Home is Where the Hack Is

Don’t think your home is too small to be a hacker’s target. The recent invasion of a young girl’s bedroom through a camera system has sparked a lawsuit and some hot discussion about who’s at fault. Ultimately, you need to make you cover all the bases, and the Department of Homeland Security offers some help in making sure you know where the bases are.

DHS rightly states what we think is obvious about the two common misconceptions home users share about the security of their networks:

  1. Their home network is too small to be at risk of a cyberattack.
  2. Their devices are “secure enough” right out of the box.

Besides those misconceptions, home networks – no matter how many smart devices or dumb devices they connect – have many moving parts. In addition to cameras and smart speakers, to name just two, our networks include routers, computers, mobile devices and TVs. So, even though you may think you have a strong username and/or password for every device, there’s a possibility you can miss one key setting – or there’s a possibility that someone using your network has the weak link in your security chain that provides outside access.

The DHS checklist, which we summarize below, is a good place to start. It reiterates a lot of actions we’ve told you to take over the years, and it’s a good refresher.

  • Update your software regularly. Besides adding new features and functionality, software updates often include critical patches and security fixes for newly discovered threats and vulnerabilities. (See Understanding Patches and Software Updates.)
  • Remove unnecessary services and software. They can create security holes in a device’s system that could lead to a larger attack surface of your network environment. This is especially true with pre-installed trial software and apps installed on new computers. Remove what you don’t use.
  • Adjust factory-default configurations on software and hardware. They’re intended to reduce the troubleshooting time for customer service. Harden them to reduce vulnerabilities.
  • Change default log-in passwords and usernames. Most network devices are pre-configured with default administrator passwords to simplify setup. They’re not secure. Change them.
  • Use strong and unique passwords. Choose strong passwords and don’t use the same password with multiple accounts. (See Choosing and Protecting Passwords for more information.)
  • Run up-to-date antivirus software. A reputable antivirus software app can automatically detect, quarantine, and remove various types of malware, such as viruses, worms, and ransomware.
  • Install a network firewall. It can block malicious traffic from your home network and alert you to potentially dangerous activity. When properly configured, it can also serve as a barrier for internal threats, preventing unwanted or malicious software from reaching out to the internet. We can help you configure them.
  • Install firewalls on network devices. In addition to a network firewall, consider installing a firewall on all computers connected to your network. We can help you configure them, too.
  • Regularly back up your data. Consider using a third-party backup application, which can simplify and automate the process. Be sure to encrypt your backup to protect the confidentiality and integrity of your information. Data backups are crucial to minimize the impact if that data is lost, corrupted, infected or stolen.
  • Increase wireless security. Follow the steps below to increase the security of your wireless router or ask us for help.
    • Use the strongest encryption protocol available. DHS recommends using the Wi-Fi Protected Access 3 (WPA3) Personal Advanced Encryption Standard (AES) and Temporary Key Integrity Protocol (TKIP), which is currently the most secure router configuration available for home use.
    • Change the router’s default administrator password to deter an attack using default credentials.
    • Change the default service set identifier (SSID), the “network name” that identifies a wireless network. Make it unique and not tied to your identity or location.
    • Disable Wi-Fi Protected Setup (WPS). A design flaw in the WPS specification for PIN authentication significantly reduces the time required for a cyberattacker to brute force an entire PIN.
    • Reduce wireless signal strength to reduce your electronic footprint.
    • Turn the network off when not in use or automatically disable the Wi-Fi at specified times to prevent outside attackers from breaching your home network.
    • Disable Universal Plug and Plan (UPnP) when not needed. Recent large-scale network attacks prove that malware within your network can use UPnP to bypass your router’s firewall to control your devices remotely and spread malware to other devices.
    • Upgrade firmware to enhance product performance, fix flaws, and address security vulnerabilities.
    • Disable remote router management to guard against unauthorized individuals accessing and changing your router’s configuration.
    • Monitor for unknown device connections to monitor for unauthorized devices joining or attempting to join your network. Also see the manufacturer’s website for tips on how to prevent unauthorized devices from connecting to your network.
  • Mitigate Email Threats. Phishing emails continue to be one of the most common and effective initial attacks. They prey on the human element – the weakest component in every network – by persuading a user to click on a link or open an attachment.

All the steps you can take are common sense, but they’re often overlooked in our hurry to get a new product or feature online. The hacker looks to exploit momentary carelessness. We can review your home or office network with a security assessment and help you implement any of the steps in this checklist. Call us – 973-433-6676 – or email us for an appointment.

