Cybersecurity Scorecard

Cybersecurity has dominated our conversation for the past year, and a report from SonicWall, which provides security tools worldwide for networks to email and everything in between, shows where we’re making progress and where new threats lie.

First, the good news. In data gathered in the past year from the SonicWall Global Response Intelligent Defense (GRID) Network, the good guys and the bad guys made advances. The most notable of the advances the company found were:

  • The number of new POS (point of sale – mostly credit and debit cards) malware variants decreased by 88 percent since 2015
  • SSL and TLS encrypted traffic increased 34 percent year-over-year
  • Major exploit kits Angler, Nuclear and Neutrino disappeared
  • Unique malware attack attempts dropped to 7.87 billion from 8.19 billion in 2015

On the other hand:

  • Ransomware attacks grew 167x from 2014 to 2016 to an astounding 638 million attacks during the year
  • SSL/TLS encrypted malware was exploited 72 percent more often in 2016 than in 2015
  • Internet of Things (IoT) devices were compromised to launch record-setting DDoS attacks
  • Despite significant efforts by Google to patch vulnerabilities, Android continued to be exploited by cyber criminals

SonicWall notes that the technology to solve many of the new challenges cyber criminals threw at victims in 2016 already exists.  SSL/TLS traffic can be inspected for encrypted malware by NGFWs (next-generation firewalls), which are hardware- or software-based network security systems that detect and block sophisticated attacks by enforcing security policies at various levels. For any type of new advanced threat like ransomware, it’s important to understand that all network-based solutions should block network traffic until a safe verdict is reached before passing that traffic through to the intended recipient.

In 2017, there are two areas that SonicWall joins us in telling you to be particularly on-guard: ransomware and the Internet of Things (IoT).

Companies in the United Kingdom were 3x more likely to suffer ransomware attacks than in the United States, but don’t breathe easy. The US experienced the highest number of ransomware attacks in 2016 because of large volume of business.  While we as individuals and small businesses depend on companies like SonicWall to provide the tools to detect and stop ransomware, we need to follow strict security procedures – all of which should be well-known to us by now:

  • Install updates for all of your software for operating systems and apps. They contain the security patches and bug fixes that shore up the breaches in your systems.
  • Be extremely careful about the emails you open and the links you click.
  • Back up your data continuously to a system that is either not always online or that uses authentication. This will help ensure that you don’t accidentally revert to an encrypted back up if you’re hit.

The IoT has been massively compromised because of poorly designed security systems by device manufacturers. To protect yourself, SonicWall reminds you to make sure your devices are behind next-generation firewalls that scan for IoT-specific malware and that you segregate IoT devices on a separate zone to make sure they don’t affect the rest of your network if they’re compromised. To that, we add that you immediately change user names and passwords – and that you make those passwords strong. Some 70 percent of IoT breaches worldwide are in the US.

More protection was made available for Android mobile phones and devices, but they still remain vulnerable to overlay attacks. SonicWall recommends that companies using Android devices keep the option to “install applications from unknown sources” unchecked and both options to “verify applications” checked. They also recommend you avoid rooting and that you install anti-virus and other mobile security apps – and that you enable “remote wipe” in case your device is stolen or compromised with ransomware.

If you’re interested in a deeper dive and more technical explanations, we invite you to read SonicWall’s whitepaper on cybersecurity.

We can help you with a cybersecurity audit for your office or home and for all mobile devices. Call us – 973-433-6676 – or email us for an appointment.

Who’s Watching? Internal Software and the IoT

Connected homes. Connected cars. Doing more over the internet. The Internet of Things (IoT) is growing faster and faster. And that begs two questions: 1.) Who’s watching? 2.) How do you pull the shades on prying eyes?

The answer to the first question is unnervingly simple: It could be anyone in the world.

The short answer to the second question is: Shore-up your security.

As I walked around CES (the Consumer Electronics Show) in Las Vegas last month, I looked at all the devices that are connected to the internet. I thought about all the internal software in those devices – and wondered who’s upgrading that software for security?

