Category Archives: Recent Posts

RELEASE: Security Baseline (FINAL) for Windows 10 v1809 and Windows Server 2019

by kurtsh 

 

New security baseline for our OSs was released:
Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 October 2018 Update (a.k.a., version 1809, “Redstone 5” or “RS5”), and for Windows Server 2019.
For now, download the content here: Windows-10-1809-Security-Baseline-FINAL. It will be posted to the Security Compliance Toolkit download site very soon.

Read the entire blog announcement here:
• RELEASE: Security baseline (FINAL) for Windows 10 v1809 and Windows Server 2019
kurtsh | November 29, 2018 at 2:48 am | Categories: Uncategorized | URL: https://wp.me/p15CWC-517

This announcement should indicate that the “October” release of Windows 10 will released to manufacture (RTM) soon. New features include Autopilot, Kiosk Mode, many security features.  Here’s a list of features coming in Windows 10 Release 1809.

Read the entire blog announcement here:
     RELEASE: Security baseline (FINAL) for Windows 10 v1809 and Windows Server 2019

Microsoft Gold Partner

Share this

How to Spot Phishing Messages Like a Pro

Update to STAY SAFE FROM PHISHING. 5 Ways to Stay Safe

June 2018 Volume 13 Issue 06

From the desk of Thomas F. Duffy, MS-ISAC Chair

The Federal Trade Commission’s definition of phishing is “when a scammer uses fraudulent emails or texts, or copycat websites, to get you to share valuable personal information.”[1] When a user falls for a phishing message, the malicious actor achieves their purpose of getting the victim to hand over sensitive information such as login names and passwords. Though we count on technologies and controls to minimize threats, phishing exploits users through social engineering, which allows the malicious actors to side step these protections. This is why it is important that everyone learn to spot these fraudulent messages. Let’s take a look at some example emails of phishing messages.

Message #1

Subject: Low Cost Dream Vacation loans!!!

Dear John,

We understand that money can be tight and you may not be able to afford to go on vacation this year.   However, we have a solution. My company, World Bank and Trust is willing to offer low cost loans to get your through the vacation season. Interest rates are as low at 3% for 2 years. If you are interested in getting a loan, please fill out the attached contact form and send it back to us. We contact you within 2 days to arrange a deposit into your checking account.

Please email your completed form to VacationLoans@worldbankandtrust.com.

Your dream vacation is just a few clicks away!

Dr. Stephen Strange

World Bank and Trust

177a Bleecker Street, New York, NY10012

What did you notice in message #1? 

In this message, you can see that the phisher wants to give us a low-cost loan with no credit check. They say we just need to send them our information and they will give us money, right? Not only does it seem too good to be true, but also when you hover the cursor over the email address to examine it further, you see that the link actually has a different destination. It is the email address of the attacker. Lastly, as much as you might like Dr. Strange, he’s probably not working for a bank part-time.

Message #2

Subject: Free Amazon Gift Card!!!

Dear Sally,

You name has been randomly selected to win a $1000 Amozan gift card. In order to collect your prize, you need to log in with your Amazon account at the link below and update your contact information so we can put your prize in the mail. This is a limited time offer, so please respond to the request within 2 business days.  Failure to respond will forfeit your prize and we will select another winner.

www.amozan.com/giftredemption2321

What did you notice in message #2? 

Aside from this seeming too good to be true, you can see that “Amazon” is misspelled as “Amozan” on the link provided. If you read this quickly, you may think you are responding to the real company to get your gift certificate. In reality, you are providing your information to the attacker. For the purposes of this example, the link actually navigates to the Center for Internet Security, which is a trustworthy site.

Message #3

Subject: Urgent – Take Action Before Your Email Account is Deactivated

Dear User,

Following changes to our Microsoft email systems, each user must authenticate their account to prevent it from being deactivated. You can accomplish this by heading to the link below and entering your Microsoft Outlook email account credentials, and then we will know your account is active and should remain so.

http://www.microsoft.com/

Thank you,

Information Technology

Helpdesk Support Team

What did you notice in message #3?

