Reboot Your Thinking About Restarts

Restarting your Windows-based computer clears out a lot of electronic junk and improves performance. The only problem is that you may not be restarting – or rebooting – your computer when think you are. We had one client go 73 days without performing an actual restart on a computer, which meant we needed a lot of time to clear out all the junk and reset the system.

One of the most common misconceptions we’ve found about restarting is that people think that simply turning on a computer after it’s been sleeping is a restart. To human logic, that makes good sense. To a modern computer, it’s all wrong. When you select the “sleep” option to close a session at your computer, you’re putting it into a state of hibernation. Your PC will seem like it’s completely off, but it saves a hibernation file to boot back to where you were before going to sleep.

When you tap your keyboard to wake up your computer, you’re using Microsoft’s “fast startup” feature to launch the hibernation file that essentially restores your system to where it was before going to sleep. The combination of sleep and fast startup get you up and running faster to use your computer, and it also helps various software and hardware vendors update your system while it’s not in use. Whatever electronic junk your computer has been holding is still there.

Fast startup also helps your computer get up and running faster from a complete shutdown. In a sense, shutting down your computer puts it into a stage of hibernation if fast startup is enabled, so you’re not getting a complete restart, which is necessary for clearing out the electronic junk. In our experience, fast startup is the root of all evil in a lot of problems we’re finding that can be solved by a restart.

All of this leaves you with two options. The first is simple: restart your computer once a week. It’s sort of like flossing your teeth; it’s another thing to remember, and it’s time-consuming. But it will keep your system clean and maintain a higher level of performance. To restart make sure you have saved all work files and application settings by properly closing out of everything. Then, just click the Windows icon at the bottom of your screen, click the power icon and click Restart.

The other option is to disable fast start. You can do that by doing a search for Control Panel, and then clicking on Power Options. On the left side of your screen, click on “Choose what the power buttons do.” Then, uncheck “Turn on fast startup.” Doing that will give you a complete restart when you power up from a shutdown. It can also be helpful when working with a speedy solid-state drive (SSD).

Along with restarts from a shutdown, we’ve found that clients using a laptop as a second computer have another set of problems. When their computers are out of action for an extended period of time, the startup routine when they power on induces a search for all sorts of system and application updates. In the case of Windows updates, the computer looks at when the last update was installed and then initiates a sequence of consecutive updates. That’s necessary because unless Microsoft issues a Service Pack that consolidates several updates, the latest update is typically an addition to a previous update. If you missed three updates, for example, your computer goes back to the first of that sequence and goes through three update procedures.

That entire process can take up a lot of time, and we usually get a call in the middle of it all because it seems like the computer isn’t functioning properly. The easiest way to solve that problem is to turn a computer once a week. It will look for updates as part of its boot-up, and the need to download and install only one Windows update or just a few recent updates for apps will get your second computer operational faster.

Just remember, though, if you’ve turned off the “fast startup” feature for a computer that’s been powered down, you’ll need to make sure you check for updates.

If you have any questions about restarts and power-ups, call us – 973-433-6676 – or email us. We can walk you through the process to set up the options that will be best for you or work with you remotely to set them up.

Who Really Sent That Email?

We’re seeing a pattern in security problems caused by “fake emails.” Although the pattern is not restricted to business emails, they seem to show up more frequently in offices. Here’s what’s happening.

Just like good marketers, email spoofers and hackers have noticed that Wednesdays and Thursdays are “light days” for email traffic. If someone who’s not overwhelmed by email gets no messages (OK, this might be theoretical), it doesn’t raise eyebrows because they’re not accustomed to a huge number of messages. When traffic gets back to its normal level on Friday, nobody bats an eye or says anything. That leaves the hackers free to move about.

What we’ve found when that happens is that a hacker has created a rule to move email messages to a place where they can do their dirty work. One of their tricks is to change a log-in to a fake website that looks like one you frequently visit. When your password is not accepted, you have them send you a link to change your password. When you sign into the fake site with the real password, they can use it to update your info on the real site and keep all of the function for themselves.

That “password” scenario is the one that seems to be most common way for hackers to gain their access, and as in most cases, the cybercriminals count on the fact that you’ll be too busy to notice anything unusual – and that you won’t say anything until well after the fact.

