Since it became the defacto norm for WIFI network security the WPA2 security setting has been the standard for almost every WIFI network setup.Read More
Office Document Strategies Blog
While the stories are continuing of the massive number of institutions and major businesses which have been affected world wide by the Wannacry Ransomware attack over the past few days there are a few trends which seem to be coming evident.Read More
There can almost never be enough said about how to keep IT networks secure from those who seem bent on creating problems by hacking or stealing information. The first line of defense for every operation is the password protection used by computer users to login to their workstations and applications.Read More
At the risk of appearing to hammer the topic to death it is time to take another crack at warnings about Ransomware Malware attacks.
This time of year is potentially even more challenging to IT managers and users alike as everyone is rushing to get things done before the holiday season really locks in. It means that normal caution can easily be thrown away as people try to clear their email, deal with online activities and perhaps not take that extra two seconds that avoidance can take.
Why now? Simply because the predators can. A recent IT World Canada article outlines how late last month Carlton University had over 3000 of their computers affected, some in research labs by an attempted ransom ware attack. It appears that the IT people got it under control pretty quickly and it was isolated to only a portion of the university network.
It did mean however that thousands of students, faculty and administrators were unable to use the network for a period of time while the details of the attack were sorted through. Eventually, users were advised they could login to their network but many hours of productive time was lost due to the issues.
Another attack in Calgary saw that university paying out $20,000 to the ransomers. Again much time and effort was expended to deal with the circumstances. These are just two of the known instances where Canadian organizations have been impacted by such attacks.
The are for certain many others where users and organizations have not publicized their problems with malware.
For some reason Canada is reported as being more prepared to send compensation for removing the attack when compared to other jurisdictions. Why this would be the case is subject to speculation but unfortunately if it gets known in the perpetrators world it could lead to Canadian targets becoming even more frequent.
The first line of defense is the users on the network. Encouraging everyone to take a little time to investigate whether an email from an unfamiliar source is legit. If a user is not CERTAIN of the sender then the default response should be to NO OPEN IT. Either delete it and take the chance someone legit has to try again, or contact IT support to have it checked out.Read More
“As in years before, ‘accidental disclosure’ was the most common cause cited for breaches,” ..... “highlighting the need for institutions to ensure proper procedures are in place to protect Canadians’ personal information."
This paragraph begins a report in IT World Canada outlining the summary of the Canadian Government experience in the period ending March 2016. It shows that government information continues to be a target for hackers and others seeking to take advantage of the massive amounts of information that is collected by governments at all levels. While the report referenced deals primarily with federal government information we can be sure that similar issues can arise in the broader public sector including provinces, municipalities and government agencies like education and hospitals.
Sometimes we all get complacent when we hear about cyber attacks on businesses and organizations. We figure, too bad, it is unfortunate that someone got caught by this nefarious practice but it doesn't happen around here. Recent events have brought this right to our doors in the Hamilton, Burlington area.Read More
Most business managers have concerns about their computer networks getting compromised either due to direct hacking or the inadvertent impact of someone downloading malware. This just makes sense. On the other hand how much time is spent teaching their users about how to avoid problems and what to do if they suspect there is an issue?
Recently, PricewaterhouseCoopers reported in a global study that Canadian information security budgets had a significant increase over 2014 but fewer than 57 percent indicated their organization offered security training and awareness programs. The participants in this study will be larger, more formalized firms so we can safely assume that with so many Canadian companies being SMBs (Small Medium Businesses) the percent taking the time to educate their people will be even lower.
PwC's report indicates that Canadian cybersecurity incidents increased by 160 percent year over year which shows that the problem is not going away. There is some good news in the report in that Canada is actually doing better than other world wide jurisdictions. This means we are not the worst at dealing with this kind of business risk but the percentages indicate there is much more than could be done.
One are identified as being problematic is the impact of connections to in house systems made by partners. This could be the visiting technical or sales person who connects to the office network and introduces a problem by mistake. Simple isolation steps through guest logins and isolated IP ranges can help to mitigate this kind of intrusion and most organizations could have this basic security provided.
