All About 5G, and How 5G Will Impact Small-to-Medium Size Business

There’s a good chance you have heard of 5G technology, and also a good chance you don’t really know what that means. Then again, you probably didn’t know what 3G and 4G meant, either. If so, you might be wondering what 5G is, and how 5G will impact your business or organization.

What 5G Can Do

Before we can look into how 5G will impact small-to-medium size business, we need to discuss 5G’s capabilities. 5G stands for the fifth generation of cellular networking, and its main advantage is speed—blurringly fast mobile speed. In fact, it’s expected that 5G will download data 20x faster than the current 4G cellular technology. Actually, that might be an understatement. The Chicago Tribune recently reported that 5G “can run between 10 and 100 times faster than your typical 4G cellular connection today.” But speed is just one of its many advantages, which also include:

    • Lower Latency
      Latency refers to the delay or lag between when we send an instruction with our phones or other devices, and the data transfer. With 4G networks, latency is typically around 40-50 milliseconds. With 5G it will be 1 millisecond or less. This will particularly benefit AI and virtual reality. As a result, most experts expect a rapid expansion of these technologies.
    • Greater Capacity
      5G can run many high-demand applications all at once without interruptions—which means you can use your apps, plus IoT (Internet of Things) devices plus stream HD video and so on, all simultaneously and without network slowdowns.
    • Better Connectivity
      Most of us have experienced the frustration of slow download speeds and uneven connectivity, a problem that is especially acute in major cities. 5G, however, will add huge amounts of spectrum in bands that haven’t previously been used for commercial broadband traffic. As a result, 5G should be able to support up to one million connected devices per square kilometer.

How 5G Will Impact Business

PSB Research surveyed over 3,500 people including business decision leaders, analysts and tech enthusiasts on how 5G will impact business. The results showed great excitement about 5G technology, and found:

  • 91% of those surveyed expect to see the invention of many new products and services
  • 87% expect new industries to emerge
  • 82% expect small business growth and more global competition
  • 85% expect it to make companies more globally competitive
  • 89% expect increased productivity

5G’s impact on virtual reality alone will have a tremendous impact on SMBs including enhancing the online shopping experience, reinventing doctor visits, and enabling remote sales support and the use of smart screens in retail environments. Holographic salespeople? 3D demos? They may all become reality sooner than you think.

5G may also dramatically change the workplace. While remote working is fairly widespread, it is still limited in many ways, partly due to technological limitations. Conference calls can be awkward, and speaker phones make communication often difficult to understand. But with the improvement of virtual reality, workers can meet online, and interact as if they were in the same room.

One more benefit is the wealth of information such connectivity makes possible. Web analytics company Izenda reports that the expanded interconnectivity delivered by 5G will allow greater data sharing from cameras, drones, sensors and IoT, providing many more ways to collect and analyze data from users.

The Adoption of 5G

According to global payments provider Veem, 5G may usher in a “new era of digital transformation powered by lightning-quick phones, enhanced virtual and augmented reality, the Internet of Things, and countless more technological wonders.” 5G technology website 5g.co.uk says, “Finally, with 5G, businesses will have constant unbroken access to a fast, reliable internet connection. To all intents and purposes, it will be like having an extremely good Wi-Fi hotspot covering the entire developed world.”

It has been estimated that 50 percent of U.S. consumers will have access to 5G within the next five years. With the expected improvement of connection speed, website traffic, and reliability, the technology possibilities are endless; many are sure to surprise us. It also means that early adoption of 5G tech could be critically important for your business, especially if you want to incorporate new consumer services and solutions that might involve AR and VR tech.

If you have any additional questions on 5G technology and how 5G will impact your business or organization, contact one of the tech experts at Single Path. We work with small-to-medium sized businesses, schools and other organizations to help them use, understand and implement the best technology for their needs, including mobility services such as voice and messaging and video conferencing.

Contact us to learn more.

Which is the Most Secure Browser for Safety and Privacy Protection?

With so much of your information online, your privacy is always at risk. Using a is an important first step to keeping confidential information safe. For example, your browser may house your browsing history and login credentials, can have cookies and other trackers, and contain autofill information like your credit card numbers. The most secure browsers have customizable security features and regular updates, but they also must be user friendly. Which are the best? Let’s look at ten browsers including some of the safest, and most popular.

Brave

Brave is ranked as the most secure browser by BestVPN.org, a VPN review site. A relatively recent Chromium-based browser, Brave offers a bunch of features, including a password manager, a script blocker and one-click anti-fingerprinting functionality. It particularly excels at blocking ads and tracking cookies. Brave is open-sourced, which means the code can be thoroughly researched and scrutinized by the Internet community to ensure there is no hidden tracking or anti-privacy spyware. Brave also supports most Chrome extensions, which (as we’ll explain in a moment) is both a blessing and a curse.

