Category Archives: Security

The History of Computer Viruses

Since the dawn of computing, there has always been programs people developed that had the ability to self-replicate. In the beginning, this seemed like amazing modern programs that were wise beyond their years. These programs have since developed into Viruses and the Malware that we know today. Which are not so amazing… However, they are wise, which is the scary part. Let us look at the history of how modern malware came to be. Understanding the root and origins can help us understand how these programs work and how we can defend against them.

1949- YES! As Early as 1949 we see some of the first Self Replicating programs that were established.

1966- John von Neumann, known to be the “Father of Cybernetics” wrote an article on the “Theory of Self- Reproducing Automata”.  Self-Reproducing Automata sounds much more interesting than “Virus”

1971- A self-replicating program called “The Creeper” was developed and accessed the Advanced Research Projects Agency Network and copied to a remote host system. The funny part is that it would display a message that said, “I’m the creeper, catch me if you can!”. Soon after another program called, “The Reaper” was developed to go in and delete the harmful “Creeper”.

1974- An infectious program called the “Wabbit” was created, its goal was to make multiple copies of itself on a computer and clog up the system so the computer performance would be compromised.

The 80’s – This was the decade where the term “Virus” was first coined. We also began to see these programs turn more malicious. The Lehigh virus in 1987 was programmed to infect command.com files at Yale University. A virus discovered in the city of Jerusalem was developed to destroy all file in an infected computer on any Friday the 13th.

The 90’s – At the start of the 90’s Symantec launched one of the first antivirus programs called Antivirus to help fight against the infectious programs. In 1996 a macro virus named Laroux was made to infect Microsoft Excel Documents. in 1999 The Happy 99 virus spread and attached itself to emails with the message “Happy New Year”

00’s-10’s – Were the target of more elaborate viruses which included the ILOVEYOU virus capable of deleting files. The Anna Kournikova virus that spread through emails and promised pictures of the tennis player, but instead hid a malicious virus. The Koobface, which targeted social media Users.

While viruses began harmless and with the intention to further society into understanding how programming works, this information was then used for evil and shadowed the excitement of new technology with threats to personal security. Luckily the good always outweighs the bad and with many steps to prevent, counteract, and fight back against cybercrimes, the world can rest easy.

 

Contact ECMSI for any questions you may have about your network or if you think you fell victim to a virus or cyber attack.

Why Slackers Love Tech

You just gave your staff an extra 6-week paid vacation to check in with friends on Facebook, expose your company’s valuable trade secrets from smartphones, watch cat videos, and send résumés to your competitors  – all on your time, and your dime… That’s right: if a full-time employee wastes just ONE measly hour each day, it equals 250 hours burned – 6 weeks of paid time – on non-work-related activities.

 

Sites like Facebook, Twitter and Instagram are a constant source of distraction to people who feel like they need to keep in touch at all times.

Not only is work time being frittered away, but crucial company secrets slip through the cracks more easily. And sites being visited on your network expose your whole system to malware, hackers and online theft.

So, what are you going to do about it?

Face it – you rely more than ever on mobile technology. And you want to have faith in your team… But how do you know they aren’t secretly taking advantage of your good nature when they’re online?

You don’t. The only way to know what’s really going on at work is to monitor their on-the-job online activities.

Celeste O’Keefe, CEO at DANCEL Multimedia, a Biloxi, Mississippi, marketing firm, started monitoring her employees when she noticed some of them attempting to cover their computer screens as she walked by.

Since then, she’s fired four people for digital infractions. One was a man doing side deals with clients that should have come into the firm. She also fired a woman doing schoolwork on the clock.

Your rights as an employer to track web and e-mail activities of employees using company computers are well-established. But should you? And if so, how do you do so legally, and without damaging company morale?

Several good things happen when you check your team’s online behavior. For one, it can help your company avoid theft, embezzlement or other financial harm. Monitoring can also prevent gathering information about your employees’ religion, political views, sexual orientation or medical history. This could expose your firm to discrimination lawsuits.

Disciplining an employee for making negative comments about you online could result in trouble with the National Labor Relations if you have well-founded suspicions and documented agreement with your attorney and top managers.

Set clear policies. Document your corporate policy on Internet and device usage to make rights and responsibilities clear to everyone – and to protect you in the event of a legal challenge.

