Cyberbullying Hits Home

When you know a family that’s been victimized by cyberbullying, you take a closer, more personal look at this problem as both a parent and an IT professional.

As I was waiting for a flight home the week before last, I saw something on Facebook and had a sinking feeling. I knew the family through my affiliation with the Morris County Chamber of Commerce, and I had heard about a service earlier in the week for a young woman in our community, Mallory Grossman.

It was a suicide that came to a head because of cyberbullying. It brought home problem that is plaguing mostly youngsters but also people of all ages. The internet allows anyone to post the meanest messages imaginable and largely stay anonymous.

The solution is not a tech issue because this problem is rooted in how we function as a society. Some people have cruel senses of humor, and in the absence of personal filters, there are few filters to prevent them from spewing venomous posts. When the target of cyberbullying is experiencing other issues, which the bully likely doesn’t know about (and could selfishly care less), it’s like pouring gasoline on a fire.

I honestly don’t know what the answer is. As parents of two children approaching their teenage years, my wife and I are extremely concerned. Perhaps we need an even more concerted effort to provide better education for parents and students, and maybe that can be done through the school curricula in coordination with programs run by PTAs and/or business associations. The business associations can encourage their members to provide some kind of education program for their employees.

Technology measures by themselves will be ineffective for many reasons. Chief among them, very few parents have the capability to totally monitor and control their children’s online activity. Even for those of us who know a lot about technology, what will it accomplish? It won’t teach our kids about social responsibility. Instead, it will motivate them to find ways to break our technological measures, and kids in groups are pretty good at figuring out how to override our controls.

Further, what’s to stop any kid who has no access to some websites from going to a friend’s house and getting online there?

Any blocking we can do is ultimately temporary, but if it can be a sufficient delay to prevent just one tragedy, it helps. If you have any questions about what you can do and need any help in setting up parental controls, call us – 973-433-6676 – or email us. And that goes double for working together on what we really need to do as a community to fight cyberbullying.

Passwords Becoming Passé

I’m as tired as anyone else when it comes to remembering dozens of arcane passwords for all the websites I need to access. Current and future technology will be able to provide relief and stronger protection. Here’s the lowdown on locking down.

If we’ve learned anything at all from the monthly ransomware reports, electronic “locks” are pickable. We’ve also learned that time is money for hackers when it comes to planting ransomware and other viruses that can make life painful or costly or both.

Operating under the assumption that any electronic barrier can be hurdled in time, you want to lengthen the time of your defense as much as possible – and we’re talking decades. The longer and more complicated the password, the longer it will take for hacking software to crack your code. We all know that when you include uppercase and lowercase letters in combination with numbers and special characters, the time stretches out. Making sure it follows no special pattern – that it’s totally random – adds to the security.

Many theories abound as to how to create a complex, random password that’s easy to remember. One suggestion is to take a phrase or sentence that you can easily remember. Then, take the first or second letter in your phrase and turn some into uppercase letters, numbers or special characters in a random order.

I have one password I use for everything, and I am extremely confident its length and complexity will deter hackers. You may find fault that I have only one password, and that would be a valid criticism. If it’s cracked, someone could get into every internet account I have.

You can eliminate the need to remember multiple passwords by using a password manager program. Some are free and some have a nominal cost. Basically, you just need to remember a master password to get into the system. The password manager randomly generates new complex passwords when you visit each site. Yes, you can argue that somebody could crack the password manager’s system. It’s possible, but would you feel more comfortable with $1 million under your mattress or in a vault that’s a half-mile underground, encased in 20 feet of concrete and guarded by a randomly rotated army that’s always being retrained?

You can augment the password manager with two-factor authentication, something we’ve liked and used for years. In many cases, you need to answer a question, and it should be something only you know. Other measures might include answers to randomly generated multiple choice questions based on publicly available information that can be verified as “right” or “wrong.” No “maybes” allowed.

In the future, passwords will give way to biometrics. The software is there; the hardware needs to catch up. Windows 10’s Hello can handle the biometrics, but most computers don’t have the 3-D cameras needed to use the feature. Some Microsoft Surface tablets have the cameras, and if you are in the right place, it works really well.

Regardless of what technology you use, don’t let your guard down. Don’t buy things or do your banking over a public Wi-Fi network. Use a trusted, secure network or a cellular data network. Make sure the networks you control are secure with up-to-date firewalls and anti-virus and anti-malware software. Make sure all operating systems and firmware are current with all bug fixes and security patches.

