Cybersecurity Checklist

We doubt the Russians or WikiLeaks are looking into your computer, but there’s a good chance somebody is. Want to get ahead of any possible problems? Try this checklist.

  • Update your software – Security patches are almost always the feature of any software update for your operating system and application software, including Internet browsers. You can set your computers, servers and mobile devices to notify you when an update is available or have it installed automatically. Do it. It’s as simple as that.
  • Limit admin accounts – There are two things to shore up here. First, limit the number of people in your organization – or household – who have administrative rights to your system. The more people who have access to the inner workings of your system, the more possibilities there are for somebody to leave an electronic door open to an invader. As another precaution, always run your PC as a non-administrator unless strictly necessary.
  • Enable your firewall – This should be a no-brainer. It’s the first line of defense against hackers infiltrating your entire IT system or any computer in your system that goes out onto the Internet. Make sure you have it set to manage inbound and outbound traffic.
  • Use anti-virus and anti-spyware – This goes hand-in-hand with enabling your firewall. These programs are designed to stop viruses, worms and other forms of malware. They can also stop pop-ups and other threats. Make sure every computer and device (where appropriate) is regularly scanned by the anti-virus and anti-spyware software, and don’t let licenses lapse.
  • Beware of wireless – Enable encryption, turn off SSID broadcasting and use the MAC filtering feature. Be wary whenever out of the office using Wi-Fi.
  • Protect mobile devices – Always use passwords, screen locks and auto locks on mobile devices, and encrypt data transmissions when possible.
  • Use strong passwords – The latest research shows that longer passwords are stronger, and you should always have a mix of upper and lower case letters, numbers and special characters. Change your password often and don’t use anything that can be related to your email address.
  • Backup your files – We can’t emphasize this enough – and we strongly encourage you to back up files offsite, on a cloud-based server. Have an automated backup and recovery plan in place for key data residing on your network vital for every computer user and organization. We’ve talked about ransomware before, and have securely backed-up files is your best protection.
  • Trust your gut – This is worth repeating, too: If a website, email or window on your PC offers you something that’s too good be true, ignore it or delete it. If something looks odd or out place, ignore it or delete it. Most companies, especially banks and credit card companies, don’t ask for personal information in an email. Don’t click a link. Instead, log back on to your browser and go to the website address you’ve used before to see what that company has to say.
  • Train your staff or family – Most cybersecurity breaches happen because of human error. Train your staff or your family members on how to be more secure while using computers and mobile devices on the Internet. Remember how you’ve told your kids not to talk to strangers or get into a stranger’s car? It’s the same in the cyber world.

We can help you with any of cybersecurity concerns and needs. Call us – 973-433-6676 – or email us to get answers to your questions or to set up a training session.

Ransomware Doesn’t Stop with a Payment

If you think paying off a ransom demand to get back files is the end of your experience, you’re wrong. Getting to cough up a few bucks…well, Bitcoin…is just the start. Ransomware pirates are finding ways besides email to get access to your computer and all of your data – and they’re looking for long-term relationships, too. One tech columnist has sardonically suggested they need good customer service plans. You need a good protection plan.

Let’s start with some basics, which we’ve discussed many times before:

  • Be extremely careful about clicking on links in an email, even if it looks like it comes from someone or an organization you know and trust.
    • Personal email addresses get stolen and spoofed all the time.
    • It’s very easy for someone to recreate a corporate look – such as for your bank – that looks realistic at first glance. (Seriously, does your bank use a Hotmail account?)
  • Install and use anti-virus and anti-malware protection. Make sure update it, and make sure you update it from a legitimate site (see above).
  • Install all updates from application software provider (but make sure it’s legit). Most patches and updates cover security issues.
  • Back up your data files to an off-site server or, better yet, store them in the cloud. For an extra precaution, you can store files to portable hard drives, and keep them disconnected when you’re not backing up data.

One of the problems with storing data on a laptop computer, which many people do, is that when it’s stolen, your data can be accessed before any kind of Internet-based program kicks in to wipe your drive clean. All somebody needs to do it remove your hard drive and hook it up to a computer to see what’s on there.

If you have covered all the basics, you now face some new concerns, especially if you store confidential personal, financial or medical information as part of your business. You face additional risks because there is no way for you to control the security steps your customers or clients take. If they leave vulnerabilities, a hacker can use one person’s log-in credentials to see a lot more data than would ever care to expose.

