The GDPR Prior to the ratification of the GDPR, individual data privacy was the responsibility of the individual. Outside of the EU, it largely still is, but when the GDPR went into effect it opened people’s eyes to just how many of the corporations they come into contact with were misusing their personal data. The GDPR, which grew from individual privacy laws enacted by individual EU states, provides individuals with recourse if they do not approve of the way their data is being used by corporations. Information such as names, physical addresses, phone numbers, email addresses, and medical and financial information were being shared by technology companies. Somewhere in the lengthy terms of service agreement, companies would have language that allowed them to package individual data and effectively use it as an alternative revenue stream. Consumers in the know don’t see this as fair. This level of data privacy has been roundly rejected in the United States up until recently, and those who do want to see a GDPR-like law on the books in the U.S. may not want to hold their breath. Before the GDPR was in the news, not many organizations were thinking about how data breaches could negatively affect anyone but themselves. This has led to a wholesale change in the way businesses view data management, the training of their staff, and security investments as a whole. After One Year In the first eight months, over 59,000 personal data breaches have been reported to GDPR regulators. This may be less than you may have liked to see, but it is twice as many as there were in 2017; and, of course, 59,000+ more than anyone wants. The fines levied by GDPR regulators are hefty (up to €20 million, or up to 4 percent of total revenue from the previous year, whichever is larger), so you are seeing an increase aligned and strategic approach to keeping data secure; and, reporting any data breaches that do happen quickly. If you would like to see how the GDPR has fared in its first eight months, download the DLA Piper GDPR data breach survey, here. The results of the GDPR don’t speak to its effectiveness thus far, but in future reports it will become evident that the law is working to keep individual data secure; or, at the very least, keeping companies honest. Under the GDPR, companies that sustain data breaches have 72 hours to notify the people whose information has been exposed. This strict deadline eliminates the possibilities that companies can manipulate public perception about how they are faring with data security, as you’ve seen numerous times over the past two decades. Unfortunately, the huge teeth that the GDPR was built with haven’t been used to bite non-compliant companies thus far. Fines that add up to €55,955,871 have been levied against the companies responsible for the 59,000 and change reported data breaches, an admittedly modest amount when you consider that around 90 percent of that sum was the fine levied against a single company, U.S.-based tech giant Google.. According to a French GDPR regulator, this small amount should be considered the result of it being a transition year than some type of long-term ineffectiveness of the law. It remains to be seen just how effective the law can be if […]
Let’s talk about how to make the switch between the two. Check to Make Sure You Have OneNote Installed If you are a frequent user of Microsoft OneNote, you’ll want to know what version you are actually using. If you have Office 2016 or Office 365, chances are you are using OneNote 2016. If you are pretty new to OneNote, you might just have the newer version that came bundled with Windows 10. If that’s the case, you don’t have anything more to do! If you aren’t sure, there are a few ways to check. The older version of OneNote is typically labeled as OneNote 2016 while the new version is just called OneNote. You’ll also notice a difference between the icons, as shown above. To check to see if you have the new OneNote installed, click on the Start Menu and type ‘onenote’ and you should see the app just labeled as ‘OneNote.’ If you have 2016, that should show up there too. If you don’t see the new version of OneNote, you are either very behind on your updates, or it wasn’t dished out to your workstation. Either way, it’s best to check with IT if that’s the case or give SRS Networks a call at (831) 758-3636. You can open and use the new OneNote app at any time, but your notes from OneNote 2016 might not appear. Keep in mind you’ll also need to sign into the new OneNote for the first time with your Microsoft or Office 365 account, which might require your IT admin. Migrating Notes from OneNote 2016 to OneNote OneNote 2016 has a couple different ways it can store a notebook. Chances are even if you use OneNote a lot, you probably don’t realize how it’s working behind the scenes, because it rarely asks you if and where you want to save something. That’s part of the beauty with every version of OneNote – once it’s set up, it just saves everything you do on the fly. First, Let’s Back Up Your OneNote 2016 Notebooks Back Up your OneNote 2016 Notebook Open OneNote 2016 and perform the following to back your notes up. Click File > Options. In the OneNote Options dialog box, choose Save & Backup. On the right, you’ll see a section called Save. Select