HOME

September 4th, 2014

Security_Sep02_AWith smartphones playing a larger role in today’s daily business, the need to recharge them while you are on the go increases. And when you’re nowhere near your charger, that public charging kiosk can look pretty promising. But what you might not know is that common traits in smartphone hardware and software design makes recharging phones through public chargers prone to juice jacking. If you're not sure what that is then let’s find out and also discover how you can avoid juice jacking too.

What’s juice jacking?

Regardless of the kind of smartphone you have, whether it’s an Android, iPhone or BlackBerry, there is one common feature across all phones: the power supply and the data stream pass over the same cable. This setup allows for juice jacking during the charging process whereby user access is gained on your phone by leveraging the USB data/power cable to illegitimately access your phone’s data and/or inject malicious code onto the device.

The attack can be as simple as an invasion of privacy, wherein your phone pairs with a computer concealed within the charging kiosk and information such as private photos and contact information are transferred to a malicious device. However, on the other hand, it can also be as invasive as an injection of malicious code directly into your phone. According to security researchers at this year’s Black Hat security conference, your iPhone can be compromised within one minute of being plugged into a harmful charger.

Exposure to a malicious kiosk can also create a lingering security problem even without the immediate injection of malicious code. Once a device is paired to a computer, it can access a host of personal information on the device, including your address book, notes, photos, music, sms database, typing cache, and even initiate a full backup of your phone, all of which can be accessed wirelessly at anytime.

How do I avoid it?

The most effective precautions center around simply not charging your phone using a third-party system. Here are some tips to help you avoid using public kiosk charger:
  • Keep your devices topped off: Make it a habit to charge your phone at your home and office when you’re not actively using it or are just sitting at your desk working.
  • Carry a personal charger: Chargers have become very small and portable, from USB cables to power banks. Get one and throw it in your bag so you can charge your phone anytime you’re at the office or while on-the-go if you use a power bank.
  • Carry a backup battery: If you’re not keen on bringing a spare charger or power bank, you can opt to carry a full spare battery if your device has a removable battery.
  • Lock your phone: When your phone is truly locked as in inaccessible without the input of a pin or equivalent passcode, your phone should not be able to be paired with the device it’s connected to.
  • Power the phone down: This technique only works on phones on a model-by-model basis as some phones will, despite being powered down, still power on the entire USB circuit and allow access to the flash storage in the device.
  • Use power only USB cables: These cables are missing the two wires necessary for data transmission and have only the two wires for power transmission remaining. They will charge your device, but data transfer is made impossible.
Even the tiniest detail like charging your phone from a kiosk charger could affect the security of your device. While there are many substitutes to using a third-party system, ultimately the best defense against a compromised mobile device is awareness. Looking to learn more about today’s security and threats? Contact us today and see how we can help.
Published with permission from TechAdvisory.org. Source.

Topic Security
September 3rd, 2014

BCP_Sep02_AMany people wonder why it’s necessary to perform business impact analysis (BIA) when they’ve already invested a large amount of time on a risk assessment. The answer is simple: because the purpose of a BIA is different, and wrong results could incur unnecessary expenses or create inadequate business continuity strategies. To that end, let’s take a look at five tips for successful business impact analysis.

Five tips for successful business impact analysis:

  1. Treat it as a (mini) project: Define the person responsible for BIA implementation and their authority. You should also define the scope, objective, and time frame in which it should be implemented.
  2. Prepare a good questionnaire: A well structured questionnaire will save you a lot of time and will lead to more accurate results. For example: BS (British standard) 25999-1 and BS 2599902 standards will provide you with a fairly good idea about what your questionnaire should contain. Identifying impacts resulting from disruptions, determining how these vary over time, and identifying resources needed for recovery are often covered in this. It’s also good practice to use both qualitative and quantitative questions to identify impacts.
  3. Define clear criteria: If you’re planning for interviewees to answer questions by assigning values, for instance from one to five, be sure to explain exactly what each of the five marks mean. It’s not uncommon that the same event is evaluated as catastrophic by lower-level employees while top management personnel assess the same event as having a more moderate impact.
  4. Collect data through human interaction: The best way to collect data is when someone skilled in business continuity performs an interview with those responsible for critical activity. This way lots of unresolved questions are cleared up and well-balanced answers are achieved. If interviews are not feasible, do at least one workshop where all participants can ask everything that is concerning them. Avoid the shortcut of simply sending out questionnaires.
  5. Determine the recovery time objectives only after you have identified all the interdependencies: For example, through the questionnaire you might conclude that for critical activity A the maximum tolerable period of disruption is two days; however, the maximum tolerable period of disruption for critical activity B is one day and it cannot recover without the help of critical activity A. This means that the recovery time objective for A will be one day instead of two days.
More often than not, the results of BIA are unexpected and the recovery time objective is longer than it was initially thought. Still, it’s the most effective way to get you thinking and preparing for the issues that could strike your business. When you are carrying out BIA make sure you put in the effort and hours to do it right. Looking to learn more about business continuity? Contact us today.
Published with permission from TechAdvisory.org. Source.

