Posted on May 23, 2017 by Dan Quick
In this series of blogs we examine all topics under the information security umbrella. From corporate blunders to rogue state attacks to the occasional celebrity hack, we believe there is something for businesses and individuals to learn from any cyber security event. We also believe that, while experience is the best teacher, it’s even better to let other people make the mistakes for you.
Wanna Cry Ransomware
By now you have probably heard about the Wanna Cry Ransomware attack that hit the world this month. If you haven’t, please make sure to remind me to put your personal email address into my SPAM filter. All kidding aside, this was a global-scale attack on mostly corporations that involved a “Trojan Horse” of sorts in the form of a Google Documents link sent from what initially may have appeared to be a known source. In a nutshell, thousands of businesses around the world found themselves behind the 8-ball on their security updates, and as a result, were unable to access their company’s files without either paying hackers a ransom or by relying on their protected, backed-up files. This poses a few big questions about how to prevent this right off the bat, but before we get into those, we need to make sure everyone is on the same page with some background into the story of Wanna Cry.
What Exactly is Ransomware? And Why Does it Make me Wanna Cry?
Ransomware is, as the name suggests, a nefarious bit of software written to withhold access to the target’s computer and or files thereon until a ransom is met or the files are all totally erased. This means that to be the target of a ransomware attack is to effectively be put in the position of having to either pay-up to hackers (typically though bitcoin or other cryptocurrencies), or to completely reboot your systems and strip them of all software and operating systems and rely on a complete back up to restore use to pre-attack levels. The specifics of the Wanna Cry Ransomware attack in particular are actually kind of interesting and a little humorous. Interesting in that this was a malware agent originally stolen from a government agency, and amusing in that, according to many security experts, this was a shoddily written bit of code and poorly executed attack. All of that may be fine and dandy for the movie rights that are inevitably going to be purchased by someone with more dollars than sense, but it still doesn’t help the literally tens of thousands of companies that were affected by Wanna Cry and don’t find this very entertaining at all. Which, of course, leads us to the protecting-of-your-neck portion of our program.
An Ounce of Prevention…
Is, as the saying goes, worth a pound of cure. For those of you still baffled by the imperial scale (why aren’t we on metric yet?), ounces are much lighter than pounds, thus suggesting that doing a little work up front will often save you way more time and energy on the back end. This is just as true for exercise as it is for cyber security. What is most baffling about this particular attack, however, is that it exploited a vulnerability in Microsoft users’ software that was identified and corrected in March of this year. That means that the perpetrators of the attack are equivalent to a burglar coming to your door with a police officer, the officer introducing you to the thief who had plans to rob your house, indicating exactly which open and unlocked window that thief intended to use, and then three months later you still got robbed thusly. Look, I don’t want the criminals to win, ever, but we have gone over how software updates work before. Seriously, we don’t want to finger wag you to death here, but preventing cyber attacks can sometimes be as simple as updating your software and operating systems. The point here is that the security patch was available long before the attack occurred, so if a business was regularly updating their software with security patches, then they would have been totally protected against this. Have I made my point? If not, just remember that if you choose not to update your software, just plan on either conducting regular system back-ups so you can erase and restore your network any time you get a virus or just plan on keeping a pretty big slush fund of cryptocurrency so you can pay to get your computers back whenever they fall under attack. All that being said, there’s one more added layer of security to consider that is failing to make it to the headlines about this attack that could save you a mountain of headaches moving forward.
In a nutshell, email authentication is a series of security measures that are taken to ensure that email addresses cannot be replicated, falsified, or cloned by malicious actors. If you recall, I mentioned that the Wanna Cry was sent from addresses that appeared to be from known addresses. This appearance of familiarity is one of the biggest risks of unauthenticated email. There are simple ways that most larger email clients provide to check the verification status of email, and for the most part, verifying email is also as simple as double checking the specific address of the sender. However, without an authenticated email service in place, when an employee gets an email from what appears to be the company CEO, they aren’t typically quick to scrutinize the veracity of the email in favor or responding to whatever request they have as quickly as possible. Many smaller businesses without dedicated IT staff are most vulnerable to malicious email from an unauthenticated source because the process of authenticating email has traditionally been complicated and cumbersome. However, more and more, email client providers are offering simple steps to email authentication. This added layer of security will likely prevent more phishing, Trojan Horse, and just general SPAM from getting into your company’s inboxes than anything else, so it’s worth the time and energy to get it going, soon.