Backup Folder. Click the Modify… button. Choose a destination to store your backup. A good spot would be a folder called OneNote 2016 Backup in your Documents folder or on your desktop. Once you’ve found a place to put your backup, click Select. Then click Ok on the OneNote Options dialog. Go back to File > Options > Save & Backup. On the right, in the section labeled Backup, click Back Up All Notebooks Now. Wait for OneNote to finish backing up your notebooks. Try Simply Opening Your Notebooks in OneNote OneNote 2016 stores all of your notes in notebooks. These notebooks, by default, are either stored in your Documents folder in their own folder, or on Microsoft OneDrive. You can also store notebooks on a shared location on your network or essentially anywhere else. If you are using one of the default options, the new version of OneNote will likely have no problem pulling up your old notebooks. Open OneNote (the new version) and […]
OneNote has been sort of a hidden gem over the last several years. It’s been included in most Microsoft Office packs, including Office 365 subscriptions, and for those who have discovered it and got to know it, it’s a great little app for taking quick notes, organizing thoughts, and most importantly, it even syncs with smartphones. If you’ve been using OneNote for a while, chances are you are using OneNote 2016, which over the last few years, has come with Office, including Office 365. You might have noticed how some Microsoft Office apps get little updates and tweaks over time, but OneNote 2016 hasn’t been given that kind of love. That’s because Microsoft has other plans for the app. OneNote is Leaving Office Although OneNote 2016 will still get support from Microsoft for a little while, their focus is on the OneNote app that comes bundled with Windows 10. In fact, there’s a very good chance it’s already installed on your computer. Click on your Start Menu and type OneNote and you’ll likely see two options; OneNote 2016 and simply, OneNote. These are two separate apps, and Microsoft is focused on making OneNote (Not OneNote 2016) the definitive version. What’s the Difference Between OneNote 2016 and OneNote? According to Microsoft, the big difference is that OneNote now comes with Windows 10, and it’s no longer exclusive to Office. It will still be bundled in with Office 365 and Office 2019, AND OneNote 2016 will still be available as an option for anyone who still needs it, for now. They’ve been adding new features to this new version of OneNote, especially when it comes to sharing, sorting, and dressing up your notes with annotations. If you have a computer or tablet with a pen, like the Surface Pro, support for that has improved a whole lot too. Microsoft has a big list of features available on the new OneNote, and a much shorter, and hopefully less critical list of features that are only on the older version. Check out both lists here. OneNote 2016 isn’t going to get new features, so if you want the latest and greatest capabilities, you’ll need to move everything over to the new OneNote. Fortunately, you can run both apps side by side, so you can play around with the new OneNote before you commit to migrating your notes over. Personally, this gave me some time to get rid of old notes and do a little spring cleaning, and since my notes were all organized into Notebooks, I was able to simply open up my Notebooks in the new app and start using them right away. We’re going to put together a guide shortly on how to migrate your OneNote 2016 notes into the new version of OneNote for those who might not be so lucky. Keep an eye on our blog!
What is SQL Server? SQL server is Microsoft’s relational database management system (RDMS) application. As its name suggests, it is used to manage the databases you use for your business. All of the programs your business depends on for management and productivity typically need access to a database. The data in this database is traditionally accessed through the RDMS. While there are several types of RDMS servers on the market, they typically have specific applications. SQL Server has been updated numerous times in the 11 years since SQL Server 2008 was introduced and the nine since 2008 R2 launched, with all types of additions for new dataflows and cloud resources. What Can You Do? Microsoft suggests that each organization chooses the modernization platform that best fits their company’s needs, but with so little time left before SQL Server 2008 and 2008 R2 lose support, it may be difficult to sufficiently modernize before the deadline. One (very attractive) option offered by Microsoft is that company’s utilizing SQL Server 2008 or 2008 R2 can move their existing databases to the Azure cloud and get support for three additional years. By migrating your SQL Server 2008 to the cloud (in Azure), Microsoft will continue to support your software through July 2022. This extended support gives organizations time to come up with a viable plan without having to move forward with unsupported software that could present a whole litany of security problems. If you are staring down the July 9th deadline, you may want to stop and act now. For more information about RDMS platforms and hosting, reach out to the IT professionals at SRS Networks today at (831) 758-3636.