Software is at the heart of every device in our house that’s connected – usually wirelessly – to the internet. While we continue to encourage you to change the username and password for every device you have, it’s still possible for hackers to use an open “back door” to get inside the internal software for, let’s say, the camera systems inside and outside your house. We all need to make sure that the companies who provide all these great connected devices are updating their software security. It’s no different than the security patches issued by all software publishers.

In the absence of device manufacturers pushing out software updates, you should make it a habit to visit their websites to see if any updates are available for your products – and to download them and install them right away.

It’s also important to know what’s in your house – even if it’s wired. We visited a house that somebody was buying, and we found a mound of wires in the basement. Not only did the new owners not know what all the wires were connected to, the old owner didn’t know about all of them, either. We found the whole house had been hard-wired, and that there was an old security camera system. We connected all the access points in the house to relieve the pressure on the new Wi-Fi system we installed, and we set up the camera system and made sure it was secure. But had we not been there, nobody would have known how everything was supposed to work and if anything had been exposed to a security breach.

Automobiles, by the way, have internal software, too, and you generally need to visit a dealer to have that checked. It has been demonstrated that hackers can break into certain parts of your car’s computer system and affect your car’s operation. While there’s likely not a widespread benefit that makes economic sense for doing this, you could be an isolated, totally random victim of someone who’s just playing around with the idea of hacking a car.

If you have any questions about the security steps you need to take for your devices, gather all the information you can find about the product and call us – 973-433-6676 – or email us with your questions. If need be, we can help you find the correct software updates or get the information you need to ask the right questions when you contact your device manufacturer.

Don’t Wait When Hacked

A client got hacked at 5 p.m. and discovered it at 8 p.m. They waited until the next morning to call us. Our advice to them was to shut down their system. Our advice to you is don’t wait – but please use some common sense. We don’t appreciate calls at 5:30 in the morning because you can’t connect to the internet or get your email, but a hack is a whole other story.

If you think you’ve been hacked, shut down – as in “power off” – your computer or your system immediately. If nothing’s running or connected, nothing more can be taken from you, nor can anyone get deeper into your system. Once you call us, we can examine every part of your system and help you take steps to secure it before you and everyone in your business or home goes back online.

If we’ve learned anything from news reports, no system is immune from attack. But there are a number of steps you can take to make an intrusion more difficult – and for small businesses and homes, they may be enough to deter anyone from making a huge effort to invade your system.

In the case of the client who was hacked, he did not have administrative rights to his computer – and that was a big help in minimizing the damage. Administrative rights give those who have them the authority to make all sorts of changes to a computer or a group of networked computers. In addition to adding and removing programs and managing data files, administrative rights can be used to grant permission to other users to perform all of those actions.

In a small business, it makes sense to give several people administrative rights to keep business flowing smoothly. Even if you have automated systems to take care of certain functions, you may need to give people permission to do certain things. However, you need to pay attention to security to benefit from the convenience of this flexibility. We recommend:

  • Keep the number of people who need administrative rights to a bare minimum.
  • Make sure those people change passwords frequently and that they use strong passwords.
  • Limit permissions to certain functions to prevent a hacker from getting carte blanche to your entire system.
  • Set up separate users and log-in credentials for performing administrative functions and delete them after those functions are performed.

The same recommendations can apply to a home computer or home network, with the requirement that children and seniors should not have the ability to install or remove programs.

We also can repeat steps we’ve suggested before:

  • Do not use any simple usernames and passwords for any piece of equipment that is connected to the internet. Every device has a default name and password, and hackers know them all.
  • Use strong passwords and change them often. Strong passwords are usually complex passwords. Hackers have software to figure out certain patterns of numbers and letters, and they can pick up information about anyone from public records. Try not to relate your passwords to that information, but for any password, use a combination of upper and lower case letters, numbers and special characters.
  • Download and install updates from the publishers of your application software. In most cases, the updates contain bug fixes and patches to improve the security of your applications.
  • Keep your anti-virus and malware software up to date and active.

Again, if you get hacked, don’t wait to call us. Time is of the essence. Shut down everything and call 973-433-6676 for immediate help.

