Author: rory-admin

CMMC Series: Tier Three Overview
We’ve covered tier one and tier two of the Cybersecurity Maturity Model Certification (CMMC) program, and this week we’ll be tackling tier three.

Before we dive in, we want to mention that we’re covering tier three as it exists currently (in 2022), version 1.0 has five tiers but once version 2.0 of the program releases it will be reduced to three tiers.

What is currently tiers two and three will just be tier two version 2.0 of CMMC in the future, so it’s still worthwhile to pursue up to tier three in the existing model.

Tiers four and five in the existing model (or tier three in the future in version 2.0 of CMMC) feature the highest level of protection and may not be necessary for most businesses pursuing Department of Defense (DoD) contracts. It’s estimated less than 1% of businesses will need to pursue beyond tier three.

If you were to give the first three tiers’ labels, tier one would be considered “basic hygiene”, tier two would be “progressive hygiene” and in tier three you reach “good cyber hygiene”. By tier three your business will be well protected from cyber-attacks.

Tier one had 17 controls, tier two added 55 more for 72 total, and tier three almost doubles the controls adding another 58 for 130 total.

Level three expands on Access Control, which adds 8 more controls that focus on encryption and preventing unauthorized access to sensitive systems.

Next, we see a new control in Asset Management that requests that you develop plans and procedures for handling CUI data.

Audit and Accountability has 7 new controls that ask you to expand on your logging efforts as well as restrict access to those logs to only authorized users.

Awareness and Training has one new control and it’s solely around providing and maintaining cyber training for your employees.

Configuration Management adds three new controls, the CMMC controls in this category are looking for you to tighten up the configurations on your business’s devices, such as preventing downloads of unauthorized software and disallowing users to make security changes on their own.

In Identification and Authentication we see four controls aimed at tightening up your user security, such as not allowing passwords to be reused and requiring MFA (multi-factor authentication).

The two controls found in Incident Response ask you to track any incidents that occur and regularly test your organization incident response capabilities.

Tier three Maintenance adds two new controls, one that asks you to sanitize any equipment of CUI data before it’s removed for maintenance and another that asks you monitor any media meant for testing or diagnostic purposes for malicious code before installing it on your devices.

Media Protection adds four new controls, they all involve properly marking and restricting access to CUI data.

Physical Protection in tier three of CMMC adds one control and it asks you to continue expanding on your efforts to prevent physical outside threats to the CUI data your business holds.

Recovery also adds just one control and it’s aimed at having a schedule for your businesses backups that is strictly maintained and that proper storage capacity for your backups is provided and prioritized.

Risk Management adds three controls, two are about maintaining risk assessments and developing plans to mitigate any identified risks. The third asks you to manage products not supported by vendors separately, including enforcing access and use restrictions on them. What they mean by this is if your business utilizes an older piece of software you’re not able to discontinue yet – you need to quarantine it to be in compliance with CMMC. Any piece of software not updated is a potential threat vector for your business.

Security Assessment adds two new controls, they want you to monitor your security controls for ongoing efficacy and also have an independent security assessment conducted to identify any areas of risk that may be missed in your internal efforts.

Not seen in tiers one or two, tier three introduces the first Situational Awareness control, and it asks that you begin to share cyberthreat intelligence found from reputable sources with your stakeholders. An example would be if there’s been an announcement of a breach occurring with a software your business uses, you would be obligated to share your knowledge of that breach as it becomes available to you.

System and Communications in tier three adds the most new controls of any category with 15 controls in total. Controls in this category cover items such as ensuring proper information security across your in-house efforts in software engineering and system development to maintaining cryptographic keys for all the cryptography used on your systems. All of the controls are aimed at completing finishing touches when it comes to tightening up the security on your systems.

Finally, System and Information Integrity adds three new controls. One asks that you beef up your efforts to block spam at all entry points, the second asks that you utilize all available efforts to prevent and detect document forgery and the third asks that you implement “sandboxing” to filter and block potentially malicious emails.

As you can see, tier three greatly expands on the active role your business will need to take when it comes to cybersecurity measures. Implementing tier three will be made easier though as your business conducts the cumulative process of preparing better cyber readiness.

For example, in tier two we saw monitoring efforts increase substantially, in tier three you can use the records that have been obtained to fill in the gaps that were uncovered in that process.

