The Worst is Yet to Come

What do factory closings and travel bans have in common? They’re going to affect the flow of technology to your business and home. Unfortunately, we have no idea yet on how bad the impact will be or how long it will take to recover.

Right now, the demand for products hasn’t caught up to the factory closings, but we can see the writing on the wall. The supplier that makes the cameras for Apple’s iPhones is still shut down, and Foxconn, the major supplier of phones has been shut for weeks. Even if the manufacturers have inventory to ship, the illness – or potential for illness – could shut down all forms of transportation into the United States. We just don’t know how long all of this will go on.

The travel bans are forcing the cancellations of technical conferences, and that will impact the flow of new hardware and software products and upgrades to you. The technology industry depends on conferences. It’s where they give developers the chance to look under the hood and ask questions. In turn, they start working on apps for new hardware or to fit the capabilities of new software – and all of that translates into new capabilities for your business, entertainment and quality of life.

We don’t know what the effects of the travel bans will be because we don’t know what was planned for development and rollout in the long-range future. But when you combine travel bans with factory shutdowns, it’s obvious that we’ll need to make do with what we have. And that may affect anybody who’s forced to work at home.

We haven’t begun to comprehend what could happen if offices are forced to close and employees have to work remotely. In our experience, we see a lot of laptop computers that never leave the office. In a shutdown, they might need to go home. While we can fix a lot of problems with computers remotely, we strongly recommend you test every computer. Employees can take them home and see how easily and quickly they can log in to your corporate network.

At the same time, you should make sure your network, servers and cloud connections are all functioning properly and that every piece of equipment and application is up to date on firmware and software. With your computing being distributed, it’s critical to do whatever you can to prevent problems before everyone and everything scatters to individual homes. You should also make sure everyone who’s logging in remotely understands they should not work from a public network, like from a Starbucks. You have no way to control the security of public networks, and you can bet hackers will be sipping lots of lattes as they search for ways to get some kind of information they can monetize.

If you have any questions at all about the operating conditions of your computers and other parts of your technology systems, call us – 973-433-6676 – or email us to discuss your needs. If you must close your office and have employees work at home, make sure they know how to contact us. Just as you’re being proactive with personal health, it’s time to be proactive with your technology’s health.

The Best of Both Worlds for TV and Video Content?

Are you ready to cut the cable TV cord to save money but not ready to lose all of your favorite TV and cable channels? The entertainment and cable companies may have a solution for you. More and more, the “cable company” is allowing you to stream the channels they offer on cable. If you prefer watching live TV, including shows, the news and sporting events but hate paying for multiple cable boxes, streaming from the cable might give you the best of both worlds.

AT&T just grabbed a few headlines by launching AT&T TV NOW, essentially moving their DirecTV lineup from satellite to streaming. You get the same channels, and they have service tiers priced at $65 to $135 for 45 to 125 channels with HBO included. They join Xfinity’s streaming service, which lets you keep all the channels you have on a current cable TV plan for the same money. If your cable company doesn’t offer a similar service yet, it will.

We think it’s a good move. While nobody watches 200+ channels, we still know of a lot of you who like what’s now referred to as “live TV,” which covers the over-the-air channels for network programming, local news and some live sporting events. We also like a lot of the programming that cable adds, especially sports, 24-hour news programming and premium channels, such as HBO and Showtime. Those are all hard to come by unless you have cable. If you stream your cable package’s lineup, you’ll have access to it anywhere in the US wherever you can connect to the internet.

The cable providers also bundle – for a price – the same premium channels and access to streaming services such as Netflix, Amazon Prime, etc. The price is roughly the same that you’ll pay directly to the streamer unless somebody is running a special. If you stream without the cable company, you can access some of your cable programs through services like YouTube TV, Sling, fubuTV and Hulu+Live. They’re known as skinny bundles, and you’ll need to see what they offer. In addition to viewing their programs on TVs, you can view them on mobile devices and computers. They have limits on how many devices can be connected at one time.

If you cut the cable cord, you’ll need to connect your TV to the internet through a provider such as Roku, Amazon Fire TV Stick or Google Chromecast. All typically work through Wi-Fi, but they don’t all provide the same access to streamers. You’ll need to research that, too. In a sense, you’ll be trading the cable boxes for internet access devices, which will pay for themselves in a few months.