While offices – even SOHO businesses – seem more susceptible to this type of attack, anyone can be a victim. Here are a couple of telltale signs that you might be under attack.

The first is that you get an email that directs you to a website that you can’t log into because your password is invalid. If you use a “master password” application, that should tip you off right away. If you enter passwords for your sites and have them written down in a safe place, consult your records. If you can’t enter a password that you firmly believe is correct, that should be a tipoff, too.

The second telltale sign is that people got messages that looked like they were coming from their office’s email system. To see if something like that is a fake message, you have to find the IP address for the computer. If it didn’t come from your computer system, that could be the tipoff, but not always. In one case we had to solve, a New Jersey company was victimized by a New York IP address, but that didn’t raise any concerns at first because the company does a lot of business with New York IP addresses.

We can use a number of tools to help pin down the IP address from where the email originated, and the earlier we can get on the case, the better the chances of resolving your issue. If you want us to look at a message, you need to follow this procedure:

  1. Drag the message from your email inbox to your desktop. You’ll see it as an envelope.
  2. Email us that envelope as an attachment.

If you are convinced you have a threatening email, call us right away – 973-433-6676 – so that we can ask you a few “yes or no” questions and help you take appropriate steps before the consequences get really costly. If your questions aren’t urgent, email us for answers or to set up an appointment to talk. Email security problems will only get worse as time goes on.

The Not-So-Hidden Costs of Free Apps

Facebook is free. You can get a free Starbucks app that gives you savings. You can use any number of free navigation apps, such as Waze or Google Maps. They may be free of fees, but they have costs, but they have costs, and that may be at the practical heart of privacy.

Our purpose here is not to get into the specifics of how you can delete apps like Facebook from your computers and devices. You can find a lot of those steps within the apps themselves. Nor is our purpose here about whether you should delete those apps. Facebook continues to come under fire – and to fire back – as the news changes every day.

In our opinion, the issue of Facebook and Cambridge Analytica, which brought a lot of this discussion to a head, happened in 2015. Facebook shared data with Cambridge Analytica under an agreement, but when the agreement was terminated, the data wasn’t deleted. In some ways, we are now looking at several issues, so let’s separate them. I did download all of my personal information that Facebook has about me, and some of it was scary. The scariest part was that they have all of my contact information, and I could see the names of all the people who may have requested to “friend” me but did not accept.

In a way, all of the info didn’t surprise me, and we should all note that Google probably has more information about all of us than Facebook. Like it or not, our likes and dislikes, which are all reflected in what we say on Facebook and in Google product reviews, to name a few, plus all the searches we do and websites we visit all become valuable information for advertisers who want to focus on those who are most likely to buy a product. John Wannamaker, the Philadelphia-based department store owner, said some 150 years ago that he knew only half his advertising dollars were working; he just didn’t know which half. Today’s analytics help businesses and political campaigns make their dollars work more efficiently.

That’s where “free” comes in. We like free apps, free things and being free to express opinions. But it has a cost: whatever level of privacy you are willing to give up. Yes, those “terms and conditions” and “privacy statements” are long and difficult to read, but we all know the drill. In return for being able to use their apps and be eligible for certain perks, we give them the ability to track our locations and share information with their business partners. If anything, the Facebook fiasco has raised our awareness of what goes on behind the scenes, and we may be less willing to give everyone unlimited access to our preferences and whereabouts when given the opportunity.

Another related issue is the Internet of Things, or IoT. All the “smart” home systems, including the smart speakers from Amazon, Google and Apple, collect data based on the info you request, the songs you play and even the merchandise you buy using their systems. Two things we don’t know are: 1.) Do they collect information even when you haven’t activated them? 2.) Who has access to the information they collect?

Moving forward, I am not going to drop out of Facebook. But we can all download the info Facebook has collected on us and look at the apps and advertisers we are tied into through Facebook. We can delete those we don’t want.

Looking at all the data collected about us and figuring out what to delete or hide can be a daunting task, but we can help. Call us – 973-433-6676 – or email us to make an appointment to review whatever information you can collect from the apps you use. We’ll do the best we can to find that happy medium between convenience and security. But even if you decide to drop off the internet and just pay cash for bills and goods and services, your privacy still cannot be ensured.