August 29th, 2014

Today, the benefits promised by cloud computing—including agility, process optimization, speed to market, remote access, and cost reduction— have inspired most nonprofits to rethink their IT infrastructure and software.

Traditionally, organizations needed to invest in hardware and software in-house and had tried to leverage internal economies of scale; the more people using the system, the more cost effective the technology investment. However, housing technology infrastructure and critical applications in-house was not always cost effective for smaller organizations and came with inherent risk. What if your email server was down? How regularly is data backed up? Who was performing the software patches and handling security updates? And how does an organization continue to operate during a natural disaster?

Read more…

Topic Articles
August 29th, 2014

According to the Small Business Administration, small businesses provide more than 50 percent of jobs across the country, making them truly the engine of our economy. Competing against large companies better able to capitalize on efficiencies of scale, has been difficult for many of these smaller enterprises.

However, the cloud is quickly becoming an equalizer, putting many of those economies of scale in the hands of more and more small business. The trend is growing… a recent study by Emergent predicts the current 37% usage rate will be close to 80% by 2020.

Read more…

Topic Articles
August 29th, 2014

Cornell Tech, a closely watched collaboration in New York City between Cornell University and the Technion-Israel Institute of Technology, finalized the construction design for its first academic building on Manhattan’s Roosevelt Island. Cornell and Technion joined forces in December 2011 when New York City officials, under then-mayor Michael Bloomberg, selected them to build an applied-science graduate school.

According to a recent New York Times report, Cornell Tech expects to open its first buildings in 2017, with construction continuing for two decades. The campus is currently being planned by people who understand they cannot really anticipate how we will interact with the future digital world. The NYT describes the challenge as an attempt at “building in nimbleness” to hedge against the “hissing pace of technological change.”

According to the report, Dan Huttenlocher, Dean of Cornell Tech, hopes to answer what he calls the central question of this daring and expensive endeavor: “How do you do something that’s technologically advanced that isn’t immediately technologically dated?”

Cornell Tech’s answer: No data center.

The idea of building a campus without a data center was Mr. Huttenlocher’s. Data centers have been a staple of college campuses for decades, providing the computing power and local storage necessary to accommodate research and daily use. The decision not to build one on the Cornell Tech campus raised some eyebrows. The report explains: “Data centers, which house large numbers of servers, cost money. They are bulky and suck down energy… The decision has obvious appeal given the quantum leaps in cloud computing, much of it driven by commercial vendors. Why build your own data storage when industry leaders can do the heavy lifting for you?”

Sharif Nijim, enterprise application architect at the University of Notre Dame, agrees with the move and says that if he were building a campus today he would forgo the data center. “You’re not saddled with all the detritus that’s built up over time,” he said. “That’s your biggest advantage.”

It is exciting to image the digital world in 2017, when the first building opens at Cornell Tech here in Manhattan. While we wait, there are several messages we can take away from Huttenlocher’s approach to this new campus, and here are a few examples that align most directly with the Sinu philosophy and how we deliver IT to our customers:

  • Avoid investing too much in the kind of “proprietary technology that risks becoming quickly outdated.”
  • “Embracing technology means not buying too much.”
  • “Why build your own data storage when industry leaders can do the heavy lifting for you?”
  • “Use as many open standards and protocols as possible. If you’re using open protocols and open languages, devices then become interchangeable.”

