A large number of businesses still run Microsoft MSFT -1.71% Windows Server 2003 and it’s unlikely they all will upgrade before Microsoft Corp. ends support on July 14, 2015, say analysts. Companies that don’t upgrade increase their cyber security risks because the company will no longer issue security updates and these systems will be more vulnerable to hackers.

Businesses worldwide run an estimated 23.8 million physical and virtual instances of Windows Server 2003, according to data released by Microsoft in July 2014. Analysts say the technology is more prevalent in industries such as health care, utilities and government. Yet it’s also still used in about 7% of retail point of sale systems, according to a report Thursday by Trend Micro Inc.4704.TO -1.11%

“Microsoft does not plan to extend support for Windows Server 2003 and encourages customers who currently run Windows Server 2003 and have not yet begun migration planning to do so immediately,” said Vivecka Budden, a Microsoft spokesperson, in an email.

South Jersey Techies offers various migration options to include Windows Server 2012 R2, Microsoft Azure, hosting partners and Office 365.

“It is going to be difficult to get this done in time,” said David Mayer, practice director of Microsoft Solutions at Insight Enterprises Inc.NSIT -1.12%, a provider of IT hardware, software and services.

Many of these same industries were impacted by the end of service for the Windows XP operating system on April 8.  Microsoft broadcasts these sorts of moves years in advance, so it shouldn’t come as a surprise to anyone. But, the product was stable and for many companies there simply wasn’t incentive to update.

“In general, everyone has been slow to migrate, especially those with servers that are running applications,” said Rob Helm, vice president of research at Directions on Microsoft consulting firm.

The problem in industries such as health care and utilities is that companies run legacy apps written by vendors who still require Windows Server 2003. For example, there are smaller vendors in health care that have not kept up with development and application modernization, said a health-care CIO who asked not to be identified. A hospital may have an inventory of 100 to 500 different applications and many applications will still require Windows Server 2003, he added.

Electric utilities, for example, widely use Windows Server 2003. There hasn’t been much movement to upgrade those systems, said Patrick C. Miller, founder of the nonprofit Energy Sector Security Consortium and a managing partner at The Anfield Group, a security consulting firm. Instead, utilities are working to better secure and isolate those systems.

“I’m concerned about directory services such as application authentication and user permissions,” said Mr. Miller. “If you compromise an Active Directory server, you get access to everything.”

For now, analysts are recommending that companies work out their risk of exposure and make plans to first migrate those applications that will be most difficult. Companies should make plans to harden servers that can’t be updated. That might entail putting those systems on an isolated network, where they’d be less prone to outside attack, said Mr. Helm.

To protect and upgrade your home or business

 please contact us 856-745-9990 or click here.

In October of last year news broke about a new form of malware called Cryptolocker. This malware posed a particularly large threat to many business users and led to many quick and important security updates. Now, almost a year later, it appears that the second version of this – CryptoWall – has been released and is beginning to infect users.

What is Crypto malware?

Crypto malware is a type of trojan horse that when installed onto computers or devices, holds the data and system hostage. This is done by locking valuable or important files with a strong encryption. You then see a pop-up open informing you that you have a set amount of time to pay for a key which will unlock the encryption. If you don’t pay before the deadline, your files are deleted.

When this malware surfaced last year, many users were understandably more than a little worried and took strong precautions to ensure they did not get infected. Despite these efforts, it really didn’t go away until earlier this year, when security experts introduced a number of online portals that can un-encrypt files affected by Cryptolocker, essentially neutralizing the threat, until now that is. A recently updated version is threatening users once again.

Cryptolocker 2.0, aka. CryptoWall

Possibly because of efforts by security firms to neutralize the Cryptolocker threat, the various developers of the malware have come back with an improved version, CryptoWall and it is a threat that all businesses should be aware of.

With CryptoWall, the transmission and infection methods remain the same as they did with the first version: It is most commonly found in zipped folders and PDF files sent over email. Most emails with the malware are disguised as invoices, bills, complaints, and other business messages that we are likely to open.

The developers did however make some “improvements” to the malware that make it more difficult to deal with for most users. These changes include:

• Unique IDs are used for payment: These are addresses used to verify that the payment is unique and from one person only. If the address is used by another user, payment will now be rejected. This is different from the first version where one person who paid could share the unlock code with other infected users.
• CryptoWall can securely delete files: In the older version of this threat, files were deleted if the ransom wasn’t paid, but they could be recovered easily. In the new version the encryption has increased security which ensures the file is deleted. This leaves you with either the option of paying the ransom or retrieving the file from a backup.
• Payment servers can’t be blocked: With CryptoLocker, when authorities and security experts found the addresses of the servers that accepted payments they were able to add these to blacklists, thus ensuring no traffic would come from, or go to, these servers again. Essentially, this made it impossible for the malware to actually work. Now, it has been found that the developers are using their own servers and gateways which essentially makes them much, much more difficult to find and ban.

How do I prevent my systems and devices from being infected?