On the technology side, you’ll need to have a strong internet connection and a strong network. The actual levels of service and performance will vary with how big your home is, how many total devices will be on the network and how many devices can display 4K programming. If you’re not properly equipped, your devices will need to buffer the programming, which means you’ll see pauses in the action.

You can always pay for more data capacity from your internet service provider (ISP), which is most likely your cable company. You add network strength by adding access points, either by hardwiring your home or strategically placing mesh network devices. Either or both steps may be necessary, depending on what you have now. Don’t expect to just pull out the cable and plug in a streaming device.

Just be aware of one factor that most people overlook when cutting the cord. Your TV viewing will be done on a data network, which has a capacity or limit, depending on your plan. If you exceed your data limit, your provider may slow down your connection, and that will slow down the feed to your device. You need either to regulate your viewing according to your plan or pay for unlimited data.

Once you decide how you want to watch TV and other video content, we can assess your technology setup, recommend steps you need to take and help you with all installations that may be required. Call us – 973-433-6676 – or email us for an appointment. You have more viewing choices than ever – and that means more decisions than ever.

Time to Reassess Your Email Provider

If you have your email with your internet service provider (ISP), it might be a good time to take a look at what you’re getting, what you could get, and what you might lose.

First, ISPs provide email as a loss-leader service to keep your internet (and maybe cable TV) business. That internet business is critical to their success because more small businesses, home offices and consumers are using more data to run their businesses or live their lives. They’ve built the infrastructure to connect to your home or office. Now, it’s mostly a matter of adding capacity at a central location and using a few keystrokes to provide you with more internet capacity for whatever you need. As a result, they pay only enough attention to your email to prevent a catastrophic failure.

We saw the ISP-email problem firsthand during the past holiday season. Our client had email from Microsoft Hot Mail, but it was through their ISP. We thought it would be an easy fix, but when the problem escalated, the ISP erroneously blamed our client’s computer. We knew it wasn’t the case because we got right down into the system’s basic commands and identified a back-end issue at the ISP. That’s one place we can’t go.

The ISP didn’t do anything, but somehow, the problem disappeared. We think it was fixed either by a reboot to fix a server problem or by someone who actually saw a problem and fixed it. We’ll never know, but regardless, our client is ready to switch ISPs and their email service.

The switch is a two-step process. The first step is to find a new provider. They abound and offer features and capabilities not found in many of the current ISP-based email programs. Here are some of the more popular and more capable choices:

  • Gmail from Google has a friendly conversation-focused interface, powerful search and top-notch spam and malware filtering, which is critical. It integrates with other Google services, including Google Drive, which lets you send attachments over Gmail’s 25-megabyte limit. You get 15 gigabytes of storage, and it’s free, unless you want to create your own email domain. A downside is Google’s proclivity for collecting personal data, but you get some control through its privacy settings.
  • Outlook.com is a web-based email service that’s separate from Outlook in Office. It’s the successor to Hotmail, with a better interface. It also provides 15 gigabytes of storage and integrates with Microsoft’s online Office tools. Microsoft makes a big deal about not scanning emails to serve you ads, but it does scan them to filter spam and malware.
  • iCloud, Apple’s free email service, integrates with Macs and iPhones and doesn’t contain any ads, though it isn’t as feature rich as other options. It comes with only 5 gigabytes of storage, which is shared with other Apple products. You can buy more storage.
  • Fastmail is a paid service that touts privacy and control. For $3 to $9 per month per user, there are no ads, and you can create an email account at any domain you want, which is great for a small business. It’s a great option if you don’t want to tie yourself to one of the big tech giants.
  • ProtonMail emphasizes privacy with end-to-end encryption. However, it requires a bit more work to setup and requires your recipient to jump through the same hoops. Just remember, though, your security is only as good as the security of the weakest link among all the people you communicate with.

No matter which provider you choose, you’ll need to do a lot of preparation. The most important step is to make sure you bring all the messages you want to save to your new email provider’s service. Some ISPs will delete your address and account as soon as you end your service. Others claim they’ll provide unlimited or generous storage and long-term to lifelong access, but there are no guarantees the messages will be kept or open to your access. If someone accidentally removes your messages from a server or removes your login credentials, you’ll have little or no recourse if you’re no longer a paying customer.

