Category Archives: mobile web

Top 10 Ways SMBs Can Mitigate Cyber Risks and Threats in 2023.

Fig. 1. Stock Virus Infographic, 2023.

#smbinfosec #cyberrisk #techrisk #techinnovation #infosec #infosec #cloudcomputing 
#cyberdefense #disinformation #cio #ciso #cto #tech #ransomwareattack #123backup

1) Educate Employees About Cyber Threats and Hold Them Accountable:

Educate your employees about online threats and how to protect your business’s data, including safe use of social networking sites. Depending on the nature of your business, employees might be introducing competitors to sensitive details about your firm’s internal business. Employees should be informed about how to post online in a way that does not reveal any trade secrets to the public or competing businesses. Use games with training and hold everyone accountable to security policies and procedures. This needs to be embedded in the culture of your company. Register for free DHS cyber training here and/or use the free DHS SMB cyber resource toolkit. Most importantly, sign up for DHS CISA e-mail alerts specific to your company and industry needs and review the alerts – Sign up here. Use the free DHS developed CSET (Cybersecurity Evaluation Tool) to assess your security posture – High, Med, or Low. CSET is downloadable here.

2) Protect Against Viruses, Spyware, and Other Malicious Code:

Make sure each of your business’s computers are equipped with antivirus software and antispyware and updated regularly. Such software is readily available online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install updates automatically. Especially watch out for freeware that contains malvertising. Make sure submission forms can block spam and can block code execution (cross-side scripting attacks).

3) Secure Your Networks:

Safeguard your Internet connection by using a firewall and encrypting information. If you have a Wi-Fi network, make sure it is secure and hidden – not publicly broadcasted. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Also, have a secure strong password to protect access to the router. (xbeithyg18695843%&*&RELxu75IGO) — example. Lastlyuse a VPN (virtual private network) to encrypt data in transit, especially when working from home.

4) Control Physical Access to Computers and Network Components:

Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel — with approval records.

5) Create A Mobile Device Protection Plan:

Require users to password-protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Use a containerization application to separate personal data from company data. Be sure to set reporting procedures for lost or stolen equipment.

6) Establish Security Practices and Policies to Protect Sensitive Information:

Establish policies on how employees should handle and protect personally identifiable information and other sensitive data. Clearly outline the consequences of violating your business’s cybersecurity policies and who is accountable. Base your security strategy significantly on the NIST Cybersecurity Framework 1.1: Identify, Detect Defend, Respond, and Recover — a respected standard that easy to understand (Fig. 1). The NIST Cybersecurity Framework Small Business Resources are linked here.

Fig. 2. NIST CSF Domains and Sub Areas, NIST, 2022.

7) Employ Best Practices on Payment Cards:

Work with your banks or card processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations related to agreements with your bank or processor. Isolate payment systems from other, less secure programs and do not use the same computer to process payments and surf the internet. Outsource some or all of it and know where your risk responsibility ends.

8) Make Backup Copies of Important Business Data and Use Encryption When Possible:

Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Back up data automatically if possible, or at least weekly, and store the copies either offsite or on the cloud. Having all key files backed up via the 3-2-1 rule — three copies of files in two different media forms with one offsite — thus reducing ransomware attack damage.

9) Use A Password Management Tool and Strong Passwords:

Another way to stay safe is by setting passwords that are longer, complex, and thus hard to guess. Additionally, they can be stored and encrypted for safekeeping using a well-regarded password vault and management tool. This tool can also help you to set strong passwords and can auto-fill them with each login — if you select that option. Yet using just the password vaulting tool is all that is recommended. Doing these two things makes it difficult for hackers to steal passwords or access your accounts.

10) Use Only Whitelisted Sites Not Blacklisted Ones or Ones Found Via the Dark Web:

Use only approved whitelisted platforms and sites that do not expose you to data leakages or intrusion on your privacy. Whitelisting is the practice of explicitly allowing some identified websites access to a particular privilege, service, or access. Backlisting is blocking certain sites or privileges. If a site does not assure your privacy, do not even sign up let alone participate.

