Tesla’s Cloud Systems Hacked

Standard

Tesla Logo 2One of the most upstart and well known tech companies of late is Tesla.  Everyone knows their name and their vehicles and battery systems have been very well received by the market.

Tesla not only produces technically advanced products, they heavily leverage technology to do so.  News emerged this week that security researchers have discovered that Tesla’s Cloud platform has been exploited by hackers to mine crtypocurrencies.  This took place within Tesla’s infrastructure hosted on Amazon Web Services (AWS).  The hack appears to have been done to leverage Tesla’s resources in AWS for other purposes.  However, there is a concern that some vehicle data was exposed as a result.

To Tesla’s credit, they responded very quickly and issued the following response to technology news site ZDNet:

“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”

Good for Tesla for addressing this so quickly and tranparently.  They have done a great job of owning the issue and responding appropriately.  A good lesson for others to follow.

Olympic Technology is Going for Gold

Standard

This post was originally published in today’s Foster’s and Seacoast Sunday.

The Olympics taking place in PyeongChang is a spectacle of technology that is giving us a glimpse into our future. With technological powerhouses like Samsung being one of South Korea’s most well known exports, it’s no wonder technology is taking center stage.

Intel Olympics Drone TechnologyThis awesome display of technology is not without its pitfalls. On the first day of this year’s Olympics, hackers took center stage, breaking into some Olympic technology and causing the office website of the 2018 Winter Games to be taken down overnight. As of now, there does not appear to have been any serious breach, but investigators are still at work and we may not know what has really happened during the Olympic Games until well after the Olympic torch has been extinguished in PyeongChang.

One of the massive challenges for technology at an event like the Olympics is security. It’s even more of a challenge due to the nature of the event. A temporary sporting event that brings the attention of the world on a small part of the host country for a short window of time. Talk about a target of opportunity.

Olympic Games are put on by local organizing committees under the auspices of the International Olympic Committee, the IOC. Technology contracts are awarded to multiple companies by the local organizing committee and are often decentralized, meaning each vendor chosen must secure their own networks. This brings multiple players to the table and multiple vulnerabilities. Intel, Samsung, Visa, Atos, Korea Telecom, Comcast, NBC and more all have extensive technology infrastructures in place at the Olympics. Even clothier Ralph Lauren has introduced technology to Team USA’s uniforms for this year’s Winter Olympics. The jackets Team USA will be wearing include active heating technology to keep the athlete’s warm.

Multiple organizations and government agencies have warned attendees to steer clear of public WiFi and be on alert for all manner of cyber scams. Some have gone so far as to recommend turning off WiFi and Bluetooth while at the Games, to avoid what are known as drive-by attacks, where a hacker may theoretically access your device to steal information and use it as part of a larger attack.

There will be plenty of technological marvels on display, from Intel’s amazing drone light shows to Samsung’s robots. A robot even carried the Olympic Torch for part of the relay leading up to the lighting of the Olympic Flame during the opening ceremonies one week ago. Technology will also be available to the athletes to help them tune their performance and maximize their experience. Suits with smart sensors will provide a level of athletic performance feedback not previously seen. It will be interesting to see if any competitors make changes based on this new information that will be available.

Another first for these Olympics is that all of the technology systems running and broadcasting the games will be Cloud based. You won’t find the temporary data centers that powered past games. This year, critical systems will all be physically away from the games in Cloud data centers. There are some fifty critical applications behind this year’s Olympic experience, all out in the Cloud.

Even with this reliance on the Cloud, there will still be well over three thousand IT workers on the ground in PyeongChang supporting the games. Whether things are based in the Cloud or not, you still need an on-site IT infrastructure to enable everything from accurately capturing race times to broadcasting the events live online and to television viewers worldwide.

For spectators who are in PyeongChang, Intel is providing virtual reality experiences from the athlete’s point of view. Imagine putting on a virtual reality headset and finding yourself hurtling down a slalom course at 70 to 80 mph. You can if you want to.

I mentioned Visa earlier as one of the technology companies on display at the Olympics. Yes, Visa is a financial services company, mostly known for issuing debit and credit cards. In PyeongChang, Visa is showcasing payment technologies of the future. There are contactless payment terminals throughout the venues. Visa provided special rings to the athletes that have embedded payment technology, allowing an athlete to simply wave their hand over a payment terminal to pay for something. Visa even has smart gloves in use so that when you are outside, you won’t have to take your gloves off to pay for something. Just place your hand near a payment terminal and make your payment.

