Facebook Twitter Linkedin email
RSS FEED

General Telephony

Secure, Functional, and Friendly – Cloud-Based PBX Out Preforms On-Premesis PBX
April 17th, 2015

Strong Foundation

The folks at Software Advice have released the second part of their SIP Trunking Provider and Implementation User Research Report, and we’re pleased to see the results. Software Advice takes complex IT and software issues and distills them for non-technical users to make simplified software decisions. In this two-part research project, they studied the usage, effectiveness, and satisfaction of hundreds of network telephony experts and found conclusive evidence that SIP trunking was a supreme advantage for SMB’s looking for cost-effective ways to maintain a secure, high-quality business phone service. In the second part of their research on the topic, Software Advice Analyst, Daniel Harris unearths more findings in support of a hosted PBX phone service for business.

Unrivaled Functionality

Cloud-Based PBX Features

One very compelling finding of the report is that users of cloud-based PBX systems were nearly 29% more likely to have all of their desired features supported by their phone service than were their on-premesis PBX colleagues. This conclusion is emblematic of one of the most convincing reasons to switch to a hosted telephone service. Features included or added onto an on-site PBX system – from introductory to the most robust – can be prohibitively expensive. However, those same features and more can be included with most any level of cloud-based PBX service.

By being hosted in the cloud, virtual phone systems aren’t hindered by the same limitations of their physical, on-site counterparts. This means that for any added feature or modification to an existing one, neither specially trained technicians nor unique and expensive equipment is required. By simply reconfiguring the cloud-based system from an online management portal, a sophisticated VoIP provider allows users to be masters of their own phone options, without any special training.

Friendlier User-Friendliness

Considering the high technical fluency of the audience in the Software Advice report, configuration challenges shouldn’t be something that were often encountered in implementing new PBX systems of any variety. However, even though the lack of special training wasn’t a concern with this sample group, there persisted to be challenges for configuring the on-premises PBX with SIP trunking.

Cloud-Based PBX ConfigurationThe compatibility of physical devices is one reason the expert IT world struggles with on-site PBX systems. PBX hardware is not unlike mobile phones that require a specific type of charging cable or TVs or monitors that require certain AV connections. These types of incompatibilities are much more challenging to overcome than simply finding a converter, though.

“When it comes to configuration, our respondents have more difficulty configuring on-premise systems than cloud systems, most likely because of the proprietary hardware involved in this setup,” said Daniel Harris of Software Advice. Where physical configuration can eventually be overcome with costly work-arounds, there are still issues with making the on-premise hardware recognize SIP trunking software. Unlike the malleability of codes, hardware can’t be as easily updated to accommodate new third-party applications.

“With on-premise systems, however, the SIP trunking provider has to ensure that its service can support proprietary PBX software and hardware from a third-party vendor,” Harris added.

Secure From Every Angle

More often than not, we are assailed with new reasons to be concerned for our data security. While not typically the first place we expect intruders to try and illegally access information, securing business phone lines is especially important. This is another reason why IT pros were keen to report more robust security on their cloud-based PBX over an on-premise option. One of the more popular ways to secure SIP trunking transmissions is Transport Layer Security (TLS), a method often used to secure payment information online. Idealized for securing the transfer of data packets that VoIP conversations are converted into, TLS encrypts the SIP requests between clients and servers, or in this case, businesses using cloud PBX systems and their SIP trunking providers. The heartiness of this method is ideal not only for the protection of financial information online, but for the prevention of DoS (Denial of Service) attacks like have been perpetrated against banks and the US government.

The Verdict

Past research has already shown that SIP trunking offers meaningful cost savings for small and medium businesses, but this new study suggests those savings go even further. By not tying up the limited bandwidth of a company’s tech team with cumbersome, troublesome, and unsecured telephone connections, an SMB can free itself up to focus on the jobs they want to do to grow. Also, added savings come from the prevention of crippling security failures that might be suffered absent the staunch defenses offered by a strong security configuration to any cloud-based PBX.

For more information on VoIP for business and for any questions you may have on how to configure a cloud-based telephone network that will bring these savings to your company, contact our award-winning business experts today.

Protect Ya Neck – The Top Tax Scams Of 2015
April 13th, 2015

White Collar Money BaggerIn this series of blogs we will examine all topics under the information security umbrella. From corporate blunders to rogue state attacks to the occasional celebrity hack, we believe there is something for businesses and individuals to learn from any cyber security event. We also believe that, while experience is the best teacher, it’s even better to let other people make the mistakes for you.