Because such a small portion of businesses will need to obtain tiers four and five, we are not planning to have an in-depth article on those tiers. If you would like to have a consultation with Valley Techlogic on the CMMC process and the maturity level you will need to obtain for your business, you can schedule one here. In next weeks article we’ll talk about the CMMC auditing process and what you’ll need to do to prepare as your audit approaches.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
January 28, 2022
Five Must Have Features in a Business Continuity Plan
While business continuity plans should cover topics that extend beyond the realm of technology, it makes sense that technology naturally moves to the forefront when much of the focus of a good business continuity plan focuses on the ability to perform business functions as normal.

Business continuity is defined as “”the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident”, and disruptive event can have many meanings. It could be a natural disaster, a cyberthreat, or even a short-term outage situation like if your office loses power or internet access.

You should have plans for both short-term and long-term outages written into your plan. However some studies have shown that as high as 51% of businesses globally do not have a business continuity plan in place at all, and what’s worse – only 10% of businesses who experience a disaster and do not have a business continuity plan survive.

Who should make plans for your business if not you? If you have no continuity plan in place you may find that you’re scrambling to make decisions under duress and attempting to delegate to third party vendors who have their bottom line in mind, not yours.

So, how do you start in creating that plan? The first step is to have an honest look at your businesses risk factors. This includes environmental factors, does your area face brown outs when the heat starts to peak in the summer? Or snow that prevents employees from reaching the office in the winter at times?

Maybe there are some things that are individual to you, such as touch and go internet access in your office building or phonelines that are less than reliable. Do you have a server on its last legs that’s been acting finicky? Its eventual failure should be written into your continuity plan.

You also need to look at your cyber risks, if your employees aren’t being training on cybersecurity safety then that’s a huge factor that must be addressed and planned for. You need to ask yourself what you would do if your data was breached, or an employee email was compromised.

It’s overwhelming but as with most things starting the process is the hardest part and having a candid look at your business could mean eliminating certain risk factors (like moving data away from the server on it’s last legs into a cloud solution).

You may even find ways to make your business more efficient, if you know brown outs are common where your office building is located in the summer perhaps you would make a plan to have employees work from home more during that time. Or having your internet service provider address the issue of frequent outages rather than just rolling with them as they occur.

All in all, these are the five things we would suggest you focus on as you make your business continuity plan:
1. Technology – How will employees continue to work if your office operations have been waylaid.
2. Power – If power goes out what kind of backup plan will you need to have in place, such as a generator to keep your server online.
3. Communications – Do you have a standard way with communicating with your employees? If you need to get a message out quickly to all of them, could you presently do that?
4. Vendors – Inform your vendors of the provisions you’ve put in place in case a disaster were to occur, and inquire what plans they have in place on their end (because a disaster for them could be a disaster for you).
5. Data Protection – Most businesses require an online presence to continuing operations, you will need provisions for if your data is compromised or inaccessible. At Valley Techlogic we suggest having a multi-layer backup approach, so if one backup is compromised you will have the others to fall back on.
To get you started, we’ve prepared this emergency contact worksheet for your employees. You can fill in who they should begin to reach out to and what steps they should take if an emergency occurs. If you would like us to personalize it with your logo just let us know.

Click to grab the full size version for your business. Need it personalized? Contact us.

Valley Techlogic can help you to begin establishing a business continuity plan and also help you with mitigating risks to your business, learn more today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
January 26, 2022
CMMC Series: Tier Two Overview
This is the third week of our Cybersecurity Maturity Model Certification (CMMC) Series. You can find week one, which was a look at what’s happening with CMMC in 2022 here. Last week, we gave you an overview of tier one which you can review here.

Tier one in CMMC really covers the basic foundational steps you must take to move on to tier two and tier three. For some contractors, tier one will be enough to keep and maintain compliance with their Department of Defense (DoD) contracts. Every situation is unique, but broadly speaking if you don’t handle Controlled Unclassified Information (CUI) in your business – tier one will probably be the extent that you need to reach.

If you do handle any CUI data, then we recommend you strive towards tier two or tier three. Many of the protections that come in the later tiers specifically cover how to safeguard this data and it’s in your businesses best interest to meet the requirements. While there are no direct financial penalties at the time of writing for not doing so, the DoD is considering a system of rewarding businesses who achieve greater CMMC maturity levels.