Copying all your old email from your old provider to your new one can be complicated. While we don’t want to say it’s something you can’t do at home, we strongly urge you to let us do it or walk you through the process. We want to make sure you get all the messages you want to keep – AND we can help you set up a forwarding mechanism so that people can still reach you after you make the change. (See Tech DIY: Our Equivalent of Calling the Plumber or Electrician.)

One thing you will need to do on your own is make sure you notify everyone of your email change – and do it with your new email address. That will make it easier for people to change their contact list, and it will add your new email to most autofill functions.

Call us – 973-433-6676 – or email us to discuss the best email options for you and to make an appointment to get you set up with your new email system.

Tech DIY: Our Equivalent of Calling the Plumber or Electrician

I can clean out a drain trap and change a light switch. But when I try to do something more, it usually winds up costing more than if I had called the plumber or electrician in the first place. It’s the same with your technology. There are some things you can do yourself, but there are things you shouldn’t touch.

To continue the plumber and electrician analogies, let’s look at some worst-case scenarios. When you do your own plumbing, you could break a pipe and flood all or part of your house – and maybe damage walls, floors and/or ceilings. But you’ll still have your house. With electricity, you could trip a circuit breaker – or shock or electrocute yourself or cause a short that starts a fire and…

In some ways, doing your IT can result in losing all your data, which is the electronic equivalent of burning down your home. Of course, you can back up your data in a secure, offsite location and replicate your system. You probably don’t have a full-size replica of your home or office stashed somewhere else.

So, what are some things you can do? You can download and set up apps, such as a password manager. You know all your passwords, and you can work your way through the setup process to take advantage of the random-generated passwords that make the apps work best. But if things look like they’re getting complicated, you can always call us for guidance or walk-through help.

What are some things we believe you should never do?

Never do anything that involves your website DNS, and don’t switch from one host company to another by yourself. The DNS info is at the heart of keeping your website on the internet, and one mistake can knock you offline. We can help you recover from a mistake, but in addition to the cost of our service, you’ll also pay the opportunity cost for lost business time. Another thing to keep in mind is that when you switch website hosting companies and something goes wrong, each party will claim it’s the other party’s fault. We can make sure that together we all follow the proper procedures to make the switch as seamlessly as possible.

Router changes are another task you shouldn’t do yourself. The biggest dangers are leaving open a port that can lead to security issues or not setting it up properly to manage other remote desktop capabilities.

Even buying a new computer can have pitfalls. With so many configurations available (processors, RAM, hard drive type and size, etc.), it can be difficult if not impossible to match up the right “package” for your needs.

One client experience illustrates the problems that can arise. Our client asked for help with transferring files from the old computer to the new one and assured us the hard drive had “more than enough space – more than I’d ever use.” It was a 128 GB hard drive, and after transferring app and data files, we had 30 GB of free space. However, the client also had 80 GB of music files to transfer. The problem could be fixed, but a lot of extra cost could have been avoided.

We can help make your technology life easier. Call us – 973-433-6676 – or email us when problems arise or if you want to change, add or reconfigure any part of your system. We can help you with advice or with doing the work you need. As the car mechanic said in that Fram oil filter commercial of many years ago, “You can pay me now or pay me later.” My plumber and electrician tell me the same thing.

Home is Where the Hack Is

Don’t think your home is too small to be a hacker’s target. The recent invasion of a young girl’s bedroom through a camera system has sparked a lawsuit and some hot discussion about who’s at fault. Ultimately, you need to make you cover all the bases, and the Department of Homeland Security offers some help in making sure you know where the bases are.

DHS rightly states what we think is obvious about the two common misconceptions home users share about the security of their networks:

  1. Their home network is too small to be at risk of a cyberattack.
  2. Their devices are “secure enough” right out of the box.

Besides those misconceptions, home networks – no matter how many smart devices or dumb devices they connect – have many moving parts. In addition to cameras and smart speakers, to name just two, our networks include routers, computers, mobile devices and TVs. So, even though you may think you have a strong username and/or password for every device, there’s a possibility you can miss one key setting – or there’s a possibility that someone using your network has the weak link in your security chain that provides outside access.

The DHS checklist, which we summarize below, is a good place to start. It reiterates a lot of actions we’ve told you to take over the years, and it’s a good refresher.

