Microsoft’s Outage Issues

Microsoft outages seem to be a regularly occurring event, and that’s a real problem for all of us as we grow even more dependent on technology. The bad news is that the problem won’t get any better. Here’s a look at the industry’s metrics.

From my old help desk days, we followed the “rule of five-nines.” This meant our goal was to be “up” 99.999 percent of the time. Is it attainable? It sounds like a great marketing goal, but the reality is that no global company with the size and scope of Microsoft – or Google or Amazon or anyone else – can be perfect. It doesn’t matter which company you use; their service depends on the reliability of satellites and cables for connections and the power grid to keep them online. As we use online services more extensively, we can strain the capacities of those resources.

According to ThousandEyes Internet and Cloud Intelligence from Cisco, more than 90 percent of the world’s data centers experience outages. Local ISPs (internet service providers) experience the most outages, trailed by CSPs (cloud service providers). Outages increases are attributed to more demand on their infrastructures.

You’re not going to get any better service by switching the companies you use; they all face the same challenges. And they share some challenges with you, and those will be hard to plan for based on the world’s political and economic environment. This is not a political statement; it’s just a clear-eyed look at potential problems. For example, will there be a rush to order new equipment before possible tariffs go into place? Supply and demand issues ahead of any tariff issues will undoubtedly affect prices and inventories.

What can you do? We’ve discussed many of the steps you can take, so let’s put them in perspective.

  • Be backup savvy. Make sure all the data you and your employees use is backed up frequently in multiple places. In addition to backing up data, have battery backup capability so you can save data and close applications. This is more critical for desktop computers; laptops and phones have batteries.
  • Keep all your software up to date. It’s all related. Up-to-date operating systems and apps perform better, and that performance may be the difference in finishing and saving critical data or losing something that will take a long time to recreate or that might be lost forever.
  • Think about replacing computers and other hardware that’s approaching five years of service time. It’s nearly five years since the COVID-19 pandemic, when a lot of companies and individuals bought new hardware to be able to work effectively from remote locations. Five years is about the effective service life of most equipment, and your equipment may be on the same timeline as many other users. Our vendors and distributors have told us to expect shortages just for this reason.

We can help you set up a plan to replace your aging hardware and make sure all the systems you keep have the best prospects of making it through the next year or so. Call us – 973-433-6676 – or email us to discuss your needs.

Living and Growing with Technology

We have kids and grandkids who have never known life without wireless technology, and now we’re moving on to AI. Whether you’re a business or a family with an array of technology comfort zones, there’s an array of paths you can follow to help you keep it all together.

I believe one of our biggest dangers with technology is online shopping. Did you see who had the most ads? According to my observations, it was Temu, the Chinese shopping site. What’s the red flag? There are two: 1.) data collection and 2.) legal recourse.

With every purchase you make, Temu collects a tremendous amount of personal data, including, of course, the credit card number you use to buy stuff. AI, which is really the use of superfast computers that can digest and regurgitate massive amounts of data, makes it possible to analyze every aspect of your shopping preferences. Even if you guard the privacy of your data persistently and diligently, some well-programmed AI can find out things you never knew about you. Conceivably, it helps Temu and similar websites present you with product choices and price points that will generate a purchase.

And because Temu is based in China, it operates under Chinese law, not US law. Not only will you not have the same legal recourse in China to protect you from financial loss, you likely won’t have the same regulatory protection about what data is collected and how it’s protected.

Another convenience we like is setting up automatic payments for products or services that are linked to our credit card or bank account. It’s a convenience for consumers and providers, and you can sometimes get a discount for automatic payments.

I dread the day my payment info gets hacked, and there’s no convenience factor that makes it worth the risk of being hacked. If you agree, there are two critical steps you can take to minimize your risk: 1.) Reset your login credentials for your financial accounts and the sites that draw automatic payments. 2.) Set up two-factor authentication (2FA) for every website account that offers it; biometrics and text messages to a device only you can access are best.

Biometrics can include facial recognition, and it offers the best combination of safety and convenience, especially for phones and tablets. Unless somebody has stolen your device and used your digital passcode to get into your settings and take a picture of themselves to reprogram your facial ID, only you can respond. Using a mobile device for a text is good because you should have the device in your possession for the authentication process. The use of authenticator apps such as Microsoft Authenticator or Google Authenticator is a good step.

