All About 5G, and How 5G Will Impact Small-to-Medium Size Business

There’s a good chance you have heard of 5G technology, and also a good chance you don’t really know what that means. Then again, you probably didn’t know what 3G and 4G meant, either. If so, you might be wondering what 5G is, and how 5G will impact your business or organization.

What 5G Can Do

Before we can look into how 5G will impact small-to-medium size business, we need to discuss 5G’s capabilities. 5G stands for the fifth generation of cellular networking, and its main advantage is speed—blurringly fast mobile speed. In fact, it’s expected that 5G will download data 20x faster than the current 4G cellular technology. Actually, that might be an understatement. The Chicago Tribune recently reported that 5G “can run between 10 and 100 times faster than your typical 4G cellular connection today.” But speed is just one of its many advantages, which also include:

    • Lower Latency
      Latency refers to the delay or lag between when we send an instruction with our phones or other devices, and the data transfer. With 4G networks, latency is typically around 40-50 milliseconds. With 5G it will be 1 millisecond or less. This will particularly benefit AI and virtual reality. As a result, most experts expect a rapid expansion of these technologies.
    • Greater Capacity
      5G can run many high-demand applications all at once without interruptions—which means you can use your apps, plus IoT (Internet of Things) devices plus stream HD video and so on, all simultaneously and without network slowdowns.
    • Better Connectivity
      Most of us have experienced the frustration of slow download speeds and uneven connectivity, a problem that is especially acute in major cities. 5G, however, will add huge amounts of spectrum in bands that haven’t previously been used for commercial broadband traffic. As a result, 5G should be able to support up to one million connected devices per square kilometer.

How 5G Will Impact Business

PSB Research surveyed over 3,500 people including business decision leaders, analysts and tech enthusiasts on how 5G will impact business. The results showed great excitement about 5G technology, and found:

  • 91% of those surveyed expect to see the invention of many new products and services
  • 87% expect new industries to emerge
  • 82% expect small business growth and more global competition
  • 85% expect it to make companies more globally competitive
  • 89% expect increased productivity

5G’s impact on virtual reality alone will have a tremendous impact on SMBs including enhancing the online shopping experience, reinventing doctor visits, and enabling remote sales support and the use of smart screens in retail environments. Holographic salespeople? 3D demos? They may all become reality sooner than you think.

5G may also dramatically change the workplace. While remote working is fairly widespread, it is still limited in many ways, partly due to technological limitations. Conference calls can be awkward, and speaker phones make communication often difficult to understand. But with the improvement of virtual reality, workers can meet online, and interact as if they were in the same room.

One more benefit is the wealth of information such connectivity makes possible. Web analytics company Izenda reports that the expanded interconnectivity delivered by 5G will allow greater data sharing from cameras, drones, sensors and IoT, providing many more ways to collect and analyze data from users.

The Adoption of 5G

According to global payments provider Veem, 5G may usher in a “new era of digital transformation powered by lightning-quick phones, enhanced virtual and augmented reality, the Internet of Things, and countless more technological wonders.” 5G technology website 5g.co.uk says, “Finally, with 5G, businesses will have constant unbroken access to a fast, reliable internet connection. To all intents and purposes, it will be like having an extremely good Wi-Fi hotspot covering the entire developed world.”

It has been estimated that 50 percent of U.S. consumers will have access to 5G within the next five years. With the expected improvement of connection speed, website traffic, and reliability, the technology possibilities are endless; many are sure to surprise us. It also means that early adoption of 5G tech could be critically important for your business, especially if you want to incorporate new consumer services and solutions that might involve AR and VR tech.

If you have any additional questions on 5G technology and how 5G will impact your business or organization, contact one of the tech experts at Single Path. We work with small-to-medium sized businesses, schools and other organizations to help them use, understand and implement the best technology for their needs, including mobility services such as voice and messaging and video conferencing.

Contact us to learn more.

Which is the Most Secure Browser for Safety and Privacy Protection?

With so much of your information online, your privacy is always at risk. Using a is an important first step to keeping confidential information safe. For example, your browser may house your browsing history and login credentials, can have cookies and other trackers, and contain autofill information like your credit card numbers. The most secure browsers have customizable security features and regular updates, but they also must be user friendly. Which are the best? Let’s look at ten browsers including some of the safest, and most popular.

Brave

Brave is ranked as the most secure browser by BestVPN.org, a VPN review site. A relatively recent Chromium-based browser, Brave offers a bunch of features, including a password manager, a script blocker and one-click anti-fingerprinting functionality. It particularly excels at blocking ads and tracking cookies. Brave is open-sourced, which means the code can be thoroughly researched and scrutinized by the Internet community to ensure there is no hidden tracking or anti-privacy spyware. Brave also supports most Chrome extensions, which (as we’ll explain in a moment) is both a blessing and a curse.

Brave is available for Windows, macOS, Linux, Android and iOS.

Chrome

Google Chrome controls nearly 65% of all web browsing, followed by Safari (at around 16%), and then Firefox at around 4%.

Chrome gets high marks for security, and offers continual security updates, which is excellent. But Google is also notorious for data collection, tracking and other privacy violations. One blogger found more than 11,000 cookies that would have been placed on his Chrome browser after just a week of surfing (all of which were automatically blocked by Firefox, which we’ll discuss below). Since Chrome is not an open-source browser—Google is somewhat notorious for their tech secrecy—it’s impossible to know everything they are tracking. They offer many security and privacy preferences, but it takes a great deal of time and effort to research them. There are many user-friendly Chrome extensions, but these are also a constant target for hackers and malware, and can introduce viruses and spyware, making it far from the most secure browser.