You can protect your business and data in a number of ways – in addition to the steps listed above:

  • Insist visitors to your website use newer versions of all browsers. As browsers age, publishers stop supporting them. You don’t want to expose yourself to their vulnerabilities.
  • Encrypt your data and your emails. If you do a lot of email marketing or communicate confidential information, this is a no-brainer. Email services, such as Constant Contact, which we use, build in a number of security measures. Spend the money to take advantage of them; it’s cheaper than taking a financial hit (see below).
  • Check with your insurance agent or carrier to see if E&O covers you for cybersecurity breaches. It may be an extra cost, but remember that insurance companies like to collect premiums, not pay claims. They are motivated to minimize your risk and should work with you.

The back story on these tips starts with a client who has two offices. In the “main” office, nobody uses the Internet. But in the other office, people used a remote desktop to access the system in the main office, and the security was weak. The link was not secure, and the passwords were simple. I was able to hack in using an iPad that still had a SIM card from another country, and the client could not detect that I was in there.

That should be a wake-up call for every small business to install and maintain security systems throughout their information management system. Ransomware pirates are getting more sophisticated in ways they can get into your systems and stay there – which brings up the “customer service” observation from Glenn Fleishman in PC World. Our point is not to scare anyone away from technology. Every advance – from the bicycle to space travel – has a risk-reward component, and we all know the rewards are great when we follow the proper precautions.

We’d like to leave you with three steps to take right now:

  1. Encrypt all data
  2. Never send passwords in an open email
  3. Look before you click – disguises are getting better and more numerous

Sterling Rose can help you design, install and maintain a cybersecurity program. Contact us by phone – 973-433-6676 – or email us to make an appointment to discuss your needs.

Keep Your Pictures in Multi-Device World

With mobile-phone cameras getting better and better, it’s easy to click away and then download your pictures to a computer. And when you max out your phone’s storage, it’s easy to delete them from your phone and click away some more. Just one problem: if your phone and computer are synched, you could delete the files from your computer, too.

The problem came up when an employee of one of our clients told about her daughter losing pictures she thought she had saved on her Mac. The daughter had been in Europe for a study-abroad program, and she traveled after school ended. Lots of kids do it, and lots of kids have iPhones and computers.

Naturally, as her phone’s storage filled up with photos, our traveler decided to download them onto her Mac. Just about all of us who travel with a computer do the same thing so that we can keep on clicking away. You never know when you’ll get back to a travel destination, and you want to collect all the memories you can; you can sort them out later.

That’s what our young traveler was told to do. With the magic of wireless connections, she was able to sync her phone and computer so she could save her pictures to her hard drive. With pictures safely stored on the computer’s hard drive, it was a simple matter to delete the photos from the phone and free up space for new pictures.

However, there was a catch. The way her sync was set up, deleting from one device deleted from the other. So, when she came home and sat down to share her pictures, they weren’t there. But they were somewhere. Using Mac’s time machine, we were able to find previous back up files, and we were able to send the computer to Apple. Their technicians were able to recover the pictures, but it took a while for them to get all the pictures, and it was a very stressful time for our student.

Here are some steps you can take to avoid the problem:

  • If you have an iPhone, you can set your phone to store photos in an iCloud photo library and keep them there when you delete files from the phone. If your phone senses a Wi-Fi network, it will upload the photos automatically.
  • You can optimize your storage so that you can leave a thumbnail of your photo on your phone. Then, you can use the thumbnail to identify photos you want to retrieve.
  • If you are traveling with your computer, download the photos manually and turn off any synchronization that deletes files from your phone and computer at the same time.

I download photos all the time from my SLR camera, but it uses SD cards. I can get some redundancy by downloading the pictures to the computer and keeping all the images on the SD cards. I can also upload them to the cloud. When you add up all the costs of a vacation, this is a relatively small expense.

More and more point-and-shoot cameras have SD cards, too. But if you’re using your cell phone or an older camera with fewer features, you’ll have limited options. If you or any family members are getting ready to travel, we can help you make sure your gear is all set up to keep your photo and video memories safe and secure. Call us – 973-433-6676 – or email us to get set up.

Travel: To Disconnect or Not Disconnect?

