Posts Tagged

IT Support

More Antivirus is Not Always Better!

Elizabeth Technology August 9, 2022

Built-In Antivirus

Microsoft Windows has come with it’s own antivirus for quite some time. Windows 10 and 11, for example, came with Windows Defender built in and on automatically unless another antivirus was installed, at which point it would automatically switch off. Windows Defender by itself is plenty of defense for the kind of run-of-the-mill threats you’d run across browsing unsecured websites or trying to download games from websites other than big, trusted ones like Steam (given you’re listening to it when it suggests you double-check the source and double-check that you meant to download a .exe file) but some people would rather have this protection from a paid-for antivirus like Kaspersky or McAfee. The fact that those programs cost money doesn’t necessarily mean they’re better, but it can be a peace of mind thing – complaining about something that cost money means that some penalty can be extracted if the user isn’t satisfied, even a penalty as small as a partial refund.

This Computer’s Not Big Enough for the Two of Us

Windows Antivirus is unique for automatically stepping down when another program steps up. Many others don’t!

Antiviruses do not get better the more that you have. They interact in ways that step on each other’s toes and lead to false alarms. As an example: say a computer has both Norton antivirus and McAfee antivirus installed. McAfee will try to scan the computer for new threats upon startup, but will be interrupted by Norton, who interprets the file-checking as potentially hazardous behavior. Norton isn’t wrong, because ransomware will often sweep through files in some way or another, but it doesn’t recognize McAfee, and almost no other program has a reason to do that anti-viral scanning. Thus, Norton then tries to report McAfee to you! Some antiviruses have safety rails that literally will not let you whitelist (whitelisting refers to telling a program that a file or action is okay, or ‘whitelisted’) certain executable programs, so you get stuck in this horrid, unbreakable loop of antivirus fingerpointing every time you boot up your computer.

These interactions actually make your computer less safe – if both antiviruses have deadlocked themselves out of scanning because the other one says it’s a virus, your computer is not being scanned. That’s bad! Scanning is not completely foolproof, and a regular residential antivirus won’t necessarily be able to catch or handle something industrial grade, but it catches plenty of small things like trojans before they become serious problems that can cripple your computer.

Your computer is much better off with just one brand of antivirus on it at a time. Instead of more, buy better. And if you’re unsatisfied with one brand’s performance, completely uninstall it before you install the program you replace it with. Not only does that prevent them from interacting in a negative way, it also prevents the previous program from hassling you to renew it with pop-ups (McAfee is infamous for this). Either way, it’s going to save you some annoyances!

And in Other Realms

The antivirus problem is a pretty unique one because most programs don’t interact with every file on your computer in the way that they do. Two art programs are not going to start fighting over which one you should use, for instance. However, some other cases can be pretty similar. Like VPNs! Having more VPNs is going to slow down your computer without much additional benefit. The way a VPN works is that it takes your request, encrypts it, sends it to a server, unencrypts it, completes the request, encrypts it again, and then sends it back to you. This keeps your ISP from seeing this request, but it doesn’t necessarily anonymize the data – after all, the VPN’s server has to unencrypt the data to actually complete the request, so the VPN knows what the data is, and it knows where the request is coming from in the first place. The VPN has the same visibility the ISP initially had. Adding more VPNs to your computer will not solve this problem, it will just move it down the chain, and add extra time to each request you make in the meantime as it bounces around VPN servers.

If you only need to protect your data from the coffee shop’s open Wifi or want to watch Netflix Canada, the kind of VPNs you see advertised on Youtube will be able to do the job – the data won’t be strictly, unsubpoenably anonymous, but it will be encrypted and rerouted well enough to make those two things happen. If you’re trying to search for things that nobody can know about, you’d be better off downloading TOR (which stands for The Onion Router), a popular VPN with an excellent reputation for encryption and security. Using TOR to do illegal things is illegal, of course, but the act of downloading it and using it by itself is not.

Intro To Phishing, And How To Avoid It

Elizabeth Technology July 14, 2022

What is Phishing?

Phishing is the action of sending someone messages with the intent to deceive them into parting with information they otherwise wouldn’t have shared. While it’s commonly used to try and steal logins, cookies, and other digital data, it can be used to snatch things like government-assigned identification numbers, important medical information, and more.

