IT Tech News and Information

How to Stop Your CEO from Becoming a Phishing Target

July 15th, 2019 by Julie Lough

CEO Fraud

How to Stop Your CEO from Becoming a Phishing Target

Business fraud affects businesses of all types and sizes, and there are no individuals within your business that are truly immune from the possibility of a targeted attack. However, there are some people who are more prone to an attack, simply because of the high value of their knowledge or access to the information within the business. Accountants, finance leads and your CEO are some of the most commonly-targeted individuals when it comes to business email compromise (BEC) attacks, more commonly known as phishing attacks. Knowledge is power, and these tips will help keep your CEO from becoming the next victim of these vicious attacks.

What’s the Difference Between Phishing, Spear Phishing and Whaling attacks?

While phishing is the most common term that you may hear, there are two additional terms that are often used when it comes to upper executives or more targeted attacks: spear phishing or executive whaling. These more specialized attacks go beyond the broadscale spam of phishing attacks that are meant to net any type of “fish” who is willing to click a link. In a spear phishing or whaling attack, the hacker has researched your business and knows enough from either social media or your corporate website to target specific individuals. Cybercriminals spend the time and effort to find any key vendors for your business or some personal details that will inspire confidence in your executives. The assailants then leverage this information to create a highly specific and tempting message that feels more like a personal email from a known vendor partner or internal asset in an attempt to gain control of your systems or to get access to sensitive information. The term spear phishing generally refers to tactics that are specific to a few mid-level individuals in your payroll or accounting department while executive whaling is targeted directly at your CEOs and other C-suite leaders.

What’s the Potential Payoff for Cybercriminals?

This investment by the cybercriminal is expected to have a high-dollar payoff and there’s only one chance at success — so the hacker has a vested interest in taking the time to do it right the first time. Each subsequent request increases the potential of being discovered and reduces the possibility of a return on their investment of time. The fraudulent emails are often requesting that the recipient transfer a large number of funds, pay a massive invoice or otherwise release information to what the target thinks is a “trusted” party. The FBI estimates that a single targeted whaling attack can release upwards of $150,000 in funds to a cybercriminal, making this an extremely lucrative pastime for these malicious actors.

Your CEO Should Be Wary of These Tactics

Coaching your CEO to stay out of the way of cybercriminals starts with an ongoing dose of education. In this case, attackers tend to follow a pattern of sorts that is relatively easy to isolate as long as you’re actively looking for this type of interaction. Receiving an email from vendors that have already invoiced you for the month, or requesting a different payment method that they have not used in the past (such as a direct funds transfer) should be a big red flag for your senior executives. Be cautious of emails that come in from trusted individuals with a slightly different email address; e.g. “@Micros0ft.com” instead of “@Microsoft.com”, as hackers are now spoofing entire mail domains in an attempt to release funds and data from your organization. Funds aren’t the only things that are requested by these organizations — personal information such as tax records also command a high rate on the dark web. This quick flowchart from KnowBe4.com may be a helpful graphic to share with your executive team.

Protecting your organization from the tactics of cybercriminals is not a one-time problem or solution, but requires an ongoing and dedicated effort to foil the efforts of these actors. Keeping your finance teams and senior executives safe can save your organization hundreds of thousands of dollars in remediation and notification costs, not to mention the frustration and difficulties associated with handling a significant breach.


Habits You Want From Your Technology Partner

July 12th, 2019 by Julie Lough

Habits You Want From Your Technology Partner

When you are running a business, you want your technology to integrate well with the other tech you use in your business and with your overall IT platform. When you run into situations where your tech fails to integrate well, it can cause serious problems—leading to lost productivity, lost data, and general inefficiency that is not desirable for any business.

IT support partnership

Choosing technology partners requires looking carefully at how those partners play with others. You want to know that your tech will integrate and operate well, which means you want a tech partner that is interested in ensuring cross-compatibility and integration. Many tech partners will be interested in such cooperation, but not all will. It is important to know what to look for in such a partner to ensure that you team up with a business that you can rely on.