  • Update your software regularly. Besides adding new features and functionality, software updates often include critical patches and security fixes for newly discovered threats and vulnerabilities. (See Understanding Patches and Software Updates.)
  • Remove unnecessary services and software. They can create security holes in a device’s system that could lead to a larger attack surface of your network environment. This is especially true with pre-installed trial software and apps installed on new computers. Remove what you don’t use.
  • Adjust factory-default configurations on software and hardware. They’re intended to reduce the troubleshooting time for customer service. Harden them to reduce vulnerabilities.
  • Change default log-in passwords and usernames. Most network devices are pre-configured with default administrator passwords to simplify setup. They’re not secure. Change them.
  • Use strong and unique passwords. Choose strong passwords and don’t use the same password with multiple accounts. (See Choosing and Protecting Passwords for more information.)
  • Run up-to-date antivirus software. A reputable antivirus software app can automatically detect, quarantine, and remove various types of malware, such as viruses, worms, and ransomware.
  • Install a network firewall. It can block malicious traffic from your home network and alert you to potentially dangerous activity. When properly configured, it can also serve as a barrier for internal threats, preventing unwanted or malicious software from reaching out to the internet. We can help you configure them.
  • Install firewalls on network devices. In addition to a network firewall, consider installing a firewall on all computers connected to your network. We can help you configure them, too.
  • Regularly back up your data. Consider using a third-party backup application, which can simplify and automate the process. Be sure to encrypt your backup to protect the confidentiality and integrity of your information. Data backups are crucial to minimize the impact if that data is lost, corrupted, infected or stolen.
  • Increase wireless security. Follow the steps below to increase the security of your wireless router or ask us for help.
    • Use the strongest encryption protocol available. DHS recommends using the Wi-Fi Protected Access 3 (WPA3) Personal Advanced Encryption Standard (AES) and Temporary Key Integrity Protocol (TKIP), which is currently the most secure router configuration available for home use.
    • Change the router’s default administrator password to deter an attack using default credentials.
    • Change the default service set identifier (SSID), the “network name” that identifies a wireless network. Make it unique and not tied to your identity or location.
    • Disable Wi-Fi Protected Setup (WPS). A design flaw in the WPS specification for PIN authentication significantly reduces the time required for a cyberattacker to brute force an entire PIN.
    • Reduce wireless signal strength to reduce your electronic footprint.
    • Turn the network off when not in use or automatically disable the Wi-Fi at specified times to prevent outside attackers from breaching your home network.
    • Disable Universal Plug and Plan (UPnP) when not needed. Recent large-scale network attacks prove that malware within your network can use UPnP to bypass your router’s firewall to control your devices remotely and spread malware to other devices.
    • Upgrade firmware to enhance product performance, fix flaws, and address security vulnerabilities.
    • Disable remote router management to guard against unauthorized individuals accessing and changing your router’s configuration.
    • Monitor for unknown device connections to monitor for unauthorized devices joining or attempting to join your network. Also see the manufacturer’s website for tips on how to prevent unauthorized devices from connecting to your network.
  • Mitigate Email Threats. Phishing emails continue to be one of the most common and effective initial attacks. They prey on the human element – the weakest component in every network – by persuading a user to click on a link or open an attachment.

All the steps you can take are common sense, but they’re often overlooked in our hurry to get a new product or feature online. The hacker looks to exploit momentary carelessness. We can review your home or office network with a security assessment and help you implement any of the steps in this checklist. Call us – 973-433-6676 – or email us for an appointment.

Passwords’ Brave New World

While passwords need to go away, they won’t disappear overnight. So, we highly recommend you – and the internet world – follow some guidelines from the National Institute of Standards and Technology (NIST) in managing your online presence.

For individuals and small businesses, managing hundreds of passwords for all the websites and resources you need to access requires a concentrated effort. Every organization with which you interact online has to manage your password and everyone else’s. Website managers and administrators work hard to roll out security strategies, but piecemeal security strategies are ineffective and risky. There are too many cracks for passwords and other measures to fall through. Ad hoc strategies leave room for errors that could put customers’ data in jeopardy. This is where NIST comes into play and understanding what’s behind their guidelines can help you take some action for your online security. 

Part of the Department of Commerce, the NIST develops guidelines based on best practices from a diverse array of security organizations and publications. NIST guidelines are so well-respected that private sector organizations have adopted them to keep their entire infrastructures secure. They affect some of the requirements you get when creating your own passwords – which you need to follow because they are in response to newer, more powerful threats.