It’s also not limited to email, despite the common perception – ‘smishing’ is phishing over text using things like fake verification texts, and the ever-popular phone scams can phish by pretending to be a bank or other service that the victim may actually use.

What’s the Risk?

Getting your PII (your personally identifying information) stolen is kind of a nightmare. You probably don’t need me to explain all the ways identity theft can really screw up your credit and reputation!

If a scammer gets ahold of the login to your bank service, and you don’t have 2FA enabled on your account, they can do quite a bit of damage to your account by requesting cards, making fraudulent purchases, or transferring out money. Even if your bank has policies to protect you and undo all that mess, it’s still going to be a very frustrating and anxious few weeks of reclaiming control of your account, communicating with the bank, and the bank trying to track down the phisher (if they even can). That’s just one login!

Aside from the big, important services like your bank and utilities, getting your password and login stolen from a service you don’t consider important can still really suck. It can even lead to the phisher getting into the services you do consider really important. Take a smishing attempt that looks like Fedex has tried to deliver a package, but couldn’t. Were you expecting a package? If you were, you’re probably a little concerned. You don’t notice there’s a typo in the text, or that the number it sent from is different than usual. You click on the link, and it leads you to Fedex Smart Delivery manager, prompting you to log in. If you type in the login, then you just gave them your Fedex credentials! That doesn’t sound like a big deal – Fedex is easy to reset, right? But it is a big deal. Your address is in Fedex. You have your telephone number in Fedex. Your delivery history is in Fedex. The phisher can use some of that information to open accounts in your name that they don’t intend to pay for, which can impact your credit score. Plus, if you reused that password anywhere else, you have to reset it everywhere it was used, because odds are the phisher is going to try and get into everything they can to gather more data and steal working accounts.

How to Better Protect Your Accounts

All of this sounds really painful. Luckily, there are a few tips that can make your information safer! Firstly, don’t re-use passwords. You may groan at the thought, but reusing a password for services makes it much easier to steal an account of yours if they get that password via a site breach or a scam. We recommend a password manager like LastPass – it makes it much easier to store and create unique, strong passwords for every site!

Secondly, you’ll be better protected if you use two-factor authentication on every website that has the option to. If you do fall for a phishing scam, the scammer won’t have the code necessary to get in! Of course, some scams are sophisticated enough to think of that beforehand: Craigslist, for example, had a bad rash of scammers a while back who would “text a code” to a seller “to make sure they were a real person”. The seller then gives them the code, and the scammer now has a Google Voice number with the seller’s phone number as the verified number behind it! They just social-engineered their way into bypassing 2FA. This is why you should never give out verification codes – especially if you didn’t request them. Instead, it might be time to reset the password of the account that verification email came from. Just don’t click any links in those verification emails, either: go straight to the home page of the site instead to log in. The verification email might be a phishing attempt all by itself, hoping you’ll click a fake link to the website!

How To Avoid it in the First Place

It’s better if they never get to test 2FA at all. There are a few key tips to avoid phishing scams. Firstly, is there a sense of urgency? Your utility companies aren’t going to call and say they’ll shut off your water without at least a few mailed reminders that your bill is due! The same goes for your bank. If they demand that you resolve a problem right then, right there, out of the blue, it’s probably a phishing scam (if you’re nervous it’s not a scam, call the alleged company using their number off of their Google page or their real website). This goes for both phone and email phishers.

 If it’s an email or a text, ask yourself if you were expecting an email or a text from that company. If you get a Fedex text update that you didn’t sign up for, it might be a phishing scam. If you got a notification from Walgreens that your photos have finished printing, and you didn’t print any photos, it might be a phishing scam. They want you to click or tap the links they include to see what’s going on. Spelling errors are also a common tell – it’s not impossible for a company to make spelling errors in their communications with you, but they won’t be littering the page with them! Phishing scams do that to weed out people who know better so they won’t waste time on targets that won’t crack.

