Cloud migration can often be a touchy situation. We’ll take a look at some problems you may face, and how to make sure they don’t weigh down your next cloud migration.
Continue readingMigrating to the Cloud? Avoid These Problems
Tech Terminology: PDF
While the world is still effectively split between PCs and Macs, we have at least one file format that bridges the divide: the PDF. This file format became standard in business communications,and is now used the world over.
Today, we’ll dive into the history of the Portable Document Format and why it is so well-suited to business processes.
The Creation of PDFs
Think about what a PDF is best known for: the capability to share information as it was created, period. The document looks and acts the same whether still digital or if printed, regardless of a user’s operating system.
Before the PDF was created, sharing information between two different operating systems was as difficult as… well, as doing anything else between different operating systems is today.
Over at Adobe Systems in 1990, co-founder John Warnock drafted a paper titled The Camelot Project, describing how limited prospects were when it came to digitally sharing information. Warnock would go on to assemble Team Camelot,the group that ultimately created the PDF to be what it was imagined to be – a universally-compatible document sharing platform.
However, the Portable Document Format initially wasn’t nearly as popular as it is today.
For one thing, it initially required the purchase of Adobe Acrobat in order to be utilized, and the long download times of the early Internet certainly didn’t help matters. However, Team Camelot continued to add functionality as the Internet grew in popularity, and the format was eventually adopted by the International Organization for Standardization and made an open standard format.
PDFs, and Their Advantages Today
Now, there are essentially three different kinds of PDFs, each with their own capabilities and limitations. This all depends on the makeup of the PDF and whether or not it has a ‘text’ layer under the ‘image’ layer.
Scanned PDFs – Scanned PDFs are effectively a photograph of a document, saved onto the computer as an image. As such, they are not natively searchable or editable, although certain programs can be added to them to change this.
Digitally Created PDFs – These PDFs are those that are created in the computer, with all components still able to be altered. This includes the images displayed upon the PDF.
Searchable PDFs – Remember how we mentioned that scanned PDFs can be made to be searchable or editable? That’s thanks to Optical Character Recognition (OCR) and the fact that this process adds an editable text layer to the image layer. This enables greater interaction with these PDFs. Many document scanners come with software to convert a scanned document into a searchable PDF, and is the core foundation of a paperless office.
There are also numerous advantages to leveraging a PDF for your business purposes. Not only are they convenient to use and universally compatible, additional security can be set up to protect these documents and their contents.
Did you ever think that simple PDFs had such an involved history? Share your thoughts in the comments!
Tumblr Vulnerability Concerns Valid Amidst Social Data Breaches
Earlier this month, short blogging and social media tool Tumblr announced the presence of a vulnerability that could have exposed certain protected information to hackers under specific circumstances.
The news came at a bad time for social media platforms. Just a week prior, Facebook announced an industry-shaking data breach, around the same time that Google announced it was shutting down its Google+ service due also to a huge data breach.
Within the context of those other stories, its important to fully understand the vulnerability and what it means if you use the service.
Problem with Recommended Blogs
According to Tumblr, an unnamed security researcher found a flaw in the “Recommended Blogs” feature on Tumblr, which displays a select, rotating list of other users’ blogs to the reader. When using the desktop version of the site, the researcher found that an attacker could expose blog owners’ information using debugging software in a certain way.
The vulnerable information wasn’t as critical as it could have been. Potentially exposed information included users’ email addresses, salted and hashed account passwords, self-reported location, prior email addresses, last login IP addresses, and blog names associated with the compromised account.
It’s interesting to note that the self-reported location is no longer an available feature.
More Vulnerability Than Breach
So, how bad is the news, really? In light of the breaches at Facebook and Google—we can count Twitter’s API flaw from September in the mix—Tumblr got extremely lucky. Its report was forthcoming about the vulnerability and its limitations.
Given how an attacker would need to see a recommended blog, and then perform a specific set of actions, it’s easy to believe Tumblr’s assertion that it can’t determine if specific accounts were affected, nor the fact that the bug was “rarely present.” That rarity, and the fact that sensitive passwords weren’t exposed in a more open manner, are encouraging facts.
While the Tumblr vulnerability might not reach the level of a data breach, it’s still important to be ready to respond if your data is compromised. Contact Wheelhouse ITif you believe your information was compromised in any of these breaches to determine your best course of action to protect yourself from harm.
Hurricane Season is Half Over – Be Prepared for Next Year’s
We have almost made it through this year’s hurricane season, but unfortunately, this doesn’t mean that businesses will suddenly be safe again.
Many businesses that are impacted by these kinds of disasters are unprepared, and so when push comes to shove, some ultimately close their doors after trying (and failing) to bounce back. We’re going to tell you how to help avoid this outcome for your business the next time there’s a disaster.
Don’t Go in Blind
First, as is the case with any kind of disaster, you need to have a business continuity plan prepared that addresses what you need to do in response.