When people talk about an application’s API, they often mean a web-based interface that returns data, but the API is actually just the code that governs the access point or points for the server. In fact, all an API does is facilitate the ability to get data from outside sources. It is effectively a door into a software. For the developer, the API is a way for their software to communicate with other pieces of software. This could have a myriad of uses. For example, if the database your application needs is structured outside of your development platform an API will allow developers to have a way to call on data from the database for use within the software they are developing. This allows developers to use data from other applications to integrate two pieces of software. Ever wonder why your favorite news site lets you sign in using your Facebook account? It’s because the developer of the news site uses the Facebook API to provide access to the content you are trying to access. The API is therefore extremely important for mobile application development. In fact, an API is one of a mobile application developer’s most crucial tools as it allows them to: Accelerate app development – An API allows developers to eliminate wasting time building specific integration methods. Increase an app’s functionality – An API provides access to data from other applications. Grow the app’s market – Tools with more integrations are more apt to be used. Now you have a cursory understanding of what it means when you hear someone talk about an application’s API. For more great content designed to help you better understand the technology you use every day, subscribe to our blog.
Let’s Start with the Worst If you are interested in mitigating the risk that unauthorized access to your network can cause, you need to consider the worst-case scenario. The worst thing that can happen to any organization is to have their network breached and have their clients’ and employees’ personal and financial information stolen. This is on par with a fire ripping through your workplace or being caught up in a hurricane or tornado. It’s a slower death; and, with all the tools at your disposal today, it’s largely unforgivable, especially for the small business. Not only would you have to deal with the malware or attack that compromised this information, but you would also have to explain to your clients and employees that their personal, financial, and often medical data has been exposed. There is nothing that can deflate a company quite as fast as a data breach. You lose credibility, lose revenue, and soon, have to scale your business back just to stay alive. Then you are the company who laid off their workforce, further souring your reputation to potential talent. The slippery slope could all be avoided by instituting a comprehensive network security strategy, that includes software protection and training. What Needs to Happen to Avoid Tragedy A comprehensive network security strategy locks away the sensitive information behind stronger security solutions, like an enterprise firewall, making it harder to access if some unwanted entity does find its way onto your network. Additionally, you need to ensure that each member that has access to your company’s network has had threat awareness training. Teaching them about the threats that come from letting unauthorized actors onto your business’ network, can go a long way toward helping you avoid negative situations. We get how tough it can be on a business to invest in their network’s security, but with all the threats out there today, you have no choice. If you would like to talk to one of our knowledgeable technicians about how to implement network security that is right for your organization, call SRS Networks today at (831) 758-3636.
