Shedding Light on the Flashlight App

A cable-based news network reported that flashlight apps on Android-based phones can steal data. It created a stir in the general and technical news media. Yes, somebody could write an app that can track some of your activity (and sell it to marketers) or could launch a virus. But there’s a bigger-picture lesson to be learned: Use common sense.

Let’s start with a few of “givens.”

First, there’s always someone out there trying to get your data and resell it – whether it’s your sensitive personal information or just some data to help a marketer target you. Ultimately, you have the responsibility to protect your data – though we can help you put systems in place.

Second, you have control over what gets installed on your device. You need to take time and care when you download and install apps to make sure they are safe and secure.

Third, if you have an iPhone or an iPad with a camera, you have no reason to download a third-party app for your flashlight. It’s been there since the release of iOS 7.

With that being said, what’s going on with the flashlight apps? You can dig into some of this yourself, starting with a report from Fast Company about the app Brightest Flash sharing location and device ID information. (Please note, most of you allow this information to be used with many other apps, such as those that provide directions while you drive somewhere.) The app’s developer was automatically sharing location and device information with advertisers and other third parties–even when users opted out. In fact, before they could accept or refuse the app’s terms, it was already collecting and sending information.

That got scaled up in a special report on a cable news channel, in which viewers were told this could be bigger than Ebola. What further rankles me is that the report on the How-To Geek website made specific references to the iPhone flashlight app, which is built into your device. It made a mountain out of a molehill.

However, the report noted: “The fact is that Android app permissions are a mess and you have very little control over what apps can do once you’ve agreed to install the application other than just trusting Google. Your best bet is to avoid installing apps that have permissions that look suspect, or only install apps from really reputable companies.”

All of this brings us back to why I like the iPhone and Apple apps. Apple may come across as control freaks, but the company vets all of its apps and app developers to give you better protection. Some device users find that restrictive; I find it comforting.

To be sure, hackers and virus writers are looking to invade Apple computers and devices, and it’s only a matter of time until they succeed often enough to create problems. For now, our advice is – as always – to look before you click and decline if you’re not sure. Also, as always, never hesitate to call us – 973-433-6676 – or email us if you have any questions about any apps you’d like to download.

Diversify Your Data Backup

Two new clients came to us after experiencing data backup failures. While no single backup solution is guaranteed to work all the time, the odds are highly against every backup system failing at the same time. The best solution, in a word, is “diversification.” If you choose carefully, you can get the right backup systems for what you need to store and save yourself some money, too.

You have many options to backup and restore pictures, videos and other types of data files, but let’s look at three broad categories: the cloud, external drives and media such as DVDs and thumb drives. If you are highly concerned about the safety and recovery of your data, you can pick a system in each category and feel confident you can always get your data. If all systems fail, chances are your data will be a minor worry.

The cloud, otherwise known as a system of large, remote and redundant servers and storage facilities, is the foundation of most data backup and recovery systems. We now work with multiple cloud-based storage and recovery providers, giving you the ability to implement a system that meets your volume, data-sensitivity and pricing parameters. Despite the iCloud invasions, cloud-based systems remain safe places for your data, and for a relatively low cost, you can rest assured you can protect your data and get files whenever and wherever you need them.

External hard drives come in a variety of sizes and speeds. Home and SOHO users can buy them in sizes from 500 GB to 3 TB and connect them through USB 2.0 and 3.0 ports for up to a few hundred dollars. You can cross the $1,000 mark and get 12-to-20 TB units, but for most of you, that’s probably overkill. If you really want to protect your data, you should consider having multiple external hard drives to cover a unit failure, and you could keep external drives at another location and swap them on a regular basis. It all depends on what’s right for you.

External hard drives are essential add-ons for data-intensive applications. A client with a video editing business found this out soon after buying a new computer and running out of space shortly thereafter. In this case, the external drive provides easily accessible storage for files of work in progress, and it gives the computer’s hard drive room to do all the manipulation required for video editng.

Mac users have access to Time Machine, the built-in backup feature of OS X that works with your Mac and an external drive (sold separately) or AirPort Time Capsule. Time Machine automatically backs up your entire Mac and remembers how your system looked on any given day. It keeps hourly backups for the past 24 hours, daily backups for the past month, and weekly backups until your backup drive is full.

Saving files to DVDs and thumb drives is inexpensive and relatively quick and easy to do. You can easily make multiple copies, and you can easily store them in multiple locations. We generally advise relying on them as a supplemental backup for important files.