Brave is available for Windows, macOS, Linux, Android and iOS.

Chrome

Google Chrome controls nearly 65% of all web browsing, followed by Safari (at around 16%), and then Firefox at around 4%.

Chrome gets high marks for security, and offers continual security updates, which is excellent. But Google is also notorious for data collection, tracking and other privacy violations. One blogger found more than 11,000 cookies that would have been placed on his Chrome browser after just a week of surfing (all of which were automatically blocked by Firefox, which we’ll discuss below). Since Chrome is not an open-source browser—Google is somewhat notorious for their tech secrecy—it’s impossible to know everything they are tracking. They offer many security and privacy preferences, but it takes a great deal of time and effort to research them. There are many user-friendly Chrome extensions, but these are also a constant target for hackers and malware, and can introduce viruses and spyware, making it far from the most secure browser.

Chrome is available for Windows, Linux, macOS, iOS and Android.

Chromium

Chromium is a 100% open source project created to provide a Google Chromium browser, without Google’s privacy issues: settings require manual activation rather than Chrome’s default settings. It receives security updates nearly every day—an unmatched frequency—but since each have to be manually installed, users need to be vigilant. Because Chromium is so tightly affiliated with Chrome, and uses basic Chrome functionality, it is highly user-friendly. But that also means it is still susceptible to many of the same malware infections as Chrome, including being flooded by pop-ups and unwanted re-directs.

Epic

The full name of this browser is the “Epic Privacy Browser,” and according to its website it “blocks ads, trackers, fingerprinting, crypto mining, ultrasound signaling and more.” Every privacy setting is turned on by default and they send “Do Not Track” requests, block cookies, ads and data-tracking web analytics systems.

Epic doesn’t offer auto-syncing, spell-check, auto-fill, any plug-ins, and does not store your history, login data or databases. While this all makes Epic extremely secure, it also makes it impractical for most daily use. One additional concern: Epic has been claiming they would open source the code since 2014, but they still haven’t. Why? Some experts are suspicious.

Epic is available for macOS and Windows.

Firefox

Online privacy and security website Restoreprivacy.com rated Firefox as the best browser for privacy and security. It is also rated as the most secure browser by bestantiviruspro.com and nordvpn.com. Firefox is the only mainstream open-source browser. Like most other major players, it offers a private browsing mode that includes malware and phishing protection, pop-up blocking and anti-fingerprinting protection. It doesn’t gather data, doesn’t show targeted ads, is frequently updated and has many easily-customizable privacy settings. On the negative side, it is not quite as fast as the more popular Chrome.

Firefox is available for Windows, macOS, Linux, Android and iOS.

Microsoft Edge

Microsoft Edge replaced Internet Explorer, a infamously poor browser for security, as Microsoft’s Windows optimized web browser. Edge is only updated twice a year, which means it’s vulnerable to the latest malware and viruses.

Edge does have some nice security and privacy features, but mostly the ones everyone else provides such as the ability to block pop-ups. It has limited extension support which means there is less of a chance of installing malware, but limits its user friendliness.

Edge is available for Windows, Windows Mobile, Xbox One, Android and iOS.

Opera

Opera is a popular browser that boasts a variety of security features such as fraud and malware protection as well as script blocking. It offers updates every four or five weeks, which is excellent. But it is not close to being the most secure browser, mainly because it is owned by a China-based company who collects and monitors user data and regularly share that data with third-parties. While users can add some additional layers of privacy and protection by customizing settings, it can be complicated to set up.

Opera is available for Windows, macOS and Linux.

Safari

As the default web browser for all Mac and OS systems, Safari is the second most popular web browser in the world, although it is only a fraction of the size of Chrome.

Safari has plenty of small but useful features like a password generator, machine learning based protection and anti-fingerprinting tools. It also runs your tabs in separate sandboxes (keeping different programs separate from one another), which helps prevent malicious code from accessing your data.

Safari offers a private browsing mode, as do many other browsers, but Apple has been caught collecting browsing history even with private browsing on, which is worrisome. Safari is partly open-sourced, but not all of it.

Safari is available for macOS and iOS.

Tor

The Tor browser Is endorsed by Edward Snowden, and is often associated with the dark web. The browser blocks Flash, RealPlayer, QuickTime and other plug-ins that can be manipulated into revealing your IP address. Tor also protects you from tracking and automatically clears your cookies and history.

With Tor, all your traffic is encrypted three times and is decentralized and operated by volunteers. This makes it possibly the most secure browser available. But while all its elaborate decentralization means you get unmatched privacy protection, it also slows things down substantially. In fact, the slow connection speed makes Tor impractical for everyday use.

Tor is available for Windows, macOS and Linux.

