MediaBytes

December 31st is Make Up Your Mind Day

As New Year’s Eve approaches, it’s time to remember its other name: Make Up Your Mind Day. As the last day of the business year for most companies, it’s also a vital point for putting your plans for the next year into action. Unfortunately, creating a business technology strategy can be a complicated process for many IT professionals. Which way will your company go in the new year?

December 31 is Make Up Your Mind Day.  So have you made up your mind regarding your 2019 technology plan?

Here are a few ideas to keep in mind as you work on developing your business technology plan for 2019:

Have You Made Up Your Mind Regarding Your 2019 Technology Plan?

• Look at digitizing: The process of turning your organization from a traditional one to a digital enterprise is a complex process and requires a great deal of thought and investment to pull off well. Companies that lack a solid understanding of the challenges and opportunities are among the reason why 84% of attempts at digitization end in failure. Make sure you prioritize this vital part of your company’s growth for the upcoming year.
• Consider legacy assets: Will that old server holds out a few more years or is it time to upgrade the aging sales software instead? Though legacy assets can be challenging to incorporate into your existing scheme, it’s much easier than it was just a few years ago given the prevalence of solution-based software. However, there’s a particular point where it’s just more straightforward to say goodbye to these old classics. Fortunately, there are a few easy signs to help you recognize whether that time has come.
• Contemplate what tech employees use: Should you dictate to employees the technology they should use when at work? Considering the prevalence of mobile devices and the focus on specific brands, the iOS versus Android battle may appear front and center at your workplace very soon. With 38% of employees resenting management dictating what tech they can use on the job, it’s important to consider more comprehensive solutions that allow employees to work more productively.
• Take a look at the long-term goals: Trying to bring your business into the fourth industrial revolution without long-term goals to guide you would be like Columbus taking off across the Atlantic without an astrolabe. You know you’re following something, but you waste a lot of time and effort trying to get there. Our friends at Hacker Noon have a great article on how to break down large, seemingly impossible goals into shorter goals, allowing you to navigate from one point to another without being lost in an ocean of planning.
• Consider upgrades: What condition are those old workstations in? What about that series of laptops that you’re continually making repairs to or sending out for warranty work? When you have the budget available, upgrade or replace poor-performing assets in your system to improve your overall uptime and reduce the amount of work that needs to happen to keep things rolling. This gives you more free time for strategizing to get your business ahead.
• Make it mobile: If you’re not mobile by this point, you’re missing out. There are so many tools available to help you improve productivity, whether it’s connecting social media accounts, communicating with teams, taking remote payments or having music while you’re wrapping up quarterly reports. Adding mobile capability means your entire team can be more productive on the go, whether waiting for the VP for the meeting or dealing with an emergency from around the globe.
• Contemplate automation: What does your workflow look like? If you still have manual processes that can be automated, you’re wasting money. Whether it’s marketing tasks that can be more easily handled by a bot on Facebook, a tracking system for your warehouse to make your pickers more efficient or any number of other tasks, automation keeps your business rolling smoothly and efficiently while making your operation more flexible.

With digitization breathing hot down the necks of most IT professionals, having a solid technology strategy in place can make the difference between success and failure of the business as a whole. As IT shifts from an ancillary department to the central core of a company, it’s important to make sure that the leadership is in place to strategize this shift and ensure that it can be made successfully without costing the business more than necessary to provide an excellent outcome.

Only a few short weeks ago, we wrote about the introduction of WordPress 5.0 in early December and discussed whether or not your company should upgrade now, never or at a later date. Our recommendation was to wait until some of the bugs had been worked out of the system and until your business has a slow time of year to ramp up to the new way of posting with this new update. It seems that we were on the right track since WordPress has just made WordPress 5.0.2 available to the public, a maintenance release that addresses 73 known bugs associated with WordPress 5.0.

What is WordPress 5.0.2?

WordPress 5.0.2 seeks to address some of the problems that users have been having with the new WordPress 5.0 release. Most of these issues are associated with the block editor feature. Unlike previous WordPress releases, 5.0 is a WYSIWYG editor and requires no HTML or coding knowledge. According to WordPress, the new maintenance release increases the posting speed by 330 percent (for a post with 200 blocks). It also includes 45 block editor improvements, fixes 17 known block editor bugs and addresses some internationalization issues. You can view a complete list of the problems discussed with 5.0.2 on the WordPress website.

