Author Archives: cenetric

If you are using Windows Installer, Stop!

You May Be Sabotaging Yourself!

This latest cyber-attack uses Windows Installer to download malware onto your computers. What is CVE-2017-11882, and what does it do? How should you detect and protect against it? What other similar malware attacks have come up in the past? These are all questions you should be asking yourself in order to develop the best defense against this type of attack.


It seems like just when we’ve learned how to protect against one type of malware, four others pop up. Recently, Microsoft began combating CVE-2017-11882, which exploited a vulnerability in Microsoft Office. Then, just as expected, as one weakness was fought, a new one popped up. CVE-2017-11882 exploited a new vulnerability within the Windows Installer.

The previous version of CVE-2017-11882

The previous version would exploit the vulnerability using windows executable msht.exe, and then run a PowerShell script which would download and execute the payload. The problem with this is that while previous versions have edited Microsoft Installer, this version doesn’t edit it. What it actually does is use Microsoft Installer for the exact purpose that it was built for, to install things. Only this time it forces it to install malicious programs on your computer.

The new attack uses msiexec.exe as part of the Windows Installer service. For example, the user could receive an email with an attachment. Since the attachment seems legitimate, the user opens and begins downloading it. This attachment installs a malicious MSI package through the use of CVE-2017-11882. This then, in turn, releases either an MSIL or a Delphi binary. This binary will then launch another instance of itself. This duplicate binary is then hollowed out to create a new home for the new malware payload.

How does CVE-2017-11882 go undetected?

This package provides a compression layer that file scan engines need to process and enumerate in order to detect the file as malicious. This is similar to movies where the complicated retina scan needs is needed to gain access to a specific area of the building, yet the spy is still able to get in, due to his fancy contact lens. The system scans the lens and thinks that he is an authorized user, and allows him passage. Similarly, because of this compressed file mask of sorts, it’s hard to detect and identify the actual payload since it is contained in the heavily obfuscated MSIL or Delphi binary.

What can we do to protect against CVE-2017-11882?

Sometimes there are simple solutions to significant problems. For example, one of the easiest ways in which you can defend yourself and your business from CVE-2017-11882 is by having a strong email policy for your company. You should use strong passwords, with both capital and lowercase letters, as well as some symbols. You should never write passwords down, or use the same password for multiple accounts. Doing so can result in a hacker not only having access to your email but also to any and all accounts. Also, you should change your passwords often; it is recommended to change them every two months. This way you can stay ahead of the hackers before they have an opportunity to figure out your password, you will have already changed it.

Email and Passwords

Besides password strength, you should also focus on training employees about the dangers of email attacks, such as those that use the Microsoft Installer. It’s vital that they are trained not to click or open any suspicious emails. For example, employees should be trained to recognize phishing emails that may carry malware, and also to know how to isolate and flag these emails. This way other employees are immediately notified of the email, and won’t themselves fall victim. Employees should always check emails and names of unknown senders to ensure they are legitimate. They should always look for inconsistencies or style red flags such as grammar mistakes, capital letters, or excessive use of punctuation.

Restrict or disable Windows Installer

A second way to protect yourself is by limiting or completely disabling the Windows Installer itself. This would prevent potential attackers from being able to install their malicious software on your user’s systems. This way, only the system administrator could install programs. Controlling the access and spread of these attacks can significantly help your company to protect itself. Rather than trying to put out fires all over the place, you can then focus on one area and defend it appropriately.

Microsoft Recommendations

Microsoft recommends that if you think that you are infected with this malware, you should use your security software to detect and remove the threat. Remember to use appropriate software based on which operating system you are using. Microsoft states that Windows Defender works best for Windows 10 to detect and remove this malware. Microsoft Security Essentials works for Windows 7 and Windows Vista and has the appropriate defense and removal for this malware. After detection and removal, you should update your software to further protect yourself from future exploits.

Similar previous attacks

Attacks like this are not rare in the least. For example, in November of 2017, there was also a vulnerability in Microsoft Office 2000. This flaw allowed hackers to install malware without user interaction. So, while you were just writing a report in Microsoft Word, hackers were downloading malicious malware into your computer without your knowledge or permission. This could easily be fixed by updating software, such as using only the most recent form of Microsoft Office, so that your computers and networks are protected against the latest of threats.