You should also check the sender of the email! Spoofing is a technique that attaches a real name that you might know to an email address or phone number that definitely doesn’t belong to them. Anyone can set their name to George Smith or Big Company Customer Service in Gmail, but they can’t change the email address they’re sending from. If it’s [email protected] and not [email protected], for example, it’s probably a phishing scam.

The same goes for caller ID, although it’s getting harder and harder to tell real calls from fake ones – scammers can set their name to something like “Hospital” or “School” to make it more likely you’ll pick up. Some more sophisticated operations can even make it look like they’re calling from a different number altogether, using VOIP technology to match the area code of the caller to the person being called. Just like in the urgency tip, you should be able to call a legitimate company or organization like a school back from the number they have on their website, or the number you know to reach them at. If they’re really resistant to you hanging up and calling back for reasons that don’t make sense, it might be phishing. Unfortunately, some scam calls are really tough to pick up on, and the FCC can’t do much to stop them if they’re not in the US. Many people today don’t answer their phone unless they were explicitly expecting a call as a result, and phone companies themselves sometimes offer up call and text screening.

Spear Phishing

Spear Phishing is much more sophisticated by default. It’s a scam that can’t just be blasted out to 500 people, they want to get you! They’ll use every trick in the book they can to get you to click a link or give out information you shouldn’t. If they think you have valuable information on your company, for example, they may send an email pretending to be a coworker by using spoofing, and they will write more carefully to avoid misspelling anything. If something doesn’t feel right, it’s important to check the ‘coworker’s’ email address for spoofing, which should stop most spear phishing attempts in their tracks. If you examine the entire domain name for misspellings, you may find one! For example, somebody using [email protected] or [email protected] instead of [email protected] might snag a few people who didn’t look closely enough. A scammer may also try to use a line like “I’m locked out of my work email, so I’m using my personal one” to try and impersonate your coworker. Many organizations have policies against using personal addresses for this exact reason – how can you verify they’re with the company if they’re using Gmail or Yahoo? Anyone could make an account with their name at that point! In this case, if the coworker didn’t warn you or share this address with you beforehand, you shouldn’t interact with the email further. Don’t click any links or attachments in the meantime.

You can even forward the email to IT! If you’re worried that the coworker really needs that sensitive data (which fits into creating a sense of urgency, like mentioned above) consider the risks of falling for a phishing scam vs. the risks of standing your ground when you didn’t need to. A phishing scam can completely pull down your entire operation, lock up or steal files, and wipe computers of their data, setting a company back with nearly nothing. Not giving information out to an email address you don’t recognize can delay a project or annoy a client, yes, but it’s much better than wrecking your organization, in which case you’ll also delay projects, but for much longer as your company recovers from a phishing-based security breach. Better to be safe than sorry!

Future of working: The growing need for robust remote working solutions

Jeff Technology, Trends February 1, 2021

What does the future of work really look like? Unlock the full potential of cloud-based solutions.

Where the first initial lockdown, back in March last year had forced most companies into an abrupt digital setting, the two that have since followed only solidified this. This transformation has now manifested itself so that companies have become significantly, if not completely, reliant on remote, digital solutions to remain functional. As a result, the growing need for robust remote working solutions has surged, causing traditional and antiquated workplace solutions to fall by the wayside.

 

Embracing digital transformation and unified workplaces

The evolution of digital transformation has fast-tracked the online revolution, meaning elaborate predictions of future working are now not so distant. The boundaries between working from home and in the office are now completely blurred as we find ourselves marching through 2021. The need for physical office space now seems redundant as we can work just as we did before, if not better, from home and exceed productivity and collaboration standards.

 

A far stronger focus is now on the availability of IT tools as workforces rely on these methods of remote solutions to remain as collaborative with their colleagues as possible. For example, proprietary business communication platforms have completely revolutionised the way we communicate, collaborate and generally work as they dealt with the majority of the population pivoting to remote working. State of the art interactive, virtual meetings via a browser promotes efficient collaboration and strengthens the performance of organizations, while necessary commutes can be reduced or in some cases avoided.

 

What’s more, the capabilities to provide quality engagement between employer and employees is now of utmost priority. As we navigate a more digitized year than ever before, employees should be equipped with most efficient solutions that IT managers can source within minutes, instead of days or even weeks so that effective communication internally can also benefit.