Chrome is available for Windows, Linux, macOS, iOS and Android.

Chromium

Chromium is a 100% open source project created to provide a Google Chromium browser, without Google’s privacy issues: settings require manual activation rather than Chrome’s default settings. It receives security updates nearly every day—an unmatched frequency—but since each have to be manually installed, users need to be vigilant. Because Chromium is so tightly affiliated with Chrome, and uses basic Chrome functionality, it is highly user-friendly. But that also means it is still susceptible to many of the same malware infections as Chrome, including being flooded by pop-ups and unwanted re-directs.

Epic

The full name of this browser is the “Epic Privacy Browser,” and according to its website it “blocks ads, trackers, fingerprinting, crypto mining, ultrasound signaling and more.” Every privacy setting is turned on by default and they send “Do Not Track” requests, block cookies, ads and data-tracking web analytics systems.

Epic doesn’t offer auto-syncing, spell-check, auto-fill, any plug-ins, and does not store your history, login data or databases. While this all makes Epic extremely secure, it also makes it impractical for most daily use. One additional concern: Epic has been claiming they would open source the code since 2014, but they still haven’t. Why? Some experts are suspicious.

Epic is available for macOS and Windows.

Firefox

Online privacy and security website Restoreprivacy.com rated Firefox as the best browser for privacy and security. It is also rated as the most secure browser by bestantiviruspro.com and nordvpn.com. Firefox is the only mainstream open-source browser. Like most other major players, it offers a private browsing mode that includes malware and phishing protection, pop-up blocking and anti-fingerprinting protection. It doesn’t gather data, doesn’t show targeted ads, is frequently updated and has many easily-customizable privacy settings. On the negative side, it is not quite as fast as the more popular Chrome.

Firefox is available for Windows, macOS, Linux, Android and iOS.

Microsoft Edge

Microsoft Edge replaced Internet Explorer, a infamously poor browser for security, as Microsoft’s Windows optimized web browser. Edge is only updated twice a year, which means it’s vulnerable to the latest malware and viruses.

Edge does have some nice security and privacy features, but mostly the ones everyone else provides such as the ability to block pop-ups. It has limited extension support which means there is less of a chance of installing malware, but limits its user friendliness.

Edge is available for Windows, Windows Mobile, Xbox One, Android and iOS.

Opera

Opera is a popular browser that boasts a variety of security features such as fraud and malware protection as well as script blocking. It offers updates every four or five weeks, which is excellent. But it is not close to being the most secure browser, mainly because it is owned by a China-based company who collects and monitors user data and regularly share that data with third-parties. While users can add some additional layers of privacy and protection by customizing settings, it can be complicated to set up.

Opera is available for Windows, macOS and Linux.

Safari

As the default web browser for all Mac and OS systems, Safari is the second most popular web browser in the world, although it is only a fraction of the size of Chrome.

Safari has plenty of small but useful features like a password generator, machine learning based protection and anti-fingerprinting tools. It also runs your tabs in separate sandboxes (keeping different programs separate from one another), which helps prevent malicious code from accessing your data.

Safari offers a private browsing mode, as do many other browsers, but Apple has been caught collecting browsing history even with private browsing on, which is worrisome. Safari is partly open-sourced, but not all of it.

Safari is available for macOS and iOS.

Tor

The Tor browser Is endorsed by Edward Snowden, and is often associated with the dark web. The browser blocks Flash, RealPlayer, QuickTime and other plug-ins that can be manipulated into revealing your IP address. Tor also protects you from tracking and automatically clears your cookies and history.

With Tor, all your traffic is encrypted three times and is decentralized and operated by volunteers. This makes it possibly the most secure browser available. But while all its elaborate decentralization means you get unmatched privacy protection, it also slows things down substantially. In fact, the slow connection speed makes Tor impractical for everyday use.

Tor is available for Windows, macOS and Linux.

Vivaldi

Vivaldi calls itself “The Browser that Puts You in Control” due to its highly customizable interface and functionality. Its extensive customization options also extend to its privacy settings, which are numerous. You can, for example, set different default search engines for when you’re using regular and private browsing modes, and create different security settings for both.

Vivaldi is compatible with most Chrome browser extensions, which is good for user friendliness, but also means it can be infiltrated with malware. Vivaldi also offers end-to-end encryption for syncing between devices, but it does not yet have mobile device support which is a major problem. Also questionable: Vivaldi collects IP addresses and stores them on their database in Iceland. They claim this is done merely to determine their total number of users, but some experts are wary.

Vivaldi is available for Windows, macOS, Linux and Android.

Single Path can help you find the most secure browser for your needs.

From helping you find the most secure browser that’s best for your organization, to assessing your desktop security risks, the certified and highly skilled security specialists at Single Path are here to help assist you. Let us help provide the network security solutions and advice you need to protect your business, your school, or yourself.

Contact us to learn more.

IaaS vs. PaaS vs. SaaS: Which One is Best for Your Business?

As more and more organizations consider switching their business assets to the cloud, it is important to understand the differences between the three models of cloud service: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). By comparing IaaS vs. PaaS vs. SaaS, you can choose the best model for your organization.

IaaS vs. PaaS vs. SaaS

As you can see with the below diagram, with an on-premises, non-cloud system your organization takes care of everything, from the servers to the software. With IaaS, your servers and storage are taken care of with virtual, cloud servers. With PaaS, cloud service providers also supply the middleware. And with SaaS, third party providers supply everything, including the software.

