Category: Uncategorized

For many of you, the security of the router you get from Xfinity – or whichever ISP – is simply not good enough.  Because the cloud hosts millions of bots scanning constantly for new computers to infect, our network routers undergo continuous probes to detect any weakness.

You need a superior router which receives continual updates to protect you from these automated attacks. This week my favorite security vendor, SonicWall, released new patches for an array of devices. That means this week is a good week to check to insure your router is up-to-date.  You can check your router yourself, or call me to setup an appointment.

In other news, I will be in Portland during the week of December 5th. Please let me know if you would like to schedule a visit. For my part, I hope to see you all!

There is a new upgrade available from Microsoft. If you have a computer running Windows 10, there’s a good chance you will get an offer to upgrade your computer to Windows 11 for free in the coming days. You may already have gotten a pop-up asking you to upgrade now, or telling you that you will be eligible soon.

Alternately, if you go into your Settings and then click Update and Security you might see a notice like this:

My advice is to avoid this Upgrade for now. The Windows 11 upgrade may improve security and may offer some changes you would like, but for the most part I think you will be annoyed by the arbitrary changes to the way your computer works, as well as the loss of some of your favorite features.  My philosophy about Upgrades of Windows has been to wait and get the new OS version preinstalled on a brand new PC. This ensures that your computer will never go through any of the risks which can befall you when you Upgrade mid-stream.

Here are some more links to help you better understand what is in store with Windows 11:

Microsoft site

Blog post from a trusted, local services provider (SpireTech) which I recommend,

Blog post from a local colleague whom I trust and admire.

If you have any questions about Windows 11, please don’t hesitate to call. If you have run into trouble with installing the Upgrade to Windows 11, please call me IMMEDIATELY since time will be of the essence (you only have 10 days to roll back the upgrade). The complications could get worse the more changes you make with the failed Windows upgrade.

As always, this email is intended as informational, but I am here to answer any questions about Windows 11 (or anything else you might need!).  Thank you for your business.  Be safe and stay healthy!

Andy

You may not know this yet, but if you use Amazon devices in your home, you should keep reading…

On June 8th, Amazon automatically enrolled most of it’s devices (Alexa, Ring, Echo, etc.) onto it’s new Amazon Sidewalk service.  Which is basically an experiment by Amazon that leaves your personal privacy and security open to the world.  The new wireless mesh service will allow sharing of bandwidth with nearby compatible Amazon devices and other Sidewalk users.

If you haven’t already opted out, you and millions of other Amazon customers in the U.S. are now Sidewalk users.  Amazon wrote a whitepaper on the service detailing the technology and service terms. But my advice would be to opt out, particularly on corporate Amazon devices where sensitive business information could be at risk.

Historically, new implementations of wireless network technologies (WEP, Bluetooth, etc.) have been plagued with security problems. I am already concerned with the risks of using IoT devices and this will only compound the security risk by allowing passers-by into your networked devices without your knowledge. There’s little reason to believe Amazon will do much better to protect your security. With so many people working from home, the risk involves not just your own privacy, but the integrity of your company’s most sensitive data. I recommend creating a company policy that anyone working from home must disable their Amazon Sidewalk services.

Fortunately, it’s pretty simple to opt out of or disable the Sidewalk service on your Amazon devices. 

As always, this newsletter is for informational purposes, but I am available to help update your Amazon Echo, Ring or other IoT devices. It might also be a good time to for us to review your security settings and policies to ensure that you are doing everything you can to protect your business (and personal) information.

Andy

The pandemic has kept people stuck at home, and in front of their computers…which has brought out nefarious characters finding new twists on old scams.

Another scam…another newsletter to help you avoid being taken advantage of, or worse, losing your data and money. Hackers are now preying on vulnerable people to commit online fraud, using the old ‘tech support’ scam that has bilked people out of billions of dollars for the last several years.

What’s new is that now scammers are targeting more people over the age of 60 via their computers as they spend more time online. The FTC also reports fraud losses totaled $388 million through the third quarter of 2020, a number that’s up 23% from 2019!

Scammers are using realistic looking pop-ups on Macs and PC’s alerting you to a virus or issue with your system, and providing a phone number to call. This should be your first red flag…Not to make light of the situation, but when was the last time a company gave you an actual customer service phone #?!?

Once they get you on the phone, the real scam begins as they will assure you that they are a certified Microsoft technician (or a tech from Apple, or any other well-known company), and may request access to your system via TeamViewer (or other screen sharing device).

These scams have become so popular that Microsoft and Apple are now warning about various iterations of this scam on their websites. But, unfortunately, the tricks of cyber thieves are constantly evolving and becoming more convincing. Here are some tips on how you can avoid these scams in the future:

•    Apple, Microsoft, and other reputable tech companies do not ever contact customers about “tech support,” unless the customer initiates communication.  EVER!