If you don’t know that taxes are due on Wednesday, April 15, 2015, frankly I would begin to get a little worried. That said, many of us are still hustling to get things completed in time and, in the rush, might be a bit less meticulous than we ordinarily may be. It’s not just personal filers who are at risk, though, as tax preparers are getting inundated with phishing scams at a higher rate than ever. That’s why this edition of PYN is going a little analogue and focusing on preventative measures for everybody’s favorite time of year- Tax Season.

The Dirty Dozen

It’s not just a star-studded WWII movie from back when action movie stars were actually badasses in real life (think Charles Bronson, Jim Brown, and Lee Marvin, just to name a few), it’s also the list of tax scams that the IRS just published as the year’s biggest threats. By my estimation, the list should be broken into two different categories, though, and because I’m writing this, we’re going to do just that.

The Sinister Six

Words are fun, especially when there’s alliteration involved. The items on this list are all actually scams where there is an unscrupulous tax-time predator and a target. Presumably, after reading this, that poor fool will be someone other than you, of course.

  1. Phone Scams – We know better than anyone else that phones are still the number one way to conduct business, legitimate or not. And just as Broadcast TV loses all of the headlines to streaming content but commands more in ad revenue, telephone scams also persist to rake in the cash for scammers with a silver tongue. Rule of thumb- any, ANY, unsolicited offer is one you don’t have to entertain until you’ve done some due diligence off of the phone.
  2. Phishing – This one is simple. The IRS, your doctor, HOA, or any other organization will never send out emails for you to update your personal tax and banking information. It never happens. Ever. So stop clicking those emails, please.
  3. Identify Theft – This isn’t really a scam relegated to tax season, just always be on the watch and “cover your pin keypad” so-to-speak. Keep your private information private.
  4. Return Preparer Fraud – This is a tough pill to swallow because it can create a chilling effect on our trust of professionals, but by staying with reputable, national or recommended tax preparers, you should be safe. If your preparer doesn’t have the proper credentials, they shouldn’t be handling your taxes.
  5. Inflated Refund Claims – If you see someone broadcasting a ridiculously high return number I refer you to number four.
  6. Fake Charities – Sometimes you have a bad year, sometimes you have a good year. When you have a good one you may look to “harvest losses” to offset your gains, if so, make sure you aren’t accepting unsolicited offers for charity (See number one) and that you give your hard earned money to an organization you really believe in and that won’t land you in hot water for claiming a fake charity.

The Wrist-Slap Six

The other half of the Dirty Dozen is really a bunch of tax “strategies” that really aren’t covered by the PYN umbrella. I’ve listed them below for posterity (and so I could make a new alliterative six-itemed list name, obviously) but a quick glance of them reveals that they are all products of decisions made by a tax filer, not a predator thereof. That said, don’t do these things, that would not be awesome.

  1. Hiding Income with Fake Documents
  2. Abusive Tax Shelters
  3. Falsifying Income to Claim Credits
  4. Excessive Claims for Fuel Tax Credits
  5. Frivolous Tax Arguments
  6. Offshore Tax Avoidance

That’s it for the cautionary portion of this edition of the VirtualPBX Security Serial, though I’m sure someone somewhere is hard at work right now giving us more material for the next one. The next thing you’ll want to focus on, however, is what to do with all of that hard-earned tax-return cheddar you’re going to be getting here shortly. I don’t have anything against jet-packs and Caribbean cruises, but we are also running a very limited, very special offer on all of our VoIP office phone equipment.

Sure it’s a great deal that probably won’t ever happen again, but you might also want to look into some capital investments in your business, you know, for tax purposes. As always, stay safe and remember to Protect ya Neck.

VirtualPBX Management Bios
April 1st, 2015

Management TeamTo get an idea of how well we work together as a team here at VirtualPBX, it is important to understand the battery of talent that makes up our leadership. It is in that interest that we offer you the following executive bios for some of the hands on the helm.

Paul Hammond

After being raised on a secluded compound run by joint forces from both MI-6 and the CIA, the agent known as Paul Hammond pursued education in international business and espionage. Not much is known about his whereabouts during the mid 1980s and early 1990’s, but it has been rumored that an individual matching his description was seen in several high-profile hot war engagements including Grenada, Panama, Bosnia/Sarajevo, and certain areas of modern day Myanmar. Though he currently serves as a high-profile board member, it is still widely speculated that these roles are merely a cover for Hammond, the mysterious and philanthropic playboy, as he monitors Silicon Valley’s super elite for the global power syndicate and clandestine order of The Illuminati.

