Michael Johnson

There are the obvious reasons for having a firewall – such as preventing viruses, malware, and other cyber threats and attacks – and there are the “indirect” benefits of having a firewall in place. These may be, for instance, the money saved from the downtime avoided, as well as the ability to meet compliance standards, and thus not incur the penalties that come with violation of them. The list of direct and indirect benefits could go on and on, including keeping sensitive data safe (not just client data under HIPAA, PCI, or SOX compliance laws), but also in a proprietary sense of not having your secrets stolen, sold, or otherwise exploited. The point being, you need to have a strong firewall in place for multiple reasons, and have it monitored, checked, reinforced, and updated as needed by a qualified IT services provider.

Types of Firewalls

There are two main types of firewalls: network firewalls and host-based firewalls. Network firewalls, such as Microsoft’s software-based Internet Security and Acceleration (ISA) Server or the hardware-based Nortel Networks Alteon Switched Firewall System, protect the perimeter of a network by watching traffic that enters and leaves. Host-based firewalls, such as Internet Connection Firewall, protect an individual computer regardless of the network it’s connected to. You might need one or the other—but most businesses require a combination of both to meet their security requirements.

Examining Firewalls in Action

It’s a proven fact that those computer networks that go without a firewall (or with inadequate, outdated firewalls) will suffer significantly increased chances of incurring malware, ransomware, and other cyberattacks. Firewalls are a key part of keeping networked computers safe and secure. All computers require the protection of a firewall, whether it’s the thousands of servers and desktops that compose the network of a giant corporation, a traveling businessperson’s laptop connecting to an unsecured wireless network, or your mom’s new PC with a dial-up connection to the Internet. No matter what type of computer set-up you have, going without a firewall will likely prove detrimental sometime down the road.

Firewalls—whether a small, free host-based firewall or a multiple-thousand-dollar enterprise firewall array—won’t make your computers 100% impervious to attack, unfortunately. Firewalls, like physical locks and walls, create a certain amount of barrier to attacks, blocking someone trying to take control of your data network. However, by making it difficult for attackers to get into your computer, by making them invest lots of time, firewalls make you a less attractive target. Firewalls very effectively block most attackers from compromising an individual computer. But, it’s impossible to fully prevent every intrusion. All software has bugs, and it’s possible for an exploiting party to find an obscure bug in your firewall that allows them to pass through. In short, there’s no such thing as absolute security. But, having formidable firewall protection in place puts you at a close second to absolute protection – and affords you all those aforementioned benefits as well. Accordingly, how much you invest in firewalls should be inversely proportional to how much you stand to lose in case of a successful attack.

Get the Firewall That Works Best for Your Enterprise

If you feel you need an IT consultation to evaluate the health of your current network firewall, then contact InfiNet Solutions, a proven leader in network security and providing IT services. Call (402) 895--5777, or email us at [email protected] today to speak to a qualified IT consultant and network security expert for information on how to get the right firewall in place for your enterprise.

As announced on LastPass.com, you can now use the password organizing application Last Pass for free on any device. You can download it for free from Last Pass and use it to organize your passwords across all your devices. As the creators of the Last Pass app say, it’s a tool to “help you simplify your online life and make it a whole lot easier to achieve strong password security.” The app was also designed to encourage healthy password habits, and to have it be the one and only, or “last password” its users will need.

The History of Last Pass 

The Last Pass app was launched in 2008, with the iPhone not yet a year old, and the idea of mobile apps (and organized password management) still in its infancy. Last Pass was developed with the idea of being able to collate and easily access the various passwords needed for the many accounts most of us need to access online (and offline). Last Pass decided to upgrade its app to v4.0 in 2016, following the breach and public leaking of approximately 1 billion passwords involving multiple organizations and entities.

The Highest-Rated Password Manager

Last Pass (version 4.0, based and expanding upon the free version) very recently received a 5-star rating by the editors of PC Mag, getting a green checkmark in every category of criteria used to evaluate it. It was the only one out of 10 apps rated by PC Mag, and received positive marks in the following categories:

• Import from browsers
• Import from competitors
• Two-factor authentication
• Export data
• Automatic password capture
• Automatic password replay
• Fill web forms
• Multiple form-filling identities
• Actionable password strength report
• Browser menu of logins
• Application passwords
• Secure sharing
• Digital legacy

You can read the review by PC Mag of Last Pass 4.0 and see for yourself how this is a must-have application for anyone with multiple logins, which basically means everyone. The “Bottom Line” from PC Mag about Last Pass states: “LastPass 4.0 Premium builds on the excellent free version’s features, adding enhanced multifactor authentication, application password management, and password sharing groups.”

