All Arc, All the Time

Security, security, security, we hear it all the time, but why has it moved to the forefront more than it has in the past?  I wanted to take an opportunity in this post to dive a little bit deeper into the reasons that so many countermeasures are required these days to protect systems and PC’s from attack. The threat landscape of the individuals and groups on the attack has changed quite drastically in the last 5-10 years.

In the late 1990’s and the early 2000’s, the attackers were mostly what we would refer to as “script kiddies”, basically teenagers with too much time on their hands.  A lot of them were interested in learning programming code and knew they were causing damage but it wasn’t necessarily for ideological or financial motives.

In recent years we have seen a shift to the attackers being mostly rogue organizations or those looking for financial gain.  These groups or individuals are looking for data that can either threaten the national security of a country or to gain information such as credit card or social security numbers that they can either use themselves or sell.  Another difference we see here is that these groups are also usually very well-funded and often have teams of people working to gather the data that they are trying to obtain.

The technology landscape has also changed in recent years and will continue to try to adapt.  Currently numerous security tools are often used to have “defense in depth” but there is hope that the base operating systems, such as Windows, will soon be more secure in the way they function at a basic level severely limiting the methods attackers have to take over an operating system.  The security tools also are evolving to become less impactful to the end user and eventually will have little to no impact on the work that a person does on their PC.

While there are some growing pains and at times some struggles with the measures that are put in place to reduce security threats there is hope for the future of these technologies.

Staying at a job for more than a couple of years in the information technology field is truly an accomplishment these days.  I say these days but for as long as I can remember it’s always seemed like the trend has been between two to four years is the average job span of a person in this field.  Typically you find that most of these constant career changers are looking to work their way up the career ladder or they just aren’t being challenged enough in their current position.

For those blessed to have been with the same company for many years, how do you ensure that you as a person don’t lose your marketability by being at one place too long?  I personally believe staying current on technology is one of the most important things you can do to help your appeal to a new company should the time come whether you voluntarily or involuntarily have to leave your current position.  There are numerous ways you can stay up to date on current technology trends (without spending a dime.)

First, subscribe to company blogs from major technology providers such as Microsoft, Dell, Citrix, and many others.  There are also generic technology sites such as Engadget that can help you get a daily dose of what’s new in the technology world.  Another suggestion along this same line is to create yourself a Google News Alert that searches for certain keywords or company names and can alert you when new posts come out regarding that particular topic.

Secondly, get some refresher training.  The YouTube’s of the world have really changed the way information and instruction becomes available to the world.  There are many smart people out there who just enjoy talking and have posted videos on just about any topic you could possibly want to learn more about.  Microsoft also has free topic driven training available through their Microsoft Virtual Academy online.  Most classes are between one to four hours and really give you focussed training on technologies that Microsoft offers.

My third and final suggestion, write.  One of the main reasons I started blogging was to help keep my creative juices flowing but also it gives you “street credit” if you will among the industry to show that you really are interested in your current career field and gets you thinking about what you can use some of this wonderful technology for.

We all love the convenience of just being able to plug-in our devices to convenient USB ports located on our computers, on airplanes, at airports, or hotels but have you ever stopped to think about what might be on the other side of that USB connection? Up until now an iPhone has not been capable of being infected via a USB connection, unfortunately that has changed. A new malware released on 6-November now has the ability to infect your phone via a USB connection. It’s always a good idea to use extra precautions when connecting to an un-known USB connection. While, to date, no one has infected a smart phone via a public charging station it was however demonstrated at one of the last international hacking conferences that were held. The problem is that someone could easily hide a tiny computer within one of those charging stations that contained malicious code to infect your device. Once someone had access to your device they could potentially track your GPS location, read all your e-mails and text messages, or worse.

While we certainly can’t live our lives in fear over the dangers of technology it is always prudent to be cautious when connecting our devices to an unknown source. I personally shy away from direct USB connections to charging stations or on planes and stick with my USB wall adapter just to err on the side of caution.