 About the Author:

Jeremy Swenson is a disruptive-thinking security entrepreneur, futurist/researcher, and senior management tech risk consultant. Over 17 years he has held progressive roles at many banks, insurance companies, retailers, healthcare orgs, and even governments including being a member of the Federal Reserve Secure Payment Task Force. Organizations relish in his ability to bridge gaps and flesh out hidden risk management solutions while at the same time improving processes. He is a frequent speaker, published writer, podcaster, and even does some pro bono consulting in these areas. As a futurist, his writings on digital currency, the Target data breach, and Google combing Google + video chat with Google Hangouts video chat have been validated by many. He holds an MBA from St. Mary’s University of MN, an MSST (Master of Science in Security Technologies) degree from the University of Minnesota, and a BA in political science from the University of Wisconsin Eau Claire.

Windows 10 Review: Mobile $ Centric, Cloud Informed, Touch Winner!

Ever since Google’s Android and Apple’s iOS have dominated the mobile operating system (OS) market, Microsoft has been running scared and has realized they cannot rest on their non-mobile products and established business application strongholds. The present and future OS market is heavily about mobile cloud-connected devices and that is why Android holds 78% of the mobile OS market (Fig. 1, 2015). Google’s release of the Chromebook in June 2011 was a quiet nuclear bomb against Windows, thus threatening their personal computer OS leadership.

Microsoft’s counterattack was supposed to be Windows 8.1 in 2012 to 2013 which was designed to run effectively on mobile and traditional devices but as per Fig. 1. their phone market share fell from 3.2% in 2013 to 2.5% in 2014 and then rose only to 2.7% in 2015. These results are horrible for a global software company that dominates the non-mobile OS and business application markets with more than 1.5 billion daily users according to Corporate Vice President of Education Marketing at Microsoft, Tony Prophet (2014). Windows 8.1 did not go over well because the Microsoft Store has few apps, people did not like the new tile start menu, it is clumsy to navigate, Internet Explorer is slow, and next to no one was inspired to get a Windows Phone because of Windows 8.1.

Fig. 1. Smart Phone OS Market Share
Mobile Phone MarketShare 2015
(IDC, May 2015, http://www.idc.com/prodserv/smartphone-os-market-share.jsp)

Windows 10 is supposed to be Microsoft’s comeback album and it’s going to be just as big as Carlos Santana’s 1999 Supernatural album with the hit song “Smooth”. Windows 10 was released on July 29th and so far the reviews are great all bugs aside. To share the love they are giving away free upgrades from Windows 8.1, 8.1 Phone, and 7 for one year. Microsoft never could quite sell the idea to everyone that you didn’t need a start menu. The Windows 8.1 start menu became the start screen, much the same way your tablet or cell phone works with tiles laid out like a board game. Thus Microsoft is bringing back the start menu on the bottom left yet they are leaving a partial live tile display for mobile enthusiasts that can be collapsed or expanded as per Fig. 2.

Fig. 2.
windows_10_start_screen_desktop_full_screen_0Windows 10 also introduces a function that allows you to utilize multiple desktops not just screen extensions, and this is a lot like Mission Control from Apple OS X. This will be a big benefit for business users, creative users, students, and people who do a lot of multitasking. The hot key shortcut to open a virtual desktop is: Windows key + Ctrl +D. Windows 10 also adds something new for gamers and graphics focused users, direct X12, which is a Microsoft proprietary graphics card decoder that communicates with and optimizes the many different graphics chips on thousands of computer models. It is the industry standard and that is why it’s used on the hugely popular X-Box. Windows 7 and 8.1 will not get access to direct X12 so graphics will be better on Windows 10. A creative person could even game in one desktop while they work in another assuming they have the RAM and CPU power needed for those specific applications – this is pretty cool. Another interesting visual add is the Windows Snap feature which allows you to split your screen into two, three or four separate areas and the hotkey shortcuts for this are:

  • Windows Key + Left – Snap current window to the left side of the screen.
  • Windows Key + Right – Snap current window to the right side of the screen.
  • Windows Key + Up – Snap current window to the top of the screen.
  • Windows Key + Down – Snap current window to the bottom of the screen.

