Firewalls: The Unsung Heroes Network Security

Shield Firewall protection hacker illustration

The term firewall is not a new one, and it’s not as old of a term as you might think. Before it became commonplace in the computing environment, it was first introduced to the world in 1983 when it was used in a movie titled WarGames. Nowadays, it is used mostly in regard to network security. Let’s take a look at what a firewall does and what the different types of firewalls do.

First, What Does a Firewall Do?

A firewall’s name comes from the structures built into connected homes and multi-family residences that protect individual units from fires. A residential firewall keeps a fire from spreading, while a computing firewall monitors your network traffic for unauthorized connections. A properly configured firewall is a critical part of any cybersecurity strategy.

Firewall Varieties

There are many different types of firewalls out there. Here are just a few examples:

Virtual Firewall

A virtual firewall is hosted in the cloud. It protects an environment that is hosted in the cloud or within a virtual machine. You can customize your virtual firewall to suit your specific needs, be it for a specific application or to protect an entire cloud environment.

Stateful Inspection Firewall

Most modern infrastructures include this version of a firewall. It performs a function called dynamic packet filtering, a process that involves all traffic passing through a firewall being analyzed to ensure it is in the correct state, i.e. not infected by threats or otherwise.

Unified Threat Management Firewall

In addition to the aforementioned benefits, a UTM firewall also includes antivirus software. UTMs are designed to be a jack-of-all-trades-master-of-none solution. They work for many smaller businesses as a part of their network infrastructure to keep users and data protected.

Is a Firewall a Requirement for Your Business’ Cybersecurity?

In short, yes, although it should be mentioned that true cybersecurity includes much more than just a simple firewall. A firewall is only one piece of your cybersecurity strategy, so you will need even more safeguards put into place to keep your company as secure as possible from threats.

AE Technology Group can equip your business with the best security tools out there. To learn more, reach out to us at (516) 536-5006.

What Does it Mean To Go Passwordless? Just Ask Microsoft

Finger Print Biometric Scanning Identification System

Passwords have long been a staple against security threats, but the password could soon be a thing of the past. Microsoft is advancing toward this new concept, but what does it mean for your business?

Let’s look and see what going “passwordless” can mean for an account’s security.

How Does Passwordless Even Work?

Passwords were the standard for quite some time, but compared to other security measures, they are less secure against threats than you might think. A complex password may have once been enough, but this is no longer the case. Password-cracking software and the massive increase in computing power means that hackers can discover passwords in no time, and weaker authentication methods are inferior compared to other available options. Add in the fact that most users have no clue how to make a secure password, and you have a recipe for disaster.

Multi-factor authentication is one of the best ways you can secure an account. Instead of using one only key to unlock your account, you use multiple factors to open it. For example, you might use a biometric like a face, fingerprint, or iris scan, or even a secondary authentication code sent to your mobile device.

As for your Microsoft account, Microsoft is thinking about ditching the password in its entirety, giving users the option to sign in using the Microsoft Authenticator application, Windows Hello, or codes sent to your email or smartphone. Here are the steps to go passwordless for your Microsoft account:

  • Download the Microsoft Authenticator application on your smart device
  • Link your application to your account
  • Go to accounts.microsoft.com and look for the Security tab
  • Under Additional Security, turn on Passwordless Account
  • Follow the prompts displayed, and you should be good to go!

The fact that you can go passwordless for your Microsoft account is all well and good, but whether you should or not will likely be up to personal preference. As for your business, we want to emphasize that you should move toward multi-factor authentication wherever you possibly can. It’s that much more difficult for a hacker to crack an account.

AE Technology Group wants to help your company implement multi-factor authentication and work toward greater network security. To learn more, reach out to us at (516) 536-5006.

4 Steps to Make Cybersecurity Training Effective

Lecture and cybersecurity training in business office for white collar colleagues

Real cybersecurity preparedness is, like most things in a business, a team effort. Everyone needs to be aware of the best practices involved in cybersecurity. Naturally, this will involve training. In the interest of making sure this training is as effective as it needs to be, we’ve assembled a few best practices to keep in mind as you design a curriculum.