We should stay vigilant, to protect our network and our businesses. Knowing what is out there and what can wreak havoc on your business is half the battle. The other half is updating your staff and your software to ensure that you are providing the most vigorous defense possible. Look for vulnerabilities in your system and business. Additionally, it is crucial to stay up to date with the latest cyber-attack news. This will keep you in the know as far as what is out there, and what potential threats can affect your business.

If you think your network or computer may be vulnerable to an attack, call us today (913) 210-1950. Let us help you safeguard your systems before it’s too late!

Replacing Tech Too Frequently?

How often do you buy a new laptop, tablet or mobile phone? Does it seem like there’s an internal alarm clock that predicts the time of your next purchase? We can help you hit the “snooze” button and save more money.

Image result for computer for service

Apple made news recently with an admission of its practice to release updates that would slow performance of older phones as a byproduct, indirectly increasing frustration and thereby prompting consumers to “need” to upgrade their phone. It’s been a long-running joke that, with two-year contracts with mobile service providers, consumers could count on increased frustrations near the 18-month mark to build anticipation for the next smartphone iteration.

The manufacturer’s suggested retail price (MSRP) of consumer goods relies on the basic elements of supply and demand. While consumers maintain the mentality of “upgrade every two years”, manufacturers released new products on a set timetable, and subsidized costs helped to feed our appetite for the newest, fastest tech with the coolest features. Who doesn’t love a built-in schedule feeding supply and demand? Desktop computing systems experience the effect, as well, though the phenomenon doesn’t receive the same coverage, perhaps because these systems have been around for longer than mobile devices and consumers have just come to accept the situation.

Now that the days of service contracts and subsidized phone costs are over, consumers hold more control over their technology – and their wallets.  With the barrier to entry centering on higher costs — that are no longer subsidized — consumers are looking for ways to make all types of tech last longer. This is especially helpful given that the cost of tablets, most notably the iPad, continues to inch higher as our dependency on mobile technology increases. How can we make our smartphones, tablets, laptops, and desktop tech last longer and run more smoothly?

Desktops and Laptops

Review your system using these guidelines as a checklist, and see how some light housekeeping may help:

  • Is your system freezing or crashing more often?
    • Crashes and freezing can be a reminder to reboot, allow your applications to restart and reset, clear your memory cache and cookies, and just give your machine the chance to let go of anything it’s been unnecessarily holding onto in temporary files.
    • These can also be a sign of something more serious, and it may be a good idea to run an antivirus program, like Webroot, to make sure you’re not a victim of malware, viruses, or ransomware attacks.
  • Is your storage nearly full?
    • When a hard drive fills over 75% capacity, the effect on a system is an overall slow-down. Consider moving to a free cloud-based storage solution, like Dropbox or Google Drive. If you’re an Amazon Prime user, take advantage of your benefit of unlimited photo storage that also offers you the ability to organize photos into albums that you can share with friends and family with just a click.
  • When was the last time you checked for and installed system updates?
    • Outdated operating systems can significantly decrease a system’s performance. Check for updates and install them, since these almost always contain updates that improve performance and maintain security.
  • Is your computer clean?
    • We don’t mean viruses here – we mean “clean”. Dust and particles can get down into crevices and gunk up innards. This can impede airflow, causing a system to overheat, and make your system work harder than it needs to operate effectively. A can of compressed air can do wonders with hidden dust particles in the tiniest of spaces.

Smartphones and Devices

Much like with any computer, smartphones and tablets need routine maintenance to perform at their best. Sluggish and slow speeds hinder your ability to get things done. Never is the phrase “time is money” truer than when trying to send an email or make a call, in attempt to conduct business and finalize a transaction.

Keep your mobile devices operating at their peak efficiency by regularly checking through the following areas:

  • Photo storage
    • Ever wondered why smartphones still offer the option of the shutter sound when taking pictures? The sound is both nostalgic and satisfying. We take photos of moments to help us remember – but we take more photos now compared to the days of film.
    • Our digital memories are eating up our digital storage. Cloud storage is an easy solution, but few take advantage of the opportunity. As we mentioned earlier, Amazon Prime users can take advantage of free unlimited photo storage and create shareable albums. This is a safer option than Facebook, given it’s a service you pay for, and you retain control of the account!
  • Email Inbox(es)
    • A single email message has an almost undetectable impact on your phone’s operation, but how many emails do you get in one day? A hundred? More likely a few thousand messages or more come to you throughout the average work week, and that fills space quickly in your device’s memory. De-clutter your inbox, and start seeing a difference.
  • How many applications do you have installed that you don’t use?
    • Applications can take up a lot of memory space. You can see which applications have the greatest impact on your phone’s settings, and eliminate applications that you haven’t used. Regain screen real estate, too!
  • How many applications are running?
    • Not only can applications take up space, but they can also drain your battery faster. Over time, this can wear down your battery which means it will just drain faster and faster, regardless of how many applications are running at any one time.
  • Internet windows
    • Much like on a desktop where you may have more than a dozen tabs open and running in a single Internet browser session, your phone will open a new window as many times as you like. Again, much like with your desktop browser that stores cookies and browser history that takes up RAM, your phone keeps this data stored, as well, slowing down operations.
  • When in doubt, restart
    • The occasional restart can act as a “reset” for your phone, and you may see an improvement in performance after rebooting.
  • Are there updates available?
    • Whether for an application or your operating system, there are reasons that updates are made available to consumers. Updates are intended to improve the overall operation of your mobile device, and it’s recommended that you keep your phone’s operating system and applications up to date.
  • Is your device clean?
    • Keep your screen wiped, your speakers clear of debris, and your camera lens and charging port clean. Dust and grime can creep into the tiniest of crevices and build up, affecting the interior workings of your phone.

Keeping your technology operating efficiently takes effort on your part, but the return on your time investment will extend the lifespan and decrease the long-term maintenance costs you would need to spend otherwise. Following these basic preventive maintenance tips will make your tech last longer and save you time – and money. For more advice on saving money and getting more from your technology, call Cenetric at (913) 210-1950 or email us at

Nonprofits need tech solutions that work: Here’s how the market is helping out.


Technology and NPOs have always had an interesting relationship: Nonprofits tend to be less impressed customer-focused marketing, and less willing to invest in new long-term technology unless the ROI is visible, preferably with a few industry examples to back it up. However, a technology used correctly can be an advantageous source of savings and efficiency for NPOs, often targeting the very problems they want to get rid of.

The key is finding the latest tech solutions that are having a provable impact on organizations beyond the hype for “the most recent thing.” Let’s take a look at the top trends that impress us the most.

The Cloud Continues to Revolutionize Structure

Cloud data means less dependence on hardware and the enablement of flexible, fast organizations that don’t have to rely on traditional structures when their important data can be anywhere, at any time. This has proven particularly beneficial for NPOs, which tend to prefer more adaptability and more flexible work arrangements including remote work, working from home, scheduling trading, and more. In other words, your data is better off if it can be accessed from the cloud.

The key, however, is finding cloud services that you can trust. It is not a good idea to change your organizational structure based on cloud services without proper encryption and verification. The good news is that professional options like OneDrive and Google Storage have proven to been reliable storage options, and are available free or with discounts for NPOs.

The New Age of Digital Payments

NPOs love digital payments, and for a good reason: They enable immediate payment based on appropriate calls to action that can be connected compelling content or messages, giving donors something to do with their emotions while bringing in funds more reliably. But today’s digital payment options go far beyond the normal PayPal link: Facebook now has an option that allows people to donate while they are still on the social network. YouTube has donation cards that can carry viewers away to an online payment option. Twitter and Snapchat are experimenting with $Cashtags and Snapcash for instant methods of giving away money. Even Gmail has an automatic money transfer option for those you exchange emails with. It’s an exciting time for digital payments, and a good idea to review the latest technology services for nonprofits to see how they are changing.

Chatbots for More Than Just Selling

Chatbots are finally coming into their own, and that includes a lot of interesting applications for non-profits that sometimes have trouble communicating their full mission. For those who haven’t encountered many before, a chatbot is a system that pops open a chat window on a website and offers information or services for visitors. These are automated systems with AI capabilities, so a real person doesn’t need to manage them – they can explain things all on their own, and well-crafted chatbots are skilled at making conversations look as normal as possible.

These days, chatbots are a popular marketing topic and are likely to become ubiquitous as time goes on. You can craft them in Facebook, buy them for your website, and program them for your Skype software. For nonprofits, this means the bot can pop up ready to have a conversation with any visitors about what the nonprofit is, how it works, and what connections it has to local events or news. Since chatbots are already being used to sell products within the app, we also expect to see donation options that the bot can offer interested visitors, increasing funding as well as awareness.

CRM for Donors

Today’s customer relationship management solutions are diverse and, thankfully, much more modular than in the past, allowing organizations to pick out the services they need with the guarantee they are all designed to work together across the same platform. And these vendors have no trouble working with NPOs – after all, a customer and a donor share most things in common when it comes to managing and using data. So a good CRM system can help reach more donors, utilize information more effectively, and create more powerful sales funnel.