Selecting your backup system or combination of systems is like buying insurance. The more you value your data, the more you’ll want to increase and diversify your backup capacity. And just as there is an insurance program that meets your economics and tolerance for risk, there’s a backup system that will work for you. Talk to us about your needs, and we’ll find the solution that best matches them. Call – 973-433-6676 – or email to start the process.

Security and Convenience

Major retailers have been vulnerable to security breaches because we want convenience. New credit card systems that rely on chips instead of magnetic strips will help solve the security issue and so will Apple’s new ApplePay, which uses NFC (Near Field Communications) technology.

There won’t be any need to open an app or even wake your display because of the combination of NFC and the antenna in iPhone 6. To pay, just hold your iPhone near the contactless reader with your finger on Touch ID. You don’t even have to look at the screen to know your payment information was successfully sent. A subtle vibration and beep lets you know.

Instead of using your actual credit and debit card numbers the system assigns a unique Device Account Number that is encrypted and securely stored in the Secure Element, a dedicated chip in iPhone. These numbers are never stored on Apple servers. When you make a purchase, the Device Account Number, along with a transaction-specific dynamic security code, is used to process your payment. So your actual credit or debit card numbers are never shared by Apple with merchants or transmitted with payment.

If your iPhone is ever lost or stolen, you can use Find My iPhone to quickly put your device in Lost Mode so nothing is accessible, or you can wipe your iPhone clean completely.

This is a major step toward convenience and security. Another step will be the replacement of that magnetic strip on your credit with chip technology already in use in most of the world. Again, it will separate your credit and debit card info from the info stored by retailers.

Retailers’ storage of your transactions and credit and debit card info has given you the convenience of being able to return merchandise without a receipt. It also presented a plump, juicy target for hackers. Banks, which bear the liability of covering the cost of fraud, are behind efforts to speed up the conversion to this new technology. Their goal, of course, is to minimize their risk, and they’ll minimize ours, too.

New credit and debit cards will be better for those of us who still carry them around in our wallets. Apple Pay and evolving technologies will help us get rid of our wallets all together – and probably our keys, too.

Millennials are driving device technology. They don’t like to bother with carrying wallets and keys and anything else they deem bulky. The changes are likely to trickle down to the rest of us, especially as we find them to be secure and convenient.

While the new technology looks great, there are other steps you can take now to protect your data. We’ve discussed these measures before:

  • Strengthen your password. The greater the combination you can use of upper and lower case letters, numbers and special characters, the longer it will take for hackers to crack your password.
  • Use two-factor authentication for Internet access to your data. It’s a second password, a reference to a graphic symbol or an answer to a question. Dropbox now offers it, and you can click here to learn more.
  • Look before you click. Use common sense when clicking on websites or opening attachments to email. If something doesn’t look right or feel right, leave it alone.
  • Make sure your protection is up to date and running. Anti-virus programs, malware programs and firewalls for home and office systems can prevent unwanted problems and intrusions. Make sure you have all systems up to date and turned on.

Now you can buy your new iPhone 6 or 6+ and enjoy the benefits of Apple Pay and NFC – whenever the technology is activated, most likely in October.

What your thoughts on this? How willing are you to embrace this new technology? Share your thoughts with us. And if you have any questions about buying an iPhone 6 or 6+ or any other phone, tablet or computer and getting them all to work together, drop us an email or give us a call at 973-433-6676.

Avoiding the Virtual-Drive Hiding Place

One of our clients knew – without a doubt – she hit “save” for a downloaded file. But, she couldn’t find it where it was supposed to be. There’s a place where those files go, and it takes some detailed knowledge to find them.

The problem usually results when you download a file from an email or a website. Unless you specify a path – a specific folder in your Documents or Pictures libraries, for example – the file is stored in a protected temporary location. It’s located in another Documents file that’s accessed through your C:\Users series of directories and files. It’s a protected area designed to protect your computer against malware invasions, and it’s not well documented.

The location leads to an additional problem. When you run any automatic or manual backup program, files in that location are not backed up. If your hard drive fails or you change computers and don’t know where to find them, you could lose them.

When our client told us of the problem, we knew where to look, and we found lots of files. She was very happy, to say the least.

But it’s easier to avoid the problem.

If you’re downloading files from an email, make sure you file them in the appropriate folder when you save them. Sometimes, it just takes that extra second thought when you’re really busy, but if you make it a habit, you’ll save a lot of time and probably a lot more aggravation.

If you’re downloading from the Internet, do the same thing. Store it in an appropriate file folder right away, and make it a habit. If you regularly download files from specific websites, you can add them to your Trusted Files, and that will help you download them to your designated directories.