Younger people typically take more easily to these new authentication methods, but those who are older or not entirely comfortable with technology should find them easy to use once they’re properly installed and configured.

Staying with the theme of age and technology, we have an elderly client who had some issues with a new computer. We tend to think older people are more comfortable with a computer, but we found the client preferred to have a second iPad. We associate iPad and iPhone use with younger people who can easily adapt to a different way of doing things with really quick thumbs. But there are keyboards for any mobile device, and those who use hearing aids can take advantage of Bluetooth with their devices.

The biggest challenge with using a tablet or phone in place of a computer is setting up ways to download, store, and use files with apps mostly associated with a computer. Multitasking is more difficult with a tablet or phone, but we can accommodate most needs for most people.

With tech playing such a large part of everyone’s business and personal lives, it makes sense to tailor the technology to the person rather than the other way around. If you or someone you know has special technology needs, call us – 973-433-6676 – or email to discuss ways to make technology work.

The IT Guy Stumbles, Too

Those of us in the IT field are subject to the same pressures as everyone else, and we can stumble just as easily as anyone when we’re rushing to leave on vacation – or a business trip. Here’s the story of how I almost blew it – and I’m stickin’ to it. Let it serve as a lesson for you.

It was the Friday before we were leaving for our latest (hopefully not last) family vacation (Charlie will be college-age next summer), and I was in a rush to close all our business and personal affairs before leaving the next morning. I got a call on our home landline purporting to be the bank for our main credit card wanting to question charges from Walmart and Malaysian Airlines. With one foot out the door, I wasn’t thinking straight. They said I could have a new card in three or four days, but I said I needed one tomorrow morning because we were leaving for vacation. When the caller said they’d need a supervisor to call me back, I started to think maybe the call wasn’t legit.

This was a prime example of how we get caught. Credit card fraud is a major problem that’s hit just about everyone in the world. A call like that is no surprise. When I took a deep breath, I hung up the phone, went online to my bank, and looked at my account. There were no pending charges from either place. Had I stayed on the phone call, well, I don’t want to think about it.

One problem with phone calls today is that even if you see a symbol, such as a checkmark (√) or a V in parentheses (V), it may be a spoof. It’s easy to spoof any phone number, so don’t believe it is legitimate because you see a symbol. We don’t pay attention to possible pitfalls when we’re rushing to get things done before a vacation or a business trip. We need to take a deep breath and step back before we act. Otherwise, we could come back to empty bank accounts.

One of our clients almost made a similar mistake when they got a text message about an ambulance bill. The client had gone to an urgent care, and doctors there determined they should be taken by ambulance to the emergency room. The text said their insurance carrier had declined the claim, and there was a link they could use to pay the bill. After staring at the text – after almost clicking the link to see what was going on, they looked on their carrier’s website and found no mention of the ambulance ride. The really scary part is how someone knew our client had an ambulance ride from a specific company on a particular date.

If you do make a mistake, you should call your credit company’s or bank’s fraud line and report it immediately. If you can’t get through, go online through your browser and file a report. You can usually block action on your credit card with the click of a button.

If you fear a breach, you can call us – 973-433-6676 – or email us for help. We can start to put the pieces of your puzzle together to see where your system may have been breached through your computer or mobile device and help you rebuild your security system.

The Great Credit Card Conundrum

We rely on credit cards and other cashless forms of payment as business owners and consumers. As a result, we roll points, cash-back schemes and fee schedules into decisions about what we use and what we accept. We have our thoughts, but what are yours?

Here are ours.

We’re seeing more fees as a business and as a consumer. As a business, we can absorb fees on small amounts, but for large amounts, the fees are too large. In one recent month, we collected $4,300 in credit card sales and paid almost $67 in fees. We realize there’s a convenience factor that makes sense for us to pay the fees. We don’t have to spend time (which has a cost) to stamp checks and then use a mobile banking app to deposit each check. We can take the stamped checks to the bank, but that’s travel time. If you have a business, what role do fees play in your decision about whether to take a credit card?

Of course, if you have a business with walk-in traffic, you can get a break on fees. But that only works up to a point. For example, if you buy a car for $35,000, it would be nice to pay with your credit card and earn points or cash back. But if you’re the car dealer, you’ll absorb fees in the neighborhood of $1,000. Neither party in that deal benefits; only the bank benefits. How do you navigate this as a consumer or business?