 

This ‘future of working’ model can be achieved through introducing personalized digital workspaces accessed through a browser of any device, anywhere in the world. Perfectly suited to the new home and office split, innovative cloud technology enables organizations and their staff to access any of their applications hosted on-premise or in the cloud, as well as internal and external web applications instantly.

 

Understanding the challenges

The sudden pivot to mass remote working, however, has not been as smooth sailing as initially thought after all. For companies still operating in traditional virtual environments, remote working solutions often lack flexibility to include legacy or GPU intensive applications that are traditionally running on a desktop or on-premise solutions. Though, it is not too late to innovate and take the first step towards cloud-based technologies. It cannot be stressed enough that cloud computing is here to stay and can offer these types of businesses a life line before it’s too late and fall completely behind digital transformations and breakthroughs.

 

Additionally, let us not forget that the internet is no doubt a dangerous place. A world now mostly operating online, puts the traditional-based IT infused companies, even more at risk. In fact, there are several emerging cyber threats with an impact that have never been seen before. Due to existing Enterprise software protection solutions that are decades old and vulnerable, many businesses are left exposed and ‘easy’ to attack. And now, with the entire UK workforce being told to work from home, where possible, investing in secure and reliable solutions has never been so crucial for the online safety of not only a business, but its workforce.

 

Companies can look for intelligent cloud-based solutions that combine the benefits of streaming an online workplace effortlessly with complete trust in the solution to resolve exposure to hackers. For example, when using the cloud, client-to-site VPN connections are no longer required as a result of migrating systems to the cloud, meaning there is no point of attack for trojans. Furthermore, no end device within an organization will be able to access an application server as the direct communication between the user and the target system can be completely ruled out with cloud software.

 

Yet, it is all types and sizes that can be affected. Even multinational companies fall victim to cyber hacks, often involving over 1000 employees due to vulnerabilities in outdated architecture. Investing in state-of-the-art cloud solutions that include cyber insurance will become a new box to add to the IT checklist in 2021 and beyond.

 

What’s more, new cloud technologies have emerged and seen acceleration in adoption, thanks to the influx of home working such as Everything-as-a-Service (XaaS). This type of solution enables all IT services to be offered in the cloud for workforces as they work remotely. XaaS not only provides remote workers with advanced flexibility but ensures enhanced security due to it encompassing the likes of other solutions such as IaaS, PaaS and SaaS.

 

How cloud can help create the ‘anywhere office’ for the millennial workforce

Implementing an efficient cloud adoption strategy

If the multiple lockdowns have taught us one thing, it is that cloud adoption is no doubt proving to be one of the most efficient ways to secure and sustain the demands of a digital workforce. Now in 2021, we hope to reach some kind of normality as the dust will hopefully settle on the Covid-19 pandemic. Remote working is now here to stay and it will be up to business leaders to make sure they have the correct and most efficient cloud adoption strategy in place, for their employees. Armed with the right cloud solutions, businesses have the potential to simplify their IT ecosystems and procure solutions without committing to large upfront investments.

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.weforum.org

3 ways to fill worrying cybersecurity gaps

Jeff Technology, Trends February 1, 2021

As businesses of the future evolve to be more digital and more shared, the need to prepare to avert a cyber pandemic – with potential even more than the coronavirus to upend our lives – has never been more urgent.

 

We need to strengthen our strategic response to the risks before we invest in tactics. Our plans must work harder and smarter to address capability gaps.

 

A common agenda will build the confidence and competence to achieve the resilience we need.

 

If humanity ever needed reminding of our interdependence, the pandemic has brought that home. As we scale up our response to the crisis, through largely digital means, our interconnectedness grows exponentially. And with it our vulnerability to the risk exposures of the virtual world. In fact, businesses of the future are evolving to be more digital and more shared. The need to prepare to avert a cyber pandemic – with potential even more than the coronavirus to upend our lives – has never been more urgent.

 

For a moment, let’s think of the unthinkable. A world without phones and internet, with idling trucks, trains and planes because fuel pumps and charging stations are incapacitated; banks shuttered; food supply chains broken; and emergency services made all but unavailable. This bleak vision would be inevitable if electricity supplies are cut off by a cyberattack.

