Description

Complying with General Data Protection Regulation (GDPR), video-sharing platform Dailymotion disclosed to France's Commission Nationale de l'Informatique et des Libertés (CNIL) on Friday that it suffered a credential-stuffing attack.


What You Can Do

Ensure strong firewalls, password policies and data encryption are in place. Educate your employees about cyber threats such as phishing and urge them to be cautious. Upgrade to SSL if you haven't already done so. Consult with a trusted MSP to learn more about how you can keep your data safe from attackers.

Article Source

LeeShanok Network Solutions

3877 N 7th Street | Suite 320 | Phoenix | Arizona | 85014
BRatia@leeshanok.com

Did you know that power outages are a leading cause of business downtime? According to Inside Energy, power outages are 4X more common today than they were fifteen years ago.

Power outages by the numbers:

  • 80% of outages are caused by the weather
  • 20% of outages are due to human error and equipment failure
  • Outages cost U.S. businesses $150 million per year

Mother nature and human error can cost you thousands unless you have a plan in place to quickly get back to business. Check out this infographic today to learn more about the state of the U.S. power grid and how to ensure your business stays on if the power goes out.

The State of the U.S.
Power Grid Infographic

LeeShanok Network Solutions

3877 N 7th Street | Suite 320 | Phoenix | Arizona | 85014
BRatia@leeshanok.com

This is our second newsletter highlighting the IoT (Internet of Things), a worldwide network of devices that communicate with one another as they collect, analyze, share and store data collected from sensors. This can be beneficial when used by hospitals to monitor patients, and by governments to monitor traffic, pollution or weather. But the balance tips when the collected data is personal in nature or the receiver of the data has unethical or malicious intent.

There are trust challenges with these devices, which tend to have weak or no authentication but which still connect to protected domains. This allows anyone holding one of these devices to gain privileged access to storage, email and cloud accounts, and other aspects of the "secure" network. Here are 4 recommendations to consider:

Select Network Equipment from Magic Quadrant Leaders

Gartner Group's 2018 report Magic Quadrant for the Wired and Wireless LAN Access Infrastructure lists 3 leaders: Cisco, HP Enterprise, and Extreme Networks. Only these 3 are both visionary with a strong ability to execute. Other providers are visionary, but slow to execute on new ideas, while the rest are followers without much ability to execute.

Cisco Validated Designs (CVDs) provides a design foundation for a broad set of technologies, features, and applications. Every aspect has been thoroughly tested and documented, helping ensure a deployment that's faster, more reliable, cost effective, and predictable. Check out Cisco's Remote and Mobile Assets CVD.

Identify Connected IoT Devices

This can be challenging, as devices may identify themselves with cryptic strings and no manufacturer or product identifiers. Device sniffing tools like Angry IP Scanner will provide snapshots of connected devices, and device-visibility software like ForeScout can provide real-time 100% device identification and control. wikiHow details several ways to Identify Connected Devices.

Segment IoT Networks

Splitting a computer network into VLANs (sub-networks) boosts performance and security, both being important as quantities of IoT devices are predicted to surpass PCs and laptops in 2020. Cisco provides a good video overview of Network Visibility and Segmentation.

Monitor and Manage Network Traffic

There are tools available to monitor and manage network traffic, but most are focused on performance and reliability. Here is a recent diagram of network protocols used by various IoT industries and use models. As you can see, there is complexity at all layers that must be sorted through to gain understanding. Give LeeShanok a call to help with IoT monitoring and management.

Watch for our next IoT newsletter, where we'll focus on IoT in select industries, Industrial and Manufacturing environments being one of the first in our series.

Your Technology Partner,

LeeShanok Network Solutions

itsupport@leeshanok.com
Tucson: 520.888.9122 | Phoenix: 602.277.5757

CompTIA Managed Services TrustmarkTM signifies commitment to industry best practices

Phoenix, AZ - February 5, 2019 - LeeShanok, a Managed IT and Cloud Technology Provider, announced today it has received the CompTIA Managed Services Trustmark™, a respected industry credential that signifies its adherence to best practices for technology service delivery and customer interaction.

“Earning this credential identifies LeeShanok as a business that meets or exceeds the best business practices the IT industry has to offer,” said Nancy Hammervik, senior vice president, industry relations, CompTIA. “This includes managed services agreements, standard operating procedures, systems and tools for delivering services and general business operations.”

The Trustmark was developed by CompTIA, the non-profit association for the information technology industry, in collaboration with industry experts and leaders, to identify businesses that have made a commitment to the highest levels of integrity and sustained quality service.

