Too Many Organizations Don’t Have a Plan to Respond to Incidents

Posted on

Originally seen on Poneman.

When a cyberattack occurs, most organizations are unprepared and do not have a consistent incident response plan.

That’s the major takeaway from our third annual “Cyber Resilient Organization” study, conducted by the Ponemon Institute. The study revealed that 77 percent of respondents still lack a formal cybersecurity incident response plan (CSIRP) that is applied consistently across the organization, a figure that is largely unchanged from the previous year’s study.

READ THE PONEMON INSTITUTE’S THIRD ANNUAL STUDY ON THE CYBER RESILIENT ORGANIZATION 

Incident Response Preparedness Lags Despite Growing Confidence in Cyber Resilience

Despite this, organizations reported feeling much more cyber-resilient than they did last year. Seventy-two percent said as much, which is a notable increase from just over half of respondents who said they felt more cyber-resilient the previous year.

Digging deeper into the data, however, that feeling may not be accurate. The following findings from the Ponemon study paint a different picture:

  • Fifty-seven percent of respondents said the time to resolve an incident has increased.
  • Only 29 percent reported having the ideal staffing level.
  • Just 31 percent reported having the proper budget for cyber resilience.
  • Lack of investment in important tools such as artificial intelligence (AI) and machine learning was ranked as the biggest barrier to cyber resilience.

Investing in Incident Response to Improve Cyber Resilience

It’s imperative that organizations address these challenges in 2018. Cyberattacks can have large costs associations, such as with WannaCry and NotPetya, and the General Data Protection Regulation (GDPR) is quickly approaching. Not only do organizations lack a consistent incident response plan — a GDPR requirement — but most reported low levels of confidence in complying with GDPR.

Security Intelligence - Ponemon Study - Reasons for Improved Cyber Resilience

Based on the findings of the Ponemon report, organizations can improve their cyber resilience by arming employees with the most modern tools available to aid their work, such as AI and machine learning. Implementing a strategy that orchestrates human intelligence with these tools can help organizations create effective incident response plans.

To learn more about the full results of the Ponemon report, download “The Third Annual Study on the Cyber Resilient Organization” and sign up for our March 27 webinar: “Growing Your Organization’s Cyber Resilience in 2018.”

READ THE PONEMON INSTITUTE’S THIRD ANNUAL STUDY ON THE CYBER RESILIENT ORGANIZATION 

Advertisements

Phishing

Posted on Updated on

Originally seen on Tech Target by: Margaret Rouse

Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims.

Phishing is popular with cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate phishing email than trying to break through a computer’s defenses.

How phishing works

Phishing attacks typically rely on social networking techniques applied to email or other electronic communication methods, including direct messages sent over social networks, SMS text messages and other instant messaging modes.

Phishers may use social engineering and other public sources of information, including social networks like LinkedIn, Facebook and Twitter, to gather background information about the victim’s personal and work history, his interests, and his activities.

Pre-phishing attack reconnaissance can uncover names, job titles and email addresses of potential victims, as well as information about their colleagues and the names of key employees in their organizations. This information can then be used to craft a believable email. Targeted attacks, including those carried out by advanced persistent threat (APT) groups, typically begin with a phishing email containing a malicious link or attachment.

phishing email TECHTARGET

Beware suspicious emails phishing for sensitive information.

Although many phishing emails are poorly written and clearly fake, cybercriminal groups increasingly use the same techniques professional marketers use to identify the most effective types of messages — the phishing hooks that get the highest open or click-through rate and the Facebook posts that generate the most likes. Phishing campaigns are often built around major events, holidays and anniversaries, or take advantage of breaking news stories, both true and fictitious.

Typically, a victim receives a message that appears to have been sent by a known contact or organization. The attack is carried out either through a malicious file attachment that contains phishing software, or through links connecting to malicious websites. In either case, the objective is to install malware on the user’s device or direct the victim to a malicious website set up to trick them into divulging personal and financial information, such as passwords, account IDs or credit card details.

Successful phishing messages, usually represented as being from a well-known company, are difficult to distinguish from authentic messages: a phishing email can include corporate logos and other identifying graphics and data collected from the company being misrepresented. Malicious links within phishing messages are usually also designed to make it appear as though they go to the spoofed organization. The use of subdomains and misspelled URLs (typosquatting) are common tricks, as is the use of other link manipulation techniques.

Types of phishingimages (8)

As defenders continue to educate their users in phishing defense and deploy anti-phishing strategies, cybercriminals continue to hone their skills at existing phishing attacks and roll out new types of phishing scams. Some of the more common types of phishing attacks include the following:

Spear phishing attacks are directed at specific individuals or companies, usually using information specific to the victim that has been gathered to more successfully represent the message as being authentic. Spear phishing emails might include references to coworkers or executives at the victim’s organization, as well as the use of the victim’s name, location or other personal information.Whaling attacks are a type of spear phishing attack that specifically targets senior executives within an organization, often with the objective of stealing large sums. Those preparing a spear phishing campaign research their victims in detail to create a more genuine message, as using information relevant or specific to a target increases the chances of the attack being successful.

A typical whaling attack targets an employee with the ability to authorize payments, with the phishing message appearing to be a command from an executive to authorize a large payment to a vendor when, in fact, the payment would be made to the attackers.

Pharming is a type of phishing that depends on DNS cache poisoning to redirect users from a legitimate site to a fraudulent one, and tricking users into using their login credentials to attempt to log in to the fraudulent site.

Clone phishing attacks use previously delivered, but legitimate emails that contain either a link or an attachment. Attackers make a copy — or clone — of the legitimate email, replacing one or more links or attached files with malicious links or malware attachments. Because the message appears to be a duplicate of the original, legitimate email, victims can often be tricked into clicking the malicious link or opening the malicious attachment.

This technique is often used by attackers who have taken control of another victim’s system. In this case, the attackers leverage their control of one system to pivot within an organization using email messages from a trusted sender known to the victims.

Phishers sometimes use the evil twin Wi-Fi attack by standing up a Wi-Fi access point and advertising it with a deceptive name that is similar to a legitimate access point. When victims connect to the evil twin Wi-Fi network, the attackers gain access to all the transmissions sent to or from victim devices, including user IDs and passwords. Attackers can also use this vector to target victim devices with their own fraudulent prompts for system credentials that appear to originate from legitimate systems.

Voice phishing, also known as vishing, is a form of phishing that occurs over voice communications media, including voice over IP (VoIP) or POTS (plain old telephone service). A typical vishing scam uses speech synthesis software to leave voicemails purporting to notify the victim of suspicious activity in a bank or credit account, and solicits the victim to respond to a malicious phone number to verify his identity — thus compromising the victim’s account credentials.

Another mobile device-oriented phishing attack, SMS phishing — also sometimes called SMishing or SMShing — uses text messaging to convince victims to disclose account credentials or to install malware.

Phishing techniques

Phishing attacks depend on more than simply sending an email to victims and hoping that they click on a malicious link or open a malicious attachment. Some phishing scams use JavaScript to place a picture of a legitimate URL over a browser’s address bar. The URL revealed by hovering over an embedded link can also be changed by using JavaScript.

For most phishing attacks, whether carried out by email or some other medium, the objective is to get the victim to follow a link that appears to go to a legitimate web resource, but that actually takes the victim to a malicious web resource.

Phishing campaigns generally use one or more of a variety of link manipulation techniques to trick victims into clicking, which go by many different names. Link manipulation is also often referred to as URL hiding and is present in many common types of phishing, and used in different ways depending on the attacker and the target.

The simplest approach to link manipulation is to create a malicious URL that is displayed as if it were linking to a legitimate site or webpage, but to have the actual link point to a malicious web resource. Users knowledgeable enough to hover over the link to see where it goes can avoid accessing malicious pages.

Another phishing tactic is to use link shortening services like Bitly to hide the link destination. Victims have no way of knowing whether the shortened URLs point to legitimate web resources or to malicious resources.

Homograph spoofing depends on URLs that were created using different logical characters to read exactly like a trusted domain. For example, attackers may register domains that use different character sets that display close enough to established, well-known domains. Early examples of homograph spoofing include the use of the numerals 0 or 1 to replace the letters O or l.

For example, attackers might attempt to spoof the microsoft.com domain with m!crosoft.com, replacing the letter i with an exclamation mark. Malicious domains may also replace Latin characters with Cyrillic, Greek or other character sets that display similarly.

One way attackers bypass phishing defenses is through the use of filter evasion techniques. For example, most phishing defenses scan emails for particular phrases or terms common in phishing emails — but by rendering all or part of the message as a graphical image, attackers can sometimes deliver their phishing emails.

Another phishing tactic relies on a covert redirect, where an open redirect vulnerability fails to check that a redirected URL is pointing to a trusted resource. In that case, the redirected URL is an intermediate, malicious page which solicits authentication information from the victim before forwarding the victim’s browser to the legitimate site.

How to prevent phishing

Phishing defense begins with educating users to identify phishing messages, but there are other tactics that can cut down on successful attacks.

A gateway email filter can trap many mass-targeted phishing emails and reduce the number of phishing emails that reach users’ inboxes.

Enterprise mail servers should make use of at least one email authentication standard to verify that inbound email is verified. These include the Sender Policy Framework (SPF) protocol, which can help reduce unsolicited email (spam); the DomainKeys Identified Mail (DKIM) protocol, which enables users to block all messages except for those that have been cryptographically signed; and the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol, which specifies that both SPF and DKIM be in use for inbound email, and which also provides a framework for using those protocols to block unsolicited email — including phishing email — more effectively.

