Protection in the Third-Party World

The reliance on third-party providers for so many data servers continues to grow. That increases your dependence on other people’s diligence, and it increases your responsibility to be more vigilant.

“NJ Biz” recently devoted a series of articles to many aspects of online safety and protection, and one of them focused on issues we’ve been discussing: verifying the integrity of third-party providers and two-factor authentication. Third-party providers are being used more and more by businesses of all types because they can scale up faster and more economically to handle any number of users from any number of locations.

However, you need to rely on those providers to protect your data, and according to Jonathan Dambrot, CEO and co-founder of Prevalent, a Warren-based IT security, compliance and third-party risk management service provider, the security environment is far from ideal. In one of the “NJ Biz” articles, he says: “Depending on who you talk to, between 40 to 80 percent of all data breaches are happening at third-party vendors, because that is where most of the data is. People are focusing on third-party data security risks because criminals are going after the data where it resides.”

If a provider has weak security, it can be more vulnerable to an attack by hackers. But government and industry leaders are getting together to help you. Last December, Congress passed The Cybersecurity Act of 2015 to encourage companies to share with the government and each other technical details of hacking threats. This regulation reflects a growing acceptance of collaboration as a way to access data security threat intelligence and enforce vendor compliance.

It’s the latest of several early steps in a fluid regulatory process.

“Regulators have put controls in place over the last two-and-a-half to three years, and there is a combination of reasons why third-party or downstream risk has become really important to people as they look at their cybersecurity,” Dambrot said. “Third-party vendor and business associate risk has really changed as vendor services have changed. Years ago, people weren’t talking about cloud usage as much as they are today, and so, regulators will continue to change the wording to match the way data is handled.”

This collaborative effort, however, doesn’t get you off the hook. On the contrary, you need to do more. Two other articles we recently came across expand on two security matters we discussed last month: two-factor authentication and asking the right questions of any data-services provider.

Rather than re-explain some of the more effective ways to use two-factor authorization (2FA), we can refer you to a recent post by Ed Bott on ZDNet. There are many options available, including apps you can download to your mobile devices.

As he asks, “How much are your private communications worth? How about your reputation? Your bank account? Your identity?”

We know they are priceless to us but have great value on the black market. With 2FA enabled for a cloud service, any attempt to sign in on an unrecognized device might require you to enter a secret code that’s either received as a text message or generated by an authenticator app on your previously registered smartphone.

“Depending on the service, entering a code might automatically establish the current device as trusted, or you might be given the option to trust the current device,” he writes. “If this is your new computer or tablet (or a new browser), and you have this option you should say yes. When you’re signing in on a device you don’t control, you shouldn’t allow it on your trusted list. One way to make sure that the device isn’t marked as trusted is to use a browser in private mode (aka incognito in Chrome). If a bad guy manages to steal your credentials for an account that’s protected by 2FA, he’s unable to do any damage. Because he is signing in on an unrecognized device, he’s required to provide a second form of authentication. Without access to your trusted device, he can’t authenticate himself and can’t go any further.”

There are many variations on that theme, and we can help you find one or two 2FA programs that can best meet your needs and comfort level with your devices. But you need to be sure the data center that houses your information has all the right policies and procedures in place, too.

Services provider vXchange, which estimates some 78 percent of work-related data will be on the cloud by 2018, has a list of 10 questions you should ask your next data center manager, and we suggest you read them to get an idea of what’s at stake. They’re questions we ask of ourselves and our provider to minimize your risk and ours.

While you don’t get total control of your data, you will have a much better grasp of the possible risks and the steps you can take to maximize your protection.

As your trusted IT service provider and advocate, we have 2FA techniques we prefer and providers with which we have established relationships. We can answer your questions and address your specific concerns in selecting and installing 2FA programs, and we can help you select and vet data centers. Call us – 973-433-6676 – or email us to set up an appointment to discuss your specifics.

How Does Your IT Consultant Handle Your Info?