One way we’re seeing this benefit today’s donors is via email: While it’s trendy to think of email as an “old” method of communication, it’s actually doing very well on the marketing front – indeed, when it comes to results, good old fashioned emails keep on improving, especially in the mobile sector: Social media remains popular for personal use, but many people just prefer to conduct more professional matters, including donations, through email.. If you don’t have a CRM system set up to take advantage of email messaging, it’s time to consider one.

More Applications for the IoT

The Internet of Things, in abstract, is pretty easy to understanding: A bunch of smart devices send data to their respective services, and we learn more about things while also gaining greater control over the technology around. However, finding specific ways this impacts NPOs is a bit more challenging: However, there’s a ton of potential in the IoT and the ideas currently being tested here are exciting.

Roughly, smart devices for non-profits fall into two different groups. The first is infrastructure: When smart devices can tell you how well concrete pillars are holding up, how much heat buildings are retaining, and how efficiently energy or water are used, then nonprofits become very interested in accessing that data for their reports and fundraising. The second group are sensors that can be used in marketing. For example, we are entirely making up: “Thanks to our new partnership with GeoTesla, every time your car passes a local city park you can choose to automatically donate $1 to our land improvement project!”

App Partnerships

One of the greatest advantages of today’s apps is that they can be created by even small organizations, and they are adaptable enough that any NPO can find a way to use apps. Not sure where they may fit in with your goals or partnerships? Check out some of the more innovative uses of non-profit apps currently at work for ideas. However, app creation requires a lot of cost-benefit analysis and asks quite a lot of donors (when was the last time you wanted to download another app on your phone?). Remember to stay creative!

For more information on our non-profit managed services and other IT services for nonprofits (including consultations on what you need), contact Cenetric at or (913) 210-1950!

The Benefits of Structured Cabling for Your Business

  • How much do you know about your company’s IT network?
  • What type of cabling system do you use? 
  • When was the last time you upgraded your network cabling?

These are questions any business owner should have answers for. However, if you’re like most that we consult for, your answers aren’t sufficient.  Your IT network is the backbone of your organization. Without a strong network, your employees are wasting time and losing productivity every day.


Are you using old technology and running your business on an out-of-date network?

If so, it’s time for an update.

One of the most useful updates you can make to your network is to switch from that old point-to-point cabling system to a highly functioning structured cabling system.

Point-to-Point Cabling vs. Structured Cabling Systems

These are the only two methods for transporting data through network cables. Many continue to use the old point-to-point cable method for their data infrastructure. A point-to-point cabling system has a tendency to cause problems as your network needs expand is size and complexity. To understand why, you must know how a point-to-point cabling system works:

A point-to-point cabling is set up by connecting one component of a network, a server, switch or a device, directly to another component of the network using a fiber-optic cable. Twenty years ago, this type of wiring was an elegant solution for quickly and easily stringing together a network. At that time, most networks were small, and IT departments were smaller.

Today, as networks grow, and fast transfers of huge amounts of data are more essential, maintaining these older point-to-point cabling system, along with the thousands of cords necessary to operate them, places a big strain on a company’s IT resources.

To avoid dealing with this, many companies have switched to a structured cabling system. Instead of connecting each individual component of a network directly to another, a structured cabling system connects the servers and storage units directly to a communication backbone.

Local cabling panels are installed throughout the office and connected to the communication backbone with a single cable. A user can then connect his device to the entire network by simply plugging a short cable into the closest cabling panel.

The Benefits of Structured Cabling

You may be thinking, “Hey, isn’t adding a communication backbone and redoing all the cable systems in my office going to be expensive?” The answer is yes. Installing a structured cabling system can be costly, but it’s an investment in the future of your business.