A web security gateway can also provide another layer of defense by preventing users from reaching the target of a malicious link. They work by checking requested URLs against a constantly updated database of sites suspected of distributing malware.

There are several resources on the internet that provide help in combating phishing. The Anti-Phishing Working Group Inc. and the federal government’s OnGuardOnline.gov website both provide advice on how to spot, avoid and report phishing attacks. Interactive security awareness training aids, such as Wombat Security Technologies’ Anti-Phishing Training Suite or PhishMe, can help teach employees how to avoid phishing traps, while sites like FraudWatch International and MillerSmiles publish the latest phishing email subject lines that are circulating the internet.

How phishing got its name

The history of the term phishing is not entirely clear.

One common explanation for the term is that phishing is a homophone of fishing, and is so named because phishing scams use lures to catch unsuspecting victims, or fish.

Another explanation for the origin of phishing comes from a string — <>< — which is often found in AOL chat logs because those characters were a common HTML tag found in chat transcripts. Because it occurred so frequently in those logs, AOL admins could not productively search for it as a marker of potentially improper activity. Black hat hackers, the story goes, would replace any reference to illegal activity — including credit card or account credentials theft — with the string, which eventually gave the activity its name because the characters appear to be a simple rendering of a fish.

Fancy Bears hackers target International Olympic Committee

Posted on

Originally seen on Tech Target and written by: Madelyn Bacon

News roundup: The hacking group called Fancy Bears claims to have hacked the Olympics again.

The International Olympic Committee has had its email stolen again, this time in a response to its ban on Russia from the 2018 Winter Olympics.

A hacking group that calls itself Fancy Bears posted email messages allegedly from officials at the International Olympic Committee (IOC), the U.S. Olympic Committee (USOC) and other associated groups, like the World Anti-Doping Agency (WADA). There’s no confirmation yet that the email messages are authentic, but Fancy Bears focuses on anti-doping efforts that got Russia banned from this year’s Olympic Games.

“The national anti-doping agencies of the USA, Great Britain, Canada, Australia, New Zealand and other countries joined WADA and the USOC under the guidance of iNADO [Institute of National Anti-Doping Organisations],” Fancy Bears said on its website. “However, the genuine intentions of the coalition headed by the Anglo-Saxons are much less noble than a war against doping. It is apparent that the Americans and the Canadians are eager to remove the Europeans from the leadership in the Olympic movement and to achieve political dominance of the English-speaking nations.”

Fancy Bears is believed to be the same hacking group known as Fancy Bear that claimed responsibility for the 2016 hack on the U.S. Democratic National Committee, which interfered in the 2016 presidential election. Fancy Bear hackers have been linked to Russia’s military intelligence unit, the GRU, by American intelligence officials.

The batch of email messages Fancy Bears posted is from 2016 through 2017 and mainly focuses on discrediting Canadian lawyer Richard McLaren, who led the investigation into Russia’s widespread cheating in previous Olympic Games. It was because of the findings in his investigation that many Russian athletes are banned from the 2018 games in Pyeongchang, South Korea.

The IOC declined to comment on the “alleged leaked documents” and whether or not they are legitimate.

It’s not clear how Fancy Bears allegedly breached the IOC email. However, in 2016, the same group targeted WADA with a phishing scheme and released documents that focused on previous anti-doping efforts following the 2016 Summer Olympics. In that case, the hacking group released the medical records for U.S. Olympic athletes Simone Biles, Serena and Venus Williams and Elena Delle Donne. The medical records showed that these athletes were taking prohibited medications, though they all obtained permission to use them and, thus, were not violating the rules. This release happened in the midst of McLaren’s investigation into the widespread misconduct by Russian athletes.

In one email released in this week’s dump, IOC lawyer Howard Stupp complained that the findings from McLaren’s investigation were “intended to lead to the complete expulsion of the Russian team” from the 2016 Summer Games in Rio de Janeiro and now from the 2018 Pyeongchang Games.

What do you think about this alleged Olympics hack?

The Basics of Cyber Safety

Posted on

As seen on Tech Target by: John Sammons and Michael Cross.

In this excerpt from chapter four of The Basics of Cyber Safety, authors John Sammons and Michael Cross discuss basic email security.

The following is an excerpt from The Basics of Cyber Safety by authors John Sammons and Michael Cross and published by Syngress. This section from chapter four explores the basics of email and email security.

Email is a term that’s short for electronic mail, and a common method of exchanging messages over the Internet. You’ll use an email client, like Google mail or Outlook, installed on a computer, an app on your mobile phone, or a website to create and read the messages. The email is sent to a mail server, which is a computer that’s used to store and forward messages.

To demonstrate how this works, let’s say that you’re going to send me an email. If you have an email client installed on your computer, you’ll write a message to me and click the send button. That message is sent to a mail server, which may be one provided by your Internet Service Provider (ISP). If I had an email account with another ISP, or a free email service like Gmail, the mail server would forward that email onto the mail server that I use. It would be stored in a mailbox, which would be an area on the mail server that’s designated for mail going to my account. When I retrieve the mail online, I would be accessing that mailbox, and see your email in an area for mail I’ve received called an Inbox.

As we’ll see in the sections that follow, there are a lot of potential problems with using email, but there are settings and decisions you can make to protect yourself. You may have information of some kind included with the email called an attachment, which could be virus infected. It could have links in the email that may take you to a site to fool you into providing sensitive information or automatically download and infect your system with malware. By knowing what to look out for, and configuring your email client properly, you can safeguard yourself and minimize these and other threats.

EMAIL PROTECTION

Depending on what you plan to do on the Internet, it’s advisable to setup separate email accounts for different types of online activities. By this, we’re not saying that you should have different email addresses for each of the sites you commonly visit. The kind of email accounts you have will be based on what they’ll be used for and your need for privacy. Some of the ones you might have include:

  • A generic account, which is often the first one you have when you sign-up for Internet Service. This will be the one you commonly give to friends, family, and others you want to stay in contact with.
  • Work email, which is used for business purposes. This may be one created for you by your employer, and should only be used for work-related purposes.
  • Social media email, used for sites like Facebook, Twitter, and so on.
  • Email account(s) for chat, instant messaging, shopping, promotional sites, or other sites where you want additional privacy.

There are many reasons why you’d want separate accounts. One is that you should never use work email for personal reasons. Many companies have policies dealing with proper use of technology, and using corporate email to sign up on sites, chat, or simply sending personal messages could result in disciplinary actions or even termination of employment. As we saw in Chapter 1, What is cyber safety?, companies own any email account issued to you, meaning that they can access your mail, and you should have zero expectations of privacy.

The Basics of Cyber Safety

Authors: John Sammons and Michael Cross

Learn more about The Basics of Cyber Safety from publisher Syngress

OUR EMAIL REVEALS

Generally, when you sign up with an ISP, you’re issued an email address that includes your name in it or your first initial and last name. For example, my email address might be michaelcross@domainname.com or mcross@domainname.com. In looking at it, you can see that all or part of my name is included in the address. As we’ll see throughout this book, these little tidbits of information can be used with other information gathered about you, and reveal more than you want to know.

Before setting up any accounts on social media sites, chat rooms, and so on, you should seriously consider setting up one or more email accounts with less revealing information. In doing so, the name used for the email account should include nonidentifying information. For example, using an email address like snickers@domainname.com may indicate you’re a happy person, but it doesn’t reveal who you actually are.

NOTE

Understanding the Importance of Nonidentifying Email

Keep in mind that your family and friends already know your full name, but many of the online “friends” or connections you make are actually strangers. You never want to reveal more to a complete stranger than necessary, and one of the biggest identifiers of a person is their name. To illustrate a problem with revealing email addresses, let’s say you used a chat site, discussion board, or instant messaging (which we discuss in chapter: Beyond technology — dealing with people) to meet new people and have online discussions. When you set up an account to use any of these, you’re probably given the option of creating a username or alias, so that when you’re chatting other people would see you as “Big Bob” or some other name you came up with. Now, consider that one of these people decided to check your account profile, and saw your email address. If it included your real name, the stranger now knows who you are, and the anonymity and protection provided by an alias or username is lost.

Depending on your needs for the account, you should also limit any information included in a signature in messages. For work email, you might include your work number, extension, company website, business address, and so on. However, you do not want to include this in other emails being sent, unless there is a specific and exceptional reason to do so. Even if you send personal information in an email to someone you trust, there is no guarantee that they won’t forward it, or include others in the reply that would show the original information you sent.

CHOOSING AN EMAIL CLIENT

There are a number of good email clients available, but the one you choose will often depend on the operating system you’re using, and the amount of money you’re willing to pay. The email client you use may be one that’s installed on your computer, or an online version that you access through a browser. Some of the email clients that can be installed on a computer include:

  • Microsoft Outlook, which runs on Windows and Apple and is commonly used by businesses. It’s included with Microsoft Office or Microsoft Office 365.
  • Apple Mail, which is Apple’s email client.
  • Thunderbird, which is available for Apple, Linux, and Windows machines.