If you and another business are exactly the same in what you do and, in your pricing, – or even if their pricing is a bit higher than yours – if they have achieved tier three cybersecurity maturity model certification and your business is tier one or not certified at all yet, it’s likely your competitor will win the bid.

So, what goes into reaching tier two in CMMC?

Tier two is the next milestone within CMMC, and the difficulty does scale considerably with each level. While tier one had 17 provisions, tier two introduces 55 more for a total of 72 practices you’ll need to cover to meet the requirements (the practices are cumulative).

In addition to more practices tier two also introduces new domains.

First there is Access Control, tier two access control looks to limit access to who can log into your organizations systems (and how much they can access when they do).

Next is Awareness and Training, in tier two you will need to make sure your managers, administrators and anyone else you who would have access to sensitive systems is attending regular cybersecurity training.

In Audit and Accountability, we look to maintain logs of user activity for review.

Security Assessment is where we really begin to see accountability being held on organizations, you will need to conduct regular assessments as you work towards your cybersecurity goals and develop cybersecurity plans based on the assessment results.

Configuration Management covers the need to manage the configurations of your office devices and equipment with cybersecurity best practices in mind.

Identification and Authentication is similar to access control, but it specifically looks to limit sensitive systems to only those who should have authorization to access them.

While tier one in CMMC only covered the basics and didn’t address what happens when you have a cyber incident, tier two starts to cover that with the Incident Response control.

The Maintenance control in tier two actually refers to your devices and how you maintain them, and what you will need to do in case of their failure.

Media Protection in tier two covers specific provisions around the handling and destruction of removable media, such as flash drives.

We started looking at Physical Protection in tier one by keeping visitor logs, but tier two asks that you actually begin to escort guests through your facilities and screening personnel.

Tier one surprisingly doesn’t ask that you backup your data (even though we would always recommend that) – in tier two Recovery you must have a plan for backing up your data.

In tier two Risk Management, CMMC asks that you begin to conduct risk assessments and fix any vulnerabilities that are uncovered during the process.

Systems and Communications Protection in tier two includes controlling communications within your organization, not just monitoring them.

Finally, the System and Information Integrity domain covers actively monitoring your systems for breaches and quickly resolving any that come up.

As you can see, CMMC maturity tier two dives into the deep end of cybersecurity, but the provisions it covers will make a discernible impact in your cyber readiness throughout your entire business.

Does your business need to meet the requirements for being certified with CMMC? Valley Techlogic can help, we have experience helping DoD contracted businesses reach their cybersecurity and CMMC goals, as well as helping with the certification process itself. Learn more today in a free consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
January 21, 2022
The 5G rollout and the concern over C-band has caused some airlines to cancel flights
Even though major carriers AT&T and Verizon scaled back their 5G rollout scheduled for yesterday, some flights were cancelled or rerouted anyways due to the concerns that 5G could cause airline equipment to malfunction.

AT&T and Verizon turned on sections of their C-band 5G networks across the US on Wednesday but have agreed to hold off on enabling it directly near airports for now. However, concerns still arouse that interference could occur for aircraft that use the same C-band frequency for their radar altimeters which they use in low visibility conditions.

It’s estimated that 62% of our current airport fleet have altimeters equipped that will not be affected by the 5G rollout. Severe flight delays are still occurring across the country and also for international inbound flights, and there delays are compounded by the effects the Omnicron COVID variant has had on flights.

The C-band 5G rollout has been delayed several times as carriers tried to negotiate with the Federal Aviation Administration (FAA) over their concerns. AT&T and Verizon have also agreed to run their towers at low voltages near airports initially so adjustments can be made to aircraft altimeters.

C-band 5G will change data availability for mobile devices dramatically. It’s better equipped to handle bandwidth traffic at much higher speeds. It can be 10 times as fast as 4G in some scenarios and could make faster internet availability possible for those in rural areas.

This band of 5G (also known as the “goldilocks band”) also performs better across longer distances than previous iterations. Verizon and AT&T has had a “low band” 5G option that covered large distances but only at the same speeds as 4G, or it could cover a very small area at the desired 5G speeds. The C-band variation of 5G can maintain it’s faster speeds across distances and through buildings.

