Security Not Top-of-Mind at CES

It’s fair to say I was disappointed when talking to IoT device manufacturers at CES in Las Vegas last month. Security was not the big thing on their minds. And except for a TV screen that you can roll up like paper (which I couldn’t see at the show), there wasn’t anything I wanted to bring home and install.

The lack of emphasis on security was baffling, especially when you consider that a lot of companies at CES were talking about AI (artificial intelligence) and 5G networks. The latter are the newer, faster wireless data networks that will play an important role, along with AI, in the next generation of the IoT, especially autonomous vehicles (AVs), which are expected to be an established mode of transportation in the next 10 years. We’re simply going to require more data at a faster speed to make AVs work.

However, it seems that AI – and maybe 5G – was more concerned with what we’ll be running to the store to buy instead of how we’ll get there. Samsung, which makes refrigerators, among other appliances, started to show off Bigsby, its version of Alexa. And when you combine it with a smart refrigerator, this new power team can create a shopping list for you. You can even use voice commands for your washing machine. OK…

There is still a big push to get more devices into the home, and we certainly have more than our share in ours. We find the ones we have to be either great conveniences or highly useful. We just wish that the manufacturers were paying more attention to security, especially with hacking and information theft so prevalent. However, nothing stood out like that TV that rolls up. I really would have liked to be able to see it, even if I couldn’t buy it.

On the other hand, one of the more ridiculous things I saw was either a blanket or mattress pad with dual temperature control and a discounted price of $2,000. Sony also had a Walkman that weighed 5 pounds and had a heftier price tag: $2,500. Sony said there’s a market for it: audiophiles who want high-quality sound.

Speaking of sound, I took note of Panasonic’s automotive offerings, though none was available for consumer purchase. Rather, it seems that the automotive manufacturers are going to rely more on electronics manufacturers and the mobile operating systems to provide the devices and infrastructure for in-car infotainment systems. As part of that trend, we note that Toyota is dropping its plan to introduce a proprietary infotainment system.

We applaud Toyota’s decision for three reasons:

  1. In-car systems from the automakers don’t work well.
  2. Each in-car system has its own way of displaying and using information, and that can be confusing for people who drive multiple cars, including rental cars, where roads and a car’s system are unfamiliar.
  3. Because they are built into the car, it’s difficult to update them in a timely manner.

Just about all manufacturers offer connectivity to either Apple or Android in-car systems – or both – throughout their product lines. Our devices are already customized for driving directions and play lists, and we know how to use them. We also can make our devices secure in the same way we update our OS and applications on our computers.

I think some exciting new products and changes in the way we use technology are a year or two away, but that doesn’t mean we should sit on our hands. If you need a new IoT product now, we can help you we can help you select and install one for today – and make sure it’s secure – and see how it could fit your future needs. Call us – 973-433-6676 – or email us to talk about it.

Spectre and Meltdown Raise Need to Update

We’ve seen lots of patches from chip manufacturers and operating-system publishers trying to resolve the Spectre and Meltdown issues. Their effectiveness is mixed, but there are a couple of things you can do to help protect your systems: backup your files and update your software.

The patches came out quickly last month, and they kept on coming as chip manufacturers and publishers of apps and operating systems tried to close the open doors that Spectre and Meltdown use to get into a computer. If you installed all the updates, even multiple updates from chip manufacturers and software publishers, you did the best you could to mitigate problems.

If you haven’t installed updates for operating systems, applications, firmware, browsers and antivirus protection, do it NOW. If you have not set up your systems to automatically install updates, we suggest you do that now, too. Every supplier with a stake in your success is working ‘round the clock to shore up any weaknesses in their products. The faster you install them, the faster you’ll protect your systems and data.

Here is what you and the computer industry are up against:

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and the secrets, of other programs and the operating system. If your computer has a vulnerable processor and runs an unpatched operating system, you risk leaking sensitive information. This applies both to personal computers as well as the cloud’s infrastructure.

Spectre also breaks the isolation between applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets and may actually make applications more susceptible to attacks.