Vivaldi

Vivaldi calls itself “The Browser that Puts You in Control” due to its highly customizable interface and functionality. Its extensive customization options also extend to its privacy settings, which are numerous. You can, for example, set different default search engines for when you’re using regular and private browsing modes, and create different security settings for both.

Vivaldi is compatible with most Chrome browser extensions, which is good for user friendliness, but also means it can be infiltrated with malware. Vivaldi also offers end-to-end encryption for syncing between devices, but it does not yet have mobile device support which is a major problem. Also questionable: Vivaldi collects IP addresses and stores them on their database in Iceland. They claim this is done merely to determine their total number of users, but some experts are wary.

Vivaldi is available for Windows, macOS, Linux and Android.

Single Path can help you find the most secure browser for your needs.

From helping you find the most secure browser that’s best for your organization, to assessing your desktop security risks, the certified and highly skilled security specialists at Single Path are here to help assist you. Let us help provide the network security solutions and advice you need to protect your business, your school, or yourself.

Contact us to learn more.

IaaS vs. PaaS vs. SaaS: Which One is Best for Your Business?

As more and more organizations consider switching their business assets to the cloud, it is important to understand the differences between the three models of cloud service: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). By comparing IaaS vs. PaaS vs. SaaS, you can choose the best model for your organization.

IaaS vs. PaaS vs. SaaS

As you can see with the below diagram, with an on-premises, non-cloud system your organization takes care of everything, from the servers to the software. With IaaS, your servers and storage are taken care of with virtual, cloud servers. With PaaS, cloud service providers also supply the middleware. And with SaaS, third party providers supply everything, including the software.

IaaS_PaaS_SaaS

Let’s take a deeper look into each option.

IaaS: Infrastructure as a Service

IaaS is sometimes referred to as “your data center in the cloud.” With the IaaS model of cloud services, third party providers host virtual hardware equipment such as servers and storage systems. IaaS providers may also take care of associated services such as ongoing system maintenance, data backup and business continuity.

Organizations that use IaaS are typically billed on the amount of storage they need, which are tabulated by the hour, week or month, depending on the service contract. This makes IaaS platforms highly scalable IT resources. If your organization grows, you simply need to pay for more storage rather than buy costly hardware. If your organization shrinks, you can reduce that storage. You also don’t need to maintain an IT staff solely dedicated to run servers.

This model is particularly attractive to small businesses and startups that may be growing, and companies that experience temporarily high workloads, like retailers during the holiday shopping season. However, you have to be careful to monitor your usage. In the metered world of IaaS, you only want to pay for what you need.

Examples of IaaS include Amazon Web Services (AWS), Microsoft Azure and Google Compute Engine (GCE).

IaaS offers many advantages, including:

  • Easy to automate storage, networking, servers and processing power
  • Avoids wasteful spending because server/storage is based on consumption
  • Clients retain complete control of their infrastructure
  • Highly scalable

PaaS: Platform as a Service

Platform as a Service (PaaS) delivers a platform to clients, which lets them develop, run and manage their business applications. Like IaaS, PaaS comes with virtual servers, storage and networking. But with PaaS, developers also have the tools to build customized software without having to worry about operating systems, software updates, storage or the underlying infrastructure.

PaaS is a pay-as-you-go service.

PaaS has many advantages, including:

  • Resources can easily be scaled up or down as business changes
  • Saves time and money with developing or deploying in-house apps, and significantly reduces the amount of coding needed to create them
  • Streamlines application management, and lets multiple developers work on the same project more efficiently

Examples of PaaS include Google App Engine, OpenShift, AWS Elastic Beanstalk and Windows® Azure.

SaaS: Software as a Service

When you consider IaaS vs. PaaS vs. SaaS, Software as a Service is likely the most familiar to you. This is the most common cloud model used by businesses, and provides a wide variety of individual software applications such as email and collaboration, customer relationship management (CRM), billing/payroll processing, sales management, human resources management, financial management, database management, enterprise resourcing planning (ERP), content management and document editing and management.

Organizations typically pay for SaaS applications via a subscription fee on a monthly or annual basis, often based on the number of people using the application, or the number of transactions that are run. Because of this fee structure, one of the major advantages to SaaS is its ongoing scalability and the ability to add or subtract users as needed. Since the apps are delivered via the web, SaaS also eliminates the need to have IT staff available to download and install applications on each individual computer, and third party vendors manage all potential technical issues. This allows IT staff to spend their time on more pressing, organizational matters.

Examples of SaaS include Google Docs (and many common Google apps such Google Calendar), DropboxTM, Cisco WebexTM and Salesforce.

SaaS has many advantages, including:

  • Applications can be accessed anywhere, and on mobile devices
  • Organizations can access many applications, including those used infrequently
  • Apps are always kept up-to-date; no need to install patches or updates
  • Scalability and cost savings

IaaS vs. PaaS vs. SaaS

Each cloud model, whether you are considering IaaS vs. PaaS vs. SaaS offers specific features and functionalities. Whether you need cloud-based software for storage options, a platform to develop customized applications, or complete control over your entire infrastructure, there is a cloud service option for your organization.