As our society continues to become more decentralized, 5G will enable more users faster access to the web on their devices no matter where they’re logging in from. It’s not surprising AT&T and Verizon bid $81 billion dollars for access to the C-band spectrum when it came up for auction.

It’s not available to everyone at the moment though, Wednesdays rollout occurred in several major metropolitan cities. You also need a 5G capable device to access the 5G network, to see if you’re currently using the upgraded 5G look for a 5G+ or 5GuW symbol on your phone.

How can the US fix concerns surrounding the 5G C-band and aircraft interference? France has successfully rolled out 5G without causing issues for airlines, they’ve ensured that 5G towers were tilted away from flight paths, they also use a slightly slower C-band spectrum to ensure aircraft safety.

The current plan is for 5G to operate on the 3.7 and 3.98 GHz while flight radar typically operates on 4.2 to 4.4 GHz frequency band – leaving only a very small buffer. In Europe, 5G operates on the 3.4 to 3.8 GHz frequency band which still allows for vastly increased speeds over 4G but a much larger buffer against the aircraft radar frequency.

Many of our customers currently take advantage of mobile data plans for their remote offices or while on the go. If you would like assistance navigating internet options for your business, Valley Techlogic can help. Schedule a quick consultation with us today to learn more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
January 20, 2022
CMMC Series: Tier One Overview
Last week we covered a general overview of what the Cybersecurity Maturity Model Certification (CMMC) program is and what’s been announced for 2022 so far. Presently, there are five maturity tiers found in program, although if (or when) version 2.0 is released it’s been announced that the program will be simplified down to just three tiers.

The changes that will be happening with version 2.0 however don’t affect tier one very much. Tier one covers basic cybersecurity hygiene in both versions of the program. It sets the groundwork for the later tiers and while the topics covered are “basic”, the foundational coverage they provide is imperative for any business – not just those required to adhere to CMMC for contractual or compliance reasons.

The Cybersecurity Maturity Model Certification (CMMC) program includes 17 controls at the moment with 171 practices. Thirty of those practices are only found within CMMC and not in the framework which formed the basis for it (NIST) and are anticipated to be removed in version 2.0. However, in both version 1.0 and 2.0 there are 17 practices that must be adhered to for tier one.

It’s important to note as well this process is not one and done, you must actively maintain your cybersecurity compliance to continue being certified within CMMC. Failure to do so could result in losing your certification, losing contracts that require CMMC compliance, and or even being fined for violating the False Claims Act (FCA) which will talk about in more detail in a future article.

It’s beneficial to maintain your compliance to both adhere to the program and protect your business from cyber threats.

In tier one the program begins with “Access Control” and there are five components. These components cover topics such as user privileges and controlling remote access and access to internal systems.

The next control is “Identification and Authentication” which aligns well with Access Control, the two practices found within that control involve documenting those that access your systems and maintaining reports for those logins.

Then we have “Media Protection” which has just one practice and it’s aimed at maintaining sanitation of your devices (such as removing sensitive data from hard drives).

Next, we have “Physical Protection” and in tier one of CMMC this topic covers improving the way you surprise visitors to your office location (a lot of cyber threats stem from an attack known as “spear phishing”). There are four practices found under “Physical Protection”.

“System and Communication Protection” has two practices and they’re both aimed at securing the private communication you and your employees have (that may include CUI – Controlled Unclassified Information – data).

Finally, we have “System and Information Integrity” which has five practices that cover better securing your businesses systems, including performing needed updates, and monitoring for malicious code.

As you can see, these basic practices set a good baseline for activities found in higher maturity tiers. In tier one “System and Information Integrity” you’re monitoring for malicious code – in tier two and three there are practices that stipulate how to actually deal with it.

We will be continuing to provide more information on CMMC in this series, next week we will take an in depth look at tier two. If your business needs to meet the requirements for being CMMC certified, Valley Techlogic can help. We have experiences helping businesses achieve greater cybersecurity compliance and assisting them with the certification process. Learn more today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
January 14, 2022
Norton’s Antivirus Software Comes with a Crypto Miner, and They’re Not Alone
Last week a claim unfolded on Twitter that Norton was installing crypto mining software without authorization on PC’s which then rose to the level of outrage amongst some Norton antivirus software customers.

