Spectre & Meltdown Processor Vulnerabilities Expose New Risks


CPU-Vulnerability JMARK

This week the Internet is ablaze with talk about newly discovered vulnerabilities, named Spectre and Meltdown) that exist in many central processing units (CPUs) manufactured since around 1995. We wanted to reach out and clear up some of the misconceptions that have been shared, as well as explain the steps we are taking at JMARK to keep your data safe.

This flaw can allow programs to access parts the CPU that should be protected, potentially exposing sensitive data.

This vulnerability was discovered by security researchers, and there is no evidence that it is active in the wild. This means that while the risk is present, there is no evidence that there is a wide scale attack exploiting the flaw.

Since the existence of this vulnerability was made known, JMARK’s security experts and our Automation team have been at work quietly deploying our own custom scripts, operating system patches, anti-virus patches, and 3rd party patches as they become available to our clients. These patches will help to mitigate the risks from this vulnerability.

We are monitoring the security data as it becomes available and will continue deploying updated solutions to protect our clients until this risk is no longer present.

Many of our colleagues and less-experienced competitors in the I.T. industry are using fear tactics to scare their clients and take advantage of rumors and misinformation. What makes JMARK different is that we have a layered, methodical, and agile approach to security. When our customers buy in to this layered approach, JMARK can better protect our clients through proactive execution. While other companies are scrambling for answers, we are quietly deploying solutions.

Please feel free to email or call your JMARK support team or Account Manager for more information.

Office 365 Support that Makes a Difference

Microsoft has been putting considerable resources into promoting Office 365 is the complete, low-cost cloud solution for businesses of all sizes for years. It makes sense – Office 365 includes, what many consider, to be the complete package in cloud services for business productivity tools. Things such as hosted email, file storage, web-based versions of Microsoft Word, Excel, PowerPoint, and so on are all available online for businesses to access at the drop of a hat.

Unfortunately, Office 365 requires considerable time to understand the many features, options, and custom settings available. Without a comprehensive knowledge and understanding of those features, your company is not maximizing its productivity.  Additionally, Office 365 offers different packages that provide different levels of resources and tools for business use. Knowing which package is the right one for your business matters, and that’s why having a trusted and experienced IT partner to consult and provide support is so important.

Common Challenges with Office 365

There are plenty of benefits to implementing Office 365 throughout your organization, which we’ll get to, but first, it’s important to understand the many challenges end-users combat when trying to get the most out of the service.

  • Search functionality is limited and the degree and depth in which users are able to conduct advanced searches are based on the tiered package purchased
  • Training directly from Microsoft is difficult to come by and generally expensive, time-consuming, and confusing

Main Benefits of Office 365

Office 365 allows businesses to utilize workplace productivity tools from any internet connected device via the web browser or apps. That type of availability means employees are able to access and share the files they need when they need them, conduct video and voice calls with Skype for Business, work with the business applications they know, as well as full access to email and calendars – this is especially important for mobile workforce operations.

But, those aren’t the only highlights to a great workplace solution. Additional benefits include:

  • Security and uptime commitment
  • Work from anywhere at anytime
  • Incredibly user-friendly interface and controls
  • Predictable monthly cost
  • In-house system issues won’t impact availability or access to Office 365

Office 365 Is a Great Solution, Be Sure to Get Great Support

After reviewing the benefits and challenges of incorporating Office 365 within your business environment, it’s easy to see why it’s become such a common workforce productivity solution. Of course, understanding the challenges means having to figure out ways to overcome them in order to get the most out of it.

With so many advanced features within Office 365, and the additional features being added or updated on a regular basis, it’s become all too easy to not get as much out of it as your organization could – and should. JMARK has certified Microsoft experts on staff that can make the transition to Office 365 straightforward and seamless, while also providing unlimited support, improved business efficiency, and properly installing and configuring Office 365 the first time.

Threat Warning: WannaCry Ransomware Spreading Through Businesses

As you have probably heard in the news over the weekend, a security vulnerability named, WannaCry began infecting computers worldwide late last week. This vulnerability, if executed on a system, will encrypt the data on the computer, even backups, and then seek out other systems to infect. Once encrypted, the ransomware, demands a payment within 3 to 7 days. All it takes is one computer to be infected before many other computers on the same network could be compromised.

Currently, a new version (WannaCry 2.0) is expanding worldwide to further increase the infection rate.

JMARK had put many defenses in place prior to this outbreak and will continue to utilize further protection. However, email attachments and links in email messages still pose the top threat. We are currently assessing all possible means to mitigate the threats and taking appropriate action as necessary.  We will be sending more details as this continues to unfold.

What do I do if I am infected?
If you are infected, you will immediately know as you will be greeted by a screen saying “Ooops, your important files are encrypted.”

If this occurs, hold down the power button on your computer to turn off your machine as fast as possible and then contact JMARK for assistance.  Do not attempt to decrypt or check payment in the screens that appear.

How does the infection occur?
WannaCry exploits a known vulnerability in Microsoft Windows operating systems. The entrance of the attack can come in multiple ways, but the most common way is by email. A few things to keep you safe:

  1. Never open an attachment from any individual that you are not expecting to send a file. If you haven’t requested it or know the sender was specifically sending you the file, do not open it as they may be infected.
  2. Pay careful attention to the sender address and name. Often they are slightly misspelled to fool you into thinking the email is from a known colleague. 
  3. Pay special attention to any link, that you are requested to click. These can also be slightly misspelled domain names to fool you into thinking they are legit. 

Please contact your JMARK support team if you have any questions, problems or concerns.

JMARK Business Solutions, Inc., announces the successful completion of its first Service Organization Control (SOC) 2 Type II audit


JMARK Business Solutions, Inc., a leading provider of Technology Management services, announces the successful completion of its first Service Organization Control (SOC) 2 Type II audit, attesting to the design and effectiveness of its Security Controls

Springfield, MOJMARK, a leading provider of Technology Management services, announced the successful completion of its first Service Organization Control (SOC) 2 Type II audit. The American Institute of Certified Public Accountants (AICPA) has issued an Interpretation under AT Section 101 permitting service auditors to issue reports that are not specifically focused on internal controls over financial reporting. These reports are considered SOC 2 reports and focus on controls at a service organization relevant to Trust Services principles, such as security.

“JMARK’s focus on strong internal controls is evident in this report,” says Tim Roncevich, Partner at SSAE 16 Professionals. “The successful completion of this audit is a testament to JMARK’s integrity, accountability, and its commitment to its customers.”

The audit undergone by JMARK was conducted in accordance with the AICPA SOC reporting standards and was conducted by SSAE 16 Professionals, LLP, which is a full service accounting firm providing SOC 2 Type I and Type II audits. SSAE 16 Professionals evaluated JMARK’s design and operating effectiveness of internal security controls and processes related to the Security Trust Services Principle. The firm has found that JMARK has met or exceeded the expectations and is fully compliant to the standard.

“Completion of the SOC 2 Type II audit demonstrates the high value that we place on security,” says Todd Nielsen JMARK’s Chief Strategy Officer, who headed up the initiative. “A SOC 2 Type II audit shows our clients, especially those in the banking, healthcare, and hospitality verticals of our dedication to privacy and security. Clients can remain confident in JMARK’s operations, policies, and procedures to keep their data protected and private.”

About SOC 2 Reports

Completion of the SOC II Type 2 audit indicates that processes, procedures, and controls adopted by JMARK have been formally evaluated and tested by an independent accounting and auditing firm. The audit included the company’s controls related to the Trust Services Principles and Criteria of Security.

The SOC II certification is among the highest and most rigorous security achievements that can be achieved by any organization. It testifies of to the commitment to protecting JMARK’s client data and information systems.

A SOC 2 report falls under the AICPA AT 101 guidelines and can also be either a Type I or a Type II. Whereas SSAE 16 (SOC 1) reports are used for audits of controls that impact a user organization’s internal controls over financial reporting (ICFR), SOC 2 reports are intended service organizations whose services do not impact ICFR. The typical users of a SOC 2 report will include prospective clients of the service organization, management of the service organization, and independent auditors providing services to the user organizations. The SOC 2 audit covers operational and/or regulatory compliance controls and follows pre-defined Trust Services Principles and Criteria.


JMARK Business Solutions is an award winning global technology services company that has been in operation for more than 25 years. Not only are they a market leader, but they also specialize in various specific industry and technology verticals to directly benefit their clients. This market focus allows them to be highly specialized and educated in helping their clients to be successful. JMARK offers a full range of IT Solutions and Managed Services to serve any industry, anywhere in the country and even the world. JMARK is headquartered in Springfield, MO with offices in Oklahoma, Arkansas and Colorado.

About SSAE 16 Professionals, LLP

SSAE 16 Professionals, LLP is a leading firm specializing in SSAE 16 and SOC 2 audits and readiness assessments. Each of its professionals has over 10 years of relevant experience at “Big 4” and other large international or regional accounting firms. Each professional is certified as a CPA (Certified Public Accountant), CISA (Certified Information Systems Auditor), CIA (Certified Internal Auditor), CISSP (Certified Information Systems Security Professional), and/or MBA (Master of Business Administration). For more information, please visit www.SSAE16Professionals.com.

Learn more at JMARK.com and the JMARK IT Blog. Follow updates on Twitter and on Facebook.

Contact Info:

Name: Todd Nielsen
Organization: JMARK Business Solutions, Inc.
Address: 601 North National, Suite 102
Phone: 417-863-1700

A big thanks to the many people within JMARK that helped make this a reality.


JMARK Achieves SOC II Type I Certification

SOC II I am proud today to announce that JMARK Business Solutions, Inc. has passed a SOC II Type I audit. This audit comes after lot of hard work by many dedicated individuals at JMARK. The SOC II audit shows our dedication and commitment to the privacy, confidentiality, and security of JMARK and its clients. SOC II addresses many areas of the company and testifies to the soundness and integrity of our: Infrastructure, Software Systems, People, Policies, Procedures, and Data.

What Does This Mean to JMARK Clients

A SOC II audit shows our dedication to the privacy and security of client systems and data. In this world of daily security incidents, few IT Service organization can show through independent analysis that their operations and procedures are aligned to keeping their clients data safe and private.

Completion of the SOC II Type I audit indicates that processes, procedures, and controls adopted by JMARK have been formally evaluated and tested by an independent accounting and auditing firm. The certification included the company’s controls related to the Trust Services Principles and Criteria of Security.

The SOC II certification is among the highest and most rigorous security achievements that can be achieved by any organization. It testifies of our commitment to protecting our client data and information systems.


The Ashley Madison Hack Is Gonna Hurt More Than the Cheaters

bigstock-Fingers-Crossed-Behind-Back-5239824-e1440529846785No matter your opinion of the Ashley Madison hack, the real damage is yet to come, and you and your company, are the next target. Hackers are smart, and when any natural disaster, general conspiracy, or big event occurs, even another hack, they are quick to capitalize on the popularity and attempt to create more mayhem and extortion.

This is done through the sheer simplicity of common curiosity. When a popular event happens, hackers will try to squeeze the curiosity out of us to try to get us to do something, something that will hurt us, and benefit them. That brings us to the popular Ashley Madison hack.

In the Ashley Madison hack, millions of names, emails, and physical addresses of people who had extramarital affairs were posted on the Internet, but not the normal Internet you and I go to, they were posted to the dark web. You have to know what you are doing to get to the black web and it is not a safe or recommended place to enter.

That is where the hackers are taking advantage of people. Many are curious to see if anyone they know is on that list, as a result, hackers put up fake websites offering to show you that information. Someone goes to a nice looking website that looks legit in order to look at the names, and then BAM… suddenly your computer and network is hijacked and you have to pay money to get your files and data.

There will be thousands of emails that will fly into inboxes in the following weeks purporting to have links to list of addresses. Don’t go there, unless you want to infect your data and your network. Take a look at this article by CBS News that explains the potential damage of curiosity: http://www.cbsnews.com/news/scams-extortion-attempts-arising-from-ashley-madison-hack/

Stay safe and call JMARK if you have any problems. We are here to help!

Are You Taking Responsibility for Your Company’s Security?

Security-Passwords-Cyber-InternetIn Early August, it was reported that Russian hackers had stolen more than 1.5 billion username and password combinations. Yeah 1.5 billion, that’s not a typo. That event makes the Target breach look like small potatoes. You might think your company is safe, but are you sure about that?

This breach is a huge exposure for small and large businesses alike. If that were the only event this year, it alone would be huge news, yet there has been an average of about two major security breaches reported each month this year. These breaches together put many things at risk, even if you think your network is tied down.

The first reason for this is that employees usually do more than work. They check their personal email, check social networks, surf the Internet, perhaps pay some online bills, and much more. All of these things can potentially open up your network to a breach. All it takes is for one employee to click the wrong link or download the wrong attachment and your network can be opened up

Another reason is that hackers are continually changing their tactics. Very few systems have the ability to monitor for abnormalities in network traffic and other parameters. JMARK has a special service that allows for advanced monitoring of logs from network devices and systems to detect abnormalities that could be attacks. Contact us if you want to learn more about this special log monitoring service.

We live in a world that is changing dramatically, and security is at the forefront of the priorities that need to be in a company’s budget in order to protect its identity, reputation, and intellectual property.

JMARK has the systems and expertise to help business owners sleep better at night. Contact us to learn more about how we can help, and please change your online passwords, if you have not in the past couple months.

The BASH Bug… Insecticide Is Not Gonna Help

BASH-BUG-Computer-Cyber-Network-Security-RiskAnother week… another security risk. It seems security risks and companies that get hacked are about as common dirt these days. This week is no different.

You may have seen the news already about very serious vulnerability known as “shell shock.” The affected software, Bash (the Bourne Again SHell), is present on most Linux and Unix-like systems, and including some Mac OS operating systems. The risk appears to be most viable on Internet-facing devices that rely on the Bash environment, such as web and mail servers, but could affect many other devices running those operating systems such as storage devices, public wireless hotspots, and other systems on the network. Additionally there is a risk for any DHCP clients that might connect to an at-risk DHCP server, which means you should be careful when connecting an Apple device to a public hotspot. The DHCP server if infected could issue commands that could put client computers at risk. Indicating that exploit could affect routers or even cell phone towers.

Patches have been made available via the official vendor of the Bash application; however, it merits noting that there are currently reports that the available patches do not fully resolve the issue. Yesterday, JMARK’s own network was under attack, but our skilled network admins diminished that threat without any loss of service.

JMARK is monitoring this situation for further developments and risks and will notify clients if the risk continues to increase.

At this time, JMARK recommends that:

  • Systems are updated to the latest application versions as they become available
  • Host activity is monitored for anomalies
  • Updated signatures from IDS/IPS vendors are obtained to protect against known attacks
  • Contact us if you feel you might be experiencing issues related to this threat.

We are committed to notifying you and protecting you of any new security threats that may impact your organization. For more information and updates on the Bash Bug, visit https://www.pcicomplianceguide.org/shell-shock-bash-bug-what-we-know/.

Your Private Information – For Sale to the World

Privacy-Security-Data-BrokerOn Sunday August 24th 60 Minutes aired a show that everyone should watch. I didn’t see it when it aired, but a colleague forwarded the replay to me and I was blown away. I have followed security trends for several years, but this was new to me.

We live in a digital world. One in which everything we do, on and offline – can be tracked. That data when combined with other data makes up a profile or dossier for hundreds of millions of people in the United States alone. These dossiers are not identified with some random unidentifiable number; they are coded with your name, your email addresses,  known aliases, health, buying preferences, and everything else about you.

You are probably wondering how this happens. How can you be tracked without you even knowing it? Here’s how:

  • Your cell phone tracks everywhere you go, that information combined with other information can identify habits, preferences, and a whole load of information that reveals information about you.
  • Apps on your phone that you think are providing entertainment or other communication with your friends, can actually track your location and what you do in other applications on your phone. They can learn your friends, contacts, who you call, and what you are saying to others. Many game apps are just fronts for the collection of data on you.
  • By just getting on the Internet, you are being followed everywhere. First of all your Internet service provider has tons of data on you, and knows what you do, what you say online, and what you buy. As soon as you log onto Google and do a search, or you go to your favorite social media account, or a host of other sites on the Internet. You are not just being monitored at that site, but every other one as well. For example, you go to Facebook and look around for a while, then you close it and go to a debt consolidation company website to learn about their services, then you go and read some articles about a health malady let’s say Diabetes, then you go to a job site and look at available jobs, etc… Facebook is tracking you during the whole session and beyond. Imagine all the personal information these sites could gather about you.
  • Then let’s say you go to the store and buy things, maybe you pick up a prescription at the pharmacy. Your credit card company knows everything you buy, not to mention all the retailers. Those discount cards, they are not just for discounts; they are for tracking your purchases and tying those purchases back to you, no matter what form of payment you might use. Then you swing by the elementary school and pick up your kid, you are too tired to cook so you go out to eat at some fast food restaurant.

If you take all those things and combine them, we learn that:

  • You are struggling with debt.
  • Based on your Internet search and the type of prescription you picked up, you have been just diagnosed with Diabetes.
  • You are most likely looking for a new job or are out of a job.
  • You have a child and you make poor eating decisions.

Obviously this is just supposition of a small amount of data, but each of us leaves thousands of data points a day all over the place.

If you are concerned about the security and privacy of your business, which you should be, contact JMARK. The damage in privacy that I discussed in this article is nothing compared to the damage and liability from a privacy or security breach of your business or of one of your clients or patients.

Your Password Alone Is Not Enough, Implement This Solution NOW!

Muti-Factor-Authentication-Password-SecurityYour first line of defense in all kinds of systems is the password used to get into it. Whether it is a phone, computer, tablet, firewall, wireless access point or third-party service, your password is sometimes considered the end-all, but in reality it is not enough.

I am not talking about Anti-Virus Software, Anti-SPAM software, Anti-Keylogger software, Firewalls, or the many other layers of security that can and should be be tacked onto a network; I am referring to something that can beef up the power of your password.

This extra power is called Multi-Factor Authentication. Multi-Factor Authentication is an add-on software, service, and/or device that proves that when you are typing your password, that it really is you typing the password and not someone who stole your password. JMARK uses various flavors of Multi-Factor Authentication for ourselves and for clients. Sometimes when typing a password a user gets a special code from an app on their phone, or off a device. This code changes every 30 seconds, so it can’t be hacked. This code, along with your username and password proves that you are you; and together they authenticate you to the system or software you are trying to get into.

Had Target, and many others who have experience security breaches, been using Multi-Factor Authentication, their story would have been much different.

We live in a world where security is of the utmost importance. Security discussions need to move from the server room, to the boardroom. Companies can no longer assume that they are too small to be a target, or that the security measures they’ve taken are enough. Things are always changing and it is important to stay ahead of the curve. Multi-Factor Authentication is one big way to do that.

Implementing Multi-Factor Authentication is not very expensive, especially considering what you might be preventing. If you are in the financial services, legal, healthcare, education, or any other business that is a high target or under regulation, contact JMARK to learn more about how Multi-Factor Authentication will protect you.