Why is it such a good investment? There are many reasons. A structured cabling system:

  • Pays for itself. It’s true that changing from a point-to-point cabling system to a structured cabling system isn’t cheap. The cost of installing a structured cabling system can range from $100 to $500 for each connection. Companies in older buildings with less access to the ceiling and subfloor can expect to pay even more. But the investment will eventually pay for itself by both making your employees more effective and lowering IT costs.
  • Reduces the time necessary to make repairs. Since a structured cabling system is segregated into a group of devices connected to a single local cabling panel, it’s easy for your IT professional to identify problems and solve issues. An additional benefit is that users’ work won’t be disrupted if their devices aren’t connected to the cabling panel being serviced.
  • Helps you plan for the future. A cable has an average useful lifespan of 15 years. That’s two to three times longer than most devices.  The cabling system you install today is going to be around for a long time, and will handle several generations of devices. No one knows how large your business will grow, or what future devices you may require.  However, when you switch to a structured cabling system, you’re helping to future-proof your network.
  • Offers increased flexibility. Adding more devices to the network is much easier when using a structured cabling system. Instead of running a new cable from additional devices to a switch or server using a long cable, your IT professional can simply connect the device to the closest cabling panel. Removing devices is just as easy.  Simply disconnect the device from the cabling panel and the job is done. No more orphaned cables to find and remove, like when using a point-to-point cabling system.

Isn’t it time for you to make the switch from point-to-point cabling? Cenetric can install a structured cabling system for your business in Kansas. Contact us for a complimentary assessment of your cabling needs. (913) 210-1950 or email us at

6 Lessons Every Company Should Learn from the WannaCry Ransomware

WannaCry’s ransomware attack is mostly over – here are the lessons businesses must learn from the experience.


WannaCry was a particularly nasty bit of ransomware that infected Windows systems via network connections and encrypted important files to hold them as a ransom for bitcoins. The first wave of WannaCry is over, and we can learn a lot of important lessons from its rise and fall.

1. Operating Systems Change for a Reason

This is probably the number one lesson from WannaCry: The disappointing thing is that is a very familiar lesson that every security experts know well. You have to keep updating your operating system, not just to keep up with the times, but also to protect your business data.

This advice is so common that the real problem is probably something more insidious: Business leaders refuse to take responsibility for the platforms and operating systems they are using. WannaCry is the consequence for that leadership failure, and the sooner organizations recognize that, the better they will be able to plan for the future. Windows XP was particularly vulnerable to WannaCry – that’s an operating system that’s 1)12 years old, 2)surpassed by 4 newer versions of the operating systems with far more advanced tools and integration, and 3)an OS that hasn’t had any support at all from Microsoft (outside of this emergency patch) for nearly three years.

The very common excuse that business makes here is that, “We can’t update because of this regulation, or that compliance issue, or the need to maintain services to our customers.” First, these are incredibly weak excuses. A full upgrade will always take time, resources, and careful planning to meet necessary regulations. That’s part of the process, not an excuse to avoid it. Second, many organizations don’t even realize these are poor excuses because they haven’t actually asked experts. The first thing an organization should do if they are worried about upgrading an older operating system is to bring in an IT expert that has experience in these types of upgrades and ask for a consultation, advice, and ultimately a game plan for the best possible outcome.

2. Patches Don’t Just Get in the Way – They Protect Against Threats

Close behind the lesson about upgrading to new versions of your operating system is the importance of patching. Let’s divided this into two steps. First, your company must be aware of available patches, as they come out, and what they do. This is really easy, even if you aren’t in IT. New patches are heralded by blogs, emails, tweets and many other sources of information explaining what they are and what they accomplish.

Second, give top priority to any patches that are designed to fix vulnerabilities and increase security. Require all employees to download that patch on all machines, that day. Period. You don’t even have to turn on automatic updates, just make sure those patches are downloaded. WannaCry was patched back in March, but guess what? A lot of organizations have no patch plan or requirements, so it didn’t matter.

3. Lack of Awareness is a Vulnerability

Combine both our first lessons, and you get a reminder worth noting – companies cannot claim ignorance here. We have to be aware of the current security dangers, and how to deal with them. That means paying attention to what IT says, understanding how the business systems work, and knowing when a new malware or virus attack hits. These days, no manager can say, “Well, it’s not my problem.” It is.

4. A Single Good Practice Can’t Protect You From All Malware

In the past, most ransomware like WannaCry was spread primarily through phishing emails, and strong anti-phishing strategy was very effective at dealing with the threat. But guess what? Things changes. Cyberattacks regularly evolve and find different, more insidious ways to locate new victims. You cannot count on a single strategy to prevent any particular threat.

5. Network Segmentation May Be Growing More Important

Network segmentation refers to devices that avoid connecting to the business network or connect only briefly in closely monitored situations to avoid data vulnerabilities and malware. Especially after WannaCry, this is looking like a good strategy for companies that handle a lot of sensitive information.