Securing Thunderbird

In this section we’ll go through a number of common settings found in email clients that are installed on your computer, using Thunderbird as an example. Thunderbird is a popular, free email client from Mozilla that can be installed on Windows, Apple, and Linux machines, and has a number of features that can be configured to improve your

features should be available under the client’s settings. To configure Thunderbirds Privacy and Security settings:

  1. After opening Thunderbird, click on the Tools menu, and then click Options.
  2. When the Options dialog appears, click on the Privacy icon at the top to display a screen similar to that shown in Fig. 4.1.
  3. Click on the Allow remote content in messages so it appears unchecked. This will prevent any images or other content from being automatically viewed in the email. We’ll explain more about why it’s important not to allow this in a section that follows.
  4. In the section dealing Web Content, if you don’t want cookies (which we discussed in chapter: Before connecting to the Internet) to be used, you can click on the Accept cookies from sites checkbox so it appears unchecked. You can then click on the Exceptions button to specify which sites are always or never allowed to use cookies. To view the cookies on your machine, click the Show Cookies button, where you can then remove them as desired.
  5. Click on the Tell sites that I do not want to be tracked checkbox so that it’s checked. This will send a request not to track your activities, opting you out of any tracking systems on a site you’re accessing, so that tracking cookies aren’t sent to your computer.

To modify the security settings in Thunderbird, you would click on the Security icon at the top of the Options dialog. Upon doing so, you’ll be presented with several tabs of options, where you can make the following modifications:

  1. On the Junk tab, you can configure settings to train Thunderbird to detect junk mail or SPAM, and specify what happens to email. You can flag an email as junk mail in Thunderbird by right-clicking on a message, selecting Mark, and then clicking As Junk. On this tab, you should do the following:
    1. Click on When I mark a message as junk so the checkbox appears checked, and then either select the option to move it to a junk folder. This will automatically move any junk messages to the account’s “Junk” folder. Alternatively, you can click on the Delete them option, so that your junk mail is automatically deleted.
    2. Click on the Mark messages determined to be junk as read checkbox so it appears checked. In doing so, the message won’t appear as unread, meaning there’s less chance of you accidentally opening it.
    3. Click on the Enable adaptive junk filter logging so the checkbox appears checked.
    4. On the Email Scams tab, click on the Tell me if the message I’m reading is a suspected email scam so the checkbox appears checked. If the email has known elements of being a scam, you’ll be presented with a warning.
    5. On the Anti-Virus tab, click on the Allow antivirus clients to quarantine individual incoming messages so it appears checked. This will allow your antivirus software to remove any infected messages before you read them.
    6. On the Passwords tab, click the Use a master password checkbox so it appears checked. After checking this, you’ll be prompted to provide and confirm a password. The next time you open Thunderbird, you’ll need to enter the password, preventing anyone else from opening Thunderbird and reading your email. To change the password afterwards, click on the Change Master Password button on this tab.
    7. Click OK.

WHY IS IT IMPORTANT TO BLOCK REMOTE CONTENT?

When an email is opened, or viewed in the message pane of an email client, it’s possible for content from a server to appear in the message. If the email is in an HTML format, then you’re viewing a message that’s written in the same language as a web page. Any external content can be displayed in the message as if you’ve visited the sender’s website. Your email client will load any images, including ones that have an executable (Malware) embedded in it, and other content from an external server. While allowing remote content allows you to view any graphic content automatically, it isn’t a secure option.

Another problem with allowing remote content is that it can be used to verify your email address. If I send you a SPAM message, when you load the remote content, your client is contacting my server and requesting that the content be sent. I can now see that you made that request, and can see that it’s a legitimate email account that’s still in use. In verifying that email, I know to contact you further with either additional email, or (as we’ll see in chapter: Cybercrime) attempts to phish additional information out of you.

Also, additional information about you is sent with the request to a Web server for images and other content. The browser or email client will identify the application being used and the operating system its running on, which could be used by a hacker to identify possible vulnerabilities or target distribution of malware. The request will also include your IP address, which can be used to get a rough idea of your location.

When you block remote content and open the email, images and other external content don’t appear in the message. If I want to view the blocked content, I can click on a link at the top of the message to display images and other content, or if I trust the sender to always allow remote content from that sender.

HIDING THE MESSAGE PANE

A common feature in email clients is the Message Pane, which allows you to view the contents of any emails that you select in your inbox. It is a little deceptive in making you think that you haven’t opened the email, as you haven’t double-clicked on it so it opens in a new window. However, the Message Pane does open and display the contents of your email, and (depending on your settings) will display any of the images or external content used. As we mentioned, because emails can be written in HTML, the email client is acting like a browser, and you’re loading the equivalent of a web page with all the potential threats one can provide.

Hiding the message pane allows you to review the subject, sender, and other information listed in your inbox, but won’t show its contents when you click on it. This allows you to select different emails that seem suspicious or appear to be SPAM, and delete them as needed without opening them. To remove the message pane from Thunderbird, click on the View menu, select Layout, and then click Message Pane.

THE DANGERS OF AN ATTACHMENT

The message in an email is only one of the potential threats to your system. Files can also be attached to a message, and these have the same potential risks of files that you download from sites. Documents may be virus infected, and executable files (such as those with an .exe extension) may be attached to install malicious software on your computer. Even though the attachment is with the file, they only pose a threat if they’re activated.

Never open any attachment if you don’t know the sender, or the email seems suspicious. Even if you know the sender, it’s possible that the message and attachment was sent automatically by malware, and the actual person the email says it’s from doesn’t know that the email was sent. To avoid many of the known problems with attachments, ensure that the settings to allow your antivirus program to scan and quarantine email is enabled. If your antivirus can catch and remove infected messages, there’s less chance you’ll open a file that will infect your system.

FREE EMAIL SITES

You could contact your ISP to have additional email accounts setup for various purposes, or you could set them up yourself through an online service. There are a number of sites available for setting up additional email accounts that are free, including:

  • Gmail (www.gmail.com), which is a free email service from Google.
  • Outlook (www.outlook.com), which was is Microsoft’s email service formerly called Hotmail.
  • mail.com (www.mail.com), which provides the ability to choose different domain names in the email address.

These free email services allow you to store and access your email online, using a web-based interface to read and compose messages. Some of these have almost unlimited storage, while others require you to pay for premium accounts that allow you to store mail and attachments over a certain limit. These sites may provide additional features and services that may be useful, such as online calendars and file storage.

When looking at the features of free online email, you want to ensure that the service provides virus checks and good SPAM filtering. As we have seen in Chapter 10, Protecting your kids, antivirus protection will prevent unwanted code from corrupting your data or system, while SPAM filtering will keep unwanted advertisements, scams, and other inappropriate, dangerous, and/or unwanted email from getting into your inbox. Even if you have antivirus software installed on your computer, it’s important to realize that it will not scan and protect email and attachments stored on one of these sites. The email is stored on the email service’s server, so you need to ensure that they provide adequate protection before you download or open anything that’s been sent to you.

SECURITY SETTINGS ON EMAIL SITES

The security settings on free email sites vary. All of them will allow you to change your password, which as we saw in Chapter 2, Before connecting to the Internet, should be done on a recurring basis and use strong passwords. Beyond this, the features you encounter will vary.

While it would be impossible to cover the settings in every online email service, looking at a couple of popular sites will give you a good idea of what’s offered, and how to configure it properly. In the following sections, we’ll look at Mail.com and Gmail. For any email service, you’ll generally find the security and privacy settings for your email under your account settings.

Mail.com security settingsSYNGRESS

Figure 4.2 Mail.com security settings

Mail.com security

If you’re using mail.com as a free email service, you would login and see a link in the left pane of the screen called Settings (as shown in Fig. 4.2). Clicking this, you would then click on the Mail Security link under Security. Doing so provides you with a number of options, which when checked will activate the related feature:

  • Spam protection activated, which will prevent SPAM emails from being added to your inbox.
  • Contacts, which will prevent emails from people in your contact list from being flagged as SPAM. Generally, you can turn this off to prevent junk email that may have been automatically forwarded by people you know from appearing in your inbox. We saw how bots can do this without a person realizing it in Chapter 10, Protecting your kids.
  • POP3 options, which has a checkbox that indicates you’d like to be sent a daily report about SPAM that may have been received. This allows you to release or delete any mail that may have incorrectly been flagged as SPAM.
  • Virus protection activated, which checks your incoming and outgoing mail for viruses.

Other options in the security section of your mail.com account include:

  • Whitelist, which allows you to add email accounts and domains that should always be trusted, and never marked as SPAM.
  • Blacklist, which allows you to add email accounts and domains that should never be trusted, and you never want to receive mail from. This is especially useful if you are being harassed by a person, getting unwanted email from a company, or know that a particular site is a problem.
  • External content, which after being clicked, shows a page with a checkbox that allows you to prevent any content hosted on an external site (such as images) from appearing in your email. If this is activated, a link will appear in your email that allows you to show the images, and does not apply to any emails in your SPAM folder (which already keeps external content from being displayed).

GMAIL SECURITY

Gmail offers a number of features designed to protect your privacy and enhance the security of using email. After logging into Gmail, you can access your settings by clicking on the gear shaped icon in the upper right-hand corner, and then clicking settings. After doing so, you’re presented with a screen with tabs along the top of the screen. Clicking Accounts and Import will provide you with a variety of options to maintain your account, including a section called Change account settings. In this section, you can click on any of the following links:

  • Change password, where you can enter a new password, and will tell you the strength of that password.
  • Change password recovery options, which provides the ability to set recovery options if someone hijacks your account, or your password is forgotten. We’ll discuss more about this shortly.
  • Other Google Account settings, which presents a screen of additional options to control your account preferences, and options and tools related to your privacy and security settings. Again, we’ll delve deeper into this in the paragraphs that follow.