Should we upgrade to WordPress 5.0.2?

Our original opinion on whether to upgrade to WordPress 5.0 now or wait still stands. We still feel it’s prudent to expect since many businesses are otherwise occupied with end-of-the-year tasks in December and January and a radical revamping like 5.0 is likely to have a few growing pains. Also, 5.0 uses Gutenburg, which is not compatible with many WordPress plug-ins. As with any upgrade, we also recommend backing up all of your WordPress files before you download WordPress 5.0.

However, if you have already upgraded to WordPress 5.0, it is a good idea to go ahead and download the 5.0.2 maintenance release. This is likely to make your WordPress experience less troublesome and less time-consuming. To upgrade to WordPress 5.0.2, download WordPress 5.0.2 or go to your WordPress dashboard, go to Updates and click Update Now. In fact, you may already have the new maintenance release. Websites that support automatic background updates have already started to update automatically.

To learn more about using WordPress, deciding whether WordPress 5.0.2 is the right choice for you and your company, and to learn ways to make your website more efficient for both you and your readers, contact Ulistic.com or call us at (enter contact info). We can also help you with backing up your data before your upgrade.

Who Has Been Impacted by Chinese Cyber Attacks?

At the beginning of the year, the FBI warned businesses to protect themselves from cyber attacks by foreign entities, saying activity has spiked in the past 18 months.

Hewlett Packard and IBM are among the businesses most recently targeted. There’s a National Counter-Intelligence and Security Center that manages intelligence efforts for the U.S. government. It recently launched a campaign to address continuing threats. The center warns that many companies need to be more to protect against cyber theft.

Foreign governments accused of cyber attacks against the U.S. include Russia, China, Iran and North Korea, with China receiving the most scrutiny in recent reports.

How Do Hackers Breach Company and Government Security?

According to Entrepreneur magazine, hackers create fake social media accounts to get people to reveal work and personal information. One of the ways to guard against bad actors is to carefully scrutinize social media requests from people that aren’t personal connections and to research apps before using or downloading them, as well as keeping antivirus software up-to-date.

The FBI warning including a brochure entitled, “Know the Risk, Raise Your Shield” that targets federal employees. The recent warnings follow a string of cases against individuals and organizations accused of stealing proprietary information from U.S. government and businesses.

Nine cases filed since July 2018 include two hackers investigators say are linked to the main Chinese spy agency. Knicknamed APT 10, they allegedly stole corporate and government information via cyber attacks on employees.

Has There Been an Uptick in Recent Activity?

The breach of private businesses by Chinese hackers first hit news headlines in 2014, when Sony Pictures was hacked. This prompted an agreement in 2015 between Chinese President Xi Jinping and then President Barrack Obama that curbed cyber attack for a while.

At FireEye, a cybersecurity firm, analysts track hackers working on behalf of the Chinese government. The firm’s representative says attacks are on the uptick recently. These hacking groups are referred to as Red Leaves, cloudhopper, and APT10.

Managed Service providers are among the groups targeted. MSPs supply technology, telecommunications and other services to business clients. If they can break the security systems of such companies, Chinese hackers gain access to the sensitive data of the MSP’s clients.

APT10 has routed malware via an MSP network to its business targets. However, there are many steps businesses can take to protect their employees and data from prying eyes in cyberspace.

What Should Business Do to Raise Their Shields?

U.S. businesses should take proactive measures to safeguard against cyber attacks from Chinese hackers via email, social media and other points of entry.

This includes ensuring that advanced detection tools are utilized on network and email servers to safeguard access to company data. Regular threat assessments and employee training can help. This provides a diagnosis of the state of a firm’s cyber defenses regarding advanced persistent threats that attempt to find breaches in the company’s firewall. Precautions taken against the intrusion of foreign governments include:

• Fortify access controls. Evaluate the plans, policies, and procedures that govern corporate technology to keep proprietary data safe. This could include that installation of multi-factor authentication (MFA), data encryption and solidifying a layered defense system on all possible points of cyber attacks.
• Training. Make cybersecurity education and training a top priority. Everyone from the Board of Directors and C-Suite to individual employees needs to understand how to avoid cyber attacks by avoiding fake emails, malware and weak password strategies, among other efforts.
• Incident response plan. Organization leadership and key technical personnel must develop a protocol for dealing with threats. This should include representatives from business administration, information technology and operations.
• Crisis communications plan. Align the protection policy to risk management methodologies and the business needs of employees.
• Adopt a monitoring, detection and response plan. Quickly detect intrusions and breaches via rapid-respond plans to effectively eradicate the malware or other methods of entry.