Many nonprofits ask you to absorb the fee when you make a donation. Do you check the box to pay the fee?

In your business, do you prefer an alternative to credit cards, such as an ACH or a check? One benefit of taking a credit card is that can streamline your accounting system.

As a consumer, do you sometimes balk at putting your credit card number on the internet when you buy online or over the phone? If you’re afraid of having your credit card info exposed to hacking by entering your card on a website or giving it out by phone, you should know that a transaction in a store or office involves using the internet, and someone in that chain can be hacked.

You should also know that anyone who takes your credit card number by phone is NOT allowed to write down the full card number. They should be entering it on another website that will display only your last four numbers once it’s verified.

We are seeing one advance in using credit cards – or their numbers – in restaurants. We’ve never liked the fact that servers take your card to a location you can’t see to enter your card info. That disappearing act is the most serious threat to your card’s security. Having your server process your card at your table is better, but then your server is standing over you while you decide on the tip. That’s uncomfortable.

A better solution involves the use of your phone. When your server presents your bill electronically, there’s also a QR code you can scan. That puts it all on your phone. If you are set up to pay through your phone, you can add the tip and pay the bill without ever pulling out your physical wallet.

As we move farther into a cashless society, we can help you – as a business or consumer – to set up your technology to be more efficient and secure. And we can answer any questions you may have about how to use what you already have. Give us a call – 973-433-6676 – or email us.

Facebook and Apple Fight is About Monetizing You

If you’ve downloaded and installed Apple’s iOS 14.3 update for iPhones and iPads, you’ve put yourself in the sights of Facebook and Apple. Called “App Tracking Transparency” feature, it labels apps in the App Store, telling users what data those apps collect and whether it’s used to track them for advertising. Facebook, which makes its money from advertising, says the feature will harm small businesses that rely on targeted online advertising.

In many cases, you’re worth pennies on the dollar, but there are hundreds of billions of pennies at stake. And while both sides try to cloak their stands in privacy and free enterprise, it’s really about “fee enterprise.”

The gist of Apple’s policy is that when you download an app from the App Store, your activity on the device can’t be tracked unless you give permission. Until now, you had to opt-out to avoid being stalked electronically online. Most people usually ignore the opt-out/opt-in option, and Facebook and other web-based operations have made a lot of money by tracking you and selling the data to companies who want to sell something you want – or have indicated you may want.

According to a recent article in Forbes, Facebook itself estimates a 60-percent swing in advertising effectiveness between targeting and non-targeted advertisements. Facebook’s ad charges the article notes, will presumably match its ad-placement effectiveness. With the company controlling about 25 percent of a $40 billion online U.S. advertising market, up to $6 billion in annual revenue is at stake in the US alone. Google and Amazon also profit immensely from tracking you and selling your data.

The bottom line is that anyone who opts out is 60% less valuable than a regular customer, and that’s part of legal proceedings before the Federal Trade Commission and in 48 states. Apple, of course, has been taken to task for its practices in handling App Store operations, including who gets to put apps there, and other technical issues. They’re not saints, but that’s a separate issue from the Facebook issue.

The Forbes article likens Facebook’s operations to Ladies Night at a nightclub. On Ladies Night, clubs let women in for free expecting that they will attract men who will pay a cover, as well as spend money on the women and themselves. In a similar way, Facebook provides users with free services in the hope that advertisers will spend money on them. Facebook is like the owner-bartender who, for $10, will tell you everything he knows about a particular woman, including her relationship status and favorite drink.

I can’t speak for how a woman might feel after reading this, but anyone can feel some outrage about being put on display and sold. Yet at the same time, we’re looking for new and interesting products or services when we go online, and we may be open to new ideas when they’re presented to us. To me, that’s Facebook’s argument. You might view Apple as the guy who senses harassment and comes over to “protect” you.

To expand the transparency/privacy conversation, you have choices. You are able to use search engines and plug-ins that block unwanted ads while you browse the web and visit sites. Websites are fighting back by not allowing you access unless you unblock the ads on their site. You may not like the choices. You may not like sacrificing privacy for convenience or vice versa. But this is all part of the opt-in/opt-out battleground over who gets to profit from you.