 

In a scenario such as this, we know, that the ensuing swift blackout would be crippling. Unfortunately, we also know that a crisis of this scope, sophistication and impact is not just possible but something we are currently dealing with – albeit in a different context.

 

Global Technology Governance Report 2021

Last month, a group, believed to be Russian, gained access to over 18,000 systems – belonging to government and corporations – through a compromised update to SolarWinds’ Orion software. We were unprepared to prevent the attack because the bad actors slipped through the exact whitelisted software supply chain we trust. Even more regrettably, the software supply chain allowed them to access the network of FireEye – the US-based cybersecurity giant known for investigating and remedying some of the world’s most high-profile breaches.

 

While FireEye’s customers remained largely unimpacted this time, the moral of the story is that no one and nothing is immune. Our sources of cyber-protection – software updates or defending partners – can be the Trojan Horse where everything around us devolves into chaos.

 

Well before we learnt these tough lessons in the final weeks of a rather challenging 2020, the World Economic Forum questioned whether our individual and collective approach to managing cyber risks is sustainable in the face of the major technology trends taking place.

 

Although there’s an array of resources to manage cyberattacks, we still have a long way to go before we can, as a whole, effectively counter these threats. We need to strengthen our strategic response to the risks before we invest in tactics. Our plans must work harder and smarter to address capability gaps in three areas:

 

  1. More coordination

Consider the SolarWinds attack. It did not directly hit its intended targets. Instead, the attackers surreptitiously built a chain of offence, that included non-government agencies, security and technology firms along with educational institutions, to inch unnoticed towards their real targets for espionage.

 

They knew they’d find their mark through our digital interconnectedness. We can turn this same intertwining of infrastructure to our advantage. Research tells us that hackers attack computers with Internet access—every 39 seconds on average. If we all shared threat intelligence, across borders, across the private and public sector, across industries and competitors, the collective intelligence could only move us forward faster.

 

An invaluable first step would be to develop more open systems, while adopting common standards and taxonomy in cybersecurity. This will serve us better to integrate and train our teams to drive holistic security. Global spending on cybersecurity solutions is projected to exceed $1 trillion cumulatively over the five-year period from 2017 to 2021. We must reprioritize these budgets to align with shared goals including collaborating to overpower organized cybercrime and the private-sector technology nexus with nation-state attackers.

 

  1. More sophistication

The Global Risks Report 2020, articulated how the digital nature of the Fourth Industrial Revolution technologies is making our landscapes vulnerable to cyberattacks. For example, it is estimated that there are already over 21 billion IoT devices worldwide, slated to double by 2025. Attacks on IoT devices increased by more than 300% in the first half of 2019 alone.

 

The report, observes how “using ‘security-by-design’ principles to integrate cybersecurity features into new products continues to be secondary to getting products quickly out into the market.” Our current approach of bolt-on security needs to be reimagined to create stronger build-in standards, including SDLC-security quality certification, that makes software partners more accountable for security assurance. Along with this discipline in securing the supply chain as meticulously as we secure our products, we need better design architecture to tackle the challenges at hand.

 

  1. More human capital

At the same pace that AI is growing useful in cyber defence, it is also enabling cybercriminals to use deep learning to breach security systems and harness data sets to improve response to defence.

While we can battle machine with machine, nurturing a strong pipeline cybersecurity talent, will give our defence an edge. We need better problem finders in greater numbers to work with our problem-solving machines. And this time, they need to be embedded in the complete lifecycle of our processes. Every person in the ecosystem must understand his or her role with respect to cybersecurity and be accountable to deliver to metrics and standards for cybersecurity quality. As of 2019, there were an estimated 2.8 million cybersecurity professionals worldwide, against a need for over 4 million.

 

If there is one lesson from dealing with the pandemic, it is the need to take each other along as we move forward into a more secure future. The very nature of a pandemic is such that no one is really safe unless everyone is safe. A cyber pandemic is no different. It is in shared trust and a common agenda that we can build the confidence and competence to achieve the resilience we need.

