Pro Activist Computer Support

Category: Uncategorized (page 1 of 3)

TECH ALERT: Text Skimming

 

Your phone number is an easy-to-find key that can be used by hackers and scammers to unlock your personal data. They can also use your number in many other malicious ways.

Unfortunately, there’s another new threat to our privacy, this time involving your cell phone texts.  I don’t like to stoke unnecessary fears, but this is truly a frightening new scam. A gaping flaw in SMS texting service lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages.  For $16, an anonymous prepaid credit card, and a couple of lies, you can literally forward the text messages from ANY phone to your phone. 

There are the multiple ways that your phone can be a target of hackers, below are the most common with links should you want to dig deeper: 

SMS Hijacking
Data Mining
SIM Swapping / Rerouting your Number
Spoofing
Texting Scams / Smishing

I recommend that to combat your phone number being misused, you should share it as little as possible. Many apps and services require a cell number for verification at sign up. By handing your data to these apps, services, and businesses, you increase the likelihood that your cell number will be passed on to third parties and data aggregators.

However, as keeping your phone number private is not always possible, you can at least track it so you are aware of when it has been compromised. Sign up for an account at OkeyMonitor and they will alert you via email (or two) when it detects anyone tampering with your SMS number.

You also may want to consider an alternative to SMS, which provides for multi-factor authentication.  I recommend Authy, or Cisco DUO, but other options include Google Authenticator and 1Password.

As always, this newsletter is for informational purposes, but I am always available for questions or to discuss any of these scams, and ways to protect your business.

Andy

 

I’ve adopted a Cloud Strategy…but, now that my data has spread to the winds, how do I get it back under control??

 

CLOUD STRATEGY 2.0

Over the past year, many of my clients have accelerated the shift from in-house hardware and software to Cloud-based services. This has caused many changes in our daily business lives, the first of which was the shifting of IT dollars from replacement projects every 5-years, to ongoing monthly service charges. Additionally, now that computers are no longer in the office, we must grapple with how we keep the systems standardized and maintained.

Home users naturally conflate business-time and personal-time. We may also conflate business-use and personal-use.  The impact of this is that some of your company data may be located in personal Dropbox accounts, OneDrive folders, and Google Docs, and shared with who knows who?  If one of your employees leaves, how will you ensure you have all your data back? How will you ensure it doesn’t get leaked inappropriately?  In the meantime, your company has most likely started using many new services which were setup on the fly, and without any strategy or planning. Do you have a backup plan for all this ‘stuff’?

I’ll keep this brief, but I highly recommend everyone go back and do some of the planning and strategizing which may have been skipped over in the rush to enable employees to work from home last year.

1. Inventory. Take the time to do one-on-one inventory interviews with each employee to discover what you have and where.

2. Consolidate. Assemble all the inventory information and make a plan to consolidate your data and services, however you can. Standardize the way you treat each problem.  Since OneDrive, DropBox, Box, Amazon C3 and Google Drive are all doing the same thing, pick one and make it the official Cloud drive for your organization. Get your employees to distinguish company-related data held in personal accounts, and shift it over to company-owned accounts. Direct your employees to stop using personal email for business purposes.

3. Centralize. Get all the accounts with company data under your control and convert them to Team accounts, if that is possible. Setup an onsite NAS backup system with the ability to sync-down all your Cloud data. Get a company-owned and managed laptop into the hands of every employee. Consider getting company issued phones. There may be automated software plug-ins available which could consolidate accounts from multiple cloud services into one service.

4. Secure. Setup multi-factor authentication for email, and for every fiscal account, as well as every account with Personally Identifiable Information. Get a team-based password management system and train everyone how to use it.  Password management systems allow you to generate and save easy-to-use passwords for every website. The team feature will allow you to maintain the passwords which employees are using on your company’s behalf, even after an employee leaves the organization. At the same time, it will help prevent your employee’s personal passwords from falling into your own hands – which is a stickier legal issue than you might imagine at first.

5. Policies. Create written policies to govern and explain your decisions. Review these annually.

6. Training. Create a quarterly training schedule for all employees along with a certain allowance of time for individualized training to ensure that you stay on top of what is being done in your company’s name.

