Cookies, Passwords, and Computerless Invasions

We disdain cookies and passwords so much that we expose our sensitive data to hackers who never need to invade our computers, phones, or tablets to get it. There’s so much information about each of us out in there, yet we use skeleton keys instead of padlocks to protect what we can.

You can adjust your cookie settings to limit tracking cookies, but website operators make it cumbersome – because they want advertisers and merchants to pay them for ways to track you across the internet and sell you stuff. Cookies get a lot of notoriety because of that, but they also serve useful purposes. They enable a site to direct you properly to the areas you need to go to and display appropriately for your browser and device.

Tracking cookies are another matter. They can tell anyone who plants a tracking cookie on your device where you go, and that’s creepy on the one hand and dangerous on the other.

I generally ignore all those cookie messages or just accept all cookies. I feel that many trackers already have information on me, and I am confident I’m savvy enough to avoid online traps. You should be, too, if you follow us regularly. The ads and even the phishing expeditions are a royal annoyance, but you’re safe if you’re smart.

Tracking cookies get dangerous when they converge with weak passwords. This affects business and personal internet use, and here’s how cybercriminals get you.

Once cyberstalkers know where you go, they can make some guesses about your username, which usually has an element of your name or your entire email address, and they have software to try to crack passwords. If you have a weak password – such as the first initial, last name, and 123 that a friend who got hacked used – they’ll crack it. And if you use it at multiple sites, they’ll get into every one of them. And they never had to get into your computer to get into your accounts. The clues were out there to find your bank account or credit card number to clean you out or go on a shopping spree.

The problem, of course, is with a weak password and the lack of a password manager. As an aside, if you are hacked, we use your cookies to see where you’ve been and see if something there has led to someone getting your info and maybe your money.

Finding a strong, unique password or several really strong passwords that you can easily remember is not that hard. What’s an odd association with your name or something you see when you look out the window? What’s a number that’s not tied to your birthday, phone number, or something else that could be part of your public record? What’s a random word that relates to nothing? Where can you substitute a number or special character for a letter? Following that process, any combination of 12 to 16 characters should give you a strong password.

If you combine a strong password with a password manager, you can let the password manager generate random strings of letters, numbers, and characters that become strong passwords. And if your password manager and the websites you visit have facial recognition capability, it’s simpler, stronger, and even faster.

We can help you configure a password manager for individuals or groups, and we can help with improving your password security. Call us – 973-433-6676 – or email us to discuss your needs and develop a plan.

A Guy Gets in a Tesla in Ukraine…

A Tesla driver in Ukraine got a “free ride” on Spotify, courtesy of a US Tesla owner whose car was totaled. It was one of the many ways electronic hitchhikers can access your data on so many different kinds of things. This is just the latest story of how our data lives on – and on – when we no longer own (or lease) a car with an infotainment system or Bluetooth, a copier, or a mobile device.

How did a Tesla owner in Ukraine happen to have access to a Spotify account? It happened like this.

An executive news editor at a major TV outlet recently tweeted (or X’d) that a Tesla he had totaled last year was now in southern Ukraine, and the new owner was listening to Drake on his Spotify account. Reporters tracked down what happened to their editor’s car. An online auction site scooped up the Tesla after it was totaled and listed for sale. Someone in Ukraine appears to have won the bid, and the car was shipped from New Jersey to Europe, where its new owner was able to access the editor’s personal Spotify playlists.

The editor contacted Tesla to see how he could log out of his former car, and the company instructed him to disconnect the vehicle from his account. But several steps, such as entering new owner information, were impossible. Experts in data security told reporters that simply disconnecting an account from the car does not prevent your data from being extracted. They said Tesla should have had a feature to “wipe all my info from this car” long ago.

This is far from a Tesla-specific issue. Cars, laptops, smartphones, TVs, and even refrigerators are now internet-connected devices that can store personal data.

In the office, networked copiers are used as printers and scanners and save everything that passes through them. The equipment manufacturers build this in because leases can be based on the number of pages a unit scans, copies or prints. Today’s units also have long service lives after a lease expires. So when you turn back a copier to lease a newer model, the copier company puts it back on the market. Unless you’ve taken specific steps to wipe the data clean, every document run through the copier goes on the market, too.