Steve Lange
Steve Lange was the true inspiration of the original Cannonball Run. Taken from the pages of his checkered, and often violent, history during his days as a companion to Hells Angels Oakland Chapter founder and alleged outlaw, Sonny Barger, Lange’s travels across the Eisenhower Interstate System are nothing short of legendary. Generally unimpressed with Barger’s lack of, as Lange puts it, “cajones,” however, Lange broke off from the notoriety of the cycle club patriarch to from his band of, “true devil dogs.” There is a large period of time missing from Lange’s whereabouts but he reportedly garnered multiple soloist moto-enduro wins at the Dakar Rally and acquired the nickname “The Snowman” for his ability to stay cool under pressure and to supposedly make his competition turn ashy-white with just a cold, deathly stare from across the room.

Lon Baker
A lifelong devotee to show dogs, Lon Baker has brought numerous finalists performances to the Mayflower Kennel Society’s annual competition in New York City. Though his prized show pug, “Mister H. M. Snugglepug,” has been a powerhouse in the pug-heavy Northern California Regionals for four years in a row, Baker and Snugglepug have been the proverbial bridesmaids during each of those years at the ultimate test. Determined to find success at any cost, Baker, quite controversially, has recently employed the consultation of defamed show dog trainer, Ivan Vinokourov, who was the mastermind behind the widespread web of rampant international dog show doping violations in the mid 1990’s. Mister H. M. Snugglepug is undergoing unrelated and random-selection toxicology screens for performance enhancements and he nor Baker elected to comment on the matter.

Kevin Peyton
Kevin “Iron Sides” Peyton was born behind a scrap metal recycling plant on the south side of Chicago on a cold and rainy winter’s day. In spite of being surrounded by harsh and unforgiving influences from an early age, or perhaps even because of it, Iron Sides adapted a keen eye for beauty in unsuspecting places. A lifelong apprenticeship of metalworking and welding led him to a widely successful business building evocative and emotionally charged industrial art installations for collectors, architects, municipalities, and art lovers of all ages the world over. Often described as vulnerable and delicate, the paradoxical Iron Sides is still known for laboring away late into the night in his metal workshop for Banksy-esque urban guerilla art installations. Iron Sides has recently indicated, however, that his true outlet for creativity moving forward will be through a slam-dance style of interpretative dance inspired from his days as a child in the scrap yard.

Len Cacioppo
8th Dan Shotokan Karate master, chainsaw sculptor extraordinaire, and underground street car drifting competition veteran, Len Cacioppo’s greatest achievement is his collection of edelweiss. An avid mountaineer, Cacioppo makes a triennial pilgrimage to Mount Blanc to carefully select the most handsome Alpine blossoms, hand-deliver them safely back to his Silicon Valley home, and safely into his hermetically sealed, temperature controlled barometric chamber for safe keeping. It is upon his delicate and untouchable garden that the street racing octagon champion turned horticulturist gazes as he ponders the meaning of life and searches for inspiration for his next ice-block chainsaw sculpture.

If you haven’t noticed by now, your calendar does say today is the first of April, otherwise known as, April Fool’s Day. We hope you enjoyed this little bit of fun and to learn about our team and their real management bios, you can go here.

Of course, not all of us get our own bio but we’re all more than willing to help you with any of your hosted telephone questions any time. Go ahead and drop a line to our industry-leading Customer Support team and see how we can help your business begin saving with VirtualPBX today.

Avoiding the Next Tech Bubble
March 20th, 2015

Stock ChartsYeah, we live in Silicon Valley, home of the 20-somethings with million dollar homes and genius code junkies who are more likely to afford a new Porsche than they are to have graduated from college. It can get a little weird, a little intimidating, and a lot more volatile. Especially because memories of the dotcom bubble bursting in 2000 are often short, even nonexistent for many Ivy League or Stanford MBA wunderkinds who were in elementary school at the time. But these young, brilliant minds are where thousands of angel investors are betting millions of dollars on in the hopes of getting equity in the next Google. These groups are also, according to billionaire investors Mark Cuban and Bill Gurley, exactly who will be responsible for the next, and in their mind inevitable, big tech crash.


A Penny Spent Is A Penny Burned

“Burn rates, the amount of cash companies are losing every month to operate, are higher than they have ever been,” according to Gurley who says that spending by VC-backed startups is basically out of control. The type of financial outlay that Gurley suggests these early startups of committing is unsustainable in that they are spending in excess of their revenues in attempts to drive growth. This strategy exposes the company to burning out before it has established a solid, foundational business model simply by establishing risky business habits that are, according to Gurley, shortsighted.