Tech Partner Habits—Must-Haves from a Tech Partner

1. Interest in improving the overall experience, not just the bottom line

There are plenty of tech partnerships that develop to increase profits. After all, money drives business and it only makes sense for companies to seek arrangements that will improve their profitability. But creating the best customer experience requires more than just a focus on profitability—it also requires a real and sustained interest in ongoing improvement, which necessitates cross-pollination.

You want a partner who wants to ensure that everything works and strives to avoid tech silos that inhibit customers and companies alike. However, you also want a partner who will offer ideas for improvement and accept constructive feedback for their own improvement. The sharing of knowledge and insight and interest in such sharing makes a great tech partner.

2. Willingness to be part of a team

It may seem like asking too much for a tech partner to treat your business and the other tech vendors you work with as a team—but the fact is, you need a team player to achieve your goals. Sure, it can take some serious self-reflection on the part of one business to decide to team up with another business and actively engage in such teamwork, especially if there is a fear of missing out on extra earnings. But the long-term benefit of teamwork will yield future rewards that are otherwise unachievable. The tech partner that is willing to forgo a little extra profit today for benefits for the entire team, later on, is one worth keeping.

3. Interest in a long-term partnership

Many of the best results are only achievable through long-term planning and implementation. Some tech partners may see the option of a partnership as more of a short-term advantage that is not worth maintaining for the long-term. These potential tech partners fail to realize that whatever short-term benefits they can get now will pale in comparison to the benefits they could realize through long-term engagement and partnership. Of course, the challenge of long-term relationships is that they typically require some sacrifice on the front-end. Tech partners that are wise enough to see the value in such early sacrifice are more likely to benefit your business in the future.

4. Desire to contribute to the partnership

One of the best ways to facilitate a successful partnership in technology is to give as much access to your technology base as possible. There are many reasons for this need. For example, by giving as much open access to their technology base and IT stack as they can—within reason—a tech partner can make it much easier and faster to develop integration between their tech and the tech of other partners. The harder partners have to push to gain access to the information they need, the longer it will take to achieve true integration. It is possible that with enough pushback on access, a partner could just give up on the idea of achieving integration and go somewhere else.

5. Seek regular and open communication

The need for communication in business is significant when partnering with tech vendors and service providers. You want a company that will keep you up to date about everything that is going on—at least all the things that are relevant to you and your business—and you want a company that will take your need to communicate seriously. When you want to communicate, your partner should be available or make themselves available at a reasonable time. You also need to know what your partner wants and expects out of the business relationship, just as your partner should know what you want and need out of the partnership.


Building a Rock Solid Cybersecurity Plan

July 11th, 2019 by Julie Lough

Cybersecurity Plan

Cybercriminals may be going into a stealth mode, but that doesn’t mean that cyberattacks are slowing down — quite the opposite, in fact. According to the 2018 SiteLock Website Security Report, attacks increased by 59% and accelerated going into December. Record numbers of businesses are being infiltrated by hostile actors, with data breaches affecting hundreds of millions of users in a single attack. This all comes during a time when cybersecurity costs are accelerating as more organizations scramble to bring expensive systems and well-paid IT assets online to help protect their business from attack or assist with recovery. By the year 2021, damage to businesses is expected to exceed $6 trillion annually from cybercrime alone. It’s becoming increasingly difficult for businesses to manage the complexity required for a comprehensive cybersecurity plan alone, but these basics will give you a starting point to managing the risk to your organization.

Understanding “Current State” Security Practices

Many organizations begin crafting their cybersecurity plan by reviewing and documenting the current state of their risk-reduction efforts. This could include everything from data structures and storage locations, physical and cloud-based infrastructure models, third-party vendors and other connections. This “current state” report gives you a comprehensive view of the organization and allows you to capture potential risk centers that will need to be addressed in the future.