A trip is a great time to disconnect from the connected world and all of its stressful situations. However, there may be times when being disconnected can be extremely stressful. Fortunately, you can customize technology to fit your level of need and comfort.

Although I consider myself a very connected person, there are times when I like to disconnect, such as when I’m on an airplane or traveling in a country with a huge time difference from New Jersey. And, let’s face it, we all need to really take time off from everyday life – and that’s the purpose of getting away.

However, there are times when being connected can keep your travels on schedule and give you peace of mind. Using a Wi-Fi connection on an airplane, for example, can help you make, change or cancel reservations for hotels, rental cars or ground transportation if you run into unexpected delays, especially if you have a flight that makes stops – and requires plane changes – before you reach your destination.

A phone or tablet with Wi-Fi capability makes it really easy to stay connected, and VOIP – voice over internet protocol – which we all use if we have internet telephone service. You can talk through a variety of applications, such as Skype and Viber, to name two, and Facetime on iPhones. Using voice and video through a Wi-Fi network requires a fast internet connection, so make sure you have one before you try. There are many remote locations (we were in one of them on our last trip) that just have slow internet, and their cellular networks may not be all that strong, either.

If you want to be reached by telephone and don’t want to maintain a cellular connection, a Google phone number can give you a variety of options. You can give the number to people who may need to reach you or with whom you want to maintain contact. You can link that number to your cell phone number, but if you are traveling abroad, you’ll need to have a Wi-Fi connection to pick up voicemail or answer a call. If you have a cellular connection abroad, you can be reached directly. Because a Google number is a US number, people calling you will not have to pay international calling rates.

You can keep a cellular connection in a number of ways while abroad:

  • Arrange with your carrier to provide cellular service without roaming charges in the countries you plan to visit. These plans can be costly, and they can have severely limited numbers of phone calls and text messages available as well as highly restricted data use. If you are going to be in several countries on your trip and don’t need to use data-intensive applications such as Waze or Google Maps for driving and walking directions, this may be good for you. The phone can be really good for making or confirming reservations.
  • Get a SIM card for your phone when you arrive in the country you are visiting. As long as your phone is “unlocked,” as most are today, you can turn your phone into a local phone that will give you either an unlimited or large number of phone calls and text messages – including international calls (such as to the US) – and enough data to get directions to a hotel, restaurant or tourist attraction and use Waze or Google Maps to get there. The major carriers in each country usually have kiosks at the airport, and their agents can install and test the SIM card before you go on your merry way. In most cases, the card is good for 30 days. If you are in a major city, you can find stores for most carriers, just as you do in the US, and the carrier store may be better if you need something other than a standard arrangement. When you get home, you can reinstall your US carrier’s SIM card.
  • Rent a local phone. This is really simple, and it doesn’t require any changes to your existing phone. The cost and your allowances for phone calls, texts and data may vary, but you should have all the capabilities you’ll need.

Having cellular service abroad gives you all the conveniences and peace of mind you take for granted at home. If you are not part of a tour, you can make reservations or ask questions on the fly for hotels, restaurants, attractions and other needs. If you are going to be delayed in getting to a destination, you can call ahead. Even with the best navigation applications, you sometimes need someone to “talk you in” to a hotel or restaurant. All you need to do is call – and you can access the internet to get the phone number.

Even if you are on a guided tour, the tour operators sometimes strongly recommend you have a cell phone with local capability. If you become separated from your group at an attraction, for example, you can call and agree on a meeting place, or they can call you to make sure you get to where you’re supposed to be.

And, of course, there’s the peace-of-mind that comes with knowing you can reach somebody. On our last trip, we were part of an English-speaking group on a bus headed to the airport to leave our location. Nobody spoke the local language, and the driver did not speak English. We were caught in horrendous traffic, and we feared not making our flight. In our case, we had to catch a flight that operates once a week, and we were not in a place where we wanted to spend a whole week.

Nobody had a cell phone for the country, so there was no way to call the airline and let them know of our problem. While it had been very relaxing to be disconnected from the rest of the world, we were a busload of stressed people while on our re-entry path. We made our flight, so now it’s just another travel story to tell.

Traveling always has its surprises, but you shouldn’t feel unduly stressed or unsafe. If you are planning to travel abroad, we can help you determine the technology you’ll need to maintain your desired or required level of connection. Call us – 973-433-6676 – or email us to talk about it.