Of course, preventive measures offer the best protection. Call us or email us to arrange a security audit of your system. And don’t wait until you’re hacked to do it.

Smarten Up! The Spoof is On

I was at a client’s office when the email – to her as president of a service organization – arrived, asking for a wire transfer of money. Other members of the organization got the same message, and some actually sent money. A scammer had spoofed a name or email address that was recognizable. This is becoming a growing problem. Is technology making us stupid?

The answer is “no,” but it is making us careless because it gives us the ability to do too many things too easily with too little forethought. That, in turn, leads to doing stupid things – and that’s what spoofers and other Internet-based thieves are counting on now and will continue to do so.

Email seems to open the doors to your computer and your data more conveniently than anything else. The biggest breach opportunities come when you click on something or follow through on instructions because you didn’t take the time to look carefully at an email and when you send sensitive information in an unencrypted email.

Spoofing is the most effective way to get you to open an email and link yourself to trouble. It’s remarkably easy to recreate a company’s logo and attach a fake email address to it. When many people see what they think is a legitimate logo, they just click to open. If nothing jumps out as a red flag, they’ll continue to a bogus website, and BINGO, it’s too late.

People are particularly susceptible to spoofs at this time of the year. Online merchandise sales continue to grow at holiday time, and merchants or shipping companies often send tracking info so you’ll know when your packages should arrive. If you take a little time to look at the message, you’ll probably see that the domain attached to the shipper or merchant bears no resemblance at all to the company. You might also note that the message itself is generic – and it likely has misspelled words or syntax that just doesn’t fit how we converse in the United States.

If you want to verify the tracking on a package, you can go onto the merchant’s or shipper’s website and enter a tracking number you received when your order was confirmed. If you don’t have that number, there is often a way to get the information.

Similarly, as we move from the holiday season to the tax season, be especially careful of financial-related information. There’s a reason why your financial advisor doesn’t let you leave trade information on voicemail or email. They don’t want your financial data left out in the open, and you should feel the same way. When financial advisors and institutions – and even healthcare providers – have messages for you, they generally tell you to access them on their secure websites – and require you to sign in.

DO NOT click a link on an email you think was sent to you by anyone who wants financial, health or other sensitive personal data. If you know the website, open a new browser window and go to the website by typing in the website address. Even if the domain name in an email looks correct, something like “[email protected]” can really link to “you’vebeenscammed.com.”

And, of course, never, never send user names, passwords, credit card info, bank accounts, Social Security numbers (even the last four digits) or other personal information in an email. Unless you and the other party have activated a mutually agreed-upon encryption process, the data is wide open. Email messages can go through multiple communications systems, and it’s impossible to know when a data thief is waiting to pick off any number of random messages at any point. They can pick off thousands in the blink of an eye and then take their own sweet time pulling out key info and wreaking havoc.

It all goes back to convenience vs. security, with a dose of distraction thrown in for good measure. We’ve had clients accidentally open a door to their computers, and the invaders took their info and denied the owners access to their systems. Fixing it on the computer end generally requires a visit from us, and then there’s the nerve-wracking hassle of working with other companies to close your breaches. When you have to go through all of that, it’s more than just an inconvenience.

We’re not telling you anything you don’t know. We are telling you to take a deep breath and a closer look at your email and the links inside them. We’re also telling you not to send sensitive information in emails. If you think you may have had a breach in your security, we can help you patch up your computer system. We can also help you set up an email encryption system. Call us – 973-433-6676 – or email us with your questions or to have us help resolve an issue.

Behind Last Month’s Internet Breakdown

We’ve harped for years about the inherent conflict of convenience vs. online security. That conflict reared its ugly head during the distributed denial-of-service attacks, using – maybe – millions of computers to hit some of the world’s largest and most popular e-commerce and news websites.

Investigators have been able to pin part of the cause on hackers using IP addresses commandeered from millions of home devices, commonly called IoT (Internet of Things) – such as interior and exterior security cameras, doorbell and baby monitors, thermostats, etc. – that are increasingly popular with consumers. Too many people install them on their Wi-Fi networks and never bother to change default user names or passwords. That just leaves the door wide open to have their devices hijacked and used for malicious purposes.

