Month: October 2017


Posted on

By: DAVID PIERCE for Wired

My Google Assistant is many things, but it’s mostly a meteorologist. I work 40 miles from my apartment, and the Bay Area’s many microclimates mean I’ll experience several weathers between my door and my desk. The questions come in the same order every morning: Hey Google, what’s the weather in San Jose? Hey Google, what about in San Francisco? Hey Google, what about tonight?

The new Google Home Mini suits this use perfectly. Google’s latest smart speaker emphasizes smart over speaker: it’s a small pebble of a thing, about the size of a crosswise slice of a softball. Unlike, say, the Home Max, which Google built to sound great, the Mini’s just supposed to be so small, so cheap, and so simply designed that you’ll put it somewhere and never notice it again. Google imagines you’ll maybe place one in every home, ensuring there’s always a mic close by to hear you ask for the weather, set timers, or control your smart home. Sure, it plays music, but you won’t like how it sounds. In short, this is a Google-made replica of Amazon’s Echo Dot.

After using the Home Mini for a few days, I think I get the use case. This is a complementary device: to a good speaker, so you can control Spotify with your voice; to a Chromecast, so you can demand the internet find you something good to watch; to a Home Max or even regular Home, so you can extend the range of your Google Assistant. Alone, it’s adorable and compromised. As a $50 add-on, like a repeater for your router or a universal remote for your TV, it’s excellent.


Can’t beat the price: at $49, the Home Mini becomes a killer holiday gift for anyone you even kind of like. To my eyes, at least, Google has successfully pulled off exactly the right kind of boring design. (Except for the coral model, which you can’t help but notice.) Sure, it looks like a futuristic metal donut, but you’ll set it up and never notice it again. It’s much more attractive and home-y than the Echo Dot. It only takes about two minutes to get up and running, and setup’s even easier thanks to a recent update to the Google Home app. Like any Home, the Mini does all the Google Assistant things, and does them all just as well as the original Home.

For such a small speaker, it’s pretty loud—you can hear it easily from across the room. You mostly won’t interact with the Mini itself, but its controls are handy. Tap on either side to turn the volume up or down; tap quickly in the middle to pause or play, or press and hold to get Assistant.

Most of what’s great about the Mini holds for all Google Home devices: the Assistant is impressively helpful, and getting better all the time. Using the Mini as a speakerphone works really well, and it’s a pretty handy remote control for my Chromecast-enabled TV watching. Voice Match works well (if not perfectly), and as far as I’m concerned multi-user support should be smart speaker table stakes. It does smart-home controls well, and the upcoming Routines feature—which lets you do a bunch of things with a single command—should make them even better. Even the new app makes finding stuff to do or watch better.


It may be loud, but the Home Mini sounds like crap. Absolutely no bass, clipped highs, just crummy sound quality all around. That doesn’t matter when it’s just the Assistant telling you traffic conditions, but listening to music on the Home Mini is barely better than listening through your phone’s speakers. Since there’s no AUX port, the only way to connect the Mini to a better speaker is through Chromecast, which certainly doesn’t work as well as a 3.5mm cable. You can’t even Bluetooth out to another speaker, which is odd given you can use the Home Mini as a Bluetooth speaker for your phone or laptop. Which, don’t.

You can’t really see the four LEDs on top of the Mini, so it’s hard to know whether the speaker heard you say “Hey Google.” I wound up turning on the audio alerts, which you can find in the accessibility section but should probably be on by default for the Mini. Also, Google needs to figure out how to better arbitrate devices, so I don’t get so many phones and speakers responding every time I ask a question.

The big debate is between the Echo Dot and the Home Mini. There’s not a clear winner. The Home Mini’s better-looking, but the Dot has a line-out jack. Google Assistant’s better at answering questions and making phone calls, but Alexa’s better for smart-home and music stuff. It’s an ecosystem question, really: If you already have a Pixel and drive with Android Auto, go with the Home Mini, and maybe buy a Max or Home as well. If you’re looking for killer music, buy a Dot, plug it into a real speaker, and enjoy. Neither’s perfect, but both are worth the $50.


7/10: A solid accessory, but not the centerpiece of your smarter home.

October is National Cyber Security Awareness Month

Posted on

BY TODD CORILLO, WTKR, Norfolk, Virginia

October is National Cyber Security Awareness Month and it comes at a time when many major cyber breaches have folks worried.

Earlier this month it was revealed that a breach of Yahoo accounts in August 2013 affected every single customer account, more than three times the amount Yahoo originally reported.