Use Windows 7? Do you love your Windows 7? Will your need or desire to continue to use Windows 7 surpass this year? If so, you should be aware that in just under one year — January 14, 2020, specifically — Windows 7 Extended Support ends for most users. As such, there are things you need to know and decisions you may have to make. This is your guide to understanding what the expiration of Windows 7 Support may mean for you in one year.

What is the Current Status of Windows 7?

Windows 7 is a reliable desktop OS for Microsoft users. When Windows 8 came out, the differences were so stark that most users preferred to stick to Windows 7.

Why would they stay with an outdated system?

Here’s what Windows 10 offers:

• A straightforward interface that is well-designed and laid out;
• A start menu that combines the old with the new;
• A clutter-free and clean look that is familiar to you;
• Thumbnail previews that allow you to automatically open an item;
• Jump lists that allow you to quickly access files or documents you frequently use;
• Performance that allows the system to boot up comparatively quickly;
• A new calculator to convert units, figure out fuel economy, etc.;
• A new WordPad that offers more formatting features; and — among many other features —
• Upgraded and improved media player and center.

These are just a few of the reasons that so many PC users love their Windows 7 and do not want to particularly give it up, especially when they found Windows 8 a disappointment.

In fact, StatCounter suggests that 41.86% of PC users — who according to Statista makes up nearly 84% of the market share for desktop PCs — use Windows 7 still while another 42.78% use Windows 10 and a sad 8.72% use Windows 8. Those statistics say a lot about Windows 7 and suggest that a lot of people are going to need to figure out what they are going to do before January 2020, if they want their systems to be secure and updated.

Why is Microsoft ending support for Windows 7?

There is no specific reason why Microsoft is ending support for Windows 7 come January 14, 2020, except that this date is the date provided in Window 7’s lifecycle.

Windows 7 Lifecycle
October 22, 2009	Date of general availability for: Windows 7 Professional Home Basic Home Premium Ultimate
October 31, 2013	Retail software end of sales for: Windows 7 Professional Home Basic Home Premium Ultimate
October 31, 2014	End of sales for PCs with Windows preinstalled with: Home Basic Home Premium Ultimate
October 31, 2016	End of sales for PCs with Windows 7 Professional preinstalled
January 13, 2015	End of mainstream support for Windows 7
January 14, 2020	End of extended support for Windows 7

As indicated in the above table, if you did not extend support for Windows 7, then the problem of extended support expiring on January 14, 2020, does not apply to you. If you had purchased that extended support, then you need to pay attention and determine what you want to do because a year will be over before you know it.

What will happen after extended support for Windows 7 expires on January 14, 2020?

Come January 14, 2020, if you are still using Windows 7, rest assured your desktop will still work; Windows 7 will continue to work beyond 2020. The issue here is your extended support.

Come January 14, 2020, extended support expires and with that expiration ends any updates to your PC. That means your system is vulnerable because the latest, most advanced security updates will not be available to you.

Who will be affected by Microsoft’s decision to end support for Windows 7?

It is important to be clear that not all Windows 7 users will be affected by the January 14, 2020 extended support expiration date. In fact, in September 2018, Microsoft announced that some business users can pay for an additional three years of security updates. Unfortunately, this does not extend to home versions.

In other words, if your windows license type is an original equipment manufacturer or a full package product, there will be no extended security updates for you, and this includes all home versions. However, if you purchased a volume license (i.e., Enterprise or Open Value) for Windows 7 Pro or Enterprise, then you can purchase the additional three years of security updates — so primarily only business users can receive the updates at a cost.

What are your options after Microsoft Windows 7 support expires?