To further quote the PC Mag review on Last Pass:

“When you need to create a new password, LastPass offers to generate a strong one for you automatically. By default, the password generator creates 12-character passwords that use digits, capital letters, and small letters. I’d be happier if it defaulted to 16 characters and included punctuation, as True Key by Intel Security does.

LastPass fills Web forms using personal data profiles that you define. You can create any number of full profiles and of profiles containing just a credit card. Although it’s not quite as flexible as RoboForm Everywhere 7 ($19.95 at RoboForm), it gets the job done, and it proved quite accurate in testing.

One main purpose of using a password manager is to eliminate weak and duplicate passwords. LastPass’s security challenge sifts through your saved passwords and calls out weak ones and duplicates, as well as passwords that haven’t been changed in ages, and passwords associated with compromised websites. For about 80 well-known websites, LastPass can automatically update your account with a new, strong password. For others, you can click a link in the report to make the change manually. Dashlane offers a similar auto-change feature that supports about 500 websites.”

Need Further Advice on Password Management? 

If you require further advice about password management or passwords in general, contact a qualified IT consultant with InfiNet Solutions, a proven leader in IT services. Call us at (402) 895--5777, or email us at [email protected] for more information on how to get a consultation.

New Popcorn Time Ransomware Demands Cash Unless Infected User Agrees to Spread the Virus to Friends

We’re Urging Local Individuals and Businesses to be Informed about Latest and Most Sophisticated Cyber Scam

The need for cyber security has been on the radar and in the playbooks of serious companies and their executives for some years. However, recent advancements in a particularly virulent strain of software called “ransomware” has made even forward-thinking CIOs sit up and take notice. Ransomware attacks are hitting individuals, institutions and businesses hard, right here in Omaha. Ransomware attacks are defined by their demand for incredibly high ransom fees simply to restore access to information and reinstate productivity.

As if that wasn’t bad enough, the newest form of diabolical ransomware floating around the internet is through a software called Popcorn Time. Popcorn Time is deviously named after but unrelated to the bittorent piracy app and quickly infects a user’s machine and demands a 1 bitcoin ransom (over $700), to reinstate access to data held hostage. However, the particularly daunting aspect of this strain of ransomware is the alternative escape option it offers. If an infected user can’t afford the bitcoin payment, they can have their files released for free on one condition: send the malicious link to two friends, have them download the infection and pay the ransom.

Reminiscent of a B-rated Hollywood horror film or a bad pyramid scheme, this new method of spreading the virus and seeking out more victims is incredibly hard to track, prevent and slow down. The frightening new software was discovered by cyber-security researchers, MalwareHunterTeam, and the malicious program is still in development. However, researchers claim that if left to develop fully, the innovative method of distribution could make Popcorn Time one of the most dangerous and wide-spread cyber-scams on the internet.

So what can individuals do to stay protected? And what does one do when they find themselves faced with paying a ransom or selling out their friends? The cyber-security experts at InfiNet Solutions want to make sure Omaha individuals and businesses are well-versed in how to proactively keep data protected before nasty ransomware like this takes hold of data. The most important point of defense is securing reliable back-up solutions where an emergency copy of all important data is stored and protected on a separate machine or in the cloud.

Through proactive and strategic planning and preparedness, the InfiNet Solutions team is committed to ensuring that their client base is equipped with comprehensive back-ups in case of attack or disaster. Because of this foresight, InfiNet Solutions clients wouldn’t have to pay the ransom to retrieve their files in the case of an attack, nor would they have to consider selling out colleagues or friends to avoid the bitcoin payment.

Even with backups in place, damage-control and restoration time to get business back on track can be costly. Though the InfiNet Solutions team is equipped to help clients recover from disaster quickly, there is a cost associated for the man hours needed to restore data. Not to mention the lost productivity and wage expenses that businesses suffer because their employees are unable to work for a certain amount of time. Furthermore, ransomware attacks like Popcorn Time are getting increasingly sophisticated and malicious and can manifest in ever-evolving ways. Therefore, it’s critical to have a variety of cyber-security measures in place to ensure protection.

Investing in the correct preparation and protection mechanisms may seem time consuming or costly, however, the cost pales in comparison to the potential damages that a ransomware attack can cause. As the prevalence and sophistication of ransomware continues to rise, the potential cost and productivity savings of enlisting IT support is becoming increasingly evident.