Protect Ya Neck
Because, that’s the name of the game, right? You can scrutinize your inbound email all you want, but eventually even the most diligent of employees will miss something. Either because the sophistication of attacks varies or because your employees’ attention should, rightly, be on their work more than anything else, you can’t plan on simply catching all nefarious emails manually. That’s why, following these basic best practices will pay off huge dividends in the for of time and headaches saved-
- Update Your Software Regularly Which is, as we’ve discussed at great length, the first and often best line of defense to keep you systems running healthily and well into the future.
- Back Up Your System Regularly This is the essential way to hedge against any unknown attack. For whenever something does go awry with your cyber security, or even if you have another disaster at the office that damages your equipment, you can always restore your system provided you make regular back-ups of your data.
- Invest In Extra Authentication Methods Whether it be email authentication for your email server or dual-factor authentication for all of your critical log-ins, added authentication is just the extra layer of defense that most hackers find to be enough to move on to lower-hanging fruit.
Have your own best practices that you’d add to the list? Let us know on Twitter or Facebook. Either way, make sure to keep posted here and on those social channels for more security updates because, as we always say, it’s a jungle out there. Remember to protect ya neck.
Posted on May 16, 2017 by Dan Quick
Last week was the San Francisco Bay Area’s official Bike To Work Day, and as you may recall from past years, this bike to work fever is something we’ve caught in the past. In fact, we’ve even been keen to get the whole company involved with massive fundraising efforts through the Best Buddies Hearst Castle Bike Ride. The point is that we’re keen to stay active and healthy and considering that the weather here is generally pretty awesome, bike commuting is an easy way to accomplish that. All of this is to underscore the peculiarity of the fact that I didn’t participate in Bike to Work Day.
Bike to Work Requires Both Bikes, And Work
Truth be told, I ride around the city of San Francisco nearly every day, but on the one true cycling celebration of the year I didn’t have a need to. In spite of the BOGO Burrito deals, free donuts and coffee, and overall festival feel that an area as bike-friendly as this has for such an occasion, I was definitely not biking to work last week. That’s not because I’ve decided to stop participating in one of my favorite pastimes, but rather because VirtualPBX expects me to be an expert at working from home. We claim that expert status not only because we provide the best tools to implement a remote working policy, but also because we even regularly educate companies on how to make the most of them from a cultural perspective, too. And being that we like to practice what we preach, last Thursday was a work-from-home day for me. Therefore, while I have a bike, enjoy riding, and new about the energizer stations, I just didn’t have anywhere to go to get the job done on that day. Tough life, right?
National Bike to Work Day
In the event that you wanted to participate in your own Bike to Work Day, there’s good news! National Bike to Work Day is scheduled for this Friday, May 19, 2017. This means that you can share the routes, benefits, and free energizing goodies that are going to be available with your employees and coworkers. Don’t see your area listed? Sign up for the American Bike League’s Bike to Work Day Listings and receive all the tools you need to plan one for next year. Plus, planning ahead now allows for you to do all of the training you need to get comfortable with your own route to work in time for next year, too.
Other Ways to Fit In the Miles on a Workday
While I’m in full support of your efforts to participate in existing Bike to Work events or to introduce your own, that’s not the only way to work some fitness into your day. If you sign up for the latest in hosted VoIP telephone service and then couple it with the tips and tricks that we recommend for using them at work, then everyday can be made flexible enough to get in an activity when it suits you best. Be it riding or running, gym or acro-yoga, whatever you’re into you can get more out of your day by using a hosted phone system. So who knows? Maybe next year you can even get in some extra miles before work, not just because you’re riding to work, but because working from home saved you two hours of commute time!
Oh, and to be clear, even though I didn’t participate in bike to Work Day, I definitely still took advantage of the BOGO burrito specials. Obviously.