You can browse the protected temporary location, and we can show you how to do it without losing files that are critical to your computer’s operation. Call us – 973-433-6676 – or email us to set up an appointment. We’ll be able to guide you through the process and provide you with instructions for finding files in the future.

New Service to Manage Your Virus Protection

We’re responding to that nasty world out there by launching a new service to manage your virus protection. By taking a proactive approach, we can help you stay ahead of the nasties – insidious virus codes and the people who spread them. Here are the details.

We will now install and manage anti-virus software on your computer or computer system for as little as $4.25 per month. While we have avoided recurring, on-going fees, we believe this makes a lot of sense for you. In many ways, its’ an extension of services we already offer.

Many of our customers rely on us to monitor their systems remotely so that we can fix certain problems when they appear, and our customers give us access to their systems so that we can keep them running at peak performance.

We get alerts when a virus or malware is detected, and if something looks like it’s getting out of control, we get continuous messages. In one case, we got a message on a client’s machine that didn’t seem out of the ordinary. During lunch, which happened to be right near our client’s office, the messages escalated. We went there immediately to help out and resolved the issue. Our client’s boss saw us there and asked what we were doing. The client explained how we jumped in and said: “That’s why we have Norman.”

That’s what we do.

Now, we can monitor your system for viruses and reach out to fix problems, including making “house calls” if needed. As with everything else we do, we’ll make it a point to fix your problem as soon as possible.

Unlike some other anti-virus products or services, we don’t require annual renewals. Stay with us for as long as you like and cancel your service at any time. For companies with four or more computers, we can bill you quarterly. Make your life less worrisome. Contact us by phone – 973-433-6676 – or email for more information or to sign up for our anti-virus protection management.

iOS Upgrade and No Get-Out-Of-Jail-Free Card

Apple just released its iOS 7.06 upgrade, and in a recent comment, someone complained about losing your ability to “jail break” your device. Well, you can unlock just about any device, but is it worth it? You could be sacrificing data security.

The more we learn about data breaches at large companies and financial institutions, the more we start to realize how vulnerable we are and how much more we need to protect our information.

Technically, unlocking phones is illegal. When you have a contract with a carrier, they essentially have offered you a discount on device, usually a smartphone, in return for using their network. Unlocking your phone or device from their network to use other carriers breaks the contract.

We don’t offer legal advice. We offer technical advice and services that we hope will make you smarter users of your devices. So, let’s look at the security aspects.

The process of unlocking your smartphone, also known as jail breaking, decrypts all the data on your phone. It also removes all of the manufacturer’s restrictions and allows a phone to be used on any network. That’s the benefit you hoped to gain, especially when traveling abroad, where different cellular protocols can be used.

However, these unlocked phones carry a higher security risk than standard phones due to the changes to the operating system needed to make this occur. Once you use that phone to access the Internet, you and your phone are open to malware, spyware and just about any other tool you can think of that hackers can use to get personal data.

If that doesn’t stop you from thinking about jail-breaking your phone and/or device, consider this: You don’t know what security laws may apply when your data are breached in another country. Even though redress through a legal system may be possible, it will be after the fact. Damage can be done, and nobody can tell you what your liabilities may be and what any redresses can cover.

If you are traveling abroad, check with your carrier about capabilities. In many cases, your phone or device will work on Wi-Fi networks – though they may be public networks just like those from your local coffee shop. Wi-Fi Internet can allow you to talk to people over through services such as Facetime, Skype or Viber, and to access your email, bank and charge accounts and business files. Of course, you should make sure ahead of time that your device will be secured, and security can be enhanced through two-factor authentication systems.

In some cases, such as traveling to China, you may be better off leaving your phone or device home or having it shut off completely. Many business and government travelers to China and some other countries simply buy or rent a phone – with none of the information on their current phones and devices – for one-time use in those countries. Vacationers should follow their lead.

Contact us – phone: 973-433-6676 email: info@sterlingrosellc.com – with any questions you have about securing your phones and devices while traveling.

This article was published in Technology Update, the monthly newsletter from Sterling Rose LLC.

Security Tips for What You Use or Recycle

Whether you’re activating new equipment or continuing to use equipment and websites, and whether you’re recycling old computers, peripherals and devices, there are a number of security steps you can take to avoid a variety of problems. Here’s how to cover your tracks.

Let’s start with passwords. Don’t raise your hands all at once. How many of you tape passwords to your monitor – at the office or at home? How many of you keep them in a file on your computer? How many write them on slips of paper? How many are frustrated by all the rules and by having to keep track of so many passwords?

Did anybody besides me not raise your hand?

Most security experts will tell you should have a separate, strong password for every place that requires one. In the real world, it’s a real pain and highly impractical.

Here’s what I recommend. Create one very secure password you really like and use it for everything. The same security experts will also tell that a very strong password will have three of the following characteristics:

  • Upper case letters
  • Lower case letters
  • Numbers
  • Symbols or special characters

My password has all four – and it’s long. According to the website How Secure Is My Password?, it will take 58 years for someone to crack my code. For perspective, if I would use just my name, it could be cracked immediately. If I add an exclamation point (!), it jumps to 48 seconds. If I add an initial capital letter to the exclamation point, it jumps to 25 minutes. Adding a number increases the time to an hour. Adding another symbol or number gets you up to 58 years.

To give you a better idea of passwords to avoid, SplashData, provider of the SplashID Safe line of password management applications, just released its annual list of the past year’s worst passwords. If you see something familiar in the list, you might want to make a change or two.

So, give your password some thought and some length, and you should be in good shape.  Just be aware that some sites may have some special rules about password creation, but you get the idea. Some sites also have two-factor identification requirements, so make sure you follow the rules. If you use Dropbox to store or share files, we can help you set up a two-factor identification for your protection.

Another area of concern, which is largely out of our individual control, is the theft of information from major retailers’ systems. Target and Nordstrom are the ones that come to mind. I believe the biggest threat to systems such as those is somebody inside stealing information – just like somebody in a company embezzling money.

However, it does raise a question that we, as consumers, need to answer. How much convenience do we want? We’ve all returned products without a receipt, and it’s possible when the retailer retains the transaction and your credit card information. We are trading privacy for convenience.

The newer credit card technology, which is widely used in Europe, uses a chip that the retailer scans. On the backend, no information is stored once the transaction is completed.

Finally, let’s talk about protecting your data – or more accurately erasing and eradicating your data – when you recycle a computer, smartphone, tablet, fax machine, copier or printer. All of them can hold data.

When you go to a reputable recycler, you can be confident they will erase all hard drives and chips. It’s always a good idea to verify that. You can also remove a hard drive from a desktop or laptop computer, and with a laptop, it’s pretty effective to wreck the hard drive by hitting it with a hammer. Desktop hard drives have a steel undercarriage, which makes destruction more difficult.

There are ways to erase or eradicate the data, but we recommend you let us take care of it for you. We can make sure all the data and files you want to keep are backed up so you can restore them for use on other computers and devices. We also can use tools that wipe everything clean and can test to make sure we took off everything.

We are also happy to take any electronics you want to get rid of to GreenVision. State and local laws that affect most of our customers require recycling for all electronics to protect the environment. We take your old stuff there when we install new equipment. Please feel free to call us – 973-433-6676 – or email us to answer your questions, wipe out your data and/or help with your recycling. You can also call us or email us about your password and data security questions.

This article was published in Technology Update, the monthly newsletter from Sterling Rose LLC.

Update for Security, Performance and ROI

Simply having the latest operating system or software for your apps and browsers doesn’t guarantee top performance and tight security. You have to keep all of your programs updated from the day you install them.

Everything starts with the Internet. Whether you’re setting up a new computer or installing a new application, you’re almost always prompted to connect and download all the updates required to bring your programs up to date. Begin your installation by calling up your browser of choice and updating it. (Firefox usually sends out updates automatically as its default configuration.) As we discuss in the article When They Pull the Plug on XP, your browser is the first door hackers try to get into your computer, so make sure you have all the security updates and bug fixes.

When you begin to install the program or application from a website or a disk, you likely will be prompted to check for software updates. If the installation process doesn’t take you there automatically, answer “yes” when prompted. It’s especially true when installing from a disk. Even a disk that comes with a new computer is likely to be several months old.

In general, your rule of thumb should be to check for updates as second nature – and it doesn’t take much effort. You can set Windows Update to check for and install updates on a regular basis, even specifying days and times. For example, you can designate every Monday at 3 a.m. as your update time. Just go to your Control Panel, click on Windows Update and select Change Settings from the menu on the left. Just remember to have all of your files saved and backed up because updates can require you to restart your computer.

Here are some things to keep in mind when putting programs on a computer.

Many businesses have a mix of old and new technologies; it’s an economic reality. That means they’ll be installing some older (but still mostly serviceable) applications on new machines, recognizing that they won’t get full performance out of the new technology.

Therefore, it’s important to note that installing an old program, such as Office 2007, on a new computer will require you to get a series of updates in a specific order. That’s because each update, such as Service Pack 2 or Service Pack 3, builds on previous updates.  So, make sure you give yourself enough time to download and install them. The time will vary, depending on your Internet connection and network speed and capacity.

If you’re migrating from an XP machine to a new Windows 7 machine (which we implore you to do if you still have XP), you’ll need to go back to Service Pack 1 and download all the critical updates that Office will require. You should also note that you may have been using a 32-bit computer and now have a 64-bit computer. In that case, make sure you install all the updates for your new technology.

It’s the same with your Internet browser – whichever one you use. With the Internet such a presence for handling commercial transactions as well as for conducting business operations, programming becomes like its own ecosystem. It constantly responds to new hardware, new software and the ideas that lead to new applications. The continuing growth of cloud-based applications and the integration of mobile device into business demands more adaptability.

Because of that, we highly recommend that you and your employees and family members update browsers on a regular basis. You’ll get more efficiency, which can translate into better business profitability at the office and more learning opportunities for students at home.

Updated browsers also will be more secure, preventing more hackers from getting into your systems and stealing information they can use to take business and personal assets.

Keep in mind, too, that at some point, hanging on to old software or an old computer will put you past the point of diminishing economic returns. The investment in new technology – and new infrastructure for your networks, too – can pay for itself faster when you take advantage of all that technology can offer.

Contact us – 973-433-6676 or info@sterlingrosellc.com – to set up an appointment to evaluate your current technology, your needs and available options to make your systems more cost-effective. The solutions may be less expensive than you think.

This article was published in Technology Update, the monthly newsletter from Sterling Rose LLC.

Credit Cards: Small Businesses are Big Targets

Accepting credit cards is a way of life for many small businesses, and most owners don’t give a second thought to extra layers of data security. After all, what can a small mom-and-pop store have that would be attractive to hackers? Well, as it turns out, small businesses are big targets because they’re pretty easy to hack – and a valid credit card number is a treasure.

The Wall Street Journal a year ago chronicled the tale of a newsstand owner with two stores who was victimized. And even though he thought he was taking precautions to protect his customers’ data, cyber thieves planted a software program on the cash registers at his shops that sent customer credit-card numbers to Russia. At the time the story was written, he was out about $22,000 because the credit-card company said he didn’t do enough. They said his weak password for his cash-register software, pos, was easy for hackers to try.

But a weak password is only part of the problem for most small businesses. Too many small businesses store passwords to sensitive data in Outlook or other email clients, and the data can frequently be found easily hacked Excel spreadsheets. Even if you have antivirus and antimalware software, there are numerous ways that hackers can find their way into your system. For some, it’s like taking candy from a baby.

However, you can put up some protective fences around your data. The measures may cost a little more money than you’d like, but those costs are smaller than the liability you could face from a breach of your data.

  • Get “business-grade” antivirus and antimalware software. We offer it for $4.25/mo/computer, and we set it up and monitor your threat activity. In addition, we assist you on any software changes you make to ensure that your virus and malware protection remain at your expected level of performance. Why is this important? You need to protect yourself against somebody installing a Trojan horse that can turn up years later. The newsstand owner’s system was compromised two years before anything happened. You can have the same protection that big corporations buy.
  • Don’t keep user names and passwords in Outlook folders or Excel files. To be honest, they shouldn’t be on a computer. You should write them down on a piece of paper and store them under lock-and-key. Having your data compromised through an email backdoor is a growing problem. (See Lowdown on Hijacked Email, the next article in this newsletter issue.) If you get an email from your bank, credit-card processor or PayPal, don’t just click and reply. Hover over any link or email address and see where it’s really going. Better still, go to your provider’s website independently of the email or pick up the phone and call customer service.
  • Use strong passwords. If I had a nickel for every a-b-c or 1-2-3 password I’ve seen, I’d be managing a large investment portfolio instead of IT systems. Make your passwords long or complex or both. Use uppercase and lowercase letters, numbers and special characters.
  • Keep your Wi-Fi network secure. Networks are all over the place in commercial and residential areas. Just take out your smartphone and see how many networks are in your range. If your network is unprotected, anyone can sit in range unnoticed for as long as they need to find a pathway to your valuables

We would welcome the opportunity to provide a free risk-management assessment of your practices and systems. Call us at 973-433-6676 or send us an email and feel more secure.

This article was published in Technology Update, the monthly newsletter from Sterling Rose LLC.