As always, this newsletter is for informational purposes, but I am always available for questions or to discuss any of these tasks, or your cloud strategy in general.
Andy

Password Management 911


From here on out, I recommend using a password management software to learn your passwords and store them securely. Then you can use the built-in password generation function to create and remember very long and complex passwords which would otherwise be impossible to remember.

Once you have a good software program to easily learn and securely remember all your passwords, you will still have one password which you will be responsible to remember yourself: the password to get into the password software itself.

Here is how to create a secure password which you can remember:

-Write down a list of several random words.
-Each word should be at least four characters long.
-Avoid proper names, such as of pets, relatives or sports teams, since either you or the people you know have probably already divulged such information on Facebook and the like.
-Avoid picking phrases from literature, since there are hacker scripts which look for that. (However; you might decide to pick a book you like and pick words from random positions on random pages.)

Start writing your password beginning with one of those words:
-Before or after each word, insert either a number or symbol. (It’s okay to repeat an element!)
-Avoid the numbers 0 and 1 since they can be confused with the letters “oh” and “el”.
-Capitalize some of the characters.
-Use 3-5 words.
-Type your password into a document to see if it is easy to type quickly.
-Adjust your password for ease of use.

Write down the final version of your password before you enter it into a website or program, then:
-Write the final password
-Then transcribe the password by looking at the written version, rather than typing what you remember.
-Once you have created your password, log out and log back in. (This avoids issues with both misremembering and mistyping a password.)
-Keep the password in a safe place you can easily remember, such as a household safe or a safe deposit box.
-Avoid attaching it to your laptop or any part of your computer (such as monitor or keyboard) or anywhere in your workspace, such as in a desk drawer.
-Practice using your password several times a day until you are sure it is memorized.

Here are some interesting resources for you to look at when thinking about how passwords work and how to make them better:

Graham Cluley discusses password rules and password management software –

N3v$r M1^d password rules. Get a password manager to generate and remember your passwords instead

Dr. Mike Pound demonstrates how quickly scripts can crack passwords and explains in simple terms what that means –

In 2013 (seven years ago) a security researcher loaded Wikipedia into a password cracking algorithm and found this password “Ph’nglui mglw’nafh Cthulhu R’lyeh wgah’nagl fhtagn” which is a quote from a book by H.P. Lovecraft –
https://arstechnica.com/information-technology/2013/08/thereisnofatebutwhatwemake-turbo-charged-cracking-comes-to-long-passwords/

And here’s a little humor – https://www.youtube.com/watch?v=2tJ-NSPES9Y

Surge Protectors 101: What to do after a power surge.

I was recently on-site at a client’s after they had three power-related outages due to windstorms. In all three outages, a power strip was affected. One surge protector had turned itself off, and two had burned out. (The picture above shows the brown stains from ionized metal and plastic vapors which were caused when the power tap burned out.)
=
While you can’t prevent power spikes, you can make sure that any damage falls on a good quality surge protector rather than your cell phone or computer.  The first step is to ensure all equipment is plugged into a quality surge protector. Electricity will find ANY path to ground, so if even one of your devices is plugged directly into the wall, then the voltage can flow through it into the computer and then throughout the network cabling, potentially damaging multiple devices and systems. A good motto to live by, is “if any equipment is unprotected, all of it is unprotected.” (Please note that “power taps” don’t offer this same level of protection.)  

If you already have a surge protector, check the light on it to ensure the protective parts are still functional. After absorbing a certain amount of damage, the surge protector stops working and turns into a power tap. You will still have the illusion of protection, but if your surge protector doesn’t have an indicator light, or if it is over 10 years old, it is time to replace it!

Here is a review of one option that I recommend which auto-shuts off when it burns through the protection.  To purchase this APC protector, click here

Additional options may also be found at Lowe’s Hardware.

If you are interested in learning more about surge protectors, this is a good article by CNET

Additionally, sometimes people use battery backups for their servers, and even sometimes for desktops.  If you have a battery backup, it makes sense to purchase a spare battery for it so you can quickly repair it when the battery gets used up or stops functioning.

I believe it’s also important to mention that surge protectors are not a solution for all devices. Some devices don’t need surge protection, and some are actually a source of electrical noise themselves. For example, if you plug a space heater, fan, shredder, microwave, refrigerator, or vacuum cleaner (…or really any appliance in general) into a surge protector, it can actually damage the surge protector and reduce it’s lifespan.

