Step aside, Apple, there’s a new watch in town. At CES 2016, Fitbit unveiled the Blaze, a smartwatch that does things the Apple Watch can’t, and at a lower price point.

The new Fitbit Blaze is a smart fitness watch unveiled at CES 2016. Image: Fitbit

The basic utilitarian look of Fitbit is so last week, with today’s CES 2016 debut of Fitbit Blaze, a smart fitness watch with a color touchscreen that heralds in the next generation of the company’s popular fitness device line.

Fitbit Blaze does many of the same things as more expensive smartwatches, such as the Apple Watch, but it does it at a lower price point. The basic Fitbit Blaze comes with an elastomer band and will be available for retail sales in March 2016 with a $199 price tag. It tracks fitness and sleep stats and provides notifications for calls, texts, calendar alerts and music control. It’s compatible with Windows, iOS, and Android platforms.

One of the main features of the watch is how the bands are interchangeable to go from the gym to the office and out for the evening. Accessories will include additional elastomer bands for $29.95 each, leather bands for $99.95 each, and a steel link band for $129.95 each. The device is available for presale beginning today at Fitbit.com and tomorrow at various major retailers. For those who want to see the watch in person before ordering, on February 20 customers can go into Best Buy to try on the watch and pre-order.

“The product is about the balance of fitness and style. While it may look like a smartwatch, we think we’ve gotten it right. It has a distinct focus on fitness. That’s why we’re calling it a smart fitness watch. It puts fitness first,” said James Park, CEO and co-founder of Fitbit, at the CES 2016 press conference.

Fashion and style have long been a sore spot in the world of wearables and smartwatches. Because, even if a device has a stylish appearance, oftentimes it’s not feasible to wear the same product 24/7 for every occasion. The Fitbit Blaze eliminates this issue with the range of affordable interchangeable bands.

Fitbit Blaze includes many of the same features as previous Fitbit wearable fitness devices, such as all-day activity stats, but it also includes a color touchscreen, along with a partnership with FitStar for an onscreen workout. It also includes connected GPS for real-time exercise stats and PurePulse wrist-based heart rate tracking, which the company introduced last year.

The watch has a substantial battery life, lasting up to five days and nights, according to Fitbit Chief Business Officer Woody Scal.

Park said the Fitbit Charge, which was introduced last year, is the number one selling activity tracking device in North America, and the Fitbit Surge is the number one selling GPS tracking watch. On Christmas Day and the day after, Fitbit was the number one free app download.

“We are one of the larger technology IPOs of 2015. We are still trading about offering price which we think is rare. We’re pretty proud of that,” Park said.

Park took the opportunity at the press conference to point out how Fitbit is mentioned in the media, such as numerous photos with President Obama wearing a Fitbit Surge.

“For me it’s been really fun to see Fitbit mentioned on popular TV shows such as Big Bang Theory,” he said.

One of the biggest challenges that Fitbit faces is that its products have a 50% abandonment rate, compared to 6% for the Apple Watch. That makes the Blaze a strategically important move for Fitbit. The early reaction to the Blaze has been mixed as Fitbit’s stock dropped 13% following the announcement.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Microsoft is rolling out a host of new email security features for Office 365 later this quarter, as it looks to thwart hackers and criminals.

‘Insider spoofing’ or faking the CEO’s email address to trick the CFO into transferring millions to criminal bank accounts is big business. Now Microsoft is using big data and reputation filters to try and squish the threat.

According to the FBI, between October 2013 and August 2015, 7,066 US businesses have fallen prey to ‘business email compromise’, netting criminals an estimated $747m.

Non-US victims lost a further $51m over the period, with the FBI estimating a 270 percent increase in identified victims since January 2015, when it first released figures about the threat category.

As Microsoft notes, when a corporate email domain is spoofed, it makes it hard for existing filters to identify the bogus email as malicious.

However, Microsoft reckons it has achieved a 500 percent improvement in counterfeit detection using a blend of big data, strong authentication checks, and reputation filters in Exchange Online Protection for Office 365.

It’s also rolling out new phishing and trust notifications to indicate whether an email is from a known sender or if a message is from an untrusted source, and therefore could be a phishing email.

The company is also promising a faster email experience as it vets attachments for malware and new tools to auto-correct messages that are mis-classified as spam. The aim is to boost defences without impairing end-user productivity.

Malicious email attachments remain a popular way for attackers to gain a foothold in an organization and, as RSA’s disastrous SecurID breach in 2011 showed, a little social engineering can go a long way to ensuring someone opens it.

Microsoft’s new attachment scanner, called Dynamic Delivery of Safe Attachments, looks to reduce delays as it checks attachments for potential threats.