Balancing Security Needs with Business Requirements

It’s a fact of life that IT professionals are often in top demand, making it difficult to implement the full range of cybersecurity protections that proactive leaders feel are necessary. This balancing act may take place as ongoing negotiations between business and technology teams as the risks of not taking specific steps to tighten security are weighed against the potential benefits of new functionality. IT teams need to have a full understanding of how data and applications are utilized throughout the organization, including how remote partners or staff members are connecting into business applications and databases. Going through this process prompts conversation around the replacement value of particular platforms. Where an IT team may feel that an older platform could be deprecated without undue business impact, one particular unit may be utilizing that data in an unexpected way. In this instance, business and IT leaders will have to negotiate whether it makes sense to enhance the security or simply move to a newer alternative.

Crafting Your Plan and Training Your Staff

Understanding all of the various assets that your business has available allows you to gain a more holistic view of the business, a crucial element of any successful cybersecurity plan. Define replacement or bypass recommendations for each of your core business assets, and then fully document any changes that need to be made to reduce the risk of a breach or the effect of any malware or ransomware attacks. Having the plan in place also requires determining the training level that your staff will need. According to Cisco, the majority of malicious file extensions are made up of popular files such as Microsoft Word, Excel and PowerPoint, making ongoing training an important part of any cybersecurity strategy.

Small and mid-size businesses are the organizations least likely to have a formal cybersecurity plan in place, but these businesses are a high-risk target that is extremely attractive to hackers. Managing the complexity associated with the various platforms and data sources is often cited as a significant challenge for over-taxed IT personnel. Making regular cybersecurity reviews a priority can help your organization not only stay safe online but also identify processes challenges that need to be addressed to improve operational efficiency. Even with a rock-solid cybersecurity plan in place, that doesn’t mean your organization is completely safe. Instead, it means that you’re ready for an attack and are able to respond appropriately and in a timely manner — which can save your company hundreds of thousands of dollars in the event of a breach.


Old School Meetings Revisited

July 10th, 2019 by Julie Lough

You know running a successful business requires much more than just offering a great product or service. It takes constant engagement and collaboration of all of your employees to produce the best results, and it takes your best effort to remain competitive in a crowded marketplace. Collaboration between employees used to mean lots of daily and weekly meetings. Those long hours stuck in the meeting room often wind up taking a toll on productivity, and this loss of productive is quite often negatively reflected in a company’s bottom line.

Microsoft Teams

The good news is that modern technology now provides an alternative to the traditional meeting: Online meetings. Conducting meetings online not only saves employees travel time and the expense of attending a meeting in person, but quality online meeting software provides the tools that make hosting a meeting more convenient and more efficient than ever before.

Many companies used to avoid online meetings because they were complicated to set up, time-consuming to maintain, riddled with technical problems, and expensive to purchase. But now there are no more excuses. Microsoft offers businesses of any size a quick, powerful, and inexpensive way to streamline meetings: Microsoft Teams and Microsoft Teams Rooms.

What is Microsoft Teams and What is Microsoft Team Rooms?

Microsoft Teams is an ideal way to keep everyone who works at your company, as well as your partners and shareholders, in the loop and working in concert. Microsoft Teams is a suite of communication tools, including web-based, allow employees access to secure and private chat, file sharing, critical business apps, and the video meeting software, Team Rooms. Microsoft Team Rooms eliminates many of the hassles and time-sucking aspects of face-to-face meetings while still allowing them to be productive.

Whether you are having a 1-to-1 meeting or hosting a webinar for hundreds of people, Microsoft Team Rooms goes beyond many of the standalone online meeting solutions to give you the features which really matter to you. A few of these standout functions are easy scheduling, one-click joining, automated note-taking, extensive whiteboarding tools, along with the ability uploading files and share desktop screens. The best part is that Microsoft Teams and Microsoft Team Rooms is part of the Office 365 subscription you probably already use!