If you absolutely must keep Microsoft Windows 7, then you have options, though they may not be optimal options. These options include:

• Playing with the idea of purchasing an upgrade to Windows 10 and then downgrading your rights to Window 7;
• Continuing to run Windows 7 without security updates, but this is not a good option because as computer desktops and software advance, so do the hackers capabilities (home users if careful, can consider it, but it is probably not an option for business users due to legal and liability risks);
• Disconnecting any Windows 7 PC from the internet, but this means disconnecting you to the very thing that keeps you connected to the world, so it may not be your best option either.
• Migrating from Windows 7 to another operating system, e.g. Windows 8 or preferably Windows 10.

What does Windows 10 offer you?

Some PC users are hesitant to switch to Windows 10 because it does have its drawbacks. Some specific Windows 10 drawbacks include:

• The increased sense that Microsoft is invading our privacy with its default settings. Most of these setting can be changed but you must go in and manually make these changes.
• The ability to control your updates is limited when compared to Windows 7. Plus, these updates are made without user knowledge — which only entrenches the sense that PC users are being spied on when something happens to their system without their knowledge, even if it is for their own security.
• The interface is less customizable (e.g., can’t change colors) — and this is unfortunate in an age where we celebrate our differences, including how we set up our interface system.
• Older programs do not run well on Windows 10, so if you have older programs, you may be in need of identifying additional and newer products or software.

That said, it is good to be reminded that even though you love your Windows 7 whether it’s because you simply love it or love it because it’s what you are familiar with, Windows 7 has its own drawbacks, too. Windows 7 drawbacks include:

• Windows 7 was released in 2009. This was a time when iPad was a rumor and mobile phones were not as advanced. Today you want software that works across all your platforms. Windows 7 can’t do this most likely, but Windows 10 can.
• If you ever needed to use a virtual desktop then you know this feature is not available in Windows 7 unless you use Desktops v2.0 software. Virtual desktops allow you to organize your space better and have become an essential tool for modern-day users. Windows 7 does not offer this capability easily but Windows 10 does.
• We all know Apple’s Siri and Google Now. These are convenient built-in assistants to help us do anything from scheduling tasks or appointments, dictating notes, playing music, adding reminders, and much more. Windows 7 does not have a built-in assistant but Windows 10 does: Cortana.
• Ever been in your Windows 7 and want to search the web from your desktop and then realize you can’t. To search the web, you have to navigate to the right tab and then look something up. Windows 7 does not offer a convenient search feature for the internet, but Windows 10 does: the search bar allows you to search anything from your folders, apps, files, Windows store, and the Internet.
• Gaming is another thing so many of us like to do today aside from work. Windows 7 has always been a trusted gaming platform — so this is not a drawback except for the fact that Windows 10 has built on Windows 7 gaming capabilities to make it even better. So, if you like gaming, whether it’s DirectX 12, PC Game DVR, or Xbox one game streaming, among others that you like to use for gaming purposes, then Windows 10 offers the best performance for you.

How to determine what you should do about your Windows 7 come January 14, 2020?

If you are one of those PC users to be affected by the end of extended support for Windows 7 in January 2020, then you have to determine what you will do. The last section implicitly directs you in which way you may consider, but if you are not yet confident in Windows 10, ask yourself the below two sets of questions:

1. Do you use your computer to access the internet? If so, do you keep private information online or conduct private matters online, i.e., financial information, tax information, banking, consumer purchasing via Amazon or other outlets, etc.?
2. Do you like Microsoft’s operating system Windows? Do you want to stay with Windows (but not Windows 8)? If so, would you like something similar to Windows 7 but operates better?

If you answer yes to these questions, then it is safe to say you should consider Windows 10. A free upgrade to Windows 10 expired in 2016, but the price you pay today can save you in the long run.

So, now you have it. There’s a lot to consider if you use Windows 7 and like using it. If you are an owner of a volume license for business users, then you do have a viable and reasonable solution to the deadline: you can purchase another three years of security updates. This option provides you ample time to consider other options and train personnel on new desktop operating systems.

But if you are not a volume license holder, then you really need to consider what you intend to do. Security is highly important today in our virtual worlds and without it, you risk impacting your so-called “real” world. A hacker can destroy what you have built up over the years, from finances to projects to just about anything that is maintained or kept on your computer, in the cloud, or online. The issue of the January 14, 2020 expiration for Windows 7 extended support is indeed a serious one.

