Refreshing Devices Re-Energizes Them – Up to a Point

Refreshing your computers, peripherals and devices requires you to take a long pause, but in the end, it still might leave you thirsting for better results. If you’re hanging onto old equipment, Tech Data reports a few facts that might make you change your mind.

First of all, the report says, some 46 million small and medium-size businesses rely on devices dating back to 2014. That’s approaching five years, and that can be a lifetime in technology. Second, repair costs for equipment four years old or more can be 1.5 times the cost of repairing newer technology. Finally, PCs older than four years can be less than half as productive – costing an average loss of productivity rate of $1,260, according to an internal study by Microsoft.

Microsoft, which is phasing out Windows 7 because of its increasing inefficiency (Windows 7 Support Ends in January 2020), certainly has an interest in seeing you buy new computers with their operating systems. But they also know that the more efficient and productive their customers are, the more likely they’ll continue to use Microsoft software.

So, with that last point out there, what are your considerations for refreshing or replacing a computer? If you’re running Windows 7, we see replacement as a no-brainer. One client engagement illustrates how extreme it can get. We were tasked with refreshing a 10-year-old computer to get it to run better, which we did at a cost of $200 or so – after we advised our client to replace it. Refreshing, in this case, meant reinstalling software and updating it as much as possible. A 10-year-old computer cannot run the latest versions of Windows or any application software, and you cannot install the latest, most secure browser software. If we had installed a new hard drive and added licensing fees and our setup time, it would have been about $570. A new computer would have been around $800 plus some setup time to properly install the operating system and applications and transfer some data files.

With that as background, let’s delve more into a cost-benefit analysis.

Performance: Older PCs, according to Tech Data, can only run approximately five applications simultaneously without performance degradation, while newer PCs can easily run eight or more, according to a 2016 study. On the other hand, new Windows 10 Pro devices with 7th and 8th generation Intel® vPro™ processors keep users more productive with up to 25 percent more time efficiency. They are also up to 28 percent faster for startup on average compared to Windows 7. Batteries can last up to three times longer on newer Windows devices.

Repairs: We mentioned early on that repairs can cost 1.5 times more for older computers than for newer computers. Some of that extra cost can come from more time to find parts. Generally speaking, older parts are scarcer and more expensive.

Security: We’ve harped on security, and here’s something to add: More than 50 percent of smaller businesses have suffered a data breach or cyberattack with the cost averaging more than $84,000 per breach. Older Windows devices are likelier to lack the latest hardware and software security features, putting data at risk. When you factor in the fact that small-business customers are prime targets for security breaches, you can be looking at costly recovery.   Upgrading to a computer that can run Windows 10 Pro will give you more built-in defenses and increased support for the lifetime of your device.

To translate all this into an action plan, we recommend refreshing and some component replacement for computers three years old or younger. For older computers, especially those running Windows 7, we recommend replacement. Business users will benefit from improved performance and security, and home users will benefit from better security. Call us – 973-433-6676 – or email us to discuss your refresh/replacement needs.

Password Agony; No Ecstasy

Passwords are a total pain. Upper- and lower-case letters, numbers and special characters in one password are likely unbreakable over the course of a lifetime. But just to be safe, you’re required to change them periodically – without repeating one you’ve previously used for a website. And if you go to extremes, well, it is possible that someone can beat you over the head and hold your finger or an open eye in front your phone and access your bank account. A password manager could relieve that pain.

Password managers are applications on your computers and devices to access a database where your passwords are stored. One of the big pains they relieve is the need to remember multiple complex combinations of letters, numbers and characters that – to be effective – are totally random. Almost all password managers let you create a master password for access to your identity vault, and then the password manager fills in individual user IDs and passwords for the sites and apps you use. One benefit is that you can give each site or app a different, complex and hard-to-remember password. They also relieve the burden of making required password changes for websites by generating a new one.

For those of you thinking several steps ahead, you are not tied to a password manager forever. You can always download the database with your passwords and user names, allowing you to leave the service and change passwords at each website as needed.

Of course, there’s some risk to a password manager. If a hacker gains access to your master password, all your accounts are open to plundering. Likewise, if a hacker manages to breach the central vault of the password management company, it’s possible that millions of account credentials could be stolen in a single hack.

