Security and Convenience

Major retailers have been vulnerable to security breaches because we want convenience. New credit card systems that rely on chips instead of magnetic strips will help solve the security issue and so will Apple’s new ApplePay, which uses NFC (Near Field Communications) technology.

There won’t be any need to open an app or even wake your display because of the combination of NFC and the antenna in iPhone 6. To pay, just hold your iPhone near the contactless reader with your finger on Touch ID. You don’t even have to look at the screen to know your payment information was successfully sent. A subtle vibration and beep lets you know.

Instead of using your actual credit and debit card numbers the system assigns a unique Device Account Number that is encrypted and securely stored in the Secure Element, a dedicated chip in iPhone. These numbers are never stored on Apple servers. When you make a purchase, the Device Account Number, along with a transaction-specific dynamic security code, is used to process your payment. So your actual credit or debit card numbers are never shared by Apple with merchants or transmitted with payment.

If your iPhone is ever lost or stolen, you can use Find My iPhone to quickly put your device in Lost Mode so nothing is accessible, or you can wipe your iPhone clean completely.

This is a major step toward convenience and security. Another step will be the replacement of that magnetic strip on your credit with chip technology already in use in most of the world. Again, it will separate your credit and debit card info from the info stored by retailers.

Retailers’ storage of your transactions and credit and debit card info has given you the convenience of being able to return merchandise without a receipt. It also presented a plump, juicy target for hackers. Banks, which bear the liability of covering the cost of fraud, are behind efforts to speed up the conversion to this new technology. Their goal, of course, is to minimize their risk, and they’ll minimize ours, too.

New credit and debit cards will be better for those of us who still carry them around in our wallets. Apple Pay and evolving technologies will help us get rid of our wallets all together – and probably our keys, too.

Millennials are driving device technology. They don’t like to bother with carrying wallets and keys and anything else they deem bulky. The changes are likely to trickle down to the rest of us, especially as we find them to be secure and convenient.

While the new technology looks great, there are other steps you can take now to protect your data. We’ve discussed these measures before:

  • Strengthen your password. The greater the combination you can use of upper and lower case letters, numbers and special characters, the longer it will take for hackers to crack your password.
  • Use two-factor authentication for Internet access to your data. It’s a second password, a reference to a graphic symbol or an answer to a question. Dropbox now offers it, and you can click here to learn more.
  • Look before you click. Use common sense when clicking on websites or opening attachments to email. If something doesn’t look right or feel right, leave it alone.
  • Make sure your protection is up to date and running. Anti-virus programs, malware programs and firewalls for home and office systems can prevent unwanted problems and intrusions. Make sure you have all systems up to date and turned on.

Now you can buy your new iPhone 6 or 6+ and enjoy the benefits of Apple Pay and NFC – whenever the technology is activated, most likely in October.

What your thoughts on this? How willing are you to embrace this new technology? Share your thoughts with us. And if you have any questions about buying an iPhone 6 or 6+ or any other phone, tablet or computer and getting them all to work together, drop us an email or give us a call at 973-433-6676.

Avoiding the Virtual-Drive Hiding Place

One of our clients knew – without a doubt – she hit “save” for a downloaded file. But, she couldn’t find it where it was supposed to be. There’s a place where those files go, and it takes some detailed knowledge to find them.

The problem usually results when you download a file from an email or a website. Unless you specify a path – a specific folder in your Documents or Pictures libraries, for example – the file is stored in a protected temporary location. It’s located in another Documents file that’s accessed through your C:\Users series of directories and files. It’s a protected area designed to protect your computer against malware invasions, and it’s not well documented.

The location leads to an additional problem. When you run any automatic or manual backup program, files in that location are not backed up. If your hard drive fails or you change computers and don’t know where to find them, you could lose them.

When our client told us of the problem, we knew where to look, and we found lots of files. She was very happy, to say the least.

But it’s easier to avoid the problem.

If you’re downloading files from an email, make sure you file them in the appropriate folder when you save them. Sometimes, it just takes that extra second thought when you’re really busy, but if you make it a habit, you’ll save a lot of time and probably a lot more aggravation.

If you’re downloading from the Internet, do the same thing. Store it in an appropriate file folder right away, and make it a habit. If you regularly download files from specific websites, you can add them to your Trusted Files, and that will help you download them to your designated directories.

You can browse the protected temporary location, and we can show you how to do it without losing files that are critical to your computer’s operation. Call us – 973-433-6676 – or email us to set up an appointment. We’ll be able to guide you through the process and provide you with instructions for finding files in the future.

