Notes of MERIT ISSUE 3  VOLUME 6  May-June 2018 “Insider Tips To Make Your Business Run Faster, Easier, And More Profitably”

“As a business owner, I know you don’t have Recovery time to waste on technical and operational issues. That’s and Why it Matters to Hampton Roads Businesses where we shine! Call us and put an end by Randy Spangler to your IT problems finally and forever!” - Randall Spangler, MERIT Solutions . Everyone wants it after something catastrophic hap- pens, but in the IT world, before you can have disaster recovery, you must have disaster readiness. At MERIT Solutions we recognized this a decade What’s Inside ago when we began including server with every service plan we wrote. Since then, we have continuously improved our offering to include hourly backups and automatic offsite storage. We all have seen the dramatic pictures from the big island of Hawaii with the fissures and lava flows, where houses and entire neighborhoods have been engulfed by Kilauea’s wrath. Of course, here in Hampton Roads, we have other “wraths of nature” with which to con- tend. Floods, fires and even crashing jets can destroy your data. Disaster doesn’t have to be dramatic, however. Drive crashes, power surges, theft and even ransomware can destroy your data. With the advent of multi-terabyte drives, the amount of data which needs to be backed up – and recov- Page 1 ered – is even more important and difficult.  Disaster Recovery and Why it Matters to Hampton Roads Businesses Tape was an expensive and labor intensive Page 2 hassle and with the size of drives today, it  Duplex Can Make Calls for You, has become an impossibility to implement. and More Folder-based backup is better than having  The Lighter Side: Underwater World no backup but the time and effort required Page 3 to recover a crashed server with only data  President’s Note folders saved is huge. At MERIT Solutions,  Has Malware Made a Home in Your Router? we provide image backups which allow a total server restore as well as file Page 4 and folder restoration.  News from the NOC: Proxy Servers All MERIT Solutions’ clients who subscribe to any of our Peace of Mind Page 5 plans don’t have to concern themselves with backups. Like Prego, “it’s in  PowerPointing You In the Right Direction there…” Restoring your data is also included in the plan.  Shiny New Gadget Of The Month: goTenna Everyone agrees that you need to back up your data, keep it safe, and Page 6 have it ready to restore, but what about timing? How long will it take to  Maybe You Can’t Fix Stupid, But You Can restore your data? Which data is the most important to bring back online Fix Your Security the quickest? How much business would you lose if your servers were down for a day or two while the data is recovered? We now have the new Unitrends backup appliance available which has the capacity to get your servers back online in minutes and we can help you decide what your needs might be. “Ask your IT provider if Unitrends is right for you.” Not a client of MERIT Solutions? Not a problem. We can provide a backup and disaster recovery plan which will meet your desired RPO or RTO (recovery point objective or recovery time objective). Even easier would be to sign up for a Peace of Mind plan, get fantastic service and disaster recovery. This summer, make sure that the only freak of nature you will be worried about is the one in the horror novel you read while at the beach! Page 2

The Lighter Side... Google Duplex Can Make Calls for You, and More At Google I/O 2018, the latest occurrence of Google’s convention for developers, a stunning new technology was demonstrated to those in attendance. Called Google Duplex, it adds a new level of utility and capability to the Google Assistant, in that it enables the Google Assistant to make phone calls on the user’s behalf that are almost indistinguishable from human conversation.

If this sounds incredible, the general consensus agrees with you. During its unveiling at I/O, the demonstration of Google Duplex brought various reactions from the crowd as the Google Assis- tant called to schedule a hair appointment and to make a reserva- tion at a restaurant. More than just that, too - the Assistant’s re- quested time for the haircut was unavailable, so it needed to in- dependently agree upon a different time, and there was a lan- guage barrier affecting the conversation as it tried to make a reservation, but it still navigated the conversation successfully… arguably, more successfully than many people would.

This, in and Words go left, right, up, of itself, is down, not diagonally, and enough to can bend at a right angle. make Google There are no unused Duplex a letters in the grid, every huge leap letter is used only once. forward for its kind of technology, but that wasn’t all Match the pairs: find the exact Google had mirror copy for to demonstrate. Not only could Google Duplex intelligently every picture. carry on conversations that didn’t always go as planned, it could navigate these conversations while using a natural, human voice, using filler words like “um” and “uh” naturally, casually con- firming things with “mhmm” rather than “yes” or even “okay.” Google Duplex could even deal with interruptions while reciting information like phone numbers, picking up where it left off and repeating itself, just as a human would over the phone.

