Is your Windows 10 up to date?

Did you know that as at May 2021, there are twelve different versions of Windows 10 and nine of the earlier versions have reached End of Service?
To ensure your device continues to receive critical monthly security and quality updates that contain protection from the latest security threats, you need to ensure your version of Windows 10 is up to date.
Here’s how to confirm if your version of Windows 10 is up to date.

Windows-as-a-Service

With Windows 10, Microsoft introduced “Windows-as-a-Service”. A new approach to deploy, update and service Windows Operating System. Instead of releasing a new version of Windows every three to five years, as Microsoft did with past iterations (eg. Windows 7, Windows Vista, Windows XP), Microsoft continually update Windows 10. Windows 10 Updates (also called Patches) are categorised as two types: Quality Updates and Feature Updates.

What’s the difference between Windows 10 Quality Updates and Feature Updates?

• Quality Updates are cumulative updates that are released once a month (“Patch Tuesday” is the 2nd Tuesday of the month) and contain critical security patches and other fixes to make Windows 10 more reliable. As they are cumulative, the latest update includes all previous updates that came before it. After the download is complete, Quality Updates can take from 15 minutes up to an hour or so to complete, depending on the performance on the computer, including a restart which is required to complete the updates.
• Feature Updates are major upgrades to a new Version of Windows 10 that contain new functionalities. Feature Updates are released twice a year. After the download is complete, Feature Updates can take between 1 to 4 hours to complete, depending on the performance on the computer, including a restart which is required to complete the updates. Each Feature Update continues to receive Support and Quality Updates for 18 months after its initial release.

Windows 10 Feature Updates

To confirm if your Windows 10 version is up to date:

To confirm the current Windows Version and Build of Windows 10 you have installed: Start > WinVer > Enter. To check if your version of Windows 10 is up to date and your device in continuing to receive critical monthly security and quality updates, find your version in the above table and check the Support Until date. If you have Version 1909 or prior, we strongly recommend updating to the latest Version of Windows 10.

Windows End of Life, End of Support and End of Service

In recent times, there has been a reasonable amount of publicity (and hype) surrounding previous Microsoft Desktop Operating Systems (Windows 7, Windows XP) reaching End of Life (EOL), which raised awareness that operating systems needed to be upgraded. Windows 7 EOL date (14 January, 2020) was well publicised. After the EOL date, Microsoft ceased providing critical security updates for Windows 7.
The same can’t be said for Windows 10 Versions that have reached End of Service.
Many devices are running old versions of Windows 10 that no longer receive monthly security and quality updates.
Software developers also cease providing support for their software on Operating Systems that have reached EOL.

Proactive Managed IT Support Services

For all iT and Beyond clients who benefit from our Proactive Managed IT Support Services, for continued stability and security, and to minimise disruption and inconvenience to users, we schedule the installation Windows Updates as follows:

• Patch scans are automatically performed Weekly, after normal business hours, during the designated Weekly Maintenance window.
• Quality Updates: If Weekly Patch Scans detect that any Quality Updates are needed, they are automatically installed after normal business hours, during the designated Weekly Maintenance window. This includes restarting workstations if required. We are notified when Servers require a restart to complete patch installations and restart Servers manually after business hours.
• Feature Updates: To allow testing of these major version updates prior to installation, we manually deploy Feature Updates outside of normal business hours at a mutually agreed time, once a year.

For more details:

History and Support End dates
https://en.wikipedia.org/wiki/Windows_10_version_history
Microsoft Windows 10 Update History
https://support.microsoft.com/en-us/topic/windows-10-update-history-1b6aac92-bf01-42b5-b158-f80c6d93eb11

Ransomware – What is it, protect against attacks

Ransomware attacks are on the rise in Australia. Learn how to protect yourself against it and secure your devices.

iT and Beyond is an Australian Cyber Security Centre (ACSC) Partner. The ACSC Partnership Program enables Australian organisations and individuals to engage with the ACSC and fellow partners, drawing on collective understanding, experience, skills and capability to lift cyber resilience across the Australian economy.

This content has been replicated from the Australian Cyber Security Centre (ACSC) website https://www.cyber.gov.au/ransomware

What is Ransomware?