Good password managers have defenses for both possibilities. Most employ multifactor authentication, so access is granted only with both a correct password and a correct authentication code. That code exists only on a device you own, limiting the ability for someone on the other side of the world to gain access to your information. They also encrypt your password information locally, before it ever leaves your devices, on the servers operated by the vendors. In most cases, this is strong enough.

You have a lot of choices for password managers. We happen to like Dashlane, which gets strong reviews from sources such as PC Magazine, Tom’s Guide, and CNET. You can find more than enough reviews of Dashlane and other program managers, some subscription-based and some free. You should remember that we’re not always enamored with free programs, but regardless of price, here are some things to consider.

Your password manager should secure your data on your machine and in the cloud with an industry-accepted, tough form of encryption that’s widely used today. Along that line, it’s good to have a password manager that scans the dark web to make sure you haven’t been compromised.

It should work across multiple platforms with software for Windows, macOS, Android and iOS, and you should be able to install it on an unlimited number of devices for a single (usually paid) account, store an unlimited number of passwords and generate new, strong passwords for you, even on a mobile device. We like one that can alert you to data breaches and give you a two-factor authentication option for master passwords. Some will offer to save personal information, such as personal details, credit-card numbers and other frequently used information to quickly fill out online forms. While this is optional, it may be safer than letting a website save your credit-card information.

While no password manager can recover your master password if you forget it, it’s helpful to have one that lets you reset your password. Another good feature is one that lets you provide an emergency contact so that a trusted person can access your websites and apps if you are unable to do so.

Choosing a password manager and setting it up can be daunting tasks, but we can help. Call us – 973-433-6676 – or email us for answers to your questions or to walk through the setup.

Airports, Wi-Fi and VPNs

Since most of us fly in and out of Newark Liberty International Airport, you might want to know that it’s ranked fifth on one list of airports where your phone is mostly likely to be hacked. Setting up a VPN (virtual private network) might not be your answer, either, because they are not always as reliable as you think for protecting privacy. Your best protection is your own cybersmarts.

Newark’s lack of security was highlighted in a recent article by Tech Republic about the 10 US airports where you’re most likely to be hacked. That article was based on a report by Coronet, an internet security provider, which looked at the 45 busiest airports in the country. The report applies mostly to businesses, but a lot of it can apply to all travelers.

Why are airport wi-fi systems vulnerable? Lax cybersecurity at most airports lets bad guys onto insecure public wi-fi to introduce a plethora of advanced network vulnerabilities, such as captive portals (AKA Wireless phishing), Evil Twins, ARP poisoning, VPN Gaps, Honeypots and compromised routers. Any one of these network vulnerabilities can empower an attacker to obtain access credentials to Microsoft Office 365, G-Suite, Dropbox and other popular cloud apps; deliver malware to the device and the cloud, and snoop and sniff device communications. Further, not all VPNs give you rock-solid protection against attacks, and USB charging stations are notorious being vulnerable to attack.

To be fair, the report puts the probability of connecting to a medium-risk network at 1 percent and the probability of connecting to high-risk network at 0.6 percent. The same numbers for the worst airport, John Wayne Airport-Orange County Airport are 26 and 7 percent, respectively.

But why take a chance when you can take steps to reduce even the slightest risk? Even at a 1 percent risk, you’re still gambling, and the cost of a breach could be more than the cost of more data on your cellular plan. To be safe, use cellular data in public places.

But let’s try to put all of this in perspective. If you’re checking your email or browsing the internet at the airport, you’re not using much cellular data. The heavy use comes in streaming movies or TV shows or in downloading content with a lot of pictures and video. To keep data use minimal, change your settings so you don’t download pictures and video. If you can, download and store reading and viewing material onto a device before you leave home. If not, buy a newspaper or carry a book to kill time at the airport.

When you’re at various locations – anywhere in the world – make sure you check that you are on a legitimate network. In Europe, for example, we found that the wi-fi networks were faster than data networks, and that made it better to use them to download email. But if speed is not an issue or if the wi-fi is slow, you’re safer on cellular.

We’d also like to add one more reminder: Although this article deals with airports, the same safety precautions apply to any public network. They’re all prime targets for hackers. The notorious bank robber Willie Sutton was once asked why he robbed banks. His answer: “That’s where the money is.” Today, data is where the money is; hence the hackers.