6. The Consequences Will Always Be Worse Than Necessary Preparation

Some of the organizations affected by WannaCry include the UK National Health Service, the South Korean and Chinese governments, and organizations in more than 150 countries. Emergency health services were canceled, governments were unable to offer services, factories were suddenly shut down, and much more. This led to tremendous losses, and will probably lead yet again to a whole lot of fines, firings, and the loss of contracts. It doesn’t matter how demanding security changes are, they are always easier than dealing with the aftermath of a bad attack.

For more information on how to prevent the latest malware attacks, contact Cenetric at (913) 210-1950 or by sending us a message at

It’s Not Even Close to Over… Wanna Cry?

In case you have been living in a cave the past three days…

Wanna Cry is a ransomware that spreads like wildfire by leveraging a Windows SMB exploit to remotely access and infect computers running on unpatched or unsupported versions of Windows. It infects the targeted computer then moves on to others on the network and those it can find on the open internet.


237,000 computers across 99 countries have been infected thus far.

The news has reported that a 22-year-old security researcher has stopped the Wanna Cry ransomware plague.

That’s only partially true.

He found a “kill switch” in the code of Wanna Cry that will keep one strain of Wanna Cry from infecting computers.

Here’s the problem…

Now there are multiple strains of Wanna Cry cropping up across the globe.

Some with a different URL “kill switch,” and if reports can be believed, at least one strain with no “kill switch” at all. This “no kill switch” variant is believed to have been created by parties not related to the criminals who developed the first Wanna Cry code.

Whatever the final number of Wanna Cry strains ends up being, the truth is that we aren’t even close to being done with Wanna Cry. And the criminals in control of this cyber-WMD aren’t done with causing us pain.

Yes, the infection rate has slowed, but that lull is likely only the calm before the second wave of the storm – according to industry experts.

Where did Wanna Cry come from?

There is no public information on the criminals behind Wanna Cry, but the SMB exploit they are utilizing is believed to be part of a hacking toolset that the NSA allegedly created and lost control of when a group of hackers called “The Shadow Brokers” stole it and dumped it onto the dark web.

Currently, the predominant strains of Wanna Cry are being thwarted before they infect computers by utilizing the method discovered by 22-year-old MalwareTech.

He discovered that by registering a domain name that was buried in the ransomware’s code, he was able to create a “sinkhole” that didn’t allow the virus to infect the computer.

The problem is that if the connection to this “sinkhole” domain is lost, Wanna Cry will move into “infect” mode.

As we have stated above, there are now several strains of Wanna Cry out there with a “kill switch” domain name in their code. Each unique domain name must be registered so that a “sinkhole” is created for that strain.

Even with these domain name “sinkholes,” we aren’t out of the woods.

Malware Tech, the security researcher who found the first “kill switch” buried in Wanna Cry code, has stated that “WannaCrypt (or Wanna Cry) ransomware was spread normally long before this and will be long after, what we stopped was the SMB worm variant.”

There are some scenarios that will allow your unpatched computer to be infected – even with the kill switch in place. Here they are

  • If Wanna Cry comes to you via an email, a malicious torrent, or other vectors (instead of SMB protocol).
  • If your ISP or antivirus or firewall revokes access to the “sinkhole.”
  • If your system requires a proxy to access the internet – common in corporate networks.
  • If someone utilizes a DDoS attack to makes the sinkhole domain inaccessible.

What to do…

The cyber-security experts of Cenetric advise you to:

  • Patch your computers
  • Run a decent anti-virus (We highly recommend Webroot)
  • Make sure your backups are current and secure

Because of the high-profile nature of this ransomware attack, there will be copycats that make Wanna Cry even more virulent and destructive.

Wanna Cry 2.0 is inevitable.

It’s important that you act proactively for your company now and get the Cenetric cyber-security team on your side.

We have the resources to help you stay running and safe.

Contact Cenetric today at (913) 210-1950 or

Dangerous Google Docs Phishing Scam on the Loose


This is a copy of a letter sent to our clients yesterday:

Please be aware that the964345bedcd94234a11f9eb0940fa2eere is an extremely sophisticated and real-seeming Google Drive phishing attack making the rounds right now. The attack appears to be an invite to a shared Google Doc, usually from a trusted sender. Clicking the link will take you to Google’s  sign-in page, just like a normal Google doc invite. However, by accessing the document, you grant it full permission to your account details, including the ability to access Gmail, Google Drive, and a wealth of other information.

Thankfully, the email is pretty easy to spot. It is addressed to, and doesn’t quite look the same as a standard google doc share. If you receive an email like this, please delete it immediately. If you have already opened the document within, please contact Cenetric immediately for assistance revoking the associated permissions.