Of course the more depth of access a user or guest has the greater the risk to the business so proper security planning and policies (if enforced) can help to protect from these challenges.
Basic to all of this, however, is making sure that employees understand the importance of IT security to the business (it could be a survival issue if the intrusion is serious enough) and that they are trained to be able to identify how they can participate in a protection regime. The solution starts at the hiring stage as IT policies are spelled out, the consequences of violations explained, and the steps to be taken if a problem is experienced outlined.Read More
When a big IT data breach occurs there is lots of media coverage and we all hear some of the gory details on how serious the impact may be. Unfortunately, we do not hear as much about the smaller breaches that also occur and that means that many companies do not work as hard as they should to protect their computer networks.Read More
The date has come and gone for the end of Microsoft support for Windows Server 2003. July 14th was the announced last date for security patches to be provided for this highly successful server software. It has been predicted that as many as half of Canadian firms still have at least one server operating with the 2003 server software.
With the end of regular security releases the potential for some sort of breach on these servers to occur increases over time. The warnings have been out for some time but now action is needed. Those players who seem to take joy in finding ways to hack people's systems or who wish to attempt penetration for nefarious purposes will put greater effort into find vulnerabilities in the Server 2003 platform since they know that those vulnerabilities can be long lived without regular corrections.
Since 2003 was such a popular installation the numbers of potential targets are still large, unless companies (you?) take action now to replace the 2003 Server with an alternative.
Of course this becomes a time for upgrade. Given that 2003 Server is over twelve years old, a lot has happened since its release and therefore there are many potential gains to be had with installing newer server software to be the backbone of your systems.
Probably the best bet if you are able is to jump to Windows Server 2012 R2 the current release of Microsoft. There are many robust new features available in this platform that you can use to enhance your operations. Of course one of the first things you need to know is whether your other line of business applications are supported on the platform. If not then you may have to consider other solutions.
It is still possible to install Windows Server 2008 which was the release after 2003 but obviously it is not going to offer all of the latest enhancements nor will that installation likely have as long a life cycle as moving to the more recent release. The one benefit is that many more line of business applications are going to have been rewritten to match up with this version of the server software simply because it is so much later in its life cycle. Most currently offered packages will have been upgraded to this level for some time now and any bugs or issues should be well ironed out.
The biggest challenge for some companies may be if they have custom developed packages requiring the 2003 server software and there may be the need to reprogram or find new alternatives to be able to move on. Given the inevitability of eventually having to replace the server making the changes now as soon as possible makes a lot of sense rather than investing more effort in anything based on running Server 2003. Of course doing this is not going to be easy but it can be accomplished with effort and planning.
Part of the challenge for migrating is making the decision on what to go to. For many companies this involves a decision on whether to remain on their own servers or to move to a hosted or cloud environment. both of these options have value but bring a whole new set of concerns to address before final changes are made. When the decision makers are less comfortable with IT needs or lack in house skills to conduct assessments it makes it even harder to decide. Servers have become the core of many business operations and no one wants to gamble on their operation. This is where knowledgeable help is often needed.
If your decisions are not made by now, you are already behind the curve and will have to put some real effort into catching up. Unlike workstation operating systems, server operating systems have a much larger overall impact on a business and it is much harder to isolate them from the network environment. When XP support was ended some systems might be taken off the network and still used for a while. For a server this is almost impossible since the whole reason for a server is to facilitate centralization and interaction between users on the network it supports.
Windows Server 2003 has done its work for a long time and with great reliability and results for thousands of users. Its time has come. It is time for it to have a rest and be replaced.
Photo: Windows Server 2003 logo trademark of Microsoft Corporation.
One of the publications I follow regularly is IT World Canada. Regular readers of this blog will know that I refer to some of their articles frequently, partially because they take a broad view of what constitutes I.T. and that helps me to see a wide variety of issues which can affect office environments.Read More