IaaS_PaaS_SaaS

Let’s take a deeper look into each option.

IaaS: Infrastructure as a Service

IaaS is sometimes referred to as “your data center in the cloud.” With the IaaS model of cloud services, third party providers host virtual hardware equipment such as servers and storage systems. IaaS providers may also take care of associated services such as ongoing system maintenance, data backup and business continuity.

Organizations that use IaaS are typically billed on the amount of storage they need, which are tabulated by the hour, week or month, depending on the service contract. This makes IaaS platforms highly scalable IT resources. If your organization grows, you simply need to pay for more storage rather than buy costly hardware. If your organization shrinks, you can reduce that storage. You also don’t need to maintain an IT staff solely dedicated to run servers.

This model is particularly attractive to small businesses and startups that may be growing, and companies that experience temporarily high workloads, like retailers during the holiday shopping season. However, you have to be careful to monitor your usage. In the metered world of IaaS, you only want to pay for what you need.

Examples of IaaS include Amazon Web Services (AWS), Microsoft Azure and Google Compute Engine (GCE).

IaaS offers many advantages, including:

  • Easy to automate storage, networking, servers and processing power
  • Avoids wasteful spending because server/storage is based on consumption
  • Clients retain complete control of their infrastructure
  • Highly scalable

PaaS: Platform as a Service

Platform as a Service (PaaS) delivers a platform to clients, which lets them develop, run and manage their business applications. Like IaaS, PaaS comes with virtual servers, storage and networking. But with PaaS, developers also have the tools to build customized software without having to worry about operating systems, software updates, storage or the underlying infrastructure.

PaaS is a pay-as-you-go service.

PaaS has many advantages, including:

  • Resources can easily be scaled up or down as business changes
  • Saves time and money with developing or deploying in-house apps, and significantly reduces the amount of coding needed to create them
  • Streamlines application management, and lets multiple developers work on the same project more efficiently

Examples of PaaS include Google App Engine, OpenShift, AWS Elastic Beanstalk and Windows® Azure.

SaaS: Software as a Service

When you consider IaaS vs. PaaS vs. SaaS, Software as a Service is likely the most familiar to you. This is the most common cloud model used by businesses, and provides a wide variety of individual software applications such as email and collaboration, customer relationship management (CRM), billing/payroll processing, sales management, human resources management, financial management, database management, enterprise resourcing planning (ERP), content management and document editing and management.

Organizations typically pay for SaaS applications via a subscription fee on a monthly or annual basis, often based on the number of people using the application, or the number of transactions that are run. Because of this fee structure, one of the major advantages to SaaS is its ongoing scalability and the ability to add or subtract users as needed. Since the apps are delivered via the web, SaaS also eliminates the need to have IT staff available to download and install applications on each individual computer, and third party vendors manage all potential technical issues. This allows IT staff to spend their time on more pressing, organizational matters.

Examples of SaaS include Google Docs (and many common Google apps such Google Calendar), DropboxTM, Cisco WebexTM and Salesforce.

SaaS has many advantages, including:

  • Applications can be accessed anywhere, and on mobile devices
  • Organizations can access many applications, including those used infrequently
  • Apps are always kept up-to-date; no need to install patches or updates
  • Scalability and cost savings

IaaS vs. PaaS vs. SaaS

Each cloud model, whether you are considering IaaS vs. PaaS vs. SaaS offers specific features and functionalities. Whether you need cloud-based software for storage options, a platform to develop customized applications, or complete control over your entire infrastructure, there is a cloud service option for your organization.

Still not sure? At Single Path, we work with many small-to-medium sized businesses, school districts and other organizations to help them find the cloud services best for them.

Contact us to learn more about how to move your assets to the cloud.

Six Major Benefits of Using Technology in the Classroom

Benefits of Using Technology in the ClassroomThere are many benefits of using technology in the classroom, and its use gets nearly universal acclaim from educators. According to the study Education Technology Use in School, from Gallup and the non-profit NewSchools Venture Fund, more than eight in 10 teachers (81%), principals (88%) and administrators (92%) agree that they see “great value in using digital learning tools in the classroom.” Even higher numbers of teachers, principals and administrators see great value in using tech tools in the future.

The benefits of using technology in the classroom isn’t merely anecdotal. An analysis published in Review of Educational Research found that classroom technology led to statistically significant performance improvements in English language arts (ELA), writing and middle school science (though science scores improved more for boys than for girls). Also, students from low-income backgrounds and homes where English is a second language saw improvement in scores across a variety of subjects. In some cases, these students improved test scores in writing more than their better-off peers.

The benefits of using technology in the classroom are many, and are significant. Those benefits include the following six:

  1. Better Access to Learning

No longer does the size of the school dictate the amount of resources available to its students. Regardless of where a school is located, how big it is, and how well funded it is, a world of knowledge is available to nearly every child (and teacher’s) fingertips. As business technology review site TrustRadius puts it, “With information at the tips of our fingers, learning is now boundless.” Tech-savvy teachers can even use technology to present ideas beyond the chalkboard or written page, such as by introducing activity models, and interactive controls for students.

  1. Increased Teacher Collaboration

Technology lets teachers collaborate and share ideas and lesson plans online. There is a vast and vibrant global teacher community, giving proactive educators many opportunities to tap into new ideas and strategies, and to provide students with additional resources. According to the website Schoology Exchange, one of many collaboration sites for teachers, “The beauty of collaboration is not only the ability to tap into various perspectives and ideas, but also to share responsibility for our students’ learning. The more people invested in a student’s education, the better the chance that student has to be successful.”