The truth on the subject is a mixed bag, while it’s true they are installing a crypto miner on customer machines it’s not active on every machine, customers must authorize the process before the device will begin mining crypto (in this case Ethereum). If you authorize Norton to begin mining cryptocurrency on your device they will setup a wallet for you and after a small cut, and then deposit your earnings there when you meet a certain threshold.

Norton did make an announcement that they were planning on including a crypto miner within their software before rolling it out to a small number of users last summer, however at the time of writing we’re uncertain any announcement was made when they decided to make it a component for every user.

Their goal was to provide a “safer alternative” to other sketchy mining programs a user may find on the web. Although we suspect that the cut (15% at the time of writing) they’re receiving from users who opt in is an added bonus.

Even with the news that you must activate the crypto mining intentionally before Norton will crypto mine on your behalf, many aren’t happy that the application is a default addition to their antivirus services and there Isn’t a clear-cut way to remove it.

We do have instructions for removing it, you must temporarily turn off Norton’s anti-tamper feature (instructions on how to do so here) and then you’re able to remove the NCrypt.exe from your PC. If you do decide to instead use the crypto miner, it works as others do where it will only begin mining when your computer is idle.

Norton aren’t the only antivirus software providers including a crypto miner built in either, Avira antivirus (which for transparencies sake has been recently purchased by Norton 360) has also announced Avira Crypto.

Although the details on Avira Crypto are even more sparse than with Norton Crypto, they don’t currently specify what they’re cut is from the currency you mine for instance.

It’s also worth noting that the inclusion of crypto mining into these antivirus software has caused other unrelated antivirus software to flag them as potentially malicious. Users currently annoyed by the inclusion believe Norton should be on the same page, that they should be flagging and removing unauthorized crypto miners – not installing their own.

Also, the fees taken by Norton or Avira stack up with the fees associated with moving the Ethereum out of the wallet they create into one where you can actually use it, which means it can take a while before a user accrues a usable balance (while at the same time increasing wear and tear on their machine and adding to their power bills).

All and all it’s a pretty mixed bag and for users who are not yet savvy in the crypto mining space, maybe not the best additive to a software meant to protect their machines from destructive intrusions.

Speaking of destructive inclusions, we have created this chart with some tell-tale signs your computer may have a virus or malware. It’s in a format meant for printing and can even be printed as a poster.

Click to grab the full (poster) sized format.

If you’ve ever experienced a malware attack in your office, Valley Techlogic can help. We have assisted businesses in their recovery, or if you’ve been lucky enough to avoid it so far, we can help make sure things stay that way. Cybersecurity coverage is included in all of our plans. Learn more today in a quick consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
January 12, 2022
CMMC Series: What’s Happening in 2022
We’ve touched on the Cybersecurity Maturity Model Certification (CMMC) before in this blog, but over the next five weeks we’ll be doing a deep dive into this particular cybersecurity framework in our new CMMC Series. Starting with today’s post on what’s happening currently and what we can expect in 2022.

At Valley Techlogic, we believe a good cybersecurity framework can be the backbone for businesses looking to beef up their cybersecurity implementation. The roadmaps found within frameworks such as CMMC, HIPAA, CIS and NIST act as a perfect guide whether you’ve been implementing cybersecurity strategies for a while or are brand new to the process.

Our focus on CMMC occurs as the program is set to go through changes. CMMC Version 1.0 was released January 31^st, 2020, and while it borrowed most of its components from NIST, it did have 30 additional requirements that aren’t found in the National Institute of Standards and Technology (NIST) framework.

Those additional standards will not exist in version 2.0 however, as the Department of Defense (DoD) moves to simplify the program and roll back any government oversight that may overreaching. Version 2.0 will allow more companies to self-certify as well.

Rolling out a new version of anything in the government is a time intensive process, since the new changes were announced it’s anticipated it could take anywhere from 9 months to 24 months before a ruling is established. Also, some groups who are currently involved in implementing CMMC are protesting the changes.

Regardless of what version exists, we’re past the point where businesses who hold contracts with the DoD can choose to ignore the writing on the wall. You will need to start implementing these security measures now if you haven’t already if you want to maintain your compliance with the DoD rules for their contractors. Whether 2.0 passes or not, CMMC is not going away.