Inform and gain consent. It’s not enough to simply let your employees know you’ll be watching them. By being fully transparent and explaining the risks to the business from improper use of digital assets, you’ll steer clear of legal issues without putting a damper on morale.

 

How to Stay Cyber Safe During Your Summer Travels

The summer time is the busiest time of year for travelling and whether you are going to an exotic location abroad, taking a work trip or driving to your destination in the US, it is important to take good cyber safety precautions not just on the trip, but starting from booking. Keeping track of your digital behaviors could be one of the best prevention methods for cyber attacks while on the go. While people are at home or work they are connected to a secure network but that can change when they are away. Technically speaking when they are away people are more likely to connect to a network that they shouldn’t. Below are some helpful tips that you can use to protect your digital security and privacy while traveling.

The Adventure Starts with Booking

When planning your trip, and comparing all the final details, make sure the websites you are using to book are legitimate and secure. It can be very easy for a scammer to spoof a URL or make a travel sight seem real but really it is a ploy to grab your information. Always double check the URL and make sure the site is verified to be HTTPS. A good rule to follow is to always make sure the top bar in left corner has a secure indicator (see below) before making any online transactions with that site. Be aware of your email inbox as well, If you get an email that looks like its from a major airline and offering a too good to be true deal, do not click on the link.


Get Ready to Go

One of the best pieces of advice is to make sure all of your devices are up to date. Updates ensure that all your devices have the latest security patches and reduce their vulnerability to attacks. Be sure that you have a password set up to get into your devices in case of them being lost or stolen. Apps are also important to keep updated, especially those that hold precious information like banking apps. “Running the most recent versions of your mobile operating system, security software, apps and web browsers is among the best defense against malware, viruses and other online threats” says the U.S. Computer Emergency Readiness Team

Have a Great Time!

While traveling, worries such as flight delays, traffic or a variety of other nuisances could completely take your mind off cyber security, and that is understandable.  If you covered everything discussed up to now, then you should be very well protected and ready. However, there are a few other items to take note of.

Free WIFI may be too good to be true: Never use a WiFi that isn’t secured with a password. It could possibly be a fake hotspot set up by cyber criminals. Be cautious with Free Airport WiFi because even the legitimate one can be insecure.

Take Advantage of New Payment Methods: The last thing you want to happen is your credit card to be declined while you are on vacation. One good way to minimize the chances of your credit card information being stolen is to use payment apps such as Apple Pay, Google Pay or Samsung Pay. These services do not directly transmit your credit card number, instead they provide the vendor with a randomly generated code in its place. That information is useless to anyone trying to intercept it. this can give you peace of mind when making transactions in unfamiliar locations.

To all that are traveling this summer, it is important to stay safe, and while cyber security isn’t the first on your list when your sipping a margarita on the beach, you will be happy you prepared.

Why is Everyone Updating Their Privacy Policies?

For the past month, your email inbox has probably been flooded with companies updating their privacy policies online. Maybe you even thought they were fake and receiving spam because of the high volume. But there is a major reason businesses like Twitter and Facebook are all updating their policies online. These companies sending them have been preparing for a new privacy law enacted by the European Union on May 25th known as the General Data Protection Regulation.

What is the GDPR?

These new European Union Guidelines are limiting how companies can use and process the personal data of consumer, giving the average person more control over their information and how a company can track them. Under this regulation companies need to explicitly ask if they can collect your data, they have to answer if you want to know what that data is used for, and they must give you the right to permanently delete that information. Companies also must warn the public about data breaches within 72 hours of them finding out.

GDPR in the U.S.A

So why would this be affecting people in the United States? Well any company that conducts business within the EU will have to comply with these standards or face high penalties. While the United States is not enacting the same privacy policy standards major corporations are enacting them in order to keep their websites functioning overseas. Those companies that have not caught up to the privacy standards have shut down their websites within Europe while they catch up on the back end.

What Will GDPR Change?

These new set of policies are changing the way people think about their data and how companies use them. Companies use data to make significant decisions about you and how they interact with you. While no policy change of this magnitude has occurred on the internet since 1995, experts say the GDPR is going to be the leader in new privacy policies around the globe. The internet and the way people share, store and send data has drastically changed since 1995. So, it will not come by surprise that even more regulations will come out within the years to come about how personal customer data is treated and handled.