One final note, whether you use USB or your wall adapter, never leave your phone unattended.  I see it happen in airports all the time.  While we’d like to believe everyone in the airport is honest, leaving your phone alone at a charging station is just asking for someone to take it.

Source – http://www.engadget.com/2014/11/06/apple-malware/

Collaboration is one of those “buzz” words we’ve been hearing for many years now but the technology to empower that idea has only now really began to become more readily available.  If you’re not familiar with the term collaboration, think of it really as social networking for business.  Social networking sites like Facebook, Twitter, and LinkedIn have given us the ability to connect with people and share our thoughts and ideas and have them provide almost instant feedback on those thoughts and ideas.  You may have already started hearing collaboration being referred to as social networking for business and that really is a good way to look at it.  Today I’d like to discuss two tools that are currently available to us from Microsoft that have really changed the way I work with my other team members, Microsoft SharePoint and Lync.

Microsoft SharePoint has been around for many years but is only now becoming more and more popular due to the availability of it within cloud providers such as Office 365.  SharePoint makes it extremely easy for teams to be able to work together either in a general fashion or on specific projects by creating what are known as SharePoint sites.  Like a website, a SharePoint site is available via your web browser and is edited in a very familiar way just like you would a Microsoft Word document.  SharePoint in a basic way was designed to replace the use of file shares within a company but is so much more.  With SharePoint sites you are empowered as the “owner” of the site to give access to whom you need to share information and collaborate with.  Once you’ve granted access you can add things such as documents and organize them in folders just like you would on your local computer but the benefit is that the files become available to other members of your team and you anywhere within the organization (or in the case of Office 365, anywhere on the internet) securely from a web interface or natively within Microsoft Office applications like Word, Excel, PowerPoint, etc.  Going beyond the basic features of file sharing you can do other things such as create team blogs or newsfeeds where you can discuss particular topics and comment/like the posts just like you would on a site such as Facebook.  As projects come up you can create “child-sites” of your main team site for that specific project and then once done archive or delete it.  It really provides a great central place to share information with other team members and many people find they end up setting their team site as their web browser’s home page.

Microsoft Lync may have previously been known to you as Microsoft Office Communicator or OCS for short.  Many people think Lync is just a tool for instant messaging like Skype or AOL Instant Messenger but it is quite a bit more.  At a basic level Lync is used by companies to provide instant communication within a company.  For many years people have used e-mail when the phone wasn’t convenient or accessible but, as I know I’ve experienced, one e-mail soon becomes twenty and next thing you know that simple e-mail became a long running chain.  Microsoft Lync empowers a person to be able to find anyone in the company and easily communicate with them either by instant messaging, by voice or even video.  The great thing about Lync is that if you and your colleague decide that an instant message isn’t really enough to be able to communicate your thoughts, with a click of a button you can add voice, video, or even screen sharing.  Many times I personally have been working on a task or project and needed input from another member of my team and with Lync I’ve been able to quickly reach them if they are available, share something on my screen, resolve the issue, and then go back to what I was doing.  The instant ability to communicate really saves a lot of time rather than having to setup a meeting or lookup someone’s phone number or start that chain of twenty e-mails.  Speaking of meetings though, Lync also provides us with a meeting space online that can be used both inside and outside of our company.  Microsoft Lync has a plug-in for Microsoft Outlook that allows you to easily insert your meeting information to a calendar invite by clicking a button on the toolbar.  Once your meeting time has arrived, participants simply click on the “Join Lync Meeting” link within the meeting invite and then can either join via a headset or speakerphone attached to their PC, have Lync call them at their desk or cell phone number, or even dial in to the meeting if they aren’t near their computer.  Within the meeting you can do the same things you can within a one person conversation such as instant message, voice or video chat, or share content such as your entire monitor or a PowerPoint presentation.

Having used both of these tools for the last year I can truly say it has made communicating with other members of my team a much easier experience and has really empowered us to work much more efficiently and effectively.  If you’re unfamiliar with these technologies, check with your manager or local IT resource and they can help guide you in accessing these tools.​ If you want to implement these tools for your own company I suggest looking in to Microsoft’s Office 365 online offerings. They have several versions available for small businesses as well as enterprises.