Still not sure? At Single Path, we work with many small-to-medium sized businesses, school districts and other organizations to help them find the cloud services best for them.

Contact us to learn more about how to move your assets to the cloud.

What You Need to Know About Kari’s Law and Ray Baum’s Act

We’re thrilled that Kari’s Law and Ray Baum’s Act have both passed. These two new laws work together to ensure greater access to 911 and emergency services. We believe they will keep people safer, including business employees and students. If you’re not familiar with these new laws, you need to be.

What is Kari’s Law?

was inspired by a tragic event. In 2013, Hank Hunt’s daughter, Kari, was attacked and killed by her estranged husband in a Texas hotel room. Her nine-year-old daughter Brianna was in the room at the time, and Brianna dialed 911 from the hotel room repeatedly as her mother was attacked.

Hank Hunt describes the horrific scene: “Brianna pushed her little brother and sister out into the hallway of the hotel. And she proceeded to call 911 and couldn’t. I think she said she called twice and she would go and kick and knock on the bathroom door and tell him to stop, scream at him to stop and things like that. It was a — she heard it all. She heard everything.”

As it turns out, none of her 911 calls went through because hotel guests were required to dial a “9” to place an outside call, even for 911.

So, in large part due to Hank Hunt’s tireless efforts, Kari’s Law was passed in early 2018, so that a “9” is no longer needed for emergency calls from multi-line systems like hotel phones.

Multi-line telephone systems (MLTS) are also common in buildings, hospitals, office campuses and schools. All of these lines must have direct 911 dialing capability by February 16, 2020.

In addition, Kari’s Law requires all installed multi-line telephone systems (or MLTS) must provide instant notification to a front desk, security office or another designated, on-premise person that a 911 has been called. This notification will not only help the designated person quickly lend a hand, but let them know they need to quickly escort emergency personnel where they’re needed (through front doors, elevators, into key-carded areas, etc.).

What is Ray Baum’s Act?

Named in honor of the late Energy & Commerce staff director who passed away in 2018, this act addresses the need to more accurately locate 911 callers with multi-line telephone systems. Usually, when you call 911 from your home, your street address is passed along to emergency responders automatically. But in a building with multiple floors and rooms, this isn’t always the case, we do have special places connected such as several home cares like the Home Care Assistance in Raleigh which has doctors already prepared or any emergency.

Ray Baum’s Act creates rules to improve the dispatchable location information associated with emergency calls for both MLTS services and interconnected VoIP services. This information can include building, floor, suite or conference room. On a sprawling campus, for example, all calls might be routed to the front desk of the main building. This would not provide very accurate location information for responders.

Many organizations will need to update their phone configurations to be in accordance with the law.

A Partner One Step Ahead

With Kari’s Law and Ray Baum’s Act, the FCC is continuing its recent trend of bringing newer technologies to emergency services. As such, all providers of newer communication technologies, and their clients, should carefully and continuously review their service offerings and emergency services communication capabilities. At Single Path, we look at our clients’ security and ability to adapt to future demands seriously, which is why we’re always looking at new and better ways to protect, assist and support our clients, from internet security solutions to consulting services.

Contact us to learn more about working with Single Path.

What You Need To Know About Windows 7 End of Life

If your organization uses Windows 7 you are probably already aware Microsoft plans to discontinue this popular operating system beginning January 14, 2020. Windows has taken every opportunity to remind you of the Windows 7 End of Life event. After January 14, Microsoft will no longer offer technical assistance or software updates for Windows 7, including updates that help protect PCs from new cyber threats. If you’re a Windows 7 user, what does this mean for you, and what do you need to do before January 14?

Why is Windows 7 End of Life Happening?

Microsoft says they need to end Windows 7 support so they can focus on newer technologies. Windows 7 is 10 years old after all, which is about 200 years old in tech-years. But Windows 7 also remains incredibly popular, with recent reports showing that Windows 7 is still being used on more than 37% of all PCs.

Microsoft actually started the Windows 7 End of Life process by ending mainstream support on January 13, 2015. At that point they stopped adding new features and honoring warranty claims. However, they have still provided regular patches and updates to ensure security issues and bugs are fixed. That will no longer happen after January 14. The termination of support for Windows 7 comes just after Microsoft introduced Windows 10, and Microsoft wants you to upgrade to the new system, boasting that their Windows 10 software is the most secure Windows ever. But should you?

What’s the Big Deal? I think I’ll Keep Windows 7.