Windows 10’s Summer Storm

Microsoft’s free upgrade to Windows 10 for eligible computers will end July 29. But rather than just let the offer expire, the company is actively pushing out upgrades. You can expect a storm of activity as part of the effort. If you don’t want to upgrade, here’s how you can batten down your electronic hatches.

Our best advice right now is to let it happen – sort of – and undo it with a rollback. Just make sure you roll back to your version of Windows 7 or 8 within 30 days of the download (and possible installation). Here’s why we believe this is the best course of action. Again, just to remind those of you who could be affected, Microsoft has a free upgrade offer for eligible computers running Windows 7 and 8. The free offer will end July 29. Starting July 30, the upgrade to Windows 10 will cost $119.

In a “big brother” way, Microsoft knows which computers are eligible and which ones have been upgraded. That’s because there’s a chip in your computer that has the information about the version of Windows that was installed when the computer was assembled. It’s not all that bad of a system because Microsoft can use it to push out the correct updates on an as-needed basis to make sure you have all the latest security patches and bug fixes. It takes the onus off you to download and install them. Microsoft also knows which version of the OS you have, such as the Home or the Pro, and that prevents you from, for example, downloading and installing the Pro when you’re entitled only to the Home.

On the other hand, it can be highly intrusive for the upgrades. We’ve had a number of instances in which clients have accessed their computers – at work and at home – in the morning and found a message from Microsoft to continue with the installation of Windows 10. Or, we’ve had clients tell us that all of a sudden, in the middle of the day, their machines started acting funny and then they received messages to continue the Windows 10 installation process.

Naturally, none of these clients had taken advantage of the offer, but Microsoft can’t distinguish if that was by oversight or intent. (Add your own comment here.) Essentially you have two options:

  1. Go through the entire installation and then roll your system back to Windows 7 or 8.
  2. Don’t accept or agree to the terms and conditions.

Each option has its own set of consequences.

If go through the installation and then roll it back, that’s a major time suck. However, we have not encountered any problems with getting old systems back and running again. If you don’t accept or agree to the upgrade, you will lose your entitlement to the free upgrade – at least so far as we can determine. We have not gone through the process of trying to reclaim it.

To make your best decision on whether to accept the upgrade to Windows 10, make sure you are clear on what you need.

We firmly recommend the Windows 10 upgrade because it has a lot of new security measures, and the support for security and bug fixes are crucial to keeping data safe. For home and SOHO systems and for offices that are not using highly customized application software, the upgrade should work well. However, if your application software will not work with Windows 10 or not work as well as it should, we recommend that you keep your present Windows OS. Application software developers and publishers are working to upgrade most packages, but we all know that it’s a complex endeavor.

If you need to reinstall Windows 7 for any reason, it’s still a pain, but Microsoft has released an update to cover all the updates as a one-time deal. That will ease the pain somewhat, but the longer you wait – assuming you have a choice about when to do it – the more updates you’ll need to install manually going forward.

If you have any questions at all about Windows 10 and any other version of the OS, please contact us as soon as possible by phone – 973-433-6676 – or email. We can answer your questions or schedule any work that needs to be done to keep your system running smoothly and safely.

Upgrade for Better Browsing

Browser performance is becoming a bigger issue as browser updates and website advances require new versions – and even new computers. Not upgrading can also present security issues.

The problem we are seeing is a combination of clients with older computers using older versions of their favorite browsers trying to view websites that have advanced features the browsers and computers can’t support. The problem manifests itself when visitors can’t access a site or they can’t move around the site and use all of its features. They also start to see pop-up messages to upgrade their browsers.

We all tend to keep using our older systems and make a lot of allowances until something has to give. In this case, it’s your browser and/or computer. If your computer is not woefully out of date, you likely can upgrade your browser, but there are a few things to keep in mind.

Most important, don’t click on an upgrade pop-up message without being absolutely sure it’s a legitimate message. We have not heard of scammers and hackers using this type of pop-up to get your money or your data or both, but if they’re doing it already…

You can always go to the browser publisher’s website (Microsoft, Firefox/Mozilla, Chrome/Google, Apple, etc.) and download a browser upgrade from there. We believe it’s a safer way to do it. If you happen to download more than one upgraded browser, make sure you designate only one as your preferred or default browser. That will ensure that links you click – such as the link from our email message to get to this article – open in the browser you prefer to use.