“Major data breaches – which, like the Yahoo event, can affect billions of people—remind us that we must be vigilant in protecting our personal online information,” said Michael Kaiser, executive director of the National Cyber Security Alliance. “An easy first step for everyone to better secure all email, social media and financial accounts, is to ‘lock down your login’ with security tools such as multi-factor and strong authentication, which provide an additional layer of protection. Most email, major financial and social media companies now provide stronger authentication that can be easily implemented on their websites. Email accounts in particular are extremely important to protect as once breached, hackers can use them to reset passwords and break into other accounts, steal identities, target contacts and put an individual’s data and reputation at risk.”

The National Cyber Security Alliance has these tips to stay safer and more secure online:

  • Lock Down Your Login. Use Strong authentication—more than a username and password to access accounts—to protect your most valuable accounts including email, social media and financial.
  • Make better passwords. If passwords are the only option, change and make them better. Length and ability to remember passwords are the two most important factors. A phrase of multiple words you can remember makes a good password. Important accounts should have unique passwords not used to access any other accounts.
  • Clean and keep all machines clean. Immediately update all software on every internet-connected device. All critical software—including PCs and mobile operating systems, security software and other frequently used software and apps—should be running the most current versions. Delete all unused apps.
  • Monitor activity on your financial and credit cards accounts. If appropriate, implement a fraud alert or credit freeze with one of the three credit bureaus (this is free and may be included if credit monitoring is provided post breach). For more information, visit the Federal Trade Commission website:
  • When in doubt, throw it out. Scammers and others have been known to use data breaches and other incidents to send out emails and posts related to the incident to lure people into providing their information. Delete any suspicious emails or posts and get information only from legitimate sources.

What’s all the buzz about ERP?

Posted on

Content courtesy: Vangie Beal, Managing Editor of

 Enterprise resource planning (ERP) is business process management software that allows an organization to use a system of integrated applications to manage the business and automatemany back office functions. ERP software typically integrates all facets of an operation—including product planning, development, manufacturing, sales and marketing—in a single database, application and user interface to improve the flow of data across the organization.

ERP can be customized across varying business sizes

ERP software can be designed for larger businesses which would require a dedicated team to customize and analyze data and handle upgrades and deployment, or for small business—solutions often customized for a specific business industry or vertical.

Is your organization ready to implement an ERP system?

When your organization grows, so do your IT assets, expanding beyond a couple of servers, workstations and network devices; you and your employees want real-time access to information, regardless of where you are, in order to maximize productivity and customer service; and, you are embracing mobile applications for reports, dashboards, and to conduct key business processes that empower employees with accurate information at the moment it is most needed. What once only required simple IT management—putting PC names, printers, network subnets, antivirus definition dates, and installed applications into a few spreadsheets—has become overwhelming. If this sounds familiar, your organization needs a solution.

Statistics indicate your company isn’t alone: a 2016 study by Panorama Consulting Solutions, LLC, indicates that organizations implement ERP for the following reasons:

  • To replace out-of-date software (49%)
  • To replace homegrown systems (16%)
  • To replace accounting software (15%)
  • To replace other non-ERP systems / had no system (20%)

ITG has the software applications and solutions to help you implement this methodology into your business activities: define business-specific server requirements, meet security compliance regulations and manage mobile devices. Our application was built from the ground up as a true, multitenant software-as-a-service (SaaS) platform. Our solution is continuously monitored and maintained, and is designed with redundancy in every sub system. Let us help you leverage all that ERP can provide in analyzing data to move your company soundly forward.

Call us today at 518-479-3881 or email to get started.

Phrase for the Month

Posted on Updated on

Courtesy of

dark post

A dark post is an inexpensive sponsored message on a social media website that is not published to the sponsor page timeline and will not display in follower feeds organically. Although dark posts are clearly labeled sponsored, they often appear in contextual formats that make them blend in with organic posts.

The process of buying and placing sponsored messages on social media websites is keyword-driven and relatively inexpensive when compared to other advertising channels. Dark posts, also known as unpublished posts, allow marketers to programmatically target specific demographics and conduct A/B tests without cluttering up their own brand’s newsfeed. Platforms that support unpublished posts include Facebook, LinkedIn, Twitter and Pinterest.

Dark posts have become controversial for a number of reasons, including the form’s inherent lack of transparency and their alleged use in the distribution of fake news. To combat the abuse of dark posts, Facebook is changing its policy to make it possible for anyone to see which page is paying for a particular ad and what other ads the advertiser is currently running on Facebook. Twitter has announced it is not changing policy, but emphasizes that all sponsored Tweets will continue to be clearly identified as such.

Make your incident response policy a living document

Posted on Updated on

By: Johna Till Johnson, Nemertes Research

Effective incident response policies must be detailed, comprehensive and regularly updated — and then ’embedded in the hearts and minds’ of infosec team members.