What is Blockchain Technology?

You may have recently heard of the word “blockchain” being thrown around in certain articles or news stories. Specifically, blockchain comes up when the crypto-currency Bitcoin is being mentioned.  Sometime the term is used interchangeably with Bitcoin which is inaccurate and can give blockchain a bad stigma, making people believe it is only something hackers use to stay anonymous. However, blockchain is very interesting technology that may just revolutionize the way in which we make any type of transactions in the future.

What is Blockchain?

Blockchain technology is designed to let you safely exchange any type of digital property (like money) without the need for a middleman (like banks). Skipping the middle man then makes the transfers faster, and cheaper. Blockchain is also a hard coded permanent record of all transactions that ever happened, once information is added, it is impossible to remove. This does not allow anyone to change the record of what transactions took place, making it a reliable record of what happened. Since no one can change the records, the blockchain is a trustworthy source of information that lets strangers agree that a transfer happened even if they do not trust each other.

Blockchain has also solved the double spend problem. Digital money, like bitcoin is just a computer file, so it would be easy for someone to copy, paste and counterfeit it. When digital money is spent, its publicly added to a receivers account, so if a scammer tries to spend money twice, it can easily be discovered. Not needing a third party to handle the double spending problem allows digital property to be sent directly from one person to another.

How Does Blockchain Work?

When a transaction is sent (using the example of money), that transaction is recorded on EVERY record of the blockchain around the world. Each copy is an identical record of all transactions. Once one stranger gives money to another, now every stranger has a record of the transaction, the blockchain then compares all the transactions to make sure they all match. If a record does not match throughout the blockchain, the transaction does not get approved.

When a transaction is approved, it is placed into the block and given a unique transaction code. This code in the blockchain is directly related to past transactions and future transactions, making it impossible to go in and change. This permanent record will make it safe for people to directly exchange digital property without an expensive middle man.

What Use Does Blockchain Have?

  1. Entertainment: now people have the ability to pay an artist directly. Readers can pay authors directly. Artist can now self publish onto blockchain platforms and cut out all middlemen.

2. International Payments: Payments by companies and individuals become fast, cheap and secure, blockchain also ensures the money changes hand fairly.

3. Voting: With blockchain people could vote directly and from anywhere. Voting can be securely counted in a system that cannot be changed after the fact.

4. Ownership Records: By permanently  recording everything, this technology automatically ensures that the ownership for anything purchased can easily be proven. Currently purchase records exist in paper or items that can easily be corrupted or lost, changing this can reduce the possibilities of fraud and disputes.

5. Charities: Donations can now be tracked all the way from giving, receiving and spending. Blockchain can ensure that donations get to right people and used for what was promised. This allows for more transparency and accountability.

There are many more uses for blockchain  and the technology is still in its infancy, but as more and more practical uses come up we can start to see a huge shift in how we will exchange property. We will also have a more secure online market where people can trust that their personal data will not be compromised.

Local Governments Cyber Security Crisis in 8 Charts

Within the past few weeks, two large American cities learned that their information systems were hacked. First, Atlanta revealed that it had been the victim of a ransomware attack that took many of the city’s services offline for nearly a week, forcing police to revert to taking written case notes, hampering the Atlanta’s court system and preventing residents from paying water bills online. Then, Baltimore’s 311 and 911 dispatch systems were taken offline for more than 17 hours, forcing dispatchers to log and process requests manually. Both attacks could have been prevented. And they are more evidence of the poor, if not appalling, state of local government cyber security in the United States.

We know this because in 2016, in partnership with the International City/County Management Association, we conducted the first-ever nationwide survey of local government cybersecurity. Among other things, the survey data showed just how poorly local governments practice cybersecurity.

Under near-constant attack, but not fully aware

Nearly half – 44 percent – of all the respondents told us they experience cyberattacks at least daily. Based on prior research, we are confident that rate is actually much higher.

The volume of attacks isn’t dropping – and in some cases it’s increasing.

But even so, many communities didn’t know how frequently they are attacked, and most didn’t count or catalog initial attacks – though more than half did track more serious incidents and breaches.

More than half weren’t able to determine who was attacking their systems.

