Preventing Viral Infections

Early shopping season reports showed online purchasing way up over in-store shopping this year. If you know what you want and what you want to pay for presents, online shopping is convenient and efficient. We’ve written a lot over the years about being safe online, but you’d be surprised who could be infectious.

One culprit, for example, could be an electrical contractor or video-surveillance-system contractor who does work at several locations for a national or regional retailer. That contractor may use some sort of billing app to invoice the retailer – let’s say it’s Target or Walmart, but it could be anybody; we’re talking about the size of the company. That invoice goes somewhere in the retailer’s massive data management program.

Now, let’s say that contractor hasn’t had the time to keep all of their security software update – or they’re using some free antivirus program that has more holes than a slice of Swiss cheese – or they’re using easily cracked passwords.

Do you see where this is going? A hacker gets into the contractor’s computer system, simply because it’s open. Once inside the system, the hacker sees that the contractor has done business with the large retailer and is able to find all the information the contractor uses to get into the system. Once hackers are in, they have the opportunity to explore other parts of the system, and that’s where it’s possible for them to get all sorts of personal data about the retailer’s customers.

It could only be email addresses, but that may be enough to help them launch a scam – which we’ll get into later in this article. They could also get into credit card information, which leads to financial consequences.

As a business or consumer, what can you do to keep from being infectious? First of all, make sure all of your antivirus and malware software and firewalls are up to date and activated. We always advise going beyond free versions of all of this software. The paid versions are stronger and better supported.

Second, make sure you have strong passwords and change them. Yes, it’s an inconvenience, but that’s the tradeoff you need to make to protect your security. We also recommend using additional security measures such as two-factor authentication or requiring a text notification being sent to your cell phone when you change a password. The text notification will tip you off if someone is impersonating you online.

Third, be VERY, VERY CAREFUL at this time of year. Holiday season is scam season. When you buy online, it’s common to receive an email from a retailer or shipper with a link to track your packages. With thefts of packages commonplace, it’s useful to know when a package will arrive to make sure you or a neighbor can take it in. With everyone rushing to complete shopping and get work done, it’s all too easy to click on a link, and that’s the opening for scammers to get into your system.

Another scam is in the travel industry, such as a special offer purportedly from a hotel or airline. Again, you invited to click a link to take advantage of a “great opportunity.”

You should do your best to verify the authenticity of any link before clicking it. One effective way to check is to hover your mouse over the link. You should see the link’s origin. If it looks funny, avoid it. Even better, open your browser and go to the company’s website to see if you can find the information contained in the email. If it’s legit and available, you should be able to access it. Your other option is to pick a phone and call the company – using a number provided on its website, not from the email.

The sad truth is that no person, business or government is safe from hacking. The question is not if you will be hacked, it’s when you will be hacked. And the consequences can be even more widespread than they used to be. Some of the viruses now get into your computer’s firmware. That means that even if you wipe your hard drive clean and reinstall your operating system and all your other software, the virus is still there.

If you think you’ve been hacked or have a virus in your computer, call us or your IT specialist immediately. We know where to look and have the tools to discover your breach and mitigate the virus if it’s all possible. Call us – 973-433-6676 – immediately if you have a security concern or contact us by email if you have any questions about your online security.

Passwords and Underwear: An Analogy Worth Mentioning

When Thycotic, a security software company, compared passwords to underwear, it certainly got a chuckle or two. But they share three characteristics that are worth more than a mention:

  1. Change them regularly.
  2. Don’t leave them on your desk.
  3. Never lend them.

Without getting into TMI, changing every password every day is a lot more involved than changing your underwear, and it’s really impractical. But you can help make your data more secure by changing passwords monthly or quarterly – or any time you see something that looks funny, odd or out of place.

We’ve seen numbers indicating that 75% of all Internet users employ the same password for all the sites they visit. I would strengthen it by using upper and lower case letters, numerals and special characters. I feel my information is safe because it could take years for a hacker to figure it out.

However, hackers have various tools to crack passwords, and they’ll get one eventually. The longer and more complex your password is, the longer it will take. And, hackers make a business decision in how far to go. If they can get a whole bunch of easily decoded passwords quickly, that’s where they’ll concentrate their efforts. So, if you want to keep your password simple, change it more often. But, do change it regularly.

Don’t leave them out on your desk. I can’t tell you how many times I visit clients and see passwords taped to monitors or walls for the whole world to see. In busy offices, where people walk in and out all day, it would be very easy for a practiced password thief to see a password or two and remember them. If you recoiled with horror at the thought of someone seeing your underwear on your desk, how do you feel about someone getting into your personal or corporate bank or credit-card information?

Never lend your passwords to anyone. Yes, the thought of someone using your password should be just as disgusting as someone wearing… Well, you get the idea.

