Right now the City of Baltimore public offices are being held for ransom. Key files have been encrypted and city workers can not use their work email accounts or conduct many of their routine duties. The anonymous crooks are demanding ~$76,000 in bitcoin. As we all know by now, paying the ransom can’t guarantee the city will get all of its data back.

All four independent contractors hired to study the attack determined the ransomware variety to be EternalBlue. This exploit was developed by the NSA and leaked online in October 2017.

 

As Baltimore continues to endure it’s 5th week under siege, we need to continue to keep in mind the best practices that keep us safe online.

Here are 7 tips from Norton Antivirus

1. Do not pay the ransom. It only encourages and funds these attackers. Even if the ransom is paid, there is no guarantee that you will be able to regain access to your files.
2. Restore any impacted files from a known good backup. Restoration of your files from a backup is the fastest way to regain access to your data.
3. Do not provide personal information when answering an email, unsolicited phone call, text message or instant message. Phishers will try to trick employees into installing malware, or gain intelligence for attacks by claiming to be from IT. Be sure to contact your IT department if you or your coworkers receive suspicious calls.
4. Use reputable antivirus software and a firewall. Maintaining a strong firewall and keeping your security software up to date are critical. It’s important to use antivirus software from a reputable company because of all the fake software out there.
5. Do employ content scanning and filtering on your mail servers. Inbound e-mails should be scanned for known threats and should block any attachment types that could pose a threat.
6. Do make sure that all systems and software are up-to-date with relevant patches. Exploit kits hosted on compromised websites are commonly used to spread malware. Regular patching of vulnerable software is necessary to help prevent infection.
7. If traveling, alert your IT department beforehand, especially if you’re going to be using public wireless Internet. Make sure you use a trustworthy Virtual Private Network (VPN) when accessing public Wi-Fi like Norton Secure VPN.

Recently Chris Jackson, Microsoft’s worldwide lead for cybersecurity, decided to clear the air on Microsoft’s legacy Internet Explorer (IE).  Microsoft considers Internet Explorer a compatibility solution for business/enterprise customers that deal with legacy sites that aren’t updated for modern web browsers.  In fact the underlying technologies for Internet Explorer haven’t been updated since 1999.  IE should be used very selectively for internal sites that need it.

Jackson also says that Microsoft isn’t supporting new web standards for IE, so while many sites work fine, developers by and large just aren’t testing for Internet Explorer these days. They’re testing on modern browsers like Google Chrome, Firefox, and Edge.

Safely Remove USB Flash Drives? Not on Windows 10

Just about every tech “expert” you meet will tell you that it’s super important to safely eject a flash drive before pulling it out of your PC.

Well, Microsoft confirmed once and for all that – in Windows 10 – it’s no longer a thing you need to worry about. In October, Windows 10 introduced a feature called “quick removal” which lets users disconnect a drive anytime.  It’s now the default setting for each new drive you plug into Windows 10. Quick Removal keeps Windows from continuously trying to write information to the drive, which helps in the event you disconnect it.

Just another reason how Windows 10 is making the computing experience safer for everyone.

Market Share Update!

Windows 10 is officially the most used version of Windows (worldwide).

Password Change Policies – An Expired Approach to Security

Hate changing your password every 60, 90 or 120 days? So does Microsoft.

The company recently decided that it plans to drop expiring password policies in its security configuration baseline for Windows 10 & Windows Server.

“Periodic password expiration is an ancient and obsolete mitigation of very low value, and we [Microsoft] don’t believe its worthwhile for our baseline to enforce any specific value”, explains Aaron Margosis, a Microsoft principal consultant.

Organizations will not be able to pick their own password expiration date or choose not to have one at all.

Forcing users to pick a new password is a defense only against a valid password or password hash being stolen and used by an unauthorized person. The policy doesn’t offer much protection, but does create headaches for end-users.

Microsoft’s proposal follows US National Institute of Standards and Technology’s (NIST) overhaul of its guidance for password rules two years ago, which dropped periodic password changes and password complexity requirements.

It’s important to note that Microsoft isn’t changing its requirements for minimum password length, history or complexity, and still recommends administrators use tools which ban common passwords.

All good things must come to an end. Is your business ready to move on?

Even if you’re not quite ready for Windows 10, if you aren’t on top of your Windows updates, your Windows 7 PC or server running Server 2008 may no longer be supported in July 2019. A full six months sooner than the announced End Of Life date. It’s important to start thinking about the future now.

What does this mean if I continue to use Windows 7 / Server 2008?

You can continue to use Windows 7, but once support ends, your device will become more vulnerable to security risks. Windows will operate but you will stop receiving security and feature updates leaving your business open to hackers and cyber criminals.

Can I upgrade my existing PC to Windows 10?

Yes, you can upgrade compatible Windows 7 PCs with a full license. To take advantage of the latest hardware capabilities, we recommend moving to a new PCwith Windows 10.

Can I upgrade my existing server to Server 2016?

We wouldn’t recommend it. Upgrading an older server to run a newer operating system is like putting a fresh coat of paint on rotting wood.

Can I get a free upgrade to Windows 10?

Microsoft 365 Business comes with a free upgrade for users with a Windows 7, 8, or 8.1 Pro license on their device. By purchasing Microsoft 365 Business your users can upgrade all of their old Windows Pro licensed devices at no additional cost.

Are there other Microsoft products that will no longer be supported?

Yes. Office 2010, Exchange Server 2010, Sharepoint Server 2010, SQL Server 2008/R2, and Windows Server 2008/R2 will also no longer receive security updates or support.

Do you have one or more of these products installed on your network? Not sure which product you’re using or if you’re up to date? Call us. One of our IT professionals would be happy to sit down and discuss the needs for your individual business.

Major League Tech

America’s pastime seems to hold out the strongest when it comes to resisting technology. Something about the game bleeds tradition. Even as it changes and adapts, baseball has remained a classic and authentic sport played by century old franchises.

Slowly, we’re going to start seeing more tech on the field. In February, Major League Baseball announced a partnership with the Atlantic League. The indie league will begin testing an automated umpire system called TrackMan. TrackMan (which is already installed in 30 Major League parks) measures speed and position of pitches to assist umpires in calling balls or strikes. It will look a lot like what we see on our televisions at home.

The MLB isn’t 100% on board with making TrackMan the final judge on pitches yet, but with umpires missing about 20% of calls right now, it may not be a bad idea to get started sooner rather than later.

Does baseball lose authenticity by bringing tech into the game? Or are we better off knowing the correct call was made at the right time? I’m sure New Orlean’s Saint’s fans wish they had some tech on their side during the NFC championship game. Does the spirit of baseball require human error?