While your Windows 7 operating system will still work after January 14, the lack of security patches is a real concern. As PC Place points out, “The biggest issue with continuing to use Windows 7 is that it won’t be patched for any new viruses or security problems once it enters End of Life, and this leaves you extremely vulnerable to any emerging threats. What’s more, if a large number of people continue to use Windows 7 after the End of Life date, that could actually be a big incentive for malicious users to target viruses and other nasties at Windows 7.”

That Sounds Bad. What Are My Options? 

  1. Upgrade to Windows 10

Upgrading from Windows 7 to Windows 10 is by far be the easiest transition for your organization in response to Windows 7 End of Life. As TechRadar reports, “because both operating systems are made by Microsoft the upgrade process is relatively easy, and in many cases you can keep your files on your PC. This means you’ll experience the minimum of disruption when upgrading to Windows 10.”

And most reviews of Windows 10 have been positive, with the new system offering a number of new features including facial recognition, faster start-ups, “ink-accelerated technology” with a stylus, and new editing tools for photos and videos.

One of the biggest problems, however, is the possible expense involved—and purchasing the new operating system is only a fraction of that cost. You see, you might also have to buy everyone a new computer. As Microsoft says: “The best way for you to stay secure is on Windows 10. And the best way to experience Windows 10 is on a new PC. While it is possible to install Windows 10 on your older device, it is not recommended.”

Here are the minimum hardware specifications for Windows 10:

  • Processor:1 gigahertz (GHz) or faster processor or SoC
  • RAM: 1 gigabyte (GB) for 32-bit or 2 GB for 64-bit
  • Hard disk space: 16 GB for 32-bit OS 20 GB for 64-bit OS
  • Graphics card:DirectX 9 or later with WDDM 1.0 driver
  • Display:800 x 600 resolution

If all of your organization’s computers have those specifications, you’re set for your Windows 7 End of Life software purchase and transition. If not, however, you need to upgrade your hardware before you switch. And while prices continue to go down on many computer models, this can still be a sizable investment.

  1. Upgrade to a different operating system

Windows may be the most popular PC operating system, but it’s not the only one. For example, Linux has been around since 1991, and is a completely open source system (meaning it is free). Apple is also an option, although that will also necessitate brand new hardware, and many of your programs might not be compatible with their operating system.

Still, you might want to look into other options, especially if the expense of converting to Windows 10 is out of your budget.

  1. Upgrade to Windows 10, Slowly

While there are some advantages to simply pulling the Windows 7 End of Life band-aid quickly, it’s also possible to dip just one foot into the water. If you simply can’t make the switch before January 14, Microsoft is offering Windows 7 Extended Security Updates. These will continue to deliver updates and patches for Windows 7 business users after January 2020. However, these extended security updates aren’t free, and Microsoft is charging a per device fee. Current pricing is $25 a device for the first year of updates, $50 per device for year two, and $100 a device for year three, with no guarantee updates will be offered beyond that date. However, this approach may allow you the flexibility of updating or purchasing new computers in phases, and reducing a single year financial hit.

I’m Not Sure What To Do!

That’s what Single Path is here for. Choosing new technology applications for your school or business can be a difficult decision, especially when resources are limited. We are continuously meeting with companies, schools and other organizations to provide guidance on their Windows 7 End of Life choices, and help them make smart decisions, evaluate their current tools, and to continuously re-evaluate them. And our large menu of security solutions can help protect you from cyber threats, or rebound if you are hit by one. With considerable experience working with small-to-medium sized businesses, plus schools and school districts, we can help you operate with confidence.

Contact us for more information!

What’s the Difference Between Vulnerability Testing and Penetration Testing?

vulnerability testingAll networks, regardless of their size, are at risk from many cyber security threats.

To successfully protect your organization from these threats, you can’t rely on a single line of defense. For example, your cybercrime protection strategy should include both vulnerability testing and penetration testing. These terms are often confused with each other, but they are quite different. As Tripwire recently reports, “It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing on its own cannot secure the entire network.”

Vulnerability Testing, Explained

Vulnerability testing is the act of identifying known vulnerabilities in your network devices including firewalls, routers, switches, servers and applications. It’s usually performed by specific software, often set to run automatically and continually (antivirus software is a form of vulnerability testing). Because the scanners rely on published and regularly updated lists of known cyberthreats, vulnerability testing will only red flag vulnerabilities that are known, and that can be fixed. As you might imagine, there are many cyberthreats that aren’t known, or have no known fix. The latter is called a “zero-day vulnerability”—a vulnerability that is discovered but does not yet have a patch (It’s called “zero day” because developers have “zero days” to fix the problem since it could immediately be exploited by hackers). Google is just one of many companies who have recently reported a “zero day” issue (they reported a vulnerability in their Chrome web browser).

Due to the scope of organizational networks, vulnerability testing may require many different automated tools to manage a company’s assets, and many of those tests will need to be product-specific. For this reason, these tests are usually installed and managed by administrators or the IT team.