Today’s interconnected world is an interdependent world. No matter how many precautions you take to protect your data’s security, technology has forced you to depend on other people’s diligence to share your passion for protection. You don’t have a lot of control over the weakest link in your online chain. But asking how your IT consultant handles your information can help you gain better control where it’s possible.

So, here’s the question you need to ask: How do you handle my information, including your access to my systems?

And, here’s the discussion that needs to follow:

Your IT consultant must follow the strictest protocols available to protect all the information you provide. This includes access to your servers, routers (including repeaters or boosters for Wi-Fi networks) and computers that store your information or have access to wherever you store information.

An individual provider, such as Sterling Rose, can handle your data security differently from a large support organization. It’s not that one type of provider is better for a particular client; it’s more a matter of tailoring protection procedures to meet real-world needs and being diligent about following them.

We can keep all of our clients’ information in one place that can be accessed by only one person, and that helps us build a strong wall around (and roof over) the user names and passwords for your systems. With the ability to securely access the information from a desktop computer or mobile device, we can service a client from anywhere.

We protect that information in a number of ways. These are just a few of them:

  • We regularly use two-factor authentication, which requires more than just a password. Every two-factor system has its own set of additional requirements, but the net result is that a hacker or robotic system cannot provide the necessary response. (We’re sure somebody is hard at work to defeat two-factor authentication, but right now, it works.)
  • We use long, complex passwords with upper- and lower-case letters, numbers and special characters. Those are always impossible to crack using the latest available algorithms – at least for now.
  • We use systems that require us to re-log in every 14 days and change our passwords and authentication information. It’s a major inconvenience for us, but it’s much more convenient than having to explain why we need to react to a security breach.

A larger IT service provider with multiple technicians available to service a client can also store information securely in one place, but all the technicians need to access it. Some questions you should ask include:

  • Where do you store my information?
  • How do technicians access my information?
  • What protocols do you follow for user names, passwords and other authentication?
  • Are you notified when my information is accessed, and are you able to track who accessed it?

Your IT consultant must be able to advise you on the best security measures to take within your own organization. They should be able to help you design and install a set of procedures for any point at which information is accessed, such as:

  • Accessing specific files or categories of files from within your office or offices that are stored on your own server or on a server hosted by a third party (a cloud provider)
  • Accessing that information from a remote location, such as a home office, where you can install and monitor security measures
  • Accessing that information from a remote location, such as a customer’s place of business or a public place, such as a coffee shop or airport, where you cannot verify the security of a network.

You may also need to set up encrypted email, which we did for an insurance business. Our client reasoned that while they can control exchanges with their clients, they cannot control what happens when their clients communicate with others. Our client needed to be able to show that their security measures would stand up to an outside audit.

If you have any questions about how we handle your information, feel free to contact us at any time by email or phone – 973-433-6676. We would be more than happy to review our policies and procedures in general and for your information in particular. We can also help you develop and implement a security program for your business – or home – system.

Passwords and Passing Information

We’ve had numerous articles over the years about strong passwords, thinking before you click and responding to requests for sensitive information. A recent seminar and a personal experience brought it all together. You still need to be mindful of several principles that can keep your systems – and your sensitive data – more secure.

At the seminar, conducted by a cyber expert from the State of New Jersey, the presenter said he “cringes” at the “stuff” he sees on walls when he walks into many offices. People have Wi-Fi passwords on sticky notes on the walls near their computers. Passwords are taped to monitors, or people use very simple, easy-to-crack passwords.

Yes, those notes are a convenience for busy, overworked people, and state employees are not exceptions. We’ve seen a lot the same things when we service our business clients – and you have to ask the question: Who else is seeing this information?

The answer is that countless people who you can’t recall have probably seen the information. Anyone who visits your offices can see passwords hanging on the walls of cubicles or taped to monitors. If you have a lot of traffic in your office, the chances are greater that your networks and data have been compromised. If salespeople, contractors and others need Wi-Fi access to work in your office, have you given them the network password instead of a guest network password? Even if you don’t have a lot of visitors, do you have a cleaning service? Any member of the cleaning crew could see that information and access your network and files.