The below image is what the header looks like:


Thank you,

Cenetric Support

From Telegraphs to USENET and How to Protect Yourself from Spam

When someone thinks of spam they typically think of unsolicited bulk commercial email they receive in their inbox. However, the concept of spam started a little earlier than you might think. How far back? How does 1864 sound? Spam in 1864 you say? Yes, in the form of a telegraph, advertising a local dentistry actually. The Telegraph was so much news that the local paper even reprinted the telegraph that was sent to many households, further propagating the message.

More recently, people consider the first spam email coming out of Digital Equipment in 1978 which went to a total of 393 people promoting their latest computer model. You can thank a Monty Python sketch based on a cafe that only served the canned spiced ham SPAM for the origin of the name. Another early spammer was the lawyers Canter and Siegel posting their “Green Card Lottery” message to USENET, a shared messaging system.

What does all this have to do with today? You don’t want to be known as a spammer. There are three ways to attack the spam problem. First off, you don’t want your marketing emails to be classified as spam. Secondly, you don’t want your mail server to be abused where someone sends spam through your hardware. While this wasn’t sent to you directly, your hardware could be blacklisted, thus affecting your own emails. Lastly, you don’t want your employees to respond to spam. There are ways to filter this at the mail server to prevent them from seeing the messages, or at least classify messages as fishy before their opened. Cenetric can help you to protect your business from being labeled a bad apple in the email business.

Starting with the most important avenue, ensuring your marketing messages get through, there are some best practices to know about. For starters, don’t just send emails directly to your clients. Putting everyone’s email in the “To:” field of a message is bound to cause problems when someone does a reply-all. If you absolutely have to send a message to LOTS of people, it is better to use the BCC (for blind carbon copy) field of a message. Better yet, rely on a mailing list management package like that offered by Constant Contact. Typically, you don’t want to add people to the mailing list yourself. Instead, people should opt-in. More importantly, with each message you send, there should be unsubscribed instructions.

Protecting your mail server is not an easy task. There are some simple steps you can do like requiring that users are authenticated before sending a message, but someone can just spoof the email headers to make it appear messages came through your server. To best protect your server, in 2012 DMARC, or Domain-based Message Authentication, Reporting, and Conformance was introduced. Combined with the earlier introduced SPF, Sender Policy Framework, this makes sure that any messages appearing to come from your mail server actually came from your mail server. Cenetric can help you keep up with the latest ways to protect your email servers and thus getting your marketing messages through.

Lastly, it is important to look at the inbound side of spam. With all the talk of Russians hacking servers and the release of inappropriate celebrity photos, most of these attempts are triggered by phishing attacks of targets. You still need to worry about viruses being sent through email, but phishing involves fraudsters sending what look like real emails in the attempt to reveal personal information like passwords and bank account info. You don’t want your employees giving away the farm so that others can then get into your company network or your employees worried about identity theft. Cenetric can help protect your mail servers from letting these unsolicited emails through.

Call us at (913) 210-1950 or email to learn more about how we can help keep your organization spam-free from all sides!

Are Your IT Policies Putting you at Risk of Security Breach?

Companies have solid reasons for embracing Bring Your Own Device (BYOD) and allowing for telecommuting so personnel can work from home or on the road, but doing so can increase the risk of data breaches for the company.  

Image result for security breachRemote Access policies are currently in favor with hundreds of
thousands of businesses across the United States, and the globe. While companies have solid reasons for embracing Bring Your Own Device (BYOD) and allowing for telecommuting so personnel can work from home or on the road, they increase the risk of data breaches for the company.

The Problem

The two problems are closely related. The first has to do with the concept of BYOD. The reason companies choose to allow this is that it allows their staff to have the most up-to-date technology without having to acquire advanced technology themselves. The second is telecommuting. Workers that telecommute only need an internet connection to log into their workplace computer systems.

By the Numbers

So, let’s look at some numbers concerning both problems. An article published in Great Britain tells about a survey of 500 companies in the UK and Germany. Among their findings:

  • 44% of organizations had a member of senior management lose a mobile device; and
  • 39% had a member of executives report a stolen device.
  • 54% of survey respondents noted that a non-senior management employee lost a device and 49% said a device that was stolen
  • 93% of these devices contained work-related data
  • 49% had work-related emails on them
  • 38% had confidential data or files
  • 24% contained customer data
  • 15% had company financial information

Results of similar surveys in North America, Europe, and the Pacific Rim all returned similar results.