The Olympics are always a great event, showcases known and unknown athletes and great stories of triumph and defeat. Technology is giving us a glimpse into the future as well this year, except the future is now.

IT Themes for 2018 from CompTIA

Standard

The following press release was issued by CompTIA today.  I’m very pleased to have been quoted in the section on “From product sales to service subscriptions.”

logo-small_jpeg

 CompTIA Board of Directors Identifies Six Tech Themes to Watch in 2018

 Downers Grove, Ill., December 21, 2017 – Artificial intelligence (AI) will stake out a larger role; a greater emphasis will be placed on the user experience with technology; and protecting personal data and information will become more critical in 2018, according to the board of directors of CompTIA, the leading technology industry association.

The new year will also see technology companies focused on new government regulations and requirements, led by the European Union’s General Data Protection Regulation (GDPR); evolving their business models to rely more on the sale of “as a service” subscriptions; and taking new actions to combat cyber threats.

The CompTIA directors at a board meeting earlier this month spent time trading ideas and debating the impact of nearly 20 trends likely to impact the technology industry in 2018. Six themes rose to the top of the consensus list of technology trends to watch.

Artificial intelligence (AI) expands its presence – A recent CompTIA survey found that one in four companies make regular use of AI in areas such as machine learning, virtual assistants, workflow tools, and in the automation of processes and tasks. Another 19 percent of organizations expect to adopt AI in the next year.

More focus on optimizing the customer experience – Options for acquiring technology have expanded, driving providers to find new ways to maintain relationships with current customers and acquire new clients. Optimizing customer experiences with technology is a crucial step in maintaining and building relationships; but it requires a thorough understanding of both user expectations and business objectives.

“The emergence of technologies that enhance the customer experience will be an important tech theme for companies wanting to stay ahead of the competition in 2018,” said Dan Shapero, founder, ClikCloud Digital Marketing. “Companies using artificial intelligence, chat, call center and mobile web to enrich customer experience will reap the benefit of increased customer loyalty, greater efficiency and higher margins in the foreseeable future.”

Protecting personal privacy – The security and personal privacy challenges associated with how consumer information is collected, used, analyzed, and shared will grow in importance as millions of new interconnected devices come online through the expansion of the Internet of Things, smart cities, autonomous vehicles, and other innovations.

Government requirements and regulations – The pace of innovation greatly exceeds the speed at which governments can adopt, alter, expand or eliminate policies and regulations. This can create inherent tensions between technologies entering the market – often at the demand of customers – and governments’ ability to regulate. In 2018 one of the biggest regulatory issues technology companies will face is the General Data Protection Regulation (GDPR), the new primary law that will regulate how companies protect European Union citizens’ personal data.

“Government regulation becomes more stringent when it feels the need to do a better job of protecting people than it deems the industry it’s regulating is doing,” said Tracy Pound, managing director, Maximity. “The GDPR is intended to provide consistent enforcement of data protection rules that increase an individuals’ rights to control data held about them; and to ensure that companies holding data can demonstrate accountability for that data and have good governance processes in place. It applies to any company that processes, stores or transmits personal data belonging to EU residents. It will still apply to the UK post Brexit, making it a global issue rather than a European one.

“With industry surveys stating that less than 10 percent of companies are prepared for the GDPR, this is a significant opportunity for tech companies to reinforce being a true trusted business advisor by providing insights and services that help clients navigate the new regulation in order to help them minimize the risk of data breaches and to demonstrate compliance,” Pound continued. “With maximum fines of 4 percent of global turnover or €20 million, tech companies and their clients need to wake up to the volume of preparatory work in documenting systems, educating staff, bringing policies and procedures for processing data up to date and making changes to be ready for the deadline of 25th May 2018. Expecting this to go away and to do nothing is a game of Russian Roulette.”

From product sales to service subscriptions – The “everything-as-a-service” model is not a new phenomenon. But the subscription service model continues to evolve as businesses expand their reliance on the technology ecosystem. In this fast-changing market many companies – traditional technology firms and new market entrants alike – are striving to carve out their niche.

“As the ‘as-a-service’ model of technology acquisition continues to mature, traditional resellers are facing significant changes to their established business models,” said MJ Shoer, director, client engagement, and virtual CIO, Onepath. “While there will always be a need to make capital acquisitions of technology, subscription models are now the norm and some traditional customers are now procuring their technology from multiple sources. This requires that technology solution providers drive value by helping our customers understand and leverage this evolving market trend. We also need to help our customers leverage technology to improve their workflows and business processes to gain a competitive edge.