This newsletter is meant for informational purposes, but as always, I’m here to support you. Please call me if you would like assistance in selecting surge protectors for your business, or would like for me to review your current power set-up.  

Andy

Check your clipboard!

Do you know who has access to your clipboard?

Smartphone apps are repeatedly reading and accessing your saved clipboard data, which may include all sorts of sensitive information. This privacy invasion is the result of these apps repeatedly reading any text that resides in your clipboards (which computers and other devices use to store data that has been cut or copied from things like password managers and email programs). For reasons that have nothing to do with the services the apps are supposed to provide, smartphone apps as diverse as TikTok and New York Times are pulling personal data from your clipboard in an attempt to spy on your other phone activity.

Initially, these activities had only been observed on iOS platforms, but it is now known that they occur on Android platforms as well.  Regardless of your device choice, it’s a good idea to avoid copying sensitive data unless absolutely necessary, and to clear out the clipboard when you do copy valuable info.  Many of us use the clipboard to copy and paste passwords, while password apps such as LastPass use direct mechanisms. This is yet another reason you should switch to a secure, easy-to-use password management system.Additional information can be found in these articles and blogs:
Schneier Tech Blogs: iOS and Android
ARS Technica Article 
EnGadget Article

This post is meant for informational purposes, but as always, I’m here to support you. Please call me if you would like assistance in clearing your clipboard, or to review best practices for saving data to your clipboard. 
Andy

News About Newsletters…

Staying in touch with your current or potential clients is more important than ever.  Whether it’s communicating new hours of operation, changes in accessing your offices, or any other news about your business is crucial.  However, sending out a newsletter or marketing campaign correctly, and making sure the intended audience is reached, are even more important.  

Based on my research, as well as personal experience with my own clients, I’ve discovered that most people will mark your newsletter or email campaign as spam – rather than unsubscribe – even if they signed up for it (and liked it at one time).  As well, the dead addresses in your distribution lists might be re-animated by GMail, Yahoo or Hotmail in order to catch spammers who still have those addresses in a database.   

One way to fix this is to sign up with both Outlook.com and GMail in
order to claim, or vouch for the legitimacy of your domain. You can register through Gmail to validate your identity, as well as to learn how you can better control your email blasts to ensure that fewer of them end up in the oubliette.

Both these linked articles below are from email marketing companies, but they offer plenty of good advice for people doing a lot of email marketing:

How Spam Filters Work (And How to Stop Emails Going to Spam) [ca. 2018]

Where Do Boring Marketing Emails Go to Die?  [ca. 2016]

This post is meant for informational purposes, but as always, I’m here to support you. Please call me if you would like to discuss the best email campaign options for you and your business.  

Andy

New Billing Policies

Due to the majority of my client support work now being done remotely, I have been forced to change my billing procedures.  For phone support, I previously only charged for calls longer than 15-minutes.  I will now begin billing for phone support after 5-minutes.  Client phone support billing will now be in 5-minute increments instead of 15-minute.  And, any support requiring remote access will be billable from start of call.  Thank you for your understanding of these changes.  Please don’t hesitate to contact me with any questions or concerns.

On another note, I spent some time this weekend on the phone with Comcast to better understand the ways in which they (and other utilities) are helping their customers during the Covid crisis.  My rep at Comcast has helped his small business clients move to smaller office spaces, reduce broadband service levels to cut costs, and has even waived early-termination penalties for business that needed to stop their services altogether.  If you’re interested in learning more, send me an email or call me directly to discuss, as I can offer some good advice on lowering your monthly bill, as well as who to contact at Comcast.

I also have many tools for remote access and remote control support. I recently setup Zoom for my grandma in her farmhouse in rural Wisconsin so she could get more company from distant relatives – all by remote control. If you have family needing tech help, let me know and I can arrange for it!  

This newsletter is meant for informational purposes, but as always, I’m here to support you – especially during these challenging times.  Please call me if you would like to discuss the best options for you and your business to continue to successfully work remotely, and best utilize my services.  

Andy

Scams…again??!!

I know it is exhausting to be constantly viligant about emails, but sometimes you can fall victim to a scam or virus even from trusted senders. 