From our point of view, it’s what happens when we get lazy and sloppy because we are so tuned into convenience. And, a DDoS attack can be the least consequential problem for you, personally. The hacker can gain control of your device and peak into your house at will – and even change your thermostat settings.

Users are not the only sloppy parties in this turn of events. The device manufacturers share the blame because they don’t require you to reset your user name or password as part of the installation process. After all, they don’t want the blame for your inconvenience, and we think that’s wrong. They can require you to reset user names and passwords as part of the installation process.

You can help prevent these DDoS attacks by making sure you change user names and passwords for the devices during the installation process. You can further protect your privacy by making sure your Wi-Fi network has a good, strong password. Too many people leave the default user name and password on their routers, too.

We should note that businesses, including professional services providers, can be just as lax as home users. We’ve had client systems hacked because their system administrators did not set up stronger log-in credentials.

We strongly urge everyone to have somebody look at their networks and IT systems and procedures once or twice a year. This may not be a comfortable analogy for some people, but even though you brush your teeth and floss every day, you still maintain better health when you visit the dentist once or twice a year for a cleaning and exam.

If you avoid the visit because of expense, it’s costlier – and more painful – to fix the problem instead of preventing it. What would be your cost for system downtime and repairing security breaches? Contact us by phone – 973-433-6676 – or email to find out what our security audit would cover for you and to set it up. In today’s world, you can’t afford to overlook any possible weakness.

Upgrade for Better Browsing

Browser performance is becoming a bigger issue as browser updates and website advances require new versions – and even new computers. Not upgrading can also present security issues.

The problem we are seeing is a combination of clients with older computers using older versions of their favorite browsers trying to view websites that have advanced features the browsers and computers can’t support. The problem manifests itself when visitors can’t access a site or they can’t move around the site and use all of its features. They also start to see pop-up messages to upgrade their browsers.

We all tend to keep using our older systems and make a lot of allowances until something has to give. In this case, it’s your browser and/or computer. If your computer is not woefully out of date, you likely can upgrade your browser, but there are a few things to keep in mind.

Most important, don’t click on an upgrade pop-up message without being absolutely sure it’s a legitimate message. We have not heard of scammers and hackers using this type of pop-up to get your money or your data or both, but if they’re doing it already…

You can always go to the browser publisher’s website (Microsoft, Firefox/Mozilla, Chrome/Google, Apple, etc.) and download a browser upgrade from there. We believe it’s a safer way to do it. If you happen to download more than one upgraded browser, make sure you designate only one as your preferred or default browser. That will ensure that links you click – such as the link from our email message to get to this article – open in the browser you prefer to use.

If your computer cannot support a browser and a website you use, you should consider upgrading your computer. It’s not really an arbitrary suggestion; it’s all about security.

From the website owner’s point of view, they constantly need to incorporate new software to cover multiple platforms, such as Windows or Apple computers and a host of mobile devices. At some point, they just cannot incorporate the software needed to function properly on older browsers and older computers. Some of the reasons may include the ability to perform e-commerce transactions efficiently and securely, the storage of financial and medical records, the protection of encrypted messages and vulnerability to a variety of attacks.

Those needs take into account legal and insurance issues that affect their decisions about the software and systems they use and support. (We will discuss those in a future issue of Technology Update).

For you, the computer user, you need to consider costs – and that goes beyond just the cost of a new computer.

  • What is your cost if you cannot purchase business items online from your preferred vendors?
  • What is your cost if you cannot purchase any items online – personally or for business – because your browser (and computer) may have security risks?
  • What is your cost if you cannot bill customers and clients because of doubts about your security (see Protection in the Third-Party World)?
  • What is your cost if your data is breached?
  • What is your cost if you are found liable for others’ data breaches?

Browser requirements are likely to get tighter as we go deeper into our Internet-based world and as security becomes an even more important concern for website owners. We can help you get the most up-to-date browsers onto your computers, and we can help you plan an orderly upgrade of your personal and commercial systems to take advantage of any possible cost efficiencies. Call us – 973-433-6676 – or email us to help keep your website browsing as safe and enjoyable as possible.