Migrating away from expensive data centers is not new to Sinu. For over 10 years, we have offered a platform that minimizes technology infrastructure, while maximizing productivity. We believe that this approach not only keeps your data more secure, it is more cost-effective and offers more flexibility than traditional in-house IT services.

Topic Articles
August 27th, 2014

socialmedia_Aug26_AHave you ever looked at images and visuals posted by businesses and users on Instagram? While many users take photos using their mobile devices, there are many images that simply look way too good to be taken with a phone camera, especially the ones without filters. Many business owners want to know how they too can take quality images like these too.

The truth behind some of Instagram's best images

Those awesome Instagram photos we see aren't always taken using mobile phones. Instead, many users use digital cameras which offer much better image quality. You can capture some amazing shots with a higher end DSLR cameras with multiple lenses.

If you have one of these cameras and are looking to create high-quality images for Instagram, or any other social media site, you may be slightly confused as to how to get the images onto the platform - especially since many of us use this via the mobile app. To make uploading a little easier, here is a brief guide detailing how to get images from your digital camera onto Instagram.

1. Transfer and process images

Once you have taken photos with your camera, you will need to get them off of your camera's memory and onto your computer's hard drive. Most camera's have apps that allow you to do this, so be sure to follow the instructions in the app that came with it.

When your images have been transferred to your computer, you are likely going to want to process them a little bit. This is especially true if you have a DSLR or other high-end point-and-shoot which takes RAW images. These can be quite large and are not compatible with Instagram.

Most images taken with a camera are quite large in size, so you are going to need to use an image editing program like Adobe Photoshop, or free tools like Pixlr to process them. What you are looking to do is to crop your images so that they are square.

If you are used to the advanced photo editing features, then do your edits before cropping. When you crop your images you should crop or resize them so that they are 640X640 pixels. This is the size of all images taken using Instagram's camera app.

Also, be sure to save the images as JPEGs, as this is the image format used by most smartphone cameras.

2. Save processed images in their own folder

It helps to create a folder somewhere on your hard drive (we recommend in the same folder where you save all of your other folders) that is specifically for images you want to post on Instagram.

When you have processed and edited the images to your liking, save the images here. Try using an easy to use file name like the date and a letter or note so you can easily tell which images are which, so you know which to use.

3. Move the images to your device

You can move images using the cloud or by manually transferring the images to your phone. If you decide to manually transfer your files, you will need to plug your device into your computer.

For users with iPhones, you can open iTunes and click on your device followed by Photos. Then select the box beside Sync photos from. Select the file you created in the step above and then Sync to transfer the images over.

For users with Android devices, plug your phone into the computer and drag the folder you created in the step above into the Photos folder of your Android device.

For Windows Phone users, plug your device into your computer and open My Computer on your desktop. You should see your device listed in the window that opens. Open the file system for your device and drag the image files you created above into the Photos folder of your phone.

If you choose to use the cloud to transfer your files, use the operating system's cloud (e.g., iCloud, Google Drive, or OneDrive) to upload the files. Just be sure to use the same account as the one on your phone.

4. Add images to Instagram

Once the photos are either on your device, or in the cloud, you can now upload them to Instagram. This can be done by:
  1. Opening the app and tapping on the camera icon.
  2. Tapping on the button in the bottom left of the screen.
  3. Selecting where the image is located on your device. E.g., the Gallery app if you placed the photos in your phone's hard drive, or the cloud service you used.
  4. Editing them as you see fit.
Once this is complete, you should be able to post your images as you usually do with any other Instagram image on your phone. Take the time to add filters, and hashtags as well as a good description before you post.

If you would like to learn more about using Instagram to share your images then get in touch and we will show you the advantages of the bigger picture.

Published with permission from TechAdvisory.org. Source.

Topic Social Media
August 25th, 2014

Security_Aug18_AIt seems like nearly every week, and in some cases nearly every day, there is some security breach announced. The vast majority of these assaults tend to revolve around online user accounts, where password, account information, and even usernames are stolen. Over the years, there has been a general trend where the number of accounts breached or compromised is growing, and in early August news broke about possibly the biggest breach to date.

The latest big-scale breach

In early August, it emerged that a Russian hacker ring had amassed what is believed to be the biggest known collection of stolen account credentials. The numbers include around 1.2 billion username and password combinations, and over 500 million email addresses.