Ransomware is a type of malicious software (malware). When it gets into your device, it makes your computer or its files unusable.

Cybercriminals use ransomware to deny you access to your files or devices. They then demand you pay them to get back your access.

How does it work?

Ransomware works by locking up or encrypting your files so that you can no longer use or access them. Sometimes it can even stop your devices from working.

Watch this video to learn about ransomware and how to prevent it from infecting your devices:

The effects of Ransomware

Ransomware is a common and dangerous type of malware. It can affect both individuals and organisations.

Ransomware can cause severe damage. It can hurt your reputation, and cost you money.

What to look for

Ransomware can infect your devices in the same way as other malware or a virus. For example:

• visiting unsafe or suspicious websites
• opening emails or files from unknown sources
• clicking on malicious links in email or on social media.

Common signs you may be a victim of ransomware include:

• pop-up messages requesting funds or payment to unlock files.
• you cannot access your devices, or your login doesn’t work for unknown reasons.
• files request a password or a code to open or access them.
• files have moved or are not in their usual folders or locations.
• files have unusual file extensions, or their names or icons have changed to something strange.

If any of these things happen to you, check with your friends and colleagues first to see if they made any changes.

Our advice if you have fallen victim to an attack

We and the ACSC recommend that if you do experience a Ransomware attack, that you should not pay the ransom. There is no guarantee paying the ransom will fix your devices. It can also make you vulnerable to future attacks. Instead, restore your files from backup and seek advice.

It is vital to back up your data and implement effective cyber security practices.

Act now, stay secure.

Case Studies

Our Practical Guides

Our Proactive Managed IT Support Services and Network Security Services cost-effectively update your systems with latest security updates, protect and maintain the security of your computers and data against external attack, providing you peace of mind. Our Disaster Recovery and Business Continuity Services enable the expedient recovery if disaster strikes.

WiFi networks vulnerable – WPA2 security flaw KRACK discovered

“KRACK” security vulnerability discovered in WiFi Protected Access II (WPA2) security protocol

A security flaw has been discovered that could be used to hack into any device that uses WiFi, including smartphones, tablets, laptops desktop computers, laptops.  

Many modern Wireless networks use WiFi Protected Access II (WPA2) security protocol and security certification programs to secure the  wireless computer network.  WPA2 wireless protocol has a new security vulnerability called “KRACK”, which is short for Key Reinstallation Attacks.  This security flaw has been discovered by researchers at KU Leuven, a university in Flanders, Belgium. 

Attackers can use this to steal sensitive information that is sent over a WiFi network that uses WPA2, including credit card numbers, passwords and other sensitive information.  It may also be possible for an attacker to inject malicious information into the WiFi network which could include malicious ramsomeware and malware.  The attacker needs to be within Wireless range.  

The vulnerability is not per individual device but the actual WPA2 protocol, which means all devices that use WPA2 could be affected.  

What you should do about the WPA2 “KRACK” security flaw on your WiFi networks

KRACK does not use your WiFi password to get access to your network, so changing your WiFi password will not make you less vulnerable, although changing your password regularly is good practice.

Many WiFi product vendors will be releasing updated firmware and drivers for their products.  To protect yourself, we strongly recommend that you update your hardware as soon as an update is available.

For our clients who enjoy our Proactive Managed IT Support and Network Security services, we have details of all WiFi equipment and will continue to monitor when vendors release updates and will install them as soon as they become available.

The devices and hardware that will need to be updated, once patches are released, include the following:

• Wireless Access Points (WAP) including Office and Home routers
• Desktop workstations
• Laptops/notebooks
• Mobile phones
• Tablets and e-readers that use WiFi
• Home devices connected to WiFi including Apple TV, NEST, Amazon Echo and Google Home
• Printers, both home and office, that use WiFi
• Any other device that uses WiFi

Need more information about KRACK, below are some helpful links to give you more of an insight into the KRACK WPA2 Vulnerability.

Wordfence 

KRACKATTACKS

BleepingComputer has compiled a running list of vendors, that is being updated regularly, as more information on patches becomes available.