Currently it captures suspicious looking attachments in a sandbox with a ‘detonation chamber’ where it analyses it for malware in a process takes five to seven minutes.

Microsoft hasn’t figured out a faster way to analyse the attachment, but instead of holding up the email as it conducts the scan, it will send the body of the email with a placeholder attachment. If the attachment is deemed safe, it will replace the placeholder and if not, the admin can filter out the attachment.

The feature is part of Microsoft’s Office 365 Exchange Online Protection and Advanced Threat Protection services.

The company is also tackling false-positive spam, or legitimate messages that are mis-identified as spam, and vice versa, with a new feature called Zero-hour Auto Purge, which allows admins to “change that verdict”.

“If a message is delivered to your inbox and later found to be spam, Zero-hour Auto Purge moves that message from the inbox to the spam folder; the reverse is true for messages misclassified as spam,” Microsoft notes.

Microsoft is testing this approach with 50 customers and says it will be rolled out for all Exchange Online Protection global clients in the first quarter of 2016.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Every year brings with it new challenges, and new lessons, for IT in the enterprise. Here are 10 of the lessons IT learned this past year.

The end of a year is always a good time for reflection, especially so if you’re evaluating what your business did right and what you can improve upon. In an increasingly digital world, IT has quickly become one of, if not the most, important aspects of an organization. So, it should be with great care that executives and admins look back on their year and try to glean some wisdom about what can be done differently in the year to come.

Here are 10 of the most important lessons that IT learned in 2015.

1. BYOX is here to stay

As smartphone use grew to near ubiquity in the enterprise, it brought with it the trend of BYOD, or, bring your own device. While that originally referred to mobile devices such as smartphones and tablets, it spawned as host of “bring your own” everything else.

“BYOX is the new mantra with consumers bringing their own applications, cloud sharing tools, social media into the enterprise; essentially bringing their own expectations of which technology they want to use and how and where they want to work in a corporate environment,” said Chuck Pol, president of Vodafone Americas.

2. DevOps is no longer just a buzzword

The term “DevOps” gained huge popularity in 2015 as a reference to an agile method that stresses the collaboration of development and operations. The goal is to connect the writers of the code with those who maintain the systems that run it. However, DevOps continues to evolve and, although it has its own set of challenges, it could be poised to become the method of choice for enterprise IT starting in 2016.

3. Data is currency

Data, especially as it relates to big data has been steadily growing in value but 2015 felt like a tipping point. Tools for both structured and unstructured data exploded in popularity and major data service providers went public, adding credibility to the field and likely creating a better inroad into the enterprise. Also, businesses got better at distinguishing between relevant and irrelevant data.

“It is no longer credible to look at data as big static objects in a deep lake, but rather be considered a set of fast moving assets in a raging river,” said Neil Jarvis, CIO of Fujitsu America. “In 2016 and beyond, companies need to look at the data that creates business-relevant information for today and tomorrow.”

4. Finding talent is problematic

Talent shortages don’t just affect startups on the West Coast. CompTIA CIO Randy Gross said that current estimates suggest there are more than one million IT job opening across the US alone, ranging across skill level from support specialists to network admins. Enterprises are going to have to work harder to attract and retain talent.

“Wise employers with IT jobs to fill have engaged in a self-examination of the tactics and strategies they’re using to attract new talent—and adjusting accordingly,” Gross said. “For some companies, new telecommuting and remote work options have helped them fill their talent gaps.”

5. SMAC is still relevant

The SMAC stack, which stands for social, mobile, analytics, and cloud, is also known by some as the “third platform.” As all of these individual components continue to grow and thrive in the workplace, their interdependencies will grow along with them.

“Senior management must become well versed about these technologies and their possibilities to create new value and new competitive advantages in their own business and markets,” Pol said.

6. Cloud lost its fear factor

Cloud acceptance was a mixed bag for a long time, but 2015 brought a more widespread embrace of cloud technologies and services in the enterprise. In fact, some trends are making it almost a necessity.

“The complete adoption of virtualization, as well as investigation into cloud and other strategies, is far more advanced than expected—particularly amongst SMBs,” said Patrick Hubbard, technical product marketing director at SolarWinds. “Making operating systems and applications truly mobile is redefining how companies think about their IT infrastructure.”

7. The security mindset is changing

Anthem BlueCross BlueShield and Harvard University were among the major organizations that dealt with a public security breach in 2015. With today’s social media, you can almost guarantee any data breach that occurs in the enterprise won’t stay a secret. And, with the risk of a breach high, Intel Security CTO Steve Grobman said that teams must adopt a new way of thinking.