How Can Microsoft Teams and Microsoft Team Rooms Help to Make Your Next Meeting Better?

When it comes to hosting a productive meeting, you need a system that you can depend on no matter what. Microsoft Team Rooms has you covered by:

  • Offering a single platform accessible through desktop computers, mobile devices, and dedicated video conferencing systems. Whether your meeting attendees are at your home office, in the field or even at home, accessing Microsoft Team Rooms is a breeze. Everyone will be able to participate fully using one seamless and secure application.
  • Securing your data. As part of the Office 365 suite of applications, Microsoft Team Rooms reduces the security risk of transmitting your private data using another video conferencing solution. Microsoft is dedicated to protecting your information.
  • Making administration and maintenance a snap. Even if you have a dedicated in-house IT department, you want it to concentrate on running your business, not your video conferencing software. Setting up Microsoft Team Rooms is intuitive, and if your employees ever run into problems, assistance is always available.
  • Providing almost infinite scalability. Do you host a variety of meetings from small groups to large webinars? You don’t have to spend thousands of dollars on dedicated video conferencing equipment, use any smart monitor or computer-attached screen. Do you have a lot of new hires? They can immediately access Microsoft Team Rooms meetings with their Office 365 account through their computer!
  • Supporting post-meeting follow-ups. Since Microsoft Team Rooms is part of the Office 365 suite of applications, if you choose, your employees will continue to have access to notes and files after the meeting. This accessibility makes it a snap for your employees to work together and reduces the amount of time it takes to complete a project.

With the quality tools you need to host an online meeting, the collaborative tools you need for your employees to be productive, and a price point you can’t believe, Microsoft Teams and Microsoft Team Rooms are a comprehensive online meeting solution.


Important Security News About Mac & Zoom

July 9th, 2019 by Julie Lough

Did you know that your Macintosh webcam could have been hijacked? A serious security flaw in the Zoom video conferencing application joined Mac users to video calls without their permission.

Zoom and Mac Security

Zoom has now released a fix – click here.

A vulnerability in the MacZoom client allowed malicious websites to enable Mac cameras without users’ permissions. This is a serious flaw that was thankfully discovered by Jonathan Leitschuh.

Jonathan Leitschuh, a US-based security researcher, reported this serious zero-day vulnerability. It allowed any website to forcibly join someone to a Zoom call, and activate their video camera.

Plus, he said that the vulnerability let any webpage cause a Denial of Service (DOS) by repeatedly joining the Mac user to an invalid call.

Even if the user uninstalled the Zoom application from their Mac, it could be re-installed remotely.

What Should Mac Users Do?

To fix this particular issue, Leitschuh advised that Mac users with the Zoom application installed, update it to the latest version of Zoom and then check the box in settings to “Turn off my video when joining a meeting.”

A computer webcam is always a potential gateway for security intrusion. This is why some users put a piece of tape over their webcam just in case.

Zoom Has Since Patched The Vulnerability

The vulnerability has been patched; however, the flaw could have exposed up to 750,000 organizations around the world that use Zoom.

Leitschuh said that the Zoom vulnerability was originally disclosed on March 26, 2019, and that a “quick fix” from Zoom could have been implemented to change their server logic. However, it took them 10 days to confirm the vulnerability. And, it wasn’t until June 11, 2019, that Zoom held their first meeting about how to patch the vulnerability. This was only 18 days before the required 90-day public disclosure deadline.

He said that he contacted Zoom on March 26, giving them the public disclosure deadline of 90 days. Zoom patched the issue, so a webpage couldn’t automatically turn on a webcam, but that this partial fix regressed on July 7th, allowing webcams to once again be turned on without permission.

What Was Zoom’s Response?

