Blog

June 23rd, 2016

2016June23_Hardware_CMuch like unpredictable thunderstorms, internet problems relentlessly plague those wishing to get some work done or catch up on the latest movies. Instead of waiting for divine intervention, take it upon yourself to get rid of sluggish connections. Not only do these ten tips reduce frustration but they also help you speed up your Wi-Fi:

Router centralization and elevation

For optimal signal strength it is best to place the router in the middle of the room, away from other electronics without any doors or walls obstructing it either. It’s always good to keep the router high since routers tend to spread signals downwards, meaning the higher you place it, the more coverage you’re going to get.

Reposition antennas

Try positioning them perpendicular to each other, one being horizontal and the other vertical. Reception is maximized when your device and the transmitter are both operating on the same plane. Former Apple Wi-Fi engineer, Alf Watt, attests to this theory: “perpendicularly positioned antennas ensure optimal wireless reception”.

Use powerline network adapters

Multi-story housing prevents routers from being centrally located, so the next best thing is to use powerline network adapters. These devices work by utilizing the electrical wiring in the walls. First off you would have to plug it in near to and connect it with your router through an Ethernet cable, then plug in the second adapter after you have chosen a room for network coverage. Connection will then be delivered.

Wireless security

Setting up wireless security prevents your network from being compromised by external threats that lead to undesired downtime. After logging into your router’s admin page, change the encryption method to WPA2 and select a password that’s easy to remember.

Utilize heat mapping software

This allows you to see what your wireless heat map looks like, showing you exactly how much coverage each area is getting. With this information, you’d be able to reposition the router into an optimal position, adjust antennas or powerline network adapters to eradicate problematic areas.

Switch to 5GHz

Firstly there are two frequencies to choose from: 2.4 and 5GHz, and for homes or offices dotted with electronic devices the 2.4 GHz spectrum gets crowded pretty quickly. Solve this problem by switching to the 5GHz spectrum since it allows for more devices without cluttering the Wi-Fi.

Move to less crowded channels

Living in crowded neighborhoods or buildings mean that you share the same signal space, depending on which frequency your network operates on. By choosing the right channel, interference is reduced thus speeding up the Wi-Fi. Applications such as Wifi Analyzer or WifiInfoView helps find which channels are overflowing and which ones aren’t.

Router upgrades

Wireless and internet technology have come a long way in the past 5 years, and if your router is older than that - you might want to consider upgrading it. The easiest way to determine if your router is slowing down is to look up the model number and compare its specs with those of the internet package from your ISP.

Turn old routers into Wi-Fi repeaters

When you want to extend your network but your powerline network adapters won't do, the next best option is to turn your old router into a wireless bridge. This involves installation of custom firmware on your router. If wiring isn’t your thing, this is the best alternative of extending your Wi-Fi to the outer limits of your property.

Contact your ISP as a last resort

If nothing does the trick you should consider calling your ISP. Despite it being an uncomfortable task to accomplish it potentially saves you any future frustration. By contacting your ISP, they’d be able to diagnose the problem and provide a solution for it, at your own expense of course.

The benefits of having an efficient and stable Wi-Fi connection are endless; better communication with clients, more streamlined business operations or even watching your favorite videos without the buffering. Give your business the edge it deserves by giving us a call, we’ll gladly answer any questions you have.

Published with permission from TechAdvisory.org. Source.

Topic Hardware
June 21st, 2016

2016June21_SocialMedia_CLike the Loch Ness Monster, reputation marketing has long been considered a figure that is shrouded in mystery. Shai Aharony from Redboot Online sums it up as "tools that allow you to analyze, track, monitor and engage online activity, giving you the power to directly respond to customer complaints and turn potentially damaging feedback into a positive experience." If you are still unsure, take a look at these 10 tools that provide a better theoretical as well as practical understanding:

ConsumerAffairs

Businesses can forge a strong online reputation and boost revenue with an array of advanced features. Namely, unpaid business plans along with third-party accreditation programs coupled with powerful software as a service (SaaS) platforms - offering companies various resources to convert customer engagement into cash.