Penetration Testing, Explained

While vulnerability testing looks for known network vulnerabilities, penetration testing goes beyond that, examining sloppy business processes, lax security settings, or other weaknesses that a hacker could exploit. Issues that might be found include the transmission of unencrypted passwords, password reuse and forgotten databases storing valid user credentials.

Often, these tests take the form of authorized attacks, simulated on a computer system. The tests can determine if and how effectively an attack can be stopped. They can involve a script and exploit technology and people (including phishing strategies to trick employees). While they don’t need to be conducted as often as vulnerability testing, they should be done at least once a year.

While a vulnerability scan can be automated, a penetration test requires active participation. This usually means using a third-party vendor who can mimic the actions of an external hacker. While vulnerability testing can be done relatively quickly, penetration testing can take days or even weeks. Due to their more hands-on and involved nature, penetration testing costs can be much higher than that of vulnerability testing.

Security Testing Reports

Both vulnerability testing and penetration testing will produce reports detailing the problems found. Vulnerability testing reports are long but straightforward, listing the source of the problem, a description of the problem, and remedial action, which is usually to install a patch.

The report from a penetration test, on the other hand, will list fewer items and won’t be as straightforward. The report will describe what and how the attack was performed, but exact details may be vague. A remedy will be suggested, and while that fix could be simple, such as limiting team access to certain applications, it also may require a lot of time and effort, including staff training. A strong report will provide detailed recommendations.

A Third Party Vendor You Can Trust

When choosing a third party source for penetration testing, or to set up your vulnerability testing, you will want a team with significant breadth and depth of experience, especially in your organization’s area of business. At Single Path, we work with many organizations in such a capacity, with a particular expertise in small-to-medium sized businesses and schools and school districts. Our security solutions also include security risk assessment, data loss prevention solutions and more. We can help protect your organization in many ways.

Contact us for more information!

The Google Calendar Phishing Scam, and How to Avoid It.

While there are millions of phishing scams, every now and then a particular threat emerges that does more damage (and gets more publicity) than most. The recent Google Calendar phishing scam, which first gained attention last May, is the latest to gather national attention, and hurt more people and organizations than the average cyber threat.

What is the Google Calendar Phishing Scam?

A few months ago, cybersecurity firm Kaspersky Labs revealed how scammers were weaponizing the Google Calendar and other Google services. As Wired explained in a recent article: “Phishers have realized that they can take advantage of seemingly innocuous calendar settings to plant their own events laced with phishing links on victims’ schedules.”

In the Google Calendar phishing scam, scammers send a wave of calendar event invites to Google Calendar users, where they are automatically loaded onto each calendar. That’s why so many of us use a Google Calendar: it’s easy for anyone to invite you to a meeting, from an office mate to a friend (or a scammer). Once the invite is sent, you get an automatic calendar notification which further legitimizes the phony calendar event. Spammers use the location and topic fields of those invites for enticing text, such as informing you of an award or cash payment, with a phishing link. If you click on the link you are taken to a form asking for your banking or credit card information, often to “verify your identity” before you can claim your fake reward. These same notifications may pop up on your device repeatedly, until they are clicked or deleted.

As Maria Vergelis, a security researcher at Kaspersky explains, “The ‘calendar scam’ is a very effective scheme, as currently people have more or less gotten used to receiving spam messages from e-mails or messengers and do not immediately trust them. But this may not be the case when it comes to the Calendar app, which has a main purpose to organize information rather than transfer it.”

Phishers can use the same calendar strategy to invite you to a fake meeting and send you a link “to RSVP.” As TechRadar warns, “These fake invitations could include a malicious link that could not only be used to steal login credentials (like a standard phishing attack), but also to provide other sensitive information, such as how to gain access to a building where the ‘meeting’ is due to take place.”

Google is aware of this problem and is “working diligently to resolve this issue” according its online help forum. At the moment, however, there’s no estimated timeline for when people can expect a fix. 

How to Protect Yourself from the Google Calendar Phishing Scam

Google Calendar users can protect themselves against unwanted invites that are part of the Google Calendar phishing scam through the Google Calendar app itself.

  1. In Google Calendar, click the “gear” icon on the top right and select Settings.
  2. Scroll down to Event Settings and select the option “No, only show invitations to which I’ve responded.”
  3. Also, under View Options, make sure that “Show declined events” is unchecked, so those events don’t continue to show up even after you’ve rejected them.

Unfortunately, these precautions aren’t perfect, because they limit some Google Calendar functionality, but it’s better to be safe than sorry.

What Comes Around

In 2016, Apple Calendars were affected by a ploy that was a harbinger of the Google Calendar phishing scam. During the holiday season some Apple Calendar users received a flood of spam invites to holiday sale events for major brands including Ray-Ban®. There were warnings at that time that cybercriminals could use similar methods to send phony invites with links to viruses, and for identity theft. It took a few years, but it seems those predictions were right, but with spammers using Google Calendars.