Why Are Windows Updates So Important? Microsoft Windows is complex software. It needs to be. In order to do everything, we need it to do every day, and work with everything we need it to work with, it contains a lot of features and capabilities baked in. The more complex your software is, the more chances there are that someone out there could find a vulnerability. This happens all the time, and when vulnerabilities are discovered, good software developers will quickly build an update that fixes them before they are exploited. That’s what Windows updates are. Sure, there are new features being added in many of the updates as well, but the security patches are what is truly critical. **Please note that sometimes it isn’t a good idea to just let Windows updates run automatically. Sometimes an update can break something else (like a third-party application or internal workflow). It’s best to test updates before deploying them across your network. Problems Get Exposed as they are Fixed Let me give you a more old-school example. Way back in the day, you used to be able to ‘hack’ a vending machine with fake coins called slugs. To combat this, new vending machines were created that had multiple sensors to measure and analyze the coin in real time to determine if it were real. When these new machines were released, they were also might newer looking than the old school, hackable vending machines. Word got out about how easily the older machines could accept a slug and encouraged people to seek them out to get free beverages. What can we take away from this? If you owned an old vending machine, you were at risk of being hacked. Older vending machines were targeted by people who knew that they were hackable, as opposed to the new vending machines that weren’t as easily exploitable. Risk increased as time went on if you owned an older vending machine. How often do you see vending machines that even take coins these days? I’m dating myself. When Microsoft releases security updates, this exposes the vulnerability to the world. This includes hackers. This means everyone is on bought time once an update comes out, because hackers know that not everyone will update. Older Operating Systems Have the Highest Risk If you are running a version of Windows (or any software) that has reached the end of its developmental and support life, you are playing with fire. For example, if you are still running Windows Vista (please, I hope you aren’t) then Microsoft’s mainstream support ended in April 2012. They offered extended support up until April 2017. Mainstream support is when Microsoft is still providing features, security updates, patching bugs, and more. Extended support is when Microsoft stops adding new features and only provides bug fixes and patches, and only provided that you are on the exact version of the software or operating system that Microsoft says they are supporting. Back to our example of running Windows Vista (my fingers crossed that this example is purely hypothetical and nobody is still using Vista), it’s pretty clear that Windows Vista was not the shining example of the perfect operating system and that by the end of life there were no flaws whatsoever for hackers to target. If you are […]
Utilize Themed Days This one comes from Jack Dorsey, the co-founder of Twitter and CEO of Square. By assigning each day a “theme”, you can determine when a newly assigned task should be completed immediately and gotten out of the way, or currently labelled a distraction and rescheduled for the appropriate day. Use Templates and Canned Responses Templates are an incredibly efficient tool to leverage when there is a task that requires repetition. Instead of redoing everything each and every time, a template simplifies your task by prepopulating the majority of what you need to share, leaving just the pertinent details for you to add. Canned responses serve a similar purpose, with the omission of the added details. This makes them ideal for out-of-office notifications, alerts, and other generic communications. By committing some time to writing them once, you can create a library to draw from as needed. OHIO – Only Handle It Once How often do you touch a task, only to put it down to deal with it later? How much time do you think you waste doing so? Instead of partially starting a task, only to postpone it until later, follow the OHIO (Only Handle It Once) method and handle it then and there. This could mean completing a task, delegating it as needed, reporting to the right person, or divvying it up onto your to-do list. Say No! Not everybody can do everything – in fact, nobody can. Therefore, you need to review your responsibilities and trim the fat, as it were. Take a look at your to-do list. If there’s an item on it that keeps getting pushed down, reconsider if that particular task is even necessary. The same can be especially true of meetings. While some can be very productive, many can be huge time sinks. This is especially true if attendees deviate from the agenda, if too much time was set aside for the meeting to take place, or if it isn’t really necessary at all. Finally, returning to the to-do list for a moment, consider making yourself a to-don’t list. Is there a task that you have found to be too much trouble than it is worth? Add it to your to-don’t list and avoid doing that task if you can help it. Cap Co-worker Interruptions Regardless of how good their intentions were, your co-workers can very quickly and easily become your biggest distraction in the office. While you may not always want to miss out on Jim’s latest round of Dad jokes or the latest gossip that Cathy has dug up, there will be times that you can’t be interrupted. Using your office’s chat system to give your colleagues the notice not to disturb you (while putting on oversized headphones) can help to maintain your focus by politely eliminating these distractions. Streamline Your Processes There are always those tasks that take longer than they really should, that force you to sink your valuable time into them when you could really better use that time doing something else. Instead of simply repeating these kinds of tasks over and over, it may be worth your time to investigate alternative means of doing things. Perhaps collaborating with other departments to create a better solution is your best bet, or even turning to other companies […]