Don’t Go to the Dark (Web) Side

The story of the hacking frenzy would be incomplete without mentioning the dark web. Some adventurous souls might think they can just drop in for a quick visit to see what’s it like and leave, but two thoughts come to mind: Trying to leave the Hotel California and a lamb sauntering into a lions’ den. Resist the temptation to take a peek.

Trying to poke around the dark web just for grins is the equivalent of going to a bad neighborhood at 2 a.m. just for sake of seeing what it’s like. It’s the place where stolen information, such as driver’s license numbers, credit card numbers, health records and the like are bought and sold. It’s no place for thrill seekers.

Yes, there are websites that will provide you with information on how to get to the dark web, and privacy is critical. Those who trade illicit information guard their privacy very tightly, and they use special VPNs (virtual private networks) to make sure they minimize detection by other criminals or law enforcement officials. And, you also want to minimize your exposure to other criminals who won’t think twice about stealing info and money from you.

Cybercriminals using the dark web never use any common ISPs (internet service providers) or browsers. That’s like walking into the bad neighborhood wearing a bright-colored reflective jacket. Rather, the dark web relies on special browsers designed to be undetectable. Users are advised to disconnect and/or disable recording devices such as microphones and cameras.

Dark web transactions are generally done using Bitcoin or some other form of cryptocurrency that makes it difficult, if not impossible, to trace the hands through which money passes. Users of the dark web generally use multiple aliases and anonymous email addresses to hide their identities and locations.

Criminals on the dark web know that other criminals and law enforcement agencies are marshaling all the tools they can to crack the dark webs, and the sophistication on both sides is constantly evolving. If you suspect some members of your family or employees might be thinking about taking a little peek at the dark web, let them know it can be an extremely dangerous undertaking. Once anyone wanders in, they’re prey for hardened criminals, and it’s unlikely they can wander back out.

If you’re concerned about whether someone in your home or office may have compromised your system’s security in some way, call us – 973-433-6676 – or email us for a security audit. If there’s something going on, we can take steps to mitigate the effects.

Spoofs and Email Management

Spoofing email addresses is so common that you might as well accept the fact that you have to scrutinize every message you get. With our switch to a new Office 365 management portal, many clients have been getting emails allegedly from Microsoft, and some are more obvious spoofs than others. It might be time to look at your email management processes.

Hackers use spoofing as a way to get into your computer or network. They are relying on your carelessness to click a link that allows them to introduce some sort of malware that will give them access to your critical personal or corporate data and your address book or contact list. Once they get in there, they can replicate the same message that snared you and hope they get lucky with a few more careless people.

To clean out the malware, we need to isolate the message to see what the hacker is spreading through your system. We’ve received a number of calls from clients in the past few weeks about problems with spoofing, and our issue has been the size of clients’ email folders. Simply put, when there are 100,000 messages stored in the inbox, finding the spoofed message that caused the problem can be extremely time-consuming.

In all likelihood, you’ve run into a similar problem when trying to find a specific message. Outlook gives you some search parameters for finding any message you may have saved, but because of the way most people search, you get a lot more possibilities, and that still slows down your search. And, of course, the more messages you have stored in one place, the longer it takes your program and you to find the message you want.

Setting up an email management system can make your searches more efficient, and it can also help you or any IT support team isolate a message that might be causing a problem with your system. Again, Outlook has a few tools, but you might want to start by creating a system of subfolders within your inbox. For example, I file all emails by client, and within each client, I file them by the year. That makes it easy to get to a place to find a message I want to retrieve. It’s similar to the way most of you would set up folders for documents, photos and videos, and business records.

Of course, that system is only as good as the effort you put into moving messages to folders. If you suffer from a severe case of email overload, you may want to consider an archiving program that works on the back end of your email program. It can be especially helpful for a business, particularly where employees deal with multiple people from the same organization. For as little as $3 per month, it can set up and execute a system that even isolates people within a company, making it easier for you or anyone in your organization to get to a specific message to resolve any kind of problem – customer service or malware.

While home users may not be concerned with customer service issues, there are times when you need to find a message to resolve a problem, and good organization can make a busy life a little less hectic. We can help you set up set up Outlook folders or find and set up an archiving system that works best for your needs. Give us a call – 973-433-6676 – or email us to discuss your email management issues and explore the most appropriate solutions.