But to all rules, of course, there are exceptions. The business software maker, Slack, is breaking even the wildest of molds in every single way. Not only has the company, originally founded as a failed gaming application, reached a billion dollar valuation in an unprecedented eight months, it is doing so while producing admirable revenue with strict adherence to sound financial operations. Purported to only be burning $100,000 a month, the company is rising at a meteoric rate of 7% growth, each week. Yes, it’s true that this type of growth is unsustainable, but having had this growth for most of a year combined with fiscal discipline and a $1 billion bankroll is a reliable recipe for long-term stability.


FOMO Struggles are Real

FOMO, or fear of missing out, as the kids are calling it, is another contributor to what the mega-investors are saying will lead to a possible bubble burst. Mark Cuban made his fortune with getting out near the top of the 2000 dotcom bust with Broadcast.com and has remained a cunning investor ever since, even launching his reality show, Shark Tank, which allows him and other angel investors to capitalize on trends and innovation in any market. Cuban is claiming that, unlike the public companies that failed in 2000 where investors could still sell (though often at a massive or total loss) their stake in failed companies, the current private equity that fuels Silicon Valley is a risk greater than that of merely sitting on the sideline.

With investors lining up to throw money at the newest startups to try and get into the ground floor, there has been an increase in the number of actual accredited investors to over 225,000 such capitalists. Because most people can’t achieve actual VC status, though, there are new opportunities to invest in the burgeoning tech scene in today’s Silicon Valley and beyond. Operations like Angel List are new investment aggregators where for $25,000, anyone can get in the game. The problem, Cuban contends, is that there is no liquidity nor escape hatch for these amateur investors to kick the plug with should their investment go south. With private equity, there’s no public market for their stake in a company so, should their darling startup falter. This unprecedented marriage of middle-American wealth with volatile venture capital is exactly why Cuban believes the effects of a tech correction could be massive.


Hedge Early, Hedge Often

For companies of any size or description, simple steps can be taken to ensure long-term financial stability in the face of market volatility. In this case, the best offense is definitely a good defense. Companies like Slack that are disciplined in their expenses have the best chance of combatting any threats to their business, of course the billion dollars doesn’t hurt, either. For companies that don’t have those coffers to rely on, though, simple steps, like vetting utility providers, can prove invaluable. Flexible payment plans, modifiable options and features, and pooled resources are all characteristics of a solid service partner. Not coincidentally, those are just some of the benefits of VirtualPBX’s award-winning Anywhere Plans.

A commitment to reliability and service is what has seen VirtualPBX through recessions, depressions, and corrections. The unprecedented value of services like the Anywhere Plan is what has helped our customers do the same.

Slack CEO Stewart Butterfield said that, “It’s difficult to call a top, but it’s pretty obvious we’re far from the bottom.” This is couldn’t possibly be more true. However, though we don’t know if we’re actually staring down the next tech bubble or not, we remain committed to staying true to our core values and to providing industry-leading innovation at prices that are right for every budget. No matter what the future holds, you can count on that.

Keep Business a Well-Oiled Machine: Over The Top Apps
March 11th, 2015

Well Oiled Machine

Businesses didn’t used to have a surplus of options to rely on when it came to staying in touch with coworkers or customers. Today, however, businesses and the people who run them are bombarded with communications options from texting and instant messaging apps to voice and video conferencing. While some people may malign the transition from true face-to-face interaction to FaceTime, the fact is that companies are saving huge amounts in telecommunications investments by augmenting their unified communications plan with Over-The-Top (OTT) communications applications. With the growth of OTT apps reaching maturation, integrating them as part of a comprehensive telecommunications strategy is integral to keeping business engines running smoothly.


You Down With OTT?

OTT App Use86% of all respondents reported using OTT apps at work

Chances are that, yes, you probably are. Software Advice, the online software research and recommendation engine, recently published a report on OTT use in the workplace and found that a whopping 82% of workforces are already using some form of OTT app for business. Many OTT options include simple text or IM platforms but can get rather complex with real time video and screen sharing capabilities.

OTT apps are referred to as such because they circumnavigate traditional cost barriers that traditional telecom providers have for including specific, relatively sophisticated communications platforms by effectively hurdling them. Yeah, you get it, right over the top. Therefore, whenever you were to use Gchat or Skype to ping back and forth with a coworker, you are employing an OTT app that is saving money for your company. Kudos!


Making OTT Work for Your Business

I can hear some operations people reading this in their heads thinking, “82% usage? Well we need to get a policy in place for this!” Cool your jets, there are a few things to consider before jumping into a decision right away. Obviously it is always important to look at the costs of any service, but how familiar your users are with the technology and which platform works best for them should also be considerations.