“Zoom installs a local web server on Mac devices running the Zoom client…This is a workaround to an architecture change introduced in Safari 12 that requires a user to accept launching Zoom before every meeting. The local web server automatically accepts the peripheral access on behalf of the user to avoid this extra click before joining a meeting. We feel that this is a legitimate solution to a poor user experience, enabling our users to have seamless one-click-to-join meetings, which is our key product differentiator.”

Zoom also reported that they had no record of a Denials of Service or this type of weakness being exploited. They said that they fixed the security flaw back in May.


Arming the Next Generation of Cyber Warriors

July 9th, 2019 by Julie Lough

Cyber Warriors

There are everyday warriors in businesses across the country, but these individuals may never have worn the uniform of their country. This next generation of cyber warriors is being groomed by organizations of all sizes in an attempt to overcome the growing skills gap in the cybersecurity world. While many current cybersecurity analysts started in general IT, there are individuals throughout the business and technology world that are moving towards this lucrative career path. Unfortunately, there are few set career paths already in place and no firm list of skills to develop to move in this direction. See what Under Armour’s VP & CISO, Matt Dunlop, is doing to arm the next generation of cyber warriors that he knows his organization desperately needs.

Background of a True Cyber Warrior

One of the key reasons that Matt Dunlop sees the value of developing these skill sets is because he’s worked throughout the fields of mathematics and computer engineering since his time in the U.S. Army as a colonel. After starting as a network engineer, he further developed his skills by completing a master’s degree in computer engineering and ultimately a doctorate in a related field. When the U.S. Army Cyber Command was created, he was a logical choice to help stand up this new division — partially due to his status as a computer science educator at West Point. In his position as CISO with Under Armour, he’s able to bring together his passion for teaching and marry it with his deep knowledge of technology and cybersecurity. “As we look into the future and project this huge job shortage, companies are looking for the silver bullet,” says Dunlop. “But I look at it as a long game.”

Creating Lifelong Learners

Cybersecurity is an ever-changing landscape and one that doesn’t have a set career path or an endpoint. Dunlap is currently working with the National Cyber Education Program to help create a generation of students that are interested in the exciting field of cybersecurity. There is a major deficit of individuals who have the breadth and depth of knowledge that would allow them to effectively provide cybersecurity protection for an organization. Sparking the interest of the next generation of smart workers is crucial, especially as automation takes the place of low-level activities and leaves plenty of room available for strategists and individuals who are able to implement more complex — and therefore more challenging — environments. Historically, cybersecurity professionals begin as entry-level IT professionals and work their way through the ranks to ensure that they gain the necessary knowledge about infrastructure and integrations to help protect an organization from both malicious actors and internal business challenges.

Cloud is Changing the Face of Cybersecurity

As cloud-based applications gain prominence in today’s business world, cybersecurity professionals will need a better understanding of data and integrations as well as hardware and servers. Transitioning from general IT to cybersecurity requires in-depth knowledge of how and where weak points can occur in an organization’s security net. From next-generation firewalls to strategies for warding off malware and phishing attacks, there are integration details that require recognition of how data flows throughout your business — and beyond. Pulling together information from disparate cloud-based platforms leaves a fail point that needs to be monitored, especially when you consider the proliferation of third-party vendors in the business ecosystem. Each link in the chain that passes data between organizations and customers must be analyzed and monitored for compliance and security throughout the sales and manufacturing cycle.

Arming the next generation of cyber warriors starts with firing the imagination of generations of children and young adults as they enter the formative years of their education. Cybersecurity is an exciting career path and one that will continue to morph as threats emerge. Encouraging staff members to become lifelong learners is one of the shorter-term ways that Dunlop encourages individuals to enter the cybersecurity field, but he is the first one to recognize that we need a broader group of future professionals to enter this critical field and support the security of businesses in the future.


How Can You Protect Your Data in a Natural Disaster?

July 7th, 2019 by Julie Lough

Business Continuity Plan

Disaster can come from external factors, such as wildfires, floods and storms, as well as internal events, such as a toxic chemical spill or boiler failure in your facility. It’s crucial to have a plan to recover from these events and to provide a framework to return to work as quickly as possible.