Azure – Always at Work in the Background

Microsoft’s Azure platform has been our backup program of choice for clients since Office 365 became a product for small businesses and home offices/users. We like that it’s a living system – one that continues to evolve and grow.

If you read the article Microsoft ‘Ignites’ Tech Initiatives, you couldn’t help but notice that Microsoft is throwing massive resources behind Azure as a technology platform. As we see it, Azure will become an even stronger backup resource as it helps you use your data files and apps more efficiently. That said, you need to make it your backup program – or at least one of your backup programs – if you want to take advantage of advancing technologies.

Backup is a misunderstood term in the context of IT services. We define a backup as an extra copy of data from a computer. Simply putting data in the cloud – even with OneDrive through Office 365 – is not a backup; it’s storage. Now, it can be useful – even vital – to store data in at least one cloud and on some sort of external device that’s separate from a computer or office server. But it’s not backup.

Why is backup critical? Two scenarios come to mind: 1.) a catastrophe that wipes out your computer or cloud-based server and 2.) a rogue employee or hacker getting into your account and deleting files. The big issue in both scenarios is recovery.

Azure solves the recovery issue for us because it works seamlessly with Office 365, including Outlook and its PST files for your email. For some, backing up email may be more important than backing up files.

As an IT professional, I like Azure’s ability to generate reports – with more capabilities coming online all the time. Microsoft constantly uses customer feedback to add more power to the platform. That gives us the ability to go back into our clients’ backup records to trace incidents and to restore files after a catastrophic event. That’s critical because it can be 90 days – sometimes longer – before a hack or data loss is discovered by a client. When that happens, we can go back in time through the power of Azure to find data files that help us help you recover.

As a set of powerful tools, Azure needs to have respect from users. Yes, you can go into Azure, but you can also create havoc with your systems and our work if those tools are misused. One of the things that drives me crazy is when we look like we don’t know what we’re doing when restoring files because somebody messed with the system.

That being said, we believe in educating our clients. If you want to learn more about how your Azure backup is set up and see what it can and can’t do, we’ll be more than happy to give you a remote tour. Call us – 973-433-6676 – or email us to book your tour of your system.

Backup and Security

What happens when you use the cloud to store files encrypted for security instead of backing them up properly? You can face huge expenses, compounded by the consequences of lost data.

Let’s set a scene to show you how things can play out.

When your files are backed up or stored, they can be encrypted. That’s not a bad thing because it can add a layer of security, and it can help your cloud provider make better use of their server space. However, you and anyone who works on your IT system must make sure that all your system software stays intact.

We had a situation with a client that shows how multiple missteps can create exponential problems. The first misstep was that Windows updates had not been installed. We can’t emphasize enough how important it is to install updates, which include security measures and bug fixes. Without the bug fixes, you’ll run into a problem somewhere along the line that causes a performance failure.

The client decided to call in another IT person to fix the problem that arose with their system. During the diagnostic process, that tech erroneously removed a vital part of the system software, which included the encryption key for stored files. The net result was that the data files could not be restored when they thought the problem was fixed.

Fortunately, the client still had their old computer, which had been sitting in the office for a year. It wasn’t ideal, but it helped. Because they had Office 365, they were able to restore their Word and PowerPoint files, but they lost their QuickBooks files and a year’s worth of data because there was no effective backup in place for the files. They had to be recreated – painstakingly – at the cost of time and money.

We see three lessons for everyone based on our client’s experience:

  1. Install your updates. While security updates are top-of-mind for most users because of prevalent hacking, you can’t overlook the bug fixes. Bugs will cause performance problems that you’ll recognize and motivate you to take corrective action, which brings us to the next point.
  2. Use IT consultants who know what they’re doing. Cheaping out on a service provider compounds the effects of not keeping your software up to date. Today’s tech systems are complex, and your IT tech must know where to go and where not to go within your system. When someone uninstalls software, for example, they must have the encryption key to restore software.
  3. Have a good backup program in place. Cheaping out here, too, can have dire consequences. Again, we go back to Azure and Office 365. Together, they store and encrypt your files on secure servers. And because they’re in the cloud, you can access your files from any device that has internet access. Ultimately, that means you should be able to recover your data in the event of a catastrophic event.

We can help you with any technology issues, including system wellness checks, setting up a process for updating your software, and installing and setting up Office 365 with an Azure backup program. Call us – 973-433-6676 – or email us to discuss your needs and their solutions.