Video OTT DisadvantagesThe chief complaint with free or freemium OTT apps was video quality
  • Open Source vs Free(mium): Open Source apps are great for companies that have the technological knowhow to put together a custom built suite of features for their company by using a platform already available online. The price is right for companies with a staff savvy enough to build a complex system with what is basically a pile of disassembled IKEA furniture minus the step-by-step instructions. Freemium is what most respondents recorded using and will likely be the most quickly adopted services is for nothing other than its familiarity alone. While a quickly adopted app that requires no technical expertise to deploy is appealing, the drawback of these aps is functionality and features. Many of the more compelling features of an app will be available at a subscription rate while the basic IM functions are offered for free.
  • Platform Preference: The types of OTT apps can be broken into two basic groups, text and streaming. Texting or IM are advantageous because employees rank familiarity as one of the most important features in an OTT app at work and because the quality of service for simple text apps is routinely very high. OTT apps that offer voice and video streaming are more challenging in that these are often additional features of apps that are pay-per-use or that they are free but with unreliable quality.


Making Dollars and Sense

There is, of course, no one OTT solution that will be right for every company, but every company can find a way to benefit from augmenting their existing telecom platform with the right OTT. Daniel Harris, Software Advice’s Market Research Associate, is quick to note that both text and streaming application platforms have a role for the right company, though.

“Businesses should consider choosing freemium solutions for their text and instant messaging needs before they consider freemium solutions for audio and video interactions, in which audio and video quality is a consideration of paramount importance.” Said Harris.

Business SizeThe size of companies polled varied significantly and likely impacted findings on perceived value of specific OTT platforms

In other instances, phone and videoconference quality cannot be sacrificed. For those companies, it would be best to include those features as part of their telecom budget, rather than relying on cost-saving OTT apps. Often times, these are larger companies that can afford to dedicate a software platform other than an OTT to meeting with clients and dispersed team members.

“Business models in which phone calls and videoconferences are mission-critical may not be well-suited to freemium technologies,” Harris adds, “As savings in the communications budget could be offset by decreases in revenue, should the apps perform poorly.”

Just as the introduction of VoIP has retaught the conventional wisdom on how phone service should be delivered and billed, OTT solutions are well on their way to making their own mark on business as well. Furthermore, as long as adoption of these emerging technologies continues to be highest among younger employees, it is safe to say that finding OTT options that work for your business might be as useful for productivity as it is for talent recruitment and retention as well.

For more applications of past Software Advice reports towards the telecom business, check out these links-

Work From Anywhere
March 6th, 2015

Working at CafeDispersed and telecommuting workforces are becoming more and more frequent in the modern workplace. This is not the biggest headline. What is more important now, however, is how the job market has begun to shift as a result of this added freedom in work routines. The populist movement back into the home for working hours has meant that companies now have to totally reconsider the conventional wisdom of hiring and benefits packages that have been mainstays for decades.


It’s Not Just Those Dang Kids

Millennials get a bad wrap from some of the old guard for their perceived lack of loyalty, high need for positive reinforcement, and, more relevantly, their desire for “chill” and flexible work environments. The fact is that a lot of those myths are simply that, myths, but younger workers are often credited with impacting the changing landscape of the modern workplace. The reality is, however, that there are many popular movements calling for change in time at the office expectations, not just millennials.

LeanIn.Org, a non-profit organization dedicated to helping women achieve their goals in the American workplace, sees flexible work schedules as more than just a nicety to offer applicants. By improving maternity/paternity leave benefits and family-friendly flexible work schedules, businesses can count on greater investment and loyalty from their workers who have been historically penalized for adopting a family-first approach to work/life balance.


Change is in the Air

The typically straight-forward listing of the 100 best companies to work for has seen a complete recalibration when tailored for those seeking better work/life balance and the flexible schedule that working from home provides. In the spirit of competition, both for the best talent and for the sake of being number one, a greater number of companies are making strides to offer more than at-work lunches and a gym stipend. By ensuring a more accommodating and less punitive approach to work place flexibility, employers and employees alike are reporting higher job satisfaction than ever before.


Work From Home, The Simple Solution

Establishing a realistic work from home policy at your workplace is more than just typing up a document from Human Resources. Having the guidelines that work for your organization in place is only one half of the solution, though. The other half of executing on your WFH strategy is having the right tools to empower your newly remote workforce.