The Purpose of Cybersecurity Training: Awareness

That’s the really important benefit that any training needs to emphasize, but particularly any efforts you make to educate your team about cyber threats and dealing with them. They need to understand how prevalent threats really are, and how often small businesses are actually targeted (it’s often, by the way).

Of course, you want this training to be as effective as possible, so there are certain steps that you should take.

How to Effectively Train Your Team Members

Understand Where Your Employees Stand

In order to train your team members properly, you need to have an understanding of what they do, and critically what they don’t know about cybersecurity at the present. Are they aware of the risks that they face and how to spot them, and—most crucially—do they give these risks as much attention and respect as they should? You need to establish all of these benchmarks and see to it that they appreciate the severity of the risk.

Adjust Your Cybersecurity Training to Their Needs

Once you’re familiar with your team’s training requirements, you can better shape the training they undergo to better fit their existing strengths and shortcomings. Customizing the training that each of your team members receives is crucial as each of them will have a different perspective… and different weaknesses as a result. A one-size-fits-all approach simply won’t be effective amongst a team’s members.

Don’t Rely on Scaring Them

Likewise, while an approach based on fear can be effective in some situations, teaching your team about IT best practices is not one of them. While fear can occasionally help prevent a mistake from happening, it can just as (if not more) often lead to an employee trying to cover up a mistake and exposing your business to greater issues as a result. Try inspiring them by appealing to their confidence, reassuring them that they can be successful in their cybersecurity.

Train, Measure, and Repeat

Now, we reach the final part: measuring the impact that your training has had and running it again, trying to make it that much more effective each time. This will take some time, particularly as you account for different learning styles that your various employees will almost assuredly have. Once you’ve trained them up on the security precautions and processes that you expect them to follow, test them. By evaluating their preparedness on a semi-regular basis (so as not to become predictable), you will be able to more accurately identify where work needs to be done, and by whom.

We Can Assist You in Your Cybersecurity Training

Turn to AE Technology Group and our team of experts to improve—amongst other things—your team’s cybersecurity training. To enquire about this or any other of our managed IT services, give us a call at (516) 536-5006.

Will Google Revolutionize Online Privacy?

A woman's hand is touching screen on tablet computer iPad pro at night for searching on Google search engine. Google is popular Internet search engine

Your online privacy matters, even if you don’t think you have anything to hide. Over the last few years, this has become more and more evident as we watch tech giants profit off of understanding the people who use their services. Facebook, Amazon, and Google are among them. Google in particular has made some recent policy changes that are worth understanding.

Google isn’t a Search Engine, They are an Ad Platform

We all know and use Google as a search engine every single day. A majority of us use their Android smartphones, surf the web with the Chrome browser, use their Gmail email service, watch television through a Google Chromecast, and a whole lot more. Fundamentally, however, Google makes their money by serving relevant ads to people who do Google searches.

Whenever you are on the Internet, you are being watched. Not by human beings necessarily, but by the constantly learning and changing algorithms that power Google and many other similar entities.

It’s how services like Google can get so good at giving you the answers you are looking for. For example, if you search for “chinese takeout near me” Google will give you results based on your location. It collates those results based on reviews and tons of other metrics to try to give you the best possible experience.

Google custom tailors all of its search results for you like that. Gather a few of your colleagues and have them search for hot-button issues and compare results. Google is more likely to deliver content that it thinks is relevant to you and your search behavior. Some of that content might be ads that individuals and companies purchase and pay money for, hence how Google has become such an affluent global enterprise.

What’s New for Google Involving Your Online Privacy

Google plans on dropping some of the methods it uses to track an individual’s online behavior across the web. This is actually pretty surprising, considering that they built their entire business around that sort of thing. For the record, Google has been, for the most part, pretty trustworthy about how they use this type of data, especially compared with how some other entities (we’re looking at you, Facebook) have done some pretty shady stuff with this wealth of information.

Google isn’t eliminating their data-gathering altogether, but they are shifting away from using cookies. Cookies are tiny files that your web browser stores that track your online activity. They are meant to be helpful, mostly. They make it so your browser can remember where you are logged in, they help your website track the number of hits it receives, and a lot more. Most cookies are pretty benign, and often they make your online experience better.