BazaarVoice

Ideal for companies with deeper budgets, BazaarVoice extends the online marketing potential of customers’ voices to shopping portals, offline channels as well as natural search. Customers are also able to leave reviews, rating, questions and other customer-generated content on client websites which will then be shared on social media.

Better Business Bureau

Suitable for entrepreneurs and SMBs, not only does this non-profit group mediate and resolve customer-business disputes but also helps you to personally interact with customers - other networking services are also available at an affordable price.

Yotpo

The mechanism behind this ecommerce-oriented plug and play solution is that if you have made online purchases via Yotpo, after receiving them you will get an email asking you to review the product(s). This Mail After Purchase (MAP) provides more verified reviews since they are sent directly to the customer.

Cision

Focusing more on public relations, Cision allows your company to connect with over 1.6 million contacts and outlets, including influential journalists, bloggers and social influencers that would normally be inaccessible.

Percolate

Create campaigns, store files, create content and manage your business’s marketing efforts with Percolate. It takes into account all your details, target audience, brand identity and objectives, after which it provides a cross-channel marketing calendar that helps you plan ahead and eases the process of sharing content with consumers on social media, the Internet and other methods.

Reputation Loop

Similar to Yotpo, Reputation Loop primarily works by automatically emailing customers for product reviews but with this tool, additional features such as real-time reporting, review monitoring on Yelp and Google+ are at your brand manager's disposal.

TinyTorch

Utilizing social influencers and user-generated content (UGC) to build your online profile, TinyTorch is a social platform that allows brands to identify, monitor and manage their online presence. The tool helps you locate your most influential customers and redistribute their stories and photos across multiple marketing channels.

HootSuite

This social media management platform allows your business to monitor and sync all social media accounts onto one interface. HootSuite makes it easier to monitor customer feedback on their social media accounts and share positive reviews across multiple social media networks at once.

TrustPilot

TrustPilot is ideal for businesses looking for something simple to work with. Users get to leave business reviews on its website while offering both free and paid brand listings. It’s an easily-navigable site equipped with an assortment of analytic and engagement tools,

Building a credible and consistent brand reputation might not be easy, but it isn’t an impossible task to complete. Whether or not you have one, it’s never too late to start. Please contact us if you have any questions regarding the efficient tools that’ll help you get started on creating your own company’s reputation.

Published with permission from TechAdvisory.org. Source.

Topic Social Media
June 20th, 2016

m

Good cyber security, much like the best NBA defenses, must be strong and able to stop threats from every which way. For the Milwaukee Bucks, their on-court and cyber security defense could both use a little practice. Yahoo! Sports reported that the Milwaukee Bucks sent out the names, addresses, Social Security numbers, compensation information and dates of birth of players as part of a spoofed email attack. Practice these four email security tips and don’t let this happen to your business.

Education is key There are countless cliches out there promoting the importance of education, but when it comes to cyber security, you might as well embrace them all. In the case of spoofed emails, you need to make sure your employees know what these are and how they can harm your company. They can come in several forms and look to attack your organization in a number of different ways. A good defense starts with trained employees using best security practices when it comes to emails. Knowledge isn’t just the key to success, it’s the building block of a comprehensive email security plan.

Check the sender The easiest way to determine a real email from a spoofed one is to view who is sending it. While your basic junk mail folder will screen the really lazy attempts at spoofing, you and your employees can’t rely on it to weed out everything. A lot of cybercriminals have gotten skilled at mimicking the look and feel of companies through professional looking graphics and signatures. For starters, you are going to want to ignore email display names as these can be deceptive. The domain name provides the best clues as to who the sender really is. For instance, if an email requesting your company’s financial documents claims to be from the IRS but the domain reads IRSgov.com, it’s a spoof email since that domain is not what the IRS uses. If you ever spot an email containing a domain you consider to be suspicious, delete it immediately. If it is from a legitimate sender, they will send you a follow up email in a couple of days.