Posted on May 9, 2017 by Dan Quick
If you were paying attention last week, there was a small army of scientists, journalists, Olympic athletes, and even some comedian commentators on hand for a surprisingly spectator unfriendly sporting event in Italy. No, I’m not talking about the 100th Giro d’Italia cycling race, but rather Nike’s attempt to have a person break the 2-hour barrier for the marathon. The attempt was held at a Formula 1 race track near Milan and, though any effort there would not be eligible for a world record (due to the fact that it was a lap course, and not point-to-point), the simple fact that the attempt was made so earnestly should teach us all a thing or two about setting goals.
What was Your Last Moon Shot?
If you’re anything like me, it is probably taking too long to answer that. But why is it that we value grand ventures and achievements so much yet rarely can speak of our own efforts? Even the term, “moon shot,” is both synonymous with its namesake moon landing’s improbability as it is almost completely inapplicable to other such accomplishments. I’m happy to say that Nike had gotten fed up with that and wanted to do something about it. The rate of the marathon’s world record improvement had slowed to a near standstill over the past couple of decades. According to experts in fields ranging from biomechanics to statistics, projections for the current world record to be beaten have gotten further and further away. In fact, among the few scientists who thought the 2-hour barrier could be broken at all, even they predicted it wouldn’t be approached for another 80-100 years. Why then, in the face of such seemingly insurmountable odds, would a market leader like Nike stake its reputation by making such a public effort to do this? To quote the ill-fated climber, George Mallory, as to why he was so obsessed to climb Mt. Everest, “Because it’s there.”
If at First You Don’t Succeed
Mallory ended up not succeeding in his quest to summit Mt. Everest in spite of his resolve and disappeared on his third and final attempt, his body not to be found and retrieved for 75 years in 1999. What he accomplished in his time, though, was perhaps more profound than had he planted his flag atop the world’s highest peak. Mallory set in motion a series of events that would eventually lead to Sir Edmund Hillary’s successful summit of Everest, but his devil-may-care attitude also created a sense of adventure and endeavor which still lasts today. All of this is to point out that, unfortunately, Nike and their runner, Eliud Kipchoge, fell painfully short of their goal to break the 2-hour barrier. With a blisteringly fast 2:00:25, Nike’s focus on controlling every possible variable yielded an effort that is two and a half minutes faster than the world record of 2:02:57. So now what?
Try Try Again
You knew that was coming, right? In my opinion, the outcome of this effort can be viewed through two different lenses. First, you can look at this as a simple failure to reach a lofty goal and the result of the inevitability of failing at such a task. Or second, you can look at this as the fastest a human has ever run over 26.2 miles and the spark that could light a powder keg of human development and achievement. I choose the latter. As American Olympic medalist Shalane Flanagan said during the later stages of Kipchoge’s effort when it became clear he would fall above the 2-hour barrier, “Everyone has their own 2-hour barrier, and just because it’s never been done before, that’s no reason to try.” If you have some goose bumps right now, congratulations, you’ve got everything you need to go do great things.
Get Into Action
Let me start by saying, as a multiple marathon finisher myself, you probably shouldn’t just hop outside and try to tackle 26.2 miles off of zero weekly training miles. That would hurt, a lot. But what you can, and I dare say should do, though, is begin to change your thinking about what you believe to be impossible. Remember, when the 4-minute mile was finally broken after being the same type of albatross that the 2-hour marathon is currently, it took only days for it to be broken again and since then hundreds of times more. Once you’ve identified your own “2-hour barrier” it’s time to update your Follow Me Calling list, turn on your Auto Attendant, and get out there to break it! Nothing bad can come from trying to exceed your own expectations, so do yourself proud and find out how far you can go.
So what’s your moon shot? Let us know by sharing or tagging us on Twitter or Facebook as you attempt it. We’re happy to encourage you along the way, but will be even more proud of you for making a claim and going for it! Good luck!
Posted on May 2, 2017 by Charlie Galaviz
When somebody needs a ride to the airport, the first person they call is their trusted work-from-home friend. Remote workers are all too familiar with this type of request because their flexible work schedules attract them more than those of their office-dwelling peers. As flattering as it is to be relied upon, remote workers have deadlines to meet and small disruptions can lead to major losses in productivity. Is there no way to have the best of both worlds? We think there is! Here are three ways remote employees can manage these favor requests from friends and family while still staying productive at work.