Developing a business continuity plan can reduce recovery costs, safeguard your company’s reputation and may even save lives.

What’s the Difference Between Disaster Recovery and Business Continuity?

Business continuity planning creates a back-up plan that documents how your business will operate if it’s is crippled by unforeseen events. Examples include natural disasters, terrorist attacks, strikes and arson. A disaster recovery plan (DRP) is a subset of the BCP; it documents detailed instructions on how to respond to these unforeseen events.

Before fabricating a detailed plan, your organization should conduct a risk analysis and a business impact analysis that establish recovery objectives and time frames.

What’s the Percentage of Businesses that Close After a Disaster?

The Federal Emergency Management Agency (FEMA) reports that 40% of small businesses close following a disaster, according to CNBC’s hurricane preparedness report. Many small business owners don’t consider disasters among their business risks when making contingency plans or purchasing insurance coverage. It’s a mistake that could threaten your company’s very existence.

How Do You Decide Which Systems Are Essential in an Emergency?

Most BCPs consider how to keep essential functions running throughout a disaster and to shorten the recovery period. BCPs are essential for organizations of all sizes, but it may not be feasible to have complete backups for all your business systems. That’s why it’s important to prioritize essential systems, such as customer relationship management tools and compliance and reporting systems.

Many experts agree that once systems are prioritized the recovery budget should be allocated accordingly. Failovers systems should be initiated to ensure crucial components can be restored in case of cyber attacks, terrorism and other catastrophic events.

What Are the Components of a Business Continuity Plan?

The Components of a Business Continuity Plan:

Disaster Preparedness – Recognize the types of events that might compromise your business, assess the threats facing your company and identify steps to eliminate or minimize the impact of those threats.

Emergency Response – Develop procedures that enable you to respond when a disaster occurs or is forecast to occur. Continue with the plan until everyone is safe and there is no further threat of property damage or bodily injury.

Business Recovery – Identify your company’s critical business functions and define procedures that will facilitate restoration of sales, production and operations to pre-disaster levels.

How Do You Create a Business Continuity Plan?

There are five steps to creating a BCP:

1. Build Your Team. Use a top-down approach to build your plan. That means getting the buy-in of the C-suite, including sign-offs by senior management. One point person should own the process, supported by a core team with representatives from every business department.

2. Assess Risk. List out and rank all the hazards that could threaten your company. Examples include: climate, cybersecurity, supply chain, fire protection, facility construction, staffing and utilities.

3. Analyze Business. Create a business impact analysis (BIA) to rank the risks on your list. The idea is to strategize which systems need to come back online first after an emergency. The appropriate business units should be responsible for suggesting recovery strategies to get up and running within a recovery time objective. For example, backup data files need to be stored offsite and available within a few hours of a disaster, and your IT vendor may be able to expedite the shipment of replacement equipment following a catastrophic event.

4. Document the Plan. Documentation needs to include step-by-step procedures. This doesn’t have to be fancy — most plans are written using word-processing programs.

5. Test the Plan. To verify your recovery strategies, testing is essential. These tests vary in complexity from a discussion of the steps needed to respond to a disaster to comprehensive testing of your backup and recovery of core files and systems. Keep in mind that, business continuity planning should be continually reviewed since your systems and business relationships are static.

How Do You Plan for Personnel Disruptions?

Be sure to have a website or number that employees can call to check in. Services may be disrupted for several days, but most employees should be able to check in within 48 hours. Having a documented plan with one website and number makes it easy for everyone to stay in touch. Social media sites are another great way to let everyone post their status or ability to return to work.

Personnel disruptions. The BCP is often mainly operational, dealing with physical infrastructure. However, a business also needs its people to function. A potential disaster can affect your employees’ lives in various ways, including:

  • Employees may live in a disaster zone, even if your company is in a safe location.
  • The commute may be compromised.
  • Nearby disasters affect attendance and productivity.
  • When food, water and other necessities are scarce, it’s hard for employees to concentrate on work.

Who Should You Contact First After Checking on Personnel?

Consider your customers. During a disaster, your first calls may be to insurers and vendors. Don’t forget to keep your customers in the loop. Remember, customers want their regular services and are ready to go elsewhere to get it.

Consider vendor stability. If core services are provided by third-party vendors, double-check to make sure continued service is available during a disaster. Vendors may have an issue delivering goods to your business in a disaster area; vendors in other regions impacted by a disaster may not be able to make deliveries.


iTunes Going Away?

July 5th, 2019 by Julie Lough

What You Need to Know About Backing Up iTunes and What’s Next for Apple Music and Other Media

Many iTunes users were shocked on June 3 when Apple announced that iTunes would be phased out. First things first: the iTunes store won’t be going away. All of the music people have bought from the store will still be there.

iTunes Library

What is Apple actually doing with iTunes?

Because people are increasingly streaming, not downloading, Apple is breaking the iTunes store up into separate segments for music, podcasts, and video/television. Each of the media will have its own app on the Catalina Mac OS.

What iTunes apps will be affected?

The iTunes store will still be available as a music store. The other media, including video/TV and podcasts are being spun off.

The new iTunes store will be more closely aligned with Apple’s streaming music service. Apple is looking to rebrand itself as a streaming entertainment service. Other streaming content Apple is either developing or currently offering include Apple Music (streaming), a new TV streaming service, and a magazine subscription service.

What will I do to save my iTunes library?

First, the change affects desktop computers only. If you’re using iTunes on any other device, it won’t change. Second, the change will only affect you if you’re upgrading to macOS 10.15 Catalina.

Apple’s iTunes change is intended to conform the way digital media is stored on desktops with all other devices. If you are upgrading to macOS 10.15 Catalina, after the change, you will locate your iTunes library using Finder.

If you look at one of your mobile devices, you can see what will happen – the format on your desktop in macOS 10.15 Catalina will be similar to the format for media libraries on the iPhone or iPad. Mobile IOS devices have apps for Music, Videos, and Podcasts.

What if I can’t find the iTunes store?

The iTunes store on a desktop or laptop will be located in a sidebar within Apple Music. You can use the sidebar the same way you have always used it. Individual songs and albums will continue to be available for purchase and download.

How can I make sure my iTunes library is backed up?

You can back up your Mac using Time Machine. Your iTunes library will be backed up automatically as long as the library is included and it’s a full Mac backup.

If you want to use Time Machine to store a copy of the library outside Apple storage, connect a storage device to your Mac. When Time Machine prompts, choose the device as the backup disk.

If you only want to back up your iTunes music, not your whole computer, make sure that your iTunes music is on the local computer.

If there are any songs you’re concerned you may have missed, choose the Account menu at the top of your iTunes screen, then choose “Purchased” and “Music.” Re-download the songs you want to make sure you have saved.

Next, you need to organize and consolidate your library. Click “File” on the top of the iTunes screen. Choose “Library,” then “Organize Library.” At that point, pick the first option: “Consolidate files.”

This puts your files together and keeps them organized while also leaving originals in place.

You can then use the consolidated iTunes Media folder to make a backup onto any external drive or memory device.

Apple’s support page on how to back up and restore your iTunes library can also help guide you through the process.

ITunes isn’t really going away and neither will your downloaded and purchased music. Apple is just adding streaming capabilities for music, videos, podcasts, and television. Look for the changes this fall when Apple releases Mac OS Catalina. If you won’t be upgrading to the new operating system, you will not notice any changes at all on your Mac, MacBook, iMac or Mac Pro.


Happy 4th of July Everyone!

July 3rd, 2019 by Julie Lough

Got Your Sparklers Handy?