The solution is simple: Don’t allow anyone in your office to leave passwords out in the open. If they must be written down so you and everyone in the office can access the correct information when they need it, then keep that information in a locked desk drawer.

You can take additional steps, such as changing your network password frequently, requiring your employees to change passwords frequently and establishing rules about the number of characters and types of characters that must be in a password. If outsiders need access to your network, set up a guest password – and change that even more frequently.

Remember, your security is only as good as the worst security of anyone who has access to your network.

Outside the office, make sure that you and everyone in your company have secure passwords for computers and mobile devices – especially if you have sensitive data, including passwords, on them. We can help you install and teach you how to use security systems that can lock computers and devices if they are lost or stolen.

Because we go in so many public places and can tend to leave computers and devices on a table, for example, it makes more sense to make more use of the cloud for storing sensitive data. Yes, we can lock devices and encrypt data, but unless you have a backup program, the data can be lost. We recommend both having a backup program and using one of the major storage providers such as Google, Dropbox, iCloud or Office 365. They all have security protocols to protect access – unless, of course, you have left your passwords on your computer or device or have used a simple, easy-to-crack password. They also have redundant systems to make sure your data are accessible anytime from anywhere.

While we are on the subject of security, this is a good time to remind everyone to think before you click. We recently installed a new PC for a client, and within a month, the client saw a pop-up message about a problem with the computer and a “solution” to fix it for $499. And instead of a credit card, the “solution” provider wanted the money transferred directly from a bank account. Fortunately, the client realized the error and was able to call the bank and freeze the account before the money was taken out – and before more was sucked out by the scam artist.

We were guilty of not thinking right away, too. One of our business partners sends us a check once or twice a year, and they wanted to switch to an ACH system. They sent us an email asking us to respond with our bank’s routing number and our account number.

I started to reply – without thinking it through – and then realized before I sent anything that this was an unusual request for sensitive information. I stopped and phoned the company. Yes, it was a legitimate request from our partner, but we can all learn two important security lessons from this:

  1. Don’t just respond to an emailed request for information – no matter how legitimate it looks. There are too many ways to spoof an email address or a phone number. Find the phone number of that person and that company independently, such as opening your browser and entering the website address (url) that you know or find through an online search.
  2. Never send sensitive information, such as passwords and bank accounts, by email. A phone call to the person you have identified as a legitimate employee who is designated to take your info is safe. So is using a secured page on a legitimate website.

Security is critical. If you have any questions about security measures for your system, email us or call us – 973-433-6676, and we will respond in a timely manner.

The BYOD Hangover

Some businesses got drunk on BYOD – Bring Your Own Device. They bought heavily into the idea that they could cut costs and get more work out of employees by letting them use their own mobile devices and computers. Now we’re starting to see more problems for businesses, individuals and everyone they touch electronically.

Ten years ago, the benefits were clearly present for businesses and their owners/partners and employees. As the first generation of smartphones, mostly Blackberry, took hold, busy people and small businesses found they could untether themselves from office systems. Tablets, starting with iPad, increased their freedom because their bigger screens and keyboards made it easier to read spreadsheets, written documents and email and update files or respond to email.

  • Salespeople could access pricing lists, customer records and just about any critical information they needed to provide better service.
  • Everyone with a smartphone – and soon after, a tablet – could respond with increasing capabilities.
  • Busy parents could stay in touch with the office, giving them more flexibility to manage their lives.

In our business, IT professionals could respond to client or corporate information management needs from anyplace that had cellular service.

As Wi-Fi and all forms of communications networks grew and more smartphones and tablets came to the market, along with various carriers, the ways to stay connected lost all technical limits. And because everyone wanted to have their own personal technology – smartphone, tablet, laptop or desktop computer – to use on their own time, businesses of all sizes met the demand. Employees no longer needed to have specific products. IT managers were able to incorporate everyone’s devices, and employers were happy to give everyone 24/7/365 work capability.