Citrix said the FBI warned them on Wednesday, March 6th that hackers compromised its IT systems and stole “business documents.” Citrix doesn’t know precisely which documents the hackers obtained nor how they got in.

It’s suspected that this is a sophisticated cyber espionage campaign supported by a nation-state. The consequences of the Citrix security incident could affect a broader range of targets, as the company holds sensitive data for many companies, including critical infrastructures for governments and enterprises.

For more information click here. Feel free to contact us for assistance if you’re concerned about your IT security.

TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.

Don’t Get Tricked By TrickBot

TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.

What Is TrickBot?

The Multi-State Information Sharing and Analysis Center (MS-ISAC) recently released a security primer on TrickBot. Originally developed in 2016 as a Windows-based banking Trojan, TrickBot has recently advanced its capabilities.

TrickBot is a modular banking trojan that targets user financial information and acts as a vehicle for other malware. It uses Man-in-the-Browser attacks to steal financial information such as login credentials for online banking sessions. (The majority of financial institutions consider Man In The Browser attacks as the greatest threat to online banking.)

Malware developers are continuously releasing new modules and versions of TrickBot— And they’ve done this once again.

How Is TrickBot Distributed?

TrickBot is disseminated via malspam campaigns. Malspam is a combination of malware and spam. It’s usually delivered through phishing or spear-phishing emails. Its goal is to exploit computers for financial gain.

These malspam campaigns send unsolicited emails that direct users to download malware from malicious websites or trick the user into opening malware through an attachment.

TrickBot is also dropped as a secondary payload by other malware such as Emotet. Some of TrickBot’s modules abuse the Server Message Block (SMB) Protocol to spread the malware laterally across a network. (SMB is an application-layer network protocol that facilitates network communication while providing shared access to client files, printers and serial ports.)

The developers behind TrickBot have continue to add more features via modules to this potent trojan virus. It can download new modules that allow it to evolve if left unchecked.

How Does The TrickBot Malspam Campaign Work?

The malspam campaigns that deliver TrickBot use third-party branding looks familiar to you and your staff such as invoices from accounting and financial firms. The emails typically include an attachment, such as a Microsoft Word or Excel document. If you open the attachment, it will execute and run a script to download the TrickBot malware.

And, TrickBot is really tricky. It runs checks to ensure that it isn’t put in a sandboxed (quarantined) environment. Then it attempts to disable your antivirus programs like Microsoft’s Windows Defender.

And even worse, TrickBot redeploys itself in the “%AppData%” folder and creates a scheduled task that provides persistence. Persistence is the continuance of the effect after its cause is removed. So, even after you remove TrickBot, it can still create problems.

What Happens If Your Network Gets Infected With TrickBot?

TrickBot’s modules steal banking information, perform system/network reconnaissance, harvest credentials and can propagate throughout your network.

TrickBot:

• Will harvest your system information so that the attacker knows what’s running on your network.
• Compares all files on your disk against a list of file extensions.
• Collects more system information and maps out your network.
• Harvests browser data such as cookies and browser configurations.
• Steals credentials and configuration data from domain controllers.
• Auto fills data, history, and other information from browsers as well as software applications.
• Accesses saved Microsoft Outlook credentials by querying several registry keys.
• Force-enables authentication and scrapes credentials.
• Uses these credentials to spread TrickBot laterally across your networks.

What’s New With TrickBot?

In November 2018, a module was developed and added that gave TrickBot the ability to steal credentials from popular applications such as Filezilla, Microsoft Outlook, and WinSCP.

In January 2019, three new applications were targeted for credential grabbing: VNC, Putty, and RDP.

In addition, it can also steal credentials and artifacts from multiple web browsers (Google Chrome/Mozilla Firefox/Internet Explorer/Microsoft Edge) including your browsing history, cookies, autofills, and HTTP Posts.

How Can You Protect Your Organization From TrickBot?