  1. Improved Parental Involvement

Most guardians today have extremely busy schedules and may not have the time to assist their children with homework, or come to class for parent-teacher conferences. With technology tools, however, parents may be able to meet with teachers via web conferencing, or check their child’s attendance, assignments and grades through web portals like PowerSchool.

  1. Money-Saving

Technology can be pricey, but it can also open the door to educational experiences that would otherwise be impossible, or cost significantly more money. For example, virtual field trips and virtual labs let students explore new frontiers without leaving their desks, and electronic documents, emails, electronic textbooks and other online resources lets schools save money on books, paper, printing and more—while still providing students with enriching educational resources.

  1. Students are More Engaged

According to the Center for Teaching and Learning, “Research has demonstrated that engaging students in the learning process increases their attention and focus, motivates them to practice higher-level critical thinking skills, and promotes meaningful learning experiences.” Fortunately, technology can play a major role in providing new and playful ways to learn. For example, videos or live streaming content can offer students a new perspective, and make a concept or subject easier to understand. These videos are often more entertaining and engrossing than classroom instruction. Per the Education Technology Use in School survey, more than half of all students say that technology makes school more interesting, 42% of students would like to use technology more often at school, and only 8% said they would like to use technology less.

  1. More Personalized Learning

Customized, personalized learning is critical to student success. In fact, according to a survey conducted by the Center for Digital Education (CDE), personalized learning is the No. 1 educational technology priority around the country, including digital curriculum in classrooms, computing devices in classroom, and professional development in personalized learning practices. The Education Technology Use in School survey reports that most teachers (57%), principals (65%) and administrators (73%) think digital learning tools are more effective than non-digital tools for personalizing instruction.

Getting the Benefits of Using Technology in the Classroom with Single Path

While technology can improve learning, students need access to that technology regardless of income levels and other factors. At Single Path, we work with schools and school districts across the country to ensure they can take advantage of all the benefits of using technology in the classroom. Our educational consulting services help schools make smart technology choices, and implement them effectively. We help provide technology that engages students, and puts schools on a better path to forging students’ futures.

Contact us to learn more about enhancing your school’s performance with technology.

 

What You Need to Know About Kari’s Law and Ray Baum’s Act

We’re thrilled that Kari’s Law and Ray Baum’s Act have both passed. These two new laws work together to ensure greater access to 911 and emergency services. We believe they will keep people safer, including business employees and students. If you’re not familiar with these new laws, you need to be.

What is Kari’s Law?

was inspired by a tragic event. In 2013, Hank Hunt’s daughter, Kari, was attacked and killed by her estranged husband in a Texas hotel room. Her nine-year-old daughter Brianna was in the room at the time, and Brianna dialed 911 from the hotel room repeatedly as her mother was attacked.

Hank Hunt describes the horrific scene: “Brianna pushed her little brother and sister out into the hallway of the hotel. And she proceeded to call 911 and couldn’t. I think she said she called twice and she would go and kick and knock on the bathroom door and tell him to stop, scream at him to stop and things like that. It was a — she heard it all. She heard everything.”

As it turns out, none of her 911 calls went through because hotel guests were required to dial a “9” to place an outside call, even for 911.

So, in large part due to Hank Hunt’s tireless efforts, Kari’s Law was passed in early 2018, so that a “9” is no longer needed for emergency calls from multi-line systems like hotel phones.

Multi-line telephone systems (MLTS) are also common in buildings, hospitals, office campuses and schools. All of these lines must have direct 911 dialing capability by February 16, 2020.

In addition, Kari’s Law requires all installed multi-line telephone systems (or MLTS) must provide instant notification to a front desk, security office or another designated, on-premise person that a 911 has been called. This notification will not only help the designated person quickly lend a hand, but let them know they need to quickly escort emergency personnel where they’re needed (through front doors, elevators, into key-carded areas, etc.).

What is Ray Baum’s Act?

Named in honor of the late Energy & Commerce staff director who passed away in 2018, this act addresses the need to more accurately locate 911 callers with multi-line telephone systems. Usually, when you call 911 from your home, your street address is passed along to emergency responders automatically. But in a building with multiple floors and rooms, this isn’t always the case, we do have special places connected such as several home cares like the Home Care Assistance in Raleigh which has doctors already prepared or any emergency.

Ray Baum’s Act creates rules to improve the dispatchable location information associated with emergency calls for both MLTS services and interconnected VoIP services. This information can include building, floor, suite or conference room. On a sprawling campus, for example, all calls might be routed to the front desk of the main building. This would not provide very accurate location information for responders.

Many organizations will need to update their phone configurations to be in accordance with the law.

A Partner One Step Ahead

With Kari’s Law and Ray Baum’s Act, the FCC is continuing its recent trend of bringing newer technologies to emergency services. As such, all providers of newer communication technologies, and their clients, should carefully and continuously review their service offerings and emergency services communication capabilities. At Single Path, we look at our clients’ security and ability to adapt to future demands seriously, which is why we’re always looking at new and better ways to protect, assist and support our clients, from internet security solutions to consulting services.

Contact us to learn more about working with Single Path.

Why Schools Are Now More At Risk From Ransomware Attacks

Ransomware attacks—when hackers use malware to lock organizations out of their own computers until a ransom is paid—grew by 118% in 2019 across all sectors, according to McAfee. But ransomware attacks have hit schools and school districts particularly hard. In fact, it was recently reported that 54 school districts and colleges, accounting for more than 500 schools, were hit by ransomware attacks over the first three quarters of 2019. That includes 15 school districts and more than 100 schools over a two-week span in September.