While Spectre and Meltdown affect chips, they resulted in computer failures that, in turn, resulted in the losses of apps and data files. In a number of cases in which our clients were affected, we found that Google Chrome was piece of every problem. We don’t say this to point a finger at Google; we note it to make sure you have the latest version of your browser installed.

In the more severe cases, we had to reinstall software systems – with all the cumulative patches – and data files because everything was wiped out. In the most extreme cases, we had to replace computers. This, of course, required that all data files were backed and that all software for operating systems and applications were licensed.

Using subscriptions for operating and application software can eliminate just about all problems associated with keeping your systems up-to-date and licensed. They also can provide access to backed-up data files to help restore your system. The bottom-line benefit is that if your system is struck by some disaster, which can include Spectre and Meltdown, a ransomware attack, or a virus or malware invasion, we can wipe your computers and servers of infections and initiate clean installations of your operating system, firmware, and application software and then restore settings and data.

Without the subscription, you may need to purchase software and then recreate all of your settings as best as possible. And if you don’t have data files in a separate, secure location, you’ll need to find the latest files you have and then restore them in your recreated system.

As we make these points, we are aware that everyone has budget restrictions. However, you need to look at the costs associated with an interruption due to an IT system failure. Any money you may have saved by hanging onto old equipment and software can be wiped by a single event.

By making smart investments to your system, you’ll be able to maximize your security and efficiency. That’s important for home use as well as a business. More and more, we have multiple users conducting some sort of transactions over the internet, and those activities can take place from remote locations. It’s a continuing trend in our use of technology. Subscriptions are a continuing trend, too, in the way we keep our systems ready to do all the things we do.

We can help you make the best decisions to balance your IT needs and available funds. Call us – 973-433-6676 – or email us to discuss your update needs and develop a plan to meet them.

Tax Season: The Next Scam Season

I don’t know whether more money changes hands during the holiday shopping season or during tax season, but a lot is at stake between now and April 17 as people prepare tax returns. It’s a busy time of year for scammers, most of whom want to use fraudulent information to get your tax return money.

Probably one of the most common scams is someone calling from the IRS to say you owe back taxes. This happens every year and all year long, too. But there’s just one thing we want to remind you about, even if you know it: The IRS does not contact you by phone. Nor does the IRS contact you by email, a form of communications a scammer will use in a phishing expedition. The IRS sends you a letter.

The other scams you are likely to encounter are calls or emails from people or companies offering to prepare your tax returns and even provide you with an advance on your refund. The email scams are more insidious because if you click on a link, it could automatically trigger a breach of your computer that reveals sensitive information. If you follow through on a phone call or link, the scammer is going to request your Social Security number and other info that goes on a tax return. If the scammer is offering to advance you money from an expected refund, they’ll want your banking info, too. Once a scammer has this and other personal information, it’s easy to get credit cards and loans and commit crimes in your name.

From a computing point of view, we again remind you not to open emails from people you don’t know who offer help during the tax season. Delete them immediately. Do the same with an email from someone you know that seems out of context because it’s so easy to spoof an email address. For example, would you really expect Norman Rosenthal or Sterling Rose to prepare your taxes?

You can protect business and home networks and computers by making sure you have new, strong passwords for all networks and accounts. Strong passwords are long and contain a combination of upper- and lower-case letters, numerals and special characters. With the breach at Equifax, the risk of fraud is higher, and one of the problems it can lead to is that someone will file your tax return before you do.

With protection in place, you can use the internet for all of your tax-related activity, starting with IRS’s official website https://www.irs.gov/. In addition to being able to get tax forms and answers to questions, you’ll find links to help you find and verify information about tax preparers, including 10 tips for choosing one.

If you are preparing your own taxes, we recommend you use one of the established software providers to reduce your risk of a security breach, especially when you file online.

While we don’t prepare taxes, we can help you keep your networks and computers secure. Call us – 973-433-6676 – if you think your system may have been compromised. Call us or email us if you have any questions about system security or security settings for any software you use for tax preparation and filing.