CMMC accreditation audits are expected to kick off soon, and there’s even some talks about incentivizing businesses who receive their CMMC certifications before it’s officially required. CMMC certification also lets your customers know you take securing their data seriously within your organization.

Whether it’s 5 tiers found in the existing model or 3 tiers found in 2.0, the best place to start is in the first tier. These changes are easy to quickly implement and will lay the foundation for future cybersecurity improvements. At Valley Techlogic, we have experience helping businesses implement the requirements found within CMMC (as well as NIST, HIPAA, CIS and more).

We can help your business self-certify and prepare for CMMC accreditation. We can quickly bring you to compliance with tier one and set goals for the more advanced levels.

Over the next weeks we will talk about the goals found within tier one and beyond in this ongoing CMMC series. If you’re hoping to meet the qualifications for CMMC accreditation in 2022, schedule a meeting with us today to learn how we can help with the process.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
January 7, 2022
New Year, New Bugs – The Y2K22 Bug Crippling Exchange Servers
We hope everyone had a wonderful New Year but unfortunately for those with 2016/2019 Exchange servers, the turning of the clocks to 01/01/2022 led to an unpleasant bug.

Computer bugs related to a New Years event aren’t uncommon, we created this infographic about other times this has happened (as well as a notable future one).

Click to open the full size.

The error this time was caused by the date checking within the anti-malware portion of Exchange. The date check failure caused the anti-malware system to crash which led to messages being stuck in a queue, with many IT professionals noticing it happening right at midnight on New Year’s Eve.

Exchange administrators online started noticing error messages with their exchange servers as soon as the new year hit, such as “The FIP-FS Scan Process failed initialization. Error: 0x8004005. Error Details: Unspecified Error” or “Error Code: 0x80004005. Error Description: Can’t convert “2201010001” to long.”

Microsoft rolled out an update to Exchange servers labeled “220101001” on New Year’s Eve that appears to have begun the issues, and update “220101002” also was plagued with the same problems.

Disabling malware filtering acted as a stop gap fix for some, though Microsoft has now released a script to fix the issue. They’re warning users however that the fix will “take some time”. The script must be run on each 2016/2019 Exchange server and is reportedly taking up to 30 minutes to run.

There’s also a manual fix for users who choose to go that route, although this may not shorten the execution time. It will also take some time for the messages that were stuck to finally clear the queue. Some users are reporting the script didn’t work to solve the problem initially but running it multiple times finally lead to a solution.

So, what’s the easy explanation as to why these bugs arise in the first place? The most famous example of a time related bug occurring is of course Y2K, but as in our chart these bugs have been occurring since nearly the time a computer first existed (all the way back to 1975).

The cause is due to how computers calculate and format time. When computer programs first started being developed, engineers entered time as two-digit number such as “70” for 1970 to save on storage space (which was incredibly expensive at the time). As the year 2000 approached the fear was computers would interpret “00” as “1900” instead of “2000”. This would lead to a host of problems for software that needs an accurate date for its calculations – such as banks or travel institutions.

Engineers raced to solve the problem and, in the end, not many issues occurred with the Y2K bug. As we see now with the Y2K22 bug however, the problems with computers and their calculation of time are an ongoing process. They’re not always specifically tied to a New Year’s event either, on September 9^th, 2001, the number of seconds past the Unix Epoch date of 01/01/1970 passed 1 billion, causing many of those programs to fail.

Time is a complex topic as we all know, and even more so for computers and other devices that need extremely accurate time calculation to run properly. If the complexity of this bug or any other device related issues is making your head spin, why not leave it to the experts? Schedule a call with Valley Techlogic today to learn how we can save you time and frustration when dealing with your businesses IT this year and beyond.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
January 5, 2022
LastPass say they didn’t leak your password, however some users still received alarming alerts
Yesterday, a number of LastPass users received alarming alerts in their email inbox that their passwords – including their master password – had been compromised. The news quickly spread across the internet, starting with forums, and then making its way to Twitter where it was picked up by larger news outlets.

LastPass immediately denied that a breach had occurred within their organization and at first indicated that the alerts were happening to users who were the victims of “credential shuffling”. That means these users had reused their passwords on other websites who may have had a breach in the past, and now bots trolling the internet for compromised accounts have stumbled upon their password vault credentials.

This didn’t end up being the case either, but it is a good reminder NOT to password shuffle, especially with the master password for your password vault (if any password should be unique – it should be that one).