Possibly the simplest way to make your turn-key transition into a mobile-friendly, dispersed workforce is with the VirtualPBX Anywhere Plan. With it, companies can offer a variety of compelling features to their employees, including-

  • Let your employees use their existing mobile devices
  • Keep private numbers private by using just a single office number with Softphones
  • Offer conference lines, accessible both inside and outside of the office
  • Manage phone system activity, usage, and access wherever you have an internet connection
  • Expand and change your system with ease to meet your current and evolving needs

VirtualPBX’s award-winning Anywhere Plans are packed with features and customization options that are ideal for smaller organizations who want to offer their teams industry-leading telecommuting options that let them work from anywhere. For any questions about the Anywhere Plan, inquiries about solutions for larger organizations, or any other VoIP issues, please contact the VirtualPBX Support Team today.

Perusal Amusal – Why We Love the Internet
February 27th, 2015

Coffee and NewsThere’s a lot of noise out there in the worldwide interwebz, we get it. But beyond all of the pseudo-science, cat videos, and conspiracy theories there are also some gems, too. We’re known to mine for them from time to time and want to share this week’s best of the internet with you. Because you deserve it.

Because not everyone thinks that history is as important as their own world views-
http://www.theguardian.com/world/2015/feb/26/isis-fighters-destroy-ancient-artefacts-mosul-museum-iraq

Because the Father of Modern Design-Led Business deserves some recognition-
http://www.fastcodesign.com/3042762/how-graphic-design-legend-paul-rand-ushered-in-an-era-of-design-led-business

Because speaking about design, a nice interface can make problem-solving more fun-
http://www.unstuck.com

Because there’s more than one way to deal with overflowing landfills-
http://www.huffingtonpost.com/2015/02/25/kfc-edible-coffee-cup_n_6752366.html

Because sometimes graffiti comes in moving pictures-
http://mashable.com/2015/02/25/banksy-gaza-documentary/

And because jackhammers aren’t the only way to beat up works of art-

http://www.thedailybeast.com/articles/2015/02/26/no-respect-for-hip-hop-s-ogs-why-many-legendary-mcs-still-need-to-hustle.html

Protect ya Neck, The VirtualPBX Security Serial – Lenovo’s Dirty Little Secret
February 25th, 2015

In this series of blogs we will examine all topics under the information security umbrella. From corporate blunders to rogue state attacks to the occasional celebrity hack, we believe there is something for businesses and individuals to learn from any cyber security event. We also believe that, while experience is the best teacher, it’s even better to let other people make the mistakes for you.

Malware Bugs

Trust for Sale

Would you buy a home from a man who was convicted of Breaking and Entering? How about taking a trip with a taxi driver who has had his license suspended? Probably not, right? Fortunately there aren’t many respectable businesses out there entreating us to part with our hard-earned dollars just to take advantage of our trust with a good ‘ol switcheroo. Well, unless you recently bought a Lenovo computer, that is.


Malware Included at no Extra Cost!

Things really may not be as bad as I described above, but the story is pretty horrifying nonetheless. Lenovo admitted to preinstalling Superfish adware to certain laptops with the intention, “to help customers potentially discover interesting products while shopping.” However, the software allegedly does more than the company suggests it was supposed to. By allegedly installing its own self-signed certificate authority, the software can inject ads into encrypted “https” websites, including secure retail or banking pages. If only there was some sort of paper trail of Superfish’s previous work to give an indication of their track-record with privacy and security concerns. But let’s keep it about Lenovo for now…

Original statements from Lenovo’s CTO said that this threat of piracy and data compromise presented by the software was only theoretical. In a decisive rebuttal, however, Errata Security’s CEO, Robert Graham, outlined detailed instructions on how exactly (and for not much investment, about $50) a hacker could set-up a malicious Wi-Fi hotspot to take advantage of compromised Lenovo computers. Whether someone has the knowhow and motivation to create such a trap with only a few bucks and some time to kill is beside the point. The crux of this issue lies in the fact that users shouldn’t have to worry about preloaded software on their brand new devices potentially harming them.


So You Bought a Lenovo, Now What?

Fortunately, the hardware that had Superfish pre-installed came in computers shipped in a relatively small window beginning in September 2014 continuing for a still-as-of-yet-uncertain period thereafter. Not sure if you have Superfish on your computer? Because Lenovo’s first two attempts to correct the issue were terrific acts of futility, I would first suggest diagnosing if you are at risk. To do that, there is a brilliantly elegant and simple diagnostic interface designed to automatically detects Superfish and other, similar threats. Simply go to the appropriately-named Badfish tool and the website will handle the rest. Spoiler Alert- you don’t want it to say, “yes.” If you do have the malware on your computer, you can check and the latest correction Lenovo has published, but I would advise returning to Badfish after rebooting after following their instructions to make sure that your computer is clean.