If you’d like to connect your business-minded audience with more information about this nasty new strain of Ransomware, other daunting cyber-security threats and tips for staying informed and protected, please don’t hesitate to reach out to InfiNet Solutions at (402) 895--5777 or email us at [email protected].

Keeping the masses informed is the first and most important step against beating cyber criminals.

Establish policies on how employees should handle and protect personally identifiable information and other sensitive data.  Clearly outline the consequences of violating your business’s cybersecurity policies.

Email marketing can be a very beneficial component for growing your business but are you taking the right steps to prevent the emails from landing in spam folders?

Even if you spend a lot of time creating the ideal email campaigns, your emails may still be stopped by spam filters. There are many things that can trigger a spam filter and when this occurs, your recipients will never even see the message.

Why Emails End Up in the Spam Folder

There are two main reasons why your emails wind up in spam folders. Sometimes it is something you cannot control but other times you can. One reason is because the recipient flags your email as spam. This is not necessarily something you can change on an individual level but it is something you will want to prevent from happening many times. If a lot of people mark your emails as spam, you could end up on the blacklist. Another way emails end up in the spam fold of your intended recipients is when a spam filter flags it as such. These spam filters use specific criteria to determine what may or may not be spam and if you meet a certain threshold according to their algorithm, then your email ends up in the spam folder.

How to Avoid Creating Emails That Trigger Spam Classification

If you want your emails to reach the inbox of your intended recipients and not their spam folder, there are some tricks you can use.

• Create relevant emails. When you are sending emails out to a list of recipients, you should segment the list so they receive emails that are relevant to them. For example, you do not want to send an email about selling a home to your customers who are looking to purchase. Target the right people so you do not run the risk of them flagging you as spam when the content is not pertinent to them.
• Personalize. Personalizing emails is a very effective way of preventing spam triggers. However, you cannot rely on using someone’s name anymore as part of a mail merge. To really personalize it, you need to write the email as if you were speaking to them in front of you. Make it sound natural.
• Use identification. If you are sending out an email, you need to make sure the recipients know where it is coming from. You can do this by including your business identification information in the signature. This also helps you stay compliant with any anti-spam laws.
• Watch your grammar, spelling, and other components. One of the things spam triggers look for are mistakes in this area. Take the time to ensure that your email is correct, including fixing any typos, before you send it out. Most actual spammers have a lot of spelling and grammar issues embedded in their emails and you want to avoid being looped into the same category.
• Use simple formatting. When you are writing your email out, you do not want to go crazy with formatting. This includes avoiding using all caps (which can be obnoxious anyway), excessive use of bolded words or phrases, and other formatting options. Keep things simple so you are not triggered as spam.
• Do not include invisible text. This may not be something you have considered but if you have, do not ever include invisible text. To a spam filter, that looks like you are trying to trick your customers.
• Avoid the use of trigger words. There are some words that will help your email be classified as spam simply because you use them. You may not know what all of these words are but some examples of this would be words like Viagra, urgent matter, etc.

Sending emails to your customer list can be an integral part of your business. If you go about it the wrong way, you could be doing yourself more harm than good. For more information about emails and spam in Omaha, be sure to reach out to InfiNet Solutions via (402) 895--5777 or [email protected].

 

Cyber attacks can happen at any time and the bug discovered in the Windows program is one example of how attackers can enter your system.

Google has a Threat Analysis group that is constantly looking for any vulnerabilities in systems. The group recently discovered one such vulnerability in Windows and Microsoft is not very happy about it. Google went so far to say that the bug that has been discovered is being exploited by cyber criminals.

About the Bug

Google is categorizing the bug as critical even though it is very specific. It is allowing attackers to escape from security sandboxes. The escape path is through a flaw in the win32k system. The description of the bug is basic but Google did release data that allows the public to be able to recognize an attack. However, they did limit the information provided so they do not make it an easy attack for cyber criminals to use to their advantage.Strontium, a Russian group, is attributed to the exploitation of the bug.

Why Google Released the Data and Not Microsoft

Google had originally notified Microsoft of the bug 10 days prior to bringing the news to the public. The information was released before a patch could be developed and used in the Windows program. At the time of the release of data, Google had already developed a way to protect all Chrome users while Microsoft had yet to fix Windows. Microsoft did promise to have a patch for the big on November 8. Google does have the right to release this information about the bug in a vendor system and has technically not stepped on many toes but Microsoft does not agree.