While weather is an important part of that, many businesses that don’t have to deal with things like hurricanes forget that there are many other factors that can come into play. A full 30 percent of all downtime is caused by any of numerous environmental factors – including flooding, yes, but also extreme temperature, humidity, and others.
You need to be sure that you know what your risk factors are, and that you have the systems in place to see them coming. While you may not want to make the investment into a monitoring system, its cost is minuscule compared to what an unforeseen disaster can incur.
Downtime costs alone have jumped up by 38 percent in the last eight years, making any investment to avoid the ill effects of a disaster well worth it. Hurricanes have become larger and, in some areas, even the run-of-the-mill rainstorm can drop over 70 percent more water than they have in the past. As a result, you need to know what makes your business vulnerable.
Plan for The Worst…
Once you know the risks, you need to identify what would constitute your business’ worst-case scenario and prepare yourself to deal with that. Naturally, an off-site data backup is going to be a key part of this. Make sure that your business’ data is backed up in multiple locations, away from your actual workspace. This keeps your data that much safer, as it reduces the likelihood of a single disaster wiping out both your business’ stored data and the backup you’ve kept.
You will also need to ensure that your business has a communications plan to ensure that you can confirm the safety of your employees throughout the hurricane, as well as to keep your clients informed of your status. You may also want to consider, depending on your risk factor, keeping a supply of provisions in the office in case you and your team find yourselves stuck there by conditions outside.
It isn’t uncommon that a disaster should make the complete shutdown of a business the best available option. Make sure your plan addresses both how to initiate such a shutdown, and how to start your business back up once the threat has passed.
…And Negate It
Once your plan is prepared, you should do all that you can to make it so that a disaster will only have limited influence on your business operations. For instance, enabling your employees to work remotely will allow them to resume productivity once they and their families have reached a safe place. You should also make sure your location has the necessary equipment to help mitigate the damage that a hurricane, tropical storm, or whatever disaster pertains to your location, can cause. An example would be maintaining water pumps to help minimize flooding.
Finally, you need to make sure that you and your staff not only know your plan but are prepared to enact it. Just like schools run fire drills, you should have your staff practice what they need to do in the midst of a hurricane or some other disaster.
WheelHouse IT can help. Our experience with backup and disaster recovery solutions allows us to handle that aspect of your business continuity planning, leaving you free to focus on the rest.
Call us at (877) 771-2384 to find out more.
File-less Ransomware Uses Windows Tools Against You
By now everyone knows about ransomware, the dastardly strand of malware that encrypts data (or the drives it’s stored on) and sends the user a message demanding payment in a certain amount of time before the data is deleted forever.
To add a little more menace to an already stressful situation, the message includes a countdown clock. If it sounds like a bad situation, rest assured it is. How could it get worse you ask? Simple, make it more difficult to stop.
Companies of all sizes spend a pretty penny in IT security and training to ensure that they aren’t the next organization to fall victim of a hacker’s sick joke. What if we told you that all that expense was spent getting ready for an attack that could be already lying dormant in a file in a computer on your network? This could be the case as malware is now going fileless.
Okay, we know what you’re thinking…
Fileless malware?! What?
Today, we’ll go into what fileless malware exactly is, and how it isn’t great news for most people and businesses.
Starting with some good news is always appreciated, so the reason why hackers are now utilizing more file-less malware is because people and organizations are doing a great job fighting against traditional methods of infection.
In fact, 99.9 percent of all would-be malware attacks were turned away in 2017; so, while it didn’t have a marked effect for those organizations that were unlucky enough to have dealt with ransomware or some other devastating strain of malware, lots of would-be attacks were mitigated.
For years ransomware growth has facilitated a major shift in the way that organizations looked at the dangers that are coming from the Internet. Sure, there had been plenty of malware dispersed for years, but fileless malware doesn’t work like other malware.
Fileless malware attacks take default Windows tools such as PowerShell and Windows Management Instrumentation (WMI) and use them to support the malicious activity. Powershell and WMI are installed on every single Windows-run machine, and since they are used to manage and support a system’s well-being, they are working to keep the system functioning properly.
How It Works
Luckily for most organizations, the way fileless malware is dispersed is largely the same as most other malware strains, through phishing emails and messages. For this reason, if your organization has been doing its best to train its employees on the best practices to keep free from malware, those initiatives still pertain here.
Instead of an email attachment or link downloading the malware onto your system immediately, fileless malware runs a macro in the RAM of a machine and starts a command line which runs the application. That application, whether it be PowerShell or WMI are then commanded to encrypt the files/drives.
After that, the user of the machine gets presented the message saying that the files are being held for payment, setting the ransomware process in motion. Typically, this is when it will give the user a short amount of time to provide payment to regain control over the files.
At WheelHouse IT, we know the last thing you need is your operating system turning against you. We also know just how challenging it is to detect this type of malware. We’ve developed solutions and practices to fight even the most targeted and powerful malware.
Call us today at (877) 771-2384 to learn more about stopping fileless malware and keeping your organization’s IT working for you.