“Technology solution providers also need to adapt to the changing security landscape,” Shoer added. “While many traditional MSPs are building security practices within their existing business structure, this leads to concerns about the fox watching the hen house. How technology solution providers bring security services to their customers while ensuring the integrity of those services will be paramount to providing the type of services most customers will require, especially with increasing government regulation like GDPR and others.”

Cyber readiness – Video gaming communities, hotels, fast-food restaurants, retailers, healthcare providers, educational institutions, government agencies, and business services providers were just some of the victims of cyber-attacks and data breaches in 2017. Despite improvements on many fronts, threats show no signs of abating. In fact, evidence suggests that things will get worse before they get better, with the attacks growing in both frequency and virulence.

“Going into the new year we expect cybercriminals to stick with the malware that makes them the most money: ransomware,” said Scott Barlow, vice president, Global MSP, Sophos. “In fact, according to recent research by Sophos, 2018 could potentially bring the explosion of Ransomware-as-a-Service (RaaS). These hacking kits, designed to make cybercrime accessible to anyone regardless of skill, will drive global ransomware levels through the roof.”

As the leading trade association for the technology industry association CompTIA provides a vast selection of education and training materials, research and market intelligence, webinars and conferences, business best practices, member communities and advisory councils, and more on a wide range of technology topics. Visit www.comptia.org to learn more.

CompTIA: Building the Foundation for Technology’s Future

The Computing Technology Industry Association (CompTIA) is the world’s leading technology association, with approximately 2,000 member companies, 3,000 academic and training partners, over 100,000 registered users and more than two million IT certifications issued. CompTIA’s unparalleled range of programs foster workforce skills development and generate critical knowledge and insight – building the foundation for technology’s future. Visit CompTIA online, Facebook, LinkedIn and Twitter to learn more.

Contact:

Steven Ostrowski
CompTIA
sostrowski@comptia.org­
630-678-8468

Happy Thanksgiving! Shop Safely This Season

Standard

It’s here.  The Black Friday deals have already kicked off and the Turkey coma is still in full swing.  Most retailers opened their doors at 6 PM Thanksgiving Day to kick off their Black Friday deal.  Small Business Saturday and Cyber Monday are right around the corner.  The next four days are the most active shopping days of the year.  Unfortunately, they are also prime targets for cyber criminals, so be sure you stay safe this holiday shopping season.

I’m sure you have been inundated with Black Friday and Cyber Monday emails offering all sorts of deals.  While most will be legitimate, you have the stay on the lookout for those that are not.  My recommendation is not to click through on any links in these emails.  Instead, open your web browser and type in the address yourself and go directly to the web site and search for the deal.  You don’t want to fall prey to a hacker who impersonates a known seller and tricks you into visiting a fake site that looks like the real thing.

safely_onlineOne Small Business Saturday, take note if the retailer you visit makes you use your chip, instead of swiping your credit card.  The chip system has been in place long enough now, that there is no excuse for anyone to not require you use the chip.  The chip is more secure as your credit card information and every transaction are encrypted and significantly harder to hack than when you swipe.  If you see a retailer who still makes you swipe, you should not think twice about telling them you are not comfortable with their security and may have to shop elsewhere if they don’t implement chip technology.  There are several warning circulating from consumer advocacy groups to law enforcement, warning about vulnerabilities to point of sale terminals that are not using chip technology.  Don’t let a lazy retailer put your safety at risk.

Also don’t forget about Apple Pay, Samsung Pay and similar payment methods that you can securely use with your smartphone.  Using these payment methods will always be more secure than using your card, so when available, use them.

On Cyber Monday, just like Black Friday, go right to the site and don’t click through on ads you see on other web sites or links in email offers that you receive.  While it may be a bit less convenient to type in the site URL and then navigate the site to find the deal you are looking for, it’s a simple and effective step to help protect your online shopping activity.

Once you’ve made your purchase, be mindful of the many shipping confirmation messages you may receive and be mindful of what you have experienced in the past compared to what you may receive in your email inbox now.  Fake shipping confirmation messages are a favorite of hackers to trick you in to entering some personal information in to a fake online form or tricking you to open an attachment which may then infect your computer without you knowing it.  Once infected, a hacker could capture everything from access to your bank to passwords to all of your online accounts.  Again my recommendation is to go directly to the web site where you made your purchase and look up your order and check the shipping information from there.