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.weforum.org

IMSA launches remote cyber security assessments

Jeff Technology, Trends January 25, 2021

Vessels worldwide are now facing compliance with the International Maritime Organisation’s (IMO) cyber security requirements. In response, the International Maritime Security Associates (IMSA) has developed a suite of cyber security tools and services for the maritime industry.

 

The company has recently launched the capability to conduct basic shipboard network vulnerability assessments without sending personnel on board.

“This capability is necessary in today’s current COVID environment,” comments Corey Ranslem, CEO of IMSA. “We know it isn’t always easy, practical or cost effective to send people on board a vessel to conduct a cyber security assessment, so we’ve developed this amazing remote assessment tool. Through this tool, our cyber specialists can conduct a remote assessment at about half the cost of sending personnel on board. This tool helps our global clients with IMO 2021 cyber security compliance along with protecting passengers and crew.”

This tool is part of a larger suite of cyber security tools IMSA has developed to support vessels and maritime facilities with expanding their cyber security defences.

 

Some of these cyber security tools are part of the ARMS software platform. Through ARMS, IMSA can monitor a vessel’s critical systems and networks remotely in real-time through its SOC (Security Operations Centre). This capability protects vessels from real-time threats to IT, OT, and other critical network systems.

“IMSA is continually enhancing the levels of protection we provide our clients,” adds Ranslem. “Through ARMS and our 24/7 operations centre, we provide a variety of client-focused services to ensure the safety of your voyage and critical systems.”

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.superyachtnews.com

Remote working – striking a balance

Jeff Technology, Trends January 24, 2021

Presenteeism has long been associated with working life in the city, viewed by many employers and employees as essential for getting known and getting ahead.

However, in response to the Covid-19 pandemic, businesses have had to cope with an abrupt move to mass remote working, in a way many never would have imagined feasible only a year ago. In many industries it has proved to be manageable. And, even before the pandemic, it was recognized that endorsing agile working was becoming a significant factor in driving forward a successful, modern business, capable of attracting and retaining top talent.

So will it endure?

Perhaps one of the biggest barriers to remote working has been trust; employers simply did not trust that people working from home were actually working, that service standards could be maintained, that confidential information would remain secure. Many of these issues have been dealt with by enforcing best practices around regular communication and updating and enforcing detailed home working policies.

And so, as and when we are allowed to return to work in the city, employers can no doubt expect many more employees to exercise their statutory right to request flexible working. Refusals are likely going to be much more closely scrutinized and potentially lead to formal grievances. Management and HR should be proactively planning their approach in advance.

Of course, remote working is not everyone’s preference and it has its downsides. It can be lonely and isolating, having a negative impact on employees’ mental health and workplace collaboration and diversity. In particular, junior employees can miss out on developing vital skills and a professional network.

Therefore, striking the right balance inevitably seems like the best way to future proof both businesses and individual career progression. In our view, it is not a question of if but when will we return to the city; but expect that most employees will not want to spend as much time there as they and we once did.

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.cityam.com

Thinking about going remote-first, forever? Do these 5 things beforehand

Jeff Technology, Trends January 4, 2021

In recent years, flexible working has become synonymous with modern business management and a distinctive trademark for hip tech companies.

 

However, since COVID, it has become vital for most companies to adapt their work settings to social distance practices and to strive for a higher degree of digitalization. 

 

In a matter of months, telecommuting, remote working, teleworking, working from home, working from anywhere, and flexible workplace have entered our vocabulary – and are very likely here to stay.

 

As we witness this epochal transition, employers and employees wonder, how should we come prepared to meet the inevitable challenges? Here is a to-do-list for all the companies that are considering going remote-first!

 

Organize the tools, systems, workflows

If you are approaching remote working for the first time, you should consider yourself very lucky! The technology that is available on software and on cloud nowadays is (in most cases) sufficient for you and your employers to keep constantly in touch and organize your streams of work in the most efficient way. So much so that several companies will never go back to now obsolete in-office work arrangements.

 

Examples of online tools that can make your work-from-home life easier include (among many others): video cloud-based communication software programmes, time and tasks management apps, corporate training platforms, cybersecurity toolkits.

 

Also, here you can find EU-startups-approved lists of AR and VR startups that are helping us work remotely and of several tools for jazzing up your online and work meetings.