Clearly, this makes the Google Assistant much more useful to its users, but what about those that don’t use it, and only refer to the web version of Google?

Well, Google Duplex takes the information it gathers from its calls and will update a business’s page based on the information it gathers. So, if Google Duplex calls a business looking for its hours on Thursdays, the answer it receives will be used to update the results online. This even includes holidays.

Some outlets have voiced concerns, however, that there is no

indication given that the recipient of the phone call is speaking

8 - 6 5, - 3 7, - 2 4, -

1 to an automated assistant. What do you think? Page 3 President’s Note Has Malware Made a Home in Your Router? Hackers and cybercriminals, like most people, tend to gravitate towards high- Seeing the recent lava flow from Kilauea reminded me of a vacation reward activities. In this case, that means the focus is turning to creating mal- to the Big Island several years ago. ware that attacks the router, potentially infecting the users that leverage it to We stayed in a cabin not even a mile connect wirelessly to the . Researchers at Kaspersky Lab recently dis- from the caldera. You could smell covered an example of such a malware, so today, we will review this threat and the sulfur at the top of the mountain. how to best protect your network. At the time, the volcano was at rest Slingshot but no one knew when she would This threat, codenamed Slingshot, targets MikroTik routers and utilizes a start rumbling. multi-layer attack to spy on the PCs connected to the router. By replacing a When it began, there were warn- library file with a malicious alter- ings and signs of things to come. native that subsequently downloads Once she blew, that was it! If your other pieces of the malware, Sling- house was on top of the fissure it was shot is able to bypass security solu- too bad. Suddenly access routes to tions unscathed. It then launches a homes and businesses and everything two-pronged attack: first, leverag- in the lava flow path were cut off. ing low-level kernel code to give Keeping your data safe is a similar an intruder carte blanche access to proposition. You know that some- a system, and second, managing thing will happen someday but no the file system and preserving the one knows when. And when it hap- malware - allowing it to continue. pens, you had better be ready. We are here to help. We hear the If this sounds impressive, it is - rumblings of the disk errors, so we not only does this attack access make sure your backups are good. additional code from an encrypted Security is also very important in virtual file system, it does so with- order to minimize the threat of out crashing its host. This quality malware affecting your data since and complexity led the security we know that your firewall and your experts at Kaspersky Lab to conclude that this attack was state-sponsored. email are being attacked 24/7. We Based on reports, this malware can collect just about any data that it wants to put up protection but no matter from its target, from keystrokes to passwords to screenshots to network traffic. how hard we try, sometimes the mischievous Menehune have their According to MikroTik, their routing firmware has received a patch for this way. I don’t want to sound preachy vulnerability, but it is still unknown if routers from other manufacturers are but it is important to be prepared! affected. If they are, Slingshot could suddenly become a much larger issue than Don’t let a disaster of any kind shut it already is. you down. On a lighter note, summer is here, Other Router Malware the days are long and the mosquitos Of course, Slingshot isn’t the only issue that affects router security. The fail- safes and security measures baked into routers have been historically unrelia- are hungry. Enjoy the sunshine ble. This can be attributed largely to manufacturers building numerous products (and the rain) and let us know if we with no comprehensive strategy concerning their security and keeping all of it can help you with any of your IT up-to-date. However, this doesn’t mean that the user is off the hook, either. It is questions or needs. up to them to actually update the router’s firmware, not something that is necessarily their first, second, or even twenty-third thought. Furthermore, the updating process can often be challenging, as well as time-consuming. Hackers will often change the DNS server setting on a router in order to attack a network. Rather than directing you to the secure website you are trying to navigate to, the altered DNS will instead send you to a phishing site. Since these sites are often convincingly created and designed to fool their targets, you may not realize you are being victimized until it has already happened. In addition to attacks like these, hackers will also often use methods like barraging their targets with ads or infiltrating them via drive-by download. Some attacks leverage cross-site request forgery, where a hacker will develop a rogue piece of JavaScript that will attempt to load a router’s web-admin page to alter the router’s settings. (Continued on page 4) Page 4