This email is fairly well crafted without errors. Note that it establishes a sense of urgency that the malicious actor hopes will cloud your judgment and threatens the deactivation of your email account. Additionally, the link at the bottom looks like a link to Microsoft, yet it is, in fact, heading somewhere else! Luckily, for the purposes of this example, that link simply leads to the Center for Internet Security, which is a legitimate site.

With these three examples considered, here are some basic recommendations to help protect you from becoming a phishing victim:

  • If it seems too good to be true, it probably is;
  • Hover your cursor over links in messages to find where the link is actually going;
  • Look for misspellings and poor grammar, which can be good signs a message is a fraud;
  • And, never respond to an email requesting sensitive personal information (birthday, Social Security Number, username/password, etc.).

 

Additional information and a phishing game can be found on the FTC’s website, https://www.ftc.gov/.

 

Share this

STAY SAFE FROM PHISHING. 5 Ways to Stay Safe

Phishing attacks are getting more sophisticated.  Use this post to arm yourself with 5 tips to spot a fake email.

  1. Check the Sender
  • Make sure the organization name in the “From” field matches the address between the brackets. Watch out for addresses that contain typos in the organization name (think amaz0n.com).
  1. Check the salutation
  • If you do business with an organization, the first line of the email should always contain your name. Don’t trust impersonal introductions like “Dear Customer.”
  1. Use your mouse to hover over links
  • Hover over an email link to see the full URL it will direct you to. Do NOT click the link—just hover. If the address isn’t where you’d expect to go, don’t click it. Check all the links—if the URLs are all the same, it’s likely a phishing email.
  1. Examine the footer
  • The footer of any legitimate email should contain, at minimum:
    • A physical address for the brand or institution
    • An unsubscribe button
  • If either of these items are missing, it’s probably fake.
  1. If it’s doubtful don’t click on it.  Delete it.
  • If you don’t know the sender, or even if something seems off, delete the email. If it’s not fake, the sender will contact you another way or send the message again.
Share this
Myths around data science

6 Myths Around Data Science Debunked

Data science is a competitive weapon for organizations globally. Like other technologies and processes that can change the way businesses operate, there are a lot of contradictory information and myths around data science on social media, blogs, and case studies that causes considerable confusion.

While most business leaders are aware of the fact that people adept at data science can enhance operational efficiency and customer relationships, they do not have right guidance in place and take the wrong steps by considering myths as facts. Below are six myths around data science, which are good to know in order to to position yourself better in this realm.

Let’s get started! Continue reading…

Share this

General Networks Named Among Leading Los Angeles IT Services Firms

General Networks is proud to announce that we were recently named among the top 5 IT consulting companies in the Los Angeles metro area by Clutch, a technology research firm. It was an especially competitive category with over 100 companies being considered.  The rankings were determined by analyzing our past work, market presence, and client feedback.

Leading LA IT Firms

Leaders Matrix for Top LA IT Services

 

One client, an agency from the California State Government,  gave us a standout evaluation regarding a documentation management migration project. For this client, General Networks helped them migrate million of documents from eDocs to Content Server.

“General Networks does what they say they’re going to do for the amount that they’ve quoted, and their work product is very good….their team is just very friendly. They rarely, if ever, make mistakes.”

The General Networks team is dedicated to providing the highest quality work, and it is great to hear our clients validate our claims.

If you are interested in learning more about our award winning work, you can check out our case studies or our Clutch profile to read full reviews.

IT_Services_Firms_LosAngeles_2018-200x

Share this

Document Management: Is Software as a Service or On Premise Right for Your Business?

