With the likelihood we’ll be spending more time than we thought at home for work and school, we should start off the new year by hardening our defenses against cybercriminals. The basics haven’t changed,
Continue readingPants on Fire
Whether it’s business or politics, there’s a tendency to point fingers at other parties or make excuses. Some people will do anything to avoid responsibility. Yes, stuff happens, especially with technology and especially in these times, with so many people using more technology for work, school and entertainment. We believe this places a premium on being honest and upfront when dealing with tech issues.
I’ve been doing IT work for 30 years, and as I’ve built my own small business to serve other small businesses and home users, nothing has become more important than honesty and a let’s-get-it-solved attitude. In today’s daily-life environment, many of us feel we must be our own advocate, and technology has given us the tools. We can research anything on the internet to provide our supporting information; it doesn’t matter if we haven’t asked the right questions to get the right answers. And we can tell the entire world how we’ve been wronged; again, it doesn’t matter if we’re right or wrong.
In my IT world, life gets ever more complex. We have the capability to do so many things for work, school or entertainment because of technology. We invest money and emotion into putting technology to work, and we don’t leave a lot of margin for error. With small margins and little wiggle room, one could easily reason it’s better not to hold any responsibility. When that happens, honesty suffers.
A recent example of how this fits into our business occurred during a perfect storm. Have you ever seen the message telling you that firmware is updating and telling at the same time not turn off your computer? There’s a reason for that: it kills the computer.
In our case, we were in the final process of setting up a computer for a client. We were going through the last reboot – and we knew not to shut off the computer. What we didn’t know was that the computer hadn’t been plugged securely into the power outlet. When I moved it, the plug fell out, which was just like shutting off the computer. It no longer worked.
I told the client what happened and how we would fix the problem. I called Dell and told them what happened and got a replacement. I could have said it was a defective unit and gone through the long paperwork process of getting a replacement. I could have said the update was bad. Because the old computer was still in the office and working, we got the old one ready for work, and when the replacement new computer came, we completed the project.
Another time, we had scheduled the installation of a new server right after we returned from a trip. Normally, we don’t do major system work during business hours, but the problem the new server was to solve kept getting worse.
We came in on a Friday afternoon, and after assessing the situation presented the options. We said we could spend hours trying to fix the problem, but we weren’t optimistic about a good outcome. The other option was to shut down business and do the data migration right then and there. The client left it up to us to make the decision.
We did the migration over the weekend, and then we committed to be back in their office Monday morning to make sure everyone in the office could access all the information they needed. We could have just told them to call us Monday if they had a problem, but that would have meant more downtime for the business and a lot more tension and aggravation. When would they know they were having a problem, and how long would it take for us to get there? We knew what questions to ask and would know how to fix the problem.
By being upfront about everything in these examples, we and our clients understood the value we provided for each other. That helped us get on the same page and provide a timelier solution. If you or someone you know is tired of getting the runaround from an equipment supplier or another IT service provider, call us – 973-433-6676 – or email us discuss the problem. You deserve to know the truth – and the knowledge to make a sound decision.
COVID-19 Crisis – Keeping Your Technology Safe and Productive
A letter to our Clients and Friends:
It’s time to step back and take a deep breath. Yes, breathe in. Exhale slowly. Relax.
We don’t know how long our public health crisis with the coronavirus will last nor how it will end. But we’re in it together, and we at Sterling Rose want to offer you a few guidelines to help make your work and home disruption a little less disruptive.
If you are an employer or partner in a small business and need to conduct business from home, here’s what you should be doing:
- Make sure everyone with a laptop computer – whether company-issued or personally owned – can log into your cloud or server to access the apps and files that drive your business. If there’s a problem, contact us.
- Make sure that all of your hardware has the latest firmware (it’s basically like app software for hardware) installed. Do the same for your employee’s personal computers if they are working from home and logging into your tech system.
- Make sure all of your software – OS, apps, web browsers – has the latest updates and upgrades installed. While updates improve performance, they also have the latest security patches, and that will be most important. Hackers will be in high gear to try to penetrate your defenses.
- Make double sure that any employees who use their personal computers to conduct your business have of their software up to date for the same reasons.
- Make sure you and your employees have strong network passwords for Wi-Fi networks and that everyone has installed and activated antivirus and malware protection programs. We strongly encourage everyone to have a password management program in place, too, for convenience and security.
- Train everybody and constantly remind them to be careful about emails they receive and respond to and links they click. This is like the holiday shopping season for hackers. They’ll prey on your trying to do many things in a short time while under stress. If something looks just the slightest bit out of place, don’t click. Make a phone call.
If you are working at home and/or have kids at home who need to learn online, here’s what you should be doing.
- Make sure you have the internet and Wi-Fi capacity to handle multiple users at one time. You could have two people working and using cellphones while your kids are either online for classes or homework and/or streaming 4k content on HD TVs or other devices.
- Make sure your network is secure with a strong password – complemented by antivirus and malware protection software for every device that comes on your network. If your Wi-Fi system has the capability, set up a guest network for family and friends who visit – even though we’re not supposed to have visitors. It will help keep your network secure.