“IT must embrace the mindset that they have already been breached, now how do you protect your environment with this new default outlook?,” Grobman said.

8. Shadow IT is a line item

Shadow IT carries nowhere near the same amount of scorn it once did in the enterprise. Some organizations are even openly embracing it, and making it a foundational part of their IT strategy. And, as shadow IT continues to grow, Pol said, it needs to be properly accounted for in the budget.

“As technology continues to transform business, IT infrastructure will become more complex and more difficult to have a complete view of technology across the business,” Pol said. “The role of IT will need to become more strategic and set clear lines of accountability between IT and line of business budget holders.”

9. Employees are the biggest security risk

When most people think about security risks to their organization, the image of the hooded hacker furiously typing away in a dark room. However, employees themselves pose a real threat to the security of an organization as well. Issues such as poor password practices and using unsecured networks with company devices are a real problem. Kelly Ricker, senior vice president of events and education at CompTIA, said mobile, while helping with agility and productivity, is a cybersecurity nightmare.

“Every device that employees use to conduct business—smartphones and smartwatches, tablets and laptops—is a potential security vulnerability,” Ricker said. “Companies that fail to acknowledge and address this fact face the very real risk of becoming a victim of cyber criminals and hackers.”

10. Commoditization is a threat

With the plethora of tools available to build and replicate popular tech, it is increasingly important for organizations to guard against the threat of commoditization.

“As development cycles become shorter and the potential for intellectual property to be recreated and copied increases, it is becoming more difficult to create a sustainable competitive advantage for your products and services,” Pol said.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://techies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

The must-read IT business eNewsletter

“There is no such thing as perfect security,” says Jim Waldron, Senior Architect for Platform Security at HP. If you can access a website or server, consider it vulnerable to security breaches. That’s why so many businesses account for fraud in their business models—they expect to lose a certain amount each year to security leaks, lost IP, and more.

While you can never be 100% secure from hackers while connected to the internet, there are steps you can take to help protect your personal and professional data. All you need to do is activate features that are increasingly common (or easy to manage) on modern business-class PCs: Multi-factor authentication, client-based user authentication, and password best practices.

Multi-factor authentication
Multi-factor authentication is a simple but effective security system that involves the use of at least two factors (or methods) of authentication. It groups different factors together so that even if one is compromised, the data remains protected. Under this system, factors are divided into three domains:

• Something you know: Password, PIN, etc.
• Something you have: ATM card, smartcard, etc.
• Something you are: Fingerprint, iris, etc.

For multi-factor authentication to be successful, you want to pull from at least two different domains, with a maximum of three domains. A common example of multi-factor authentication is when you withdraw cash from an ATM. To do so, you insert your ATM card (something you have) and enter your PIN (something you know). Without both factors you can’t access your account—and neither should anyone else.

Businesses are taking notice too, and multi-factor authentication’s popularity is rising. In 2014, 37% of enterprise organizations surveyed used multi-factor authentication for the majority of their employees, and that number is expected to grow to 56% by 2016.

What you can do now
If you have a business-grade PC, chances are your PC already includes the technologies you need to start using multi-factor authentication. In fact, HP offers multi-factor authentication on all of its business PCs. Consult your manual or HP Support, and identify the factors your PC supports in addition to traditional passwords, such as fingerprint or smartcard readers. Just make sure to choose factors from separate domains.

Client-based user authentication
Every time you log into a system, your identity needs to be authenticated by that system. This process occurs one of two ways: server-side authentication or client-based authentication. With server-side authentication your unencrypted information—such as your password or fingerprint—is sent to a server where it is compared against that server’s records. With client-based authentication, the authentication process—e.g., “Does this fingerprint match the one in our records?”—is performed on the client device, such as your work PC.

While client-based authentication is not as common as its counterpart, it is far more secure. In fact, “In almost all authentication scenarios it is preferable to perform the direct authentication on the client and then communicate an ‘Identity Assurance’ to the relying party,” says Waldron.

Everyone wins when it comes to client-based authentication. The client no longer has to send unencrypted, private information over the internet or store that information on another party’s server, while the relying party no longer has to store sensitive client information on their server—reducing the amount of information that can be stolen if and when a hack occurs.

What you can do now
One of the easiest ways to use client-based authentication is with a hardened fingerprint sensor. The sensor authenticates your fingerprint directly in the hardware, rather than sending it to a server or hard drive, and returns a key that can be used to decrypt password vaults.

Password best practices
As we’ve mentioned before, passwords aren’t perfect. While implementing and using the above features might not seem practical for some of us, everyone can benefit from following basic password best practices. They are quick to implement, and can save you a lot of hassle down the line.