Be Aware of Backup Terms & Conditions

If you’re one of our many clients using Office 365, we’ve likely put you on OneDrive, which essentially backs up some or most of your files. You also likely have another backup option or two that includes data storage in the cloud. But do you know what gets backed up to each cloud? Or how long it’s kept on a server? Or what happens in a catastrophic failure? Here’s what to be aware of.

For this article, we’ll focus on Office 365, Dropbox and Google Business Services. And while we believe the cloud is safe for data storage, the question is: How safe is it? There’s a lot we don’t know.

For example, what happens if something goes drastically wrong, such as an employee of the service going rogue, a hacker getting into the server, or a catastrophic system failure?

What happens if you lose your mind and delete a whole bunch of files – and then realize two months later that you need them?

In broad, general terms, the terms and conditions you agree to absolve them from any responsibility for any error that could possibly connected to you or your actions. None of the cloud providers covers your disasters; they only cover theirs. If there is a complete “nuclear meltdown” on the part of your service provider, they’re only required to restore data to the last point where they backed it up. If you back up your system on Wednesdays and the meltdown happens on Tuesday, you’re out six days of data.

One other problem that many small businesses and individuals face is knowing where all of their data is. They may have stored data in some account and haven’t accessed it for years. They may not even remember having the account. In many of the terms and conditions you agree to, a data storage company may have limits on how long they keep data, but let’s assume it’s unlimited. In cases where you forgot all of your access info – or maybe now use a different email address as your user name, it can be tedious, if not impossible, to verify you own the data and retrieve it.

To cover a reasonable number of contingencies, you should answer the following questions:

  • Do you know where all your data is and how to access it?
  • How much data do I need to keep? The amount of data we keep tends to expand as we acquire more storage capacity, and today’s technology makes that capacity virtually unlimited. Only you know what’s important, but your storage decision doesn’t need to be an all-or-nothing proposition. You can prioritize your data and put it in different places.
  • How are you backing up your data? You can do it automatically to a cloud and/or a portable hard drive connected to your computer or server. You can also do it manually. And, you can use any timeframe from real time to once a week – or even less often, though we’d always recommend real time as the first choice.
  • To what extent do you backup your data? You may be backing up only data files, or you may be backing up application software – or both. If you have employees who work remotely, you may have a system in place that backs up their work files or any changes that they may make while using certain applications.

Once you answer those questions, we can help you design a backup and storage program that meets your needs. However, it’s far from simple, especially for small businesses. We constantly go back and forth with vendors and clients about where to back up data and whether it should be more than one cloud. We tend to put our stuff in the cloud because it’s safer, but no cloud can cover human failure (it’s in the terms and conditions).

Security is the biggest human failure. If you or one of your employees with access to data opens a security breach, there’s no cloud service provider who’ll take responsibility for that. That human error is compounded if you go two or three months or longer before you find that data is missing or compromised – and that’s almost always the case.

Our advice is to forget about terms and conditions from your provider and set a few of your own:

  • Look at the data you store and determine how much you really need to keep.
  • If you find data stored in places or accounts you no longer use, transfer everything to a place you use and close out old accounts.
  • Decide where to store your data. Ideally, if you want to cover all of your bases, you should use more than one cloud and have a physical device in your office or home, such as a server or portable hard drive.
  • Develop and institute an automated backup program.
  • Decide who has access to your data – and then institute a process to keep it safe and make sure everyone who uses the process is trained.

We can help you follow through on all the terms and conditions you set for yourself, your employees and your data. Our process includes helping you make sound decisions on what to store and where, closing up all your loose ends, designing and implementing a storage program, training employees and monitoring your storage program. Call us – 973-433-6676 – or email us to discuss your needs and set up an appointment to move forward.


Terms & Conditions and Apps

Many of the companies we do business with online, especially those for purchasing merchandise, like us to use their apps for phones and other devices. We accept their terms and conditions to get it done – and we never bother to find out what data those apps share and with whom. You can sidestep the issue by going to a company’s website for the transaction. And while you’re at it, you might want to delete those unused apps that may be tracking you and feeding info to…whomever. I recently cut my apps from something like 150 to 47 – and I still only use about half of them. I was prompted to do it initially because for years, I suspected an app was screwing up my phone. So now, my phone works better, and even though my data may be shared with unknown parties, there are fewer of them watching me.