The Fourth of July falls on a Thursday this year, but we aren’t letting the fact that it’s a weekday stop us from celebrating.

 

 

Of course, just because it’s a holiday, that doesn’t mean you’ll have to make do without us. You’ll be able to reach us at (616) 7760-0400 if any technical issues arise, and our on-call technicians will be more than happy to resolve those issues for you.

Happy 4th of July


How Can You Focus Your Company on Reliable Anti-malware Strategies?

July 1st, 2019 by Julie Lough

antimalware

Organizations across the country are learning from cyber attacks perpetrated in Atlanta, Newark, and Sarasota. Similarly, large targets such as San Francisco’s transit authority and Cleveland’s airport have also been targeted. The growing threat from ransomware, which locks up the victim’s device and files, is hard to track down to the source. Fortunately, many attacks are preventable with the right training and compliance with company policies.

Where to Focus Cyber Hygiene Efforts?

Cyber hygiene involves putting processes into place to make it more difficult for hackers to attack your network. First, use two-factor authentication. Also known as dual-factor authentication, this creates an additional layer of security since it requires two proofs of identity. The most common method includes both a password and a one-time code texted to the user. Individual users should also back up data offline using an external hard drive or another device.

Internal firewalls deter malicious actors attempting to access your computer. When suspicious activity is detected, the suspect device is locked and denied access to the rest of the system. It’s similar to quarantining sick people to protect healthy ones.

Require staff members to regularly update passwords since cybercriminals can sometimes buy stolen passwords through the dark web. Take special precautions for remote access, which creates unique vulnerabilities. Make sure that your IT team has a process for detecting and eradicating threats associated with remote access to the company’s network and data.

How Can Staff Members Reliably Detect Phishing Emails?

Most ransomware attacks begin with what’s known as a phishing email. The hacker tries to get users to open attachments or links — which install ransomware on the computer. Here are a few tips on identifying phishing emails:

  • Strange word choices
  • Odd links
  • Misspelled words
  • Weird attachments, especially .exe or .zip files

If an odd-looking email seems to be coming from a friend, verify its validity before opening the email.

How Does Updating Your Software Help Prevent Infection?

Hackers exploit vulnerabilities in software, and patches are released to fix them. When your computer prompts you to update the software, do it.

What’s the Best Way to Stay Prepared?

According to a recent 60 minutes episode, hackers shut down systems at a hospital in Indiana. The hospital had to pay a $55,000 ransom to unfreeze its systems. Other organizations should learn from this experience and establish a robust security protocol.

How You Can Prevent Astonishing Impacts of Scareware?

Anti-malware programs cannot scan your PC without permission. No reputable company sends you scary emails or pop-ups as a marketing ploy. These messages are scams and are commonly referred to as scareware. They may even introduce infectious viruses on your computer. Avoid opening emails from senders you aren’t familiar with. Never give your computer credentials, personal information or credit card information to these bad actors.

There are things you can do to avoid scareware threats. First, avoid programs that pester you to register your device or buy software to clean up your computer. You could end up paying to clean up your working computer. Even worse, you could end up giving unknown cybercriminals access to your personal information. When you want to purchase malware protection, go directly to a reputable provider. Many companies offer free software to scan your system from their home page.

What are the Dangers Associated with Bundled Software?

Sometimes, when you download software, you get a prompt asking if you wish to download toolbars or change the home page of your browser. Don’t do it. Even though this is becoming common with legitimate software, it puts your system at risk. Known as “crapware,” these extras are often harmless and may even be quite helpful. However, there are times when adding these components open you up to cyber theft. It can also display annoying pop-ups and impact your computer’s performance.

You can avoid these attempts to bundle software. Extra apps that companies sneak onto your device aren’t always malware initiatives. They are, however, very annoying. Your computer can become so bogged down it’s practically inoperable. If you download the latest version of software such as Adobe Flash, reach every screen during the installation. Uncheck all boxes regarding additional toolbars.