To make the most of your password security, your passwords should be:

• Long—at least 16 characters. Use a password manager to store unique passwords and fill out log-in forms so that you don’t have to memorize them.
• Complex—containing symbols, numbers, uppercase letters, lowercase letters, and spaces (if possible)
• Unique—only use a password once, don’t recycle or repeat across accounts
• Short-lived—the National Cyber Security Alliance suggests changing your password every 60 days
• Difficult to guess—avoid common words found in a dictionary, all or part of your name, repeated letters, or combos that align to your keyboard layout, such as “QWERTY” or “123456”

If you are uncertain whether your password is secure enough or if it meets enough of the criteria above, there are several reliable services that will check your password strength for you. Microsoft’s Safety & Security Center offers a free password checker you can access through your browser, while Mac users can access Apple’s Password Assistant through the Keychain Access utility.

What you can do now
The first thing you can do—right this second—is revise your most important passwords to align with password best practices. That includes your work accounts, personal email, bank accounts, and any other services that contain sensitive data. If you need help remembering your new passwords, consider using a password manager such as HP Password Manager. That way you only have to authenticate once to gain access to all your systems. You can also adopt a system to make your passwords easier to remember. Using acronyms, for example, you can turn the phrase “I was born in 1986 and my parents still live on Lake Street!” into “Iwbi1986ampsloLS!”—creating a strong password that’s easy to remember.

Passwords are changing, and while they will never be perfect, they can still provide an effective first layer of defense against hackers and ne’er do wells. The above features and techniques are increasingly common on modern business PCs, making it easier than ever to protect your private data. All you have to do is use them.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Ashley Madison (2015)

All data breaches are scary, but some just have that extra scream factor.

In arguably the most embarrassing data breach of the bunch, a group calling itself “The Impact Team” stole 37 million records from adultery website Ashley Madison, including many records that customers had paid to have deleted.

Virtually all of the company’s data was stolen in the hack, including records that suggest most female accounts on the site are fake, and that the company used female chat bots to trick men into spending money.

LivingSocial (2013)

Daily deals company LivingSocial had its network compromised in 2013, with hackers stealing roughly 50 million names, email addresses, birthdays, and encrypted passwords from its SQL database.

Sony PlayStation Network (2011)

Game over, man. In April 2011, hackers raided Sony’s PlayStation Network (PSN) service, stealing personally identifiable information from more than 77 million gamers.

Sony was further criticized for delaying the release of public information about the theft and for storing customer data in an unencrypted form.

The attack took Sony’s PSN out of service for 23 days.

Internal Revenue Service (2015)

Nigerian scammers pilfered more than $50 million from the U.S. Treasury via an embarrassingly simple 2015 hack of the Internal Revenue Service website.

Information scraped from previous data hacks was used to steal Americans’ identities and request copies of past tax returns on the IRS website. The crooks then filed new tax returns with falsified data, requesting big refunds.

The hack caused massive nightmares for the estimated 334,000 people whose records were stolen before the IRS shut down the transcript request service.

Target (2013)

Hackers installed point-of-sale malware on Target’s computer network sometime in 2013, resulting in the theft of more than 70 million customer records. Stolen data included payment card numbers, expiration dates, and CVV codes.

The retailer reached out to affected customers by offering free data monitoring (standard practice) and a 10% off discount on a future shopping trip. But it was too little, too late; same-store sales slid in the quarter following the hack.

Anthem (2015)

Anthem, the United States’ second largest for-profit health insurer, disclosed in February 2015 that it had lost 78.8 million unencrypted customer records to criminals. Names, social security numbers, email addresses, and income data was stolen.

The rare piece of good news: Financial and medical records were not affected.

Adobe (2013)

Adobe revealed in October 2013 that hackers had stolen 38 million active customer IDs and passwords, forcing the company to send out a wave of password reset warnings.

Weeks after, the news got worse for the company: The thieves also made off with the source code for its popular Adobe Photoshop software.

eBay (2014)

Talk about an inside job: In 2004, online auction house eBay suffered the largest hack in U.S. history, losing 145 million login credentials to a hacker using an internal eBay corporate account.

Names, email and street addresses, phone numbers, and birth dates were compromised, but thankfully, passwords were stored in encrypted form.

Home Depot (2014)

In September 2014, Home Depot admitted that it fell prey to hackers who installed antivirus-evading malware on its self-checkout registers. An estimated 56 million sets of customer payment card data were stolen in the attack.

The company’s losses related to the event are expected to top $1 billion when all of the lawsuits are finally settled. Only $100 million of that will be covered by insurance.

