Manage Your Email to Avoid a Scam

As more businesses are bought and merged, it’s more important than ever to pay attention to email accounts for all the entities involved. We’re finding “sleeper agents” hiding in neglected accounts, and they’re waking up to bite hard.

In a recent case, a client bought a business a few years ago and set up a number of special email accounts to help manage the transition and keep tabs on things going forward. The only problem is that going forward, they did not monitor those emails – and the account – so they didn’t realize their system was compromised.

They did notice irregular financial dealings in a bank account, and they went to the bank to change the account and the associated online password. But the person who had infiltrated their system still had access to all the email notifications, rendering each system fix ineffective. It took some heart-to-heart conversations with our client to get to the root of the problem and then fix it.

We needed strong passwords on every online and email account they had, but with a mole inside the system, that wasn’t enough. There are two more steps you need to take to tighten your system.

The first step is to set up two-factor authentication (2FA) for every account. Yes, it is a pain to wait to complete a secondary step, but it works. We find a text connected to a cell phone is effective because whoever is accessing the account has the cell phone nearby, and you know the verification code is going to the right person. The chances of the text message being intercepted are extremely remote.

The second step is to manage your email more effectively – and that calls for more than just checking it frequently. Whether it’s at the office or home, many email accounts have – or can have – a secondary email associated with each account. Please don’t leave it blank. That’s the door a hacker uses to get in. When you change the password, go into the profile for the user and reset or start using the secondary email account. At the same time, reset the rules for managing each account. The hackers had email forwarded to an account they could monitor, which let them stay up to date on all the changes our client made.

For both online and email accounts, you need to check each user’s profile information regularly. That’s where we can help. We can check or tell you where to look to see if anyone has electronically “jimmied” open a window to your system and help you take more protective measures. As businesses and consumers, we depend more and more on electronic payment systems to pay our bills and have our invoices paid accurately and on a timely basis.

Call us – 973-433-6676 – or email us to talk about your concerns and to schedule an assessment and a remediation plan – if needed. It’s your money, and if a scammer gets it, you likely will never get it back.

Old Security Habits Never Die; They Should

We still seem to see the same bad security habits we’ve always seen. Now, they involve PINs as well as passwords. Here are some bad habits you need to break.

The first bad habit has to do with keeping track of passwords and PINs (Personal Identification Numbers). We’ve discussed passwords ad nauseam, and the problems we find with them are they’re either forgotten, left in places where anyone can see them, used repeatedly, or made so simple that they’re easy to crack.

If you habitually run across any of these problems, you need to seriously think about how you can make your password system stronger. Some of the suggestions we’ve offered include making your passwords long and using a system that lets you vary one or two keystrokes or a word or phrase to keep them different. The system helps you remember your passwords – or at least the ones you use the most or ones you need while away from your computer. In creating your passwords, you’re better off using a longer password instead of a shorter complex one. Longer passwords make it more difficult for hacking software to figure it out.

A related issue is those security questions. Don’t give real answers that involve information in public records. Somebody can easily see where you’ve lived, where you went to school, etc. They can probably find out what your first car was.

PINs are meant to solve most of the issues, but they can run into that “forgetful” problem, too. An additional problem with PINs is that when you change devices, you need to reset the PIN. Again, that can be a real problem if you don’t remember the PIN you used.

Some people use their browser or a feature on their phones to save passwords. The danger there is that those passwords can be easily stolen, especially if you happen to visit a “phishing website,” one that has the look and feel of a legitimate website. When we feel rushed or stressed about things going on in life, we’re more susceptible to clicking one of those links or making a typing mistake. The owners of “phishing websites” typically have website domains related to common typing mistakes – although some companies have those sites, too, to make sure you can reach them. The old habit to break here is to take a deep breath when you’re online to make sure click on a legitimate link or type a domain name correctly.