As of this morning LastPass determined that the alerts were sent in error by systems that were set up to be too stringent. They’ve indicated they now adjusted the alerts systems so inaccurate alerts will not be sent again. They also clarified that they don’t store user passwords on their own servers, and that they work on a “zero knowledge” security model which means they are not able to see your master password at all.

The fact that this news took off in a flash may be indicative of the heightened awareness users have around the security of their data, especially those who currently use a password manager as part of their security repertoire. Even if the alerts occurred in error that may be cold comfort to the scare those users experienced.

To us, it’s a reminder that the best cybersecurity efforts are multi-layered. We believe it’s equal parts implementation of security measures, monitoring of those measures, and behavioral changes on the part of the users.

Even if the alerts that occurred yesterday were the result of a system issue not a security issue, we think the users that responded had the right idea when they chose to investigate. It’s also a good idea to change your password if you get a security alert, even if it turns out to be a false alarm. It won’t hurt anything to take that extra step to protect yourself, the old adage “Better Safe Than Sorry” rings especially true when it comes to cybersecurity threats.

We created this resource on the topic of good password hygiene that you can keep to review, or even pass along to your co-workers/employees.

Click to view the full size.

Finally, even if the unthinkable occurs and your passwords are leaked, again a multi-layered approach will protect you. You should enable 2-factor/multi-factor authentication when and where you can. So if someone does get your password somehow, they still will be blocked from logging in.

If the security measures in your workplace aren’t up to snuff or you’re interested in cybersecurity training for your employees, Valley Techlogic can help. Boosting the security measures for your business and providing a digestible cybersecurity training program for your employees is included as part of our technology service plans. Schedule a free consultation with us today to learn more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
December 29, 2021
High Tech Holidays – Five Ways Technology Can Make Your Holiday Season Easier
We’re right in the middle of the holiday season right now, and we thought the best gift we could give to you (our readers) is some advice straight from the tech experts on how to use technology to make your holiday season easier.

We have five tips to utilize technology for an efficient and fun holiday season.
1. Long Distance Calls Don’t Have to Be Expensive: If your phone is stuck in the past make it your New Years resolution to change that. VoIP for home and businesses will save you money on traditional telecom costs, even when Aunt Brenda talks your ear off.
2. Utilize The Cloud for All Those Photos and Christmas Cards: Skip hauling boxes of cards and photos up to the attic after the holiday season, scan and store those precious memories digitally in the cloud. Bonus, you never have to worry about a roof leak or other disaster ruining them.
3. Designate a Network for Your Guests: For modern routers, giving out your Wi-Fi password to all your guests is no longer needed. You can activate a “Guest Network” in your router settings with its own password and name, and then turn it off when everyone goes home. You can even give your temporary network holiday themed names like “Winter WonderLAN” or “FalalaLAN”.
4. Flying? Use a Fare Tracker: If your flight plans can be somewhat flexible, utilizing online fare trackers will be your best bet in saving you a lot of money this holiday season. They will help you figure out when the best time to purchase those tickets is. In the same vein, you can utilize price trackers for gifts you purchase online too.
5. Get a Head Start on New Year’s Resolutions – Tech Edition: Another thing to consider is making some good tech hygiene a part of your New Year’s resolution. While you make changes in 2022 to make yourself healthier and happier, make your devices healthier too by keeping them up to date with security patches and updates (especially with vulnerabilities such as Log4J running amok).
We hope these tips help you have a happy holiday at home. For your business, the holidays may represent a time of stress as you wonder if you’ll have coverage for the technology in your business or if your current service provider will be available to take your calls and service requests.

At Valley Techlogic, we are dedicated to our customers success. We offer after hours, weekend and holiday support – usually at no additional cost for customers who have one of our service plans. Also, for the rest of December we’re offering one month FREE to new customers.

To learn more about the kind of benefits you receive as a Valley Techlogic customer, we’ve created this chart:

Click to see the full size version.

As you can see, all of your preventative maintenance is covered under a Valley Techlogic service plan. This may even free up time for you if you’re a business owner who’s been handling a lot of these items yourself, which during the holiday season is invaluable. If you’d like to learn more schedule a quick consultation with us today. Happy Holidays!

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
December 22, 2021