New Service to Manage Your Virus Protection

We’re responding to that nasty world out there by launching a new service to manage your virus protection. By taking a proactive approach, we can help you stay ahead of the nasties – insidious virus codes and the people who spread them. Here are the details.

We will now install and manage anti-virus software on your computer or computer system for as little as $4.25 per month. While we have avoided recurring, on-going fees, we believe this makes a lot of sense for you. In many ways, its’ an extension of services we already offer.

Many of our customers rely on us to monitor their systems remotely so that we can fix certain problems when they appear, and our customers give us access to their systems so that we can keep them running at peak performance.

We get alerts when a virus or malware is detected, and if something looks like it’s getting out of control, we get continuous messages. In one case, we got a message on a client’s machine that didn’t seem out of the ordinary. During lunch, which happened to be right near our client’s office, the messages escalated. We went there immediately to help out and resolved the issue. Our client’s boss saw us there and asked what we were doing. The client explained how we jumped in and said: “That’s why we have Norman.”

That’s what we do.

Now, we can monitor your system for viruses and reach out to fix problems, including making “house calls” if needed. As with everything else we do, we’ll make it a point to fix your problem as soon as possible.

Unlike some other anti-virus products or services, we don’t require annual renewals. Stay with us for as long as you like and cancel your service at any time. For companies with four or more computers, we can bill you quarterly. Make your life less worrisome. Contact us by phone – 973-433-6676 – or email for more information or to sign up for our anti-virus protection management.

iOS Upgrade and No Get-Out-Of-Jail-Free Card

Apple just released its iOS 7.06 upgrade, and in a recent comment, someone complained about losing your ability to “jail break” your device. Well, you can unlock just about any device, but is it worth it? You could be sacrificing data security.

The more we learn about data breaches at large companies and financial institutions, the more we start to realize how vulnerable we are and how much more we need to protect our information.

Technically, unlocking phones is illegal. When you have a contract with a carrier, they essentially have offered you a discount on device, usually a smartphone, in return for using their network. Unlocking your phone or device from their network to use other carriers breaks the contract.

We don’t offer legal advice. We offer technical advice and services that we hope will make you smarter users of your devices. So, let’s look at the security aspects.

The process of unlocking your smartphone, also known as jail breaking, decrypts all the data on your phone. It also removes all of the manufacturer’s restrictions and allows a phone to be used on any network. That’s the benefit you hoped to gain, especially when traveling abroad, where different cellular protocols can be used.

However, these unlocked phones carry a higher security risk than standard phones due to the changes to the operating system needed to make this occur. Once you use that phone to access the Internet, you and your phone are open to malware, spyware and just about any other tool you can think of that hackers can use to get personal data.

If that doesn’t stop you from thinking about jail-breaking your phone and/or device, consider this: You don’t know what security laws may apply when your data are breached in another country. Even though redress through a legal system may be possible, it will be after the fact. Damage can be done, and nobody can tell you what your liabilities may be and what any redresses can cover.

If you are traveling abroad, check with your carrier about capabilities. In many cases, your phone or device will work on Wi-Fi networks – though they may be public networks just like those from your local coffee shop. Wi-Fi Internet can allow you to talk to people over through services such as Facetime, Skype or Viber, and to access your email, bank and charge accounts and business files. Of course, you should make sure ahead of time that your device will be secured, and security can be enhanced through two-factor authentication systems.

In some cases, such as traveling to China, you may be better off leaving your phone or device home or having it shut off completely. Many business and government travelers to China and some other countries simply buy or rent a phone – with none of the information on their current phones and devices – for one-time use in those countries. Vacationers should follow their lead.

Contact us – phone: 973-433-6676 email: [email protected] – with any questions you have about securing your phones and devices while traveling.

This article was published in Technology Update, the monthly newsletter from Sterling Rose LLC.

Security Tips for What You Use or Recycle

Whether you’re activating new equipment or continuing to use equipment and websites, and whether you’re recycling old computers, peripherals and devices, there are a number of security steps you can take to avoid a variety of problems. Here’s how to cover your tracks.

Let’s start with passwords. Don’t raise your hands all at once. How many of you tape passwords to your monitor – at the office or at home? How many of you keep them in a file on your computer? How many write them on slips of paper? How many are frustrated by all the rules and by having to keep track of so many passwords?

Did anybody besides me not raise your hand?