JP Morgan Chase (2014)

The September 2014 breach of JP Morgan Chase proved that even the largest U.S. banks are vulnerable to data theft. Online banking login details were not stolen, but crooks did get their hands on 76 million sets of names, emails, addresses, and phone numbers of bank customers, creating serious phishing concerns.

A group of Russian hackers is believed to be responsible for the attack.

PNI Digital Media (2015)

PNI Digital Media, the company that handles online photo printing for CVS, Walgreens, Rite Aid, Costco, and many more national chains, lost an unknown number of customer records to hackers in 2015.

Given that the company boasted more than 18 million transactions in 2014, it’s likely that this breach affected tens of millions of Americans.

Heartland (2008)

Credit and debit card processing firm Heartland Payment Systems became one of the largest data breach victims in U.S. history when hackers compromised more than 130 million accounts in 2008.

The criminal ring involved in the Heartland data theft was also found to be responsible for the 2005 hack of TJX Companies involving 94 million records.

TJX Companies (2005)

In a 2005 scheme dubbed “Operation Get Rich or Die Tryin,” a group of hackers used an unsecured Wi-Fi network at a Marshalls store to break into parent TJX Companies’ computer system and steal 94 million customer records, including payment card data.

Albert Gonzalez, the ringleader of the hack, is serving a 20-year sentence in Leavenworth.

U.S. Office of Personnel Management (2015)

Earlier this year, the United States Office of Personnel Management admitted that hackers had taken 21.5 million records belonging to those who had undergone government background checks or otherwise applied for federal employment. The hackers stole a wealth of sensitive data, including security clearance information and fingerprint data belonging to secret agents.

The Washington Post reported that the attack is believed to have originated in China.

Zappos (2012)

In January 2012, online shoe retailer Zappos stated that cybercriminals had stolen data of 24 million customers, including names, addresses, and the last four digits of their payment cards.

After the announcement, Zappos had to disconnect its phone lines to keep upset customers from calling in and overloading its phone system.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

BYOD means you must make a few extra preparations to protect your organization in cases of litigation and eDiscovery.

It’s a fact that we live in a litigious world. Bring Your Own Device (BYOD) and even corporate-owned mobile devices often are caught up in legal cases. Chris Gallagher, national director for Adecco eQ, a nationwide eDiscovery firm gives an overview of how businesses can navigate eDiscovery when a business has BYOD devices seized as part of a court case.

eDiscovery and mobile devices

BYOD and corporate-owned devices can be put a litigation hold (sometimes called a “preservation order”) when an organization must preserve all forms of relevant information when there’s the anticipation of litigation.

Gallagher’s firm helps legal counsel with data forensic collection, acquisition on mobile devices and PCs. His company processes the data on these devices and uses advanced analytics to locate information pertinent to the litigation

eDiscovery and BYOD: The blurred line

BYOD is still, from a legal perspective, in its infancy, Gallagher said. He said every time his firm does a customer survey, they still hear about strong BYOD activity in the market.

He said, “Of course, from a discovery perspective, from a litigation hold perspective, it makes both the general counsel’s life that much more difficult as well as the law firm’s life more difficult because number one, there’s that blurred line, what is corporate data versus what is personal and individual data, where does that line cease?”

Gallagher points out that anytime you have devices entering and leaving a network there’s a control factor. Companies who master that control have a better (but still not perfect) time when they get called into discovery.

“When you have a device that is not a corporate-owned device that is accessing corporate information, the ownership of that information always comes into question,” Gallagher said.

“When dealing with eDiscovery, part of discovery requests are information that is under your direction and control,” he said. “It’s on a personal device, it’s not owned by the corporation, but it’s corporate-owned data, so is that under your control? Absolutely.”

Litigation holds on BYOD devices can be an added nuance and one more gray area that corporation have to deal with when it comes to BYOD in their enterprise.

Gallagher said you need to ask, ” How do you get that data back? How do you ensure that you’re not losing, not only from a litigation perspective, but the other major issue is corporate information, trademark secrets, corporate secrets, confidential information that you wouldn’t want to enhance?”

He further explained that a litigation hold over a BYOD devices means going beyond the normal things like a desk drawer, files, email, and shared devices. It means you have to ask “Okay, what else have you used to access the corporate network in the last year?

Wearables and eDiscovery

Wearable tech would have minimal impact on eDiscovery. Gallagher said, “Now, if you’re a corporate attorney, if you’re a defense counsel, one of the things you’re going to argue is “Well, the watch, everything that’s available on the watch, it’s just email, weather, that’s available on the server anyway, so you have another place to get it.”

The wearable is a highly discoverable type of device because most of that information is just replicating from somewhere else, Gallagher said. Usually, you are replicating wearable data from your phone so if you have the phone then everything’s replicated.