Embrace DMARC Domain-based Message Authentication, Reporting and Conformance (DMARC) can help reduce the risk of spoofed emails being sent internally. For businesses that do not set this up, it is possible for someone to spoof an email account that looks like it is from your business or a current employee and send it from a different server. As we saw in the case with the Bucks, these can appear legitimate to employees who will then in turn do what is requested such as turn off security settings or handover sensitive data. With DMARC in place you can prevent spoofed emails from utilizing your domains by requiring any email sent by your domain to come from your server. This greatly reduces the risk of an internal spoofed email showing up in the inbox of your employees.

Utilize email protections A lot of companies believe they can get by with the simple protections that come standard with an email client. However, doing the bare minimum is rarely enough to stop spoofed emails, not to mention all of the other threats lurking in your inbox, and high-powered email and spam protection will give your organization the added layer of security it needs. Much like elite-level basketball players need the best coaching and equipment to succeed, the only way to truly reduce the risk of falling victim of a spoofed email is to educate your staff properly and then equip them with email filtering. This ensures they aren’t wasting their time constantly trying to identify legitimate emails from fake ones but are prepared when the situation presents itself.

When it comes to email security, working with us is a slam dunk. We may not have the skills of Steph Curry on the basketball court but when in the realm of IT, competitors say they want to be like us. Give us a call today to find out more.

Published with permission from TechAdvisory.org. Source.

Topic Security
June 14th, 2016

2016June14_Productivity_CGamers require an effective strategy to thwart the boss, athletes require constant updates on the latest tournaments to improve performance and businesses require an online community to fully thrive. As the saying goes: ‘What comes easy won’t last, and what lasts won’t come easy’. This is especially true when you embark on building an online community for your company. Allow the following five tips to help you make the process an easier and enjoyable one:

Make sure your customers are passionate

The number one rule of online community is that it should be a place where like-minded people are genuinely interested in your brand and are able to engage, if that’s not the case, it won’t be any different from throwing a party that everyone ignored. Make sure you have brand appeal, pick up on vibes your customers are giving off and figure out what they really want. The size of your online community isn’t what’s important, customer’s annual revenue and genuine passion for your products play a much bigger role.

Loosen the reins

It’s an undeniable fact that you have put copious amounts of time and energy into building and managing your business - so you can’t help but develop an attachment to it. What business owners have to realize is that your company really belongs to your users. This is a difficult obstacle to overcome, but when you are still clinging on for dear life and discouraging open discussion, you’ve basically shot yourself in the foot. Several times.

Another rule to follow is NEVER delete a post (unless it’s spam), under no circumstances would you want to hide negative feedback. Online communities might be the reality check you’ve been looking for, so accept honest feedback with open arms.

Create a rich experience

Thriving communities are the ones that engage in numerous activities, the same can be said for online communities as well. An example to help put things in perspective is bird watching. Let's say one community only has support forums dedicated to basic subjects whereas the other community offers a feature request area that allow customers to give their thoughts on what they want to see next as well as a visual library on local species. Ensure that there’s always something for your community to do.

Invest in infrastructure

Dedicated team members and the right software are essential components required in taking on an online community - don’t pinch any pennies here. Growing the team and utilizing suitable tech resources are necessary steps that (although nerve-wracking) need to be taken. Entice customers further by tying up all the technological loose ends, make it easy-to-use and devoid of downtime.

Don’t stress over measurements

We live in a time where numbers hold immeasurable power and people expect dashboards to show trending activity constantly. It’s a fact that measuring the ROI of an online community is like trying to find a needle in a haystack. There is one way of measuring your community’s value, not with a measuring tape, but by looking at the number of posts.

If you're aiming to establish higher brand credibility, corporate integrity and customer loyalty but aren’t exactly sure how to go about it, just give us a call! We’ll help you with any questions you may have about building an online community for your business.

Published with permission from TechAdvisory.org. Source.

Topic business
June 9th, 2016

2016June9_Security_COne of the biggest fears security experts have may be coming true: self-replicating ransomware. Viruses that have the ability to copy and spread themselves to new systems are nothing new, but until now ransomware attacks have been targeted campaigns. The best way to protect your network from a security threat is to understand it, here’s everything you need to know about this latest development.