- Make sure everyone who is on your network has strong passwords for online activities, and make sure everyone in your home has up-to-date firmware, OS software and app software for every device and system they have.
- Make sure everyone in your home understands the threats caused by hackers. If you’re working at home, you’ll be under stress, so be careful about the emails you open and the links you click. Your kids at home may be bored. Make sure they are careful about the emails they open, the chats they get involved in and the links they click.
Again, take a deep breath, exhale slowly and relax. Take an extra minute to make sure you have your technology safe and functioning and take two extra minutes to make sure everyone – at the office and at home – is aware of the need to practice good online health while we try to avoid getting sick.
Finally, know that we are available to help you, your employees and your family be happy and productive online. Call us – 973-433-6676 – for any problems you have with technology at home or work. We’ll do our best to solve your problems by remote, and we’re still available for onsite visits to solve your problems.
We can all get through this together. We just need to be careful with our personal health and technological health.
All the best,
Norman Rosenthal
Sterling Rose
Home is Where the Hack Is
Don’t think your home is too small to be a hacker’s target. The recent invasion of a young girl’s bedroom through a camera system has sparked a lawsuit and some hot discussion about who’s at fault. Ultimately, you need to make you cover all the bases, and the Department of Homeland Security offers some help in making sure you know where the bases are.
DHS rightly states what we think is obvious about the two common misconceptions home users share about the security of their networks:
- Their home network is too small to be at risk of a cyberattack.
- Their devices are “secure enough” right out of the box.
Besides those misconceptions, home networks – no matter how many smart devices or dumb devices they connect – have many moving parts. In addition to cameras and smart speakers, to name just two, our networks include routers, computers, mobile devices and TVs. So, even though you may think you have a strong username and/or password for every device, there’s a possibility you can miss one key setting – or there’s a possibility that someone using your network has the weak link in your security chain that provides outside access.
The DHS checklist, which we summarize below, is a good place to start. It reiterates a lot of actions we’ve told you to take over the years, and it’s a good refresher.
- Update your software regularly. Besides adding new features and functionality, software updates often include critical patches and security fixes for newly discovered threats and vulnerabilities. (See Understanding Patches and Software Updates.)
- Remove unnecessary services and software. They can create security holes in a device’s system that could lead to a larger attack surface of your network environment. This is especially true with pre-installed trial software and apps installed on new computers. Remove what you don’t use.
- Adjust factory-default configurations on software and hardware. They’re intended to reduce the troubleshooting time for customer service. Harden them to reduce vulnerabilities.
- Change default log-in passwords and usernames. Most network devices are pre-configured with default administrator passwords to simplify setup. They’re not secure. Change them.
- Use strong and unique passwords. Choose strong passwords and don’t use the same password with multiple accounts. (See Choosing and Protecting Passwords for more information.)
- Run up-to-date antivirus software. A reputable antivirus software app can automatically detect, quarantine, and remove various types of malware, such as viruses, worms, and ransomware.
- Install a network firewall. It can block malicious traffic from your home network and alert you to potentially dangerous activity. When properly configured, it can also serve as a barrier for internal threats, preventing unwanted or malicious software from reaching out to the internet. We can help you configure them.
- Install firewalls on network devices. In addition to a network firewall, consider installing a firewall on all computers connected to your network. We can help you configure them, too.
- Regularly back up your data. Consider using a third-party backup application, which can simplify and automate the process. Be sure to encrypt your backup to protect the confidentiality and integrity of your information. Data backups are crucial to minimize the impact if that data is lost, corrupted, infected or stolen.
- Increase wireless security. Follow the
steps below to increase the security of your wireless router or ask us for help.
- Use the strongest encryption protocol available. DHS recommends using the Wi-Fi Protected Access 3 (WPA3) Personal Advanced Encryption Standard (AES) and Temporary Key Integrity Protocol (TKIP), which is currently the most secure router configuration available for home use.
- Change the router’s default administrator password to deter an attack using default credentials.
- Change the default service set identifier (SSID), the “network name” that identifies a wireless network. Make it unique and not tied to your identity or location.
- Disable Wi-Fi Protected Setup (WPS). A design flaw in the WPS specification for PIN authentication significantly reduces the time required for a cyberattacker to brute force an entire PIN.
- Reduce wireless signal strength to reduce your electronic footprint.
- Turn the network off when not in use or automatically disable the Wi-Fi at specified times to prevent outside attackers from breaching your home network.
- Disable Universal Plug and Plan (UPnP) when not needed. Recent large-scale network attacks prove that malware within your network can use UPnP to bypass your router’s firewall to control your devices remotely and spread malware to other devices.
- Upgrade firmware to enhance product performance, fix flaws, and address security vulnerabilities.
- Disable remote router management to guard against unauthorized individuals accessing and changing your router’s configuration.
- Monitor for unknown device connections to monitor for unauthorized devices joining or attempting to join your network. Also see the manufacturer’s website for tips on how to prevent unauthorized devices from connecting to your network.
- Mitigate Email Threats. Phishing emails continue to be one of the most common and effective initial attacks. They prey on the human element – the weakest component in every network – by persuading a user to click on a link or open an attachment.