Safe Travels, Safe Wi-Fi

It’s getting near spring-break time, and summer vacations will soon follow. You may have seen the reports about wi-fi issues and data security. One of the biggest problems you face is how easy it is to log onto a “fake” wi-fi network – a network that is neither part or your hotel’s system nor secure. But if you pay attention and follow a few simple tips, you can safely stream your favorite content and handle some routine email tasks.

The first and most obvious thing to do is make sure you understand your hotel’s or resort’s log-in information when you check in. Get the proper names of any network that the hotel makes available for you. Then, when you try to log in when you get to your room or sit down at the pool, you can pick out that network from the many that will display when your computers or devices search for the network. Don’t be surprised to see several networks that have spellings or character-and-number sequences that are similar to the networks you were given at check-in.

When you go to log in to the network you’ve selected, you’ll likely be asked for your name and room number. Tip No. 1, don’t enter a correct room number or even a correct name. Misspell your name, if you want. If the network lets you in, then you are not on a legitimate network. If you are denied access with your incorrect info, you should feel confident the network is OK.

Depending on the property’s size and network setup, you may be required to log onto multiple networks. Follow the log-in test for each network. And, most important, make sure everyone in your family or travel group follows that procedure because the breach of one computer or device could compromise everyone in the group.

Also, be aware of network names and connections as you float around. You or one of your family members could inadvertently wind up on an open, unsecured network that can be used to breach your computers or devices to steal information. Tip No. 2, you might want to consider disconnecting from the network when you finish your online session.

Tip No. 3, don’t use a wi-fi network conduct online business, such as credit-card purchases or accessing your bank accounts. You should also avoid wi-fi for logging onto sites related to your health or finances. Instead, use your cellular network. It’s much safer. That may require you to make some additional arrangements with your cellular carrier or to buy and install a SIM card with a data plan for service. However, it’s well worth the time and expense.

Personally, when I travel, I “hotspot” my computer in connection with my cell phone number. It can be expensive (though that’s a relative term), but it removes me from the wi-fi network. So far, hackers have not breached the cellular networks.

Just as a related point, if you are going to depend more on cellular data, make sure you have a plan that will cover your use, and make sure everyone who uses your plan knows its limits. If you’re streaming a lot of video content or gaming, data gets sucked up faster than you can imagine, and charges for exceeding your plan’s limits can be steep.

We can help you prepare for an internet-safe trip or make sure your systems are secure whenever you go remote near your home or office. Call us – 973-433-6676 – or email us to set up an appointment to look at your systems (we can do a lot remotely) and answer your questions.

Fraud’s Warning Signs

Anyone who tries to defraud you online – or even on the telephone – is literally banking your carelessness. Take a good look at emails and links and listen carefully on the phone. You can spot the fraud, and if you’re not sure, disengage and call the person you think contacted you – on the telephone – or send a new email, totally separate from the thread.

It’s important to be on “high alert” because the hackers and scammers are at the top of their game, and their targets include trusted advisors, such as accountants and tax preparers. We should state that these people should have secure systems in place and should know not to send or request sensitive, confidential information through email.

But at the end of the day, you need to take ownership of your privacy, so here are some tipoffs that a communication might not secure or might be out-and-out fraudulent.

First, does your accountant normally contact you by email? If not, that ought to raise a red flag. Second, can you absolutely verify that the email is from your accountant? While some email systems are good at spotting something fishy (or phishy), a scammer is betting that you’re not going to pay attention. Check the properties of an email address. It could very well be that cybercriminals were able to recreate the look and feel of an email from your accountant, but unless they actually got into the accountant’s server, a phony email will have a phony email address.

Attachments can be another tipoff to fraud. You should be suspicious if you get an email with attachments that are supposed to be forms, such as a tax form you need to fill out or a return to verify, are you being asked to provide your Social Security number and maybe your birthday? Can you open it without having to go to a secure website and enter a password? That doesn’t pass our initial smell test.

If your accountant does contact you about sensitive information or forms, are you referred to a secure website? Do you have that link with your access credentials safely stored? In a safe world, you can log into your account by entering the website address from your browser and entering your credentials.