If you have any questions about how to configure apps to meet your privacy or convenience needs, we can help. Call us – 973-433-6676 – or email us for an appointment to walk you through the process.

The Ill Winds of Solar Winds

Look for a continuing fallout from the breach of Solar Winds, the giant technology management company that was responsible for the high-level federal government systems that were hacked last year. The hack is top of mind because some of our most sensitive systems were hacked, but businesses were affected, too. It’s time to look at the world of big data management.

The lesson we all need to learn from the hack of Solar Winds is that nothing is truly, truly safe. We don’t know where government agencies and private industry systems were breached – and how badly they were breached – and when it comes to the government systems, we’ll probably never know. But I don’t think we’re going out on a limb by saying that 1.) Solar Winds will need to work extra hard to regain the confidence of customers (and their customers, too) and that if 2.) they don’t succeed in repairing their systems and reputation, they’ll join a lot of other companies on technology’s garbage heap. From our various industry contacts, we had heard customers wanted to leave Solar Winds for reasons other than security.

The big data management companies should be subject to much more scrutiny by government oversight and by their customers. Strict government oversight similar to what we do to monitor CIA activity is necessary because of the extremely critical and sensitive nature of government work. Industry regulation is required to set standards for performance and accountability.

How much oversight and regulation are needed is a political question. What is not political is the need to keep our systems secure and, where possible, insist on transparency in letting us know when things go wrong. Dependency is critical because every system is so intertwined. It’s easy to see it if you look at it like a wheel. In the case of Soar Winds, look at them as the hub, and then look at every organization in their customer list as spokes connecting the hub to the rim. The rim is everyone who does business with any one of the spokes.

Solar Winds and its customers are not the first victims of sophisticated hacking, and unfortunately, they won’t be the last. Google has experienced problems, including an email issue last month, and Microsoft has had its share of issues. Look at what our nation went through with security for our elections.

As individuals we can demand that big data management companies take greater care, but we also need to own our security and asset protection. A lot of it is technology-based. We’ve implored everyone over the years to keep all operating systems, networks and application software up to date – to make sure you download and install updates, security patches and bug fixes. We’ve implored everyone to have all data securely backed up and to have a plan to get your assets – like money in your bank account – when you need them.

Beyond that, be critical of information requested when you fill out forms. Why does somebody need your social security number? Even for a job application, does your prospective employer need that information before they’re ready to do a background check or pay you? Don’t be afraid to question a request or demand a satisfactory answer. For companies where you have critical relationships, like your bank, maintain personal contacts. Know that you can pick up a phone and actually talk to a real human being when you’re concerned about your asset. We can help you with the technology part of security. Call us – 973-433-6676 – or email us for a security audit or to discuss applications and processes that can keep your computers as safe as possible when a big data manager is breached.

Who’s in Your Electronic Wallet?

Complacency is likely to be the greatest threat to your online security. The FBI recently reported that the padlock icon and HTTPS:// in a website cannot be trusted all the time in letting you know a site is safe. With the cost of SSL-TSL certificates falling, it’s cheap for crooks to set up malware sites and lure you in. We’ve discussed on-line shopping security and keeping other transactions secure, but the FBI’s warning compels us to revisit a few ideas.

First, what is an SSL-TSL certificate? The certificate is an acknowledgement that the owner of a website has installed SSL or TSL technology provide secure communications over a computer network. The certificates are granted by third-party providers, such as VeriSign, which is now owned by Symantec. The certificate shows us HTTPS (Hyper Text Transfer Protocol Secure) in a secure website’s URL. You can view the certificate by clicking on the lock symbol on the browser bar.

What do SSL and TSL stand for? In short, SSL stands for Secure Sockets Layer, the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems. It’s designed to prevent criminals from reading and modifying any information transferred, including potential personal details. TLS (Transport Layer Security) is just an updated, more secure, version of SSL. Symantec still refers to security certificates as SSL because it is a more commonly used term. SSL certificates can also cover other internet- based communications, and they come in various levels. If you are curious, you can click here to read more from Symantec than you might want to know.

What you should know, the FBI reports, is that cybercriminals are more frequently incorporating website certificates when they send emails that imitate trustworthy companies or email contacts. They’re typically phishing schemes used to acquire sensitive logins or other information by luring potential victims to a malicious website that looks secure.