Those numbers, while alarming, might actually be low. Antivirus maker Emsisoft released a similar report. They claimed to have identified 62 ransomware incidents impacting more than 1,000 schools and higher education institutions over the same time period.

Ransomware Attacks are Getting Worse

A recent report by BakerHostetler, a national law firm with considerable expertise representing firms hit by ransomware attacks, has also recently warned of a sharp increase in school district attacks. What makes the recent ransomware attacks particularly alarming is the increase in intensity and costs. In previous years, a ransomware attack might have hit one or two devices in an organization. More recent attacks have hit dozens or hundreds of devices simultaneously, effectively shutting down all the organization’s operations. The amount of money demanded has also gone up. While during the last few years the average ransom paid was less than $50,000, recent ransomware attacks have demanded payment in the hundreds of thousands, or even millions of dollars. For example, Rockville Centre School District in New York had to pay nearly $100,000 after ransomware shut down its network in August, according to CBS Channel 2 News.

Other examples include:

  • Hackers shut down Crowder College in Neosho, Missouri demanding 1.6 million dollars. The college did not pay, and as a result, students went for months without Wi-Fi in dorms, use of their computer labs, access to emails and more.
  • Louisiana public schools have been hit by a number of ransomware attacks, causing Governor John Bel Edwards to declare a state of emergency in July, and again in November.
  • Moses Lake School District, which encompasses 16 schools in Washington state, was hit with a ransomware demand for $1,000,000. Rather than paying, they restored servers from backups, but lost about five months of data.
  • As we reported in an earlier blog post, the Leominster Public School district not only paid $10,000 to decrypt files after a ransomware attack, but it then had to spend more than $400,000 to update their system to ensure it couldn’t happen again.

Ryuk Amok

Of all the recent school ransomware attacks, approximately one third of them have been caused by the Ryuk ransomware, one of today’s most active ransomware strains. Ryuk was created by the Russian eCrime group WIZARD SPIDER and they have successfully extorted millions of dollars (payable via Bitcoin) since Ryuk was first introduced in September 2018.

There seems to be little geographic communality for these attacks, as Ryuk ransomware attacks have hit schools in Missouri, Pennsylvania, Ohio, Nebraska, Florida, Illinois, Georgia, Oklahoma, Virginia and Washington. None have been targeted at schools in Connecticut, although that state has the dubious honor of suffering the most school ransomware attacks with 104 schools being hit.

Why Are Schools Being Targeted by Ransomware Attacks?

Schools may seem like an odd choice for these cyberattacks, as many are already struggling with meeting their budgets. But as cybersecurity company Blue Bastion explains, their tight budgets actually work against them, since that also means many institutions have limited funds for IT staff and infrastructure. Most primary schools, junior high schools and high schools typically focus their IT budgets on equipment for faculty, equipment for student labs, and basic networking—and not cybersecurity.

Secondly, many educational institutions have to satisfy many different users including faculty, staff, labs, student Wi-Fi access and so on. This not only leaves security holes that can be easily exploited, but because computer access is so important to so many different subgroups, schools need to resolve problems quickly or face wide-spread disruption.

What Options Do You Have?

Organizations hit by a ransomware attack have only three options:

  1. Restore systems from available backups. This is the least costly approach, but is only viable if backups are routinely kept, and if they were encrypted (and so not affected by the attack).
  2. Pay the ransom to obtain a decryption tool (and hope the hacker fulfills his or her side of the bargain).
  3. Continue operations without using any of the encrypted data—an option that is not always feasible and, at best, creates significant and long-lasting issues that cannot easily be resolved.

What You Should Do Now

The most important thing you need to do … is not to sit on your hands doing nothing. If you’re not backing up your data, you need to start immediately. If everyone with computer access is not following best practices for security, you need to educate them. At Single Path, we help many organizations prepare for such problems, such as creating the secure infrastructure and developing the response processes for when an attack happens. From security solutions to consulting services we can help you stay safe and prepared.

Ask us how to get started.

What You Need To Know About Windows 7 End of Life

If your organization uses Windows 7 you are probably already aware Microsoft plans to discontinue this popular operating system beginning January 14, 2020. Windows has taken every opportunity to remind you of the Windows 7 End of Life event. After January 14, Microsoft will no longer offer technical assistance or software updates for Windows 7, including updates that help protect PCs from new cyber threats. If you’re a Windows 7 user, what does this mean for you, and what do you need to do before January 14?

Why is Windows 7 End of Life Happening?

Microsoft says they need to end Windows 7 support so they can focus on newer technologies. Windows 7 is 10 years old after all, which is about 200 years old in tech-years. But Windows 7 also remains incredibly popular, with recent reports showing that Windows 7 is still being used on more than 37% of all PCs.

Microsoft actually started the Windows 7 End of Life process by ending mainstream support on January 13, 2015. At that point they stopped adding new features and honoring warranty claims. However, they have still provided regular patches and updates to ensure security issues and bugs are fixed. That will no longer happen after January 14. The termination of support for Windows 7 comes just after Microsoft introduced Windows 10, and Microsoft wants you to upgrade to the new system, boasting that their Windows 10 software is the most secure Windows ever. But should you?

What’s the Big Deal? I think I’ll Keep Windows 7.