If something doesn’t look right, you should always be able to call your accountant on the telephone.

And just to go one step farther this spring, here are some other things to be wary of.

Are you getting emails supposedly from someone you haven’t heard from in ages? And does have a short subject line, such as “hi”, with no message but a link? That’s a sign of fraud and clicking the link could open a breach in your system that can expose your sensitive data.

Are you getting Facebook friend requests from people who are already your friends? That’s generally a fraudulent request by someone looking to get into your system.

Anyone using fraudulent methods to get into your computer system may also be planting some kind of virus or malware to help infect other computers. If you think you may have clicked a link by mistake that could lead to a breach of your system, shut down your computer and disconnect it from the internet. Then call us – 973-433-6676 – so that we can apply our tools and expertise to minimize the damage and clean up your system.

Spectre and Meltdown Raise Need to Update

We’ve seen lots of patches from chip manufacturers and operating-system publishers trying to resolve the Spectre and Meltdown issues. Their effectiveness is mixed, but there are a couple of things you can do to help protect your systems: backup your files and update your software.

The patches came out quickly last month, and they kept on coming as chip manufacturers and publishers of apps and operating systems tried to close the open doors that Spectre and Meltdown use to get into a computer. If you installed all the updates, even multiple updates from chip manufacturers and software publishers, you did the best you could to mitigate problems.

If you haven’t installed updates for operating systems, applications, firmware, browsers and antivirus protection, do it NOW. If you have not set up your systems to automatically install updates, we suggest you do that now, too. Every supplier with a stake in your success is working ‘round the clock to shore up any weaknesses in their products. The faster you install them, the faster you’ll protect your systems and data.

Here is what you and the computer industry are up against:

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and the secrets, of other programs and the operating system. If your computer has a vulnerable processor and runs an unpatched operating system, you risk leaking sensitive information. This applies both to personal computers as well as the cloud’s infrastructure.

Spectre also breaks the isolation between applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets and may actually make applications more susceptible to attacks.

While Spectre and Meltdown affect chips, they resulted in computer failures that, in turn, resulted in the losses of apps and data files. In a number of cases in which our clients were affected, we found that Google Chrome was piece of every problem. We don’t say this to point a finger at Google; we note it to make sure you have the latest version of your browser installed.

In the more severe cases, we had to reinstall software systems – with all the cumulative patches – and data files because everything was wiped out. In the most extreme cases, we had to replace computers. This, of course, required that all data files were backed and that all software for operating systems and applications were licensed.

Using subscriptions for operating and application software can eliminate just about all problems associated with keeping your systems up-to-date and licensed. They also can provide access to backed-up data files to help restore your system. The bottom-line benefit is that if your system is struck by some disaster, which can include Spectre and Meltdown, a ransomware attack, or a virus or malware invasion, we can wipe your computers and servers of infections and initiate clean installations of your operating system, firmware, and application software and then restore settings and data.

Without the subscription, you may need to purchase software and then recreate all of your settings as best as possible. And if you don’t have data files in a separate, secure location, you’ll need to find the latest files you have and then restore them in your recreated system.

As we make these points, we are aware that everyone has budget restrictions. However, you need to look at the costs associated with an interruption due to an IT system failure. Any money you may have saved by hanging onto old equipment and software can be wiped by a single event.

By making smart investments to your system, you’ll be able to maximize your security and efficiency. That’s important for home use as well as a business. More and more, we have multiple users conducting some sort of transactions over the internet, and those activities can take place from remote locations. It’s a continuing trend in our use of technology. Subscriptions are a continuing trend, too, in the way we keep our systems ready to do all the things we do.

We can help you make the best decisions to balance your IT needs and available funds. Call us – 973-433-6676 – or email us to discuss your update needs and develop a plan to meet them.

Protecting Your Email Accounts

My dad wasn’t getting his personal email for a few days and thought it was because his service was down. We found otherwise, and he wasn’t the only victim. The message here is: Pay attention to oddities.

One of my dad’s symptoms of an email problem was that he wasn’t getting any messages. Unfortunately, that symptom doesn’t raise too many eyebrows these days because he figured a server was down – again.