The password recovery features in Gmail allow you to set what happens when you forget your password or it appears an unauthorized person is trying to get into your account. The options on this page allow you to set the following:

  • Mobile phone, which (after providing your phone number) will be used to send a text message. Because an unauthorized person probably wouldn’t have your mobile phone, this ensures that you’re the person who the account belongs to.
  • Recovery email address, which can be used to challenge someone attempting to logon, and allows you to reset your password if you’re locked out.
  • Alternate email address, which allows you to specify a secondary way to log onto your account. This would be a different email address than your gmail.com account.
  • Security question, which allows you to set a question and answer that will be used to establish that you’re the person who should be logging in.

The Other Google Account settings link takes you to the My Account page at https://myaccount.google.com, where you can access settings that control your account preferences, personal information and privacy (which we’ll discuss further in chapter: Protecting yourself on social media), and sign-in and security options. The My Account page also provides tools for doing a checkup on your security and privacy settings, and will take you step-by-step through setting many of the options we’re about to discuss.

If you click on the Signing in to Google link, you’re given a number of options we’ve already discussed, including the ability to change your password, provide a recovery email address, provide a phone number to recover your account, and set a secret question. You’re also given an option in the Password and sign-in method section to use 2-Step Verification.

When 2-Step Verification is used, you would log onto Gmail as you normally would, but after entering your password, a code is sent via text, voice call, or the Google mobile app. This feature becomes especially important if you use untrusted computers or devices to access your mail, such as public computers. You must then enter this code to access your mail. To set up Google’s 2-Step Verification, follow these steps:

  1. After logging into Gmail, go to https://myaccount.google.com.
  2. Click on Signing in to Google.
  3. Click on 2-Step Verification.
  4. Click Start setup.
  5. When the Set up your phone page appears, enter your phone number.
  6. If you want Google to send you a text message with a code, click the Text message (SMS) option. If you want a voice call, then click the Voice Call option.
  7. Click Send code.
  8. When you receive the code, enter it in the box on the Verify you phonepage, and then click Verify.
  9. When the Verification codes on this computer screen appears, check the Trust this computer checkbox if you’re using a trusted computer (such as your home computer). In doing so, you might still be able to access your account without a code.
  10. Click Next.
  11. When the Turn on 2-step verification screen appears, click Confirm.

The next link on the My Account page is the Device activity & notifications link, which provides important information about how your account is being accessed. Here, you’ll find information on security events (such as password changes, modifications to your account, and so on), and devices that have recently been used to access the account. It shows the current device you’re using to access your account, as well as any other computers or mobile devices that were previously used. You should regularly review this section to determine if someone else is accessing your account. If something seems amiss, you can click the Secure your account link to change your password, review settings, and add or change recovery information that we discussed earlier. If you don’t think you’ll regularly visit the page to monitor this (as is the case with most people), you should click the Manage Settings link under Security alerts settings. In doing so, you can set whether you’ll receive an email and/or text message when there is a security risk (such as someone trying to access your account) or other account activity (such as when security settings are changed).

The final link is Connected apps & sites. As we saw in Chapter 1, What is cyber safety?, various apps on your mobile device or sites may connect to your Gmail account. By clicking the Manage Apps link on this page, you’ll be able to view which apps have access, and what they have access to (inclusive to such things as your mail, calendar, contacts, or basic account info). If there’s an app you no longer use, you would click on the Remove button beside the app’s name to complete revoke its access. The page also provides a Saved Passwords section, where you can manage passwords saved with Google Smart Lock, which we discussed in Chapter 2, Before connecting to the Internet.

At the bottom of this section, you’ll see an option to Allow less secure apps, which should be turned off. If an app uses less secure technology to sign-on, it can leave your Google account vulnerable, so by default this option is turned off.

NOTE

Other Ways of Checking Gmail Security and Privacy

You can also access your security settings by going to https://myaccount.google.com/security, and your privacy settings at https://myaccount.google.com/privacy. These sites will present you with the same options that we previously discussed related to security and privacy.

ENCRYPTION

There may be times when you need to send an email that’s secure, ensuring that no one other than the person it’s intended for reads it. There are a number of options available for encrypting messages, some of which require installing software like add-ons or extensions to your browser, while others are simple and straightforward.

Infoencrypt (www.infoencrypt.com) is an easy to use site, in which you type a message in a box on the web page, and provide and confirm a password. After clicking the Encrypt button, the page reloads and the message in the box is encrypted. For example, if you were to enter a phrase like “This is encrypted” and used the password test, it would return something like what follows:

encryptionSYNGRESS

The message itself is meaningless, unless the recipient uses the correct password to decrypt it. You would copy and paste the contents of the box and email it to the intended recipient, secure in the knowledge that no one else can read it.

When the recipient receives it, they would click a link that takes them to Infoencrypt’s website, where he or she copies and pastes the email message into the box, and enters and confirms the password you provided separately. After clicking Decrypt, the message is then revealed.

Another tool you can use to encrypt email sent through Gmail is a Google Chrome extension. By visiting Chrome’s Web store at https://chrome.google.com/webstore/, you can search for “Secure Mail for Gmail” and find the Secure Streak Gmail extension. Alternatively, you can also type the nightmarishly long URL https://chrome.google.com/webstore/detail/secure-mail-for-gmail-by/jngdnjdobadbdemillgljnnbpomnfokn and go directly to it. By clicking Add to Chrome, and then clicking Add Extension when the dialog appears, it will install in the browser.

Read an excerpt

Download the PDF of chapter four in full to learn more!

Once the tool is installed, you can then logon to Gmail (www.gmail.com) and you’ll see a new red button with a padlock icon beside the Compose button. Clicking the padlock icon will open a new message dialog. After composing the email, you’d then click the Send Encrypted button.

After you click the button to send your encrypted email, a new message will appear asking you to enter a password and provide a secret hint. The hint should be something that only the recipient would know the answer to, thereby revealing what to enter as a password. After filling this out, click the Encrypt and Send button.

The message that the recipient receives will be encrypted. If they receive it on a standard email client, it will include a link to install the Secure Streak Gmail Extension. If they already have the extension, they will see a link to decrypt the email, and when clicking it will be asked to enter a password and see your hint. After providing the password, the message is decrypted.

 

About the author:

John Sammons is an Associate Professor and Director of the undergraduate program in Digital Forensics and Information Assurance at Marshall University in Huntington, West Virginia. He teaches digital forensics, electronic discovery, information security and technology in the School of Forensic and Criminal Justices Sciences. Mr. Sammons is also adjunct faculty with the Marshall University graduate forensic science program where he teaches the advanced digital forensics course. A former police officer, he is also an Investigator with the Cabell County Prosecuting Attorney’s Office and a member of the West Virginia Internet Crimes Against Children Task Force. Mr. Sammons is a Member of the American Academy of Forensic Sciences, the High Technology Crime Investigation Association, and Infragard. He is the founder and President of the Appalachian Institute of Digital Evidence, a non-profit organization that provides research and training for digital evidence professionals including attorneys, judges, law enforcement and information security practitioners in the private sector.

Michael Cross is a SharePoint Administrator and Developer, and has worked in the areas of software development, Web design, hardware installation/repairs, database administration, graphic design, and network administration. He is also a former Computer Forensic Examiner with Police Services in the Niagara Region of Ontario, Canada. Working for law enforcement, Mr. Cross was part of an Information Technology team that provided support to more than 1,000 civilian and uniformed users. He performed digital forensic examinations on computers involved in criminal investigations. Over five years, Mr. Cross recovered and examined evidence involved in a wide range of crimes, inclusive to homicides, fraud, and possession of child pornography. In addition to this, he successfully tracked numerous individuals electronically, as in cases involving threatening e-mail. Mr. Cross has consulted and assisted in numerous cases dealing with computer-related/Internet crimes and served as an expert witness on computers for criminal trials. In 2007, he was awarded a Police Commendation for work he did in developing a system to track local high-risk offenders and sexual offenders. With extensive experience in Web design and Internet-related technologies, Mr. Cross has also created and maintained numerous Web sites and implementations of Microsoft SharePoint. This has included public Web sites, private ones on corporate intranets, and solutions that integrate them. In doing so, he has incorporated and promoted social networking features, created software to publish press releases online, and developed a wide variety of solutions that make it easier to get work done

What does NYACP think of us?

Posted on Updated on

ITG remains committed to their clients day in and day out. Whenever you need someone, you know who to call. Mike and the ITG team care so much about the clients that they want to spread the word. Although it may be strange if Mike stood on a rooftop yelling about all the ways they can help someone, we figured the clients could tell you best. We recently interviewed Linda from NYACP, New York Chapter American College of Physicians, to get her take on ITG and to find out more about what she does!

NYACP is a not-for-profit professional service organization providing education, NYACPadvocacy and quality improvement/practice management for 12,000 internal medicine physicians in New York state. Linda loves that her work focuses on improving healthcare and helping members achieve success in the ever-changing practice environment.

 

78e61d92c5f1181e8691a92f30935b56.jpg

In a world of such uncertainty and change, wouldn’t you want to feel that passion? Every business will suffer from technological issues, updates and threats to operations by viruses and other intrusions. Lucky for Linda, her limited IT experience was in hiring the right consultant.  She has better peace of mind within the company since working with ITG. She has been able to learn more about technology as her business grew and came to better understand the impact of technology and interoperability. This allows her to feel more comfortable with her entire IT infrastructure allowing her to focus more on management and operations.