If you have any questions about securing your phones, devices and computers, call us – 973-433-6676 – and email us.

IoT and the Fourth Industrial Revolution

At a recent technology conference in Las Vegas, I was overwhelmed by how far technology has advanced in such a short time – and by how much faster the impact of technology on our lives will grow. We are in the Fourth Industrial Revolution.

Where are we headed? We’re headed for the clouds – the massive server and data storage networks make it possible to do everything imaginable from a phone or tablet from anyplace in the world where you can get an internet connection. This time-compressed evolution is the Fourth Industrial Revolution. Yes, it does seem strange to talk of an evolution, which is long-term movement, with the short burst of a revolution. But that’s just how fast technology moves.

In 1995, we were astounded that we had PCs on every desk. By 2005, we had democratized data in the sense that businesses of all sizes stored and sometimes shared data they gathered and used. That could be correspondence (email), financial records (banks, large retailers), or business info of all sorts, ranging from sales and inventory records to programming heavy industrial equipment. In 2015, society made a really big leap to the cloud to store and manage all the data we use for practically every aspect of our lives. Even people who never use the internet and pay cash for everything are affected by today’s technology if they drive or vote or pay taxes.

Some things I saw in Las Vegas give indications where we’re heading. Business is undergoing a digital transformation built around their customer experiences and new business models. Some one million digital devices come online every day, and by 2025, 60 percent of all computing will be in the cloud. While we each need to maintain our online security vigilance, the entire computing world needs to step its efforts because no bit of information ever goes away. Further, no matter how deeply hidden any information remains, the tools to find it and exploit it are constantly developing. The bad guys can build botnets (networks of electronic robots) to find IP addresses for any exposed device. The Boa open source server, which was used to automate a lot of web-related functions quickly and securely, was discontinued in 2005. But it’s still used in some devices, and with no technical support, bad guys are free to try to pick away at out-of-date defenses. Opening one door can lead to other doors that can be opened, and in some cases, the hackers who open the doors can’t be traced – or can’t be traced quickly enough.

It’s not just the bad guys using stealthy methods to find information. Anyone can use a Google search to find systems and get into them. Those systems can include security cameras and alarms and smart speakers. A Google search can also turn up expired security certificates, which can indicate vulnerabilities.

So, here’s some of what needs to happen:

  • The owners and operators of every server – from a single location to server farms with multiple links – must make sure their firewalls are “locked-down” and secure. That requires the installation of all security updates and patches as they become available and constant monitoring to make sure all ports are secure.
  • All device manufacturers must keep their firmware updated for maximum security. And, if the manufacturers can’t send you updates, you should get and install them on your own.
  • You need to make sure your firewalls and devices are secure through patches and strong passwords. You also should be running virus and malware scans regularly and frequently.
  • Be extremely careful and attentive when you click on a link. You can’t afford to let down your guard.

We also highly recommend an onsite security audit if you have any hint you may have an exposure. We can check all connections for everything on your network – home or office – and trace back anything that looks like a possible security issue, apply a fix and test it. Security issues never resolve themselves and fixing them involves looking at a variety of complexities.

If your computers or devices are running slowly, if you clicked on an email or link you think shouldn’t have, or if you think you’ve been hacked, call us – 973-433-6676 – or email us to set up a security audit. None of us wants to give up our technology; we just need to make it as safe as possible.

Advice from the FBI

If you’re a longtime client or reader of Technology Update, you can say the FBI has either listened to us or validated us with its recent call to restart your routers. Our national law enforcement agency says that routers can be vulnerable to hackers, and one of your best defenses is to restart them. There’s more you can do, but restarting a router is easy to do.

First, let’s look at the restart process, which clears out a lot of junk piles – junk piles that make great hiding places for the bad guys who want to use your network as the entrance to your entire computing world. Rebooting can also help your network’s performance, just like a reboot or restart helps your computer. All you need to do is:

  1. Unplug your router and modem – or combined gateway, which includes your router/modem and VOIP telephone – from the power source. If there is an adapter that plugs into your unit, you can usually do it right there. Do the same for any network switches you might have. If you have batteries for backup power in any equipment, make sure you pull them out.
  2. Wait at least 30 seconds. This is important to help junk clear out, and it signifies your system is offline. Waiting a minute wouldn’t hurt.
  3. Reconnect your system, starting with your modem if it’s a separate unit. If you have a gateway, connect that. If it doesn’t power on automatically, press the power button. Wait at least a minute to give your ISP time to authenticate your connection and assign a public IP address.
  4. Reconnect your router and wait two minutes. This gives your router time to boot back up and gives everything on your network time to get new private IP addresses assigned by the DHCP service in your router. If you removed the power from any switches or other network hardware, now is the time to power those back on. Just give them a minute or so, too. If you have several devices, be sure to power them on from the outside-in, based on your network map.