While your Windows 7 operating system will still work after January 14, the lack of security patches is a real concern. As PC Place points out, “The biggest issue with continuing to use Windows 7 is that it won’t be patched for any new viruses or security problems once it enters End of Life, and this leaves you extremely vulnerable to any emerging threats. What’s more, if a large number of people continue to use Windows 7 after the End of Life date, that could actually be a big incentive for malicious users to target viruses and other nasties at Windows 7.”

That Sounds Bad. What Are My Options? 

  1. Upgrade to Windows 10

Upgrading from Windows 7 to Windows 10 is by far be the easiest transition for your organization in response to Windows 7 End of Life. As TechRadar reports, “because both operating systems are made by Microsoft the upgrade process is relatively easy, and in many cases you can keep your files on your PC. This means you’ll experience the minimum of disruption when upgrading to Windows 10.”

And most reviews of Windows 10 have been positive, with the new system offering a number of new features including facial recognition, faster start-ups, “ink-accelerated technology” with a stylus, and new editing tools for photos and videos.

One of the biggest problems, however, is the possible expense involved—and purchasing the new operating system is only a fraction of that cost. You see, you might also have to buy everyone a new computer. As Microsoft says: “The best way for you to stay secure is on Windows 10. And the best way to experience Windows 10 is on a new PC. While it is possible to install Windows 10 on your older device, it is not recommended.”

Here are the minimum hardware specifications for Windows 10:

  • Processor:1 gigahertz (GHz) or faster processor or SoC
  • RAM: 1 gigabyte (GB) for 32-bit or 2 GB for 64-bit
  • Hard disk space: 16 GB for 32-bit OS 20 GB for 64-bit OS
  • Graphics card:DirectX 9 or later with WDDM 1.0 driver
  • Display:800 x 600 resolution

If all of your organization’s computers have those specifications, you’re set for your Windows 7 End of Life software purchase and transition. If not, however, you need to upgrade your hardware before you switch. And while prices continue to go down on many computer models, this can still be a sizable investment.

  1. Upgrade to a different operating system

Windows may be the most popular PC operating system, but it’s not the only one. For example, Linux has been around since 1991, and is a completely open source system (meaning it is free). Apple is also an option, although that will also necessitate brand new hardware, and many of your programs might not be compatible with their operating system.

Still, you might want to look into other options, especially if the expense of converting to Windows 10 is out of your budget.

  1. Upgrade to Windows 10, Slowly

While there are some advantages to simply pulling the Windows 7 End of Life band-aid quickly, it’s also possible to dip just one foot into the water. If you simply can’t make the switch before January 14, Microsoft is offering Windows 7 Extended Security Updates. These will continue to deliver updates and patches for Windows 7 business users after January 2020. However, these extended security updates aren’t free, and Microsoft is charging a per device fee. Current pricing is $25 a device for the first year of updates, $50 per device for year two, and $100 a device for year three, with no guarantee updates will be offered beyond that date. However, this approach may allow you the flexibility of updating or purchasing new computers in phases, and reducing a single year financial hit.

I’m Not Sure What To Do!

That’s what Single Path is here for. Choosing new technology applications for your school or business can be a difficult decision, especially when resources are limited. We are continuously meeting with companies, schools and other organizations to provide guidance on their Windows 7 End of Life choices, and help them make smart decisions, evaluate their current tools, and to continuously re-evaluate them. And our large menu of security solutions can help protect you from cyber threats, or rebound if you are hit by one. With considerable experience working with small-to-medium sized businesses, plus schools and school districts, we can help you operate with confidence.

Contact us for more information!

What’s the Difference Between Vulnerability Testing and Penetration Testing?

vulnerability testingAll networks, regardless of their size, are at risk from many cyber security threats.

To successfully protect your organization from these threats, you can’t rely on a single line of defense. For example, your cybercrime protection strategy should include both vulnerability testing and penetration testing. These terms are often confused with each other, but they are quite different. As Tripwire recently reports, “It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing on its own cannot secure the entire network.”

Vulnerability Testing, Explained

Vulnerability testing is the act of identifying known vulnerabilities in your network devices including firewalls, routers, switches, servers and applications. It’s usually performed by specific software, often set to run automatically and continually (antivirus software is a form of vulnerability testing). Because the scanners rely on published and regularly updated lists of known cyberthreats, vulnerability testing will only red flag vulnerabilities that are known, and that can be fixed. As you might imagine, there are many cyberthreats that aren’t known, or have no known fix. The latter is called a “zero-day vulnerability”—a vulnerability that is discovered but does not yet have a patch (It’s called “zero day” because developers have “zero days” to fix the problem since it could immediately be exploited by hackers). Google is just one of many companies who have recently reported a “zero day” issue (they reported a vulnerability in their Chrome web browser).

Due to the scope of organizational networks, vulnerability testing may require many different automated tools to manage a company’s assets, and many of those tests will need to be product-specific. For this reason, these tests are usually installed and managed by administrators or the IT team.

Penetration Testing, Explained

While vulnerability testing looks for known network vulnerabilities, penetration testing goes beyond that, examining sloppy business processes, lax security settings, or other weaknesses that a hacker could exploit. Issues that might be found include the transmission of unencrypted passwords, password reuse and forgotten databases storing valid user credentials.

Often, these tests take the form of authorized attacks, simulated on a computer system. The tests can determine if and how effectively an attack can be stopped. They can involve a script and exploit technology and people (including phishing strategies to trick employees). While they don’t need to be conducted as often as vulnerability testing, they should be done at least once a year.