Ransomware, the malware that locks up infected systems and demands payment to return access to users, has been steadily increasing its infection rate over the course of this year. Enigma Software reported that, “After staying steady for the last six months of 2015, ransomware detection has begun to climb; February saw a 19 percent increase over January, while March had almost a 10 percent increase over February. Then, in April, infections more than doubled.”

And as if that wasn’t frightening enough, Microsoft announced last week that a recently detected ransomware software was found copying itself onto USB and network drives. The ransomware, titled ZCryptor, disguises itself as either an Adobe Flash installer or a Microsoft Office file to trick users into opening it.

Once opened, it displays a prompt that says “There is no disk in the drive. Please insert a disk into drive D:”. If you see this after opening a suspicious file, it is most likely ZCryptor trying to distract you while it works in the background to add a registry key that buries itself deep in your system and begins to encrypt your files.

Although previous ransomware iterations like Alpha Ransomware had the ability to find and encrypt files on shared network drives, security experts believe this is the first time a ransomware variant has included self-replication via removable drives into its framework.

When it was first detected in May, Microsoft found ZCryptor singling out 88 different file types for encryption. However, later on a security expert analyzed the ransomware and found 121 targeted file types -- inferring that creators of the malware were continuing to develop its source code.

It’s commonplace for ransomware to demand payment to be made in Bitcoins as they’re an almost totally untraceable online currency. ZCryptor is no different, demanding 1.2 Bitcoins (500 USD) unless payment is more than four days after infection -- then it increases to five Bitcoins (2,700 USD).

Compared to other more complex security threats, ransomware is still relatively easy to avoid. Always verify the source of email attachments and website downloads before opening files, disable macros in Microsoft Office programs, maintain regular backups and update your security software.

Still concerned about security at your SMB? It doesn’t have to be as difficult and draining as you may think. Contact us today for advice on keeping your network protected around the clock.

Published with permission from TechAdvisory.org. Source.

Topic Security
June 3rd, 2016

2016June3_Hardware_CWith the advent of cloud computing, more and more people are choosing Google Chromebook for their next laptop purchase. However, many business owners are still on the fence as to whether or not this new 21st century laptop will satisfy their needs. If this is you, here’s a quick guide to figure out if a Chromebook is a smart choice for your business.

Buy a Chromebook if you…

Are on a budget: With a range of models available between the prices of $199-$500, Chromebooks are incredibly affordable. That is far cheaper than any Apple laptop and more competitively priced than most PC offerings. So if budget is a concern, then consider a Chromebook.

Want a high-powered laptop: Just because Chromebooks are affordable, doesn’t mean they’re of less quality. In fact many Chromebook features are better or on par with their PC and Apple counterparts. Here are a few notable ones worth mentioning.

  • Long battery life: When it comes to battery life and laptops, Chromebooks are among the best of the best. On average, a Chromebook can supply anywhere from 6-13 hours of battery life.
  • Speed: Chromebooks boot up remarkably fast. Once you press the power button, your Chromebook can be ready to go in 8-20 seconds.
  • Lightweight: While weight varies among the various Chromebooks on offer, most are incredibly lightweight and easy to pack with you when you’re on the go.
  • Security and auto-updates: Not only is malware and virus protection baked into the Chrome OS, but with a Chromebook you’ll never have to worry about updates as they’re all taken care of automatically - silently in the background.
Are mobile and heavily internet reliant - With its long battery life, light weight and internet-friendliness, the Chromebook is perfect for the mobile workforce who need an easy to carry laptop to use primarily for staying connected to their employer’s business while away. Better yet, if your business is integrated with Google Apps for Work, you and your staff can even create documents and access your business’s data with a Chromebook.

Avoid a Chromebook if you...

Rely on desktop applications - As mentioned above, Chromebooks are meant to be used with the internet. Because of this, powerful desktop applications like Photoshop and advanced video editing apps are incompatible on it.