Protect Yourself with Single Path

Being smart about technology is the first step toward protecting yourself and your organization from schemes such as the Google Calendar phishing scam. For example, our earlier article Have I Been Hacked? 6 Ways to Tell If You’ve Been Hacked can help you detect if your computer has been hacked. Also, if you know how to perform a routine cyber security risk assessment, you can figure out your technology vulnerabilities, and take proactive action now. At Single Path, that’s what we do every day: give training to staff, offer numerous security solutions to stay out of cyber-trouble, and provide consulting services on how to recover when cyberattacks happen. Let us help you and your organization stay safe, and scam-free.

Ask us how to get started.

SharePoint vs. OneDrive for Business: Which is Right for You?

Nearly all North American organizations (97 percent) use the cloud, whether for back up protection or big data analytics. Cloud file storage in particular is popular due to its easy storage and retrieval of files, 24/7, from anywhere and on any connected device. Companies have many platform options for cloud storage, but two of the most popular are SharePoint and OneDrive, both from Microsoft. There is a lot of confusion over the differences between SharePoint vs. OneDrive for Business. Let’s evaluate the five key components of these two document management systems to help you make an informed decision on which is best for your organization.

But First, What is SharePoint vs. OneDrive for Business?

Launched in 2001, SharePoint provides storage and lots more, letting users collaborate on files, documents and projects. It comes with a large range of document libraries, task lists, calendars, workflows, wikis and other features, all from a shared company web portal. 

OneDrive for Business is, in essence, a simplified version of SharePoint. (There are differences between the personal and business versions of OneDrive, but we’ll focus on the business version here.) With OneDrive, files that would usually be saved to a folder on a user’s work desktop or laptop can now be stored on the cloud, without a lot of extra bells and whistles.

  1. Collaboration and Document Management
    SharePoint was designed specifically as team collaboration software for businesses that need multiple individuals and teams to work on documents and products at the same time. Features like a mailbox, custom lists and web pages are all part of the platform. Users access SharePoint via a branded company page that can include news, calendars, tasks and more. SharePoint provides countless options for integration and customization. 

    OneDrive is typically used by individuals and business teams who need a central location to store and access files, and not much else. As a user, you are assigned a personal account in which to keep your individual documents. When you want to share a document, you email links to your team members.

  1. Web Publishing
    Many companies use SharePoint’s engine to build and maintain their company website, internal documentation and even web apps. By publishing documents directly to the organization’s branded website, you can make them available for access and download by customers or employees. There are also internal analytics tools to build help documentation, FAQ pages, add customizable features and more 

    With OneDrive, while you can email links to documents, you cannot publish those documents directly to a web page from the OneDrive platform. You’ll need Office 365 or another CMS/website platform to publish your work publicly.

  1. Security
    SharePoint provides much greater control of user access. You can specify various access privileges to restrict which team members are allowed to view certain files or information. This is a great option for sharing information within teams or divisions, and restricting what information can be shared outside these groups. 

    With OneDrive, any user with the right link can access your files without logging in. This increases the chances of confidential data loss or theft.

  1. Setup and Training
    With SharePoint, you need the right expertise to set it up correctly. This means you may need to consult IT specialists who are more familiar with the software. SharePoint also requires training to fully understand it, and use it. 

    OneDrive is intuitive; most users with web or file sharing experience can get started immediately.

  1. Pricing
    SharePoint has high monthly costs, and the initial cost of infrastructure, license and customization can also be substantial. 

    You get what you pay for! While both OneDrive and SharePoint have subscription models, OneDrive fees are significantly less expensive.

SharePoint vs. OneDrive for Business–Which Should You Choose?

If you’re looking for collaborative document management system for your business, SharePoint may be the ideal solution. But if you’re looking for individual back up protection and storage only, OneDrive should do the job. If you’re still unsure when deciding between SharePoint vs. OneDrive for Business, it might be better to consult an expert. At Single Path, we regularly meet with small-to-medium size businesses, schools and other organizations to determine the optimal solutions for their unique needs, from managed cloud services to security solutions. We’ll find the best service providers, reduce costs, improve accessibility and back it all with attentive, personalized support. We help you make a smart choice when looking at SharePoint vs. OneDrive for Business, and more.

Ask us how to get started.

On-Premise vs. Cloud Storage: Which is Best for You?

On-premise storage means that you use your own server hardware and software, likely stored in your building, to house your data. Cloud storage, on the other hand, resides in remote servers across town or across the country. Which option is best for your organization? Let’s look at the advantages and disadvantages of on-premise vs. cloud storage.