 

She was first introduced to ITG by word of mouth from colleagues. After interviewing others and assessing the best choice, Linda chose ITG because of their experience and local reach. She has not been disappointed, and its been years working together! When asked what the process is like to work with ITG she said: “They are a sound, reliable partner, they respond to our needs expeditiously and completely.” She considers the ability to ask questions and get “helpful, meaningful information in easy to understand language (and Diagrams!!!)” to be the best value for a busy executive.24009d004811274573e0ea87c61afa4c.png

Did you Know……….

  • Her favorite part of working with ITG is “the staff, the reliability of their recommendations and their service”!
  • There are laws and regulations in place that require companies to take measures to prevent data breaches and other attacks.

You too can have the peace of mind in your day to day life by partnering with a company that cares about your business, answers questions and immediately responds to concerns. Reach out to ITG today and speak with the team about how they can help!

 

Here’s what keeps your CISO up at night

Posted on

As seen on February 14th, 2018 on Helpnetsecurity.

89.1 percent of all information security leaders are concerned about the rise of digital threats they are experiencing across web, social and mobile channels, according to the 2018 CISO Survey by RiskIQ.

ciso worry

Some 1,691 U.S. and U.K. information security leaders across multiple verticals, including enterprise, consulting, government and education, provided insights into their cyber risk concerns and plans for 2018.

Overall, the survey revealed a coming “perfect storm,” where the problem of staff shortages collides with escalating cybercrime, leaving organizations ill-equipped to manage and respond to cyber risks and threats that are accelerating in an era of digital transformation, pervasive connections and increasingly sophisticated attack strategies sponsored by nation-states and rogue actors.

As the Spectre and Meltdown security flaws in Intel chips dominated the news in early 2018, and after a year of major security breach announcements and settlements, including Equifax, Yahoo and Anthem, the following findings are hardly surprising:

  • 67 percent of cybersecurity leaders do not have sufficient staff to handle the daily barrage of cyber alerts they receive
  • 60 percent expect digital threats to grow as their organizations increase online engagement with customers
  • The top three digital threats information security leaders fear are phishing and malware attacks on employees and customers; brand impersonation, abuse, and reputational damage; and information breaches
  • The top risk organizations face today is a lack of experienced staff to monitor and help protect networks from cybercrime
  • Currently, 37 percent of firms have engaged a managed security services provider (MSSP) to help monitor and manage cyberthreats.

ciso worry

“The RiskIQ 2018 CISO Survey illuminates a growing industry-wide problem, which is that cybercrime is growing at scale, and enterprises are already experiencing critical staff shortages. That’s one reason 1 in 3 organizations have engaged with an MSSP to combat cyber risks and threats, and we expect that number to grow as the competition for top security talent gets far more intense,” said Lou Manousos, CEO at RiskIQ.

 

Check out all of our services offered at our website or call us today: 518-479-3881.

The biggest cloud security threats, according to the CSA

Posted on Updated on

Article By: Rob Shapland of First Base Technologies LLP

The Cloud Security Alliance recently released its 2017 report on “The Treacherous 12,” a detailed list of the most significant cloud security threats. The list was compiled by surveying industry experts and combining the results with risk analysis to determine the threats that are most prevalent to organizations storing data in the cloud.

An interesting observation is how similar cloud security threats are to the risks of storing data anywhere else. The data in the cloud is still stored in a data center, and it can still be accessed by hackers via many of the same methods they have always used, such as email phishing, weak passwords and a lack of multifactor authentication.

There seems to be a general opinion among many organizations that storing your data in the cloud — specifically in infrastructure as a service — outsources the security completely, with an almost out of sight, out of mind attitude. However, as cloud service providers will point out, there is a shared responsibility model that means although the cloud provider may be in charge of the underlying infrastructure, your organization is responsible for the security of the applications and data that reside on that hardware.images (2)

The top cloud security threats

The key cloud security threats worth highlighting from “The Treacherous 12” report are the insider threat, the risk of data loss and insufficient due diligence. They demonstrate the casual attitude many organizations have about the use and management of cloud services.

There are many cases where organizations use cloud services as a way of bypassing what is seen as an overly restrictive IT department, whereas, in reality, the IT team is trying to protect the data. By bypassing the IT team and signing up for cloud services without their consent, the business can think it’s becoming more agile in its approach, but, in reality, it is circumventing restrictions that were designed to reduce the risk of a data breach.

The data in the cloud is still stored in a data center, and it can still be accessed by hackers.

There are many different SaaS providers offering tools and services to organizations with slick marketing and promises of positive ROI. However, the due diligence that is done on these services is lacking, which may be surprising.

For example, if your organization outsources its HR data to a small SaaS company, performing security due diligence on it should be a key prerequisite. That company may spend only a fraction of what your organization spends on security, and it may be a very attractive target for hackers because of the data it stores. Your organization’s data may be far more likely to be stolen through that third party.

You also may be reliant on that organization’s backups to prevent data loss; storing critical data on another company’s network leaves your organization at even greater risk. There is also the added risk of insider attacks; the employees of the SaaS company have not been through your vetting procedures, and its processes for monitoring staff may not be as robust as yours.

Overall, the Cloud Security Alliance’s report successfully highlights the key cloud security threats and just how similar those risks are to storing data anywhere else. It provides a timely reminder to ensure that enterprises treat the data they store in the cloud with the same care and attention that it would if it were storing it on premises.

 

Are you convinced yet? Our MSS services are a proactive and detective service to reduce security risks. Call us today to find out how we can help prevent the inevitable 518-479-3881.

The Basics of Cyber Safety

Posted on

In this excerpt from chapter four of The Basics of Cyber Safety, authors John Sammons and Michael Cross discuss basic email security.

The following is an excerpt from The Basics of Cyber Safety by authors John Sammons and Michael Cross and published by Syngress. This section from chapter four explores the basics of email and email security.

Email is a term that’s short for electronic mail, and a common method of exchanging messages over the Internet. You’ll use an email client, like Google mail or Outlook, installed on a computer, an app on your mobile phone, or a website to create and read the messages. The email is sent to a mail server, which is a computer that’s used to store and forward messages.

To demonstrate how this works, let’s say that you’re going to send me an email. If you have an email client installed on your computer, you’ll write a message to me and click the send button. That message is sent to a mail server, which may be one provided by your Internet Service Provider (ISP). If I had an email account with another ISP, or a free email service like Gmail, the mail server would forward that email onto the mail server that I use. It would be stored in a mailbox, which would be an area on the mail server that’s designated for mail going to my account. When I retrieve the mail online, I would be accessing that mailbox, and see your email in an area for mail I’ve received called an Inbox.

As we’ll see in the sections that follow, there are a lot of potential problems with using email, but there are settings and decisions you can make to protect yourself. You may have information of some kind included with the email called an attachment, which could be virus infected. It could have links in the email that may take you to a site to fool you into providing sensitive information or automatically download and infect your system with malware. By knowing what to look out for, and configuring your email client properly, you can safeguard yourself and minimize these and other threats.

EMAIL PROTECTION

Depending on what you plan to do on the Internet, it’s advisable to setup separate email accounts for different types of online activities. By this, we’re not saying that you should have different email addresses for each of the sites you commonly visit. The kind of email accounts you have will be based on what they’ll be used for and your need for privacy. Some of the ones you might have include:

  • A generic account, which is often the first one you have when you sign-up for Internet Service. This will be the one you commonly give to friends, family, and others you want to stay in contact with.
  • Work email, which is used for business purposes. This may be one created for you by your employer, and should only be used for work-related purposes.
  • Social media email, used for sites like Facebook, Twitter, and so on.
  • Email account(s) for chat, instant messaging, shopping, promotional sites, or other sites where you want additional privacy.

There are many reasons why you’d want separate accounts. One is that you should never use work email for personal reasons. Many companies have policies dealing with proper use of technology, and using corporate email to sign up on sites, chat, or simply sending personal messages could result in disciplinary actions or even termination of employment. As we saw in Chapter 1, What is cyber safety?, companies own any email account issued to you, meaning that they can access your mail, and you should have zero expectations of privacy.

Another reason to have multiple accounts is that it compartmentalizes what you send and receive, and can limit the amount of SPAM and notifications going to your primary account. Personal messages go to a generic account, work email to a corporate account, and notifications and messages from social media sites, chat sites, and so on would go to their own account.

LIMITING WHAT YOUR EMAIL REVEALS

Generally, when you sign up with an ISP, you’re issued an email address that includes your name in it or your first initial and last name. For example, my email address might be michaelcross@domainname.com or mcross@domainname.com. In looking at it, you can see that all or part of my name is included in the address. As we’ll see throughout this book, these little tidbits of information can be used with other information gathered about you, and reveal more than you want to know.

Before setting up any accounts on social media sites, chat rooms, and so on, you should seriously consider setting up one or more email accounts with less revealing information. In doing so, the name used for the email account should include nonidentifying information. For example, using an email address like snickers@domainname.com may indicate you’re a happy person, but it doesn’t reveal who you actually are.

Understanding the Importance of Nonidentifying Email

Keep in mind that your family and friends already know your full name, but many of the online “friends” or connections you make are actually strangers. You never want to reveal more to a complete stranger than necessary, and one of the biggest identifiers of a person is their name. To illustrate a problem with revealing email addresses, let’s say you used a chat site, discussion board, or instant messaging (which we discuss in chapter: Beyond technology — dealing with people) to meet new people and have online discussions. When you set up an account to use any of these, you’re probably given the option of creating a username or alias, so that when you’re chatting other people would see you as “Big Bob” or some other name you came up with. Now, consider that one of these people decided to check your account profile, and saw your email address. If it included your real name, the stranger now knows who you are, and the anonymity and protection provided by an alias or username is lost.