“For smaller cases, for cases at a location, for criminal cases, or matrimonial cases, where location is important, wearables could come into play,” he said.

Onboarding BYOD devices and eDiscovery

Much of what Gallagher said around BYOD policies is standard fare. I asked Gallagher how a company could protect themselves in the cases of salespeople (the “original BYOD”users) contracts and non-compete agreements. Competitors in highly competitive industries sue each over this kind of stuff all the time.

Career salespeople have their contacts (built from years of selling in an industry) that they keep on their phones. They may have sold to these customers over the years.

From a legal perspective in this scenario, Gallagher recommends that corporations have an addendum added to their standard employment agreement. The addendum should state, “I certify that I am not bringing anything from my former employee. We are hiring you for your knowledge of the industry in general and not any specific contacts that you may or may not have from former employees.

Gallagher said this sort of contract boilerplate puts the responsibility on their shoulders and that you aren’t hiring them for a particular contact.

He also advised that you want to make sure that they abide by their previous non-compete, but you don’t want them downloading or taking anything with them from their previous employer. Gallagher cautioned that you should not place any data from their previous employer on your corporate-owned system. Take, for example, syncing a personally owned smartphone to a corporate-owned laptop. Along with that sync can come corporate data from your competitor. eDiscovery can detect that data.

He further recommends that you have that new sales rep come to you with a clean slate of a cell phone.

Bringing contacts along on a personal device has become much easier legally speaking according to Gallagher. He said, “One of the recent things that’s come out of court cases is if you look at LinkedIn profiles, if you look at customer information but the sales rep proved that most of the information that he had from his ‘client’ was available publicly on their LinkedIn profiles.”

You don’t want them backing up their tablet to their new computer that could result in a breach of their non-compete, and now it’s backed up on your servers according to Gallagher.

Conclusion

Above and beyond the usual BYOD and challenges that enterprises face each day, you may also be navigating a blurred legal line so prepare yourself accordingly with BYOD policies and advice from your counsel to ensure that you are prepared if and when BYOD devices get put on a litigation hold.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Phishing emails flow into inboxes year-round, especially during the holidays. Here are some clues to help your users spot “fishy” emails.

Every day countless phishing emails are sent to unsuspecting victims all over the world. While some of these messages are so outlandish that they are obvious frauds, others can be a bit more convincing. So how do you tell the difference between a phishing message and a legitimate message? Unfortunately, there is no one single technique that works in every situation, but there are a number of things that you can look for. This article lists 10 of them.

1: The message contains a mismatched URL

One of the first things I recommend checking in a suspicious email message is the integrity of any embedded URLs. Oftentimes the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address (at least in Outlook). If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.

2: URLs contain a misleading domain name

People who launch phishing scams often depend on their victims not knowing how the DNS naming structure for domains works. The last part of a domain name is the most telling. For example, the domain name info.brienposey.com would be a child domain of brienposey.com because brienposey.com appears at the end of the full domain name (on the right-hand side). Conversely, brienposey.com.maliciousdomain.com would clearly not have originated from brienposey.com because the reference to brienposey.com is on the left side of the domain name.

3: The message contains poor spelling and grammar

Whenever a large company sends out a message on behalf of the company as a whole, the message is usually reviewed for spelling, grammar, and legality, among other things. So if a message is filled with poor grammar or spelling mistakes, it probably didn’t come from a major corporation’s legal department.

4: The message asks for personal information

No matter how official an email message might look, it’s always a bad sign if the message asks for personal information. Your bank doesn’t need you to send it your account number. It already knows what that is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

5: The offer seems too good to be true

There is an old saying that if something seems too good to be true, it probably is. That holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.

6: You didn’t initiate the action

If you get a message informing you that you have won a contest you did not enter, you can bet that the message is a scam.

7: You’re asked to send money to cover expenses

One telltale sign of a phishing email is that you will eventually be asked for money. You might not get hit up for cash in the initial message. But sooner or later, phishing artists will likely ask for money to cover expenses, taxes, fees, or something similar. If that happens, you can bet that it’s a scam.

8: The message makes unrealistic threats

Although most of the phishing scams try to trick people into giving up cash or sensitive information by promising instant riches, some phishing artists use intimidation to scare victims into giving up information. If a message makes unrealistic threats, it’s probably a scam.

9: The message appears to be from a government agency

Phishing artists who want to use intimidation don’t always pose as a bank. Sometimes they’ll send messages claiming to have come from a law enforcement agency, the IRS, the FBI, or just about any other entity that might scare the average law-abiding citizen. But here, government agencies don’t normally use email as an initial point of contact. That isn’t to say that law enforcement and other government agencies don’t use email. However, law enforcement agencies follow certain protocols. They don’t engage in email-based extortion—at least, not in my experience.