Information management delivered via the Cloud, or Software as a Service is a great opportunity for many businesses, regardless of size, industry or location. There are scores of cloud solutions for document management, which have matured a great deal over the past several years; however there are still varying opinions whether public, or even private Cloud solutions will ever effectively replace on premise solutions. In many cases, hybrid file management solutions are the most viable option for medium to large enterprise companies.
Continue reading…

Share this

How Can Businesses Defend against Cyberthreats in 2015?

shutterstock_159902675

As we head into 2015, businesses must put an emphasis on IT security. 2014 was dubbed by many experts as the Year of Cyber Threats with notable attacks on Michaels, Home Depot and Target. In total, businesses across all industries reported 42.8 million detected attacks in 2014. This is up by almost a half from the year before. 2015 doesn’t look much better, which is why businesses must be proactive in safeguarding their infrastructure. With that in mind, we asked a General Networks security expert to talk about the most common cyberthreats out there and how businsses can fight back:
Continue reading…

Share this

Alfresco Software Wins Prestigious Red Herring Top 100 Award

logo-1

 

 

Alfresco Software was recently named a winner of the Red Herring Top 100 America, an award that honors the year’s most promising private technology ventures.  The company was selected from close to 3,000 tech startups from the United States and Canada.  In the past, Red Herring editors were among the first to recognize that companies such as Facebook, Twitter, Google, Yahoo, Skype, Salesforce.com, YouTube, and eBay would change the way we live and work.

Read the Article

About Alfresco

Alfresco provides modern enterprise content management (ECM) software built on open standards that enables organizations to unlock the power of their business-critical content. With the controls that IT demands and the simplicity that end users love, Alfresco’s open source technology enables global organizations to collaborate more effectively across cloud, mobile, hybrid and on-premise environments. More than 1,800 organizations in 212 countries turn to Alfresco for its hybrid, enterprise-grade platform. Innovating at the intersection of content, collaboration and business process, Alfresco manages over seven billion documents, powering the daily tasks of more than 11 million users worldwide. Select Alfresco customers include: Amnesty International, Cisco, DAB Bank, FOX, NASA, PGA Tour, and Sony Entertainment.

Share this

The Reasons Why Some ECM Deployments Are Successful and Others Fail

How can an organization ensure a successful ECM deployment? Earlier this month we discussed what organizations are getting wrong after the implementation occurs; now we thought it would be a good time to answer some common questions you might have about ECM deployments in general. We will talk about why they sometimes go wrong, the steps you can take to prepare for deployment before the project begins, and how to make a strong business case for ECM to senior management. We will also discuss some of the advantages organizations can experience when they choose General Networks for ECM deployment. Let’s get started…
Continue reading…

Share this

Why Are We Still So Slow on Business Process Management? (Part 1)

shutterstock_88551592-1

If you asked people in the 1950’s to predict how computers would be used in the future, what might have they said? Popular images of the time included robot maids, robot doctors and nurses, personal helicopters that would automatically fly you to your destination, and all-knowing robots that respond and execute our voice commands at work and at home.  While the 50’s prognosticators went overboard on the helicopters, many of their predictions are coming to fruition.

We have accomplished amazing feats with factory automation.  You have to look hard to find human beings in many factory assembly lines.  However, when it comes to the automation of business processes, technology adoption is moving slowly.

Why?  Because factory automation deals with machines that execute templates.  All known possibilities are accounted for. When it comes to complex business processes involving people, unpredictability, and things that go bump in the night, workflow applications have a mixed rap.  Lots of workflow projects have either been abandoned or failed to make it through the gauntlet of user acceptance.  Simple workflows that are supposed to cost X dollars end up as complicated workflows that cost 4X dollars.

Software vendors have added other challenges of implementing successful workflows by building more complex and feature-rich platforms called BPM (for business process management).  So while factory workflow thrives, white collar business workflow is way behind in automating the work performed by its white collar work force.

In this two-part article, we’re going to talk about what BPM is and why it’s such a hassle to implement.  In the end, we might be able to help you know what questions to ask before you can determine whether BPM makes sense for your organization or if BPM is too difficult, risky, and expensive to implement.