Another good practice for online shopping is to use a service like PayPal, Visa Checkout or other secure online payment service.  This adds a layer of protection to your shopping to protect your payment information, which is the crown jewel of what most hackers want to steal.  As always, keep a close watch on your credit card and bank statements.  Picking up an unauthorized charge is always a sure way to know a hacker has stolen your identity or payment information.  If your bank or credit card company offers it, setup alerts for any charge or withdrawal, so you get real-time awareness to what may be happening with your accounts.

Enjoy the holiday shopping season and Happy Thanksgiving!  I’m thankful for you subscribing to my blog for updates.

black-friday.jpg

Technology Lessons from Hurricane Harvey

Standard

The following was published in today’s Foster’s and Seacoast Sunday.

The devastation to Texas and Louisiana from Hurricane Harvey is truly heartbreaking. The news reports continue to tell a story that is unfolding moment by moment. I have colleagues, family and friends in harm’s way and I am so grateful to know that they are all safe.

My cousin, Jonathan Siger is a rabbi in the Houston area and a chaplain to the local sheriff’s department. Watching his videos from the rescue boats and hearing the scene’s he has been on, brings a very different perspective to what we see and hear on the news. I hope by the time this article is published on Sunday Texas and Louisiana will have emerged from the storm and that things will be improving. They will need a lot of patience and support as they work to rebuild their communities.

The outpouring of support and inflow of donations is showing the best of what this nation can muster. I’ve seen so many initiatives, even within my own IT industry. CompTIA, the global IT trade association, has launched an initiative encouraging all of its corporate and individual members to make a donation to hurricane relief and CompTIA will match $2 for every $1 donated up to $200,000. You can participate by going to http://bit.ly/CompTIACares and entering CompTIA as the company to match.

HarveyOpsLeading up the arrival of Hurricane Harvey, technology companies across Texas were issuing recommendations to safeguard the digital assets of an organization. Cloud computing has played a major part in ensuring business continuity throughout the storm. This was mainly accomplished through having company data safely backed up to the Cloud. However, as more and more companies move applications and in some cases, entire infrastructures to the Cloud, these businesses are able to maintain complete operational effectiveness through something as catastrophic as a hurricane.

This does not mean there were not challenges. Certainly, the widespread loss of power and the heavy flooding impacted people’s ability to work. The cellular networks were stretched to their breaking point, but held in most cases. I have been in touch with colleagues in the greater Houston area and they have all made it through thus far. Most have suffered water in their homes and needed to evacuate. Fortunately, of the people I have been able to contact or get updates on, their businesses have not experienced any catastrophic losses of data.

The key to being able to bring your business through an event like this is planning. The last thing you want to do is figure out a plan while the storm is bearing down on you. As I already mentioned, backing up your data to the Cloud is a must. When you can leverage the Cloud to actually run your business applications and even your critical infrastructure, you are that much better prepared. Be sure your most critical infrastructure components are attached to Uninterruptable Power Supplies (UPS), which will provide backup power should the power go out and most importantly, properly shut those infrastructure items down should the battery run low. All other computing devices should be connected to surge suppressors. Many people do not realize the restoration of power can be as much of a threat as the loss of power. I have seen situations where building and individual pieces of equipment have caught fire when power was restored after a sudden power loss. UPS and proper surge suppression will protect against this in almost all cases.

Obviously, if you are facing the risk of flooding, you want to secure as many of your electronics away from likely locations susceptible to flooding. This isn’t always possible, but sometimes even just moving computers away from window areas can make a big difference.

Even though I am focusing on technology, don’t forget about your low-tech assets too. If you are maintaining paper files of any value, be sure you have a plan for them. While I would recommend you scan all important documents and store them electronically, I know nearly all businesses still keep some of their critical data in paper form. Be sure you have a plan to secure those files before a storm hits. Consider watertight storage containers, even if just to see them through the storm.

While you may have your data and your critical applications covered, don’t forget that you need to think about how your team will function if they are not able to get to the office and also, if they have to leave their homes. In some cases, it just won’t be possible to work for several days. I experienced that this week, with one of my clients who has an office in Houston. They were able to get back in to their office and all of the preparation steps we recommended, including shutting everything down, paid off. We were able to help them remotely bring everything back online and they are fully functional.

Throughout the storm, they maintained communication with their entire team, so staff knew when it was safe to return to the office and get back to work. Hopefully, you have a plan like this for your business. If you don’t, put one together now.