Work mostly without an internet connection - We’ve mentioned it several times already, but it’s worth mentioning again, DO NOT buy a Chromebook if most of your work is done offline. Even if you bought an entry-level Chromebook for $200 and feel like you got a great deal, it will be a useless piece of metal if you need it to complete offline work.

Are a Microsoft junkie - If you are heavily reliant on Microsoft products you may want to look elsewhere for a laptop. Google promotes the use of its own online suite of Office-like applications. And while they are similar to Microsoft products, they do lack some of the features you may love.

For those still on the fence about whether or not a Chromebook is the right choice for their business, it’s also worth noting that just last month Google announced they’ll be adding Android apps to Chromebooks. So if you’re already an Android phone or tablet user, later this year you’ll be able to use those same apps on your Chromebook.

Want to know more about Chromebooks and other laptop options? Our experts are here to help you make an educated purchase. Call us today, and we’ll be happy to share our wealth of information.

Published with permission from TechAdvisory.org. Source.

Topic Hardware
June 1st, 2016

2016June1_Facebook_CThe words “free publicity” bring joy to the ears of many SMB owners. You don’t have a big marketing budget, so you need to find ways to cut costs as much as possible. Luckily Facebook has you covered. There are several ways you can promote your business on the world’s biggest social network that won’t cost a dime. Here are a few to get you started.

Get your friends on board

A business is nothing without its fans...at least on social media. So after setting up your Facebook business page, your first order of duty should be to invite your friends to “Like” your company page. Bear in mind, we use the term “friends” broadly here. Really, you should be telling pretty much everyone you know about your business. This includes family members, colleagues, that random parent you chatted with at your son’s baseball game, and any acquaintances from all walks of life. The goal of this is to create a foundation of followers to build upon as you grow your business.

Create your brand identity

On Facebook, your brand needs to do more than simply sell a product or service, because no one wants to interact with a company they feel is constantly trying to sell them. This is exactly why your brand should have a persona and human characteristic. In other words, you need a brand voice. So ask yourself, how should your brand sound? Should it be funny, easy-going, serious or inspiring? Once you’ve figured it out, ensure this voice is consistent in all your posts as it will help your audience form a relationship with your brand as they get to know it better. While you can and definitely should advertise different products or services your business offers, most of your posts should aim to entertain, inspire, and encourage social interaction. As your followers get to know your brand better, they will develop shared interests with it, which will eventually lead to trust. And when your audience finally trusts you, the sales will start to come in naturally.

Exploit algorithm changes

If you thought Google was the only platform that changed their algorithms, think again! Just like Google, Facebook also uses algorithms to determine the amount of organic reach your updates get. This raises an interesting question...how do you discover what algorithm changes Facebook has on the docket? Well, they occasionally post them on Facebook’s newsroom, so regularly check there to stay updated.

So once you’re aware of an upcoming algorithm change, how can you exploit it? Let’s look at an example. Back in the Fall of 2014 Facebook announced they’d begin to favor link posts with an image attached, over photo posts with the URL in the caption. Users who were aware of this change in advance and implemented it accordingly, were reportedly getting three times as much organic traffic by February 2015. Those who missed the announcement were left scratching their heads wondering what happened to their traffic.

Check your data

Many people believe there’s a best time and day of the week to share a post. While this is true, the actual day and time that’s best may be different from what you expect. While some people are quick to proclaim Tuesday and Thursday mornings are the best time to post, the reality is the best time to post depends on your unique business. Everyone’s audience is different, and results will vary from business to business. So while some SMBs may discover they have their audience's full attention on Tuesday and Thursday mornings, others may learn their customers are most engaged on Thursday and Friday evenings. So how can you find out when your audience is watching? Check your page’s Insights tab. This will provide you a plethora of information about your customers, including the days and times when they’re on Facebook.

While all these tips to market your business on Facebook are free, bear in mind you’ll need to invest a significant amount of time if you want to see results. To really succeed with Facebook marketing, you need to regularly interact with the platform - and not just treat it as an afterthought.