Defining BPM

Let’s first take a stab at defining three essential workflow terms: business process, BPM, and BPM Suite (BPMS):

  • An event-driven, end-to-end processing path that starts with a customer request and ends with a result for the customer. Business processes often cross departmental and even organizational boundaries.
  • A management discipline that treats business processes as assets that directly improve enterprise performance by driving operational excellence and business agility.
  • The software incarnation of BPM is the BPM suite, which Gartner defines as an integrated collection of software technologies that enables the control and management of business processes. BPMSs deliver both short-term benefits (such as cost and time savings and compliance) and long-term advantages, including visibility into cross-functional processes, the agility to meet changing market and user needs, and even revenue growth.

BPM systems typically include a set of services and components like the following:

  • Business process modelling tools to help you analyze and define how your business process works,
  • Prototyping tools that allow proposed workflows to be simulated and tested under different scenarios of use
  • Workflow design tools to enable you or your expert developers or application consultants to create the workflow steps in your BPM application, and
  • Reporting and analysis tools to reveal how well the workflow that you’ve built in your BPM system actually performs.

BPM systems handle complex processes that can support multiple contingencies and business rules that use data from multiple data and application platforms, e.g., an invoice processing application that evaluates who needs to sign off in the approval process based upon the requesting department, invoice total, budget categories, and date; checks a shipping and receiving database; and updates an accounts payable database.

However, they do have their limitations no matter what a vendor will tell you.

There Is No One BPMS to Rule Them All

BPM could be thought of as a management of workflow. Workflow handles the automation of the business process, while BPM handles the complete lifecycle of the business process. Therefore, we should take a look at different types of workflows out there to get a better idea of why there is no single optimal BPM product. We will separate them into three: rules-based, ad hoc and case management.

Rules-based workflows are used for pre-defined processes, like processing a payment for a monthly utility bill.  Rules-based workflows require little or no worker discretion, are highly controlled, and are easily automated.  Other examples of rules-based workflows are invoice payment, processing purchase requests, applications for membership, service requests, claims processing, and HR onboarding.

Ad hoc and case management are workflows that aren’t so pre-defined and structured.  On the simple side are ad hoc workflows, where the user decides on a case-by-case basis the steps and people who will be in a workflow.  Ad hoc workflows are used for simple routing workflows.  On the complex side, there is case management.

Forrester defines case management as “A highly structured, but also collaborative, dynamic, information-intensive process that is driven by outside events and requires incremental and progressive responses from the business domain handling the case.” Some examples it cites include patient records, lawsuits, insurance claims, and contracts.  The data for each case “includes all the documents, data, collaboration artifacts, policies, rules, analytics, and other information needed to process and manage the case.”

To see how a workflow is related to a BPM system, let’s take a look at an example of a simple workflow for a request/approve process.

In this case, it’s a request to customer support for a partial refund.  The workflow starts with an event – a customer inquiry to customer service.  Here’s how it goes:

Customer inquiry > Log call for tracking > check records > work with engineering > work with sales, credit order processing > respond to customer > report to management.

In order to process this request, specific structured data (typically from a database) and unstructured information (typically documents, emails, or pictures) is required.  The structured data includes customer number, phone number, model number, serial number, date of purchase, sales representative last and first names, purchase price, and cost.

The unstructured information includes email from engineering, email with sales on what to credit, and a spreadsheet analysis.

The BPM system for this workflow application will need integration with a customer database, an email system, and a document management application.

In a nutshell, different categories of workflows require different BPM or workflow capabilities.  This is why there are BPM tools that focus on human-centric processes and others that focus on systems-centric processes. While most BPM vendors think of themselves as having a jack-of-all-trades platform, none of them are there yet.  Each BPM product excels in certain areas and is weak in others.  In short, in order to acquire a workflow system, you’ve got to know your requirements well enough to know what is essential and what would be nice to have in a workflow and BPM product.

Do you feel like you have a better idea of what BPM is now? Okay, it’s time to move on then. In our second part, we will talk more about making the decision to get a BPM system, some common pitfalls that businesses fall into, and how to find the right product and vendor.

 

 

Share this