Remember that we can help you with all of your internet password and security needs, including choosing and setting up a password manager, setting up two-factor authentication and answering your questions about biometrics systems. Call us – 973-433-6676 – email us to set up an appointment.

Don’t Wait When Hacked

A client got hacked at 5 p.m. and discovered it at 8 p.m. They waited until the next morning to call us. Our advice to them was to shut down their system. Our advice to you is don’t wait – but please use some common sense. We don’t appreciate calls at 5:30 in the morning because you can’t connect to the internet or get your email, but a hack is a whole other story.

If you think you’ve been hacked, shut down – as in “power off” – your computer or your system immediately. If nothing’s running or connected, nothing more can be taken from you, nor can anyone get deeper into your system. Once you call us, we can examine every part of your system and help you take steps to secure it before you and everyone in your business or home goes back online.

If we’ve learned anything from news reports, no system is immune from attack. But there are a number of steps you can take to make an intrusion more difficult – and for small businesses and homes, they may be enough to deter anyone from making a huge effort to invade your system.

In the case of the client who was hacked, he did not have administrative rights to his computer – and that was a big help in minimizing the damage. Administrative rights give those who have them the authority to make all sorts of changes to a computer or a group of networked computers. In addition to adding and removing programs and managing data files, administrative rights can be used to grant permission to other users to perform all of those actions.

In a small business, it makes sense to give several people administrative rights to keep business flowing smoothly. Even if you have automated systems to take care of certain functions, you may need to give people permission to do certain things. However, you need to pay attention to security to benefit from the convenience of this flexibility. We recommend:

  • Keep the number of people who need administrative rights to a bare minimum.
  • Make sure those people change passwords frequently and that they use strong passwords.
  • Limit permissions to certain functions to prevent a hacker from getting carte blanche to your entire system.
  • Set up separate users and log-in credentials for performing administrative functions and delete them after those functions are performed.

The same recommendations can apply to a home computer or home network, with the requirement that children and seniors should not have the ability to install or remove programs.

We also can repeat steps we’ve suggested before:

  • Do not use any simple usernames and passwords for any piece of equipment that is connected to the internet. Every device has a default name and password, and hackers know them all.
  • Use strong passwords and change them often. Strong passwords are usually complex passwords. Hackers have software to figure out certain patterns of numbers and letters, and they can pick up information about anyone from public records. Try not to relate your passwords to that information, but for any password, use a combination of upper and lower case letters, numbers and special characters.
  • Download and install updates from the publishers of your application software. In most cases, the updates contain bug fixes and patches to improve the security of your applications.
  • Keep your anti-virus and malware software up to date and active.

Again, if you get hacked, don’t wait to call us. Time is of the essence. Shut down everything and call 973-433-6676 for immediate help.

Of course, preventive measures offer the best protection. Call us or email us to arrange a security audit of your system. And don’t wait until you’re hacked to do it.

Behind Last Month’s Internet Breakdown

We’ve harped for years about the inherent conflict of convenience vs. online security. That conflict reared its ugly head during the distributed denial-of-service attacks, using – maybe – millions of computers to hit some of the world’s largest and most popular e-commerce and news websites.

Investigators have been able to pin part of the cause on hackers using IP addresses commandeered from millions of home devices, commonly called IoT (Internet of Things) – such as interior and exterior security cameras, doorbell and baby monitors, thermostats, etc. – that are increasingly popular with consumers. Too many people install them on their Wi-Fi networks and never bother to change default user names or passwords. That just leaves the door wide open to have their devices hijacked and used for malicious purposes.

From our point of view, it’s what happens when we get lazy and sloppy because we are so tuned into convenience. And, a DDoS attack can be the least consequential problem for you, personally. The hacker can gain control of your device and peak into your house at will – and even change your thermostat settings.

Users are not the only sloppy parties in this turn of events. The device manufacturers share the blame because they don’t require you to reset your user name or password as part of the installation process. After all, they don’t want the blame for your inconvenience, and we think that’s wrong. They can require you to reset user names and passwords as part of the installation process.

You can help prevent these DDoS attacks by making sure you change user names and passwords for the devices during the installation process. You can further protect your privacy by making sure your Wi-Fi network has a good, strong password. Too many people leave the default user name and password on their routers, too.

We should note that businesses, including professional services providers, can be just as lax as home users. We’ve had client systems hacked because their system administrators did not set up stronger log-in credentials.

We strongly urge everyone to have somebody look at their networks and IT systems and procedures once or twice a year. This may not be a comfortable analogy for some people, but even though you brush your teeth and floss every day, you still maintain better health when you visit the dentist once or twice a year for a cleaning and exam.

If you avoid the visit because of expense, it’s costlier – and more painful – to fix the problem instead of preventing it. What would be your cost for system downtime and repairing security breaches? Contact us by phone – 973-433-6676 – or email to find out what our security audit would cover for you and to set it up. In today’s world, you can’t afford to overlook any possible weakness.

The Firewall is Mightier Than the Electrical Tape

Electronic Peeping Toms are always a concern, and putting a piece of electrical tape is one way of drawing the curtains on your laptop’s camera lens. A better way is to make sure you have a strong firewall activated, strong password protection for your network and the latest anti-virus and anti-malware software running. Here’s your checklist.

  1. Make sure your firewall is activated and that all the software for it is up to date.
  2. Make sure you change the default password on your Wi-Fi network. If we set up your network, we gave you a unique password – one that’s long.
  3. If you are not sure about the security of your network or firewall, you can power down your computer, but the downside to that is that you’ll miss the legitimate updates (which typically include security patches) that come in overnight.
  4. If you install a camera system in your house to monitor selected rooms, change the password for the system, too. This should be a no-brainer, but it’s something a lot of people forget to do. Even the most incompetent hacker can get the default password for any system, so just change it and make it a strong one.

In most cases, networks are infiltrated because people don’t have them secured, and to be honest, having a Peeping Tom see you in your underwear might be the least of your problems. If somebody can hack into your computer’s camera or into your room-monitoring cameras, they likely have gotten into your computer and all the sensitive information you have stored there.

On the flip side, having internal and external cameras – and a system such as Ring to monitor your doors when someone rings your bell – can be a strong deterrent to crime. With all of the secure ways to use the Internet and mobile devices, you can monitor everything about your home from wherever you can connect to the Internet.

We think using firewalls and other technology to secure your cameras works a lot better than a roll of electrical tape. We can help you configure all of the software on your in-home systems and mobile devices to make sure you keep out prying eyes. Contact us by phone – 973-433-6676 – or email to make sure your cameras are secure.

Cybersecurity Checklist

We doubt the Russians or WikiLeaks are looking into your computer, but there’s a good chance somebody is. Want to get ahead of any possible problems? Try this checklist.

  • Update your software – Security patches are almost always the feature of any software update for your operating system and application software, including Internet browsers. You can set your computers, servers and mobile devices to notify you when an update is available or have it installed automatically. Do it. It’s as simple as that.
  • Limit admin accounts – There are two things to shore up here. First, limit the number of people in your organization – or household – who have administrative rights to your system. The more people who have access to the inner workings of your system, the more possibilities there are for somebody to leave an electronic door open to an invader. As another precaution, always run your PC as a non-administrator unless strictly necessary.
  • Enable your firewall – This should be a no-brainer. It’s the first line of defense against hackers infiltrating your entire IT system or any computer in your system that goes out onto the Internet. Make sure you have it set to manage inbound and outbound traffic.
  • Use anti-virus and anti-spyware – This goes hand-in-hand with enabling your firewall. These programs are designed to stop viruses, worms and other forms of malware. They can also stop pop-ups and other threats. Make sure every computer and device (where appropriate) is regularly scanned by the anti-virus and anti-spyware software, and don’t let licenses lapse.
  • Beware of wireless – Enable encryption, turn off SSID broadcasting and use the MAC filtering feature. Be wary whenever out of the office using Wi-Fi.
  • Protect mobile devices – Always use passwords, screen locks and auto locks on mobile devices, and encrypt data transmissions when possible.
  • Use strong passwords – The latest research shows that longer passwords are stronger, and you should always have a mix of upper and lower case letters, numbers and special characters. Change your password often and don’t use anything that can be related to your email address.
  • Backup your files – We can’t emphasize this enough – and we strongly encourage you to back up files offsite, on a cloud-based server. Have an automated backup and recovery plan in place for key data residing on your network vital for every computer user and organization. We’ve talked about ransomware before, and have securely backed-up files is your best protection.
  • Trust your gut – This is worth repeating, too: If a website, email or window on your PC offers you something that’s too good be true, ignore it or delete it. If something looks odd or out place, ignore it or delete it. Most companies, especially banks and credit card companies, don’t ask for personal information in an email. Don’t click a link. Instead, log back on to your browser and go to the website address you’ve used before to see what that company has to say.
  • Train your staff or family – Most cybersecurity breaches happen because of human error. Train your staff or your family members on how to be more secure while using computers and mobile devices on the Internet. Remember how you’ve told your kids not to talk to strangers or get into a stranger’s car? It’s the same in the cyber world.

We can help you with any of cybersecurity concerns and needs. Call us – 973-433-6676 – or email us to get answers to your questions or to set up a training session.

Backdoor Blues Need Legal Lyrics

The FBI’s request for Apple to unlock the iPhone used by the San Bernardino shooters has led to a far-reaching controversy in the United States. Parties on both sides of the issue have valid concerns, and we believe resolutions will need to come in the forms of a Supreme Court ruling (probably first) and federal legislation to better align technology and the law.

In our opinion, this collision was bound to happen because the push and pull between national security and privacy have gotten stronger as technology has made us part of a global society. Looking just at the United States, technology has advanced at a far greater pace than our legal system’s ability to keep up with it. Further, no matter how tightly our laws are written, there are always differing interpretations, and in our legal system, differences are resolved (in theory) through the courts and the appeal process. Even if Congress were to pass a law now to resolve the issue, one side would contest it.

Thus, the likelihood is that any legal decision will be based on a law that is already on the books, and it could wind up before a deadlocked Supreme Court. That’s a possibility, given our political environment.

This is where opinion ends. Here are the issues to consider.

There is no end. Once this specific cell phone is unlocked, the genie is out of the bottle – and the genie has the key to Pandora’s box. As we understand the legal world in practical, lay terms, there will be other legal cases in this country to justify unlocking a phone or any other access point to data, and arguments will be based on rulings that involve this phone. If a party in a lawsuit can successfully make the case that another request justifies unlocking a phone – with an argument made on a very fine point of law – a local or state government, in addition to our federal government, could gain access to data.

Knowing that a backdoor or master key is available, a foreign government could force a US technology company doing business in its country to unlock data. US businesses and citizens could be put between the old rock and hard place without the same legal protections that we have in this country.

There are no secrets. As the saying goes, “a secret is only secret when one person knows it.” Any solution to unlock the password and data on this particular phone will be a team effort. The greater the size of the team, the greater the chance a hacker will find a way to uncover the secret.

The defenses will need to be massive. If Apple and Google have software to unlock encrypted phones, they will be subject to massive “attacks” by parties interested in getting the code. Cyberwar is fought all the time by governments, corporations and hackers of all stripes. Who is going to keep the code, and who is going to have access to it? Defending against attacks burdens the tech companies.

Nobody’s data will be secure. This is the heart of the technology companies’ argument. They tout the security of their customers’ information, whether it be personal identification, health records and financial records. Corporations depend on security and access to how products are manufactured and how products and services are priced. We have already seen how a weakness in a contractor’s IT system opened a door to Target’s records. If someone can get into your phone, how safe will your life’s savings be? Could somebody use your healthcare and identity information to obtain services fraudulently and stick you with the bill?

The tech companies believe they have a responsibility to protect their customers’ data. There are very few issues that bring Apple, Google, Microsoft and others together like this one. It goes beyond mobile phones and tablets. Businesses, institutions and governments collect and store huge amounts of sensitive or proprietary data in “the cloud,” a global system of secure servers, routers and hard drives. These same organizations make extensive use of mobile phones and tablets. The tech companies argue that they must not do anything to violate the trust their customers place in them to protect the data.

What’s the greater risk? Is it a terrorist attack or somebody wiping out the life’s savings of millions of people in a matter of seconds?

Society needs to decide the privacy vs. security issue. It’s not right to make businesses the arbiters of public policy. We need an open, honest discussion of all the ramifications of possible laws, including the unintended consequences that always arise, and we need laws that do the right thing. There will never be complete agreement, and the right thing may not be the popular thing.

You can read many of the arguments from Apple and other tech companies here – as well as support from various privacy groups. There are no easy answers to the questions surrounding the issue.

Our call to action here is to speak up. We invite you to leave a comment below, and we encourage you to contact your government representatives to let them know what you think. We can sing the blues about privacy vs. security, but at the end of the day, our lyrics need to lead to laws.