Use a Time Scheduling App
Like any good friend, you want to help out as much as possible. Fortunately, there are many excellent time scheduling apps like ScheduleOnce that can be used for maintaining work-life balance. When utilizing a scheduling tool, friends and family can simply check your schedule and request time for favor requests when it’s convenient for both parties. In addition to managing your free time, scheduling tools add transparency, efficiency, and structure to your daily routine.
Set Distraction Boundaries
No matter where you are, it’s important to set healthy boundaries to ensure you’re doing your best work. When working remotely in close proximity to friends, family, or roommates, however, that becomes especially important. While they may be tempted to gossip or ask for your help moving something because you are nearby, it’s essential to communicate that your team is depending on you to be available and engaged, and any interruptions in your work schedule could impact your productivity.
Try a Cloud-Based Business Phone System
Occasionally all employees, remote or otherwise, will have to step away from the office for a few hours. When this happens, even when you’re not at your desk, the show must go on. When this happens, it’s best if you can bring the office with you while you’re gone putting out fires. With the Dash Business Phone System, you can place and receive calls from anywhere in the world without missing a beat. No matter what situation arises, inside or out of the office, you’ll have the peace of mind knowing that Dash will keep you connected to your team and customers.
Posted on April 25, 2017 by Dan Quick
When we first introduced our Dash Plans a little over a year ago, they were the most feature-rich and easy to use VoIP for business options around. Ever since then, we’ve not let off the gas one bit. Shortly thereafter, we introduced Dash Unlimited, we’ve received multiple awards from our peers acknowledging the impressive combination of form and function that Dash has, and we’ve kept on adding new features to the list per our this VirtualPBX Product Roadmap. With all of this being the norm, it should come as no surprise that we’ve recently just updated the current offerings to include three new Dash Options, but we just did, and they’re already gaining traction.
New Dash Options Fit For Any Business
One of the first reactions to hearing that your favorite VoIP plans for business are getting a facelift may be that you’re afraid of what you might be losing. In this instance, the only new Dash options that lose anything is in the price to get the cleanest and most capable VoIP for business platform around. To look at all the new plans and their benefits, we have a brief description of them below-
- Dash Basic For literally pennies on the dollar of what a traditional phone system would cost, and with far more features and capability than what other VoIP providers can offer, Dash Basic is the most affordable option for tighter budgets. Plus, by still being a Dash Plan, none of the reliability is spared because it is built on the same, robust and reliable platform that all of the Dash Plans benefit from.
- Dash Pro The most familiar to existing Dash offerings of the past, but with more flexibility on minutes and expandability. Specifically, an increased pool of minutes and local and toll-free numbers hallmark the biggest changes to Dash Pro. However, there are other changes to the affordability of this plan that we are confident will find more companies flocking to the clean and capable Dash Pro platform.
- Dash Unlimited Reminiscent of the Dash Unlimited Plans of yore, the new and improved Dash Unlimited takes what was working on this plan and boosts it into overdrive. We still add a huge lump of toll-free minutes, we’ve added up to 3 local or toll-free numbers already included, and done it all for even more value than we ever thought was possible, Dash Unlimited is going to be the backbone of many growing and enterprise businesses for years to come.
New Options For Pricing Flexibility
One more factor that is sure to contribute to the continued success of Dash Plans is the ability to customize the pricing to fit your budget. Not only is picking the right plan for you easier than ever, once you identify which one to go with, you can tailor the way you pay for it, too. Choosing from an annual agreement, monthly no-obligation agreement, or an annual agreement with a monthly payment allows companies to precisely target their phone budgets. Why is this so revolutionary? Honestly, we have no idea why it’s not more common in the industry, but it is. The reality is that our transparent and forthcoming pricing remains to be one of the most routinely appreciated aspects of shopping for VirtualPBX service that our customers mention.
Ready to Get Started?
We sure hope so! Go ahead and check out our new plans and let us know what you think about them. Or, you can contact us directly to skip the dilly-dallying, we’re happy to help you out either way. Also, make sure to follow us on Twitter and like us on Facebook because we’re always adding updates like these new Dash options and sharing info on other, helpful business tips and topics.