If your computer cannot support a browser and a website you use, you should consider upgrading your computer. It’s not really an arbitrary suggestion; it’s all about security.

From the website owner’s point of view, they constantly need to incorporate new software to cover multiple platforms, such as Windows or Apple computers and a host of mobile devices. At some point, they just cannot incorporate the software needed to function properly on older browsers and older computers. Some of the reasons may include the ability to perform e-commerce transactions efficiently and securely, the storage of financial and medical records, the protection of encrypted messages and vulnerability to a variety of attacks.

Those needs take into account legal and insurance issues that affect their decisions about the software and systems they use and support. (We will discuss those in a future issue of Technology Update).

For you, the computer user, you need to consider costs – and that goes beyond just the cost of a new computer.

  • What is your cost if you cannot purchase business items online from your preferred vendors?
  • What is your cost if you cannot purchase any items online – personally or for business – because your browser (and computer) may have security risks?
  • What is your cost if you cannot bill customers and clients because of doubts about your security (see Protection in the Third-Party World)?
  • What is your cost if your data is breached?
  • What is your cost if you are found liable for others’ data breaches?

Browser requirements are likely to get tighter as we go deeper into our Internet-based world and as security becomes an even more important concern for website owners. We can help you get the most up-to-date browsers onto your computers, and we can help you plan an orderly upgrade of your personal and commercial systems to take advantage of any possible cost efficiencies. Call us – 973-433-6676 – or email us to help keep your website browsing as safe and enjoyable as possible.

Protection in the Third-Party World

The reliance on third-party providers for so many data servers continues to grow. That increases your dependence on other people’s diligence, and it increases your responsibility to be more vigilant.

“NJ Biz” recently devoted a series of articles to many aspects of online safety and protection, and one of them focused on issues we’ve been discussing: verifying the integrity of third-party providers and two-factor authentication. Third-party providers are being used more and more by businesses of all types because they can scale up faster and more economically to handle any number of users from any number of locations.

However, you need to rely on those providers to protect your data, and according to Jonathan Dambrot, CEO and co-founder of Prevalent, a Warren-based IT security, compliance and third-party risk management service provider, the security environment is far from ideal. In one of the “NJ Biz” articles, he says: “Depending on who you talk to, between 40 to 80 percent of all data breaches are happening at third-party vendors, because that is where most of the data is. People are focusing on third-party data security risks because criminals are going after the data where it resides.”

If a provider has weak security, it can be more vulnerable to an attack by hackers. But government and industry leaders are getting together to help you. Last December, Congress passed The Cybersecurity Act of 2015 to encourage companies to share with the government and each other technical details of hacking threats. This regulation reflects a growing acceptance of collaboration as a way to access data security threat intelligence and enforce vendor compliance.

It’s the latest of several early steps in a fluid regulatory process.

“Regulators have put controls in place over the last two-and-a-half to three years, and there is a combination of reasons why third-party or downstream risk has become really important to people as they look at their cybersecurity,” Dambrot said. “Third-party vendor and business associate risk has really changed as vendor services have changed. Years ago, people weren’t talking about cloud usage as much as they are today, and so, regulators will continue to change the wording to match the way data is handled.”

This collaborative effort, however, doesn’t get you off the hook. On the contrary, you need to do more. Two other articles we recently came across expand on two security matters we discussed last month: two-factor authentication and asking the right questions of any data-services provider.

Rather than re-explain some of the more effective ways to use two-factor authorization (2FA), we can refer you to a recent post by Ed Bott on ZDNet. There are many options available, including apps you can download to your mobile devices.

As he asks, “How much are your private communications worth? How about your reputation? Your bank account? Your identity?”

We know they are priceless to us but have great value on the black market. With 2FA enabled for a cloud service, any attempt to sign in on an unrecognized device might require you to enter a secret code that’s either received as a text message or generated by an authenticator app on your previously registered smartphone.

“Depending on the service, entering a code might automatically establish the current device as trusted, or you might be given the option to trust the current device,” he writes. “If this is your new computer or tablet (or a new browser), and you have this option you should say yes. When you’re signing in on a device you don’t control, you shouldn’t allow it on your trusted list. One way to make sure that the device isn’t marked as trusted is to use a browser in private mode (aka incognito in Chrome). If a bad guy manages to steal your credentials for an account that’s protected by 2FA, he’s unable to do any damage. Because he is signing in on an unrecognized device, he’s required to provide a second form of authentication. Without access to your trusted device, he can’t authenticate himself and can’t go any further.”