 

Assign clear roles and responsibilities

Another important step to make remote working ‘work’ is to set clear roles and responsibilities among your co-workers or employees. As mentioned before, the appropriate online tools and a constant flow of communication between team members can help everyone understand what’s expected of them within the group. 

 

A fixed hierarchy and clear tasks are particularly important in a remote working situation as they encourage your employees to take ownership for their work and their success (and, very importantly, to acknowledge their shortcomings).

 

Also setting up clear goals and KPI’s is important for a group that works from different places – and sometimes on a different schedule or even a different time zone. Check the next item on the list for advice on how to set KPI’s from a distance.

 

Review KPIs

Whatever the working arrangement, monitoring performances and detecting areas for improvement is key to success. In a remote working scenario, setting KPI’s becomes all the more important to measure whether your collective efforts are effectively being carried out.

 

Some simple advice for carrying out a performance assessment for out-of-office work includes: 

  • Tracking milestones in relation to the final product (or intermediate versions) with an Agile Project Management process framework
  • Keep a steady flow of information by sharing feedback and notes
  • Use virtual boards and keep them updated, that should help keep you workers motivated

 

Ultimately, your employees should feel comforted by the fact that the workflow remains unaffected.

 

Start building a positive working culture

Positive attitude in the workplace is everything! Make sure to outline the advantages of a remote position to your employees. Remote working needs some adjustments but should never feel like a demotion or a punishment. Instead, it holds tangible advantages: when employees can manage their time autonomously, you reduce the risk of them contracting the virus, and they feel safer, more motivated and trusted.

 

Also, set out values that are important for both parties, such as defining free time slots, and prioritizing employees’ mental and physical needs. During quarantine and social distancing times, feelings of isolation and distress are very common. That is why building an effective and positive working culture includes finding the right work/life balance.

 

Check-in with your employees

Make your employees feel heard and seen – even if only via a computer screen! Make a habit of getting regular, virtual coffee breaks with them and meetings that aren’t strictly work-related.

 

Trust them with their tasks and make sure that they feel safe while performing their duties. Losing one’s job is a dreadful fear and can impact their performances. Plus, it can worsen an already aggravated mental state. It is in fact proven that a high level of economic anxiety has been generally registered during the pandemic. And this is not only true for people who are unemployed but also for those who are employed and in fear of being laid of.

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.wired.co.uk/

These cybersecurity tactics will help businesses survive 2021

Jeff Technology, Trends January 4, 2021

Security professionals take three steps: threat detection, immediate action and long-term defence. All companies should look to do the same, no matter their industry.

 

During 2020, institutions of all kinds were forced to adapt to a dynamic world where the usual projections and five-year marketing plans did not apply. Economic reports show marked GDP reductions of greater than 20 per cent in many countries, with a continued decline into 2021. Businesses and workplaces will increasingly turn to models of work in dynamic fields – such as cybersecurity – to make them more resilient.

 

Organisations that emerge out of the pandemic and the ensuing economic turmoil will have spent 2020 continually adapting to previously unimagined circumstances. This is a very familiar environment for people working in security, and particularly cybersecurity because quite often we don’t know what the next couple of hours will look like. Businesses of all kinds will discover the need to adopt fluid models and frameworks developed in a dynamic field and use them to redirect money, personnel and resources rapidly.

Typically, most businesses rely on static, predictive data analysis for growth and sustainability. The study insights and information from the previous few weeks and base predictions on them. However, these statistics can be rendered virtually useless within the next hour. Instead, businesses must start using data as they get it, proactively seeking out problems that could pose danger – just as cybersecurity specialists do.

 

Many cybersecurity frameworks can be modified to suit businesses more broadly. One example is data orchestration – where information that has been siloed in various parts of an organisation is collated and made available for rapid analysis.

 

Another is the concept of common vulnerability exposures (CVEs). This is a standardised identifier for known vulnerabilities, such as a weakness in a certain kind of encryption or exposure such as a large data breach in the last two years. Lists of these are available for any organisation looking to improve its cybersecurity. A version of this approach for other industries – known issues with certain suppliers, for example – could be used to make all kinds of firms more resilient.