All the steps you can take are common sense, but they’re often overlooked in our hurry to get a new product or feature online. The hacker looks to exploit momentary carelessness. We can review your home or office network with a security assessment and help you implement any of the steps in this checklist. Call us – 973-433-6676 – or email us for an appointment.
It’s All About the Switch
As data pipelines and Wi-Fi networks get bigger and faster, you need to pay attention to the switch, the connector that brings the service into your office or home and sends it to your network. You may need a hybrid system that includes an up-to-date switch and some hardwiring to unleash the full power of the internet service that you pay for.
Continue readingNew Company, Old Stuff…Old Company, New Solutions
A recent acquisition of a company by one of our clients illustrates the problems you can face with old software as well as old hardware. And our onboarding of a new client illustrates the problems that compound each other after neglect and poor shortcuts. Here’s how we tackled them together.
The software issue, which involved an old, old version of QuickBooks, drove home the benefits of keeping applications up to date. Our client, an accounting firm, recently acquired another firm, and we knew the technology had lapsed, and we even developed a budget number to bring it all up to date. Our question was whether to implement our project now or wait until after the upcoming tax season.
Wanting to do it right, we decided to move forward. Based on the problems we encountered, we made the right decision – because it was not a simple file conversion process. The old version of QuickBooks was from 2008; 2019 is the current version. There was an interim version is 2012. As with Microsoft Windows updates, we had to go through numerous updates because each update was built on a previous update.
In addition to the QuickBooks updates, we had to work with various versions of Windows and aged computers that couldn’t run Windows 10 and the current QuickBooks. Complications arose when people didn’t know the administrative emails and passwords required to set codes and perform updates. We tried numerous combinations, but the problem was solved by talking to the owner of the acquired company, who recalled a Hotmail account for QuickBooks. We had to work through additional emails and passwords – and inconsistencies on security questions.
We finally got it all done after several extra hours of time and another access issue. Our client is set for tax season, but we can’t help but wonder about the cost difference between software updates and the time and expense of the extra work.
Similarly, with old and new, we recently added a client who had been disenchanted with the managed services (monthly fee) program of their previous IT provider. We bid against another company that also offered managed services.
We don’t offer managed services because we believe it shortchanges clients. They pay a monthly fee but never know what the provider is doing for them. When we bill for the hours we work, we always provide a detailed description of our services.
We also don’t like to scare new clients into buying and installing new equipment, such as a server, until we take a deep dive into their systems and their needs. The bidder said the client needed a new one ASAP, which was logical because the server was eight years old. But when we talked to people there and learned how they work, they hadn’t been using the server, which had an old firewall that had never been registered. We registered the firewall and upgraded the software, putting off their need for a new server, which they were using to scan files to send to their printer.
Going forward, we’ll show them a different way of doing things without a server, and it should save them several thousand dollars.
We pride ourselves on being trustworthy, and we build our business on that trait. If you know a company or individual who’s looking for a new IT service provider, we hope you’ll refer us. And if you need a look at your systems, you can rely on us for an assessment that will show you the most cost-effective options. Contact us by phone – 973-433-6676 – or email to set up an appointment for you or a referral.
Tips from Orlando
Although we played as much as anyone who visits Orlando, we got a lot of work done at Microsoft’s annual tech conference. When I looked at my calendar, I had booked 21 sessions for the week, each session some 75 minutes long, and I probably walked some 40 miles in the expo. I narrowly avoided DBP – otherwise known as “Death by PowerPoint – surviving to get some useful information in many places.
As useful as the sessions were, some of the best learning took place offline while walking the expo hall with fellow members of The Crew. I joined The Crew several years ago. We’re all independent IT consultants, and we stay in touch all year long through a variety of ways, including phone calls. We can turn to each other when we have questions, and my Crew members have been an invaluable resource everywhere we go.
That includes Orlando. When one of members gave a presentation at the conference, we turned up to support him – and we wound up helping him out when he experienced “technical issues.”
Walking the expo gave us access to the best and brightest in the Microsoft arena. All of the booths were staffed by software engineers from Microsoft and its affiliated companies, and we got to talk to them in depth. We could talk about problems we’ve experienced or features we like and get more in-depth knowledge. We learned about workarounds for problems and ways to use advanced features in software and hardware.
Here are my three favorite take-aways from the conference.
- Many people who use Microsoft One Drive like to use # and % in their file names, but the system would not accept names with those characters. One Drive now allows you that option, so go ahead and # and % to your heart’s content.
- The fall update of Windows 10 will include more capabilities for One Drive. You’ll be able to sync large libraries of files on demand and be able to open files without having to download them.
- You can add the ability to share calendars in Outlook or native applications on mobile devices. The feature is not automatically available; you need to re-share calendars each time you want to sync them. While it’s a bit of a pain, all you need are valid permissions for sharing, and you can differentiate each person in the group by color. We can help you set it up.
To borrow an old phrase, we passed the last exit on the information super highway light years ago. With conferences like Microsoft’s annual event, we can be the roadside service resource that keeps you moving. Call us – 973-433-6676 – or email us at any time with any questions or service requests.