data by limiting your organiza- (Continued from page 3, tion’s direct exposure to this Has Malware Made a Home in Your Router?) traffic. By masking your actions How to Mitigate Damage to You Network Operations Center from public view, you go a long If you suspect that you are the target way toward protecting not only of a router-based attack, your first step “As Chief Technology the data, but, indirectly, the peo- should be to confirm that something is Officer, I monitor latest IT wrong. While there are assorted ways to trends, opportunities and ple that depend on your business. threats to your business so accomplish this, the most effective is to you don’t have to! Call us Here are some ways proxy check if your DNS server has been and see how we can help servers provide security: changed. To check, you’ll need to you manage your IT.” access your router’s web-based setup - Larry Robertson, MERIT Solutions Usage Controls - Your em- page, and from there, the Internet ployees are people with lives. connection screen. If your DNS setting The more leeway you give is ‘automatic,’ you should be okay. Tech Term: What are them, the more they will take. However, if it says “manual,” with Proxy Servers? A proxy server can help net- custom DNS servers entered, you may While proxy server is a tech term work administrators prevent have a problem. that is frequently cited, it is not devices or users from accessing In order to mitigate damage in the understood by a vast majority of material, both inside and out- case of compromise, you’ll need to people. Today we will describe what side the business’s network. It make sure that your router matches the a proxy server is and why also provides a construct to specifications set by the manufacturer. organizations like yours use To do this, make sure you: them. • Promptly install firmware What is a Proxy Server? updates: Keeping your router’s firm- Simply put, a proxy server is ware up-to-date will assist you in keep- a computer that acts as an ing your router secure. intermediary between the • Disable remote access: By computer you use and the disabling the capacity for your router Internet. It masks the IP ad- to be accessed remotely, you prevent dress of your machine with the chance of someone changing the the IP address of the proxy. It settings without your knowledge. is designed to provide busi- • Disable UPnP: While there is ness networks with additional definitely some convenience to be had security and privacy benefits. with the assistance of plug and play capabilities, UPnP could lead to your Proxy Server Security router becoming infected, as it is predis- Network breaches and other security keep detailed logs about what posed to trust any requests it receives. lapses can be major problems for interactions people have with • Change your access credentials: any business. The proxy server can outside data. A simple means of upping your security work to limit problems like these by is to change your access credentials adding the additional layer of securi- Agility - Proxy servers allow away from the router defaults. ty between the servers you depend for more agile business by on and the traffic coming in from the saving bandwidth. Since the If you want to know more about your Internet. While the proxy server isn’t proxy server will reject any of cybersecurity, the professionals at a comprehensive solution to keep the information it is designed to MERIT Solutions are here to help you unwanted entities out of your net- block, your organization’s keep your network and infrastructure work, it does provide a barrier that computing speed for relevant safe. Call us at (757) 420-5150. can work to keep your network from tasks will likely improve. being infiltrated, and your data from being stolen. That’s just the tip of the iceberg, but it should give you a better idea about Proxy Server Privacy what a proxy server is and how it is Most organizations utilize proxy deployed. For more information servers to protect their network and about technologies you can utilize to data from the stream of traffic that make your business better, contact comes in and out of their network. In the experts at MERIT Solutions to- protecting the anonymity of your day at (757) 420-5150. systems, proxy servers protect the

. lie

5 - in in s

- ’

Page Page s best to to s best by ’

” especially if you if you especially s a great way to way great s a s a great, user great, s a ’ -- ’

s unlikely that a built that s unlikely ’ 0, Steve McGarrett Steve McGarrett 0, - click on the text box and select select box and text on the click -

t an option, however, it however, an option, t Congratulations Rebecca from Linn Mellette, PC ’ even if they have been grouped been grouped have they if even [email protected] ” -- s also possible that some of your pro- of your some that possible s also ’

t have some ideas in it. Nobody is watching watching is Nobody it. in ideas some have t ’ re looking for. To do this, just press the Tab the press just this, do To for. looking re ’ Rubber Duckie. “ s branding. The first thing you need to do is pro- is do need to you thing The first s branding. s a custom template, it template, custom s a Redd, and Wendy Gray. ’ ’ ve done it, just right just done it, ve consuming, it is definitely worth it worth definitely is it consuming, ’ - gift card. And the BONUS Trivia answer is: Rip Tide first appeared as Tides s branding. It s branding.