 

In cybersecurity, we often take a three-pronged approach: detect what the potential threat is; take immediate action to protect information; and establish long-term defences to systems, such as new kinds of encryption. Businesses will find that adopting these processes and tools – especially their emphasis on the early detection of potential threats and the sharing of information when necessary – will help future-proof operations.

Early adopters will be the winners here. Workplaces and organisations that embrace the reality of a dynamic environment, rather than yearning for static working and legacy business models, will outperform their competitors. In 2021, companies and institutions that adopt principles such as data orchestration and CVEs, will find they’re in a better position to survive.

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.wired.co.uk/

Microsoft Set to Block SolarWinds Orion Binaries

Jeff Technology, Trends December 16, 2020

 

Microsoft is preparing to quarantine malicious versions of the SolarWinds Orion application used in recent nation state attacks, in a move that may crash systems.

 

The computing giant had previously released detections to alert customers of its Windows Defender security product if they were running the malicious updates. Although it was recommended that such customers isolate and investigate any such devices, the decision was down to them.

 

However, in an update yesterday Microsoft effectively said it was taking the decision out of the hands of its customers.

 

“Starting on Wednesday, December 16 at 8:00 AM PST, Microsoft Defender Antivirus will begin blocking the known malicious SolarWinds binaries,” it said.

 

“This will quarantine the binary even if the process is running. We also realize this is a server product running in customer environments, so it may not be simple to remove the product from service.”

 

Over the weekend reports emerged that a previous attack on FireEye was part of a much larger Russian intelligence plot to steal sensitive information from US government and countless other unnamed organizations.

 

The vector was Orion updates which the attackers managed to seed with malicious binaries used to install the Sunburst (aka Solarigate) backdoor malware. SolarWinds confirmed to the SEC that 18,000 customers were affected.

 

However, as the product performs crucial network management operations, Microsoft’s decision could theoretically cause some disruption.

 

“It is important to understand that these binaries represent a significant threat to customer environments,” it argued. “Customers should consider any device with the binary as compromised and should already be investigating devices with this alert.”

 

Microsoft urged victim organizations to immediately isolate affected devices, identify accounts used on the device and assume they have been compromised, reset passwords, look for lateral movement tools and more.

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.infosecurity-magazine.com/

Twitter Fined Half a Million Dollars for Privacy Violation

Jeff Technology, Trends December 16, 2020

Twitter has been fined over half a million dollars for violating European Union data protection laws in the first EU-wide privacy case. 

 

The EU’s chief data watchdog today announced that it has issued an administrative fine of 450,000 euros ($547,000) to the social media titan for being too slow to notify Android phone users located across the EU of a data breach that threatened their privacy.

 

A further finding of the investigation into the breach by Ireland’s Data Protection Commission (DPC) was that Twitter failed to adequately document the security incident. 

 

The DPC’s investigation into the incident commenced in January 2019 following receipt of a breach notification from Twitter. On Tuesday, the DPC stated that Twitter “infringed Article 33(1) and 33(5) of the General Data Protection Regulation (GDPR) in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach.” 

 

Under EU data protection rules, it is a requirement to report a breach within 72 hours of discovery. 

 

The commission described the not insignificant financial penalty levied on the American company as “an effective, proportionate and dissuasive measure.”

 

According to the Binding Decision of the Board, the data breach arose from a bug in Twitter’s design that caused the protected tweets of Android device users to become unprotected without their consent if users changed the email address associated with their Twitter account. 

 

The bug, which affected 88,726 EU and EEA users between September 2017 and January 2019, was traced back to a code change made on November 4, 2014. It was discovered on December 26, 2018, by the external contractor managing Twitter’s bug bounty program.

 

Referencing the significance of the Twitter inquiry, the DPC stated: “The draft decision in this inquiry, having been submitted to other Concerned Supervisory Authorities under Article 60 of the GDPR in May of this year, was the first one to go through the Article 65 (‘dispute resolution’) process since the introduction of the GDPR and was the first Draft Decision in a ‘big tech’ case on which all EU supervisory authorities were consulted as Concerned Supervisory Authorities.”

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.infosecurity-magazine.com/