To learn more about how your business can leverage Facebook and other social media platforms, give us a call.

Published with permission from TechAdvisory.org. Source.

Topic Social Media
May 31st, 2016

2016May31_BusinessValue_CHaving direct access to customers is a gold mine for SMBs and with the increasing popularity of live video services it’s just a matter of deciding what to broadcast. The strategies for live broadcasting are very different than pre-recorded video and it’s important to reevaluate how you’ll present company information in this medium. Keep reading for six of the best types of videos for live broadcasts.

Business Introduction/Behind the scenes

If your company is new or suffering from low visibility, one of the best things you can do is give customers direct access to your staff and your product. A great use of live video is to take viewers on an office tour, show them how a product is made or even broadcast your business’s launch event.

Make sure to invite as many viewers as you can, but remember that most live broadcasts can be saved and viewed later. This is a video you’ll likely want to keep available after it’s finished.

Ask Me Anything (AMA)

Depending on your product or service, you may be getting a lot of conceptual questions about innovative ways to use it, what direction the company is heading and so forth. There’s no better way to address these questions than to do so in a personal and unscripted AMA segment.

If there’s a good turnout make sure to keep questions and answers moving in relevant and interesting directions. There’s nothing wrong with updating everyone on what you had for breakfast, but addressing service bugs or product feature requests is going to be a lot more beneficial for wider audiences.

How-to

Whether it’s a soon-to-be-released product or simply rehashing an existing one that’s getting lots of support requests, there’s no better way to guide customers through a ‘how to’ process than step-by-step, face-to-face.

Not only does this help to show existing clients the best way to use your product or service, it also allows potential consumers to see both your product and your customer service philosophy in action. Saving these videos can be invaluable as you continue to get questions on the product or service outlined in these videos -- it’s an easy way to build a video reference library for sales and support.

Webinar

Although all of the previous uses can be categorized as ‘customer service’, there’s no reason you can’t simply open a help desk broadcast and invite viewers to join with their support questions. If you advertise this as a customer service broadcast and steer clear of any conversations that deal with non-support related questions, you may be able to tackle more than one client’s questions at a time and no one can ever complain that contacting your support line is frustrating or tedious.

Announcements

All of the live broadcast services are deeply integrated with social media. Whether it’s Twitter or Facebook, post updates about an upcoming announcement along with a scheduled time and take the chance to make your product or service announcement far more interesting and personal than a press release or faceless status update.

Text based announcements and pre-recorded videos severely limit how you address the ‘fine-print’ questions from customers. Think of this as a chance to hold your own personal press briefing and address questions after your scripted announcement.

Promotions

In the same vein as live announcements, use social media to promise a special promotion to anyone who tunes in to a live broadcast. Before it begins, create different thresholds for how big the promotion will be depending on participation. Once you begin, check how many viewers you have to decide whether to augment or reduce the scope of what you want offer. In addition to being a more dynamic method for releasing promotions, it will create motivation among your customers to interact more directly with your company.

Socialmediatoday reports that Facebook users spend three times longer watching live broadcasts than pre-recorded video. Combine that with Facebook’s announcement that live videos are more likely to be promoted to the top of news feeds and you’d be crazy not to utilize live broadcasts.

However, there are a handful of different services to use for live video broadcasting and deciding which one is the best for you can depend on a lot of different variables. Call us with any of your questions and we’ll be happy to assist you in adding value to your business with today’s best live video services.

Published with permission from TechAdvisory.org. Source.

Topic business
May 20th, 2016

2016May20_BusinessContinuity_CYour service provider, who you have tasked with looking after your company’s IT, has kept your business up and running for the past 10 years. Usually, that kind of longevity in developing continuity plans has resulted to some providers overlooking or underestimating certain issues. Here are some of them.

Over-optimistic testing

The initial testing attempt is usually the most important as it’s when IT service providers can pinpoint possible weak points in the recovery plan. However, what usually happens is a full transfer of system and accompanying operations to the backup site. This makes it difficult to look at specific points of backup with too many factors flowing in all at the same time.