Unlike other viruses and malware, CryptoWall doesn’t go after passwords or account names, so the usual changing of your passwords won’t really help. The best ways to prevent this from getting onto your systems is:

• Don’t open any suspicious attachments – Look at each and every email attachment that comes into your inbox. If you spot anything that looks odd, such as say a spelling mistake in the name, or a long string of characters together, then it is best to avoid opening it.
• Don’t open emails from unknown sources – Be extra careful about emails from unknown sources, especially ones that say they provide business oriented information e.g., bank statements from banks you don’t have an account with or bills from a utilities company you don’t use. Chances are high that they contain some form of malware.

October is National Cyber Security Awareness Month by Department of Homeland Security.

National Cyber Security Awareness Month encourages vigilance and protection by sharing tips and best practices in regard to how to stay safe.

Small businesses are a large target for criminals because they have limited resources dedicated to information system security.  Cyber criminals look for access to sensitive data.

Create a cyber security plan

The Federal Communications Commission offers a Cyber Planner for small businesses.  The planner guide allows specific sections to be added to your guide, including Privacy and Data Security, Scams/Fraud, Network Security, Website Security, Email, Mobile Devices, Employees, Facility Security, Operational Security, Payment Cards, Incident Response/Reporting and Policy Development/Management.

Generate a personalized Small Biz Cyber Planner Guide.

Establish Rules and Educate Employees

Create rules and guidelines for protecting information.  Educate employees on how to post online in a way that does not share intellectual property.  Clearly explain the penalties for violating security policies.

Network Protection

Deploy and update protection software, such a antivirus and antispyware software, on each computer within your network.  Create a regularly scheduled full computer scan.

Manage and assess risk

Cyber criminals often use small businesses that are less-protected to get to larger businesses.  Being a victim of a cyber-attack can have a huge impact on any business including financial issues, loss of possible business partner(s) and many more issues.

Download and install software updates

Installing software updates from vendors can protect your network for unwanted viruses and malware.  Vendors frequently release patches/updates for their software to improve performance and fine-tune software security.  (Example:  Adobe Reader, Adobe Flash and Java updates are critical for protection.)

Backup important business data and information

Create a backup plan for all data including documents, databases, files, HR records and accounting files.  A regularly scheduled backup can be a full, differential or incremental.

• Full Backup:  Backup of all data.
• Differential Backup:  Backup of all data that has changed since the last full backup.
• Incremental Backup:  Backup of all data that has changed since the last full or incremental backup.

Control physical access

Protecting physical property is a very important role in protecting intellectual data.  Create a physical security plan to prevent unauthorized access to business computers and components. 

Secure Wi-Fi

Securing your Wi-Fi network consists of a few configurations.  Configure a device administrator password for your wireless access point (WAP) or router, require a password for Wi-Fi access and do not allow the WAP or router to broadcast the Service Set Identifier (SSID), also known, as network name.

Windows 8.1 will be released on October 17, 2013, followed by a full launch on October 18, 2013.  Although Windows 8.1 is not a “new” operating system, the major updates created for 8.1 have made the upgrade more than a simple service pack.

Enterprise Benefits:

1.  Mobility

Windows 8.1 benefits a wider range of employees to include a combination of productivity and mobility.  IT can manage Windows 8.1 devices, such as desktops, laptops, and tablets, with a universal management client.

2.  Tablets

Enabled hardware for Windows 8  offers the option to have a standard operating system for enterprises, but allow individual users to select their device, such as desktops, laptops, and tablets, and have a consistent interface across these devices. 

3.  Application Development

Streamlining Windows 8.1 allow developers to design applications that can work across devices, such as desktops, laptops, tablets and smartphones.

4.  IT Support

To reduce the strain on IT resources for business mobility, standardizing on Windows 8.1 allows a majority of IT support to become simplified. 

5.  Total Savings

Standardizing on Windows 8.1 will reduce the cost for development, maintenance and support.  Also, reducing costs by eliminating licensing/support costs of a enterprise environment with varied devices.

6.  Restore Optimization

Windows 8.1 has the ability to restore factory settings for the operating system.  For all businesses, this is an advantage and a simple way to reduce costs and recover time for IT departments. 

7.  IT Operations

Windows 8.1 is a services pack for Windows 8 that includes new features, not just fixes.  Creating user documentation can be streamlined for Windows 8.1 for all applications.  Additionally, future service packs will follow in the footsteps of Windows 8.1 to include new features; then IT departments can frequently provide updates to user documentation.

8.  Reduced Confusion

To reduce user confusion, after a user joins to Windows Intune Management Service the user gains access to the Company Portal.  The company portal has access to the applications, data, and device settings.  Also, users can troubleshoot their own devices using the service desk self-help portal.

9.  Security

Microsoft is enhancing security with Windows 8.1 with Remote Business Data Removal and the new Internet Explorer.  Remote Business Data Removal provides control over encrypted data that can be wiped from any device.  The new Internet Explorer has Anti-Malware included to scan binary extensions to prevent infections.

10.  Education

Windows 8.1 offers an evaluation of current infrastructure, how to execute migrations plans and ways to educate users on how to use the new version.  Microsoft ends support for Windows XP on April 8, 2014, business should consider the option of upgrading to Windows 8.1. 

For more information regarding Windows 8.1 click here.