Rather than use a browser or phone password saver, we recommend you a password manager. Dashlane and Last Pass are two that are well known, but using any manager gives you stronger protection. You’ll need to set aside time to get your password manager properly configured and to enter all the passwords you want to protect. The process includes setting up a master password that gives you access to the electronic vault where all your passwords are stored. The key to success is never, ever forgetting that password or giving it to anyone except one or two trusted people.

Credit card numbers can be hacked, too. A couple of our clients had their numbers stolen, and although they changed passwords, they still wondered what else might be broken in their system.

We can help you with security breaches. We take the time to look closely at your system to see how each change you might make – changing passwords or adding a password manager – will affect you. Our analogy here is to the new kitchen that we’re getting. As we change the room and add things like electrical outlets or lighting fixtures, we have to open holes in our walls and ceiling, and we don’t know what’s there until we get them open. It’s the same with your tech system. Without looking at everything, we can’t tell how one change will affect your system.

Call us – 973-433-6676 – or email us to discuss your needs and do the appropriate patching, including installing and configuring a password manager.

Facebook and Apple Fight is About Monetizing You

If you’ve downloaded and installed Apple’s iOS 14.3 update for iPhones and iPads, you’ve put yourself in the sights of Facebook and Apple. Called “App Tracking Transparency” feature, it labels apps in the App Store, telling users what data those apps collect and whether it’s used to track them for advertising. Facebook, which makes its money from advertising, says the feature will harm small businesses that rely on targeted online advertising.

In many cases, you’re worth pennies on the dollar, but there are hundreds of billions of pennies at stake. And while both sides try to cloak their stands in privacy and free enterprise, it’s really about “fee enterprise.”

The gist of Apple’s policy is that when you download an app from the App Store, your activity on the device can’t be tracked unless you give permission. Until now, you had to opt-out to avoid being stalked electronically online. Most people usually ignore the opt-out/opt-in option, and Facebook and other web-based operations have made a lot of money by tracking you and selling the data to companies who want to sell something you want – or have indicated you may want.

According to a recent article in Forbes, Facebook itself estimates a 60-percent swing in advertising effectiveness between targeting and non-targeted advertisements. Facebook’s ad charges the article notes, will presumably match its ad-placement effectiveness. With the company controlling about 25 percent of a $40 billion online U.S. advertising market, up to $6 billion in annual revenue is at stake in the US alone. Google and Amazon also profit immensely from tracking you and selling your data.

The bottom line is that anyone who opts out is 60% less valuable than a regular customer, and that’s part of legal proceedings before the Federal Trade Commission and in 48 states. Apple, of course, has been taken to task for its practices in handling App Store operations, including who gets to put apps there, and other technical issues. They’re not saints, but that’s a separate issue from the Facebook issue.

The Forbes article likens Facebook’s operations to Ladies Night at a nightclub. On Ladies Night, clubs let women in for free expecting that they will attract men who will pay a cover, as well as spend money on the women and themselves. In a similar way, Facebook provides users with free services in the hope that advertisers will spend money on them. Facebook is like the owner-bartender who, for $10, will tell you everything he knows about a particular woman, including her relationship status and favorite drink.

I can’t speak for how a woman might feel after reading this, but anyone can feel some outrage about being put on display and sold. Yet at the same time, we’re looking for new and interesting products or services when we go online, and we may be open to new ideas when they’re presented to us. To me, that’s Facebook’s argument. You might view Apple as the guy who senses harassment and comes over to “protect” you.

To expand the transparency/privacy conversation, you have choices. You are able to use search engines and plug-ins that block unwanted ads while you browse the web and visit sites. Websites are fighting back by not allowing you access unless you unblock the ads on their site. You may not like the choices. You may not like sacrificing privacy for convenience or vice versa. But this is all part of the opt-in/opt-out battleground over who gets to profit from you.

If you have any questions about how to configure apps to meet your privacy or convenience needs, we can help. Call us – 973-433-6676 – or email us for an appointment to walk you through the process.