There are many variations on that theme, and we can help you find one or two 2FA programs that can best meet your needs and comfort level with your devices. But you need to be sure the data center that houses your information has all the right policies and procedures in place, too.

Services provider vXchange, which estimates some 78 percent of work-related data will be on the cloud by 2018, has a list of 10 questions you should ask your next data center manager, and we suggest you read them to get an idea of what’s at stake. They’re questions we ask of ourselves and our provider to minimize your risk and ours.

While you don’t get total control of your data, you will have a much better grasp of the possible risks and the steps you can take to maximize your protection.

As your trusted IT service provider and advocate, we have 2FA techniques we prefer and providers with which we have established relationships. We can answer your questions and address your specific concerns in selecting and installing 2FA programs, and we can help you select and vet data centers. Call us – 973-433-6676 – or email us to set up an appointment to discuss your specifics.

3 Years is a Lifetime

We used to consider three to five years as the useful lifetime for a desktop/laptop computer and five to seven years as the useful lifetime for a server. Forget about mobile devices, which seem to become obsolete before you buy them. For computers and servers, a lifetime is getting shorter.

Since the dawn of the computer age, hardware and software have always had a push-pull effect on each other. When one party makes a significant advance in capability and/or speed, the other is forced to catch up – and maybe raise the ante. Faster, more sophisticated application software requires faster, more powerful computing systems to give you all the productivity benefits that can increase your profitability. Faster, more powerful computing systems can make you wonder why your application software is slow, leading you to demand more robust software from publishers. It just goes on and on.

For business and home users, we’re looking at three years now for the useful service life of a computer, and for businesses, we’re looking at shorter lifetimes for peripherals, such as printers. Some companies may tend to keep printers around longer because their basic function hasn’t changed. They print documents, and most printers in use today have enough speed to satisfy most offices.

But they don’t have enough processing speed to satisfy the software systems that feed them the files to print. With technology advancing at such a rapid pace, there is less and less “backward compatibility” to handle older printer drivers or to upgrade printer drivers for newer computers or software. As a result, you need to look at the useful operating life of your printers in addition to your operating system, your application software and your computer. At some point, you’ll be looking at security, too, because your OS and your printer drivers will no longer be supported with bug fixes and security patches.

At some point, too, your computer system and your Wi-Fi system will not match the speed of your Internet connection. Gigabit speeds are becoming more readily available from multiple providers, and competition will ratchet up the speed and cut the price. In practical terms, you are going to demand more speed from your equipment and network because it will increase your business’ productivity or because it will better handle all the streaming needs in your home – such as movies, TV programs and educational and gaming activities.

We can fine-tune equipment only up to a point. After that, you are going to need new hardware and maybe new software. And then, you will begin the cycle again.

As for mobile devices, they are changing rapidly, too. And as companies such as Apple and Samsung wage performance and feature wars, there will be more pressure on each of them to make significant improvements with each new upgrade they release. We’re already seeing how this war affects a company’s stock price, resulting in shareholder pressure as well as customer pressure to be better and cheaper in a shorter product-rollout cycle.Whether at home or at the office, you need to start looking at a three-year cycle for most of your hardware and software – and look at how your systems integrate with mobile devices, which are being used increasingly for tasks normally done on a computer. We can help you with a technology assessment of your business, your home or both – and look at how your systems need to integrate with mobile devices. Our assessment will give you a planning guide to devise a timetable and budget to keep your systems current with your needs. Call us – 973-433-6676 – or email us to set up an appointment.

How Does Your IT Consultant Handle Your Info?

Today’s interconnected world is an interdependent world. No matter how many precautions you take to protect your data’s security, technology has forced you to depend on other people’s diligence to share your passion for protection. You don’t have a lot of control over the weakest link in your online chain. But asking how your IT consultant handles your information can help you gain better control where it’s possible.

So, here’s the question you need to ask: How do you handle my information, including your access to my systems?

And, here’s the discussion that needs to follow:

Your IT consultant must follow the strictest protocols available to protect all the information you provide. This includes access to your servers, routers (including repeaters or boosters for Wi-Fi networks) and computers that store your information or have access to wherever you store information.