Your organization needs an incident response policy (IRP). You may have one, you may not, and either way it is a good time to review what should be covered by your IRP, because having a bad policy can be worse than having none at all.

Many common cybersecurity frameworks and regulations—including the National Institute of Standards and Technology’s Special Publication 800-61 Revision 2, the New York State Department of Financial Services Section 500 and the International Organization for Standardization cybersecurity framework—specifically require organizations to have a documented incident response policy. Determining what goes into such a policy can be difficult, though. It’s almost impossible to create a detailed, specific policy for coping with what is effectively unknown. Cybersecurity attacks, in a very real sense, represent Donald Rumsfeld’s famous “unknown unknowns.” We can’t predict what the hackers will come up with next. If we could, ensuring cybersecurity would not be such a challenge.

There are some clear steps an organization can take to ensure that when—not if—it experiences a security incident, the team is ready to respond as effectively as possible. These steps include the following:

  • Defining incidentAn organization’s incident response policy needs to include a precise definition of a security incident. For example, “an event or anomaly that has been determined with high probability to indicate a breach.”
  • Defining risk-based prioritizations of incidents. Responders need to classify incidents based on severity. Classification should be simple (high, medium and low) and based on the scale and scope of the attack as well as the impact on confidentiality, integrity and availability of information and operations in the context of enterprise risk.
  • Describing the security response organization. The description should do the following:
    • include staff roles, responsibilities and levels of authority;
    • address compliance and regulatory requirements;
    • include overarching guidelines for external communications; and
    • describe handoff and escalation points in the incident management process.
  • Determining plans and procedures of the policy.These cover the specific nuts and bolts of response, including metrics for measuring the incident response capability and its effectiveness, checklists, detailed processes and forms the incident response team uses.
  • Having a battle-tested approach to internal and external communications. Incident response policies should include plans and timeframes for communicating proactively with both internal stakeholders—including legal, human resources and client services—and external ones, such as customers, the press and law enforcement. Where possible, the plan should include scripts the team can build on when issuing statements and updates.
  • Having a templated approach for incident detection, analysis, containment and remediation. The more cookie-cutter the response, the faster and more effective it is. The incident response policy should quickly classify incidents into categories—denial of service, data exfiltration and so on—and prescribe broad-based approaches to responding to each category.
  • Generating an auditable log that can serve as proof of chain of evidence. A security breach is a disaster, but it is also very likely a crime. That means that data is evidence—and the best way to protect that evidence is to have in place automated logging systems that track and document how evidence has been captured and preserved. Logs can serve as technical documentation for post-mortems and should include a variety of information:
    • identifying information—e.g., the location, serial number, model number, hostname and message authentication code and IP addresses of a computer;
    • name, title and contact information for each individual who collected or handled the evidence during the investigation;
    • time and date—including time zone—of each occurrence of evidence handling; and
    • locations where evidence was stored.
  • Conducting effective post-mortems. The incident response policy should call for holding a “lessons learned” meeting with all involved parties after a major incident. This is critical when it comes to improving security measures and the incident response process. The National Transportation Safety Board (NTSB) provides a good model that focuses on fact-finding rather than fault-finding. Senior management should consciously create an NTSB-like culture, even going so far as to name its team the Information Safety Board. The post-mortem should generate two things: an incident report, which serves as institutional knowledge for future reference, and a list of any changes needed in the policy and the security infrastructure. These two documents ensure that future responses are faster and more effective.

The incident response policy should be embedded in the hearts and minds of the response team via regular drills, practice and repetition—particularly including creative war-gaming exercises.

Once an incident response policy is in place, the organization should engage in regular reviews —even if there have not been actual incidents to respond to—and should conduct war games. War games are creative exercises in which the incident response team reacts to a set of hypothetical scenarios. The military has long conducted war games because they work. The trick in conducting effective war games is to develop scenarios that incorporate multiple unplanned events to generate “perfect storm” scenarios. For instance: What if the attack vector is some internet of things device, and a lateral attack on the heating, ventilating and air conditioning system brought the data center down? Or what if a Session Initiation Protocol man-in-the-middle attack compromised sensitive voice calls at the same time that a distributed denial-of-service attack took down the email server? Or even: What if a key person is out with the flu?

An effective policy should cover not just the broad-stroke, big-picture outlines of how the team should respond to an issue, but should also include detailed checklists and procedures that make the response as swift and automatic as possible. It should also be a living document, updated through regular reviews and post-mortem “close the loop” revisions. Most importantly, the incident response policy should be embedded in the hearts and minds of the response team via regular drills, practice and repetition—particularly including creative war-gaming exercises

ITG’s business continuity solution provides comprehensive and affordable business continuity and disaster recovery. Contact us at or call 518.479.3881 to learn how your business can survive an environmental disaster or cyber attack.