While a vulnerability scan can be automated, a penetration test requires active participation. This usually means using a third-party vendor who can mimic the actions of an external hacker. While vulnerability testing can be done relatively quickly, penetration testing can take days or even weeks. Due to their more hands-on and involved nature, penetration testing costs can be much higher than that of vulnerability testing.

Security Testing Reports

Both vulnerability testing and penetration testing will produce reports detailing the problems found. Vulnerability testing reports are long but straightforward, listing the source of the problem, a description of the problem, and remedial action, which is usually to install a patch.

The report from a penetration test, on the other hand, will list fewer items and won’t be as straightforward. The report will describe what and how the attack was performed, but exact details may be vague. A remedy will be suggested, and while that fix could be simple, such as limiting team access to certain applications, it also may require a lot of time and effort, including staff training. A strong report will provide detailed recommendations.

A Third Party Vendor You Can Trust

When choosing a third party source for penetration testing, or to set up your vulnerability testing, you will want a team with significant breadth and depth of experience, especially in your organization’s area of business. At Single Path, we work with many organizations in such a capacity, with a particular expertise in small-to-medium sized businesses and schools and school districts. Our security solutions also include security risk assessment, data loss prevention solutions and more. We can help protect your organization in many ways.

Contact us for more information!

The Google Calendar Phishing Scam, and How to Avoid It.

While there are millions of phishing scams, every now and then a particular threat emerges that does more damage (and gets more publicity) than most. The recent Google Calendar phishing scam, which first gained attention last May, is the latest to gather national attention, and hurt more people and organizations than the average cyber threat.

What is the Google Calendar Phishing Scam?

A few months ago, cybersecurity firm Kaspersky Labs revealed how scammers were weaponizing the Google Calendar and other Google services. As Wired explained in a recent article: “Phishers have realized that they can take advantage of seemingly innocuous calendar settings to plant their own events laced with phishing links on victims’ schedules.”

In the Google Calendar phishing scam, scammers send a wave of calendar event invites to Google Calendar users, where they are automatically loaded onto each calendar. That’s why so many of us use a Google Calendar: it’s easy for anyone to invite you to a meeting, from an office mate to a friend (or a scammer). Once the invite is sent, you get an automatic calendar notification which further legitimizes the phony calendar event. Spammers use the location and topic fields of those invites for enticing text, such as informing you of an award or cash payment, with a phishing link. If you click on the link you are taken to a form asking for your banking or credit card information, often to “verify your identity” before you can claim your fake reward. These same notifications may pop up on your device repeatedly, until they are clicked or deleted.

As Maria Vergelis, a security researcher at Kaspersky explains, “The ‘calendar scam’ is a very effective scheme, as currently people have more or less gotten used to receiving spam messages from e-mails or messengers and do not immediately trust them. But this may not be the case when it comes to the Calendar app, which has a main purpose to organize information rather than transfer it.”

Phishers can use the same calendar strategy to invite you to a fake meeting and send you a link “to RSVP.” As TechRadar warns, “These fake invitations could include a malicious link that could not only be used to steal login credentials (like a standard phishing attack), but also to provide other sensitive information, such as how to gain access to a building where the ‘meeting’ is due to take place.”

Google is aware of this problem and is “working diligently to resolve this issue” according its online help forum. At the moment, however, there’s no estimated timeline for when people can expect a fix. 

How to Protect Yourself from the Google Calendar Phishing Scam

Google Calendar users can protect themselves against unwanted invites that are part of the Google Calendar phishing scam through the Google Calendar app itself.

  1. In Google Calendar, click the “gear” icon on the top right and select Settings.
  2. Scroll down to Event Settings and select the option “No, only show invitations to which I’ve responded.”
  3. Also, under View Options, make sure that “Show declined events” is unchecked, so those events don’t continue to show up even after you’ve rejected them.

Unfortunately, these precautions aren’t perfect, because they limit some Google Calendar functionality, but it’s better to be safe than sorry.

What Comes Around

In 2016, Apple Calendars were affected by a ploy that was a harbinger of the Google Calendar phishing scam. During the holiday season some Apple Calendar users received a flood of spam invites to holiday sale events for major brands including Ray-Ban®. There were warnings at that time that cybercriminals could use similar methods to send phony invites with links to viruses, and for identity theft. It took a few years, but it seems those predictions were right, but with spammers using Google Calendars.

Protect Yourself with Single Path

Being smart about technology is the first step toward protecting yourself and your organization from schemes such as the Google Calendar phishing scam. For example, our earlier article Have I Been Hacked? 6 Ways to Tell If You’ve Been Hacked can help you detect if your computer has been hacked. Also, if you know how to perform a routine cyber security risk assessment, you can figure out your technology vulnerabilities, and take proactive action now. At Single Path, that’s what we do every day: give training to staff, offer numerous security solutions to stay out of cyber-trouble, and provide consulting services on how to recover when cyberattacks happen. Let us help you and your organization stay safe, and scam-free.

Ask us how to get started.

12 Potentially Dangerous Apps for Kids

The average teen spends more than 9 hours a day in front of a screen (kids ages 8-12 spend six hours in front of a screen every day). It’s no wonder 54% of teens think they spend too much time on their cellphones. And what are they doing? Using their apps. Mobile apps account for nearly 90% of mobile use! The average smartphone user has between 60-90 apps on their phone, and while many are helpful, some can pose danger, especially to teens and kids. But which of these apps should keep parents awake at night? We think these 12 dangerous apps for kids are worth noting. We’ve chosen them due to their popularity and risk.