But when the problem continued, he called, and we logged in to discover that his email was being forwarded to a Gmail account. We were able to re-secure his account, and it was one of those “no harm, no foul” situations this time. Next time, he might not be lucky.

But my dad wasn’t the only victim of an email invasion. One of our clients with an international business discovered that for a couple of days, all of their email was going into the “deleted” folder. They were expecting to have money wired in, so the email problem put them on heightened alert.

When we investigated, we found that they had been hacked and that hackers had added a rule to their email system that sent messages to the “deleted” folder and also forwarded the messages to an email address they had set up.

Both instances point out the need to be vigilant – and to follow safety precautions we’ve mentioned many times before.

  1. Make sure you have a strong password.
  2. Use long passwords that include upper- and lower-case letters, numerals and special characters.
  3. Change your password periodically.
  4. Never put information such as Social Security and bank account numbers in emails. They’re so easy to get picked off by hackers.
  5. Avoid sending emails that have umpteen thousand addresses in the “To” and “Cc” lines. It’s very easy for hackers to insert their own email address into someone else’s name and start a phishing expedition that could reel in sensitive, private information.

If you notice something funky about your email, get in touch with us right away. Call us – 973-433-6676 – or email us to help secure your email.

‘Free’ Streaming

Not all streaming is meant to be shared – or least not shared with dozens of strangers around the world. Cable companies and content providers are concerned about lost fees as access credentials to programming are increasingly abused. They’re cracking down on piracy.

Stealing service has been a problem since the first electrical wires and meters were installed more than 100 years ago. For cable and content providers, it became an issue when the first cable wires were strung up. The problem has grown as technology has developed more content and more ways to get it. Putting aside the issue of whether it’s all overpriced, it costs money to develop and deliver the content we love to watch, and too much of it is “falling off the back of an electronic truck.”

We can watch content for free on our TVs when they receive broadcast signals. But for the most part, the only people who watch broadcast TV are those who have cut the cord and stream through their TVs on their internal Wi-Fi or wired networks. For them, a TV is a device, just like a tablet, wireless phone or computer.

Cable providers have relationships with content providers that enable subscribers to stream cable-delivered content or simply stream it from the content providers. You get a username and password, and you’re good to go. You can even share your account with others, and almost all of us have done it at one time or another, especially with Netflix or Amazon Prime. Some providers encourage it.

Unfortunately, some people have taken sharing too far. The content industry has been OK with sharing info with a few friends or family members, but the problems arise when those friends and family members start sharing access with their friends and family. It’s all gone viral, and it hasn’t gone unnoticed.

Every provider who issues usernames and passwords also has the means to track who is accessing content and where they’re watching it. They expect that subscribers will stream their programming when they’re traveling, and they can usually verify access privileges are being properly used. Most vacations are a week or two, and even if you move around a bit, you’re generally not in locations a world apart within the space of two days – or on the same day.

The industry can track possible abuse, and there are steps they can take – if they haven’t done so already – to limit access without alienating honest, rule-abiding subscribers. They can require all subscribers to re-enter or change passwords more frequently. It’s a risk for them because some subscribers may find this an inconvenience and drop their service. However, it’s one way to shut off access to a large number of pirates in one fell swoop.

They can also limit the number of shares they’ll allow. While Netflix, for example allows up to four shares for its most expensive plan, and providers such as HBO and DirecTV allow limited sharing. ESPN may have limits on how many streams are allowed, but that could be independent of limits placed by cable or satellite carriers.

The industry can threaten to cut off subscribers – or actually cut their cords – but that gets into all sorts of sticky legal and customer-service issues. For example, do you take action against the parents who gave their college-age kids access? Do you go after their kids? Do you go after the users of devices they believe are “invalid users?”

This problem will become more prominent on the industry’s radar screen because a lot of money is at stake. Content producers need to be paid for their product, and that payment depends on how many subscribers watch it. Cable and satellite companies pay fees to producers and collect fees from advertisers and subscribers based on the number of valid users. Nobody wants money taken off the table because of a discrepancy between subscribers and viewers.

Finally, all this sharing raises a nagging question in the back of our mind: If someone has access to an account that you pay for, how can they use this access for their own gain at your expense? Call us – 973-433-6676 – or email us for help in tightening up your access controls.