According to Hold Security, the company that uncovered these records, the information comes from around 420,000 sites. What is particularly interesting about this particular attack is that such a wide variety of sites were targeted when compared this with other attacks which tend to either attack large brand names or smaller related sites.

How did this happen?

Despite what many believe, this was not a one-time mass attack; all sites that were compromised were not attacked at the same time. Instead, the hacker ring - called the Cyber Vor - was likely working on amassing this data over months or longer. How they were able to amass this much information is through what's called a botnet.

Botnets are a group of computers infected by hackers. When the hackers establish a botnet, they attack computers with weak network security and try to infect them with malware that allows the hacker to control the computer. If successful, users won't even know their computer has been hacked and is being used by hackers.

Once this botnet is established, the hackers essentially tell the computers to try to contact websites to test the security. In this recent case, the computers were looking to see if the websites were vulnerable to a SQL injunction. This is where hackers tell the computers in the botnet to look for fillable sections on sites like comment boxes, search boxes, etc. and input a certain code asking the website's database to list the stored information related to that box.

If the Web developer has restricted the characters allowed in the fillable text boxes, then the code likely would not have worked. The botnet would notice this, and then move onto the next site. However, if the code works, the botnet notes this and essentially alerts the hacker who can then go to work collecting the data.

So, is this serious and what can I do?

In short, this could be a fairly serious problem. While 420,000 sites may seem like a large number, keep in mind that the Internet is made up of billions of websites. This means that the chances of your website's data being breached by this ring are small. That being said, there is probably a good chance that one of the sites related to your website may have been breached.

So, it is a cause for concern. However, you can limit the chance of hackers gaining access to your information and a website's information.

1. Change all of your passwords

It seems like we say this about once a month, but this time you really should heed this warning. With 1.2 billion username and password combinations out there, there is a chance your user name for at least one account or site has been breached.

To be safe, change all of your passwords. This also includes passwords on your computer, mobile devices, and any online accounts - don't forget your website's back end, or hosting service. It is a pain to do, but this is essential if you want to ensure your data and your website is secure from this attack.

2. Make each password different

We can't stress this enough, so, while you are resetting your password you should aim to ensure that you use a different one for each account, site, and device. It will be tough to remember all of these passwords, so a manager like LastPass could help. Or, you could develop your own algorithm or saying that can be easily changed for each site. For example, the first letter of each word of a favorite saying, plus the first and last letter of the site/account, plus a number sequence could work.

3. Test your website for SQL injunctions

If you have a website, you are going to want to test all text boxes to see if they are secure against SQL injunctions. This can be tough to do by yourself, so it's best to contact a security expert like us who can help you execute these tests and then plug any holes should they be found.

4. Audit all of your online information

Finally, look at the information you have stored with your accounts. This includes names, addresses, postal/zip codes, credit card information, etc. You should only have the essential information stored and nothing else. Take for example websites like Amazon. While they are secure, many people have their credit card and billing information stored for easy shopping. If your account is hacked, there is a good chance hackers will be able to get hold of your card number.

5. Contact us for help

Finally, if you are unsure about the security of your accounts, business systems, and website, contact us today to see how our security experts can help ensure your vital data is safe and sound.
Published with permission from TechAdvisory.org. Source.

Topic Security
August 22nd, 2014

Productivity_Aug18_AThese days many of us have integrated various apps and programs on our computers and mobile devices into our daily lives. The problem many of us face, however, is that apps and programs are all different and many don't work all that well together, so we need to take time to transfer information or even share the same content. To make things easier, there is a great app called If This Then That (IFTTT), that could help make your devices just that much smarter.

What is If This Then That?

IFTTT is a Web and mobile app that was developed to connect different Web apps like Google Apps, DropBox, Facebook, Instagram, etc, together into one general system. In general, the service runs on conditional statements - or recipes - that fit the IFTTT statement.

The service is set up on a number of different conditional statements that make up what the developers of the app call a recipe. Each recipe is broken down into two different sections:

  • This - Also referred to as a trigger. Each trigger in a recipe is kind of like a requirement in that the set trigger has to happen for the recipe to start working.
  • That - That refers to an action that happens when a 'this' condition is triggered.
Once you have set up a number of recipes, the app runs in the background to check for triggers and then will automatically execute the action when it notices a trigger.