•    If a pop-up or error message appears with a phone number, don’t call the number. Error and warning messages never include phone numbers!

•    If you get a tech support scam pop-up, close your browser immediately. On a Windows PC, press Control-Alt-Delete to bring up the Task Manager. On a Mac, click on the Apple icon in the upper left corner of your screen and use the Force Quit command.

•    Never pay for tech support or other services with a money transfer app, gift card, cash reload card, or wire transfer.  The only tech support you should be paying for is from ProActivist Computer Support.  (wink, wink)

•    If you get a call after the pop-up, do NOT answer. If you answer, hang up, and block the call. Once scammers know they have reached a working number, you become a recurring target. One of the most common scams after you engage with cyber-crooks over fraudulent services is the “refund scam.”

•    Never trust any company that requests personal or financial information.

•    Keep your security software, browser, and operating system up -to-date, and consider using your browser’s pop-up blockers (if you have turned these off previously).

As always, this newsletter is for informational purposes, but I am available to answer any questions or to discuss more about these types of scams.  It might also be a good time to for us to review your security settings, and ensure that you are doing everything you can to protect your business (and personal) information.

Andy

Your phone number is an easy-to-find key that can be used by hackers and scammers to unlock your personal data. They can also use your number in many other malicious ways.

Unfortunately, there’s another new threat to our privacy, this time involving your cell phone texts.  I don’t like to stoke unnecessary fears, but this is truly a frightening new scam. A gaping flaw in SMS texting service lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages.  For $16, an anonymous prepaid credit card, and a couple of lies, you can literally forward the text messages from ANY phone to your phone. 

There are the multiple ways that your phone can be a target of hackers, below are the most common with links should you want to dig deeper: 

SMS Hijacking
Data Mining
SIM Swapping / Rerouting your Number
Spoofing
Texting Scams / Smishing

I recommend that to combat your phone number being misused, you should share it as little as possible. Many apps and services require a cell number for verification at sign up. By handing your data to these apps, services, and businesses, you increase the likelihood that your cell number will be passed on to third parties and data aggregators.

However, as keeping your phone number private is not always possible, you can at least track it so you are aware of when it has been compromised. Sign up for an account at OkeyMonitor and they will alert you via email (or two) when it detects anyone tampering with your SMS number.

You also may want to consider an alternative to SMS, which provides for multi-factor authentication.  I recommend Authy, or Cisco DUO, but other options include Google Authenticator and 1Password.

As always, this newsletter is for informational purposes, but I am always available for questions or to discuss any of these scams, and ways to protect your business.

Andy

CLOUD STRATEGY 2.0

Over the past year, many of my clients have accelerated the shift from in-house hardware and software to Cloud-based services. This has caused many changes in our daily business lives, the first of which was the shifting of IT dollars from replacement projects every 5-years, to ongoing monthly service charges. Additionally, now that computers are no longer in the office, we must grapple with how we keep the systems standardized and maintained.

Home users naturally conflate business-time and personal-time. We may also conflate business-use and personal-use.  The impact of this is that some of your company data may be located in personal Dropbox accounts, OneDrive folders, and Google Docs, and shared with who knows who?  If one of your employees leaves, how will you ensure you have all your data back? How will you ensure it doesn’t get leaked inappropriately?  In the meantime, your company has most likely started using many new services which were setup on the fly, and without any strategy or planning. Do you have a backup plan for all this ‘stuff’?

I’ll keep this brief, but I highly recommend everyone go back and do some of the planning and strategizing which may have been skipped over in the rush to enable employees to work from home last year.

1. Inventory. Take the time to do one-on-one inventory interviews with each employee to discover what you have and where.

2. Consolidate. Assemble all the inventory information and make a plan to consolidate your data and services, however you can. Standardize the way you treat each problem.  Since OneDrive, DropBox, Box, Amazon C3 and Google Drive are all doing the same thing, pick one and make it the official Cloud drive for your organization. Get your employees to distinguish company-related data held in personal accounts, and shift it over to company-owned accounts. Direct your employees to stop using personal email for business purposes.

3. Centralize. Get all the accounts with company data under your control and convert them to Team accounts, if that is possible. Setup an onsite NAS backup system with the ability to sync-down all your Cloud data. Get a company-owned and managed laptop into the hands of every employee. Consider getting company issued phones. There may be automated software plug-ins available which could consolidate accounts from multiple cloud services into one service.

4. Secure. Setup multi-factor authentication for email, and for every fiscal account, as well as every account with Personally Identifiable Information. Get a team-based password management system and train everyone how to use it.  Password management systems allow you to generate and save easy-to-use passwords for every website. The team feature will allow you to maintain the passwords which employees are using on your company’s behalf, even after an employee leaves the organization. At the same time, it will help prevent your employee’s personal passwords from falling into your own hands – which is a stickier legal issue than you might imagine at first.