It was intoxicating for everybody. Now, it’s intoxicating for hackers and cybercriminals; everyone else is having a big, bad hangover. The problem is security.

Here are some sobering concerns:

  • While we can help our business and professional services clients secure their networks and access to the data on their corporate servers, we need to educate employees about programs to control security. A business really needs to depend on its employees to keep their individual devices and computers secure. One hole can be an entry point to sensitive data anywhere.
  • Mobile phones and tablets are becoming more vulnerable to security problems. Why? That’s where the money is. With people conveniently accessing critical data over cellular and Wi-Fi networks all the time, hackers are finding more ways to penetrate security measures. Everyone needs to make sure they know that anybody in the world can take a peek at their business on any unsecured public network – like one in a coffee shop, hotel lobby or airport.
  • Even if you take every available security step in your corporate and personal systems – strong passwords, strong firewalls, up-to-date and active anti-virus and malware software – anyone with access to your system who doesn’t follow the same precautions puts you at risk.
  • The convenience of publicly accessible storage sites, such as Dropbox, can lead to the loss of privacy of your data. When you give someone the ability to download files from a storage site onto their own computers or tablets, you effectively give them ownership of that data. That means an employee can “own” client lists, financial information, etc.

With the horses already out of the barn and out on the open range, you can’t corral them and bring them back. But there a number of steps you can take:

  • Educate everyone in your organization about the need for security and what they need to do:
    • Have strong passwords and change them often
    • Be aware of when they are on unsecured public networks
    • Keep their own personal technology protected with up-to-date, activated anti-virus and malware programs
    • Understand that any holes in their own security systems can open holes for hackers to get into your business’s system and the systems of anyone or any organization they’ve ever contacted over the Internet – and that it can go viral from there
  • Require strong passwords (combination of upper and lower case letters, numbers and special characters) to access your data files wherever they are
  • Require frequent password changes
  • Determine which files need to stay on a secure server that you control
  • Backup data securely and often
  • Monitor your backup

We can help you with all of these steps:

  • Lunch ‘n’ Learn programs about security
  • Audits of your system’s security
  • Monitored backup services

Contact us by phone – 973-433-6676 – or email to keep your data clean and your systems sober in the BYOD environment.

Defeating the Biggest Business

Cybercrime is the world’s biggest business, and there are no signs it’s shrinking. While you can take a number of steps to protect yourself, here’s what you need to do if you suspect you’ve been hacked: ACT FAST.

The reason fast action is vital is because it takes practically no time at all for criminally minded hackers to get into your system once they find an unlocked door – or find a “cyberlock” they can pick. With a little more time, they can use your information to exploit larger systems to which you may have a connection, such as a large merchant or a bank. Your complacency works to their advantage.

After lying relatively low for a few months, malware and ransomware have once again reared their ugly heads. Google recently removed more than a dozen malware-infected apps from its Google Play store. Variations of the Crypto Locker and Crypto Wall viruses, which plagued the IT world in 2014 and 2015, are coming back in email attachments and fake update notices for Java and Adobe Flash.

If you see something really unusual or strange on your screen, you should call your IT specialist immediately. An IT professional should be able to fix the problem right away. We see a lot of the problems on a regular basis, and we know where to look to make the fix. If you can’t get your IT professional right away, take a picture of the screen with your smartphone and send as text or email. You can also take a screen shot and paste it into a blank Word document that you can save and send to your IT professional. On a Windows-based computer, press the FN key (it usually has blue lettering) and the PrntScrn key (also lettered in blue). Then paste it (Ctrl-V) into the Word document.

As soon as you do that, you can shut the computer off – without saving anything.