Examples of IFTTT recipes

There are a wide variety of recipes out there that you can create. For example, some of the more useful IFTTT recipes for businesses include:
  • If a photo is posted on the business Instagram account, then it is shared with Twitter and Facebook.
  • If a Square payment is processed, then this creates a line in a specific spreadsheet.
  • If a contact is added to a phone's address book, then this information is placed on Evernote.
  • If an article is posted on a specific blog, then the post is shared on Twitter, Facebook, and Google+.
  • If an email is starred on Gmail, then a reminder is set on my phone to review starred emails.
  • If I enter the office, then my phone is muted.
  • If a client emails an attachment, then a copy is saved to DropBox.
  • If my device is in the office, then my office lights are turned on (if you have Phillips Hue bulbs).
There are a wide variety of supported apps that allow you to create recipes for nearly anything you can think of. The developers are constantly adding support for new channels (apps), including many from the Internet of Things.

How to sign up for this

Because you can access IFTTT from the Web and via an app on your mobile device, we recommend first thinking about how you are going to use it. If you are going to be using recipes for your mobile device, then we recommend downloading the app onto your device. Regardless of how you are going to use it, you can create an account by:
  1. Going to the IFTTT website (https://ifttt.com/)
  2. Clicking Join IFTTT.
  3. Setting a username and password and clicking Create account.
From there, you will be able to log in and start creating rules. If you do want to use your mobile device, you should then download the free app for your device - Windows Phone, Android, iPhone - and then log in using the account information you just created. When you first log in you should see a number of channels (apps) related to your system have been activated. This means you can now start creating recipes.

Creating recipes from your browser

  1. Go to the IFTTT website (https://ifttt.com/) and press Sign in.
  2. Press Create.
  3. Press This and select your trigger - try picking your app first, then click on it to get a list of actions.
  4. Press Create Trigger.
  5. Click That and select an action channel.
  6. Select Create Recipe.
You can also click Browse from the menu bar at the top to find and activate already created recipes.

Creating recipes from your mobile device

  1. Open the app.
  2. Press the mortar and pestle icon at the top-right.
  3. Press the + followed by the + besides If on the next screen.
  4. Select the app from the icons at the top of the screen, and select the related trigger.
  5. Tap the + beside Then and select an action or app.
  6. Press Finish to activate the new recipe.
If you are looking for a cool way to connect different apps, and even save yourself time, then this could be something worth looking into. And, if you are looking to learn more about how you can increase your productivity, contact us today to see how our systems can help.
Published with permission from TechAdvisory.org. Source.

Topic Productivity
August 21st, 2014

BValue_Aug18_AIn many countries around the world, businesses are required to meet the needs of all employees. For able-bodied employees, one system will usually be able to meet needs, but disabled employees may have different requirements. Therefore, businesses should ensure that they develop an accessible technology plan.

What is accessible technology?

Accessible technology, also commonly referred to as assistive technology, is the idea of creating or implementing technology and systems that cater to employees with disabilities. While not every company will have or require accessible technology, it is required by many countries that businesses meet the needs of disabled employees.

To that end, it is a good idea to develop a plan on how to implement accessible technology. To help, here are five steps you could take:

1. Defining your strategy

The accessible technology strategy should be the first thing you develop as it will be the foundation of the overall plan. When looking at your strategy you should define how accessible technology fits into your overall organization plan and how it will fit with your existing strategies.

What you are looking to do is to figure out how this form of technology will fit with existing systems and increase overall operating effectiveness. From here, you can define the overall objectives, budget, and vision for the plan.

2. Identifying requirements

In this step, you should look closely at existing technology in the organization and the needs of your employees. Because each company is different and the needs of employees are different you should be careful to also identify the technology needs of your employees.

When looking at both the needs and existing systems you can work to come up with an overall set of requirements, along with a general priority. For example, will you need to modify existing computers or purchase new ones?

The key idea here is that you need to figure out exactly what you need.

3. Picking the new technology

Once you have identified what changes you need to implement, what new technology you will need, and your budget, you can then begin looking for the best solutions. The most effective way to do this is to work with it experts like us who can help you find and integrate the best technology and changes that will meet your adaptive technology needs.

4. Implementing and training

Once you have defined the changes, and new technology to integrate, you need to implement it. This may include altering physical devices and machines where necessary, and then testing the systems to make sure they are working properly.