StaySmartOnline

At iT and Beyond, as part of the Proactive Managed IT Support we provide to keep our clients systems safe and secure, we regularly monitor security alerts from are security partners.

Contact Us if you need any assistance with your Network Security.

Award Winning IT Support systems for Small Business, Accounting Firms and Not-For-Profit organisations

Selecting IT Systems that are right for your business

As is the case for our small business, accounting firm or not-for-profit (NFP) clients, the IT Systems we choose, need to reduce our costs, increase our productivity, mitigate business risks and assist us to provide superior customer service to our clients.

At [contentblock id=2 img=gcb.png] , we practice what we preach when it comes to selecting IT Support Systems, including strategic research, investment and ongoing development of breed-of-breed technology that provides automation throughout the entire delivery of Proactive IT Support services we provide.

Although the IT Support industry is spoilt for choice of IT Systems Management solutions and tools, careful cost-benefit evaluation and ongoing improvements are required to maximise investment benefits.  Some computer support tools are designed for specific tasks, whilst other solutions are feature rich and include components such as 24x7x365 Remote Monitoring & Management, Remote Control, Patch Management, Network Discovery & Performance, IT Automation, Backup and Disaster Recovery, Security, Professional Services Automation, Project Management and Customer Relationship Management.

After strategic research and testing of available solutions, we chose a unique IT Systems Management framework and online Client Support Portal that are both powered by leading global provider Kaseya and driven by Best Practice.

• Kaseya Virtual System Administrator (VSA): Remote Monitoring & Management (RMM)
• Kaseya Business Management Solution (BMS): Professional Services Automation (PSA) and Client Support Portal

Both IT Support systems are cloud based Software as a Service (SaaS) solutions.  They provide the flexibility needed to customise Proactive IT Support configurations for our small business, accounting firm or not-for-profit clients.  We continue to invest in ongoing development and improvements and their ability to help us prevent problems before our client’s notice them.

Kaseya’s solutions may not be the cheapest in the market, but as is the case with many IT Solutions, you get what you pay for.

Award Winning IT Support systems for Small Business, Accounting Firms and NFPs

Good to see Kaseya’s Virtual System Administrator (VSA) RMM solution has just won another industry award. See Kaseya’s recent blog post for more details.

Click here to learn how [contentblock id=company] can help you save on IT costs with our Proactive Managed IT Support Services for your business in [contentblock id=location].

Malware called DressCode infects apps in app stores

Apps infected with Malware called DressCode

Apps infected with Malware called DressCode are reportedly on the rise from application stores.

Dresscode Malware enables attackers to use your Android device to launch attacks against another

person or organisation’s online services or gain access to corporate servers and information.

Reports from TrendLabs Security Intelligence  state that even games and themes maybe infected with DressCode.

Other  reports state that 400 compromised apps have been detected on Google Play and more than 3,000 have been detected overall. 

Keeping your device safe from Malware DressCode

One of our security partners Sophos  recommends to keep your device safe by installing

Sophos Security for Mobile which is specifically designed for Android which can help identify

malicious or potentially unwanted applications.

We can can also show you how cost-effectively protect and maintain the security of your network, 

assets and data against external attack, providing you peace of mind with our Network Security Solutions.

Google Play also have some tips on protecting against harmful apps and recommends you check the star 

ratings and reviews of an app and the number of times the app has been downloaded before deciding whether or not to proceed.

More information 

‘Stay Smart Online‘              ‘Sophos Security’

iTandBeyond are an SSO Partner & Sophos Silver Partner

Be careful when installing Java Updates – more FoistWare

Exercise Caution when installing Java Updates

Caution when installing Java Updates is required or you may be tricked into installing FoistWare.

What is FoistWare (also called CrapWare)?

Firstly, lets explain what we mean by FoistWare.  FoistWare is a tactic used by software developers to install additional software during the installation process, sometimes without the users knowledge or consent or with deceptive messages that trick the user into installing the additional software.
Often if you accept the default installation options, the unrelated third-party software is installed.
The FoistWare itself may be a legitimate program, though the manner in which it is installed makes it FoistWare.
The software developers try to make a quick buck by tricking users into installing software they don’t need, which can impact on system performance.
Some FoistWare applications are browser hijacks that modify your web browser’s settings without user’s permission, which can inject unwanted advertising, replace your existing home or search pages.