Here are some of the most important new guidelines that NIST has issued to those who provide the services that manage internet access. You can expect them to affect you.

  • Go long: The suggested minimum is 8 characters when a human sets a password and 6 when it’s set by automation. However, NIST encourages users to create passwords with 64 characters or more, including things like spaces and emojis. They’ll be harder to crack.
  • Remove reset requirements: As users struggle to drum up countless creative, strong new passwords each month, they end up creating weaker passwords. Password strength should be about quality, not quantity—one excellent password is better than 10 new, mediocre ones. 
  • Keep it simple: How often have you created a new account, for a new application, online store, or digital news outlet, and encountered the prompt, “your password must contain one lowercase letter, one uppercase letter, one number, and one symbol”? Overly complex passwords can lead to poor password behavior, just as with frequent resets.
  • Be more user-friendly affair: The “show password while typing” is a rare option that can let you use longer, stronger passwords because you don’t have to remember all those gyrations you created. Another friendly option is to allow users to copy and paste passwords. Users who are allowed to copy and paste their passwords are more likely to create and store stronger, lengthier passwords within password managers than those who are forced to type out their password every single time. 
  • Go clueless: Knowledge-based authentication clues can save time, but with all the personal data available today, it’s easier than ever for hackers to decode hint prompts and breach systems.
  • Limit attempts: NIST password standards recommend providing users with a maximum of 10 login attempts before they are turned away. That should be enough to aid a forgetful user but not assist brute-force attackers. 
  • Go hands-free: SMS texting services should not be a part of any two-factor authentication (2FA) process. It isn’t entirely secure, enabling cybercriminals to insert malware that can redirect text messages and facilitate attacks against the mobile phone network. 

NIST standards and the guidelines listed above are important because newer, more powerful cyberthreats will always be deployed. As a user, you need to be aware of newer and better security options. We continue to advocate for biometrics and other measures that are unique to you – and only you – to allow access to your online world.

For most of us, a password manager that works across all the platforms you and your family or businesses use is still a strong defense against hackers. We like Dashlane because its paid version covers an unlimited number of website passwords across multiple devices. For those of you with the right technology, you can start to take advantage of other techniques to access your protected websites. Contact us by phone – 973-433-6676 – or email to discuss your needs and see how we can make you more secure.

What Are Your Biggest Online Threats in 2020?

Cyberthreats will be coming at you – and any person or organization with whom you have an online relationship – with increasing speed and sophistication. For some, it might feel like you’re living inside an online fantasy game, but it’s real life. Here’s what to look for.

Phishing and Social Engineering

There’s nothing new about phishing, where cybercriminals try to obtain sensitive information, like passwords or financial information, usually by using links in emails to install malware to breach your system. Non-profits have been major targets because they don’t have alert systems built into network infrastructures, but any business, governmental organization or individual can be hit. We’ve discussed the need to be highly aware of what you’re clicking and to exercise extreme caution. As an individual user, you have control.

At businesses, it’s a bigger chore to combat phishing. Attacks enable hackers to steal user logins, credit card credentials and other types of personal financial information, as well as gain access to private databases.

Going hand-in-hand with phishing is social engineering, which can cover a multitude of attacks such as disinformation and deep fakes spread by social media. We see this as one of the biggest threats you face this year.

Social media makes it easier to spread disinformation faster than anyone can send out the facts to repudiate fakery or misrepresentation. Deep fakes relate to fake images and videos being created by deep learning techniques. We’ve seen them in the political arena and can expect more them to be leveraged as a tool to attempt to discredit candidates and push inaccurate political messages to voters via social media. We’ll also see them in ransomware, showing targets realistic videos of themselves in compromising situations. We’ll also see more spoofing in business email with deep fakes used to add a further degree of realism to the request to transfer money.

Ransomware

Ransomware attacks cost billions of dollars every year, as hackers literally kidnap an individual or organization’s databases and hold all of the information for ransom. The rise of cryptocurrencies such as Bitcoin spurred ransomware attacks by allowing ransom demands to be paid anonymously. As companies build stronger defenses against ransomware, some experts believe hackers will increasingly target other potentially profitable ransomware victims such as high-net-worth individuals.