’ ”

Duck Donuts “ ve been working on your presentation for a while now and it and now a while for presentation your on been working ve ’

Take my Trivia Challenge and you could win! could and you Challenge my Trivia Take he also held a position in what group? what in a position held he also “ July 30th be will entered into the drawing for a chance to win. PowerPointing You In the Right Direction Right In the You PowerPointing

s not a presentation if you don you if a presentation s not s Trivia answer is: Erniesang the song ’ Everyone emailing the correct to answer ’ s say that you that s say A) Commander, Naval Reserve B) Colonel, Air Force Reserve B) Reserve Colonel, Force Naval Reserve Air Commander, A) ’ In the original TV series Hawaii Five Hawaii series TV original In the Who Wants To Win A $25 Tropical Smoothie Gift Card? Gift Smoothie Tropical $25 A Win To Wants Who We hope you enjoy your C) Commander, D) Navy Reserve Coast Commander, SEALsGuard C) Association Last Last month An easy fix is to create a custom template ahead of time that matches up nicely with with up nicely matches that time of ahead template a custom create to is fix easy An Let One of the best examples of this is changing the default sizes of your text boxes to to boxes text of your sizes default the changing is this of examples best the of One When you need to put together a presentation, chances are that the solution you use use you solution the that are chances a presentation, together put need to you When PowerPoint can also help you save time with the implementation of templates. These templates. of implementation the with time save you help also can PowerPoint PowerPoint lets you personalize your presentations in such a way that you can create create can you that a way such in presentations your personalize you lets PowerPoint was Detective Captain of a special state police task force and and force police task state a special of Captain Detective was mascot by being hatched at Scope in front of Admirals fans. Tides baseball ticket winners are Bill Bailey, Kirsten Rife, Kel time is this While branding. your isn this If future. foreseeable the for it on using plan quality. and its content on the primarily can focus so you that template a simple to stick it all, After to is want really they What design. presentation your critique to presentation your content. for time and use your template the Build them. can offer you what know togeth- grouped are objects your If objects. specific finding difficult become to starting objects your of all through cycle to way a There is difficult. more even is task this er, one you specific the can find you so that sequence the in element next the selects This key. be normally. would it than easier much objects specific finding makes This together. Templates Implement It presentation. your format to takes it time of amount the can reduce a pleasing maintaining while on a deadline, if especially done, presentations get your unless it Unfortunately, appearance. company fit your will template side. foolish on the a little look you making a template, as it identify might spects PowerPoint. Defaults Object Your Change important. quite brand actually is for your an identity such Having them. for an identity easier become they them, to format same the have or similar look presentations your If can make you so pain, big is a objects of your all Reformatting whim. on a out build to settings. default object changing the by easier much process this business your match they sure make formatting Change the imitate. will boxes text of your rest the what of an example vide Once you do this. to box a text of be add- will boxes text of your rest the finished, is this When Box. Text Default as Set box. default the as formatting same the with presentation your ed to an Object Finding It suite. Office the from PowerPoint Microsoft called thing little a is of best the to it of advantage taking you are but purposes, for most solution friendly in steps unnecessary out can cut you that ways best the of some are Here ability? your

” Fi - -

tech tech -

the first the “ MESH hops “ “

grid camp- talkie you - - as a hi

message kept message ” peer communica- www.gotenna.com -

to point range. You - -

goTenna * to ” - No Service goTenna friendly devicefriendly for a relia- “ - grid peer - Of TheOf Month: In fact, in any situation in fact, In where you Shiny NewShiny Gadget