Depending on your needs for the account, you should also limit any information included in a signature in messages. For work email, you might include your work number, extension, company website, business address, and so on. However, you do not want to include this in other emails being sent, unless there is a specific and exceptional reason to do so. Even if you send personal information in an email to someone you trust, there is no guarantee that they won’t forward it, or include others in the reply that would show the original information you sent.

CHOOSING AN EMAIL CLIENT

There are a number of good email clients available, but the one you choose will often depend on the operating system you’re using, and the amount of money you’re willing to pay. The email client you use may be one that’s installed on your computer, or an online version that you access through a browser. Some of the email clients that can be installed on a computer include:

  • Microsoft Outlook, which runs on Windows and Apple and is commonly used by businesses. It’s included with Microsoft Office or Microsoft Office 365.
  • Apple Mail, which is Apple’s email client.
  • Thunderbird, which is available for Apple, Linux, and Windows machines.

Securing Thunderbird

In this section we’ll go through a number of common settings found in email clients that are installed on your computer, using Thunderbird as an example. Thunderbird is a popular, free email client from Mozilla that can be installed on Windows, Apple, and Linux machines, and has a number of features that can be configured to improve your

features should be available under the client’s settings. To configure Thunderbirds Privacy and Security settings:

  1. After opening Thunderbird, click on the Tools menu, and then click Options.
  2. When the Options dialog appears, click on the Privacy icon at the top to display a screen similar to that shown in Fig. 4.1.
  3. Click on the Allow remote content in messages so it appears unchecked. This will prevent any images or other content from being automatically viewed in the email. We’ll explain more about why it’s important not to allow this in a section that follows.
  4. In the section dealing Web Content, if you don’t want cookies (which we discussed in chapter: Before connecting to the Internet) to be used, you can click on the Accept cookies from sites checkbox so it appears unchecked. You can then click on the Exceptions button to specify which sites are always or never allowed to use cookies. To view the cookies on your machine, click the Show Cookies button, where you can then remove them as desired.
  5. Click on the Tell sites that I do not want to be tracked checkbox so that it’s checked. This will send a request not to track your activities, opting you out of any tracking systems on a site you’re accessing, so that tracking cookies aren’t sent to your computer.

To modify the security settings in Thunderbird, you would click on the Security icon at the top of the Options dialog. Upon doing so, you’ll be presented with several tabs of options, where you can make the following modifications:

  1. On the Junk tab, you can configure settings to train Thunderbird to detect junk mail or SPAM, and specify what happens to email. You can flag an email as junk mail in Thunderbird by right-clicking on a message, selecting Mark, and then clicking As Junk. On this tab, you should do the following:
    1. Click on When I mark a message as junk so the checkbox appears checked, and then either select the option to move it to a junk folder. This will automatically move any junk messages to the account’s “Junk” folder. Alternatively, you can click on the Delete them option, so that your junk mail is automatically deleted.
    2. Click on the Mark messages determined to be junk as read checkbox so it appears checked. In doing so, the message won’t appear as unread, meaning there’s less chance of you accidentally opening it.
    3. Click on the Enable adaptive junk filter logging so the checkbox appears checked.
    4. On the Email Scams tab, click on the Tell me if the message I’m reading is a suspected email scam so the checkbox appears checked. If the email has known elements of being a scam, you’ll be presented with a warning.
    5. On the Anti-Virus tab, click on the Allow antivirus clients to quarantine individual incoming messages so it appears checked. This will allow your antivirus software to remove any infected messages before you read them.
    6. On the Passwords tab, click the Use a master password checkbox so it appears checked. After checking this, you’ll be prompted to provide and confirm a password. The next time you open Thunderbird, you’ll need to enter the password, preventing anyone else from opening Thunderbird and reading your email. To change the password afterwards, click on the Change Master Passwordbutton on this tab.
    7. Click OK.

WHY IS IT IMPORTANT TO BLOCK REMOTE CONTENT?

When an email is opened, or viewed in the message pane of an email client, it’s possible for content from a server to appear in the message. If the email is in an HTML format, then you’re viewing a message that’s written in the same language as a web page. Any external content can be displayed in the message as if you’ve visited the sender’s website. Your email client will load any images, including ones that have an executable (Malware) embedded in it, and other content from an external server. While allowing remote content allows you to view any graphic content automatically, it isn’t a secure option.

Another problem with allowing remote content is that it can be used to verify your email address. If I send you a SPAM message, when you load the remote content, your client is contacting my server and requesting that the content be sent. I can now see that you made that request, and can see that it’s a legitimate email account that’s still in use. In verifying that email, I know to contact you further with either additional email, or (as we’ll see in chapter: Cybercrime) attempts to phish additional information out of you.

Also, additional information about you is sent with the request to a Web server for images and other content. The browser or email client will identify the application being used and the operating system its running on, which could be used by a hacker to identify possible vulnerabilities or target distribution of malware. The request will also include your IP address, which can be used to get a rough idea of your location.

When you block remote content and open the email, images and other external content don’t appear in the message. If I want to view the blocked content, I can click on a link at the top of the message to display images and other content, or if I trust the sender to always allow remote content from that sender.

HIDING THE MESSAGE PANE

A common feature in email clients is the Message Pane, which allows you to view the contents of any emails that you select in your inbox. It is a little deceptive in making you think that you haven’t opened the email, as you haven’t double-clicked on it so it opens in a new window. However, the Message Pane does open and display the contents of your email, and (depending on your settings) will display any of the images or external content used. As we mentioned, because emails can be written in HTML, the email client is acting like a browser, and you’re loading the equivalent of a web page with all the potential threats one can provide.

Hiding the message pane allows you to review the subject, sender, and other information listed in your inbox, but won’t show its contents when you click on it. This allows you to select different emails that seem suspicious or appear to be SPAM, and delete them as needed without opening them. To remove the message pane from Thunderbird, click on the View menu, select Layout, and then click Message Pane.

THE DANGERS OF AN ATTACHMENT

The message in an email is only one of the potential threats to your system. Files can also be attached to a message, and these have the same potential risks of files that you download from sites. Documents may be virus infected, and executable files (such as those with an .exe extension) may be attached to install malicious software on your computer. Even though the attachment is with the file, they only pose a threat if they’re activated.

Never open any attachment if you don’t know the sender, or the email seems suspicious. Even if you know the sender, it’s possible that the message and attachment was sent automatically by malware, and the actual person the email says it’s from doesn’t know that the email was sent. To avoid many of the known problems with attachments, ensure that the settings to allow your antivirus program to scan and quarantine email is enabled. If your antivirus can catch and remove infected messages, there’s less chance you’ll open a file that will infect your system.

FREE EMAIL SITES

You could contact your ISP to have additional email accounts setup for various purposes, or you could set them up yourself through an online service. There are a number of sites available for setting up additional email accounts that are free, including:

  • Gmail (www.gmail.com), which is a free email service from Google.
  • Outlook (www.outlook.com), which was is Microsoft’s email service formerly called Hotmail.
  • mail.com (www.mail.com), which provides the ability to choose different domain names in the email address.

These free email services allow you to store and access your email online, using a web-based interface to read and compose messages. Some of these have almost unlimited storage, while others require you to pay for premium accounts that allow you to store mail and attachments over a certain limit. These sites may provide additional features and services that may be useful, such as online calendars and file storage.

When looking at the features of free online email, you want to ensure that the service provides virus checks and good SPAM filtering. As we have seen in Chapter 10, Protecting your kids, antivirus protection will prevent unwanted code from corrupting your data or system, while SPAM filtering will keep unwanted advertisements, scams, and other inappropriate, dangerous, and/or unwanted email from getting into your inbox. Even if you have antivirus software installed on your computer, it’s important to realize that it will not scan and protect email and attachments stored on one of these sites. The email is stored on the email service’s server, so you need to ensure that they provide adequate protection before you download or open anything that’s been sent to you.

SECURITY SETTINGS ON EMAIL SITES

The security settings on free email sites vary. All of them will allow you to change your password, which as we saw in Chapter 2, Before connecting to the Internet, should be done on a recurring basis and use strong passwords. Beyond this, the features you encounter will vary.

While it would be impossible to cover the settings in every online email service, looking at a couple of popular sites will give you a good idea of what’s offered, and how to configure it properly. In the following sections, we’ll look at Mail.com and Gmail. For any email service, you’ll generally find the security and privacy settings for your email under your account settings.

If you’re using mail.com as a free email service, you would login and see a link in the left pane of the screen called Settings (as shown in Fig. 4.2). Clicking this, you would then click on the Mail Security link under Security. Doing so provides you with a number of options, which when checked will activate the related feature:

  • Spam protection activated, which will prevent SPAM emails from being added to your inbox.
  • Contacts, which will prevent emails from people in your contact list from being flagged as SPAM. Generally, you can turn this off to prevent junk email that may have been automatically forwarded by people you know from appearing in your inbox. We saw how bots can do this without a person realizing it in Chapter 10, Protecting your kids.
  • POP3 options, which has a checkbox that indicates you’d like to be sent a daily report about SPAM that may have been received. This allows you to release or delete any mail that may have incorrectly been flagged as SPAM.
  • Virus protection activated, which checks your incoming and outgoing mail for viruses.