Third-Party Vulnerabilities (IoT, Cloud, Supply Chain)

This is a tough threat to ward off because you have some control over your vulnerabilities but not all of them. With the Internet of Things (IoT), you have control. Make sure that you change every default username and password for every device you connect to your network and have a strong network password and firewall. I have little sympathy for people whose systems are hacked because they didn’t take the proper setup steps to prevent invasion.

The cloud is as safe as you can get, especially with large, reputable service providers. They have the resources to deploy the most advanced security measures and multiple services to protect your data. Our advice here is to use a top-rated cloud service provider and make sure you have protected your network, just you would to maintain IoT security.

The supply chain is tough. With so many companies using the internet to fulfill product orders, manage vendors and customers and provide financial services, each one of them can rely on hundreds of vendors. You rely on all of them to keep your data safe, and that can make any one of them the weakest link in your security. Your best defense is to take every security precaution you can, such as keeping your software and hardware up to date, using common sense on what you click, and letting others know when you have concerns about their security.

Internal Attacks

We have only begun to see the impact insiders can have on organizations as well as national and global security. While the news focuses on dangerous insiders exfiltrating data to foreign governments and terrorist organizations, you need to focus on your business – and your business partners. In all likelihood, your biggest threats will be data theft for monetary purposes – similar to effects of ransomware – or some disruption of your business by a disgruntled or careless employee.

5G’s Unprecedented Data-Theft Speeds

5G cellular technology promises unprecedented speed to make it possible to have more effective infrastructure, autonomous vehicles, faster emergency response and greatly improved telemedicine. It will be almost entirely software-driven; you’ll need hardware capable of handling it. Because it will be software-driven, it will be susceptible to hacks. You’ll need to follow safe internet practices and hope that everyone else does, too. There’s not much you can do technologically in the grand scheme of things, but you can and should demand that large organizations and governments take steps to protect 5G networks.

We can help you make sure you have the knowledge and systems in place to protect your systems from cyberthreats. Contact us by phone – 973-433-6676 – or email to discuss your needs.

Health Wearables in Style at CES

Wearables caught our eye at this year’s CES (Consumer Electronics Show) in Las Vegas. There’s a wearable for almost any health condition, and that has its own set of pros and cons.

The big pro, as we see it, is that you can monitor so many health conditions, such as your heartbeat, blood pressure, blood sugar levels and if you have sleep apnea. A wearable can even detect AFib. The downsides, as we see them, are that there are too many proprietary technologies that require you to wear their own watch or wristband. That immediately conjured up in my mind an image of someone rolling up his sleeve and showing his arm full of watches – just like a guy trying to sell you something on the street.

We clearly will need some sort of a more ubiquitous watch, like an Apple Watch or Fitbit, to consolidate these capabilities into one wearable device. I would shudder at the thought of getting behind an overdressed health fanatic at airport security.

On a more helpful note, Amazon, Apple and Google are joining other internet and technology giants to join a project called “Connected Home Over IP”. The group aims to make it easier for device manufacturers to build products that are compatible with smart home and voice services such as Alexa, Siri and Google Assistant.

We like this development because it will reduce a lot of electronic clutter by allowing you to consolidate a variety of smart-home technologies into one platform. That can help you control them better from a smartphone, and it can help make your home more secure from hackers because you only need to worry about a single control point.

We’ve embraced a lot of smart-home technology in our family, and the convenience is a great benefit. But we’ve always wondered about where the security is. It’s up to us to demand better security from the internet industry and product manufacturers, and this is a step in that direction. However, it’s still up to you – more than ever – to secure your IoT devices to make your smart-home technology truly smart.

Finally, there was a lot of buzz over sex and technology. We’ll sidestep all the lurid details, but sex has always sold, so we’ll be in for more of it. One sex-product developer even won an award for innovation, but it was pulled after some heavy pushback.

Sex toys aside, more technology will continue to hit the markets for anything that affects your life – for work and for play. As you add more technology, you’ll need to make sure your network has the capacity to handle new devices and systems, and you’ll need to make sure it’s all secure. That’s where we can help. Call us – 973-433-6676 – or email us to help get your new technology running.

7-bit#, 7-bit#-not PW123 – A Password Primer

This headline depicts how passwords are written and stored in your computing environment. We won’t go into heavy details, but it essentially works this way.

When you put letters – upper and lower case – and numerals and special characters into your password, the storage system records them in a code involving 7 bits and a # symbol. Hackers have learned that if they attack your password in #s, or hashes, they have a shot at cracking your password.