If you don’t understand anything in the fourth step, it’s a good idea to call us for help. We can follow the map and help you test everything on your network to make sure it’s all working properly. You can also reset your modem if you are concerned about security and/or performance, and that’s something we can help you with, too. Call us – 973-433-6676 – or email us with questions or to set up an appointment.

The Not-So-Hidden Costs of Free Apps

Facebook is free. You can get a free Starbucks app that gives you savings. You can use any number of free navigation apps, such as Waze or Google Maps. They may be free of fees, but they have costs, but they have costs, and that may be at the practical heart of privacy.

Our purpose here is not to get into the specifics of how you can delete apps like Facebook from your computers and devices. You can find a lot of those steps within the apps themselves. Nor is our purpose here about whether you should delete those apps. Facebook continues to come under fire – and to fire back – as the news changes every day.

In our opinion, the issue of Facebook and Cambridge Analytica, which brought a lot of this discussion to a head, happened in 2015. Facebook shared data with Cambridge Analytica under an agreement, but when the agreement was terminated, the data wasn’t deleted. In some ways, we are now looking at several issues, so let’s separate them. I did download all of my personal information that Facebook has about me, and some of it was scary. The scariest part was that they have all of my contact information, and I could see the names of all the people who may have requested to “friend” me but did not accept.

In a way, all of the info didn’t surprise me, and we should all note that Google probably has more information about all of us than Facebook. Like it or not, our likes and dislikes, which are all reflected in what we say on Facebook and in Google product reviews, to name a few, plus all the searches we do and websites we visit all become valuable information for advertisers who want to focus on those who are most likely to buy a product. John Wannamaker, the Philadelphia-based department store owner, said some 150 years ago that he knew only half his advertising dollars were working; he just didn’t know which half. Today’s analytics help businesses and political campaigns make their dollars work more efficiently.

That’s where “free” comes in. We like free apps, free things and being free to express opinions. But it has a cost: whatever level of privacy you are willing to give up. Yes, those “terms and conditions” and “privacy statements” are long and difficult to read, but we all know the drill. In return for being able to use their apps and be eligible for certain perks, we give them the ability to track our locations and share information with their business partners. If anything, the Facebook fiasco has raised our awareness of what goes on behind the scenes, and we may be less willing to give everyone unlimited access to our preferences and whereabouts when given the opportunity.

Another related issue is the Internet of Things, or IoT. All the “smart” home systems, including the smart speakers from Amazon, Google and Apple, collect data based on the info you request, the songs you play and even the merchandise you buy using their systems. Two things we don’t know are: 1.) Do they collect information even when you haven’t activated them? 2.) Who has access to the information they collect?

Moving forward, I am not going to drop out of Facebook. But we can all download the info Facebook has collected on us and look at the apps and advertisers we are tied into through Facebook. We can delete those we don’t want.

Looking at all the data collected about us and figuring out what to delete or hide can be a daunting task, but we can help. Call us – 973-433-6676 – or email us to make an appointment to review whatever information you can collect from the apps you use. We’ll do the best we can to find that happy medium between convenience and security. But even if you decide to drop off the internet and just pay cash for bills and goods and services, your privacy still cannot be ensured.

Don’t Go to the Dark (Web) Side

The story of the hacking frenzy would be incomplete without mentioning the dark web. Some adventurous souls might think they can just drop in for a quick visit to see what’s it like and leave, but two thoughts come to mind: Trying to leave the Hotel California and a lamb sauntering into a lions’ den. Resist the temptation to take a peek.

Trying to poke around the dark web just for grins is the equivalent of going to a bad neighborhood at 2 a.m. just for sake of seeing what it’s like. It’s the place where stolen information, such as driver’s license numbers, credit card numbers, health records and the like are bought and sold. It’s no place for thrill seekers.

