Internet Outages Show No Favorites

The 10 largest internet outages of 2022 managed to hit a wide swath of the user community, ranging from music and messaging sites to gaming sites. While more business-related sites didn’t make the top 10, one of our client’s experiences showed the benefits of planning ahead and staying nimble.

Having a plan you can implement immediately is critical because you can get knocked off the internet in a nanosecond. It’s especially problematic for businesses such as our clients who can have up to 30 users. We’re not big enough to have multiple redundancies for our systems, nor are we big enough to deal directly with big providers. Our businesses likely pass through several hands before we reach the internet, and any of them can go down in a heartbeat.

Because of this uncertainty, one of our clients asked us to help them put together a process. They learned the consequences of being planless while working with another IT company. They knew they were going to have a planned outage because they were moving their physical location. They sell a product and take orders online.

Our solution was to have them take “paper” orders over the telephone as soon as the internet service was shut down to move their equipment. We had a process in place to get their tech system operational before lunchtime on moving day, and everything worked smoothly. As the system started to come online, they used a combination of paper and online orders and then switched to online only. The online system worked while the employees physically moved to their new location.

Their solution succeeded because our plan also included having the right infrastructure in place. We knew the internet connections and Wi-Fi network could handle the load once we put everything online.

Your solution will depend on your business’s needs. Everyone should prioritize telephone and email service because you can’t afford to go incommunicado. Who provides those services for you – and who provides them for your provider? You might not be able to get that latter provider, but it would be helpful. Is the phone service in the cloud? How is it set up? What electricity service options are available in your building?

We can help you develop or improve an outage emergency plan by looking at your equipment and configurations. We can recommend new equipment or configurations as needed and help you install better backup systems to help prevent data loss. Call us – 973-433-6676 – or email us to talk about it.

Oh, and just what were the 10 biggest internet outages in 2022 based on outage reports? According to Downdetector, an internet tracking service of Ookla, which is best known for speed testing, they were:

  1. Spotify – 2.9 million
  2. WhatsApp – 2.9 million
  3. Discord – 1.1 million
  4. Roblox – 700,000
  5. Instagram – 600,00
  6. Twitter – 500,000
  7. Call of Duty – 350,000
  8. Reddit – 300,000
  9. Snapchat – 300,000
  10. TikTok – 300,000

Is LastPass’s Hack the Last Word?

In a word: hardly. LastPass getting breached seems like the equivalent of Fort Knox getting breached; it’s not supposed to happen. So far as we know, none of the gold, which represented the monetary value of US currency in circulation, was ever taken from Fort Knox. But password manager LastPass was breached, and data was taken.

The implications are stunning, to say the least. We’ve put our trust in password manager programs, and LastPass compounded the problem for its customers by being breached twice and not being as quick or transparent about it. From all reports, the latest breach occurred in late August when access was gained to parts of their developer environment through an individual compromised developer account. They said the intruder took some source code and proprietary technical information. In mid-September, they reported that the intruder was in their system for four days, but the incident did not involve any access to customer data or encrypted password vaults.

Just after Thanksgiving, LastPass reported that the knowledge gained from the first breach was used to breach the system again, and that the hacker gained access to certain elements of customer information. Just before Christmas, the hacker got customer account information such as names, billing addresses, email addresses, telephone numbers, and their encrypted vaults. They hastened to add the data was strongly encrypted and required decryption of the customer’s master password.

The bad news is that this was a series of breaches; not good. Over time, the attacker was able to target a separate employee to gain two critical pieces of information: access keys to a cloud environment and decryption keys for that cloud environment. This means the attacker was able to easily download copies of those vaults and the other customer data there.

Although each customer’s vault was encrypted, the vaults contained unencrypted information. The attacker likely downloaded all the available information from each and could the unencrypted info to try to crack the master password by brute force.

LastPass doesn’t have the best track record in the industry, and what happened there can happen to any password manager. But you can take steps to minimize the impact if it happens to your password manager.

We highly recommend that you activate two-factor authentication (2FA) for every web-based account you have. Some will give you the option to verify a specific computer, phone or tablet one time, while others will require verification every time you log in. Most systems work through text messages to cell phones because you’re most likely to have your phone with you. Some 2FA systems will send you an email with a code to enter or a link to click. They’re good if your email is secure.

So, make sure you secure your email accounts. Require 2FA – to your cell phone if possible – to access your email account from the web. List a secondary email address in case there’s a problem. It can be through another email provider, or it can be a person you trust.

2FA works with password managers, and it’s effective if the PW manager hasn’t been hacked. If the data is unencrypted, it could have been stolen (another good reason to set up 2FA for a text).

You can manage your password manager and enhance security by keeping it updated. You can change your master password at any time, and you can use the manager to change your passwords at any time. The programs offer random generation of passwords, and you can take advantage of that. It takes away any excuse you have for using the same password for multiple websites.

You can back up your password manager by downloading your website login info from the manager. Most people download the info to a .csv or .xls spreadsheet file. It’s a good idea to do this periodically and store a hard copy in a safe place. If you decide to change password managers, you can export your file to a new password manager. We suggest you create a new master password if you do that and then create new passwords for each account.

There are ways to download your password list with encryption, but they can be a little complicated. Call us – 973-433-6676 – or email us to set up a time for us to walk you through it. You can also contact us with any questions you have about password managers – selecting one or installing one.