Why Microsoft is Not Happy

Many people would look at the situation and think that Microsoft is not happy with the release of information because it may make them look as though they are not trying to fix it. However, Microsoft has released a statement to explain why they are not happy with Google for releasing the information. They have said that Google is putting customers at risk by releasing information that can be used against them. Microsoft has also recommended that people use Windows 10 as well as the Microsoft Edge browser to better protect themselves until the bug has been fixed.

The Grace Period Enforced in 2013

According to a Google policy, there is a seven day grace period where any vulnerabilities cannot be disclosed. This accounts for seven days after they have notified their vendor. In this circumstance, Google did not report anything until 10 days after reporting it to Microsoft. There have been many people, before this incident, to say that this grace period is not enough time to fix any vulnerabilities and that companies should have more time. While this was only a concern in the past, this is the first time that the company has had to use the policy to inform the public. Google also said that it was important to release the data because the bug was actively being exploited at the time, leaving many customers vulnerable to an attack.

Importance of Applying Patches and Updates

It has been said before and this incident is even more proof that the rule needs to be reiterated. In order to ensure you are are protected as possible, you must install any system updates and patches as soon as they become available. The updates may be small or they may protect you from an attack like this one.

For more information on how you can protect yourself in Omaha from cyber criminals, be sure to contact InfiNet Solutions via (402) 895--5777 or [email protected].

A business continuity plan is vital to the success of a business. Learn more about why you should focus on it and how you can implement one, no matter what maturity level your business is.

Business continuity is a core component of any business. The ultimate goal is to ensure that the business continues to grow and prosper. However, there is a major correlation between an operationally mature business and business continuity. The two are very different and it is important to focus on both so your business can grow.

Levels of Business Maturity

There are many different levels of maturity within business. Just like a person goes through different growing points, so does a business. Typically, the younger your business is, the less business maturity you will have. This is because your business still will need to go through some growing pains and you have some mistakes you have to learn from. There are many components that go into the maturity level of a business and a lot of it has to do with the mindset of management. At the core of maturity levels is the approach of business continuity. An immature business may not focus on business continuity even though it is understood that this must be maintained and worked on in order to continue. Since it is not a priority, some businesses fail. A mature business knows that business continuity is not an option. It is a vital component for the continuance of operations. Businesses that are more mature will typically have onside and offsite backup appliances to ensure they can continue running no matter what.

The Importance of Business Continuity

For any business, it is important that the work does not stop. When it does, money is lost, time is lost, and clients can even be lost. It is not a reality that many companies want to face. That is why a business continuity plan is vital to the existence of a company. When business stops because of a disruption, profits go down. In the majority of cases, insurance will not cover the costs that are incurred and customers can certainly not be replaced. Instead of hoping that this will not happen to you, it is important to put a business continuity plan into place so that business does not stop, even with disruptions.

How to Create a Business Continuity Plan

If you want to better protect your business, you must put a business continuity plan. Whether your business is mature or not, it is a vital component to the success of a business. It is not a matter of if disruptions in the business will occur, it is a matter of when. Use these steps to help develop a business continuity plan that will help you continue working no matter what:

• Take a look at your business operations. You should do a business impact analysis that will look at your time-sensitive functions and critical business functions. Once you identify these, you should also look at the resources you need to support them.
• Run tests with these critical business functions and processes. Once they are identified, you should document them. You should also attempt to recover them so you know what you need to do in case you cannot get access to them. It is better to know what to do now than to scramble in the moment.
• Create a business continuity team. This team will work together to devise your business continuity plan and keep all of these identified vital components of the business in mind. The plan should be able to effectively manage a business disruption.
• Train employees and the team to evaluate the strategies. Use testing and exercises to ensure that the plan works. If something does not work, develop a new strategy and test it out. Continue until you have a solid business continuity plan.

For more information on what you should do to create your business continuity plan in Omaha, be sure to contact InfiNet Solutions by (402) 895--5777 or [email protected].

William Field is a Systems Administrator, and has been part of the InfiNet team for the past 6 years. His favorite thing about this job is the ongoing challenge. No two days are ever exactly the same, which means that he and the rest of our technicians are constantly learning new ways to tackle the mix of technologies that we see from our diverse range of cliental.

When William is off the clock, he enjoys video games and beer, and listening to any type of music that is not country. His absolute favorite vacation spot is Southern California.

Cloud based services allow you to only pay for what you need, keep your costs down, and hire fewer employers to get the job done.

Cloud based billing services can bring the cost of doing business down substantially. Especially if you are a new business just getting started, with cloud billing, you only pay for the services that you use and nothing more. It is a way to avoid big start up costs on equipment and staff, while ensuring that your business is protected. When you are looking for cost-effective ways to get your business going, cloud billing can be the answer.