We must confess we don’t have access to the menus for the service functions that can wipe the data from a unit, and we haven’t found a way into them – yet. So your best resort is to contact your copier company and make sure all your personal data is wiped clean before the machine leaves your premises.

It may take a little searching through the menus for other devices, but you should be able to find the magic button that returns each of them to factory default settings. iPhones are top of mind for this now because the iPhone 15 is hitting the market later this month, and that – along with new phones from other manufacturers – triggers a spree of trade-ins to bring down the price of a new phone. You might also plan to get new computers for your office or your children for the new school year. The same principle applies. Wipe every device clean of all your data.

Along the same lines, wipe them clean if you’re renting a car and using your data on the Bluetooth and infotainment system, including iOS and Android systems that run through the radio. And make sure you log out of your TV subscriptions before checking out of your hotel room or rental home.

If you’re not sure how to wipe a device clean or log out of a subscription, call us – 973-433-6676 – or email us to walk you through the process. We recommend you do this well before you turn in your car or room key so we’re available to help. In the age of internet-connected vehicles and devices, you never know who’s going to get one of them next.

The IT Guy Stumbles, Too

Those of us in the IT field are subject to the same pressures as everyone else, and we can stumble just as easily as anyone when we’re rushing to leave on vacation – or a business trip. Here’s the story of how I almost blew it – and I’m stickin’ to it. Let it serve as a lesson for you.

It was the Friday before we were leaving for our latest (hopefully not last) family vacation (Charlie will be college-age next summer), and I was in a rush to close all our business and personal affairs before leaving the next morning. I got a call on our home landline purporting to be the bank for our main credit card wanting to question charges from Walmart and Malaysian Airlines. With one foot out the door, I wasn’t thinking straight. They said I could have a new card in three or four days, but I said I needed one tomorrow morning because we were leaving for vacation. When the caller said they’d need a supervisor to call me back, I started to think maybe the call wasn’t legit.

This was a prime example of how we get caught. Credit card fraud is a major problem that’s hit just about everyone in the world. A call like that is no surprise. When I took a deep breath, I hung up the phone, went online to my bank, and looked at my account. There were no pending charges from either place. Had I stayed on the phone call, well, I don’t want to think about it.

One problem with phone calls today is that even if you see a symbol, such as a checkmark (√) or a V in parentheses (V), it may be a spoof. It’s easy to spoof any phone number, so don’t believe it is legitimate because you see a symbol. We don’t pay attention to possible pitfalls when we’re rushing to get things done before a vacation or a business trip. We need to take a deep breath and step back before we act. Otherwise, we could come back to empty bank accounts.

One of our clients almost made a similar mistake when they got a text message about an ambulance bill. The client had gone to an urgent care, and doctors there determined they should be taken by ambulance to the emergency room. The text said their insurance carrier had declined the claim, and there was a link they could use to pay the bill. After staring at the text – after almost clicking the link to see what was going on, they looked on their carrier’s website and found no mention of the ambulance ride. The really scary part is how someone knew our client had an ambulance ride from a specific company on a particular date.

If you do make a mistake, you should call your credit company’s or bank’s fraud line and report it immediately. If you can’t get through, go online through your browser and file a report. You can usually block action on your credit card with the click of a button.

If you fear a breach, you can call us – 973-433-6676 – or email us for help. We can start to put the pieces of your puzzle together to see where your system may have been breached through your computer or mobile device and help you rebuild your security system.

Maui: A Warning About Warnings

The tragic fires that hit Maui hit us particularly hard. We have visited the places that were destroyed and mingled with the people there, and we grieve with those who lost loved ones and their homes and businesses. At the same time, Maui exposed holes in how we put together warning systems. The latest and greatest technology can’t do it all.

While everyone is enamored with text messages, it has long been our demand that if you have an emergency, call our office – 973-433-6676. Never send a text; you never know when we’ll be able to see it. If I can’t answer the phone, we have a trained answering service to get your information and determine if I need to be interrupted from whatever I’m doing to call you back. Oh, you should know that our office number is a landline. We find it most reliable, as you’ll see.