Most security experts will tell you should have a separate, strong password for every place that requires one. In the real world, it’s a real pain and highly impractical.

Here’s what I recommend. Create one very secure password you really like and use it for everything. The same security experts will also tell that a very strong password will have three of the following characteristics:

  • Upper case letters
  • Lower case letters
  • Numbers
  • Symbols or special characters

My password has all four – and it’s long. According to the website How Secure Is My Password?, it will take 58 years for someone to crack my code. For perspective, if I would use just my name, it could be cracked immediately. If I add an exclamation point (!), it jumps to 48 seconds. If I add an initial capital letter to the exclamation point, it jumps to 25 minutes. Adding a number increases the time to an hour. Adding another symbol or number gets you up to 58 years.

To give you a better idea of passwords to avoid, SplashData, provider of the SplashID Safe line of password management applications, just released its annual list of the past year’s worst passwords. If you see something familiar in the list, you might want to make a change or two.

So, give your password some thought and some length, and you should be in good shape.  Just be aware that some sites may have some special rules about password creation, but you get the idea. Some sites also have two-factor identification requirements, so make sure you follow the rules. If you use Dropbox to store or share files, we can help you set up a two-factor identification for your protection.

Another area of concern, which is largely out of our individual control, is the theft of information from major retailers’ systems. Target and Nordstrom are the ones that come to mind. I believe the biggest threat to systems such as those is somebody inside stealing information – just like somebody in a company embezzling money.

However, it does raise a question that we, as consumers, need to answer. How much convenience do we want? We’ve all returned products without a receipt, and it’s possible when the retailer retains the transaction and your credit card information. We are trading privacy for convenience.

The newer credit card technology, which is widely used in Europe, uses a chip that the retailer scans. On the backend, no information is stored once the transaction is completed.

Finally, let’s talk about protecting your data – or more accurately erasing and eradicating your data – when you recycle a computer, smartphone, tablet, fax machine, copier or printer. All of them can hold data.

When you go to a reputable recycler, you can be confident they will erase all hard drives and chips. It’s always a good idea to verify that. You can also remove a hard drive from a desktop or laptop computer, and with a laptop, it’s pretty effective to wreck the hard drive by hitting it with a hammer. Desktop hard drives have a steel undercarriage, which makes destruction more difficult.

There are ways to erase or eradicate the data, but we recommend you let us take care of it for you. We can make sure all the data and files you want to keep are backed up so you can restore them for use on other computers and devices. We also can use tools that wipe everything clean and can test to make sure we took off everything.

We are also happy to take any electronics you want to get rid of to GreenVision. State and local laws that affect most of our customers require recycling for all electronics to protect the environment. We take your old stuff there when we install new equipment. Please feel free to call us – 973-433-6676 – or email us to answer your questions, wipe out your data and/or help with your recycling. You can also call us or email us about your password and data security questions.

This article was published in Technology Update, the monthly newsletter from Sterling Rose LLC.

Update for Security, Performance and ROI

Simply having the latest operating system or software for your apps and browsers doesn’t guarantee top performance and tight security. You have to keep all of your programs updated from the day you install them.

Everything starts with the Internet. Whether you’re setting up a new computer or installing a new application, you’re almost always prompted to connect and download all the updates required to bring your programs up to date. Begin your installation by calling up your browser of choice and updating it. (Firefox usually sends out updates automatically as its default configuration.) As we discuss in the article When They Pull the Plug on XP, your browser is the first door hackers try to get into your computer, so make sure you have all the security updates and bug fixes.

When you begin to install the program or application from a website or a disk, you likely will be prompted to check for software updates. If the installation process doesn’t take you there automatically, answer “yes” when prompted. It’s especially true when installing from a disk. Even a disk that comes with a new computer is likely to be several months old.

In general, your rule of thumb should be to check for updates as second nature – and it doesn’t take much effort. You can set Windows Update to check for and install updates on a regular basis, even specifying days and times. For example, you can designate every Monday at 3 a.m. as your update time. Just go to your Control Panel, click on Windows Update and select Change Settings from the menu on the left. Just remember to have all of your files saved and backed up because updates can require you to restart your computer.

Here are some things to keep in mind when putting programs on a computer.

Many businesses have a mix of old and new technologies; it’s an economic reality. That means they’ll be installing some older (but still mostly serviceable) applications on new machines, recognizing that they won’t get full performance out of the new technology.