This tactic is sometimes used by Freeware software developers and has been used by Oracle for many years when installing updates to their popular Java software.

What is Java (by Oracle)?

Java is a programming language and computing platform used on many devices from laptops to datacenters, game consoles and mobile phones. Lots of applications and websites will not work unless you have Java installed.
For Australian Accounting firms and Businesses, one especially relevant application that needs Java is the Australian Government’s AUSkey secure login, used to access participating Government websites.

Oracle is at it again installing deceptive software with Java Updates

Java Updates have previously tricked users to install the Google Toolbar, Yahoo and Ask Toolbar and Search App.  Here’s one example of what users were prompted with when installing previous Java Updates:

Previous Java Update defaulting to install Ask Search

The latest Java updates now try to trick you into installing the Teoma Search App:

Latest Java Update Install Offer Teoma Search App

Other vendors that have been purveyors of FoistWare include:

• Adobe when you download Flash Player, included Google Toolbar for Internet Explorer or when you download Reader downloaded Google Chrome.
• Skype

Our Recommendations for Caution installing Java Updates

It is important to install patches and updates for all software, including Java. If you don’t install the latest Java update, you may not be able to use your AUSkey to access Government websites.
When installing software, including updates, always review installation questions/options, rather than simply accepting the Defaults and clicking Next, Next, Next.

If you require any assistance with installing updates, removing any unwanted FoistWare inadvertently installed, or removing any browser hijacks, please Contact Us.

See the following articles for more information on Java Updates installing FoistWare:

• ZDNet
• CumpterWorld

Can Small Businesses Afford Proactive Managed IT Support?

Affordable Small Business IT Support

When determining the affordability and Return on Investment (ROI) of engaging with Proactive Managed IT Support Providers, Small Business Owners often find themselves in a position of trying to balance a limited budget while making sure they have the proper tools to grow their business.  It is a challenge many business owners face, in that they recognise the need for additional products or services that will allow their business to continue to thrive.   However, funds may be in short supply to achieve these goals.

Faced with this challenge, many small business owners are forced to make difficult decisions as to where they can afford to spend money to improve their business.  One of the areas in which business owners are on the fence is whether or not hiring a Proactive Managed IT Support Services Provider is something they can afford.  In some cases the cost is not worth the benefits, however there are many situations where cutting costs will end up costing you more money in the long run.  Here are a few reasons why managed IT support service providers may be more affordable than the alternative.

Technology – In order to be competitive today, small businesses must remain up-to-speed with current technology.  The amount of money invested in this area can be quite large, making it necessary to ensure you have someone in your corner who can help manage and support the technology used in your business.  While the average person is becoming increasingly well versed in the use of basic technology, there remains a need for experts in the industry to ensure your business can stay up and running on a daily basis as well as in the event of a natural or man made emergency.

Internal IT Department – Larger corporations have the budget necessary to support an internal IT department that provides expertise and support of the technology used by the company. Small businesses do not have the same resources and often find themselves either without backup or paying a high price when they have to bring in an outside expert.

Services provided by Proactive Managed IT Support Providers, also known as Manged Service Providers (MSP’s) – When a small business enlists the help of a Proactive Managed IT Support Service Provider, they will agree to a Service Level Agreement (SLA) which covers specific services at a specific price.  This allows the the small business owner to see upfront what they are paying for and how it will work in the budget.

Depending on the business, these services can be customised to meet the specific needs of the client, making it possible to reduce costs in certain areas.  There are many reasons why a small business owner might feel Proactive Managed IT Support service providers are not something they can afford.  Unfortunately the services provided are often not realised until there is an emergency, where small business owners quickly discover the amount of money spent to “fix” a problem or recover from a disaster is much more expensive than planning for it in the first place.  In this case it is not a matter of if you can afford Proactive Managed IT Support services, rather if you can afford NOT to have them.

Click here to learn how [contentblock id=company] can help you save on IT costs with our Proactive Managed IT Support Services for your business in [contentblock id=location].