Other options in the security section of your mail.com account include:

  • Whitelist, which allows you to add email accounts and domains that should always be trusted, and never marked as SPAM.
  • Blacklist, which allows you to add email accounts and domains that should never be trusted, and you never want to receive mail from. This is especially useful if you are being harassed by a person, getting unwanted email from a company, or know that a particular site is a problem.
  • External content, which after being clicked, shows a page with a checkbox that allows you to prevent any content hosted on an external site (such as images) from appearing in your email. If this is activated, a link will appear in your email that allows you to show the images, and does not apply to any emails in your SPAM folder (which already keeps external content from being displayed).

GMAIL SECURITY

Gmail offers a number of features designed to protect your privacy and enhance the security of using email. After logging into Gmail, you can access your settings by clicking on the gear shaped icon in the upper right-hand corner, and then clicking settings. After doing so, you’re presented with a screen with tabs along the top of the screen. Clicking Accounts and Import will provide you with a variety of options to maintain your account, including a section called Change account settings. In this section, you can click on any of the following links:

  • Change password, where you can enter a new password, and will tell you the strength of that password.
  • Change password recovery options, which provides the ability to set recovery options if someone hijacks your account, or your password is forgotten. We’ll discuss more about this shortly.
  • Other Google Account settings, which presents a screen of additional options to control your account preferences, and options and tools related to your privacy and security settings. Again, we’ll delve deeper into this in the paragraphs that follow.

The password recovery features in Gmail allow you to set what happens when you forget your password or it appears an unauthorized person is trying to get into your account. The options on this page allow you to set the following:

  • Mobile phone, which (after providing your phone number) will be used to send a text message. Because an unauthorized person probably wouldn’t have your mobile phone, this ensures that you’re the person who the account belongs to.
  • Recovery email address, which can be used to challenge someone attempting to logon, and allows you to reset your password if you’re locked out.
  • Alternate email address, which allows you to specify a secondary way to log onto your account. This would be a different email address than your gmail.com account.
  • Security question, which allows you to set a question and answer that will be used to establish that you’re the person who should be logging in.

The Other Google Account settings link takes you to the My Account page at https://myaccount.google.com, where you can access settings that control your account preferences, personal information and privacy (which we’ll discuss further in chapter: Protecting yourself on social media), and sign-in and security options. The My Account page also provides tools for doing a checkup on your security and privacy settings, and will take you step-by-step through setting many of the options we’re about to discuss.

If you click on the Signing in to Google link, you’re given a number of options we’ve already discussed, including the ability to change your password, provide a recovery email address, provide a phone number to recover your account, and set a secret question. You’re also given an option in the Password and sign-in method section to use 2-Step Verification.

When 2-Step Verification is used, you would log onto Gmail as you normally would, but after entering your password, a code is sent via text, voice call, or the Google mobile app. This feature becomes especially important if you use untrusted computers or devices to access your mail, such as public computers. You must then enter this code to access your mail. To set up Google’s 2-Step Verification, follow these steps:

  1. After logging into Gmail, go to https://myaccount.google.com.
  2. Click on Signing in to Google.
  3. Click on 2-Step Verification.
  4. Click Start setup.
  5. When the Set up your phone page appears, enter your phone number.
  6. If you want Google to send you a text message with a code, click the Text message (SMS) option. If you want a voice call, then click the Voice Call option.
  7. Click Send code.
  8. When you receive the code, enter it in the box on the Verify you phone page, and then click Verify.
  9. When the Verification codes on this computer screen appears, check the Trust this computer checkbox if you’re using a trusted computer (such as your home computer). In doing so, you might still be able to access your account without a code.
  10. Click Next.
  11. When the Turn on 2-step verification screen appears, click Confirm.

The next link on the My Account page is the Device activity & notifications link, which provides important information about how your account is being accessed. Here, you’ll find information on security events (such as password changes, modifications to your account, and so on), and devices that have recently been used to access the account. It shows the current device you’re using to access your account, as well as any other computers or mobile devices that were previously used. You should regularly review this section to determine if someone else is accessing your account. If something seems amiss, you can click the Secure your account link to change your password, review settings, and add or change recovery information that we discussed earlier. If you don’t think you’ll regularly visit the page to monitor this (as is the case with most people), you should click the Manage Settings link under Security alerts settings. In doing so, you can set whether you’ll receive an email and/or text message when there is a security risk (such as someone trying to access your account) or other account activity (such as when security settings are changed).

The final link is Connected apps & sites. As we saw in Chapter 1, What is cyber safety?, various apps on your mobile device or sites may connect to your Gmail account. By clicking the Manage Apps link on this page, you’ll be able to view which apps have access, and what they have access to (inclusive to such things as your mail, calendar, contacts, or basic account info). If there’s an app you no longer use, you would click on the Remove button beside the app’s name to complete revoke its access. The page also provides a Saved Passwords section, where you can manage passwords saved with Google Smart Lock, which we discussed in Chapter 2, Before connecting to the Internet.

At the bottom of this section, you’ll see an option to Allow less secure apps, which should be turned off. If an app uses less secure technology to sign-on, it can leave your Google account vulnerable, so by default this option is turned off.

Other Ways of Checking Gmail Security and Privacy

You can also access your security settings by going to https://myaccount.google.com/security, and your privacy settings at https://myaccount.google.com/privacy. These sites will present you with the same options that we previously discussed related to security and privacy.

ENCRYPTION

There may be times when you need to send an email that’s secure, ensuring that no one other than the person it’s intended for reads it. There are a number of options available for encrypting messages, some of which require installing software like add-ons or extensions to your browser, while others are simple and straightforward.

Infoencrypt (www.infoencrypt.com) is an easy to use site, in which you type a message in a box on the web page, and provide and confirm a password. After clicking the Encrypt button, the page reloads and the message in the box is encrypted. For example, if you were to enter a phrase like “This is encrypted” and used the password test, it would return something like what follows:

encryptionSYNGRESS

The message itself is meaningless, unless the recipient uses the correct password to decrypt it. You would copy and paste the contents of the box and email it to the intended recipient, secure in the knowledge that no one else can read it.

When the recipient receives it, they would click a link that takes them to Infoencrypt’s website, where he or she copies and pastes the email message into the box, and enters and confirms the password you provided separately. After clicking Decrypt, the message is then revealed.

Another tool you can use to encrypt email sent through Gmail is a Google Chrome extension. By visiting Chrome’s Web store at https://chrome.google.com/webstore/, you can search for “Secure Mail for Gmail” and find the Secure Streak Gmail extension. Alternatively, you can also type the nightmarishly long URL https://chrome.google.com/webstore/detail/secure-mail-for-gmail-by/jngdnjdobadbdemillgljnnbpomnfokn and go directly to it. By clicking Add to Chrome, and then clicking Add Extension when the dialog appears, it will install in the browser.

Once the tool is installed, you can then logon to Gmail (www.gmail.com) and you’ll see a new red button with a padlock icon beside the Compose button. Clicking the padlock icon will open a new message dialog. After composing the email, you’d then click the Send Encrypted button.

After you click the button to send your encrypted email, a new message will appear asking you to enter a password and provide a secret hint. The hint should be something that only the recipient would know the answer to, thereby revealing what to enter as a password. After filling this out, click the Encrypt and Send button.

The message that the recipient receives will be encrypted. If they receive it on a standard email client, it will include a link to install the Secure Streak Gmail Extension. If they already have the extension, they will see a link to decrypt the email, and when clicking it will be asked to enter a password and see your hint. After providing the password, the message is decrypted.

Policies you NEED to follow.

Posted on Updated on

As seen in the article written by Shearman: Aug 22, 2017

The New York State Department of Financial Services (“NYDFS”) enacted final cybersecurity regulations (“Regulations”) for NYDFS regulated entities that went into effect on March 1, 2017.[1] The first deadline for compliance under the Regulations is August 28, 2017, by which date covered entities are required to, among other things, create a written cybersecurity policy and appoint a Chief Information Security Officer (“CISO”).[2] The Regulations also require an annual certification by the Chairperson of the covered entity’s Board of Directors (or a senior officer) as to the entity’s compliance with the Regulations. As the first such certification is required to be made by February 15, 2018, and the NYDFS has issued updated Frequently Asked Questions (“FAQs”)[3] that provide additional compliance guidance, now is the time to look beyond the first deadline and begin taking action.

The ten steps set forth below will help a covered entity’s Board ensure that they will be prepared to make the certification come February:

Evaluate the Applicability of the Regulations

The recent FAQs have clarified that not only are New York branches and agencies of foreign banks subject to the Regulations, but representative offices are within scope, as well. The Regulations also provide for exemptions from certain specified provisions of the Regulations for covered entities satisfying certain criteria. If the elements of an exemption are met, such a notice of exemption may be filed electronically with the NYDFS.

A covered entity may adopt some or all of the cybersecurity program of an affiliated entity, provided the covered entity’s overall program satisfies the Regulations. The annual certification must be completed by the covered entity; this cannot be completed by an affiliated entity.

Know the Deadlines

The Regulations call for rolling deadlines for compliance spread over the next two years. Meeting each deadline is critical to maintaining compliance with the Regulations. In the recent FAQs, the NYDFS clarified that compliance with currently applicable requirements can be subject to updates and revisions to reflect later implemented requirements.