To further protect yourself and your data, you need to look before you click. DO NOT:

  • Open email attachments from sources you don’t recognize
  • Open email attachments that look suspicious or odd even if they appear to be from a source you know
  • Click on a link you cannot verify for authenticity

We’ve talked a lot about hacking, and here are some figures to cause concern. Some 82,000 new pieces of malware are released every day, and 600,000 Facebook accounts are hacked daily. On top of that, hackers are finding more ways to load ransomware on your computer, essentially holding your data hostage until you pay them money.

If a hacker manages to defraud you of money in your bank account, you get no FDIC protection. That is one reason why we recommend you stop using a debit card – remember, the money comes directly out of your bank account – and just get a plain-old, single-purpose ATM.

You can also sign up to get alerts from your bank or credit card company anytime a transaction is made on your account. That way, you’ll know immediately if somebody made an unauthorized purchase with your credit card or debit card or made an unauthorized withdrawal from your bank account.

Another concern you should cover is the data on your hard drive if you lose your computer or if it’s stolen. With all the personal data that most people keep on their computers, a computer thief can easily get into your data and find all the account numbers, user names and passwords you have stored. Encrypting your data could make it extremely difficult – if not impossible – to get at your data. At the very least, it can give you enough time to contact banks, credit card companies and stores where you have accounts to shut down activity.

The possibility of losing your computer, having it stolen or getting hacked is also a good reason to make sure your data files are all backed up offsite – and it’s a good reason, too, to rely on the cloud instead of your hard drive for the bulk of your storage needs. Also make sure you have fully licensed application software. With securely backed-up data files and licensed app files, we can clean out ransomware and malware problems and restore your data and apps – and get your security up to date.

We can help you maintain the security and integrity of your information. Contact us by phone – 973-433-6676 – or email to talk about your business or home system, how you use your computer and the best available anti-virus, malware and backup programs for your needs. We can also make sure you’ve set up all defenses properly.

Preventing Viral Infections

Early shopping season reports showed online purchasing way up over in-store shopping this year. If you know what you want and what you want to pay for presents, online shopping is convenient and efficient. We’ve written a lot over the years about being safe online, but you’d be surprised who could be infectious.

One culprit, for example, could be an electrical contractor or video-surveillance-system contractor who does work at several locations for a national or regional retailer. That contractor may use some sort of billing app to invoice the retailer – let’s say it’s Target or Walmart, but it could be anybody; we’re talking about the size of the company. That invoice goes somewhere in the retailer’s massive data management program.

Now, let’s say that contractor hasn’t had the time to keep all of their security software update – or they’re using some free antivirus program that has more holes than a slice of Swiss cheese – or they’re using easily cracked passwords.

Do you see where this is going? A hacker gets into the contractor’s computer system, simply because it’s open. Once inside the system, the hacker sees that the contractor has done business with the large retailer and is able to find all the information the contractor uses to get into the system. Once hackers are in, they have the opportunity to explore other parts of the system, and that’s where it’s possible for them to get all sorts of personal data about the retailer’s customers.

It could only be email addresses, but that may be enough to help them launch a scam – which we’ll get into later in this article. They could also get into credit card information, which leads to financial consequences.

As a business or consumer, what can you do to keep from being infectious? First of all, make sure all of your antivirus and malware software and firewalls are up to date and activated. We always advise going beyond free versions of all of this software. The paid versions are stronger and better supported.

Second, make sure you have strong passwords and change them. Yes, it’s an inconvenience, but that’s the tradeoff you need to make to protect your security. We also recommend using additional security measures such as two-factor authentication or requiring a text notification being sent to your cell phone when you change a password. The text notification will tip you off if someone is impersonating you online.

Third, be VERY, VERY CAREFUL at this time of year. Holiday season is scam season. When you buy online, it’s common to receive an email from a retailer or shipper with a link to track your packages. With thefts of packages commonplace, it’s useful to know when a package will arrive to make sure you or a neighbor can take it in. With everyone rushing to complete shopping and get work done, it’s all too easy to click on a link, and that’s the opening for scammers to get into your system.