We recommend that you contact us and arrange for the following to protect against the TrickBot malware:

• Implement filters at the email gateway to filter out emails with known malspam indicators such as known malicious subject lines, and block suspicious IP addresses at the firewall.
• Use managed antivirus programs on clients and servers, with automatic updates of signatures and software. Off-the-shelf antivirus isn’t enough.
• Arrange for vulnerability scans to detect TrickBot or other malware threats that are hiding in your IT systems.
• Apply appropriate patches and updates immediately after they are released.
• Provide Security Awareness Training for your users. Regular training will ensure that they can recognize social engineering/phishing attempts, and refrain from opening attachments from unverified senders.
• Help you employ a Password Management solution so your usernames and passwords aren’t disclosed to unsolicited requests.
• Deploy a managed Anti-Spam/Malware Solution with the latest signature and detection rules.
• Review security logs for indicators of TrickBot. If any are found, we can isolate the host and begin investigation and remediation procedures.
• Make sure you adhere to the principle of least privilege, ensuring that users have the minimum level of access required to accomplish their duties. We’ll also limit administrative credentials to designated administrators.
• Implement Domain-Based Message Authentication, Reporting & Conformance (DMARC). This is a validation system that minimizes spam emails by detecting email spoofing using Domain Name System (DNS) records and digital signatures.
• If you don’t have a policy regarding suspicious emails, we can help you create one and specify that all suspicious emails should be reported to security and/or IT departments.
• And more…

Don’t let TrickBot use its tricks to steal your confidential data. Contact us for comprehensive IT Security Analysis and Remediation to keep TrickBot out of your network.

Norsk Hydro just got hit with a major ransomware attack that took down their entire worldwide network. It happened this morning, Tuesday, March 19, 2019, and we wanted to share this with you.

They experienced widespread system outages. This has been such a disaster that their aluminum production plants are now operating manually. All of their 35,000 employees worldwide have been affected.

For details view this 18-minute briefing from Norsk Hydro.

Feel free to contact us if you have any questions.

 

Did you know? Microsoft is ending support for Windows 7 in January 2020. Beginning this April, Microsoft will start displaying pop-ups on all Windows 7 computers alerting the users that their support for Windows 7 will be ending.

Don’t be alarmed.  Microsoft also did the same thing with Windows XP before shutting down their support for the Windows XP Operating System.

Read More

InfiNet Solutions is in the process of discussing upgrade options with every one of our clients and local companies. We’d like to schedule time with you to discuss your options. Feel free to connect with us by calling (402) 895--5777 or sending an email to [email protected].

Microsoft began notifying Outlook.com users of a 2019 security breach that occurred between January 1st and March 28th. Hackers were unintentionally given unauthorized access to some accounts, where they were then able to view subject lines, email addresses, and folder names. While no login details—including passwords—were directly accessed as part of this breach, Microsoft did warn users to reset their passwords.

Although the hackers could not view the actual content in the bodies of emails nor download attachments, this incident still represents a major—and disturbing—security incident. This breach serves as a reminder to every business to tighten up its security measures and protect its assets.

Use multi-factor authentication.

Do not leave this as an optional measure for your employees; require it. Multi-factor authentication uses more than one form of identity confirmation—this is the “multi-factor”—to prove the identity of the person attempting to access a particular platform—this is the “authentication.”

Depending on where in the product the Microsoft breach happened, multi-factor authentication could even have possibly prevented or limited the breach. In general, this authentication process adds a strong layer of security. Hackers don’t usually have both the password and the PIN, secret questions, or other ability to verify their identity.

When vetting which type of authentication to implement—if you have this option—consider using the one that is easiest for employees to have on hand, but hardest for others to get a hold of. Trying to make this relatively convenient for your employees will make it easier for them to comply, which will keep your business more secure. Multi-factor authentication is a measure that should go hand-in-hand with training your employees to use strong passwords.

Account for all devices—including mobile—in your security processes.

Very few companies still limit employee access to business assets strictly to desktops at work. There is a growing trend of employees being able to work remotely, even if it is not full-time. A recent study showed that as many as 70% of employees work remotely at least once a week. Whether working from home, a rented office space, or on-the-road, they are using their devices to log in from a distance, well beyond the secured confines of your office. This figure was accounting for full-time employees; contractors only increase the number of remote workers further.