When you change just one special character – or number or letter, you’re only changing one #. You’re actually making your security worse when you do that, especially if you have a really simple password and depend on a &, $ or @ to keep your passwords secure.

Here’s what you need to know about keeping them secure, and if you understand the principles, you’ll know why passwords can’t go away fast enough.

  • Don’t change just one number or special character. If someone has managed to get close to your password, it doesn’t take much run a program that swaps out 10 numerical characters and maybe eight special characters.
  • Don’t use short passwords. A computerized analytics program can run through a short combination of letters and characters faster than you read this sentence.
  • Do use long passwords with combinations of upper- and lower-case letters, numerals and special characters.
  • Do change several numbers and/or special characters when you change your password.
  • Do make your passwords illogical. We all try to keep some semblance of something we can remember because we need to have passwords for so many websites or apps. But if a hacker catches onto your logic, you’re more vulnerable.

We can’t emphasize strongly enough that password and internet security get more critical every day. Hacking and ransomware attacks get more prevalent, and the stakes are higher as we digitize every aspect of our corporate and personal lives. Governments, agencies and school boards – Livingston here in NJ being the latest – have fallen victim to ransomware attacks, and all face the agonizing decision of whether to pay up or try to recover their data. The latter can take longer and be more expensive than the ransom payment, but for some, it’s a matter of principle.

This leads us to four other recommendations when it comes to passwords and internet security:

  1. Use fake answers for the security questions that accompany passwords on many websites. So many of them involve facts that are the matter of public record, including addresses, your first car and your maternal grandmother’s middle name.
  2. Use a password manager program – and let it generate random passwords for every online account you have or ever hope to have. You just need to remember one password, and you can use it to download every password you have if and when you need to know each one.
  3. Have a real backup program for your data. OneDrive and Dropbox are good for storage, and you can recover your data file by file. A backup program such as Azure allows recovery and restoration more efficiently.
  4. Switch from passwords to biometrics whenever and wherever you possibly can. Biometrics are becoming more available, and it makes sense to incorporate them where you can.

Contact us by phone – 973-433-6676 – or email to talk about a good backup program, a password strategy and/or moving to biometrics. And above, practice safe password protection.

Technology Years and Dog Years

Dog owners are used to extrapolating their pet’s age into more human terms by multiplying their age by seven. A 10-year-old dog is roughly the same “age” as a 70-year-old person. A technology year can be more like 20 human years; your 3-year-old computer could be more like a 60-year-old person. If you have a business, old technology can hamper employee retention because there are only so many tricks you can teach an old computer.

It makes good sense to keep your technology younger and more athletic because employees feel old systems hold them back. This is especially true for employees who work remotely, including salespeople. Older systems are not as adaptable for security measures to get to protected data they need to do their jobs better. Nor are they able to accommodate the new ways innovative employees find to do their jobs more efficiently. We’ve talked to many people who have accepted less money at new jobs because they want the opportunity to improve their skills and performance levels in ways that could lead to higher pay later.

The Windows 7 end of life should give business owners with old technology reason to rethink their technology. A 5-year-old system still running Windows 7 is like a 100-year-old person who has really slowed down physically.

That’s well past the retirement age, but even more, it illustrates the problem of old technology. There are no nursing homes for old technology. The industry just doesn’t support old software and old hardware. Technology arteries harden, becoming less flexible and subject to fractures. Even if you have a Windows 10-based system, older versions of office present the same symptoms of aging. Employees are not able take advantage of new features, and that prevents them from increasing their work throughput.

Our clients who have invested in Office 365 subscriptions are benefiting from an improved work environment. Employees are “playing around” with newer, more powerful tools to do their jobs better. The Microsoft Teams tool is a major upgrade over Skype for Business. We’ve seen employees use Teams to set up meetings, share screens and use other collaborative tools, including video conferences, to get more work done faster. Any business that relies on field technicians, for example, can let them use these tools on their cell phones to chat with office-based resources and solve their customers’ problems faster and more efficiently.

If you have Office 365, all these advanced tools are part of your package. Call us – 973-433-6676 – or email us to help you determine the tools and features that are best for your business and to help you set them up with your employees. We can also help you make sure your current hardware has the capacity to help you make use of your new tools.