What are the implications?

Many of these devices when lost or stolen have passwords stored without any protection. This means thieves have easy access to your company data. Often, lost or stolen devices have personal identifying information, personal financial information, or personal health information that can number in the tens of thousands. If this data, or other data such as customer lists or proprietary information, is breached, companies can see losses that go to the tens of millions of dollars.

More Numbers

  • 48% of companies reported they are unable to keep track of what data leaves the office and who is taking it off premise.
  • 54% agree that data can be safeguarded more securely
  • 67% of responding companies acknowledged they know that employees break the rules concerning removing data from the workplace, but, have not yet addressed the issue.

What Makes This Such a Big Problem?

Breaches are very expensive.

  • Your company reputation will suffer if your data is compromised. This isRelated image particularly the case if customer/client/patient information is breached. It is probable that your company will lose business directly because of the breach, and finding new business becomes harder too.
  • Most companies pay for identity theft monitoring and restoration for one year following a breach – this is an additional cost to the business and depending on the size of the breach can be very costly.
  • In many instances of data breaches, affected customers or business partners sue or join a class action suit against the company that was breached. Defense, settlements or jury awards is also a new expense.
  • Fines are often levied against companies that have preventable breaches and they can be in the millions – many small or medium-sized businesses can be driven to bankruptcy by these fines.

What You Can Do to Protect Your Data

  • Make sure your data is securely stored and require two-factor authorization for access to your system.
  • Install remote wiping applications on devices used by employees for remote or BYOD work
  • Perform routine penetration tests so your company can identify potential security flaws

For more network security information or for a free network assessment, contact Cenetric today at (913) 210-1950 or 

The Hidden Costs of Malware

Ransomware is malware that either freezes your computer or locks it so you cannot access data and programs that your company normally uses. The criminal that is holding your system hostage, demands a ransom that is usually paid in Bitcoin.

Imagine opening your business one morning, turning your computer on and reading a message that says something like: Attention – Your System is Locked. If you want your data and programs unlocked, you must pay a fee of $800. If you are a new business or a small one, $800 can be a lot of money. It is in effect a ransom payment and is the harbinger that your computer is a victim of ransomware.

What is Ransomware/Malware?

Ransomware is malware that either freezes your computer or locks it so you cannot access data and programs that your company typically uses. The criminal that is holding your system hostage, demands a ransom that is usually paid in Bitcoin. One thing about this kind of criminal is they believe in excellent customer service. Instructions are sent you about how to pay in Bitcoin. Also, the thief or gang of thieves usually do return your computer back over to you – otherwise, most people would not bother to pay the ransom.

However, the ransom is only the beginning of your expenses relating to a ransomware incident involving your business.

What Are the Other Costs of Ransomware?

In 2016, the average cost of paying a ransom demand involving accessing a business’ computer programs and data was $679. It is expected to rise in 2017 to nearly $800. But, that is not the only, nor necessarily, the greatest expense. The other costs attendant to ransomware include:

Regulatory Fines

It is the duty of every business to safeguard the Personal Financial Information (PFI)and Personal Identifying Information (PII) of clients and customers. Regulatory authorities such as the US Department of Health and Human Services (HIPAA compliance) or the Federal Trade Commission for letting PII fall victim to a ransomware attack. Fines can be high (millions of dollars) but are usually not levied if there had been no other prior issues regarding confidentiality. For those firms who had previous breaches, fines can quickly add up to millions of dollars.

A Lack of Productivity

When a computer system is unreachable, your employees are undergoing downtime. Without your business data and programs, they are unable to work and are simply nothing more than another expense due to ransomware. Depending on the size of your workforce is how much this costs. A research study by the firm Vanson Bourne for SentinelOne reveals that it takes 38 man hours to recover from a ransomware attack.

Loss of Customers/Lack of New Customers

When a company is victimized by a ransomware attack, most states require that anyone whose data may have been breached must be advised of the possible breach. Doing so may lead to customers leaving you for another company. Likewise, it is harder to find new clients or customers.

Loss of Employees/Inability to Hire Top Applicants

The situation is similar when it comes to employee retention and new hires – employees want to know their employer has an excellent reputation that is unsullied by a successful ransomware attack.

Ransomware is 100% recoverable without the fees! Don’t get caught off-guard today!

Cenetric can help you develop a strategy to protect against ransomware before it ever becomes an issue. Consultations are free: 913.210.1950 or