The security processes implemented at your company needs to account for how all of your employees are accessing company resources. Email access on mobile devices is one of the most common ways in which employees take their work on-the-go, and so it’s a strong starting point for building out these protocols. Because confidential company information is being accessed on these devices via networks over which companies have no control, it is critical that both the email servers as well as the devices being used have robust security systems in place.

While new improvements continue to roll out to tackle these issues, solutions that work across all devices are the norm. Security software, as well as encryption tools, can help protect data regardless of the device, particularly when combined with encouraging employees to log-in via secure VPN networks. Cloud options for data storage are offered by providers with a menu of security options; it’s worth walking through your needs and investing in top-quality solutions.

Document your security processes.

With all of the work that goes into developing security processes, even more needs to be carried out to maintain their implementation and ensure that they remain up-to-date with new tech trends and emerging risks.

This is a vast and complex undertaking. All existing assets must be brought onto any updated infrastructure. Employees must be set-up for and onboarded to the security procedures, and checkpoints must be established so that their compliance may be monitored. Systems must be monitored for any breaches, as well as smoothly updated across all users and data to accommodate any new vulnerabilities that arose since the previous update. Different components, whether hardware (including different devices, such as mobile) or software, may experience issues with any updates. New members of the internal information technology must be introduced to the systems while existing members must stay abreast of any new developments; even team members working simultaneously on the same project must address potential communications issues.

Thorough documentation of processes helps achieve this by providing an objective record of the systems in place. This can be used for onboarding; for internal audits; for evaluating alternatives or potential improvements; and even for reviewing the source of vulnerabilities and providing accountability should an issue arise. This sort of record-keeping is an essential component of transparency in company policy and helps enforce quality control on internal processes. Of course, it must also be protected with the highest measure of security since it arguably contains “the keys to the castle.” Decentralizing its storage and scattering protected, encrypted components of it across multiple storage solutions can help protect company assets from the sort of large-scale breach that could otherwise bring your data assets to their knees.

And so, the large-scale Microsoft breach serves as a reminder that active vigilance must always be maintained over internet security, without relying entirely on one single individual, provider, or service. No single entity can be trusted to be entirely safe when major players like Microsoft are clearly vulnerable, despite the teams of brilliant engineers hired to implement safeguards and the millions of dollars invested in diverse preventive measures. Every business needs to be proactive in protecting itself through rigorous internal standards, ranging from staff training through the implementation of mandatory security precautions, to minimize the risk of vulnerabilities being exposed and exploited. Factoring in every employees’ data paths and employing multiple layers of overlapping security efforts at every step of the way—and documenting these processes for easy internal accountability and refinement—are critical for business informational security in this highly connected digital age.

A major accounting software and cloud services company has been hit by malware, affecting their many clients across the US.

Wolters Kluwer, a major provider of tax accounting software and cloud services, has been hit by malware. The many financial software services they offer to clients across the country have been down since Monday, May 6.

The software provided by Wolters Kluwer is extremely popular in the US accounting industry. Users include every one of the top 100 American accounting firms, as well as 90% of the top banks worldwide, and 90% of Fortune 500 companies.

This malware attack comes at an especially vulnerable time when many accounting firms (and their clients) are intending to file their taxes. With their primary accounting systems offline, they won’t be able to do so, or at least not with Wolters Kluwer software.

However, it’s not as simple as just using different accounting software. Wolters Kluwer also provides cloud services to their clients, which means that necessary client financial data is stored in their servers, and inaccessible by the accounting firms during this outage.

Since the attack began Monday morning, Wolters Kluwer took many of its systems offline to slow the spread of the malware. According to representatives, they have since been working non-stop to try to eliminate the malware and bring their systems back online. They have contacted authorities and third-party forensic teams to investigate the attack.

“We’re working around the clock to restore service, and we want to provide [clients] the assurance that we can restore service safely,” said Elizabeth Queen, vice president of risk management for Wolters Kluwer, to CNBC. “We’ve made very good progress so far.”

However, end-users have still not been able to access their tax documents that are stored in Wolters Kluwers cloud servers. The many systems that Wolters Kluwer took offline on Monday include the customer services lines that end users have relied on to get info from the software provider.

When a backup customer service number was finally provided, users were told that there is no estimated window in which the services will be fully restored. For the time being, thousands of accountants at numerous firms across the US are being expected to wait and see.