"Attaining this level of accreditation is an important achievement for our company," states Eric LeeShanok, President of LeeShanok Network Solutions. "As a Managed IT partner, it is important that our team continually strives to improve our processes, best practices and meet industry compliances. We appreciate that CompTIA has reviewed our company to be trustworthy to have the Managed Services Trustmark credentials. Our clients rightfully expect and deserves to be serviced by a Technology Partner that abide by a code of conduct with integrity. It is a trust and a partnership we take very seriously."

To earn the CompTIA Managed Services Trustmark, LeeShanok was evaluated on several aspects of their business operations, including organizational structure, technology tools and systems they utilize, standard operating procedures and IT service specific activities. The company also committed to abiding by a code of conduct and provided customer references.

Visit CompTIA Managed Services Trustmark to learn more.

About LeeShanok

LeeShanok Network Solutions is committed to providing leading Managed information technologies with Expertise, Efficiency, and Excellence. World class customer service is our number one priority. We are a full service Managed IT and Cloud Provider that guarantees the best end results with system reliability with our proven company processes and technologies. We believe in using innovative network technology to improve business communications and optimize business operations. We believe in supporting industry standard technologies to accomplish our mission. We provide a “Higher Level of Information Technology”.

About CompTIA

CompTIA is the voice of the world’s information technology (IT) industry. Its members are the companies at the forefront of innovation; and the professionals responsible for maximizing the benefits organizations receive from their investments in technology. CompTIA is dedicated to advancing industry growth through its educational programs, market research, networking events, professional certifications, and public policy advocacy. Visit http://www.comptia.org/home.aspx or follow CompTIA at http://www.facebook.com/CompTIA and twitter.com/comptia.

Contacts:

Eric LeeShanok
President
LeeShanok Network Solutions
602-277-5757

Description

Another ransomware attack has struck - This time the massive attack targeted AriZona Beverages. AriZona Beverages may have been relying on age-old IT systems. In light of this, the news that AriZona Beverages was hit with a ransomware attack last month, and subsequently has spent a fortnight rebuilding its network, might not come as a massive shock to some.


What You Can Do

This is one of the trickiest cyber threats out there because just relying on routine backups may be enough to not protect your business. Backups need to be clean and have been done prior to infection. Discuss your backup architecture with a professional to be sure you are truly creating a clean version of your data each time it is stored in backup. A managed plan can do this for you regularly.

Article Source

LeeShanok Network Solutions

3877 N 7th Street | Suite 320 | Phoenix | Arizona | 85014
BRatia@leeshanok.com

The term "Mobile Banking" has come to mean interacting with and controlling your financial accounts, and using your mobile device to make purchases using funds from those accounts. It's convenient and mostly secure, allowing you to manage your accounts, deposit checks and make purchases, all from your smart devices. But there is a dark side to this convenience, and we will share some best-practices to keep your accounts secure.

First, the situations that can put you at risk:

  • Lost device - physically misplacing or losing device where it gets into unethical hands.
  • Compromised device - already infected from risky website or attachment.
  • Out of date/Compromised browsers and banking apps - may store passwords and pre-filled form field data and be more vulnerable than up-to-date software.
  • Vulnerable networks - device connects to public wifi, is instantly visible to other devices already connected, then you perform mobile banking or on-line shopping.
  • Phishing attacks - your account details may be provided by you in response to an email scam.

The most common threat is from the Mobile Banking Trojan, Asacub. First release in 2015, it quickly became the world's most dangerous malware targeting mobile banking users. Today it still arrives via SMS Text Messages that are phishing, and will download if the device is set to "Allow installation of apps from unknown sources". Once downloaded, the malware will annoy the user with repeated requests for Device Admin Rights or permission to use Accessibility Services. Once it gains access, Asacub sets itself as the default SMS Messaging app and notifies the hacker. Then when the bank sends one-time passwords through SMS, the rogue app intercepts these and gains access to the account.

A recent Mobile Banking Trojan is BackSwap which first appeared in 2018, and injects malicious JavaScript into a browsers address bar which bypasses security in the browser and at your bank. It is most often delivered via phishing emails with a Link or Attachment the user clicks.