For years customers have been unimpressed with the slow speed and incompatibility of ad-ons with Internet Explorer. Microsoft made a good move to create an all new browser similar to Google Chrome and it’s included for free with Windows 10. Code named Project Spartan and unveiled as Edge the new browser is up to 112% faster than Chrome according to Business Insider (07/15/15, http://www.businessinsider.com/microsoft-edge-windows-10-faster-than-google-chrome-2015-7). Edge allows you to circle, highlight and write your thoughts directly on web-pages. It also has a very cool reading view that strips out all the ads, sidebars, pop-ups and links, so you can scroll through a single column of text and pictures. However this does not work on all web-sites because some websites have not made the updates for 10. We really like this feature as we have been annoyed by these distractions when reading on-line and we like a lot of people do a lot of on-line reading.

Yet probably the second biggest addition to 10 will be Cortana. This is Microsoft’s digital assistant and promises to be much bigger than other voice assisted programs out there. Cortana is much like Dragon or Siri but much more advanced and integrated into the operating system. It will tell you your schedule and schedule things for you and is also an advanced web encyclopedia. It will learn more about you based off of Microsoft’s cloud databases which you can opt to share information with, including your e-mails, phone numbers, and web search data.

Fig. 3.
CortanaAfter upgrading to Window’s 10, we weren’t sure if we would use Cortana, but the more we use it the more we like it. In playing around with Cortana, you can provide feedback with screenshots that go right back to the teams at Microsoft. To prepare for the 10 release Microsoft was using an estimated five million external testers known as “insiders” to get this type of bug feedback.  This impressive number is a considerable increase from prior releases. Cortana is easy to locate in the bottom left of the screen next to the start menu. We find that if the user types a question in the search bar it will add tips and give you interesting facts each and every day, if you let it. Cortana starts out giving you information on the weather, finance, and sports but you can customize this under notebook settings (Fig. 3). Cortana is very intuitive and can track things for you. If you’re receiving a package, it will tell you the progress or details of that package. Say you’re picking someone up at the airport, Cortana will tell you if the flight is on time.

We really see Microsoft using Cortana to compete with Google Search and Google Analytics. Much the same way Google uses search on Android, Microsoft can use Cortana to provide different results for what you are looking for on phones, tablets, or computers. This really gives Microsoft a link to future ad and analytics revenue which could seriously challenge Google’s revenue streams.

In summary, Windows 10 is a much better product than prior operating systems and is a real threat to Apple and Google’s OS growth. It is designed for mobile and non-mobile devices and has the ability to exponentially learn about you from your use habits and Microsoft’s big data in the cloud. It is also a threat to Apple because they do not have a touch based OS on their computers but only on their iPads and iPhones. A lot of companies up to this point are still using Windows 7 but we see some of them moving to Windows 10 thus bypassing Windows 8.1. Imagine an HVAC worker, health care worker, or tax assessor having the power of Windows 10 to query their corporate database with Cortana while working in the field customized from their GPS trail.

With Cortana, the cool mobile aesthetics, the useful features of touch, the speed of the Edge browser, the ability to use multiple virtual desktops, the quad split screen, this is a growing hit among consumers. Based off these new upgrades it is much easier to use and much closer to what people are familiar with from previous versions of Windows yet it is still creatively different. We think app makers who have focused much of their energy in the past on the Android and iOS platforms will be forced to make more apps for Windows 10 and this will force more phone makers to sign on with Windows 10. We predict Windows 10 in conjunction with Microsoft’s own proprietary devices like the Surface will help them gain a lot more of the mobile OS market in the next 18 months thus driving Microsoft’s stock price above $55-$60 per share.

