SpireTech Company News and Tips
If you are a business owner, then you will likely have heard the phrase “IT budget” before. It’s not as simple as just having a chunk of money to spend on your IT needs – there are many variables at play when it comes to this important part of running a successful business. In this blog post, we’ll discuss how to make the most of your IT budget and get the maximum return for your company!
The most important thing to remember is that a successful IT budget needs planning in order to be effective. If you are not sure how much money to put towards IT, talk to your IT provider for advice. They will be able to provide an estimate on what the overall costs of running a business’ technology would likely be over time – and can advise on where they think it is best spent in order to get the most benefit out of your technology. Read more...
We all had a few chuckles around here when we learned the reasons for the Facebook outage on Monday.
Datacenters use something called BGP (Border Gateway Protocol), a way for routers on the internet to learn the fastest path for traffic to take, learn when a circuit may be down, and re-route traffic as needed. We run BGP in our datacenter, and it’s pretty important.
What someone at Facebook did was the equivalent of cutting themselves off at the knees… They deleted the advertised BGP information, and with no way for traffic to reach Facebook, essentially everything was down. Hilarious, at least to the IT crowd, because we understand what they are going to have to go through to fix it.
Facebook’s VP of Infrastructure blogged about this here, and said in part: “it was not possible to access our data centers through our normal means because their networks were down… we sent engineers onsite to the data centers to have them debug the issue and restart the systems. Read more...
This week, Microsoft announced the availability of Windows 11. While it offers some interesting new features, we recommend you wait a bit to let us sort out the bugs first. Our initial testing has revealed a few annoyances that you might want to be aware of before upgrading.
Right now, we can confirm the following:
- We will not be upgrading clients to Windows 11 via our normal system maintenance processes.
- Even though Microsoft may offer it to you via Windows Update, we do not recommend our clients upgrade at this time because it is too new.
- Windows 11 is an upgrade, not an update – and although Microsoft offers the software for free to qualified systems, we reserve the right to charge for work related to these upgrades.
- Microsoft will be staging the rollout, and if their data indicates there may be issues with your hardware, it will not be offered to you.
This month, a proof-of-concept (PoC) was sold on a hacker forum, suggesting that cybercriminals may be moving to a new level of sophistication in their assaults. By embedding malware inside video cards from AMD and NVIDIA, the criminals are able to better hide and stay under cyber security radars. The most recent proof-of-concept (POC) does not persist beyond a reboot, because it is not permanently installed in firmware – but other POC’s have demonstrated the ability to infect firmware.
There is nothing we can do at the moment to detect this type of malware. The only thing we can do is educate: Be careful what you click on and download. Avoid pop-ups and suspicious links: Cybercriminals can use malicious advertisements or fake online videos to lure you into clicking on them, which may lead to a phishing scam. Only click on links from trusted sources. If it’s not clear where the link leads, do some research before following it.
Today, the US Cybersecurity and Infrastructure Security Agency (CISA) announced that it has added single-factor authentication (SFA) to a rather short list of cybersecurity bad practices it recommends against.
The CISA’s “Bad Practices” list includes procedures that the federal government has deemed “extremely dangerous” and that should not be used by organizations in the public and private sectors, since they expose them to an unnecessary risk of their systems being hacked by threat actors.
Since the list was released in September 2017, it has been updated twice to include new practices that should be avoided at all costs.
In its latest update, CISA additionally added SFA to a list that includes bad practices such as using only one factor for authentication when authenticating into cloud or web applications; reusing passwords across multiple accounts (e.g. using the same password for a corporate and a personal email account); or exposing public folders to everyone with access to an organization’s IT resources. Read more...
This article is about the use of AI in content creation. The previous two articles (The latest Threat to your Computer, CISA: Don’t use single-factor auth) were written with the assistance of artificial intelligence, and this one will be as well. Artificial intelligence can help to increase your blog post production by generating more content for you at a faster rate than you could do it alone.
The Jarvis AI first scans the title and description and determines the main point, summarizing it in a few sentences before using those to write its own post. It also inserts relevant keywords and synonyms throughout to improve SEO. The system is built on top of Google Cloud Natural Language API, but the team did not provide much detail how it works exactly.
Microsoft is using AI in its products as well. For example, Microsoft 365 uses AI to provide a more personalized experience for its users. PowerPoint uses Read more...
Some of our employees just returned from a training session in Denver, CO – the first time we’ve attended such an event in person since Early 2020. Most of the discussion revolved around security and the persistent threat of ransomware.
We heard first-hand experiences from others that have been the victim of ransomware attacks. Ransomware is devastating to any business, and is certainly top of mind for us. While our basic managed services package includes Sophos Intercept X, which does well at stopping ransomware, we need to do more. Behind the scenes, we’ve been taking actions to increase our security posture and better protect our clients. In the coming months, we’ll be introducing additional security services to help keep our clients safe and secure – while at the same time increasing our readiness in case of an incident.
IT security is becoming more of an issue for insurance coverage, renewals, and large clients of our clients. Read more...
Microsoft has been working on this for a while, and now it’s generally available. Basically, it’s your desktop in the cloud. Instead of VPN’ing into work, or using remote desktop to control a computer at your office, you can access these resources hosted in Microsoft’s datacenters. This may simplify things for companies moving to a permanent virtual workplace, getting rid of offices, and still using legacy software or systems.
We suspect most of our clients will need the Enterprise version, and adopting this technology will require re-architecting and rethinking some of our legacy ways of computing. Of course, none of this is needed if you are already using cloud-based software or file storage such as Microsoft 365 and SharePoint – but if you have multi-user accounting systems that are on-premise, CAD systems using files off of a server, or other legacy systems – and want to move to a cloud model – this technology can simplify that transition.
Pricing depends on performance requirements – it starts around $50/mo per user for a mid-level system plus implementation and management costs. Read more...
On June 24th, Microsoft announced Windows 11, it’s evolution of the Microsoft Windows operating system. While hard to believe, Windows 10 was released almost 6 years ago, on July 29th, 2015. Microsoft hasn’t officially announced a release date, other than stating it will be “coming later this year”.
A new version of Windows?! What does this mean for me?
Windows 11 comes with a new design, new features, and new capabilities described on Microsoft’s website here.
But, if you’re happy with Windows 10, or your system does not meet the expected requirements to upgrade (which we’ll get into below), that’s fine for now: although subject to change, Microsoft has stated they will continue supporting Windows 10 until October 14th, 2025.
If you’d like to upgrade when Windows 11 becomes available, read on:
Alright, what are the requirements?
Microsoft has stated that this will be a free upgrade for all users running Windows 10, and the free upgrade will upgrade them to same edition of Windows 11. Read more...
Although SpireTech uses Kaseya software for systems management, neither SpireTech or our customers were victims of the latest headline news breach. Our response, analysis of the hack, explanation of why we were not affected, and plans moving forward are below.
Kaseya makes software for IT systems management. It is used by enterprises and managed service providers alike to streamline technician effectiveness, enabling a few technicians to manage thousands of systems at scale, including patch management, health monitoring, and providing helpdesk services. Kaseya, based in Miami Florida, is one of the largest vendors of this type of software. SpireTech has been using Kaseya software for over ten years.
We sent the following notification to VIPsupport client key contacts on Friday afternoon:
On Friday 7/2/21 at 12:48pm PT we were notified by our Remote Monitoring & Management vendor, Kaseya, of an active security incident involving their software being used to deploy ransomware, and advising us to shutdown our management server until security experts can determine the cause.
We have shutdown our server under the presumption this will protect us (and you), and are actively monitoring our Sophos Intercept-X software for indicators of compromise – and at this point, there are none.