Now let's explore some best-practices to reduce your risk:

1. Buy new devices, keep software up to date, don't jailbreak or root them, and use biometric security to block non-owner access.
2. Regularly clear your browsing history, cache and temp files.
3. Whenever you are asked to grant an app permission, stop, think, and research the request using another device if you're still not sure.
4. Explore your device's settings for failed logins and finding or wiping a lost device.
5. Use only software downloaded from trusted app stores. This includes banking apps.
6. Keep software up to date, usually accomplished from your app-store app.
7. Explore security settings in your banking app and set them appropriately. Questions should be directed to your institution's online-banking department, or your local banker. And call them from a number you already have, not a number offered by the mobile app.
8. Use your mobile banking app only when connected to trusted Wifi networks or cellular connections, and turn off it's BlueTooth radio while banking.
9. Do NOT store your banking login or password when your web browser asks.
10. Enable 2 Factor Authentication with all your accounts, so your device will be used to verify your logins.
11. When done banking, LOG OUT of the banking app.
12. Start using a Password Manager and enable 2 Factor Authentication for access. We like LastPass.com.
13. Change your on-line account password annually, and more frequent if you ever see unusual activity or a device is lost or compromised.
14. Select and use mobile security software on your device. We like Trend Micro Mobile Security.

For a confidential discussion of your situation, followed by recommendations based on industry best practices, give your Technology Partner a call.

The LeeShanok Team

Tucson: 520.888.9122
Phoenix: 602.277.5757

IT News - Chrome Vulnerability

When you prepare to leave work, do you shut down or restart your computer?

If not, it's unlikely you restart it when you arrive at work either, meaning Windows and your web browsers continue running un-patched and un-protected. This is a problem with the newest zero-day vulnerability in Google's Chrome web browser, and Malwarebytes warns ... "Considering how many users keep Chrome and all their tabs opened for days or even weeks without ever restarting the browser, the security impact is real." 0 PC Magazine echos the caution: "If you don't close Chrome, updates will not be applied." 1

To complete installation of many Windows patches, you must restart your computer. Updates to Chrome usually remind the user to restart the app, but more significant Chrome patches also require restarting your computer.

You ask "What about my tabs, I use the same tabs every day?" Chrome saves open tabs when you restart the app with the "chrome://restart" command, or restart your computer while Chrome is still running. Still not convinced? Start Chrome, open several tabs, then in the address field, type "chrome://restart" and watch the magic. Chrome will shutdown and restart, restoring all previously opened tabs.

Now let's update Chrome.

Update Chrome on Windows PC or Apple Mac

If Chrome has an available update, it will begin applying it immediately.

After updating, always restart Chrome. Better yet, restart your computer by typing in Chrome's address field type "chrome://restart" which will save and recreate your open tabs. When Chrome restarts, in the address field type "chrome://help".

Update Chrome on iPhone, iPad

You may have your apps set to update automatically, but it's wise to verify this patch. Settings > iTunes & App Store > Updates. Make sure it's green and enabled as shown.

Then open App Store and apply update to Chrome if available.

Update Chrome on Android

Settings > Google Play Store > My Apps & Games



If the button is labelled [OPEN], your Chrome already has the latest update. But if you see [UPDATE], click it to update Chrome.


Your Technology Partner,

LeeShanok Network Solutions

itsupport@leeshanok.com
Tucson: 520.888.9122 | Phoenix: 602.277.5757

0 Google Chrome zero-day: Now is the time to update and restart your browser
1 How to Update Google Chrome

In early 2018 LeeShanok Network Solutions was chosen from a variety of competitors to manage the technology infrastructure of Reid Park Zoo (https://reidparkzoo.org/) and Reid Park Zoological Society.

There were many challenges to overcome as we designed and upgraded their technology infrastructure and campus-wide WiFi, but together we persevered and prevailed. Their CEO talks about their experiences in the following video testimonial (https://www.leeshanok.com/reid-park-zoo/).

Our local world-class zoo has lots of scheduled events that would be fun for team-building as well as family time (https://reidparkzoo.org/events/). We are happy to be partners with these two outstanding organizations, and to assist their team with the enrichment they bring to our community!

Your Technology Partner,

The Leeshanok Team

3877 N 7th Street | Suite 320 | Phoenix | Arizona | 85014
Tucson: 520.888.91222 | Phoenix: 602.277.5757
Live Event

LeeShanok’s team attended Cisco Live!

Cisco Live San Diego is the destination for the education and inspiration you need to thrive in the world of digital business. Join thousands of technology innovators for a transformational experience that includes today’s IT visionary thought leaders, more than 1,000 education sessions, Cisco’s top partners, and numerous opportunities to build the connections that will fuel your personal and professional growth.

Custom programs ignite creativity, deliver practical know-how, and build community connections that help fuel your growth including IT Management, DevNet, Leadership & Equality, and more.

Cisco Live Event Links

Learn more about the Cisco Live Event.
Watch all keynote speaker videos.
Watch thousands of technical sessions on-demand and live broadcasts from our events around the world.
Sign up to be notified when Cisco Live 2020 registration opens.


SCROLL TO TOP