What About VoIP – a Podcast

Standard

I was recently interviewed by Jonathan Blackwood, managing editor of TechDecisions, for his most recent podcast on Voice over IP, VoIP.  Jonathan is the Managing Editor at TechDecisions and I truly appreciated the opportunity to speak with him.  He’s as passionate about the IT industry as I am and his podcasts are very well regarded throughout the industry.

TechDecisions is a division of EH Media, the company behind Commercial Integrator, Security Sales & Integration and ChannelPro magazines.  TechDecisions is also the new site that brings them all together, to make it easier for technology professionals and decision makers to get the information they need to ensure project success across these evolving technology segments.

In this podcast interview, Jonathan and I discuss VoIP and what opportunities it presents for companies of all sizes and the technology partners the work with.  We talked about understanding what VoIP really means and the different ways organizations may implement it.  We also talk about some of the newer offerings maturing in the market and how to write an RFP for VoIP services.TD-podcast-logo-r.jpg

You may listen to the podcast here.

Are You Taking Advantage of Office 365

Standard

The following was published in the August 20, 2017 editions of Seacoast Sunday and Foster’s.

Most small and mid-size businesses have or are moving to Office 365 for various reasons. Mostly, this is to deliver more reliable email, but Microsoft continues to bundle more software and features into the subscriptions, yet most people think it’s just email.

Microsoft offers a range of subscriptions from as low as $5 per month per user to $35 per month per user.

Office 365The most basic business subscription, Office 365 Business Essentials, offers a complete online experience for email and collaboration. If you already own Microsoft Office software for your computer, you can connect your desktop software to some of the services included in this subscription. What you get for $5 a month is impressive. A 50-gigabyte email box and web versions of Microsoft Outlook, Word, Excel and PowerPoint, allow you to work with and create files using the popular Office applications in your web browser. You also receive 1 terabyte of storage in OneDrive, Microsoft’s online file storage and sharing service. You also get SharePoint Online, a web-based collaboration platform you can use to create a private Intranet site for your business.

You also have a subscription to Skype for Business, which may be used for internal and external instant messaging and hosting online meetings. You even have access to team-based services like Microsoft Planner and Yammer, which allow you to manage team tasks and cross departmental collaboration. All this comes with 24/7 phone and online support.

This subscription level is valid for companies with up to 300 users.

The Office 365 Enterprise E5 subscription includes everything in the basic level, plus the following. The most noticeable addition is the inclusion of the Microsoft Office software for up to five devices per person. This includes PCs, Macs, smartphones and tablets. You get the latest versions of Outlook, Word, Excel, PowerPoint, OneNote and Access. The available OneDrive storage is unlimited at this level. Skype adds Skype Meeting Broadcast, which allows you to host online meetings for up to 10,000 participants. Email gains advanced eDiscovery with search, legal hold, export and analytics.

Also added are retention and deletion policies for email and advanced threat detection. Advanced Security Management provides insight into potential threats to your data, including data leakage. Another major benefit of this subscription is Skype calling via a Cloud PBX, which allows you to use Skype to replace your existing phone system. You have the option to use Microsoft for your local, long distance and international calling or use your existing services with Skype.

Finally, there is Microsoft Power BI, a robust analytics tool that allows the average user to create meaningful dashboards to track metrics that matter for them. There is no limit to the number of users. For $35 a month per user, this is absolutely the best value. Most businesses will pay significantly more to come up with this powerful a set of benefits through any other means.

There are several subscription options between these two that offer more and more features on top of the basics. If one subscription doesn’t offer quite enough and another too much, I’m sure there is a subscription between that will be right for your business. Challenge your company to take full advantage of Office 365, whichever subscription you may have. Chances are you are not.

One final item: You will notice I have a new title and company name this week. In late May, Internet & Telephone, LLC was acquired by Onepath. This past week, we completed our rebranding and are now known as Onepath and I have a new role that provides me with increased opportunities to work directly with our clients. We have the same local New England-based team with our New England base of operations in North Andover, Massachusetts, and our offices and data centers in Boston and Portsmouth. We add our corporate headquarters and other offices in the Southeast. It’s an exciting time for our clients and our dedicated team of technology professionals.

MJ Shoer is director, client engagement and vCIO at Onepath, with offices in New England and the Southeast. Onepath is the one source for all things to do with designing, deploying and supporting technology – from cable to Cloud. He maintains a blog about IT at www.mjshoer.com and may be reached at mshoer@1path.com.

%d bloggers like this: