March 2016 Newsletter

Back to Newsletters

Winxnet Newsletter
Winxnet Monthly Newsletter
 
IT Budgeting for Non-Profits
Posted on 3/10/2016 10:01:14 AM by Chris Claudio

I was excited and energized when I was asked to speak about "IT Budgeting for Non-Profits" as part of the Merrimack Valley Chamber of Commerce breakfast series earlier this month. A big passion of mine is discussing the changing way of technology and how to fully utilize IT within organizations, so I was thrilled to speak about this topic to a group of top executives and IT professionals.

During my presentation, I went over a few key facts about IT for non-profits. According to the NTEN Technology Staffing and Investment Report July 2014/2015, IT for non-profits is traditionally immature due a budget constraint. There is an average of one IT person per 28.3 employees and technology adoption is still statistically low. Leading organizations will have about three times more IT staff than struggling and are two times more likely to include IT in Strategic IT Planning.

As you know, IT has evolved tremendously in the last decade. Having a technology plan is no longer optional and it is imminent that your budget revolve around this IT strategy. For many organizations however, the budget for IT is relatively low and this is particularly true for non-profits. Having a low budget makes it dire for organizations to create a strategic IT plan and sync it with the budget.

Read more ---
The DROWN Attack
Posted on 3/10/2016 9:59:16 AM by Dr. Eugene Slobodzian

The new SSL vulnerability, dubbed DROWN as if to promote the hype, is gaining attention as if the sky is falling. I wanted to take a moment to make sure you understand its potential impact on your business and hopefully show you that it is not quite falling yet. In my fairly educated opinion, SSL vulnerabilities like DROWN may have a significant impact potential, but the risk associated with them to your business is frequently a lot more tolerable due to the finer details. Here are some points as to why.

  1. One of the most important factors that is frequently underestimated is the fact that mere support by the server of a deprecated protocol like SSLv2 doesn't mean the protocol gets used. Modern browsers actually will not allow a connection to a server that can speak only SSLv2. That is why POODLE vulnerability was a dud - you needed SSLv2 conversation to exploit. With DROWN this is not the case though, so it is a bit higher impact. Allegedly, with DROWN the attacker can extract the private key from the server by deluging it with SSLv2 requests, and then use the key to decrypt a client/server conversation, even if it was encrypted with a more modern protocol. A good description of the actual effort required can be found here.

 Read more

  ---

Human Resources Spear Phishing Attacks
Posted on 3/10/2016 1:40:57 PM by Dr. Eugene Slobodzian

Over the past several days, Winxnet Security experts noticed a new type of a spear phishing attack, one that is specific to tax season. What may look like a legitimate email is actually a scheme to steal confidential information about your employees.

Unlike the common ‘wire money' requests or other spear phishing vectors, this particular attack pretends to be sent from your management team to your Human Resources department, requesting sensitive employee information.

Here's an example of the actual email request:

"I want you to send me the list of W-2 copy of employees wages and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap."

Read more

 ---

In this issue:
March 2016
IT Budgeting for Non-Profits
The DROWN Attack
Human Resources Spear Phishing Attacks
Upcoming Events:

Maaps 38th Annual Conference
When: Friday, April 1, 2016
Where: Best Western Royal Plaza Hotel, Marlborough MA
Register: For more information, visit the Maaps event website.

Merrimack Valley Chamber of Commerce Annual Spring Business Trade Show
When: April 6, 2016
Where: Michael's Function Hall, Haverhill MA
Register: For more information, visit the Merrimack Chamber of Commerce event website.

2016 Tennessee MGMA Annual Spring Conference
When: March 30, 2016 to April 1, 2016
Where: Park Vista Resort, Gatlinburg TN
Register: For more information, visit the Tennessee MGMA event website.

2016 ADDP Annual Conference & Expo
When: April 28, 2016
Where: DCU Center, Worcester MA
Register: For more information, visit the ADDP event website.
   
2016 New England MGMA Annual Conference
When: May 4, 2016 through May 6, 2016
Where: Omni Mount Washington Hotel, Bretton Woods NH
Register: For more information, visit the New England MGMA event website.
   
2016 Municipal Technology Conference
When: May 5, 2016
Where: Augusta Civic Center, Augusta ME
Register: For more information, visit the Maine Municipal event website.
   
2016 LeadingAge Massachusetts Annual Conference & Exhibition
When: Thursday, May 19, 2016
Where: Holiday Inn Boxborough, Boxborough MA
Register: For more information, visit the LeadingAge Massachusetts event website.
About Winxnet
Providing innovative IT solutions since 1999, Winxnet is a leader in IT outsourcing and consulting, software development, and strategic technical advisory services to the private and public sectors. With offices throughout the Eastern United States, Winxnet provides a broad reach with local expertise.
 
www.winxnet.com
Corporate Office | P.O. Box 1700 | Portland, ME  04104-1700
© 2016 Winxnet. All rights reserved.
Change Email Preferences