Another scam is in the travel industry, such as a special offer purportedly from a hotel or airline. Again, you invited to click a link to take advantage of a “great opportunity.”

You should do your best to verify the authenticity of any link before clicking it. One effective way to check is to hover your mouse over the link. You should see the link’s origin. If it looks funny, avoid it. Even better, open your browser and go to the company’s website to see if you can find the information contained in the email. If it’s legit and available, you should be able to access it. Your other option is to pick a phone and call the company – using a number provided on its website, not from the email.

The sad truth is that no person, business or government is safe from hacking. The question is not if you will be hacked, it’s when you will be hacked. And the consequences can be even more widespread than they used to be. Some of the viruses now get into your computer’s firmware. That means that even if you wipe your hard drive clean and reinstall your operating system and all your other software, the virus is still there.

If you think you’ve been hacked or have a virus in your computer, call us or your IT specialist immediately. We know where to look and have the tools to discover your breach and mitigate the virus if it’s all possible. Call us – 973-433-6676 – immediately if you have a security concern or contact us by email if you have any questions about your online security.

Two Essentials to Take Care of Business

Backing up your data files and keeping them from prying electronic eyes are essential. We have the tools and tips you need to take care of business at the office and at home. Here are some things to keep in mind.

The first tip is: Backup your data offsite. We never like to consider the “unthinkable,” but bad things do happen. A story from a recent sales call, a non-profit organization, drives home the point.

Non-profits can get a lot of software free or at a greatly discounted price. So, our client wondered why they needed to spend money to back up software on the cloud. As we were talking, the client mentioned that they had considered buying the house across the street from their office and converting it into their own space. They didn’t do it, and at some time after they made their decision, that house burned down.

We never talked about the cause of the fire. If the house was old, some failure of its electrical wiring, for example, could have played a role, and all of our client’s “free” stuff would have been gone. The cost of replacing and reinstalling all of their hardware and software – especially when you add the value of their time and the cost of lost service to their clients – would have been huge.

We’re happy this is a “could-have-happened” story, and we can’t emphasize backing up data offsite enough, but we have a tool to keep your data safe.

Our managed backup program includes automatic backup to the cloud through local data centers and daily monitoring. It is far less costly than post-disaster recovery and much more reliable than putting all of your data and pictures on an external drive that can fail or be lost in a fire or flood. It’s a proactive form of insurance.

Our second tip is: Never sacrifice protection for performance. In today’s hack-happy world, you can’t protect your data and yourself too much, but you must understand one thing: Any system can be hacked by any hacker willing to spend the time and effort to do it.

Just as you need doors and windows to enjoy the world outside of your home, you need pathways from your computer to the Internet. And, just as you have locks on your windows and doors to keep out most bad people and just as you take safe routes on trips, you need to use firewalls and passwords to lock your computer and data access, and you need antivirus software, malware protection and common sense to travel safely on the Internet.

At a recent security seminar, a presenter pointed out that people are agreeing to take on more bandwidth from providers for a free or a small fee. (You know our feelings about free stuff.) You can face problems if your firewall or Wi-Fi devices can’t handle the increased performance, and that can leave your security vulnerable.

We get questions from time to time, for example about the safety of storing data on Dropbox. Our question back to that is: Who hasn’t been hacked? Yes, Dropbox is as safe as you can make it as long as you and Dropbox take all the precautions and safeguards you can.

So, in this day and age of hyperactive hackers, how are you protecting yourself? Are you reading emails carefully before clicking on any links or attachments? Are you careful about signing up for online offers that are almost too good to be true? What kind of antivirus are you using?

We’ll address that last question. We have our partners, but no matter whose system you use, make sure they give you regular updates and act with blinding speed to fix a problem as soon as it’s discovered. Subscription services generally offer you better protection and faster fixes, and they are more likely to automatically update your virus and malware definitions.