What Happened with SamSam You may recall the SamSam outbreak, which stretched from 2015-to-2018 and racked up $30,000,000 in damages across 200 entities. This large total was partially due to the fact that SamSam knocked out a few sizable municipalities, including the cities of Atlanta and Newark, the port of San Diego, the Colorado Department of Transportation, and medical records across the nation. The ransom demand sent to Newark gave a one-week deadline to pay up the ransom in Bitcoin, before the attackers would render the files effectively useless. In November 2018, then deputy attorney general Rod Rosenstein announced that two Iranian men had been indicted on fraud charges by the United States Department of Justice for allegedly developing the SamSam strain and carrying out these attacks with it. As Rosenstein pointed out, many of SamSam’s targets were the kind of public agencies whose primary goal was to save lives – meaning that the hackers responsible knew that their actions could do considerable harm to innocent victims. Unfortunately, those responsible have never been apprehended. How Some Cybersecurity Firms Just Pay the Ransoms According to a former employee, Jonathan Storfer, the firm Proven Data Recovery (headquartered in Elmsford, New York) regularly made ransomware payments to SamSam hackers for over a year. ProPublica managed to trace four payments made in 2017 and 2018 from an online wallet controlled by Proven Data, through up to 12 Bitcoin addresses, before finally ending up in a wallet controlled by the Iranians. This wasn’t a huge revelation to Storfer, who worked for the firm from March 2017 until September 2018. “I would not be surprised if a significant amount of ransomware both funded terrorism and also organized crime… So, the question is, every time that we get hit by SamSam, and every time we facilitate a payment – and here’s where it gets really dicey – does that mean we are technically funding terrorism?” According to Proven Data, they assist ransomware victims by using the latest technology to unlock their files. According to Storfer and the FBI, however, Proven Data instead pays ransoms to obtain the decryption tools that their clients need. Storfer actually states that the firm was able to build a business-like relationship with the hackers, negotiating extensions on payment deadlines – and the hackers would actually direct their victims to Proven Data. Another firm, Florida-based MonsterCloud, follows a few similar ‘strategies,’ according to ProPublica. In addition to paying the ransoms (sometimes without informing the victims), these companies then add an upcharge to the ransom payment. However, it becomes important to consider where the money that is used to pay these ransoms is actually coming from. In the case of SamSam, many of the victims received some kind of government funding, which means that – if the ransoms were paid – taxpayer money likely wound up in the hands of cybercriminals in countries hostile to the United States. Differing Accounts from Proven Data Recovery Proven Data provides the following disclaimer on their website: “[PROVEN DATA] DOES NOT CONDONE OR SUPPORT PAYING THE PERPETRATOR’S DEMANDS AS THEY MAY BE USED TO SUPPORT OTHER NEFARIOUS CRIMINAL ACTIVITY, AND THERE IS NEVER ANY GUARANTEE TO OBTAIN THE KEYS, OR IF OBTAINED, THEY MAY NOT WORK. UNFORTUNATELY, SOME CASES MAY REQUIRE THE PAYMENT OF THE DEMAND IN HOPES […]
Double Pulsar could be used to install additional malware on a target PC. At the time the threat could only be leveraged against 32-bit operating systems, but the Chinese-hacked tool struck later in the year versus 64-bit machines and newer operating systems. Symantec has found evidence that this threat was utilized, hypothesizing that the Chinese hackers built the tool after analyzing network traffic during a legitimate Double Pulsar attack. The possibility that the hackers discovered the threat through a different vector exists, such as stealing the threat from an unsecured server, but the fact remains that this sets a dangerous precedent for tools like these being taken and used against their intentions. It’s noteworthy to mention that the hacking group that utilized Double Pulsar is no longer active, but this shouldn’t mitigate the risks associated with it–especially since the tool is still out there for use by other threat actors. Thankfully, the Chinese tool also took advantage of a Windows vulnerability that has since been patched… so there’s that. This isn’t the first time that hacking tools utilized by the NSA were stolen and utilized by hackers. In 2017, a group called the Shadow Brokers stole and dumped several hacking tools online, which is where the name Double Pulsar was originally discovered. If anything, the revelation that this threat existed at some point in the past only further exacerbates the need for proper network security–especially state actors that take more liberties with the development of these types of tools. What are your thoughts on these developments and the possibility that these threats could be used to attack organizations like yours in the future? Let us know in the comments and be sure to ask us how you can secure your network from these threats. We have all kinds of tools at our disposal that can keep your business safe from harm. Call us today at (831) 758-3636 to learn more.