5. Policies. Create written policies to govern and explain your decisions. Review these annually.

6. Training. Create a quarterly training schedule for all employees along with a certain allowance of time for individualized training to ensure that you stay on top of what is being done in your company’s name.

As always, this newsletter is for informational purposes, but I am always available for questions or to discuss any of these tasks, or your cloud strategy in general.
Andy

From here on out, I recommend using a password management software to learn your passwords and store them securely. Then you can use the built-in password generation function to create and remember very long and complex passwords which would otherwise be impossible to remember.

Once you have a good software program to easily learn and securely remember all your passwords, you will still have one password which you will be responsible to remember yourself: the password to get into the password software itself.

Here is how to create a secure password which you can remember:

-Write down a list of several random words.
-Each word should be at least four characters long.
-Avoid proper names, such as of pets, relatives or sports teams, since either you or the people you know have probably already divulged such information on Facebook and the like.
-Avoid picking phrases from literature, since there are hacker scripts which look for that. (However; you might decide to pick a book you like and pick words from random positions on random pages.)

Start writing your password beginning with one of those words:
-Before or after each word, insert either a number or symbol. (It’s okay to repeat an element!)
-Avoid the numbers 0 and 1 since they can be confused with the letters “oh” and “el”.
-Capitalize some of the characters.
-Use 3-5 words.
-Type your password into a document to see if it is easy to type quickly.
-Adjust your password for ease of use.

Write down the final version of your password before you enter it into a website or program, then:
-Write the final password
-Then transcribe the password by looking at the written version, rather than typing what you remember.
-Once you have created your password, log out and log back in. (This avoids issues with both misremembering and mistyping a password.)
-Keep the password in a safe place you can easily remember, such as a household safe or a safe deposit box.
-Avoid attaching it to your laptop or any part of your computer (such as monitor or keyboard) or anywhere in your workspace, such as in a desk drawer.
-Practice using your password several times a day until you are sure it is memorized.

Here are some interesting resources for you to look at when thinking about how passwords work and how to make them better:

Graham Cluley discusses password rules and password management software –

N3v$r M1^d password rules. Get a password manager to generate and remember your passwords instead

Dr. Mike Pound demonstrates how quickly scripts can crack passwords and explains in simple terms what that means –

In 2013 (seven years ago) a security researcher loaded Wikipedia into a password cracking algorithm and found this password “Ph’nglui mglw’nafh Cthulhu R’lyeh wgah’nagl fhtagn” which is a quote from a book by H.P. Lovecraft –
https://arstechnica.com/information-technology/2013/08/thereisnofatebutwhatwemake-turbo-charged-cracking-comes-to-long-passwords/

And here’s a little humor – https://www.youtube.com/watch?v=2tJ-NSPES9Y

I was recently on-site at a client’s after they had three power-related outages due to windstorms. In all three outages, a power strip was affected. One surge protector had turned itself off, and two had burned out. (The picture above shows the brown stains from ionized metal and plastic vapors which were caused when the power tap burned out.)
=
While you can’t prevent power spikes, you can make sure that any damage falls on a good quality surge protector rather than your cell phone or computer.  The first step is to ensure all equipment is plugged into a quality surge protector. Electricity will find ANY path to ground, so if even one of your devices is plugged directly into the wall, then the voltage can flow through it into the computer and then throughout the network cabling, potentially damaging multiple devices and systems. A good motto to live by, is “if any equipment is unprotected, all of it is unprotected.” (Please note that “power taps” don’t offer this same level of protection.)  

If you already have a surge protector, check the light on it to ensure the protective parts are still functional. After absorbing a certain amount of damage, the surge protector stops working and turns into a power tap. You will still have the illusion of protection, but if your surge protector doesn’t have an indicator light, or if it is over 10 years old, it is time to replace it!

Here is a review of one option that I recommend which auto-shuts off when it burns through the protection.  To purchase this APC protector, click here. 

Additional options may also be found at Lowe’s Hardware.

If you are interested in learning more about surge protectors, this is a good article by CNET. 

Additionally, sometimes people use battery backups for their servers, and even sometimes for desktops.  If you have a battery backup, it makes sense to purchase a spare battery for it so you can quickly repair it when the battery gets used up or stops functioning.

I believe it’s also important to mention that surge protectors are not a solution for all devices. Some devices don’t need surge protection, and some are actually a source of electrical noise themselves. For example, if you plug a space heater, fan, shredder, microwave, refrigerator, or vacuum cleaner (…or really any appliance in general) into a surge protector, it can actually damage the surge protector and reduce it’s lifespan.

This newsletter is meant for informational purposes, but as always, I’m here to support you. Please call me if you would like assistance in selecting surge protectors for your business, or would like for me to review your current power set-up.  

Andy