In Maui, according to reports I read, they sent text messages, made cell phone calls, sent emails, and made announcements on radio and TV. They never used a proven, low-tech means of warning: sirens. They will work as long as there is power at the sirens’ location. When you send a text or email – or make a cellphone call or broadcast on radio and TV – you never know that the recipients have power and appropriate signal transmission conditions. We just can’t rely on technology all the time.

As we look to learn how to respond better to emergencies, we have to ask the question: Do you have a disaster plan in place? Whatever you believe, we are becoming more prone to weather-related disasters anytime during the year. If a disaster hits anywhere in the country, it could affect you if you have a national base of customers/clients and/or suppliers. You may have employees anywhere in the country and local people who may or may not be able to work at home when a disaster strikes. How will you communicate with all of them?

Here are some basics:

  • Have multiple ways to contact everyone who needs to be notified.
  • Have multiple ways for people to contact you – or a designated person(s) who will coordinate disaster response activities.
  • Have “captains” who can notify groups of customers, suppliers, employees, etc., of the disaster and what each of them needs to do. The “captains” can also be the ones people reach out to for more information.
  • Use blast emails, text messages and even WhatsApp or chat groups to supplement the individual contacts. Don’t overlook any way of reaching people.

In the aftermath of a disaster, you should have a recovery plan in place to replace equipment and devices and restore your data management system.

We can help you set up and update/upgrade the systems you need to communicate disaster information and recover from a disaster. Most of our clients already have some type of plan in place, but as your business changes, your plan should keep pace with those changes. Call us – 973-433-6676 – or email us to review your disaster management plans and make the necessary changes.

Delete, Delete, Delete

Too many people still hit the “unsubscribe” link instead of the “delete” key when dealing with spam emails and texts. Then they wonder why they get even more spam. It’s simple: You’ve identified yourself as a live person, and you’ll click on something sooner or later.

The problem came to the forefront when one of our clients got hacked. In conversation, they complained about getting too much junk email – no matter how often they hit that “unsubscribe” link. They were beside themselves, but that didn’t need to be the case. And with the Presidential and Congressional election campaigns expected to be full blast for the next 15 months, you can expect to be inundated with unwanted emails.

Here are our junkyard tips for handling junk email and texts.

First and foremost, remember that “unsubscribe” and “delete” are not the same thing. When you hit the unsubscribe link, you are sending a response to an entity you never agreed to have a relationship with. You’ve let them know they hit a live, active email address they and their partners can exploit. It’s like letting a stranger into your house, and they immediately invite their buddies in to raid your refrigerator and see what else is around.

If you hit the delete key, you’ll erase that email – or text – from your device simply and immediately. That’s it. No interaction. They may figure it’s a valid email address or mobile phone number, but they can’t tell for sure it’s active, and they may decide to take yours off their list.

Our rule on unsubscribing is: Only unsubscribe from a list you subscribed to. We all get on various mailing lists for stores or as part of getting a special discount. You should not have any problem disengaging.

The same rules apply to text messages. Delete them. You can report them as junk if you like, but it’s enough to delete them. Be wary of any email or text that starts with “Hi, how are you?” Most are an attempt to hack your system. Just delete them.

With email or text, don’t click on links from strangers. Be careful about the sender. Hackers are getting much better at spoofing corporate logos and adding one character somewhere to a URL to fool you. It’s always safer to open a browser independently on your device and go to a website from there.

In addition to the political fundraising getting into full swing, the holiday shopping season is about to begin. You’ll get even more junk and see even more attempts to hack your system with offers “you can’t refuse.” Don’t just refuse them; delete them. For some hackers, this is the ideal time to plant malware or ransomware by catching you with your guard down.

If you think that you have taken in malware or ransomware by mistake, shut off your device and call us at 973-433-6646. We’ll help you take the steps to remove any malicious software on your device and get you safely back online.

GM Drops Infotainment Apps from EVs

Automakers have never made decent infotainment systems for their cars. Toyota tried forcing its own navigation and entertainment system on buyers some eight years ago and had to relent after two years. Now, GM is planning to drop Apple CarPlay and Android Auto in its electric vehicles, partly because they believe it will be too confusing for salespeople to explain how to use the apps. Seriously? Maybe they should train their sales reps beter.