In additionIn to a it being great com- GoTenna pairs phoneyour with to Have you ever Have been you off Think the of Around $179/pairAround at Motherboard/Vice magazine Motherboard/Vice Tenna network the has advantage. * towant touchkeep in otherswith without needing coverage, the go- touch touch andwith family friends when other communicationof means are functioning.not munication asset to have when off grid theexploring, goTenna provides peace during emergency of mind situations. Users are able in to stay devices to extend own coverage.your Tenna devices. The phone thethrough other devices to extend beyond point alsocan strategically place goTenna pairing thepairing goTenna eachwith cell phone user. You alsocan extend networkyour by creating a otherswith in areayour go-with anywhere in the world, no cell, Wi or satellite service required. Your group can its make own network by create own your signal which allows to you share and text GPS messages ers in ers in group your by phone, but that annoying popping up? Well, can goTenna the provide link the are you looking for. or hikinging and that wished you ablewere to communicate oth-with consumer ble off network.tion version ofversion old the walkie used when you a were kid. In fact, goTennathe been calledhas

Page 6 Maybe You Can’t Fix Stupid, But You Can Fix Your Security It’s easy to dismiss network security if you run a small • Centralize your data security: There needs to be business that seemingly isn’t a target of malicious attacks. someone at the helm of your data security endeavors. If Unfortunately, this dismissive attitude can put your there isn’t, you make protecting your data much more diffi- organization at risk, as even a simple security issue could cult. This person should be responsible for implementing be enough to expose your company to dangerous entities. access control and making sure that nobody can access data In fact, we would call it foolish not to secure your that they wouldn’t organization; and one of the most infamous security need for their failings in history stems from this. ordinary workday. The Equifax Problem Encouraging During the months of May and July of 2017, a credit- Employee Security reporting firm called Equifax fell victim to a data breach Employees hold that exposed a whopping 148.1 million records containing more sway over personally identifiable information. To put this in perspec- your business’s tive, the Equifax data breach exposed almost half of the security than they population of the United States of America. may realize. This In the wake of this breach, the former Equifax CEO makes it difficult Richard Smith was cross-examined by Congress. Smith’s to protect im- defense argued that “human and technology errors” were at portant assets, the heart of the issue. Ultimately, the Chairman of the because if you’re House Energy and Commerce Committee, Greg Walden, overly cautious, came to the following conclusion: “I don’t think that we you could be com- can pass a law that fixes stupid.” promising your How to Fix Your Data Security business’s ability to operate as intended. Here are some While it’s true that there is no guarantee legislation common issues that need your attention in order to help would resolve the issue, you still need to make sure that employees remain cognizant of their responsibilities. your organization is doing the best that it can to keep • Lazy credential habits: Password problems have per- threats from infiltrating its network. You can begin by sisted in business for a long time. Employees should never implementing specific standards on a company-wide level reuse passwords or usernames for every account that they or a case-by-case level. have. Each password should be complex: containing letters, Here are some ideas that you can start with: numbers, and symbols to maximize security. You can use a • Start with compliance: Compliance regulations don’t password management system if this gets to be a bit too always have data security in mind. That being said, it’s still much for your employees. an important part of managing your data security, as you • Oversharing information: You should help your em- could potentially be subject to fines and other troubling ployees work toward limiting just how much information regulations. they share about themselves on social media so that pass- • Resolve vulnerabilities: 99 percent of exploits rely on words are not as easily predicted. Avoid using personal vulnerabilities remaining unresolved in network infrastruc- anecdotes whenever possible, and restrict who can see what tures. These exploits also often exploit vulnerabilities that information to minimize the chances of this happening. are at least a half a year old. You should make patching You also don’t want information to spread outside of the these vulnerabilities a priority so that you can best protect office, as an invoice or receipt with a customer number your data. could be all a hacker needs to cause trouble. • Using the wrong Wi-Fi: Public Wi-Fi is danger- ous and therefore, not the ideal way to access secure data. You should work together with your employees to make sure that they have secure access to company documents whenever they need them. A virtual private network is a great way to do this, as it encrypts Thank information sent and retrieved by your devices. Does your business need to augment security? you for MERIT Solutions can help. To learn more, reach out your to us at (757) 420-5150.

business 1407 E Stephanie Way, Chesapeake, VA 23320 (757) 420-5150 www.meritsolutions.net

“Providing IT services to Hampton Roads businesses since 1982”

Comments or suggestions for the editor please email [email protected].