If you accidentally click on a site or open an attachment, our recommendation is to push the power button on your computer or device IMMEDIATELY. This will stop any activity right away, and hopefully limit any damage. Then, call us without delay to find and fix any problems.

We can help you with all of your backup and antivirus needs, including installation of valid software and setting up automated functions. Call us – 973-433-6676 – or email us to discuss your needs and put a solution into action.

Summer Safety for Your ID Data

Did you get a good rate on your car rental for this summer’s trip? The real bargain might go to whoever downloads your personal data from the electronic breadcrumbs you might leave behind. Taking the time to button down a few details can save you a lot of grief.

Let’s start with cleaning out that rental car. Rental companies always update their fleets, and they want you to feel as comfortable as you would feel in your own car. One of the features increasingly common at any price and size level is Bluetooth, which lets you use the car’s audio system for handling calls on your smartphone, streaming music and getting directions from any GPS system you want to use. Some cars include a USB connection so you can have all those features and charge your phone.

That’s a great convenience, but as we’ve noted many times before, convenience usually involves a tradeoff with security. Syndicated radio host and blogger Kim Komando of the Kim Komando Show, gets to the heart of the issue.

“When you connect your gadget to a car with Bluetooth, the car stores your phone number in order to make it easier to connect later,” she points out. “It also stores your call logs, which include any contacts you dialed. There’s just one problem: All of that information is saved inside the system and is just sitting around for the next renter to find.”

We’re sure there are some other tech-savvy people who could also see your data before the car goes back on the road. So, take some time to clean up your electronic breadcrumbs – and build that time into your schedule for returning your rental car.

Komando offers two suggestions.

“Simply go into the car’s settings (it will vary for every car make and model) and locate your smartphone from the list of previously paired Bluetooth gadgets,” she writes. “There should be an option to delete your phone. That should wipe the call logs and saved contacts. Better yet, look for an option to clear all user data or do a complete factory reset. Talk to the employees at the car rental place if you can’t find these options.”

To that, we would add that you should not leave your car until you take care of this – or be prepared to email the rental company’s customer service department right from the check-in line. You could also post to Facebook or tweet about the problem – right then and there. But you’re better off getting the data deleted.

If you used the car’s navigation system, go into its settings and clear your location history. You don’t want anybody knowing where you’ve been or where you live.

By the way, if you are selling or trading in your car and turning back a leased vehicle, you should follow all of the suggestions for rental cars.

Komando’s article also talks about how easy it is for someone to hack into a car’s computer system and some of the consequences. Again, for your own data security, she recommends using the cigarette lighter adapter to charge your phone instead of a USB connection in the car or bringing along your own third-party Bluetooth audio kit for hands-free use of your smartphone. She adds that systems are being developed to allow you to use your device without storing any information in the car.

We have some other tips to protect your data and your hardware:

  • Remember that your data is out there for anyone to see when you use a public, unsecured Wi-Fi network. It’s not a good network to use for accessing your bank, credit card company or institution that has sensitive data. A secured Wi-Fi network is better, and so is your cellular data network.
  • Whether traveling or in your office or home, we recommend using a surge protector while your computer is plugged into the socket. Summer is a notorious season for power surges when you have lightning and power interruptions, and they can damage your machine’s circuitry. If your computer is older, it’s more susceptible to possible damage.
  • When working from your computer’s regular location, we recommend using a battery back-up system that sits between your outlet and your equipment. In the event of a power outage – even a very brief outage can trigger a computer shutdown – you’ll be able to save your work and initiate proper shutdown procedures to protect your work and equipment. Most battery back-up systems have outlets for you to plug in your computer, your gateway/router, printer and other similar devices.

If you have any questions at all about automotive systems or protecting your equipment during the summer, we’re happy to answer them or help you with installing or configuring any products. Contact us at 973-433-6676 or email us.