10: Something just doesn’t look right

In Las Vegas, casino security teams are taught to look for anything that JDLR—just doesn’t look right, as they call it. The idea is that if something looks off, there’s probably a good reason why. This same principle almost always applies to email messages. If you receive a message that seems suspicious, it’s usually in your best interest to avoid acting on the message.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Anna Kournikova (2001)

The Anna Kournikova virus is so named because it tricked its recipients into thinking they were downloading a sexy picture of the tennis star. Financial damages associated with Kournikova were limited, but the virus had a big pop culture impact: It became a plot point in a 2002 episode of the sitcom Friends.

Sasser (2004)

In April 2004, Microsoft issued a patch for a vulnerability in Windows’ Local Security Authority Subsystem Service (LSASS). Shortly after, a teenager in Germany released the Sasser worm to exploit the vulnerability in unpatched machines. Multiple variants of Sasser took out airline, public transportation, and hospital networks, causing $18 billion in damage.

Skulls.A (2004)

The Skulls.A is a legitimately spooky mobile trojan that affected the Nokia 7610 smartphone and other SymbOS devices. The malware was designed to change all icons on infected phones to Jolly Rogers and disable all phone functions, save for making and receiving calls.

F-Secure says Skulls.A caused little damage, but the trojan is undeniably creepy.

Zeus (2009)

While many malware programs on this list are little more than nuisances, Zeus (AKA Zbot) was a tool used by a complex criminal enterprise.

The trojan uses phishing and keylogging to steal online banking credentials, draining a cumulative $70 million from the accounts of its victims.

Melissa (1999)

Named after a Florida stripper, the Melissa virus was designed to propagate by sending itself to the first 50 contacts in its victims’ e-mail Outlook address book. The attack was so successful that the virus infected 20 percent of the world’s computers, causing an estimated $80 million in damage.

Virus creator David L. Smith (shown) was caught by the FBI, served 20 months in jail, and paid a $5,000 fine.

Sircam (2001)

Like many early malware scripts, Sircam used social engineering to trick people into opening an email attachment.

The worm chooses a random Microsoft Office file on victims’ computers, infects it, and sends it to all the people in the victims’ email contact list. A University of Florida study pegged Sircam cleanup costs at $3 billion.

Stuxnet (2009)

Stuxnet is one of the first known viruses created for cyberwarfare. Created in a joint effort between Israel and the U.S., Stuxnet targeted nuclear enrichment systems in Iran.

Infected computers instructed nuclear centrifuges to physically spin until they broke, all while providing fake feedback that operations were normal.

SQL Slammer/Sapphire (2003)

Taking up just 376 bytes, the SQL Slammer worm packed a lot of destruction into a tiny package. The worm slowed down the Internet, disabled 911 call centers, took down 12,000 Bank of America ATMs, and caused much of South Korea to go offline. It also crashed the network at Ohio’s Davis-Besse nuclear power plant.

Storm Trojan (2007)

Storm Trojan is a particularly sinister piece of email-distributed malware that accounted for 8 percent of all global infections just three days after its January 2007 launch.

The trojan created a massive botnet of between 1 and 10 million computers, and because it was designed to change its packing code every 10 minutes, Storm Trojan proved incredibly resilient.

Code Red (2001)

The Code Red worm, named after the Mountain Dew flavor preferred by its creators, infected up to one-third of all Microsoft ISS web servers upon release.

It even took down whitehouse.gov, replacing its homepage with a “Hacked by Chinese!” message. Estimated damages due to Code Red were in the billions of dollars worldwide.

Nimda (2001)

Released just after the 9/11 attack, many thought the devastating Nimda worm had an Al Qaeda connection (never proven).

It spread via multiple vectors, bringing down banking networks, federal courts and other key computer systems. Cleanup costs for Nimda exceeded $500 million in the first few days alone.

ILOVEYOU (2000)

The ILOVEYOU worm, AKA Love Letter, disguised itself in email inboxes as a text file from an admirer.

But this Love Letter was anything but sweet: In May 2000, it quickly spread to 10 percent of all Internet-connected computers, leading the CIA to shut down its own email servers to prevent its further spread. Estimated damages were $15 billion.

Cryptolocker (2014)

Computers infected with Cryptolocker have important files on their hard drives encrypted and held at ransom. Those who pay approximately $300 in bitcoin to the hackers are given access to the encryption key; those who fail to pay have their data deleted forever.

Netsky (2004)

The Netsky worm, created by the same teen who made Sasser, made its way around the world by way of email attachments. The P variant of Netsky was the most widespread worm in the world even more than two years after its February 2004 launch.