Yes, there are websites that will provide you with information on how to get to the dark web, and privacy is critical. Those who trade illicit information guard their privacy very tightly, and they use special VPNs (virtual private networks) to make sure they minimize detection by other criminals or law enforcement officials. And, you also want to minimize your exposure to other criminals who won’t think twice about stealing info and money from you.

Cybercriminals using the dark web never use any common ISPs (internet service providers) or browsers. That’s like walking into the bad neighborhood wearing a bright-colored reflective jacket. Rather, the dark web relies on special browsers designed to be undetectable. Users are advised to disconnect and/or disable recording devices such as microphones and cameras.

Dark web transactions are generally done using Bitcoin or some other form of cryptocurrency that makes it difficult, if not impossible, to trace the hands through which money passes. Users of the dark web generally use multiple aliases and anonymous email addresses to hide their identities and locations.

Criminals on the dark web know that other criminals and law enforcement agencies are marshaling all the tools they can to crack the dark webs, and the sophistication on both sides is constantly evolving. If you suspect some members of your family or employees might be thinking about taking a little peek at the dark web, let them know it can be an extremely dangerous undertaking. Once anyone wanders in, they’re prey for hardened criminals, and it’s unlikely they can wander back out.

If you’re concerned about whether someone in your home or office may have compromised your system’s security in some way, call us – 973-433-6676 – or email us for a security audit. If there’s something going on, we can take steps to mitigate the effects.

Spoofs and Email Management

Spoofing email addresses is so common that you might as well accept the fact that you have to scrutinize every message you get. With our switch to a new Office 365 management portal, many clients have been getting emails allegedly from Microsoft, and some are more obvious spoofs than others. It might be time to look at your email management processes.

Hackers use spoofing as a way to get into your computer or network. They are relying on your carelessness to click a link that allows them to introduce some sort of malware that will give them access to your critical personal or corporate data and your address book or contact list. Once they get in there, they can replicate the same message that snared you and hope they get lucky with a few more careless people.

To clean out the malware, we need to isolate the message to see what the hacker is spreading through your system. We’ve received a number of calls from clients in the past few weeks about problems with spoofing, and our issue has been the size of clients’ email folders. Simply put, when there are 100,000 messages stored in the inbox, finding the spoofed message that caused the problem can be extremely time-consuming.

In all likelihood, you’ve run into a similar problem when trying to find a specific message. Outlook gives you some search parameters for finding any message you may have saved, but because of the way most people search, you get a lot more possibilities, and that still slows down your search. And, of course, the more messages you have stored in one place, the longer it takes your program and you to find the message you want.

Setting up an email management system can make your searches more efficient, and it can also help you or any IT support team isolate a message that might be causing a problem with your system. Again, Outlook has a few tools, but you might want to start by creating a system of subfolders within your inbox. For example, I file all emails by client, and within each client, I file them by the year. That makes it easy to get to a place to find a message I want to retrieve. It’s similar to the way most of you would set up folders for documents, photos and videos, and business records.

Of course, that system is only as good as the effort you put into moving messages to folders. If you suffer from a severe case of email overload, you may want to consider an archiving program that works on the back end of your email program. It can be especially helpful for a business, particularly where employees deal with multiple people from the same organization. For as little as $3 per month, it can set up and execute a system that even isolates people within a company, making it easier for you or anyone in your organization to get to a specific message to resolve any kind of problem – customer service or malware.

While home users may not be concerned with customer service issues, there are times when you need to find a message to resolve a problem, and good organization can make a busy life a little less hectic. We can help you set up set up Outlook folders or find and set up an archiving system that works best for your needs. Give us a call – 973-433-6676 – or email us to discuss your email management issues and explore the most appropriate solutions.

Safe Travels, Safe Wi-Fi

It’s getting near spring-break time, and summer vacations will soon follow. You may have seen the reports about wi-fi issues and data security. One of the biggest problems you face is how easy it is to log onto a “fake” wi-fi network – a network that is neither part or your hotel’s system nor secure. But if you pay attention and follow a few simple tips, you can safely stream your favorite content and handle some routine email tasks.

The first and most obvious thing to do is make sure you understand your hotel’s or resort’s log-in information when you check in. Get the proper names of any network that the hotel makes available for you. Then, when you try to log in when you get to your room or sit down at the pool, you can pick out that network from the many that will display when your computers or devices search for the network. Don’t be surprised to see several networks that have spellings or character-and-number sequences that are similar to the networks you were given at check-in.

When you go to log in to the network you’ve selected, you’ll likely be asked for your name and room number. Tip No. 1, don’t enter a correct room number or even a correct name. Misspell your name, if you want. If the network lets you in, then you are not on a legitimate network. If you are denied access with your incorrect info, you should feel confident the network is OK.

Depending on the property’s size and network setup, you may be required to log onto multiple networks. Follow the log-in test for each network. And, most important, make sure everyone in your family or travel group follows that procedure because the breach of one computer or device could compromise everyone in the group.

Also, be aware of network names and connections as you float around. You or one of your family members could inadvertently wind up on an open, unsecured network that can be used to breach your computers or devices to steal information. Tip No. 2, you might want to consider disconnecting from the network when you finish your online session.

Tip No. 3, don’t use a wi-fi network conduct online business, such as credit-card purchases or accessing your bank accounts. You should also avoid wi-fi for logging onto sites related to your health or finances. Instead, use your cellular network. It’s much safer. That may require you to make some additional arrangements with your cellular carrier or to buy and install a SIM card with a data plan for service. However, it’s well worth the time and expense.

Personally, when I travel, I “hotspot” my computer in connection with my cell phone number. It can be expensive (though that’s a relative term), but it removes me from the wi-fi network. So far, hackers have not breached the cellular networks.

Just as a related point, if you are going to depend more on cellular data, make sure you have a plan that will cover your use, and make sure everyone who uses your plan knows its limits. If you’re streaming a lot of video content or gaming, data gets sucked up faster than you can imagine, and charges for exceeding your plan’s limits can be steep.

We can help you prepare for an internet-safe trip or make sure your systems are secure whenever you go remote near your home or office. Call us – 973-433-6676 – or email us to set up an appointment to look at your systems (we can do a lot remotely) and answer your questions.

Fraud’s Warning Signs

Anyone who tries to defraud you online – or even on the telephone – is literally banking your carelessness. Take a good look at emails and links and listen carefully on the phone. You can spot the fraud, and if you’re not sure, disengage and call the person you think contacted you – on the telephone – or send a new email, totally separate from the thread.

It’s important to be on “high alert” because the hackers and scammers are at the top of their game, and their targets include trusted advisors, such as accountants and tax preparers. We should state that these people should have secure systems in place and should know not to send or request sensitive, confidential information through email.

But at the end of the day, you need to take ownership of your privacy, so here are some tipoffs that a communication might not secure or might be out-and-out fraudulent.

First, does your accountant normally contact you by email? If not, that ought to raise a red flag. Second, can you absolutely verify that the email is from your accountant? While some email systems are good at spotting something fishy (or phishy), a scammer is betting that you’re not going to pay attention. Check the properties of an email address. It could very well be that cybercriminals were able to recreate the look and feel of an email from your accountant, but unless they actually got into the accountant’s server, a phony email will have a phony email address.

Attachments can be another tipoff to fraud. You should be suspicious if you get an email with attachments that are supposed to be forms, such as a tax form you need to fill out or a return to verify, are you being asked to provide your Social Security number and maybe your birthday? Can you open it without having to go to a secure website and enter a password? That doesn’t pass our initial smell test.

If your accountant does contact you about sensitive information or forms, are you referred to a secure website? Do you have that link with your access credentials safely stored? In a safe world, you can log into your account by entering the website address from your browser and entering your credentials.

If something doesn’t look right, you should always be able to call your accountant on the telephone.

And just to go one step farther this spring, here are some other things to be wary of.

Are you getting emails supposedly from someone you haven’t heard from in ages? And does have a short subject line, such as “hi”, with no message but a link? That’s a sign of fraud and clicking the link could open a breach in your system that can expose your sensitive data.

Are you getting Facebook friend requests from people who are already your friends? That’s generally a fraudulent request by someone looking to get into your system.

Anyone using fraudulent methods to get into your computer system may also be planting some kind of virus or malware to help infect other computers. If you think you may have clicked a link by mistake that could lead to a breach of your system, shut down your computer and disconnect it from the internet. Then call us – 973-433-6676 – so that we can apply our tools and expertise to minimize the damage and clean up your system.