According to reports on a recent survey by J.D. Power, only 56 percent of owners prefer to use their vehicle’s built-in system to play audio. That’s down from 70 percent in 2020. Less than half of owners said they like using their car’s native controls for navigation, voice recognition, or to make phone calls.

That makes a lot of sense to us and likely to you. Our clients are relatively comfortable with technology and have spent years compiling your music lists, contact lists, and key addresses for destinations. You travel a lot, which means you rent cars. Why would you ever want something that’s not portable? Additional surveys back up that point.

Car manufacturers have been notoriously awful in creating the technology that mirrors what we have on our phones. But it seems like people are warming up to systems developed by Google. JD Power found that models with Android Automotive with Google Automotive’s operating system, AAOS, “score higher in the infotainment category than those with no AAOS whatsoever.”

However, AAOS without Google Automotive Services (GAS) receives the lowest scores for infotainment. GAS refers to all the apps and services that come with the car when Google is built into the vehicle — also known as “Google built-in.” Ford, GM, and Volvo have said they will use GAS for their current and upcoming vehicles. Some Stellantis vehicles use Android Automotive but partner with other tech companies, such as Amazon for their app services.

That should make GM happy after deciding to block access to CarPlay and Android Auto in favor of a native Google infotainment system. If people like cars with GAS, or Google built-in, it could influence a buying decision.

Still, we would prefer to have the choice of using our cell phones for our music playlists and for driving directions. Our phones work better and can be updated more often and more efficiently. For us, the jury is still out, although two things could change our minds:

  1. Will infotainment software updates be included in regular updates from the auto manufacturer – or updated on the fly?
  2. Will the auto manufacturers provide connectivity where there’s no cellular service?

If you’re considering an EV that won’t accommodate CarPlay or Android Automotive, we can discuss the pros and cons of the decision. We can also help you set up Apple CarPlay or Android Automotive with your new or existing vehicles – EV, hybrids, or gas-powered. Call us – 973-433-6676 – or email us for an appointment.

iPhone 15: Silly Little Millimeters; Serious New Performance

The bezels are down to 1.5mm from 2.2mm, and displays for the new iPhone 15 Max and Pro will use a new technology called low-injection pressure over-molding, or LIPO. The Lightning port is out, USB-C is in for greater speed, and the new A17 Bionic chip will be in the Max and Pro models. We’re talking about some serious performance upgrades.

Industry pundits are calling this Apple’s most significant iPhone upgrade since the iPhone X, especially with the camera for the iPhone 15 Pro. While everything is still in the realm of speculation, the iPhone 15 could have a periscope camera. That’s a camera design that allows for much longer-range zoom than smartphones are otherwise capable of, going from the 3x optical zoom of the iPhone 13 Pro to potentially up to 10x or beyond. Apple is not saying which models will have the camera, but the company will be playing catchup. A number of Android phones – such as the Samsung Galaxy S21 Ultra – already have one, with optical zoom ranges of up to 10x. While it’s not a must-have feature for most people, you could take decent-quality photos of things you can’t get close to, and that could be a welcome option for those not wishing to carry large DSLR cameras.

We talked about the advantages of the USB-C port last month for speed and flexibility. One respected iPhone analyst believes the iPhone 15 Pro and iPhone 15 Ultra will get USB-C ports that support data transfer speeds of up to either 20Gbps or 40Gbps, up from just 480Mbps on current iPhones. While USB-C isn’t a data standard, several types of USB-C cables exist, including USB 2.0, 3.0, and Thunderbolt 4. You’ll need to look at speed rates for each of them.

The iPhone 15 Pro and Max will have the world’s first 3nm chip — the A17 Bionic. It should enable Apple to claim the title of the world’s fastest phone once again and be more efficient, resulting in longer battery life. For comparison, the iPhone 14 Pro Max was already the best phone battery-life device, lasting over 13.5 hours in some tests. We’re curious to see how the iPhone 15 Pro and Pro Max perform.