An individual provider, such as Sterling Rose, can handle your data security differently from a large support organization. It’s not that one type of provider is better for a particular client; it’s more a matter of tailoring protection procedures to meet real-world needs and being diligent about following them.

We can keep all of our clients’ information in one place that can be accessed by only one person, and that helps us build a strong wall around (and roof over) the user names and passwords for your systems. With the ability to securely access the information from a desktop computer or mobile device, we can service a client from anywhere.

We protect that information in a number of ways. These are just a few of them:

  • We regularly use two-factor authentication, which requires more than just a password. Every two-factor system has its own set of additional requirements, but the net result is that a hacker or robotic system cannot provide the necessary response. (We’re sure somebody is hard at work to defeat two-factor authentication, but right now, it works.)
  • We use long, complex passwords with upper- and lower-case letters, numbers and special characters. Those are always impossible to crack using the latest available algorithms – at least for now.
  • We use systems that require us to re-log in every 14 days and change our passwords and authentication information. It’s a major inconvenience for us, but it’s much more convenient than having to explain why we need to react to a security breach.

A larger IT service provider with multiple technicians available to service a client can also store information securely in one place, but all the technicians need to access it. Some questions you should ask include:

  • Where do you store my information?
  • How do technicians access my information?
  • What protocols do you follow for user names, passwords and other authentication?
  • Are you notified when my information is accessed, and are you able to track who accessed it?

Your IT consultant must be able to advise you on the best security measures to take within your own organization. They should be able to help you design and install a set of procedures for any point at which information is accessed, such as:

  • Accessing specific files or categories of files from within your office or offices that are stored on your own server or on a server hosted by a third party (a cloud provider)
  • Accessing that information from a remote location, such as a home office, where you can install and monitor security measures
  • Accessing that information from a remote location, such as a customer’s place of business or a public place, such as a coffee shop or airport, where you cannot verify the security of a network.

You may also need to set up encrypted email, which we did for an insurance business. Our client reasoned that while they can control exchanges with their clients, they cannot control what happens when their clients communicate with others. Our client needed to be able to show that their security measures would stand up to an outside audit.

If you have any questions about how we handle your information, feel free to contact us at any time by email or phone – 973-433-6676. We would be more than happy to review our policies and procedures in general and for your information in particular. We can also help you develop and implement a security program for your business – or home – system.

Listening to Kidz

One of our clients has launched a new website that looks at how kids look at restaurants. Aside from the specific market need the new website is attempting to fill, it’s also giving us a different perspective on online reviews and how they’re used.

The website, www.kidzdish.com, comes from his experiences dining out with his wife and their two daughters. He notes that his daughters are observant and notice things that would never occur to him or his wife. As parents of two children, it resonated a lot of ways for us.

On one level, it’s a great tool for teaching children how to write reviews – which we all depend on for choosing restaurants or buying ingredients and tools to make dinner at home. It helps them sharpen their observation skills, and that will be critical as they get older and as their lives become more multi-faceted.

On another level, it gives parents a good tool for teaching their children how to use the Internet, and it provides strong parental controls. The benefit for that, too, is the creation of a family activity that’s centered around the Internet.

The website has also made us more observant parents. When we go to restaurants, our kids are usually hungry, and the faster they get the food they want, the better the experience for everyone. We now notice – and can tell all potential customers – if the servers get to us quickly, how they pay attention to our kids’ concerns, and if they bring out their food before ours. That last point is key for us. As parents, we can’t eat until our kids are served, and if we have to wait, our food gets cold. So, when our kids post reviews of restaurants we patronize, that’s one factor they will use to rate the place. They’ll also discuss how they were treated by their server, such as: the server treated me like a little kid, or the server made me feel special and let me know we were appreciated as customers. Oh, yes, they also will comment on the texture and flavor of the mac-and-cheese.

As online interaction continues to play an increasingly greater role in how we live, we support the growth of websites such as this, which give our kids the chance to develop mindsets and skill sets for a communications channel that carries more information at breakneck speeds every day.

What are your thoughts? Leave a comment and let us know. And if you are concerned about setting parental controls on computers or devices in your household, we can help. Call us – 973-433-6676 – or send us an email to discuss your needs.