Initial Costs

On-premise data storage necessitates high startup costs. Each server will cost thousands of dollars, and you may need to hire a professional IT company to set it all up. Evaluating, purchasing and installing the equipment may also be time consuming: it may take months to fully integrate a new server.

The cloud, however, demands far less of an initial financial investment, and can typically be launched immediately.

The On-Premise vs. Cloud Initial Costs Winner? Cloud storage. Easy.

Extra Costs

On-premise costs are unpredictable, such as repair costs, which can be excessive. Systems also must be upgraded regularly and require regular maintenance. Some companies delay or avoid that regular maintenance which can eventually lead to operational downtime and loss of data.

On-premise storage costs also include:

  • Powering a single server, for instance, can cost over $1,000/year, per server.
  • The cost of ongoing depreciation, and server replacement can be substantial. Servers typically last for about six years, after which they may become obsolete and need to be replaced.
  • Mainframe equipment, for example, may need a full-time IT professional or a team to manage servers and troubleshoot.

Cloud storage providers, on the other hand, have a very different payment model. They charge by the amount of data you need stored, charging you a set fee every month, like a subscription. Generally, that will be your only cost, as the provider is responsible for upgrading its technology and installing the latest security protocols, upgrades and advances. The savings can be substantial: SherWeb conducted a study in which it found the average cost of an on-premise server was $1,476.31 per month, while the average cost of a cloud server was $313.90 per month. But, high storage needs means high fees. Organizations that need several Petabytes of data storage often find monthly cloud services costs are so high they’re prohibitive.

The On-Premise vs. Cloud Extra Costs Winner? Probably the cloud, but It depends on how much storage you need.

Scalability

On-premise scalability can be difficult. If your data storage demand grows, new equipment may need to be ordered, paid for, and installed before the storage can be used. When you include labor, testing and downtime while making the upgrades, the costs and time add up. If you need to reduce your storage, you’re still stuck with the same equipment.

With cloud storage, however, more storage means simply purchasing more storage space, which you can use immediately. You can also reduce your storage needs, and monthly fees, when you don’t need as much storage. However, you’ll want to check that storage amount every now and then. Many organizations tend to overbuy their cloud storage space. A 2017 report from RightScale showed that $900 million of cloud storage spend was wasted every year.

The On-Premise vs. Cloud Scalability Winner? Cloud storage, but only if you buy the right amount of storage.

Security

On-premise storage may be more secure, but not always. First of all, no storage is going to be 100% effective at keeping data safe. But local servers are less accessible to hackers than cloud storage (breaches across the cloud are regularly reported by the media). And a survey from Nexsan found that only 58% of IT professionals “considered access to files away from the office to be ‘private and secure’.” And when it came to sharing files outside of the business, only 3% did. Local servers are also at risk from fire, natural disaster and theft.

Cloud security, on the other hand, can be impressive. According to the Annual Cloud Computing Survey (2017), U.S. businesses using the cloud rank its security as a top benefit. And nearly 70% of U.S. businesses that use the cloud feel more comfortable storing data there than on a legacy system. Encryption and other security tools can go a long way to making cloud storage more secure.

The On-Premise vs Cloud Security Winner? Clearly, it depends on who you speak with, but if you use a trusted vendor, like Single Path, to set up and manage your cloud storage, you should feel confident your cloud storage is just as safe as keeping it local.

Accessibility

In 2017, 43% of Americans spent at least some of their time working remotely (According to the NY Times), and that number is rising. The ability to work off-site has been shown to increase productivity, operational efficiency and business agility.

For on-premise storage, however, accessibility is limited. Getting and sharing files can be slow and difficult.

With cloud computing, accessibility is a major advantage. Since data exists “in the cloud” any gadget connected to the Internet can access it, anywhere, at any time.

The On-Premise vs. Cloud Accessibility Winner? This is an easy one. Cloud computing.

The On-Premise vs. Cloud Storage Winner Can Be You

While cloud storage has many advantages in many areas, this doesn’t necessarily mean it’s right for you. While most small-to-midsize companies will find significant cost savings with cloud storage, others may find their exorbitant amount of data makes cloud storage too expensive. If you’re unsure, call us. At Single Path, we help clients navigate their server options every day, including helping them get on the cloud, secure their data, and modernize their systems. We provide Managed Cloud Services for many organizations, from businesses to school districts. So, which option, on-premise or cloud storage, is best for you? Call us and let’s find the best solution.

Surviving a cyber breach – Free Webinar

It started as just a normal day . . . then you learn, you’ve been breached!  Now what?

Join us on June 26 from 10-10:30AM to walk through what can happen after a cyber breach, steps for recovery, and things you can do today to lower your risk.

ALL ATTENDEES RECEIVE A FREE BOOK:
Secure Enough?: 20 Questions on Cybersecurity for Business Owners and Executives, by Bryce Austin.

Register here