. This version of Android was also available to more carriers, thanks to the code-division multiple access (CDMA) network support that was integrated into the platform. CDMA is now being phased out, ten years having gone by and other options emerging. Android 2.0/2.1 Eclair (2009) Just weeks after debuting Donut, Android gussied up their OS a bit with Eclair and took advantage of their much-hyped release of the Motorola Droid to market its new capabilities. These capabilities included things like voice-guided navigation with real-time traffic updates, text-to-speech functionality, and the pinch-to-zoom feature. Up to that point, pinch-to-zoom was a feature exclusive to iOS. Android 2.2 Froyo (2010) Eclair was introduced in January of 2010. Froyo quickly followed with a May release. Primarily focused on improving the OS’s background operations, Froyo did also introduce a few things that remain standard. This included the dock-based interface that all Android users are still familiar with. Voice Actions were also introduced with Froyo. However, we would be remiss if we didn’t also mention that Froyo was the first version of Android to offer Flash support, which directly countered Apple’s moratorium on the Adobe software. While now defunct, Flash once powered a sizable percentage of media and online content, which put Android above Apple in at least this regard. Android 2.3 Gingerbread (2010) Another version primarily concerned with fixing background issues and making invisible improvements, Gingerbread did offer native Voice over Internet Protocol (VoIP) and Near Field Communication (NFC) support, along with updating the user interface yet again. Gingerbread was also the first Android version to have the Download Manager, which helped users better control what their devices had downloaded. This operating system would remain on phones and receive updates that stretched into 2011, as the next OS was focused more on the emerging tablet market and its needs. Android 3.0/3.2 Honeycomb (2011) As tablets rose in popularity, Android adjusted to their rise with its Honeycomb OS, launched with the Motorola Xoom. This OS was exclusively produced for tablets and was completely reconsidered for this purpose. While Honeycomb only lasted for about a year, many of its features (like the on-screen navigation buttons and the card-based Recent Apps layout) have persisted since. Android 4.0/4.0.3 Ice Cream Sandwich (2011) By late 2011, the mobile and tablet interfaces started to blend with Ice Cream Sandwich, thereby taking the strongest […]