Technology Advisor Blog

The End is Near!  Windows 7 End of Support January 2020

Posted by Ann Westerheim on 12/7/18 1:52 PM

Windows 7Microsoft Windows 7 has long been a favorite operating system for business, but now the end of life for support is just one year away.  Although we're still seeing some line of business applications with problems running on Windows 10, it would be ill-advised to roll out any new systems with this operating system.  The official end date for extended support is January 14, 2020.  After this time, there will be no more security updates, and any system would be at risk for security problems, and out of compliance for a long list of industry security requirements.  

If you don't already have a plan in place to move your remaining systems to Windows 10, now is the time!  Every Windows product has a lifecycle. The lifecycle begins when a product is released and ends when it's no longer supported. Knowing key dates in this lifecycle helps you make informed decisions about when to update, upgrade or make other changes to your software.  Check out the Windows Lifecycle Fact Sheet on the Microsoft web site for more information.

As a general rule, we don't recommend upgrading an operating sytsem in place.  We typically recommend changing operating systems when you refresh hardware.  If you have very new hardware, then an in place upgrade may be worth a discussion.  In either case, we recommend having a plan in your 2019 budget to make sure this work is completed well in advance of the end of the year.

Keep in mind that many line of business applications may have problems with Windows 10.  Although Windows 10 was released three and a half years ago, not all third party software providers are up to date and this can lead to a very unpleasant surprise for a business owner.   In some cases, there's a problem because the business is running an old version and the upgrade comes with a significant price tag.  In other cases, the business may be running on the recommended version, but the third-party software provider just hasn't kept up.  This is the main reason we see businesses hanging on to older systems, but in January 2020, these systems will be out of compliance for security and a major risk to the organization.

Get your plan in place now for your remaining Windows 7 systems. We're here to help!  Call us with your questions. 

Tags: data security, Microsoft Windows 7

A New Twist on the Microsoft Support Scam

Posted by Ann Westerheim on 11/1/18 10:42 AM

The "tech support" scam is a common threat on the Internet.  While working on your computer, a pop up will appear that says your computer has a problem and help is just a phone call or click away.  Many of these scams pretend to be from Microsoft.  The graphics may look very professional, and the tech jargon sounds convincing enough that may people fall for these scams.  After the "repair" is done, then you'll be asked for a credit card to pay.  Most people assume they won't fall for a scam, but if you're very busy, and the support price is low enough, it could seem like the fastest and most efficient way to get support and get back to work.  

A new twist on this scam is that some bad actors make the scam more convincing by directing users to go to the Microsoft Support page, and then give them a code to get support via LogMeIn.  Since you've been directed to a legitimate website, you may think you're safe, but the code you enter will simply direct you to whichever user is connected on the other end - NOT Microsoft, because the code is independent of the site. 

LogMeIn Rescue is a remote support tool used by thousands of legitimate businesses, including Microsoft (and Ekaru), but legitimate products are not immune to bad actors with nefarious intent.  Some are using trial accounts and appear and disappear on line, so they're hard to catch.

Always be alert on line.  Many scams rely on busy users who need to get their support problem resolved as quickly as possible and get back to work.  THINK BEFORE YOU CLICK!

If you have any suspicions that something may not be right, DO NOT CONNECT.  If you have already connected, then hit the "kill switch" to end the session immediately.

LogMeIn Disconnect

LogMeIn has set up a site to report abuse.  If you're approached by a suspicious technician, capture and report – but do NOT enter – the six-digit PIN code they provide. Immediately send this and any other related information: https://secure.logmeinrescue.com/ReportAbuse/Send.

They request that you provide the following details:

  • In what way you were approached (email, phone call, etc.)
  • Exact date and time of the scam
  • The PIN code or link you were instructed to use (if you have it).

In general, always be suspicious if someone offers to help you and you didn't ask for help.  Another red flag is if you're asked to either upload or download files, and don't provide any credit card or personal information over the phone.

We recommend on-going security awareness for ALL employees.  The security landscape is constantly changing, and there are probably some gaps that you're not aware of if you're not keeping up.  Scammers are always improving and updating their techniques, so you and your team need to be aware of the latest threats.   Call us for help setting up a security awareness training plan, or sign up for training on-line.

Remember:  If a pop up appears on your computer saying you have a problem and help is available, DON'T call or click.  Call your own trusted computer support specialist instead!

Reference Link from the LogMeIn Support Site:  Avoiding scammer who abuse LogMeIn Rescue accounts.

Tags: data security, cybersecurity

Ekaru Now Delivers Dark Web Monitoring Services through ID Agent Partnership

Posted by Ann Westerheim on 5/9/18 8:29 AM

Ekaru Offers Monitoring and Alerting of Stolen Digital Credentials, Increasingly Valuable Asset on Dark Web

Hacker_BlogEkaru announced its new Dark Web monitoring services provided through its partnership with ID Agent, provider of Dark Web monitoring and identity theft protection solutions. With Dark Web ID, Ekaru offers around the clock monitoring and alerting for increasingly compromised digital credentials, scouring millions of sources, including botnets, criminal chat rooms, peer-to-peer networks, malicious websites, bulletin boards and illegal black market sites.