Aftermath- Show Your Work For Full Credit

How did Superfish actually contribute to Lenovo committing one of the (if not the most) egregious breach of consumer trust of the personal computing era? In a word, Komodia. Komodia is responsible for providing the fake certificate Superfish used in its programming that gave it access to the secure information that it should not have seen. Here’s where it gets a little scary, Komodia’s technology is easily compromised and has been utilized by what claims are 100s of clients including Fortune 500 companies for applications like parental control apps or anonymous search applications.


And if That Wasn’t Bad Enough

This means that, according to Marc Rogers, a security researcher for CloudFare, the same inherently dangerous, fundamentally flawed technology that was in Superfish exists in many more products. I am not sure if the Badfish page will detect threats for everyone who has any type of parental control software installed, or who has ever come into contact with a Komodia product, but it seems clear that anyone who has should begin checking for malware. Now.

Sorry to leave you with some sobering news this time, but it’s a jungle out there. Stay safe and remember to Protect ya Neck.

Protect ya Neck, The VirtualPBX Security Serial – Damage Control
February 9th, 2015

In this series of blogs we will examine all topics under the information security umbrella. From corporate blunders to rogue state attacks to the occasional celebrity hack, we believe there is something for businesses and individuals to learn from any cyber security event. We also believe that, while experience is the best teacher, sometimes it’s best to let other people make the mistakes for you.

Warning On Computer

Rehashing Hash

If you haven’t heard by now, Anthem Inc. was hacked last week and suffered a massive data breach. Very massive. In this latest high-profile security failure, 80 million people from the Anthem network had their social security numbers, dates of birth, and all other personal information needed to receive medical care compromised. It gets a little bit worse though.

Medical companies, it seems, aren’t required to encrypt their patients’ information. It does seem odd that with HIPA laws being so stringent as to protect the confidentiality of patients’ that this would be the case, but this series isn’t here to discuss policy, only protection. This means that all of the user information accessed was sitting in plain text documents, only a double click away from being copied, pasted, and sold to who knows where.

Because, unlike the victims of previous headline-grabbing security failures, Anthem isn’t a chronic offender, I’m going to spend less time talking about how they could have avoided this and more on what the affected consumers can do about it. One key factor to note is that this affects both current and former Anthem members, and as a former member of their network, I have a very personal interest in damage control, here.

What Anthem Members Should Do

I’m not in the business of telling people what to do, but these are all of the steps that I have either considered or taken myself in ensuring a safe exit from this situation. At the very least, make sure you are monitoring you accounts and carefully reading your statements each month.

  • Credit Hold- You can essentially freeze your credit at will whenever you want. This isn’t a viable solution for everyone who may be currently shopping for a car, home, or even applying for a job. I did, in fact, do this because it is the ultimate way to shut down any malicious attempts on identity theft. No matter what a criminal would want to do, even with every scrap of information on an individual, nothing can be completed if an institution sees there’s a freeze on a person’s credit. There are conflicting suggestions as to how long is prudent to keep a self-imposed freeze on, but suffice it to say, when there are 80 million options to use, thieves won’t spend a great deal of time on the ones that don’t immediately work.
  • Fraud Alerts & Credit Checks- These go hand-in-hand in my mind because sometimes something that looks legitimate on a credit report might not trigger a fraud alert. Both of these services are also typically available for little or no cost as part of an account at most financial institutions. Fraud alerts are great, but make sure if you plan to take a trip that you notify your financial partners or else your popsicle purchase in Bora Bora might result in your card shutting down. Also, if you don’t get credit reports included in your card or account membership, you can get a free credit check whenever you want, though I don’t recommend you do it more than every couple of months. Everything that goes into calculating a personal credit score is still as highly guarded as is the secret recipe for Coca Cola, but it is known that how frequently a credit check is run does affect it, with too frequently checking it being an adverse affect on credit.
  • Two Factor Authentication- Two factor authentication is an added layer of security used from any portal you access your information through. This means that in addition to logging-on to whatever site you need to use, there will then be a prompt to enter a separate, unique code that will be sent to you via another device, typically a cell phone or email. This means that someone would need to have your personal information plus your actual phone in order to access your accounts. Not all financial institutions offer two factor authentication but for those shopping for a new bank or credit provider, it could be a feature to include onto your wish list.
  • This One Should be Obvious- But lamentably, it isn’t. Don’t give your info to people who ask for it! There have already been a slew of phishing scams that cropped-up almost immediately following the news of the hack where scammers posed as Anthem asking for personal information from their network. What makes my head spin about this one is that the very first communication that went out to all Anthem members was that they were not, I repeat, NOT going to be sending any requests for information, confirmation, or anything. Whether it is for this or any Nigerian Prince or sweepstakes winnings that you just so happen to have forgotten about entering, don’t give away your information so easily.