Unprepared to respond, and with not enough support

Certainly, there are local governments that do a commendable job with cybersecurity. If previous research into government information technology systems and electronic government can be a guide, they are most likely larger, more well-funded and more well-managed governments. However, the data from our more recent survey strongly suggest that at least some, and perhaps even a large fraction of, local governments may be unable to respond to electronic intrusions.

In part this is because few local officials are aware of the need for cybersecurity. Nearly two-thirds of the respondents to the survey, who were nearly all information technology or cybersecurity officials, said that top managers understood the need. However, among other groups in local governments, awareness dropped considerably. Perhaps as a result, support for cybersecurity efforts was also not as strong as Atlanta’s and Baltimore’s experiences suggest it should be.

With most local government officials and staff unaware and unsupportive, it is not surprising that cybersecurity is so poor among American local governments. Atlanta Mayor Keisha Lance Bottoms admitted that cybersecurity was not a high priority, although “it certainly has gone to the front of the line.”

And yet, crucial barriers remain, largely to do with how much money is allocated to cybersecurity efforts.

Getting more people in the know

If local officials are going to do a better job protecting their information assets, they’ll first need to know a lot more about what’s actually happening. The numbers of survey respondents who answered “Don’t know” to our questions was surprisingly high. No top local officials, whether elected or appointed, should be unaware of basic cybersecurity information, like whether their systems have been attacked or breached, or who’s attacking their systems and why.

Knowing these answers will only become more critical as computing becomes more deeply embedded in systems running “smart” cities. If computers control traffic lights, sewage plants and electrical grids, then the consequence of attacks is more severe than just loss of information or computer services.

Source: Norris, Donald, et al. “Local Governments’ Cybersecurity Crisis in 8 Charts.” The Conversation, 3 May 2018, theconversation.com/local-governments-cybersecurity-crisis-in-8-charts-94240.

This article was originally published by The Conversation. See here

Top 5 Priorities for State and Local Government Technology

State and Local Governments have found that in recent years it is becoming easier to serve citizens and enhance the way of life in their cities by utilizing technology. Officials have seen much better city management and planning when they implement new tech. Government offices are also relying more on their IT infrastructure to keep their employees productive in order to better serve their communities. With the recent cyber breach that affected the entire city of Atlanta, state and local governments are starting to realize they are just as vulnerable to cyber attacks just like anyone else. Government offices hold a lot of valuable information and are relied upon to maintain not only their local economies but the safety and standard of living for their residents. This year governments are going to have to prioritize their technology and develop plans that will maintain their IT infrastructure, here are the top 5 things State and Local Governments should consider.

1. The Internet of Things Enhancing Communities

The Internet of things, or (IoT) has been a trending topic in the news recently.  But what is the IoT?  Simply put, it is connecting any device with an on/off switch to the internet. This includes, any household items, fridges, microwaves, to washing machines, lamps, wearable devices and the list can go on forever.  But what does this have to do with State and Local Government one may ask? Well, a whole lot. On a broad scale the IoT can be applied to things like transportation networks and can help create “smart cities” that can help us reduce waste and improve efficiency for thing such as energy use.  Check out the graphic below that shows how a smart city would work. (The graphic below provided by Libelium who specializes in IoT devices.)

2. Beefing Up Cyber Security

The IoT can do great things for a city, however without the right security measures, it could also make a city extremely vulnerable. State and Local governments need to have fail safe back up and disaster recovery plan for all departments to ensure the cities network is protected and does not get compromised. In the face of evolving threats, cities have already fallen victim like the case of Atlanta.  Atlanta has recently fallen victim to a ransomware attack in which the hacker demanded over $51,000 USD in the form of bitcoins. The ransomware stole information and locked out government officials from files and software needed to run city operations. Cyber security is a very sensitive topic for government because when compromised, like a business, people begin to lose trust, which is the opposite of what any local government wants for its residents.

3. Cloud Solutions for Data

Cloud solutions are no more a far-fetched concept.  Migrating data to the cloud is providing a way that government can bypass restrictions created by tightening budgets. More governments are moving their data to the cloud, however with the migration comes some planning. Local governments must consider their environment to ensure they pick the right model, whether being a public, private or hybrid cloud. Moreover, data management can prove itself an issue if governments are relying on multiple cloud management providers.

4. Consolidation and Cutting Redundant Costs

Finding saving and efficiencies is extremely important to governments. When there are too many separate entities all with their own network trying to work together, this can create many holes in a governments system, where one infection can spread like wildfire. In the case of the state of Ohio just five years ago, 26 agencies were using close to 9,000 servers to support more than 32 data centers that were only running at less than 10 percent capacity.  By consolidating and reconstructing these servers the state was able to save more than $100 million and avoid close to $60 million is added costs. Governments will need to look into simplifying their infrastructure to their best ability, not only will it be able to help with costs, but also with security.

5. Collaborating with the Right Tools

Managing and thinking about all of these technical items is the last thing an elected official wants to think about when they run for office. Especially to local governments who focus on their residents and improving their cities. Technology problems are the last on their priority lists, local governments should look to invest in managed service providers that will focus on the technology side, making sure it is safe and reliable, while the government focuses on more pressing community tasks. ECMSI in northeast Ohio can do just that for any local government. If you are a part of a local government that needs IT help. Please feel free to call us today at 330-750-9412. We are always here trying to Make IT Easy!

 

The Strength and Weaknesses of Biometrics

We seem to take for granted how our devices identify us for authentication.  What started from passwords and pin numbers has now turned into fingerprints and advanced face mapping technology that makes unlocking your smartphone almost magical.

Until recently, biometrics were an item of science fiction. Today, significant advances in the technology have now made it truly a viable and secure alternative to traditional forms of security. Biometric authentication uses a person’s individual biological traits to verify their identity. This data is almost impossible to guess and is completely unique to a single person. This make biometric systems extremely hard to compromise, unlike Personal Identification Numbers (PIN) and passwords.

But like all passwords and forms of authentication, each have their limit.  Biometric authentication is also extremely new and not very cost effective enough for widespread adoption, but we can expect to see more and more of it in the near future. So, let’s look at some of the current biometric methods and their strengths and weaknesses.

The Passwords on Your Fingertips

The most frequently used and established form of authentication is your fingerprint. What can be more secure and unique than a series of pattern on the tips of your fingers that not one other human shares?

The main issue with fingerprint scanning is that we leave those passwords (our fingerprints) everywhere. You wouldn’t just write your pin down on a napkin and give it to your waiter, but you will hand over your glass, which is basically the same concept.  Fingerprints also present the challenge that we only have as many passwords as we do fingers.

However, despite the weakness fingerprints still remain much harder to guess than a password and their low-cost and high convenience makes them one of the most common authentication methods.

From fingerprint scanning evolved finger vein or hand vein scanning.  This method scans the vascular patterns beneath the skin’s surface, that are not left on the things we touch. However, this technology is very pricey and not commonly used.

Its All In The Eyes

Eye scanning has also seen an uprising in adoption. The security of iris scanners are very reliable, with a very low chance of false positives because of the high detail they need in order to work.

Despite this reliability, the concern of iris scanning is that of hygiene and convenience. If scanning equipment is shared and requires people to place their eye on surfaces used by others, we could quickly see the hygiene issue. To sterilize the equipment, it would have to be done with substances like alcohol which would cause the eye irritation.  We could also see issues where if the eye scanner is static, it may be difficult for people of different heights to use it.

Say the Magic Words

Voice recognition is one option that is widespread and relatively cheap from a technology stand point. The downside to voice is that it is getting beaten out by the other forms of authentication because it is the easiest biometric method to mimic. A recording on a good microphone could defeat a system, which makes this highly insecure for highly confidential items.

Look In the Mirror to Find the Answer

Facial recognition is somewhat the baby to the biometric authentication world.  The biggest launch on the market is Apple’s Face ID system which maps out the structure and movement of the face to prevent someone with a picture to access it. This technology has seen some false positives so there is likely to be more advancement required in facial recognition. However, if the technology becomes more established it may sweep the market from the other alternatives.

What started from the science fiction movies, has now ended up being real life. Biometric passwords have come a long way and there is still much more advancement required before we can say these methods are truly unique and secure. As of today, two factor authentication is still the best way to go. Combining a biometric factor with a strong password is the safest way to protect your online information when each password can rely on each other as a failsafe form of verifying you.