We’ve published many articles that call for the internet industry to provide more safeguards, but as we’ve always noted, cybercriminals are working just as a hard to defeat current and developing security tools. One industry executive hit the nail on the head by noting that cybercriminals can’t work around an aware user, who has been trained to look for misspellings in the URL of a web page and knows not to trust a padlock icon. Addressing her firm’s corporate business targets, the executive called on organizations to invest in solid, continuing training programs.

We echo the FBI, which says the following (familiar) steps can help reduce the likelihood of falling victim to HTTPS phishing:

  • Do not simply trust the name on an email: question the intent of the email content.
  • If you receive a suspicious email with a link from a known contact, confirm the email is legitimate by calling or emailing the contact; do not reply directly to a suspicious email.
  • Check for misspellings or wrong domains within a link (e.g., if an address that should end in “.gov” ends in “.com” instead).
  • Do not trust a website just because it has a lock icon or “https” in the browser address bar.

The FBI encourages victims to report information concerning suspicious or criminal activity to their local FBI field office, and file a complaint with the IC3 at www.ic3.gov. If your complaint pertains to HTTPS/SSL/TSL issues in a phishing expedition, write “HTTPS phishing” in the body of the complaint.

You can protect yourself by being prudent and deliberate when opening emails and clicking on links, and you can support your efforts by installing, updating and using anti-virus and anti-malware protection programs. We work with several trusted providers, including Symantec, and we can help you select and set up the programs that best meet your needs. Call us – 973-433-6676 – or email us if you think your security may have been compromised or if have any questions about online security verification.

DIY and a Scam

When one of our clients decided to add a Wi-Fi extender in a home office, she contacted a phone number that purported to be a helpline from the manufacturer. It wasn’t, and it opened up a door for someone to gain access to sensitive information.

We’re certainly not opposed to any of our clients buying and installing their own technology. It can save you money and give you a better understanding of how your technological systems all fit together to make your life better. But there are a few things everyone should be aware of when they start the process – because you may not discover a problem until some damage has been done.

In this case, our client bought and set up a network extender from Netgear. She needed to strengthen an in-home network to accommodate her mother’s computer, and this was a reasonable step. When she ran into a problem, she called the manufacturer for help – or thought she did, and this is where problems began.

She said she called the phone number on the extender’s box. We won’t quibble. It could have come with a Google search. The lesson is more important than any finger-pointing. One of the problems with a Google search is that companies can place advertisements to show up above the “natural search” results. In times of stress, it’s easy to mistake an ad for a search result, and you click it. Both the advertiser and Google benefit from the ad; you visit a website you wouldn’t have otherwise gone to, and Google gets paid for directing you there. That’s business.

But when the advertiser is, shall we say, shady, it’s an ideal way to lure somebody into a scam. That’s what happened here. Our client clicked on what she thought was Netgear customer service but went to a website called Trucept. They walked her through a setup and told her she had no virus protection. She paid $300 for a package that included five years of security protection. That’s likely how they got into her network and likely were able to hack her mother’s computer.

Unbeknownst at that time, her mother started to receive online banking messages about owing a lot of money. That’s when we got a call. We told our client to shutdown her mother’s computer immediately and to call the bank. Then, we went to the Trucept website together, and to our experienced – and skeptical – eye, it had the look of scam all over it. Some of the telltale signs we saw were:

  • An address for a residence in Queens Village, NY
  • Lots of misspelled words
  • A PC Max Ultra Prime package for $800 with no customer reviews
  • A policy that requires two days before you ask for a refund (which gives them time to access a computer)

We were able to clean up her system and her mother’s. Now let’s look at things going forward.

First, be very careful about what you find on the internet. In the heat of trying to get something done in our overstressed lives, it’s easy to overlook something – especially a Google ad that looks like a search result. Take a deep breath before you click.

Second, get help from someone you know. It doesn’t have to be us. Call a friend. Go on Nextdoor Neighbor or Facebook and ask for a recommendation. Just don’t call a stranger out of the blue.

Third, only pay with a credit card for an online service. Credit cards have a mechanism in place to reverse charges. Processors record an IP address for every transaction, and they can tell where it took place.

We can help you install new systems or devices in your home or office, either in person or – typically – by walking you through the process. Call us – 973-433-6676 – or email us for an appointment or a walkthrough.