Therefore, it’s important to note that installing an old program, such as Office 2007, on a new computer will require you to get a series of updates in a specific order. That’s because each update, such as Service Pack 2 or Service Pack 3, builds on previous updates.  So, make sure you give yourself enough time to download and install them. The time will vary, depending on your Internet connection and network speed and capacity.

If you’re migrating from an XP machine to a new Windows 7 machine (which we implore you to do if you still have XP), you’ll need to go back to Service Pack 1 and download all the critical updates that Office will require. You should also note that you may have been using a 32-bit computer and now have a 64-bit computer. In that case, make sure you install all the updates for your new technology.

It’s the same with your Internet browser – whichever one you use. With the Internet such a presence for handling commercial transactions as well as for conducting business operations, programming becomes like its own ecosystem. It constantly responds to new hardware, new software and the ideas that lead to new applications. The continuing growth of cloud-based applications and the integration of mobile device into business demands more adaptability.

Because of that, we highly recommend that you and your employees and family members update browsers on a regular basis. You’ll get more efficiency, which can translate into better business profitability at the office and more learning opportunities for students at home.

Updated browsers also will be more secure, preventing more hackers from getting into your systems and stealing information they can use to take business and personal assets.

Keep in mind, too, that at some point, hanging on to old software or an old computer will put you past the point of diminishing economic returns. The investment in new technology – and new infrastructure for your networks, too – can pay for itself faster when you take advantage of all that technology can offer.

Contact us – 973-433-6676 or [email protected] – to set up an appointment to evaluate your current technology, your needs and available options to make your systems more cost-effective. The solutions may be less expensive than you think.

This article was published in Technology Update, the monthly newsletter from Sterling Rose LLC.

Credit Cards: Small Businesses are Big Targets

Accepting credit cards is a way of life for many small businesses, and most owners don’t give a second thought to extra layers of data security. After all, what can a small mom-and-pop store have that would be attractive to hackers? Well, as it turns out, small businesses are big targets because they’re pretty easy to hack – and a valid credit card number is a treasure.

The Wall Street Journal a year ago chronicled the tale of a newsstand owner with two stores who was victimized. And even though he thought he was taking precautions to protect his customers’ data, cyber thieves planted a software program on the cash registers at his shops that sent customer credit-card numbers to Russia. At the time the story was written, he was out about $22,000 because the credit-card company said he didn’t do enough. They said his weak password for his cash-register software, pos, was easy for hackers to try.

But a weak password is only part of the problem for most small businesses. Too many small businesses store passwords to sensitive data in Outlook or other email clients, and the data can frequently be found easily hacked Excel spreadsheets. Even if you have antivirus and antimalware software, there are numerous ways that hackers can find their way into your system. For some, it’s like taking candy from a baby.

However, you can put up some protective fences around your data. The measures may cost a little more money than you’d like, but those costs are smaller than the liability you could face from a breach of your data.

  • Get “business-grade” antivirus and antimalware software. We offer it for $4.25/mo/computer, and we set it up and monitor your threat activity. In addition, we assist you on any software changes you make to ensure that your virus and malware protection remain at your expected level of performance. Why is this important? You need to protect yourself against somebody installing a Trojan horse that can turn up years later. The newsstand owner’s system was compromised two years before anything happened. You can have the same protection that big corporations buy.
  • Don’t keep user names and passwords in Outlook folders or Excel files. To be honest, they shouldn’t be on a computer. You should write them down on a piece of paper and store them under lock-and-key. Having your data compromised through an email backdoor is a growing problem. (See Lowdown on Hijacked Email, the next article in this newsletter issue.) If you get an email from your bank, credit-card processor or PayPal, don’t just click and reply. Hover over any link or email address and see where it’s really going. Better still, go to your provider’s website independently of the email or pick up the phone and call customer service.
  • Use strong passwords. If I had a nickel for every a-b-c or 1-2-3 password I’ve seen, I’d be managing a large investment portfolio instead of IT systems. Make your passwords long or complex or both. Use uppercase and lowercase letters, numbers and special characters.
  • Keep your Wi-Fi network secure. Networks are all over the place in commercial and residential areas. Just take out your smartphone and see how many networks are in your range. If your network is unprotected, anyone can sit in range unnoticed for as long as they need to find a pathway to your valuables

We would welcome the opportunity to provide a free risk-management assessment of your practices and systems. Call us at 973-433-6676 or send us an email and feel more secure.

This article was published in Technology Update, the monthly newsletter from Sterling Rose LLC.