It is also be a good idea to train your employees who will be using the systems, and the team who will be managing the systems.

5. Maintaining

As with all tech systems, it is important to realize that the solution you implement will not work forever, and will eventually require maintenance, updating, or even replacing. You should take steps to audit systems on a regular basis to ensure they are still meet the needs of your company and employees.

This can be a time consuming and potentially costly step, especially if you neglect it. We strongly recommend working with a company like ours, who can help manage your solution and ensure that updates and any necessary changes are implemented when they are needed, and that should needs change, systems are subsequently updated to meet the new requirements.

If you are looking to implement accessible technology in your business, contact us today to see how we can help.

Published with permission from TechAdvisory.org. Source.

August 14th, 2014

The amount of data both available to, and generated by, a company is increasing exponentially. While some smaller to medium businesses are coping fine with the growth, many are struggling with managing their data, let alone leveraging it to help make better decisions. If you find that your business isn't coping with data, one solution may be to implement a data warehouse.

What is a data warehouse?

A data warehouse is a system used by companies for data analysis and reporting. The main purpose of the data warehouse is to integrate, or bring together, data from a number of different sources into one centralized location. The vast majority of the data they store is current or historical data that is used to create reports or reveal trends.

Possibly the biggest benefit of a data warehouse is that it can pull data from different sources e.g., marketing, sales, finance, etc. and use this different data to formulate detailed reports on demand. Essentially, a data warehouse cuts down the time required to find and analyze important data.

While not every business will need one right this minute, a solid data warehouse could help make operations easier and more efficient, especially when compared with other data storage solutions. That being said, it can be tough to figure out if you actually need one. In order to help, we have come up with five signs that show your business is ready to implement a data warehouse.

1. Heavy reliance on spreadsheets

Regardless of business size, the spreadsheet is among the most important business tools out there. Used by pretty much every department in a company, they can be a great way of tracking data. The problem many business owners run across however is that spreadsheets can grow to immense sizes and can become unwieldy.

Combine this with the fact that each department has spreadsheets that you will likely need to pull data from in order to generate a report. If this is the case, you are creating manual reports, which can take a lot of your time.

If you are struggling to find the data you need because it is spread out across different sheets, in different departments, then it may be time to implement a data warehouse.

2. Data is overwhelming your spreadsheets

Spreadsheets are designed to operate with a set amount of data (rows and columns). Reach, or exceed this limit, and you will find that the file becomes sluggish or will downright prevent you adding more data.

While it can take a while to get to this point, companies will reach it if they keep adding to their data. At this point you will see a drop in productivity and overall effectiveness in how you use your data. Therefore, a data warehouse that can combine data from different sheets may be a great solution.

3. You spend too much time waiting

If you set out to develop a report, only to find out that you need to wait for colleagues to provide the information on their spreadsheets, or to analyze their data, you could find yourself waiting for a longer than expected time.

This makes you highly ineffective and can be downright frustrating, especially if employees are too busy or just can't provide the information needed. Implementing a data warehouse can help centralize data and make it available to all team members more effectively. This cuts down the time spent actually having to track it down and communicating with colleagues.

4. Discrepancies in data and reports

Have you noticed that when team leaders or members in different departments create reports that the data or findings are different from yours, or other reports? Not only is this frustrating, it is also time consuming to sort out and could lead to costly mistakes.

This can be amplified if some departments have data sources that they don't share with other teams, as this can throw doubt into the solidity of your data and other reports. If you have reached this point, and realize that there are discrepancies in your data, it may be time to look into a data warehouse which can help sort out problems while ensuring mistakes like duplicate data are eliminated.

5. Too much time spent generating reports

Ideally, we should be able to generate a report using existing data almost instantly, or with as few clicks as possible. If you find that when generating a report you have to keep going to different sources to check if the data is updated, or to keep manually updating other sources, you could quickly see the amount of time needed to develop a report grow.

Because data warehouses consolidate data, you only have to turn to one source for data. Combine with the fact that many data warehouses can be set up to automatically update if source data is updated or changed, and you can guarantee that the data you are using is always correct.

Looking to learn more about data warehouses, or about the different data solutions we offer? Contact us today.

Published with permission from TechAdvisory.org. Source.