One other improvement should be the replacement of the stainless-steel sides with titanium. It’s not only lighter, but much stronger. Speaking of the sides, a new action button should replace the old ringer/mute switch, enabling users to perform all sorts of shortcuts with just a press.

We should know more about all the new features, a release date, and prices at the Sept. 12 Apple Event. If that happens, preordering will start the following Friday, Sept. 15, and availability should begin the next Friday, Sept. 22. the price range looks like $749 to $1299.

If you have any questions about which new iPhone would best fit your needs and budget, we’re here to talk about it with you. Call us – 973-433-6676 – or email us for an appointment.

Manage Your Email to Avoid a Scam

As more businesses are bought and merged, it’s more important than ever to pay attention to email accounts for all the entities involved. We’re finding “sleeper agents” hiding in neglected accounts, and they’re waking up to bite hard.

In a recent case, a client bought a business a few years ago and set up a number of special email accounts to help manage the transition and keep tabs on things going forward. The only problem is that going forward, they did not monitor those emails – and the account – so they didn’t realize their system was compromised.

They did notice irregular financial dealings in a bank account, and they went to the bank to change the account and the associated online password. But the person who had infiltrated their system still had access to all the email notifications, rendering each system fix ineffective. It took some heart-to-heart conversations with our client to get to the root of the problem and then fix it.

We needed strong passwords on every online and email account they had, but with a mole inside the system, that wasn’t enough. There are two more steps you need to take to tighten your system.

The first step is to set up two-factor authentication (2FA) for every account. Yes, it is a pain to wait to complete a secondary step, but it works. We find a text connected to a cell phone is effective because whoever is accessing the account has the cell phone nearby, and you know the verification code is going to the right person. The chances of the text message being intercepted are extremely remote.

The second step is to manage your email more effectively – and that calls for more than just checking it frequently. Whether it’s at the office or home, many email accounts have – or can have – a secondary email associated with each account. Please don’t leave it blank. That’s the door a hacker uses to get in. When you change the password, go into the profile for the user and reset or start using the secondary email account. At the same time, reset the rules for managing each account. The hackers had email forwarded to an account they could monitor, which let them stay up to date on all the changes our client made.

For both online and email accounts, you need to check each user’s profile information regularly. That’s where we can help. We can check or tell you where to look to see if anyone has electronically “jimmied” open a window to your system and help you take more protective measures. As businesses and consumers, we depend more and more on electronic payment systems to pay our bills and have our invoices paid accurately and on a timely basis.

Call us – 973-433-6676 – or email us to talk about your concerns and to schedule an assessment and a remediation plan – if needed. It’s your money, and if a scammer gets it, you likely will never get it back.

New Device, Same You, New Problem

You’re still the same person you always were, but when you get a new device, you’re a different person as far as some login procedures are concerned. You need to get back to basics in setting up account access. It’s a more acute problem as we do more work outside the office.

We recently got a call from a client who had trouble logging into a work system through a VPN with two-factor authentication (2FA). Nobody had changed any of the login information, so it was all baffling until the client mentioned they had a new phone.

Another client called because they couldn’t get into their email. Again, they had a new phone.

These incidents highlight the good and the bad of multiple authentication steps. The good is that they’re based on the device being used to verify the right of the person to access an account. That means a hacker halfway around the world can’t use their computer to get in. The bad is that you have to take the time to reconfigure all your access info. (Hey, we’re really sorry for the inconvenience.)

Because both cases involved clients with new cell phones, we had to invalidate their old cell phones. We registered one client as a new user and registered a new cell phone number for the other. These are essential steps everyone needs to remember to take as you get new devices.

And because all the 2FA steps in common use are tied to devices, it’s a good idea to make sure your devices require some extra steps to unlock them. Many people use a four- or six-digit PIN, and more people are going to biometrics. While nothing is impossible, even if someone knows your online login info and has your device, they can’t access your accounts if they can’t unlock the device.

If you or your employees are getting new devices, we can help you make sure that they have access to email and online accounts and protect them from unauthorized users. The process isn’t difficult, but it does involve diligence to check all the boxes in the setup process. Call us – 973-433-6676 – or email us if you have questions or need help in going through the process.