Protection in the Third-Party World

The reliance on third-party providers for so many data servers continues to grow. That increases your dependence on other people’s diligence, and it increases your responsibility to be more vigilant.

“NJ Biz” recently devoted a series of articles to many aspects of online safety and protection, and one of them focused on issues we’ve been discussing: verifying the integrity of third-party providers and two-factor authentication. Third-party providers are being used more and more by businesses of all types because they can scale up faster and more economically to handle any number of users from any number of locations.

However, you need to rely on those providers to protect your data, and according to Jonathan Dambrot, CEO and co-founder of Prevalent, a Warren-based IT security, compliance and third-party risk management service provider, the security environment is far from ideal. In one of the “NJ Biz” articles, he says: “Depending on who you talk to, between 40 to 80 percent of all data breaches are happening at third-party vendors, because that is where most of the data is. People are focusing on third-party data security risks because criminals are going after the data where it resides.”

If a provider has weak security, it can be more vulnerable to an attack by hackers. But government and industry leaders are getting together to help you. Last December, Congress passed The Cybersecurity Act of 2015 to encourage companies to share with the government and each other technical details of hacking threats. This regulation reflects a growing acceptance of collaboration as a way to access data security threat intelligence and enforce vendor compliance.

It’s the latest of several early steps in a fluid regulatory process.

“Regulators have put controls in place over the last two-and-a-half to three years, and there is a combination of reasons why third-party or downstream risk has become really important to people as they look at their cybersecurity,” Dambrot said. “Third-party vendor and business associate risk has really changed as vendor services have changed. Years ago, people weren’t talking about cloud usage as much as they are today, and so, regulators will continue to change the wording to match the way data is handled.”

This collaborative effort, however, doesn’t get you off the hook. On the contrary, you need to do more. Two other articles we recently came across expand on two security matters we discussed last month: two-factor authentication and asking the right questions of any data-services provider.

Rather than re-explain some of the more effective ways to use two-factor authorization (2FA), we can refer you to a recent post by Ed Bott on ZDNet. There are many options available, including apps you can download to your mobile devices.

As he asks, “How much are your private communications worth? How about your reputation? Your bank account? Your identity?”

We know they are priceless to us but have great value on the black market. With 2FA enabled for a cloud service, any attempt to sign in on an unrecognized device might require you to enter a secret code that’s either received as a text message or generated by an authenticator app on your previously registered smartphone.

“Depending on the service, entering a code might automatically establish the current device as trusted, or you might be given the option to trust the current device,” he writes. “If this is your new computer or tablet (or a new browser), and you have this option you should say yes. When you’re signing in on a device you don’t control, you shouldn’t allow it on your trusted list. One way to make sure that the device isn’t marked as trusted is to use a browser in private mode (aka incognito in Chrome). If a bad guy manages to steal your credentials for an account that’s protected by 2FA, he’s unable to do any damage. Because he is signing in on an unrecognized device, he’s required to provide a second form of authentication. Without access to your trusted device, he can’t authenticate himself and can’t go any further.”

There are many variations on that theme, and we can help you find one or two 2FA programs that can best meet your needs and comfort level with your devices. But you need to be sure the data center that houses your information has all the right policies and procedures in place, too.

Services provider vXchange, which estimates some 78 percent of work-related data will be on the cloud by 2018, has a list of 10 questions you should ask your next data center manager, and we suggest you read them to get an idea of what’s at stake. They’re questions we ask of ourselves and our provider to minimize your risk and ours.

While you don’t get total control of your data, you will have a much better grasp of the possible risks and the steps you can take to maximize your protection.

As your trusted IT service provider and advocate, we have 2FA techniques we prefer and providers with which we have established relationships. We can answer your questions and address your specific concerns in selecting and installing 2FA programs, and we can help you select and vet data centers. Call us – 973-433-6676 – or email us to set up an appointment to discuss your specifics.

Windows 7 Pain Management

Windows 7 is still a viable operating system for many businesses, but as more users and software application publishers migrate to Windows 10, using the older system can be very painful. Managing that pain isn’t easy, especially when you have a large, highly customized application package that simply can’t be upgraded to work with Windows 10.

The problem comes when you need to reinstall your Windows 7 operating system. There is just no easy way for this OS, which is 11 years old. In technology terms, that’s more than just a ripe old age. In real-time terms, that old age creates a lot of problems.

The re-installation problem requires you to follow these steps:

  1. Install Windows 7 using your valid installation disk. That’s pretty easy, but don’t get overconfident.
  2. The installation process will ask – really, require – you to download and install Service Pack 1. It’s the only service pack that Windows ever issued for Windows 7. Nor has Microsoft ever released a “roll-up,” which would be a compilation of all updates since Service Pack 1.
  3. So, after you have downloaded and installed Service Pack 1, you’ll need to run Windows Update to get all the critical security upgrades and patches.

Windows Update has more than 200 important updates. You need to start the sequence, and then, you need to pay attention. There are numerous points along the way where you need to reboot your computer to complete the installation of an update. Then, you need to continue Windows Update.

We have reinstalled Windows 7, and it has taken us two to three hours with a fast Internet connection. If you have a slow connection, it can be like riding a bicycle on the New Jersey Turnpike.

If a re-installation is something you must do, we can walk you through the steps. However, you must be asking why all of your application software can’t just run on Windows 10?

For highly customized software, such as a Sage accounting program that one of our clients uses, there is a compatibility issue as well as a financial consideration. Windows 10 has a number of security features that will not work with a Windows 7-based application program. They are not issues you can solve simply by not using all the features. The application software must be compatible with the OS. The financial consideration is that an upgrade to the accounting package would be $15,000. The cost of the time to reinstall Windows 7 is nowhere near that, and that’s probably the pain-management equivalent of taking aspirin until the pain goes away.

If you are fortunate to have some planning time, you can manage the pain more effectively by talking with the app publisher about updates. Those are always difficult for the app publisher because customized programs take a lot more of their time. They need to write the upgrades into their basic package and then to several steps farther to add your customization. Customized software packages have a lot of moving parts.

Some other factors to consider as you migrate is how much you need to keep everyone together. If you have a senior executive moving to Windows 10 ahead of most of the people in the department, how will that affect everyone’s ability to use the same applications. Windows 10 and Windows 7 versions may be quite different.

In addition to the application aspects of the software, will there be major security gaps between the older and newer versions? As we are harping, security is extremely critical in today’s business-computing world. When you leave certain doors open to get the work done, you may leave an opening for an outsider to come in and compromise your system’s integrity.

If you see your business coming to a crossroads, contact us as early as possible by email or telephone – 973-433-6676. The more time we have to look at your options, the better your probability of having the best possible outcome in managing the pain of transitioning your OS and application software to a more stable, efficient and secure system.

Rolling Out Windows 10…Rolling Up 7 & 8

If you haven’t chosen to install Windows 10, Microsoft will be making the decision for you – though you will still have the opportunity to roll back to Windows 7 or 8. If you still want to buy Windows 7 or 8 for your computer, Microsoft has set the final purchase dates. Here’s what you need to know.

When Microsoft began rolling out Windows 10, the company invited users to reserve the new operating system. As Microsoft got the new OS ready for computers based on each machine’s manufacturer, it sent each owner a notification that it was ready for download and installation. That’s changing, according to a post by Terry Myerson, executive vice president of windows and devices, Microsoft.

Before the year’s end – which is approaching fast – Microsoft will make Windows 10 an “optional update” for all Windows 7 and 8 users. The kicker comes in 2016.

“Early next year, we expect to be re-categorizing Windows 10 as a ‘Recommended Update,’” Microsoft says. “Depending upon your Windows Update settings, this may cause the upgrade process to automatically initiate on your device. Before the upgrade changes the OS of your device, you will be clearly prompted to choose whether or not to continue. And of course, if you choose to upgrade (our recommendation!), then you will have 31 days to roll back to your previous Windows version if you don’t love it.”

However, the move to Windows 10 is getting harder to avoid. You can read more thoughts by a couple of commentators, such as Gordon Kelly for Forbes and Mary Jo Foley for ZDNet. But here are a couple of things to keep in mind:

  1. Microsoft is proactively installing Windows 10 code on computers to make the process go faster. It won’t spring into action unless you complete the Windows 10 installation process, but it is there – and that could understandably bother some people.
  2. At some point, you will need to make the active decision NOT to install Windows 10.

In my opinion, Windows 10 is big upgrade over 7 and 8 with more speed, security and capability. I encourage all Windows users to install it on their computers. I am not happy about some of Microsoft’s tactics, but I understand the “big picture” strategy behind them. It becomes expensive for them to support outdated software.

With that in mind, Microsoft has set the final purchase dates for OEMs for Windows 7 and 8. For all intents and purposes, Windows 7 has not been available for computers purchased at retail stores, but as a reseller, we are able to get them. We are able to get computers with Windows 7 Professional, but Microsoft has set Oct. 31, 2016 as the cutoff date. For Windows 8, the cutoff date is sooner – June 30, 2016. The final sales day for Windows 8.1 is Oct. 31, 2016.

We have no problem with any client staying with Windows 7 and 8 or 8.1 operating systems – even though we intensely dislike the Windows 8 family. While we strongly urge home and SOHO users to go to Windows 10, we understand that larger business and professional users may have application software tied to 7 and 8. Migrating from those older systems will require planning to make the move efficiently and cost-effectively. We can help you map out a technology plan for the next 12 to 24 months. Call us – 973-433-6676 – or email us to set up a strategy session

Jailbreaking Devices Makes You Easy Prey

Everyone who has ever played Monopoly covets the “Get Out of Jail Free” card. It’s instant freedom. Some people like to “jailbreak” their cellphones for the instant freedom of doing something a manufacturer or carrier never intended. But if you jailbreak a phone or other device, you’ll likely never pass go and collect $200 – nor will you find free parking. You and others are more likely to pay a lot of rent.

Here’s why, and it’s very simple. Most updates for phones, tablets and computers – if not all – revolve around security. With so many more hackers using more sophisticated tools to get inside of any system, security is a preoccupation. Whenever you jailbreak a device, you open a hole for someone to breach.

It wouldn’t be that bad if a security issued affected the owner who jailbroke a device. Unfortunately, this can go viral very fast. Let’s look at one possibility – and you may never look at your babysitter the same way after this.

People jailbreak devices to get application feature sets, among other reasons. It could be that a high school or college student jailbreaks a phone to download music. Now, let’s say you and your babysitter use smartphone apps so you can transfer funds to pay up at the end of the night. There is no way for you to know if someone has used that security breach in the download app to get into your babysitter’s financial information. If they have, they could use that information to trace your bank account that’s associated with your phone.

But it’s not just your babysitter. Anybody who uses the convenience of paperless money transfer can be vulnerable to a security breach if one of you has jailbroken your device. We recently saw an article in a British newspaper about 250,000 iPhones being hacked as the result of Apple Pay transactions. The article had a sensationalistic tone, but once you got past that, it was easy to see that all hacked phones had been jailbroken.

If you use Google Wallet, the Android platform, you face the same hacking risk if you jailbroke your phone. In our “tap-and-go” world of speed and convenience, it won’t matter how secure the payment system is if your phone is the weak link.

So, your safety is very simple. Don’t jailbreak your phone, and be very careful about where and with whom you do on-demand business. I, for one, have a pretty high level of understanding about what goes in the electronic netherworld where hackers play, and I would never be foolhardy enough to think I could beat them at their game.

If you have a jailbroken phone and want to relock it, we can walk you through a procedure. However, be aware that once you start the process, it’s irreversible, and you will delete all information, files and settings on your phone. If you want to re-lock a SIM card, it must be done by your carrier. Only they have the software to restore factory settings for their network. If you are buying a used cell phone, we can help you with the process to make it safe and secure. We can answer any questions you may have about cell phone security. Call us – 973-433-6676 – or send us an email