 “Too many small businesses think that they’re “under the radar” when it comes to cybersecurity.  Users have weak passwords and often reuse passwords at multiple sites.  About half of all cyber attacks hit small businesses, but they just don’t make the headlines like the big companies.  It’s been Ekaru’s mission from the beginning to support and protect small businesses”, said Ann Westerheim, PhD, President at Ekaru.

 The Dark Web is made up of various digital communities, and while there are legitimate purposes for the Dark Web, it is estimated that over 50 percent of all sites on the Dark Web today are used for criminal activities, including the disclosure and sale of digital credentials. 

 “Digital credentials such as usernames and passwords are widely used to connect to critical business applications – the reason these credentials are among the most valuable assets found on the Dark Web,” said Kevin Lancaster, CEO of ID Agent. “Unfortunately, the unaffordability of cyber offerings has played into the cyber poverty line experienced by small businesses. Dark Web ID, however, delivers an affordable model that provides small businesses with the same advanced credential monitoring capabilities used by Fortune 500 companies to organizations in the SMB and mid-market space.”

Dark Web ID is the industry’s only commercial solution available to detect customers’ compromised credentials in real-time on the Dark Web. It vigilantly searches the most secretive corners of the Internet to find compromised data associated with your customers’ employees, contractors and other personnel, and notifies them immediately when these critical assets are compromised. There are a few competitors in the market but none completely focused on the Dark Web as ID Agent’s solution.

About ID Agent

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and to millions of individuals impacted by cyber incidents. The company's flagship product, Dark Web ID, combines human and sophisticated Dark Web intelligence with capabilities to identify, analyze and monitor for compromised or stolen employee and customer data, mitigating exposure to clients’ most valuable assets – their digital identity. From monitoring your organization’s domain for compromised credentials to deploying identity and credit management programs in order to protect the employees and customers you serve – ID Agent has the solution. For more information, visit: http://www.idagent.com or go to LinkedIn, Twitter or Facebook.

About Ekaru

Ekaru has been a leading provider IT support services, hosting, and data protection to small and medium businesses since 2001. Our curated technology platform is designed to give you the level of support you need, with a budget that fits, so you can focus on your business.  For more information, visit www.ekaru.com or go to LinkedIn, Twitter, or Facebook.

 

Contact:                                                          

Ann Westerheim, PhD

Ekaru

978-692-4200

awesterheim@ekaru.com

Tags: cybersecurity, data security

Texting, eMail, and HIPAA

Posted by Ann Westerheim on 3/12/18 1:15 PM

HIPAA.jpgAt the HIMSS Healthcare IT Conference last week in Las Vegas, Roger Severino, Director of the US Department of Health and Human Services Office for Civil Rights (OCR), the HIPAA enforcement agency, made some news when he said that health care providers may share Protected Health Information (PHI) with patients through standard text messages. Providers must first warn their patients that texting is not secure, gain the patients’ authorization, and document the patients’ consent.  Note that this only applies to communications with patients.

This expands the previous 2013 HIPAA Omnibus Rule on emails which allows providers to email patients as long as the provider notifies the patient that email is not secure AND gains their consent.

Note that emails through free email services are NOT secure.  Google, for example, reserves the right to "use...reproduce...communicate, publish...publicly display and distribute" your email messages.  Most users don't read the lengthy terms of use and are surprised to hear this.  Health care providers must use encrypted email or secure email systems to communicate ePHI outside of their networks.

The baseline services we provide through our service plans such as firewalls, security patch updates, antivirus updates, etc, are an important foundation of the technical requirements for HIPAA, but there is so much more to it, and we want all our clients to be fully aware of all the requirements.  Contact us if you want to set up a complimentary HIPAA review.  The more you know the better!

For more details, read the full article by Mike Semel of Semel Consulting and author of How to Avoid HIPAA Headaches, who is one of the experts Ekaru follows for HIPAA information.  We also cybersecurity training and a HIPAA compliance platform to help in your compliance.

Tags: HIPAA, data security, cybersecurity, Compliance

You need to know this before you sell or donate your old computer

Posted by Ann Westerheim on 8/28/17 1:54 PM

Privacy.jpgIf you just got a new computer you might think its a good idea to sell or donate your old computer.  Why not make a few bucks or do a good deed?  

Even if you think you've removed all your personal information, you may be putting yourself at risk.  

In this report, Dan Meinke, a professional computer investigator, bought a used computer for $50 from an ad, and then looked through the computer and found email messages, "cookies" for websites the former user visited, photographs, and even who their CPA was.  This was an eye-opener for the seller, who thought the computer had already been cleaned up by her son who was "computer savvy".  You can watch the video here.

Our advice?  Remove the hard drive and have it "shredded" by a reliable vendor.  The article mentions destroying the drive with a sledge hammer, but the safer bet is having it destroyed professionally.  (I tried the sledge hammer approach once and determined it was harder and more dangerous than it sounded!).  Most companies that handle secure paper shredding in offices can also handle secure hard drive destruction.   When we "retire" old systems for clients, we remove the drives, and then lock them up prior to secure destruction.

Tags: data security

Subscribe by Email

Most Popular Posts

Browse by Tag

See all tags...

Connect With Us

Older Blog Posts

For older Ekaru blog posts, go to ekaru.blogspot.com.