You can further protect your password by being very careful about which websites you provide information. Remember that 75% figure? If a hacker uses a website for a bogus offer – such as something for free – to get you to sign on with a password, he’ll make the assumption that you lack good judgment or common sense. He’ll also assume you use the same password for dozens of other places, including those where he can either take money from you or find information to sell to others.

If you use cloud-based services, such as Microsoft Office 365, the provider will monitor patterns and notice something out of the ordinary. You, too, should be on the lookout for out-of-the-ordinary things, such as emails with attachments or links from people who normally don’t send you those things or emails with odd subject lines.

If you have any questions about password security, contact us by phone – 973-433-6676 – or email. In the meantime, treat your password like your underwear.

Steps to Take – Mitigate Fallout from Russian Hacking Incident

If you haven’t seen or heard the news, a Russian group has hacked user names and passwords for some 1.2 Billion accounts worldwide.

We urge you to run a virus scan and malware scan as quickly as possible on all of your computers to determine if your system has been infected. This post from The New York Times, which first reported the incident, covers some basic steps you can take. We’ve discussed them before, and they are now very much worth repeating. If you want to learn more, you can read reports from PC Magazine and The New York Times.

 

As always, if you have any questions or concerns, contact us immediately by phone (973-433-6676) or email.

Security Tips for What You Use or Recycle

Whether you’re activating new equipment or continuing to use equipment and websites, and whether you’re recycling old computers, peripherals and devices, there are a number of security steps you can take to avoid a variety of problems. Here’s how to cover your tracks.

Let’s start with passwords. Don’t raise your hands all at once. How many of you tape passwords to your monitor – at the office or at home? How many of you keep them in a file on your computer? How many write them on slips of paper? How many are frustrated by all the rules and by having to keep track of so many passwords?

Did anybody besides me not raise your hand?

Most security experts will tell you should have a separate, strong password for every place that requires one. In the real world, it’s a real pain and highly impractical.

Here’s what I recommend. Create one very secure password you really like and use it for everything. The same security experts will also tell that a very strong password will have three of the following characteristics:

  • Upper case letters
  • Lower case letters
  • Numbers
  • Symbols or special characters

My password has all four – and it’s long. According to the website How Secure Is My Password?, it will take 58 years for someone to crack my code. For perspective, if I would use just my name, it could be cracked immediately. If I add an exclamation point (!), it jumps to 48 seconds. If I add an initial capital letter to the exclamation point, it jumps to 25 minutes. Adding a number increases the time to an hour. Adding another symbol or number gets you up to 58 years.

To give you a better idea of passwords to avoid, SplashData, provider of the SplashID Safe line of password management applications, just released its annual list of the past year’s worst passwords. If you see something familiar in the list, you might want to make a change or two.

So, give your password some thought and some length, and you should be in good shape.  Just be aware that some sites may have some special rules about password creation, but you get the idea. Some sites also have two-factor identification requirements, so make sure you follow the rules. If you use Dropbox to store or share files, we can help you set up a two-factor identification for your protection.

Another area of concern, which is largely out of our individual control, is the theft of information from major retailers’ systems. Target and Nordstrom are the ones that come to mind. I believe the biggest threat to systems such as those is somebody inside stealing information – just like somebody in a company embezzling money.

However, it does raise a question that we, as consumers, need to answer. How much convenience do we want? We’ve all returned products without a receipt, and it’s possible when the retailer retains the transaction and your credit card information. We are trading privacy for convenience.

The newer credit card technology, which is widely used in Europe, uses a chip that the retailer scans. On the backend, no information is stored once the transaction is completed.

Finally, let’s talk about protecting your data – or more accurately erasing and eradicating your data – when you recycle a computer, smartphone, tablet, fax machine, copier or printer. All of them can hold data.

When you go to a reputable recycler, you can be confident they will erase all hard drives and chips. It’s always a good idea to verify that. You can also remove a hard drive from a desktop or laptop computer, and with a laptop, it’s pretty effective to wreck the hard drive by hitting it with a hammer. Desktop hard drives have a steel undercarriage, which makes destruction more difficult.

There are ways to erase or eradicate the data, but we recommend you let us take care of it for you. We can make sure all the data and files you want to keep are backed up so you can restore them for use on other computers and devices. We also can use tools that wipe everything clean and can test to make sure we took off everything.

We are also happy to take any electronics you want to get rid of to GreenVision. State and local laws that affect most of our customers require recycling for all electronics to protect the environment. We take your old stuff there when we install new equipment. Please feel free to call us – 973-433-6676 – or email us to answer your questions, wipe out your data and/or help with your recycling. You can also call us or email us about your password and data security questions.

This article was published in Technology Update, the monthly newsletter from Sterling Rose LLC.