Unfortunately, it is becoming all too common that you or your business might be sent an invoice, letter or invitation via email – possibly to be listed in a bogus directory, pay an invoice, or to renew your website domain name – that is really a phishing scam.These scams take advantage of the fact the person handling the administrative duties for the business may not know whether any vendor purchases, advertising or promotional activities may have actually been requested.

Many email-based ransomware scams use fake invoices as attachments to infect your computer. As an example, if you receive an unexpected bill from a utility provider, do not open the attachment.  

Using information they have obtained by hacking your computer systems, a scammer posing as one of your regular suppliers will tell you that their banking details have changed. They may tell you they have recently changed banks, and may use stolen letterhead and branding to convince you they are legitimate.

They will provide you with a new bank account number and ask that all future payments are processed accordingly. The scam is often only detected when your regular supplier asks why they have not been paid.Fake invitations will often include a form to be filled out, and ask for your business contact details with an approval signature. You might be led to believe that you are responding to an offer for a free entry, but the form you are asked to complete is a disguised invoice or contract with the amount owed hidden in tiny print.

Some things you can do to protect yourself and your business:

  • Always check that goods or services were both ordered and delivered before paying an invoice, and always read the fine print carefully.
  • Try to limit the number of people in your business who are authorised to make orders or pay invoices. Make sure the business billing you is the one you normally deal with.
  • If you notice a supplier’s usual bank account details have changed, call them to confirm.
  • If you receive a telephone call or ‘invoice’ that comes from a publication you have never heard of, do not pay or give out your details until you have looked into the matter further.
  • Keep written records of your authorisations for advertising or directory entries. If you receive an invoice or a telephone call, you can go back to your records to check it.
  • If you are happy with your current domain name registration provider, simply ignore any other ‘renewal’ or ‘registration’ letters that you may receive from a different company. If you do want to switch domain name registration providers—make sure you know the full costs, terms and conditions of the offer before agreeing.

Recently, one of my clients was forced to format and rebuild their entire infrastructure of 2 servers and 20 laptops from the ground up. They were down for 2 full days, and it took weeks to get back to normal. Don’t get caught, get prepared!

Your New Year’s resolution for 2020:

Upgrading your wireless network…It’s not as painful as joining a gym, and will save you from holiday headaches!

As with other electronics, your network gear has computer chips that need to be replaced every 5 years or so.  But, what usually happens is your network equipment gets put into a dark corner, only to be located again when something goes wrong. 

Small businesses often make the mistake of purchasing wireless network devices the same places a home user would – at Best Buy or Amazon.  Selecting the cheapest solution, i.e. Cisco, Netgear, or TP Link, but not necessarily the right solution, with the quality you expect and need, in a work environment.  

I recommend upgrading to a Ubiquiti unified solution.  Not only is their gear substantially higher quality, but they record and chart the status and history of all the network equipment in your office. With your Ubiquiti equipment connected to their web-based console, you can analyze traffic patterns throughout the day to identify bottlenecks and outages. 

Your business networks need to be able to handle higher traffic, particularly during your busiest times, which is when they are most likely to go down.  In order to help prevent any downtime for your business, I would love to talk to you about how we can upgrade and install your new Ubiquiti wireless network.

STRATEGY & PLANNING

Technology is ever-changing, 
and so is your business.

Which is why its important on a yearly basis to take a longer view of the technology decisions that could help shape the future of your business. 

Annual meetings should be held with your IT professional to plan for technology updates, equipment purchases or system upgrades that may benefit your company. While it may not seem like a traditional time of year for budgetary planning, it’s never to soon to start reviewing your technology needs.  And, Summer is a slower time of year in the IT world, so it gives us time to make well-thought-out decisions on products!  For instance, I can help you plan your phase out of Windows 7 well in advance of it’s end-of-life in April 2020.

I’m heading out of town tomorrow for a short vacation (returning on June 8th), but I will reach out to my clients after I return to schedule your reviews.  

This newsletter is meant for informational purposes, but as always, I’m here to support you.  Please call me if you would like to discuss the best options for you and your business.  

Andy

Olderposts

Copyright © 2021 Pro Activist Computer Support

Theme by Anders NorenUp ↑