Pulling the Plug at BA

An IT contractor for British Airways accidentally pulled the wrong plug as travelers queued up for a holiday weekend. That pulled the plug on travel plans for some 75,000 passengers and cost the airline a reported $128 million. It makes you wonder: Who else is vulnerable to an “oops”? Probably everybody, but we can all reduce our risk exposure with good backup systems.

The contractor’s mistake occurred at BA’s data center, and it caused the airline to cancel flights at London’s two airports, Heathrow and Gatwick. Besides the millions BA will pay for their customers’ inconvenience, there will be an investigation that will draw on company resources. It affected operations throughout the BA empire.

The incident raises two questions?

  1. Why wasn’t that cord clearly marked in some way, shape or form to give anyone a clue that it absolutely had to stay plugged in?
  2. Why wasn’t some sort of backup system available?

To me, the second question gets to some very fundamental issues about how major companies operate in today’s world. One of them is cost-cutting. News reports indicate that BA’s management was under pressure to cut costs and boost profit margins in a highly competitive industry. Well, we’re all in highly competitive situations, and we all want to raise our profit margins because we can’t raise prices – at least not without significant pushback.

But at some point, the large corporations that provide so many services for small businesses and consumers, like us, need to step up their game. They should be taking the steps our clients and customers would demand of us to make sure we serve them as expected. If one of the package delivery services, such as UPS or FedEx – or even the Post Office – has an IT failure that causes one of our deliveries to miss a deadline, the consequences for us will be much greater proportionately than for the big corporation.

Mechanical problems at a specific location can happen, but a data center problem should never happen because there are so many ways to add backups. Here are a few examples of what they can do:

  • Have a battery-powered back-up system in place so that everything in the system can be saved.
  • Have a back-up location that can be immediately and automatically activated so that critical operations continue.
  • Make time to make sure everyone is trained and retrained for all tasks they need to do on the system.
  • Keep your hardware and software up-to-date to make sure you have all performance and security measures installed. One of the things we’ve seen in many IT-related catastrophes, such as WannaCry ransomware, is that large businesses simply don’t bother to invest in technology in order to cut costs. They wind up paying more when something happens.

Let’s take this one step farther. You can be exposed to many of the same risks and can benefit from the same preventive measures in your office and at home. You can buy battery back-up systems and plug in your servers, routers and computers to give you time to save your data. You can use remote storage – the cloud – to save data and apps. You can make sure everyone knows what to do and not do with your system. You can automatically update your systems – especially your operating system and app software – to keep them secure.

Call us – 973-433-6676 – or email us if you have any questions about keeping your home and office systems running in the face of any incidents – manmade or natural. We can also audit your system and give you a plan to stay plugged in.

Happy World Backup Day! Go Backup Your Stuff! Seriously.

Hard drive backups are like the socks of gifts you give yourself. They’re initially about as unexciting as gifts can get, only to become the best gift ever in a pinch. Got a meeting in 20 minutes and your normal sock reserve is empty? Thanks for the bag-o-socks, Uncle Steve! Your hard drive just exploded, taking the past 3 years of your digital life with it? Thanks for the backup, past-me!

Besides being the day that keeps the people who make Peeps in business, today also marks the Third Annual World Backup Day. World Backup Day is a tradition that started on reddit back in 2011, and has been rippling out through the rest of the tech-loving world ever since.

Making today’s Backup Day particularly special is the fact that it falls on Easter, which, if nothing else, means you get to use “BRB! Gotta go check my backups!” as a way to escape any awkward family conversations that pop up before the ham is done. Or you could be a cool guy and introduce your less tech-centric family members to the concept of backin’ up their bits.

Oh, and tomorrow is April Fool’s day. Probably not the safest day for data, you know?

So, how should you go about backing things up?

If you’re trying to keep it simple, just go buy/find a big ol’ external hard drive, plug it into your operating system’s built-in backup tool (Here’s a guide to Backup on Windows, or Time Machine on OS X), let it do its thing, and then stick the backup somewhere safe. If you can find somewhere off-site (like a trusted friend’s house), that’ll help you retain your data in case of fire or flood.

If you want to get fancy and push your backups online, a couple of the big backup guys are doing deals in honor of today’s techno-holiday. Crashplan dropped their annual price from $71 down to $42 for the day, and Backblaze is giving away 3-months free to all newcomers. If you’ve only got a handful of files that you need to keep backed up, Dropbox’s free 2GB plan is a solid option.

Hard drives are cheap. Lost data isn’t. Go, go, go!