Windows 11 Scores ‘10’ with Update

The latest update of Windows 11 brought back one key function from Windows 10 that should make life easier for everyone. You can now get to Task Manager by right-clicking on the taskbar. However, it’s just another episode in our love-hate relationship with Microsoft and other big publishers.

My problem with the big software publishers is that an individual or small group of people decide that since they no longer need a particular function or set of features, nobody else needs them. That’s arrogant, but at least Microsoft had the sense to realize they can’t upset the way too many people work.

If you are still on Windows 10, which works well for most of us, you can right-click on an open space on the taskbar at the bottom of your screen and get a menu of functions. Two of them are Task Manager and Taskbar settings. For mouse-oriented users, it’s a quick way to get to the task manager (instead of pushing the Ctrl, Alt, and Delete keys simultaneously). I use this step all the time when walking clients through a procedure or working remotely on their computers. A lot of other users do, too.

Windows 11 eliminated all the menu items except for Taskbar settings. To me, the biggest fallout from this was the need to use three fingers and two hands to accomplish what we could do with a mouse click. You had to wonder what Microsoft was thinking.

With the update, the right-click on the taskbar now gives you two choices: Taskbar settings and (drumroll, please) Task Manager. If you haven’t installed the update, this is a good reason to do so. You can verify if you have the latest update by simply right-clicking on the taskbar and seeing if two options pop up.

If only one option pops up, you should update Windows 11 immediately. Getting back the Task Manager option is a nice feature, but more important, you’ll get the latest bug fixes, security patches and performance features. You’ll be safer and more efficient.

And while you’re at it, check for updates on all your software and install them for more security and performance. Then, make it a habit to do this monthly or activate automatic updates.

If you have any questions about updates, call us – 973-433-6646 – or email us.

Email Demands Two-Way Vigilance

Hackers are not always the brightest bulbs in the box. Their success depends more on you making mistakes than almost anything else. When they hack or spoof an email account, you’re dependent on your friends and associates to tip you off. Then, it’s up to you to resolve the problem as soon as you can. Here’s how our client handled their issue and how we handled one of our own.

Our client’s hack of their Comcast email started off simply enough. Hackers got their address book and sent an email to everyone asking if they used Amazon. That’s a normal start to a scam. Our client and spouse got tipped off when both got text messages from recipients – and the spouse got emails – suggesting that one of their email accounts might have been hacked.

Both of them were out of the house when they got word of the problem, but one of them was able to get home and start looking into the problem. The first thing they did was to change the password and the secondary email address used for notifications from Comcast. They also set up two-factor authentication (2FA) to the client’s cell phone number and changed the password again.

Those were two good steps to take, but there were two more surprises. First, they discovered that the hackers had set up an email address that they tied to the Comcast account. Our clients checked through all their accounts but didn’t see an email address that corresponded to the one set up by the hackers. They thought they were in the clear, but they hadn’t found the second surprise.

Later in the day, the client noticed they hadn’t been getting any emails on their Comcast account. They could send messages. Suspecting that a forwarding rule had been inserted by the hackers, they contacted Xfinity by telephone and after a few branches on the phone tree, they were able to speak to a security specialist. After an exhaustive security check, the specialist was able to remove the forwarding rule, securing the account.

They were fortunate that no emails involved responding to financial or healthcare websites. Had that happened, they could have been compromised. They did the right thing by changing the password, setting up 2FA, resetting the secondary email address and changing the password a second time. Those are things you can do immediately. They should have contacted Xfinity immediately after to see about any other changes and had them resolved right then and there.

Those are steps you can take if your email is hacked.

Our hack involved our QuickBooks address, and it’s typical of the problems small businesses can face. I noticed an email that looked like junk mail, so I didn’t pay much attention to it. But soon after, I took a closer look because the email address was sales@sterlingrose.com. It still didn’t seem that urgent, but it began to bother me.

So, I called QuickBooks (remember, we always urge people to pick up the phone if a problem seems bad enough) and explained what was going on. We have a merchant account. They said that hackers had set up an invalid account using the bogus email and an invalid tax ID number. It was a bare, basic account, but it was enough to raise a white-risk flag at QuickBooks. Our phone call put it on their radar screen.

This story should be on your radar screen, too. As small businesses – and even as consumers – we constantly get emails that we’ve been “approved” for something or other. We also get a lot of fake invoices that look like they’re coming from companies we do business with.

We need to be on guard against these. It’s easy to impersonate a business, and if the recipient isn’t careful, they might make a real payment to a real bank account that’s not tied to the legitimate vendor account they thought it was. As a business owner, we likely have no responsibilities or liabilities to the company or person that paid the fake invoice. HOWEVER, this is not a discussion I want to have with anybody.

At the end of the day, small businesses remain a huge target for hackers and cyber thieves. We need to depend on our own vigilance and the help of people we do business with to monitor anything that seems out of the ordinary and let someone know. I want you to let me know you got something odd from me – just like our client was tipped off about the bogus email. Any of these breaches can have serious consequences.

If you’ve been hacked in some way, take immediate steps to secure your accounts, including multiple password changes built around other security measures that you can take. Then, you can call us – 973-433-6676 – to let us know about the breach. We can help you investigate if any further damage was done and help mitigate the consequences as best as possible. If you have security questions, you can call or email us to discuss them.