No Big Investment Required

With cloud billing in place instead of traditional billing methods, there’s no need to invest capital on hardware and software. Your business doesn’t have to spend the money to buy servers that are expensive and the software to ensure the system runs smoothly. Instead of paying for the cost of running and maintaining a server, you will simply rent the server from the cloud based provider.

No Need to Provide Your Own Security

A significant expense when providing your own servers are the costs for security, backing up the system, and making sure the system has all of the right updates. When you utilize a cloud based service instead, these expenses are absorbed by the service, keeping your overall costs down. You won’t have to backup your own data, because this is done for you. In addition, you will always have access to the latest updates without making sure you get the updates on your own. It’s all done for you when you use a cloud billing system.

You Won’t Need to Hire as Many Employees

The cloud billing provider will take care of all IT infrastructure problems and upkeep, freeing up your IT staff to work on other concerns within your business. While you may have IT employees that could handle the work, their time is better spent on in house projects that are more of a priority. If you really need to save on costs while you get your business up and running, keeping your employee count down will make a big difference.

It’s Easier to Get More Services

If you use traditional methods, taking on new customers can require a new server, staff and software. When you use cloud based services, you only pay for the services you are using. It’s more cost-effective to add one new person to a cloud based service than it is to spend the money to get the individual completely set up with their own software.

Other Costs to Consider

When you run your own servers, you will also need to spend money to house the devices, and keep them running. Servers can use a tremendous amount of electricity, and you can save money when you don’t have to pay for servers to run all the time. In addition, the climate control required for servers can cut into your profit margin. When you don’t want to deal with servers, equipment, and the staff to run everything, a cloud based service is your best options.

Using cloud based services to help run your business can help you focus your time, energy and money on other projects. When you don’t need to hire staff to manage the same workflow, you can open up your opportunities for growth in other areas.

IaaS is a very beneficial tool for businesses but many times, companies are spending too much on the services. In order to save money and reach the optimum business value, a CSEM tool is a great option.

Cloud technology is constantly increasing and becoming better. One of these components that has been added is IaaS. IaaS is a methodology that is gaining popular ground and is a way to access, monitor, and manage your remote data center infrastructure. Generally, when you implement IaaS, you will use a company that will provide a self-service option for you to do just that. By purchasing IaaS, you can eliminate the need of purchasing hardware, enterprises, or organizations to do it for you. IaaS is charged based on consumption but many companies do not know exactly what the real cost is of this service and end up paying too much as a result. So how can you determine if you are paying too much for the service?

One of the newest ways is through a CSEM tool.

What is a CSEM Tool?

You could evaluate how much your IaaS is costing you manually but then you leave yourself open to human error and you may be leaving gaps in your evaluation. CSEM is the alternative that is becoming more and more popular because it is much more precise. CSEM stands for cloud service expense management and it helps infrastructure and operation leaders manage cloud resources while establishing new processes to deliver on the expectations. You do not even have to develop your own CSEM tools because there are many vendors who already offer it. CSEM is designed to automate and review the current expenditure, as well as predict the future expenditure, of externally sourced cloud services. Additionally, when the tools recognize that something is not optimized, it will provide solutions to ensure use is optimized so you can spend less on IaaS.

What Exactly Does a CSEM Tool Do?

There are four components of a CSEM tool that are designed to work together to create the best option for your current and future usage. Knowing how to bring all components together can help you save money on your IaaS tool and achieve the optimal business value while spending as little as possible. These are the four functionalities of a CSEM Tool:

1. Plan. Even before you work with a cloud service provider to develop your IaaS plan, you need to look at several providers to see what you can get. Your CSEM tool can help you during this planning stage by modeling options and ensure you get the most out of the price they are charging. A CSEM tool will help you determine how to get the most for your money.
2. Track. Once you have IaaS in place, you should be able to track what you are using and what you are spending as a result. Your CSEM tool can look at this data and ensure it is staying on track with what was originally forecasted. It can help you stay on budget by tracking consumption in almost real-time.
3. Reduce. Along with tracking the consumption, your CSEM tool can also look for ways for you to reduce consumption so you are not paying more than you should be for the services.
4. Optimize. Your CSEM tool can provide insights and analytics on your consumption so you can find ways to use it in a better way and save money during the process.

When you use this type of approach, you can save money on IaaS as well as other functionalities. For more help or more information on CSEM tools available in Omaha, be sure to contact InfiNet Solutions by (402) 895--5777 or [email protected].