There are other courses of action, too, should the problem escalate beyond normal measures. However, applying for a new social security number is reserved for people who have already been a victim of identity theft, can prove damages, and need to start fresh. Plus as a hedge against folks who may change their information in an attempt to dodge creditors, linking old and new social security numbers isn’t terribly difficult for credit companies to do, so often credit histories can follow new numbers either way.

If you’ve missed it in the past, there were a few good suggestions about proper password security in our previous blogs, and you can check them out here. Otherwise, just make sure to avoid complacency with your security. That’s typically a great start to any comprehensive cyber security initiative.

Good luck out there and protect ya neck.

How do SIP Trunking and VoIP Equal a Small Business Advantage?
January 27th, 2015

In the Palm of Your HandThe Answer is in the Cloud

Session Initiation Protocol (SIP) trunking is one of the essential technologies required to make Voice Over Internet Protocol (VoIP), virtual reproductions of the physical switches and routers of the telephone service from yesteryear, possible. The technology isn’t new, but lately it has been experiencing a dramatic increase in adoption.

Virtually all of the big, original telephone companies have been doing everything from changing their pricing models to beginning to invest in their own VoIP infrastructure as more of their customers are cutting the cables to switch to an online telephone option. When there is that much at stake for telecom companies who are scrambling to catch up, though, there is bound to be a lot of noise.

Thankfully, the folks over at Software Advice, the online software research and recommendation engine, took it upon themselves to conduct a little research on the topic but with the people who have the most to lose by falling victim to marketing smoke and mirrors; specifically the IT professionals who have to install and maintain these systems.

 

SMB’s Lead the Way
In Software Advice’s most recent study of over 200 companies on SIP trunking and VoIP, they noted that, among other key findings, small and medium businesses are outpacing their larger counterparts in adopting cloud-based telephone service. This is partly due to the relative affordability of virtual phone systems for enterprise, but also because more often than not, smaller companies tend to have less interference between IT and management, and often times they are one and the same.

“Organizations with knowledgeable IT decision-makers who guide purchasing decisions have adopted SIP trunking at a much higher rate than most enterprises.” Said Daniel Harris, Market Research Analyst at Software Advice and author of the study.

One thing to note with this in mind is that taking a look at the performance, simplicity, and affordability of a telephone system with direct input from the IT professionals who will service it, should be paramount.

 

Factors Considered by IT PurchasersSound quality remains important, but security has taken the top spot

Security On the Rise
Or rather, people’s concern over security is on the rise. Likely in part to many of the high-profile corporate security failures in the news lately, the security of information transmitted across virtual phone networks is of increasing importance to users. In fact, for the first time, security was cited at the number one contributing reason why an IT provider selected their service claiming the primary response for 23% of those surveyed.

Not surprisingly, though, Quality/Clarity of Service and Favorable Pricing continue to round out the top three responses. Predictably, though, pricing is actually on the decline in importance here, which could indicate a more common expectation that any VoIP option should be more affordable than a traditional, physical phone system.

 
 
 

Satisfaction GuaranteedSatisfaction abounds with modern SIP Trunking

Don’t Believe the Hype
One of the most misplaced concerns in the conversation of whether a company should switch to VoIP or not is over the quality of the sound sent and received thereon. As indicated above, it is still very much a concern, however, even though the staggering majority of users report little to no problems.

“When VoIP technology was emerging, audio quality issues were quite frequent. Moreover, users of “free” VoIP solutions such as Skype still experience audio quality issues at a significant rate,” continued Harris.

Fortunately, all of that seems to have changed for good. Over 90% of respondents were satisfied with their voice clarity with SIP trunking and VoIP. Furthermore, only one person reported even a, “minimal dissatisfaction,” with their call clarity.

 

Trending Upward
As more and more small businesses are getting stellar call quality that is secure and financially well within their means, larger firms are going to have to begin considering the same changes. It isn’t uncommon for the scrappy underdogs of the business world to be the leaders of change, and disruptive technologies like virtual telephone service are threats to both the larger telecom companies who charge more for physical wiring and switches and to larger enterprises that can afford to buy them.

By adopting technologies like VoIP that are nimble, reactive, and that positively impact the bottom line by easing operating margins, companies of any size can benefit handsomely. Have you given VoIP a try yet? If not, here are some resources for you to help determine if it is right for you: