Shooting Yourself in Your IT Foot

We got a call recently from an MIA client who was trying to save money by relying on their “resident IT expert.” They could have shot themselves in the foot, but somehow, a few dance steps worked in their favor. They dodged this bullet, but not everyone is that lucky.

Our client is a multi-generational company, and one of its long-time employees served as their “resident IT expert.” A couple of members of the younger generation called us in because something didn’t seem to be right with their system. They thought their system was beyond repair for all intents and purposes. What concerned us most were two answers that we got for most of our questions:

  1. “I don’t know.”
  2. “We don’t have that information.”

When we logged into their system, we looked at their router and firewall and started to look at their setup. This time, we got some answers.

“Do you have another office?”

“Yes.”

“Does it connect to your system here?”

“Yes.”

The connection was made through a desktop computer that was sitting in a corner of the office – a computer that nobody ever touched. It was wide open; they allowed remote access to the desktop, and there was no protection against any kind of intruder. The hacker was able to get in and hijack their software by encrypting it.

We made phone calls to all of their application software vendors to learn how everything interacted, and we learned that they used Carbonite to back up their data. Trying to recover it was useless because all the data was corrupted, but we were able to get in. What we saw was eye-opening.

It turned out that they were hosting one small application that opened the door. Then we saw that nothing had been backed up for the entire year – and the ports were wide open. They also had an antiquated email system that was hijacked. Their in-house person never foresaw any issues with their setup and didn’t know the consequences of any settings that were tweaked or ignored.

We recommended they contact the hacker and see what it would cost to ransom their data, but they preferred to re-enter all of their data for the year. They had hard copies.

Before they began their recovery, we installed a new server and firewall, and while working with one of their software companies, we learned they had a copy of the data up to Aug. 1. Before they began any work, we set up a new email system and new log-in credentials.

It looked like they had dodged a hail of bullets, but within a day, their in-house person was already compromising their system by installing a bunch of utilities and other software. We put a stop to that, and that halted their system leaks and plugged their gaps. However, the whole process of investigating their processes and systems and buying and installing their new systems cost them almost $7,000 – plus their internal cost to re-enter what now amounted to one month’s worth of data. You could also add in a cost factor for aggravation.

In today’s age of a hacker-happy internet, you need a security audit to make sure your vulnerabilities are shored up. Call us – 973-433-6676 – or email us to set up your security audit. It will take an hour or two and cost less than $200. Hackers are highly sophisticated. How much could a breach of your system cost you? Don’t be penny wise and pound foolish.

Equifax and Protecting Your Identity

If anyone learns just one lesson from the recently disclosed hack of Equifax, the credit-rating service that has the keys to many people’s vital data, here it is: You have to take your data protection into your own hands.

We had a really queasy feeling when we saw the news reports, and a lot of the information didn’t pass our initial smell test. First, why did it take so long for Equifax to notify its customers and authorities? More than a month went by before there was any announcement. Second, when Equifax did respond, it seemed ineffective. You can go to https://www.equifaxsecurity2017.com/, enter some information about your name and Social Security number and see if you have something to worry about. From there, you need to scroll to the bottom of the page to find the Potential Impact button, which will take you to https://www.equifaxsecurity2017.com/potential-impact/. Most people will learn that their data has possibly been compromised.

If you don’t want to fuss around with the internet, you can call a dedicated call center, 866-447-7559, from 7 a.m. to 1 a.m. ET every day to discuss your account.

You can go back online and enroll in a credit monitoring with program with Equifax – or with Experian or TransUnion, the other two credit reporting agencies in the US. Equifax will give you the program free for a year without requiring you waive the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms-of-use for this cybersecurity incident.

We strongly recommend you take these additional steps:

  • Place an initial fraud alert on your credit records. Again, it doesn’t matter which reporting agency you use. They all “talk” to each other. When lenders see the fraud alert when checking your credit, they must take additional steps to verify that it is actually you who wants to open the account. Initial fraud alerts are good for 90 days, and you can renew them or cancel them as it suits your needs. Equifax is offering an “automatic fraud alert” feature, which automatically renews itself every 90 days.
  • Freeze your credit. This makes it virtually impossible to open an account in your name because it blocks access to your credit report. Nobody can complete a credit check, so someone else won’t be able to open an account. A credit freeze won’t expire until you choose to remove it, and you can cancel and reinstate them as needed. However, you must place a credit freeze with each bureau individually, and that can come with a fee, usually $10 or less, depending on what state you live in or if you’re already a victim of identity theft.
  • Sign up with a credit monitoring service. We have a service that does this, but there are others.
  • Check your bank and charge accounts and your credit score regularly. If you see something that raises a red flag, contact your financial institutions or credit reporting agencies immediately.

 We spoke to a number of people involved in the storage of highly sensitive personal information, and they all reminded us that you need to protect more than your financial information. Any organization that stores your medical and insurance records is vulnerable to a hack, and that can lead to additional problems. For example, someone who has your medical records can file a fraudulent medical insurance claim using your records.

That, of course, gets us back to advice you’ve often heard from us:

  • Install all updates for operating systems and application software as soon as they are available for computers and devices. The updates almost always include security patches and bug fixes.
  • Manage your passwords. Keep them long and complex and change them frequently.
  • Keep your networks secure by installing updates, managing passwords effectively, making sure your firewall and anti-virus protection is active, and limiting access to administrative functions.
  • Use common sense. Don’t click on links within an email from someone you don’t know or on something that looks out of the ordinary from an address you recognize. Email addresses are easily hijacked – and not necessarily because the owner of the address did something wrong. Don’t click on pop-up ads or ads with offers that are too good to be true.

Are we safe on the internet anymore? No, but you can be safer if you take ownership of your security. We can check security settings and run deep scans to help keep you as safe on the internet as possible. Call us – 973-433-6676 – or email us to set up a security audit or answer any questions you have about managing your security.

Google Drive Drives into the Sunset

Here we go – again. Another staple of our applications is being replaced. This time, it’s Google Drive, which Google will stop supporting as of this coming Dec. 11 and will shut down next March 12. Taking its place: Backup and Sync, which will be more powerful.

Backup and Sync replaces both the company’s Drive and Photos desktop apps for Windows PCs and Macs. It allows you to store any photos, videos and documents in the same format on Google’s cloud for safekeeping from crashes and unfortunate accidents. You can use the app to back up the contents of your entire computer – or just selected folders.

Once you download the app and launch it, sign into your Google account and select which folders you’d like to continuously back up to Google Drive. For photos, you have two options: High Quality or Original Quality. High Quality will compress photos larger than 16 megapixels and videos with a resolution higher than 1080p, but these compressed files will not count against your data cap.

Oh, yes, there is a data cap. Are you surprised? The new and improved Google Drive gives you 15GB of file storage for free. Then, the rates go up to $19.99 a year for 100GB or $100 a year for 1TB. That’s not excessive. You get additional flexibility by being able to download files to work offline, and you can download the app for your mobile device, too. Plans for even greater storage capacity are available.

The new app is available now from the Google Drive or Google Photos page. The only downside is that you can’t use Backup and Sync as a restore tool if your computer crashes. But we have options available for that.

We can also help you set up Backup and Sync so it works as you want and coordinate how it works on your computer and mobile device. Storing your data files and photos and videos offsite is the way to go for safety and flexibility. Call us – 973-433-6676 – or email us to answer your questions or provide assistance.