Insufficient remote user licenses

A remote user license is given by service providers to businesses so that when a disaster strikes, employees can log in to a remote desktop software. However, the number of licenses a provider has may be limited. In some cases, more employees will need to have access to the remote desktop software than a provider’s license can allow.

Lost digital IDs

When a disaster strikes, employees will usually need their digital IDs so they can log in to the provider’s remote system while their own system at the office is being restored. However, digital IDs are tied to an employee’s desktop and when a desktop is being backed up, they are not automatically saved. So when an employee goes back to using their ‘ready and restored’ desktop, they are unable to access the system with their previous digital ID.

Absence of communications strategy

IT service providers will use email to notify and communicate with business owners and their employees when a disaster happens. However, this form of communication may not always be reliable in certain cases such as the Internet being cut off or with spam intrusions. There are third-party notification systems available, but they are quite expensive and some providers sell them as a pricey add-on service.

Backups that require labored validation

After a system has been restored, IT technicians and business owners need to check whether the restoration is thorough and complete. This validation becomes a waste of time and effort when the log reports come in a manner that is not easy to compare. This usually happens when IT service providers utilize backup applications that do not come with their own log modules, and have to be acquired separately.

These are just some of the many reasons why business continuity plans fail. It is important for business owners to be involved with any process that pertains to their IT infrastructure. Just because you believe something works doesn’t necessarily mean that it works correctly or effectively. If you have questions regarding your business continuity plan, get in touch with our experts today.

Published with permission from TechAdvisory.org. Source.

Topic business
May 17th, 2016

2016May17_Security_CAs more and more content management services are released to aid SMBs in online marketing, security risks also increase. One such helper is the image processing service ImageMagick. And while it has proven useful to countless businesses, it is now something you should be concerned about from a security standpoint. Let’s take a minute to discuss this vulnerability and what you can do to protect yourself.

What is ImageMagick?

ImageMagick is a tool that allows sites to easily crop, resize, and store images uploaded by third parties. Vendors continue to improve user interfaces and experiences by consolidating functions into all-in-one packages, which means administrators are becoming increasingly unaware of what specific services they are actually utilizing. ImageMagick is deeply integrated into countless web services and many webmasters may not even be aware they are using this unsafe software.

How can an image make my site vulnerable?

Recently, it was discovered that images can be uploaded that force ImageMagick into executing commands and permitting attackers to remotely insert harmful code into vulnerable sites. Images are actually made up of complex code that is translated into photos, icons, etc. Different file extensions use what are called “Magic Numbers” to define their file types. Manipulating these numbers allows attackers to exploit a flaw in ImageMagick. The service scans the uploaded file, and attempts to decode the source information whenever it detects the file is not what it claims to be. Scanning that code and attempting to rectify the file misappropriation can then trigger whatever was hidden inside the image and result in remote command of your site.

How should I protect my site?

ImageMagick has admitted knowledge of the security flaw and promised to release a patch very soon. Until then, experts advise implementing multiple workarounds to keep your systems safe. However, if you're not well acquainted with your web server and its code, then it's wise to consult an expert instead of attempting these changes on your own.

For those who are familiar, follow these steps. The first is to temporarily incorporate lines of code that preemptively block attackers from exploiting these holes. Those lines of code, and where to insert them, can be found here.

The next step is double checking that any image files utilizing the ImageMagick service aren’t hiding any harmful information. This can be accomplished by opening an image file with a text editor, and checking for a specific set of letters and numbers at the beginning of the text that define what type it is. The list of these “Magic Numbers” can be found here, and will reveal if an image is hiding its true purpose.

Ideally, administrators will halt all image processing via ImageMagick until a patch is released from the developers.

Data security is one of the most crucial aspects of any SMB, however, keeping up with the constant flow of security exploits and patches can be overwhelming for administrators of any ability level. Why not contact us to learn more about keeping your network secure and protected from exploits like this one?

Published with permission from TechAdvisory.org. Source.

Topic Security