1. HIP

HIP is short for Hide it Pro. This app looks like a music manager, but its actual purpose is to store secret photos, videos and text messages. Kids use it to hide inappropriate material from their parents along with …

2. Calculator+

Another “hiding” app, this time using a simple calculator icon. By entering your own code, you can access hidden photos, contacts, browser history and passwords, all kept safely from a parent’s prying eyes.

3. Snapchat

If you have a teen or tween in your house, you probably have at least heard of Snapchat, which has more than 180 million users. Snapchat allows its users to send a photo or video from their phone, which then disappears after a few views. This “disappearing” feature, however, encourages the sharing of inappropriate photos. Unfortunately, it is fairly easy for the recipient to take a screen shot, keeping the image or text forever. For more information, we recommend connectsafely.org’s “A Parents’ Guide to Snapchat.”

4. Tinder

This popular app has more than 4 million users. On Tinder, you can post a selfie and people can “like” you. If you like him or her back, you can connect—the app even includes GPS tracking to help you find one another. Tinder describes itself as “the fun way to connect with new and interesting people around you,” but it’s mostly used as a dating tool or for one-night stands, even between teens and tweens. You only need to be 13-years old to use it, although there is no way to verify someone’s age. It attracts online predators which is why one blogger calls it: “The Worst App Ever for Teens and Tweens.”

5. Whisper

Whisper lets users, including kids, anonymously share whatever they’re really thinking. Does that sound good to you? It even includes a “nearby” section where you can see posts from people who live near you. Lots of trolls post racist, sexual, or abusive content, with plenty of guys asking teens for pictures of themselves. A 12-year-old girl in Washington was reportedly raped by a 21-year-old man who met her on Whisper, making this questionably-appropriate app one of the most dangerous apps for kids.

6. Kik

Kik lets users exchange videos, photos, sketches and gifs to anyone, even to people they are not friends with. There are no parental controls and kids can password protect their information so parents can’t see it. Since it lacks age authentication, predators can easily interact with kids. The app has also been connected with cyberbullying; Rebecca Sedwick, a 12-year old from Florida, committed suicide after receiving messages like “Go kill yourself.” As of 2016, Kik was reportedly used by approximately 40% of all teenagers in the United States.

7. Ask.fm

Ask.fm is a Q&A site where users can ask other users questions anonymously, which makes publishing suggestive or insulting questions pretty easy, and routine. A number of child suicides have been linked to cyberbullying from this app, making it another one of the most dangerous apps for kids.

8. TikTok

TikTok is an incredibly popular app for creating and sharing short videos, with more than 100 million users, many of them children as young as 10 or 11. Special effects can be added, and kids are encouraged to show their creativity. But there is also a lot of inappropriate language in the videos, and by default all accounts are set to public, letting strangers contact children easily.

9. YouTube

The video giant YouTube is one of the Internet’s most popular sites, with more than a billion users. It’s a great resource for educational videos and has robust privacy settings. Unfortunately, it’s also a great resource for inappropriate content, some of which is spliced into cartoons and other videos aimed at children. The most widespread problem, however, may be from user comments, which can be hurtful and bullying.

YouTube also attracts pedophiles. As Wired Magazine reports, “Videos of children showing their exposed buttocks, underwear and genitals are racking up millions of views on YouTube—with the site displaying advertising from major cosmetics and car brands alongside the content. Comments beneath scores of videos appear to show pedophiles sharing timestamps for parts of the videos where exposed genitals can be seen, or when a child does the splits or lifts up their top to show their nipples.”

10. Tellonym

Tellonym is an anonymous messenger app that calls itself “the most honest place on the internet.” It’s one of the most dangerous apps for kids because the app allows kids to ask and answer questions anonymously. So, as you might expect, cyberbullying, violent threats, and sexual content are prevalent. Messages can connect to social media accounts, so if a user writes something terrible about a classmate, it can be shared loudly with the rest of the world. Tellonym is particularly popular in middle schools and high schools.

11. Tumblr

On Tumblr, users can keep a diary, share photos and videos, and chat. This is another very popular website and app, with more than 450 million active blogs. But, like many sites that have no or uneven policing, users can post pornographic, violent and other inappropriate content. Common Sense Media says Tumblr is “too raunchy for tykes” and also notes that privacy settings aren’t easily set up. Plus, anyone can search for terms such as “suicide” and see hundreds of graphic images and blog articles, some of which glorify dangerous behavior. Tumblr has officially banned all “adult” content, but their efforts are not foolproof.

12. Instagram

With more than one billion users (and owned by Facebook) this photo-sharing site is incredibly popular. Users can add filters or create collages to share on social media platforms. While this site does not have as much inappropriate content as Tumblr, users can still find mature or inappropriate content and comments. People leaving mean-spirited and anonymous comments are common.

Be Smart about These Potentially Dangerous Apps for Kids.

In fairness to all of the apps in this list, or at least most of them, when used safely they can be fun, and help children connect with each other. But when in the wrong hands, or accessed by mean-spirited or an unintended audience, they verge from fun to potentially dangerous apps for kids.

Parents should be aware of the apps their children use, how they are being used, and educate their kids on their dangers. Knowing the best apps to use, along with the best Internet safety tips for kids can be incredibly important. At Single Path, we work with educators and businesses on cyber safety, security and education every day. If you have any questions about any of these potentially dangerous apps for kids, we invite you to reach out to us. We are always happy to answer your questions and help the wonderful world of the Internet be safer for everyone.

Contact us for questions, or to get started protecting your organization.