  • August 28, 2017: Covered entities must establish and maintain a cybersecurity program, including a cybersecurity policy approved by the Board or a senior officer, the appointment of a CISO, access privileges to protect non-public information and procedures to notify the NYDFS of cybersecurity events.
  • February 15, 2018: The Chairperson of the Board (or a senior officer) is required to submit its first certification to the NYDFS as to compliance with the Regulations. The NYDFS expects full compliance by this date, subject to requirements still subject to transition periods.
  • March 1, 2018: Covered entities must have:
    • submitted to the Board (or a senior officer) the CISO’s report on the covered company’s cybersecurity program;
    • conducted penetration testing and a vulnerability assessment;
    • conducted a risk assessment;
    • implemented multi-factor authentication; and
    • provided regular cybersecurity awareness training to personnel.
  • September 3, 2018: The 18-month transition period ends and the entity must have built out its cybersecurity program to include:
    • an audit trail;
    • written procedures, guideline and standards for the security of in-house or externally developed applications;
    • data retention policies and controls to protect nonpublic information;
    • policies and procedures to monitor the activity of authorized users; and
    • controls, including encryption, to protect non-public information.
  • March 1, 2019: Covered entities must implement cybersecurity policies to cover third-party service providers.

Know the Consequences

The Regulations are enforced by the Superintendent of the NYDFS. Practically, this means that the NYDFS will incorporate compliance with the Regulations into its regular exam process and could impose fines or revoke an entity’s license for noncompliance and potentially even hold personally liable the Board member or officer who signed the annual certification. Entities may face reputational or litigation risks to the extent they are found to be out of compliance with the Regulations or if they become victims of a material cyber incident.

Hire the Right People

Management should present the Board with a qualified CISO. Depending on the entity’s risk assessment, the Board should weigh the costs and benefits of having an internal CISO or hiring a third-party CISO. A covered entity may use an affiliated entity’s employee as its CISO. The affiliated CISO will not be considered a third-party provider, but the covered entity must ensure that the CISO is abiding by the Regulations.

All of the entity’s cybersecurity personnel must be qualified and receive updates and training sufficient to address and manage cybersecurity risks to the entity. Further, all personnel of the entity should receive regular cybersecurity awareness training.

Create a Reporting Plan

The Regulations call for reporting cybersecurity events in certain circumstances. A Board should ensure that a firm’s incident response plan contemplates the circumstances under which reporting may be required.

  • Covered entities are not required to report to the NYDFS all unsuccessful attacks, but they are required to report attempts that are sufficiently serious to raise a concern.
  • Covered entities are required to report to the NYDFS certain cybersecurity events, including any event (i) of which notice is required to be provided to a government body or regulator, (ii) that is likely to harm a material part of the operations of the covered entity, or (iii) that involves actual or potential harm to consumers.
  • Covered entities are required to provide notice to consumers that are affected by a cybersecurity event.

An entity’s incident response plan should contemplate the deadline for submitting a notice (72 hours in certain circumstances) as well as the form for reporting.

Conduct a Risk Assessment

Boards should ensure that the CISO undertakes and documents a comprehensive cyber risk assessment as required by the Regulations as soon as practicable, followed by periodic assessments going forward. The CISO should present the results of the assessment to the Board or one of its committees.

Tailor the Cybersecurity Program

Management should present the Board with an overview of the entity’s cybersecurity program, including a discussion of the controls implemented, together with an explanation as to how management weighed the identified risks and how the entity’s cybersecurity program is tailored to address such risks. Ongoing monitoring and testing of the entity’s cybersecurity program, as required by the Regulations, should inform updates to the program.

Consider Third-Party Risk Management

The Regulations require firms to ensure that their systems and nonpublic information are also secure in the hands of third-party service providers. While satisfaction of this requirement has the longest transition period for compliance, compliance will require a significant undertaking. Firms will need to inventory and diligence all relevant third-party service providers to evaluate, among other things, the type of information provided to such providers and providers’ cybersecurity practices, to establish policies and procedures for relationships with third-party providers and to review and update contractual agreements governing relationships with third-party service providers. Covered entities are required to make a risk assessment as to each service provider regarding the requisite appropriate controls that should be established rather than adopt a “one-size-fits-all” solution.

Create a Paper Trail

In addition to ensuring that adequate cybersecurity policies and procedures are in place and being observed, covered entities are required to maintain systems designed to reconstruct material financial transactions sufficient to support normal operations and to create an audit trail to detect and respond to material cyber incidents.

Strike a Balance

The CISO is responsible for reporting annually to the Board as to the entity’s cybersecurity program and material cybersecurity risks. Boards will need to be well-informed about the entity’s compliance with the Regulations without being overburdened. While Board members are not expected to be involved in the day-to-day decision-making regarding the cybersecurity policy, they must receive sufficiently detailed data to make informed decisions.

For a more detailed overview of the NYDFS Regulations or to learn how they could affect your organization, please contact one of us or consult our firm’s primer.

Who is ITG?

Posted on Updated on

The staff said it best…

WordItOut-word-cloud-2735341 (1).png
The most common things mentioned by the staff themselves. 

ITG, Integrated Technology Group, is home to some of the most talented computer experts you can find. They’ve been in business for 15 years and 90% of their “year one” clients still do business with them. Their business model is simple ‘making technology work for you’. This can be a range of issues from hardware and software upgrades to troubleshooting network issues and security needs. There is a myriad of services offered by the local business which can be found directly on their website. Why choose ITG over competitors? Put aside the fact that it is a local business located in East Greenbush, NY, and focus on the people at ITG that encompass the core values of this technology business. The staff took a few minutes out of their busy schedules to engage in a quick interview with myself. Therefore, I am proud to present, the staff of ITG.

Meet Kayla:

Along with Computer Science, she was also an English Major; and she has fun using these contrasting skills to create her unique approach with technology to help clients solve business goals.

Meet Chris:

It’s 2018 and he somehow doesn’t possess a single social media account! He loves the freedom to create a viable solution for each client.

Meet Triston:

He has a pet Rottweiler and loves his clients, especially ones that give him food!

Meet Zane:

He can do a Rubik’s cube in under a minute but claims he’s not a genius. Some would beg to differ.

Meet Mike:

He is the owner and a man of outdoor adventures. He loves the longstanding relationships he has been able to make with clients and looks forward too many more.

 

What enticed them to start a career in IT?

“Throughout my early career, I realized that what I really enjoyed about the work I was doing was the problem solving, and IT is all about problem-solving.” – Kayla

“I had an interest in IT and computers for as long as I could remember, even before I knew what it was, I was taking stuff apart.” – Chris

“I like being in an industry that’s always changing and evolving. It keeps things from being stagnant.” – Triston

“I’ve liked computers since I was young and worked at Boys & Girls Club in Troy. I would mess with the computers there since there were no classes for it in High School. I took a leap of faith and went to UAlbany to get my masters in Computer Science.” – Zane

“Information technology is an industry that changes and evolves on a daily basis. The challenges and opportunities to learn new skills every day was something that attracted me to a career in IT. Having the opportunity to help other industries grow from a technical perspective is a bonus.” – Mike

 

What is their favorite thing about working for ITG?

I love that I can get my hands in everything. There is nothing that we can’t do here. I can see things through from start to finish. There are no departments where one person is in charge of something and so on. We are a team that works together to get the job done.” – Chris

“I like the work itself, especially building the relationship with our clients. They trust me and it makes us stand out from other IT places. I can go to my client’s office and feel like I belong there. We aren’t a company that tries to get in and out without catching a first name. We have this wonderful environment because we work as a team and we all learn and benefit from each other and their experiences as well as our own.” – Kayla

“The team environment and family culture – Every person that works at ITG approaches their workday with a ‘how can I help my coworkers’ attitude. This approach is not limited to the business workload or the technical assistance we offer to each other but it extends beyond the 9-5 work hours. Every team or family experiences personal difficulties, loss and hurdles, however, it is those teams and families that come together to support the other members that are the happiest and most successful.” – Mike

 

What makes ITG Unique?

“We have the freedom to do our own research and create a plan based on what is best for the clients” – Chris

“We help our clients get the most from available technologies and our services. We work closely with our clients to understand what it takes to operate their business. There is no one size fits all plan when it comes to technology. We provide our clients with recommendations that are suited to their specific needs.” – Kayla

“We specialize and focus heavily on a proactive approach to assisting our customers. Due to the combination of technology and human interaction, the IT industry will always have a reactive element to it. Other companies’ primary approach is to respond to an issue and “put out the fire” to correct the problem. ITG partners with clients to reduce the percentage of reactive issues. This reduction of issues will help increase business production for the client as well.” – Mike

 

What is the best thing you’ve done for a client?

I’ve worked late after business hours to make sure that a client could continue operations so they didn’t lose time or money.” – Triston

“I think it varies situation to situation. You could respond to something as simple as a password reset or something as complex as a full data restoration. Either way, responding with the same level of commitment is really what it takes to save the day and do the best for the client in any case.” Kayla

“I was able to help a client recover their personal documents and photos which meant a lot to them.” – Zane

 

What is your biggest accomplishment in IT?

Having the technical background knowledge to fix problems and the personal skills to make people laugh while they are going through a crisis.” – Triston

“Implementing a Security division to ITG that specializes in HIPPA/PCI and perimeter scans and audits. IT security is an absolute must these days and having the ability to offer these services to combat any cyber threat that endangers a client’s business is rewarding.” – Mike

Together the ITG team can accomplish the impossible. They are always available to help current clients as well as new ones. Invite them into your home away from home and you won’t be disappointed with the level of service and professionalism. Contact the staff today for all your computing needs.

 

Don’t forget to check out our newest blog post about your Windows 10 resolutions! If you get confused or worried – Just give us a call: 518-479-3881!