Jeremy Swenson and Mike Cassem are two seasoned, Intel certified, retail technology marketing and training representatives on assignment at Best Buy for clients including Intel, Trend Micro, Adobe, and others. Tweet to them @jer_Swenson and @micassem.

Jeremy Swenson About Photo for BlogMike Cassem

Microsoft HoloLens, Mobile vs. Good Web-Design, and Security Needs Innovation Not Gov’t.

Microsoft HoloLens1) We knew there would come another well-positioned company who makes a pair of smart glasses like Google Glass and that it will derive more competition and innovation. Microsoft raised their hand right away with their HoloLens glasses which are hologram based, slightly “gamified”, and seemingly better than Google Glass largely because they tied it in with known Windows functionality (broader offerings). See a video of this cool new technology here:

2) It is a fact that on average people now access more of their e-mail via mobile devices more often than on a traditional computer. This has forced websites, news makers, and companies to design their web offerings in a mobile compatible design so when you go to the web on a computer the sites are often overly mobile in their design aspects and sometimes look goofy and the buttons and frames are too big. CNN.com is a good example of a web-site that went too far with their mobile design so if you access it from a normal computer it looks more like a kids play web-site with big buttons and frames optimized for touch with little info presented. Yet their prior design was better especially if you want to read more on one screen view.

(Old vs. New CNN.com, respectively)
Old and New CNN WebsiteThere is no doubt that mobile will continue to grow and will be used on smaller devices like watches, ear buds, pacemakers, and contact lenses. Web design has shifted so fast to mobile that sometimes good web design and user experience is forgotten about for non-mobile users or business users who on average spend much more time on those same sites than mobile users. Thus a better balance of the two design types is needed, and an app is a separate project all together yet still needed. I also think Microsoft will take more mobile market share away from Android and Apple since they have learned a lot from their Windows 8 release and are quickly working to release Windows 10 as a better touch based mobility optimized O.S. that many are excited to try.

3) There will be more data breaches but many of them will be supported by the Western Governments who in effect devalue security standards by corroborating with large companies to quarry vast amounts of metadata all in the name of security. Sadly we know Governments have abused this power in the past and will continue to do so thus the private sector needs to collaborate and inspire innovation in this space for better security and transparency so the masses may have security and corrupt Governments can be exposed.

Equation group victims map

As it stands now hackers are a few steps ahead of antivirus makers and they are constantly tweaking their viruses so they can’t be detected. The newest types of viruses are suspected to be created by the Equation Group, one of the most sophisticated hacking groups ever known. These new viruses hide in your hard drives firmware and are undetectable. Antivirus maker Kaspersky commented on this in their Q&A doc on the Equation Group by stating, “We were able to recover two HDD firmware reprogramming modules from the EQUATIONDRUG and GRAYFISH platforms. The EQUATIONDRUG HDD firmware reprogramming module has version 3.0.1 while the GRAYFISH reprogramming module has version 4.2.0. These were compiled in 2010 and 2013, respectively, if we are to trust the PE timestamps” (http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2015/02/Equation_group_questions_and_answers.pdf).

Kaspersky went on to further speculate that there were clues that the U.S. N.S.A. was involved in the latest hard drive firmware virus and even suggested they had the cooperation of major hard drive makers like Western Digital, Seagate, Samsung, and Toshiba in order to get the code needed to write the virus. Any reasonable technologist would likely agree with this. Yet this decreases innovation and free competition and you know big money likely traded hands to make these deals happen. How can a big company now trust paying a technology company for security or services when they are just going to give it away to supposed governments here or elsewhere? More importantly, if one government has the ability to get into a tech companies data, then other more ill-intentioned governments and organizations can quickly learn how to do that as well and that is the real threat.

If you want to hire me to speak at your next event or consult for your company on these and related topics please contact me.