Shortcuts Can Take You the Long Way

Just like there’s no free lunch, there’s no easy solution when you use a shortcut that cuts corners. Whatever time and money you think you are saving can easily be wiped out – at the cost of more time and money – when a failure occurs without warning. You can protect valuable data by taking the time to set up your system properly.

That advice was brought home to a client who received some bad advice from a bargain-basement IT support provider. The provider had moved away but still provided support. When our client – before we took over the account – contacted the provider to help with a database problem, things went from bad to worse very quickly.

In a nutshell, our client’s system had some built-in redundancies, all designed to prevent data-loss problems, but their failure had never been detected. As result, our client was walking a tightrope without a safety net. When called in, the former IT provider instructed our client to reboot the server, but the server never came back online. That was one problem.

Another problem was the failure of the hard drive, and we found a problem there that we consider totally avoidable. It began when the client started running out of space on the server’s hard drive. Instead of taking the time – and money – to back up the data and install a new hard drive, the IT provider repartitioned the drive using a compression program.

That step is something we never even suggest to our clients. In all the literature we’ve come across and in our many years of IT experience, it’s not a stable program. It’s just a bad shortcut to try to pick up extra space.

So, when the hard drive failed, it lost some data that the client had thought was saved. We tried several restore points, but we never could get the data that had been lost. That’s because the database had been corrupted at some point, and the client was backing up corrupted data.

Going forward, the client now understands that imaging a hard drive or partitioning the drive or using any other questionable technique to create more space on a hard drive will only expose them to more risk. It’s a lesson everyone should learn and heed. You can only stuff so much data onto a hard drive before you get distortions (corrupted data) and an outright failure.

If you need more data storage capacity, we can explore a number of options and find the one that best fits your office’s needs and protects the safety of your data. Contact us at 973-433-6676 or email us to set up an appointment.

Passwords and Underwear: An Analogy Worth Mentioning

When Thycotic, a security software company, compared passwords to underwear, it certainly got a chuckle or two. But they share three characteristics that are worth more than a mention:

  1. Change them regularly.
  2. Don’t leave them on your desk.
  3. Never lend them.

Without getting into TMI, changing every password every day is a lot more involved than changing your underwear, and it’s really impractical. But you can help make your data more secure by changing passwords monthly or quarterly – or any time you see something that looks funny, odd or out of place.

We’ve seen numbers indicating that 75% of all Internet users employ the same password for all the sites they visit. I would strengthen it by using upper and lower case letters, numerals and special characters. I feel my information is safe because it could take years for a hacker to figure it out.

However, hackers have various tools to crack passwords, and they’ll get one eventually. The longer and more complex your password is, the longer it will take. And, hackers make a business decision in how far to go. If they can get a whole bunch of easily decoded passwords quickly, that’s where they’ll concentrate their efforts. So, if you want to keep your password simple, change it more often. But, do change it regularly.

Don’t leave them out on your desk. I can’t tell you how many times I visit clients and see passwords taped to monitors or walls for the whole world to see. In busy offices, where people walk in and out all day, it would be very easy for a practiced password thief to see a password or two and remember them. If you recoiled with horror at the thought of someone seeing your underwear on your desk, how do you feel about someone getting into your personal or corporate bank or credit-card information?

Never lend your passwords to anyone. Yes, the thought of someone using your password should be just as disgusting as someone wearing… Well, you get the idea.

You can further protect your password by being very careful about which websites you provide information. Remember that 75% figure? If a hacker uses a website for a bogus offer – such as something for free – to get you to sign on with a password, he’ll make the assumption that you lack good judgment or common sense. He’ll also assume you use the same password for dozens of other places, including those where he can either take money from you or find information to sell to others.

If you use cloud-based services, such as Microsoft Office 365, the provider will monitor patterns and notice something out of the ordinary. You, too, should be on the lookout for out-of-the-ordinary things, such as emails with attachments or links from people who normally don’t send you those things or emails with odd subject lines.

If you have any questions about password security, contact us by phone – 973-433-6676 – or email. In the meantime, treat your password like your underwear.