Tying in to my last post somewhat about trading privacy for the use of technology I wanted to talk about a topic very near and dear to all of our hearts, passwords.  Gone are the days of paying bills by mail, balancing your checkbook with a mailed bank statement, or even writing hand written letters.  Everything is online and with everything being online means that you have to have some piece of information to access the information stored on the internet.  In most cases this comes in the form of a username and password.

The problem with passwords, unless you’ve got the memory of an elephant, is you either end up using the same password or a small set of passwords for every site you access or even worse, you write them down on a piece of paper or store them in a plain old text file on your computer.  The tools hackers use are very sophisticated.  Used to we’d tell you as long as it’s over 8 characters and you have a special character in it, you’re fine.  Not really the case anymore.  The truth is, the longer and the more complex your password is, the better off you are.  I know you’re saying to yourself, “Well how do I come up with a password that long and even better yet, how do I remember it?”  Here’s a few things you can do to help strengthen your personal security posture.

First, one of the easiest ways to make better passwords is to utilize pass phrases instead of passwords.  Let’s say you have a website that allows for 20 character passwords you could utilize something like “Ihave3dogsIlove#2014”  Notice how this pass phrase really covers all our bases: it includes upper and lower case letters, it includes numbers, and it includes a special character.  The added benefit, it’s a phrase that you might could actually remember!  Keep in mind you still don’t want to use personal names or identifying information but even with that in mind a pass phrase can be a quick and easy win to helping secure your online information.

Secondly, enable multi-factor authentication.  What is multi-factor authentication you ask?  Multi-factor authentication goes back to the old saying of what you know, your username and password, and what you have, either a physical security token or something like a smart card.  Most people in their personal lives aren’t going to have smart cards but there are several methods you can use that are very similar.  Not all websites support this technology as of yet but what basically occurs is you enter your username and password as you normally do but after that you are then prompted for a security code.  In the past these codes were actually carried around on physical hardware tokens but today are available in the form of either a text message from the company or using an “authenticator” app such as Google Authenticator.  The text message option is very easy because it’s as simple as typing in the code you’re sent from the company you’re logging in with.  The authenticator option really isn’t that bad either as it requires you to simply download an app from your smart phone’s app store and then simply register with the website you are trying to login with.  Once you’ve registered the authenticator directly to the website it then generates a number string that changes every 30 seconds or so.  Using multi-factor authentication really is one of the best ways to go especially if you don’t want to have to try to use longer and longer passwords however not all websites and companies support it.  Here’s a great website thought that is constantly updated with the list of companies that do support some type of multi-factor authentication-https://twofactorauth.org/

Lastly, and this is one that I went with, is to utilize an online password vaulting service.  Now let me put out a disclaimer that you should not utilize sites like this for your company passwords if you work for a corporation as most security policies frown on things like that but for your personal accounts, it’s great.  The tool I use is called “LastPass.”  Tools like LastPass include web plugins that work directly with your web browser to help you store your online account passwords as well as to help you with generating new passwords.  LastPass includes a random password generator to help you generate random, long strings of characters to use as passwords.  You may be asking yourself, “How am I going to remember strings of random characters?” the answer is with tools like LastPass, you don’t have to.  LastPass stores your passwords in their secure, encrypted database and then the plugin for your web browser then can either auto-fill your password when it’s time to login or you can copy and paste it from your password “vault.”  If you need access to your passwords on a computer that doesn’t have the plugin you can utilize the mobile app or their website.  LastPass also supports multi-factor authentication to help further secure your password vault.  There are many other tools out there like LastPass but in my opinion it is one of the better ones.  Give it a try, it’s free and if you refer a friend they give you free months of “premium” service which allows you access to the mobile app.  Here’s the link – LastPass

In closing, times are a changing.  In today’s day and time you really can’t afford to keep using your same old short, easy to remember passwords if you want to keep your personal information safe.  Sure, companies themselves can get hacked but that’s a topic for another day.  It’s up to us however to help protect our own data.  What do you have to lose, get to changing those passwords!