Instead of using cookies, Google is going to start watching trends amongst groups of similar users, as opposed to building individual profiles of each individual user. This builds a sort of “privacy sandbox” that lets a user be a little more anonymous, but should still deliver a good experience overall online. It sounds good on paper, but there has been some scrutiny.

For instance, if a user signs into a website with their Google account, that information is still passed over, and the entity that controls the website (or their partners) can glean any information about your time on that site. The UK, which is often first in line to question privacy issues online, are currently investigating these new tools to find any anticompetitive features.

It’s probably a good step in the right direction for Google, as the world becomes increasingly conscious about how an individual’s data is used, and how other entities can use this information for their advantage.

In general, we have faith that Google has the best intentions, but it’s still up to each of us as people to be careful about what we do and post online. It’s important to stay safe and vigilant, and to take the time to understand what online entities can learn about you.

What are your thoughts? Do you like how convenient websites and search engines can be when they know who you are, or would you rather give up that convenience for more online privacy? Leave your thoughts in the comments section below and be sure to contact us if you have any questions!

iPhone Update: COVID-19 Face Mask Detection and Contact Tracing

iphone update covid 19 face mask detection and contact tracing

Major tech companies are always on the lookout for ways to add new features to their products and/or services. In its recent 13.5 OS release for iPhone and iPad products, Apple incorporated a new feature designed to help users with contact tracing in the event they contract COVID-19.  In this article, we will outline how the new face mask detection and contact tracing feature works, and how to enable or disable it.

Contact Tracing with Apple

The new contact tracing features actually uses Bluetooth data sharing rather than GPS location. When the feature is enabled, Apple securely shares a random ID associated with a user’s device with the devices of nearby users, as well as collecting their IDs. After a period of 14 days, which is considered the maximum incubation period for COVID-19, any IDs collected on devices will be deleted. If an iPhone or iPad user does contract the virus, health officials now have a way to trace individuals they may have come in contact with. In addition, if the infected individual chooses to, they can anonymously share their diagnosis with those in which they came into contact. Notified individuals can then contact their own health care provider for further instructions on what to do about their exposure to the virus.

To enable the feature, one must be using the recently released 13.5 version of Apple’s operating system. To find the new feature, follow these instructions:

  1. Open the “Settings” app.
  2. Tap on “Privacy.”
  3. Under Privacy, tap on “Health”.
  4. Under Health, tap on “COVID-19 Exposure Notifications”.

The COVID-19 Exposure Notifications can be toggled on or off (enabled or disabled) in the same manner as all of Apple’s other Settings features.

Changes With Face ID

With the advent of COVID-19, many individuals are choosing to wear a mask to cover their mouth and nose to help prevent the spread of the virus. In many areas of the country, individuals are actually required to wear some type of facial covering when out in public. This presents a challenge to Apple’s Face ID feature since partially covering one’s face will make it more challenging for Face ID to recognize a user. To combat this, Apple revamped their Face ID feature to immediately prompt the user for their PIN if it fails to recognize the user’s face, rather than forcing the user to jump through multiple hoops before eventually allowing the user to enter their PIN. 

Some Caveats

In order for Apple’s new feature to fully function, users must also locate and download an app from a health authority that can actually make use of the feature. The availability of such an app, along with support of health authorities can vary depending upon which countries and states the user resides in or travels through. The health support may vary as the virus travels throughout various regions, although in general, it is likely that major metropolitan areas will have more timely access to the feature rather than areas with low population levels.

Privacy Concerns

It’s normal to have concerns about privacy when tech companies handle information, especially personal information that relates to one’s health. In their collaboration efforts with Google to help prevent the spread of the virus, Apple has taken several measures to address privacy concerns. The random IDs used to share between devices change every 10-20 minutes to help increase security. Both Google and Apple have pledged not to collect COVID-19 related data and they will not share it with any government entity, nor will they monetize any process associated with the transfer of the data. Any data collected will only be shared through apps associated with the proper health authorities. To address all privacy concerns, Apple and Google have created a FAQ page to answer any questions users may have. 

If you would like further information about Apple’s recent changes that include a COVID-19 contact tracing feature, please contact us.