Conficker (2008)

The Conficker worm (AKA Downup, Downadup, Kido), first detected in December 2008, was designed to disable infected computers’ anti-virus programs and block autoupdates that may otherwise remove it from computers.

Conficker quickly spread to numerous important computer networks, including those of the English, French, and German armed forces, causing $9 billion in damage.

Michaelangelo (1992)

The Michelangelo virus itself spread to relatively few computers and caused little real damage. But the concept of a computer virus set to “detonate” on March 6, 1992 caused a media-fueled mass hysteria, with many afraid to operate their PCs even on anniversaries of the date.

Sobig.F (2003)

The Sobig.F trojan infected an estimated 2 million PCs in 2003, grounding Air Canada flights and causing slowdowns across computer networks worldwide. This tricky bug-in-disguise cost $37.1 billion to clean up, making it one of the most expensive malware recovery efforts in history.

MyDoom (2004)

In September 2004, TechRepublic called MyDoom “the worst virus outbreak ever,” and it’s no surprise why. The worm increased the average page load time on the Internet by 50 percent, blocked infected computers’ access to anti-virus sites, and launched a denial-of-service attack on computing giant Microsoft.

The worldwide costs associated with cleanup of MyDoom is estimated to be just shy of $40 billion.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

With a quick glance at your Windows 10 laptop, you’ll be able to unlock it — without entering a password.

Microsoft introduced the latest new feature for Windows 10, called Windows Hello. The security tool will let you access your PC through facial recognition, an iris scan or a read of your fingerprint.

But before you get ready for your closeup, you’ll need get some special equipment — most PCs don’t come with biometric scanners installed (though some do). Windows Hello is primarily targeted at businesses and government agencies.

Microsoft opted not to rely on your webcam for facial recognition because the photos it captures are not terribly secure, and they’re easy to spoof. Instead, Microsoft got infrared cameras to do facial recognition for Windows Hello.

Facial recognition is possible on a low-grade camera. Google allows its Android phones to be unlocked with facial recognition, but the company warns that someone with a photo of you — or even someone who looks like you — will be able to unlock your phone too.

With the proper tools, faces, irises and fingerprints are possible to spoof, but it’s not easy — someone’s got to really want to break in to your PC to go through the trouble.

Microsoft opted for more robust security in Windows 10, because it wants to meet strict standards that companies and government agencies impose for secure logins. Microsoft said Windows Hello has a 1 in 100,000 false accept rate, which is very high. It’s a lot safer than a password, which, as we know, can easily be forgotten, lost, stolen or hacked.

Though it’s not necessarily aimed at the average PC buyer, consumers will be able to use the Windows Hello feature too.

Microsoft promised “plenty of exciting new Windows 10 devices to choose from which will support Windows Hello.” And if your PC already has a fingerprint reader, you’ll be able to login with a fingerprint scan.

Passport: Windows 10 will also support another new security feature, codenamed “Passport,” which lets you login to participating websites, apps or networks without a password. Microsoft said the list of sites and apps that support Passport is growing, but it didn’t say how many participate.

Microsoft is trying to position Passport as the end of passwords. Since you never enter a password to enter a website, “there is no shared password stored on their servers for a hacker to potentially compromise,” says Microsoft boldly in its press release.

But that’s not quite true. Passwords will still exist. Even if you can login to your email via Passport from your work PC, you’ll still need a password to login from your iPad. So passwords aren’t going away anytime soon — and they’ll still be stored on email providers’ servers, which means hackers could potentially still grab them in a cyberattack.

The primary way that Passport ensures that you’re you is through Windows Hello. Oddly, however, you can also enter a PIN into Passport, which is significantly less secure than a password.

Still, it’s about time that something replaces passwords, and Hello and Passport are good starts.

Have questions?

Get answers from Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Network Share access denial is another issue that users are facing with Windows 10.

Recent upgrade to Windows 10 all of a sudden makes network share no longer accessible on Windows machines you may have in your environment.

Here is the tutorial that solves the issue.

Problem

This is what you see when you try to go to any \\something network share:

\\something is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The account is not authorized to log in from this station.

There’s some changes in the Windows 10 internals which results in the access denial. The new build does not allow anonymous (guest) access to shares by default, as a security measure.It can be resolved by creating a new registry key in the right hive and rebooting.

Solution

Fire up the registry editor (regedit). Navigate to:

Here, you will need to create a new parameter (32-bit DWORD). Right-click:

Then, name it AllowInsecureGuestAuth and assign it a value of 1.

The hive should look thusly:

And you’re done. Reboot, and enjoy your network access.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.