Making Technology Work Abroad

When you travel to some of the more remote parts of the world or parts of the world that lag in communications technology, you need to be flexible. You could need to work around slower internet service or service blackouts. But you may not be able to easily work around security and tech support issues that can crop up at the most inopportune time.

As experienced travelers and technology experts, we’re used to dealing with less-than-ideal conditions. But we still came across glitches we didn’t foresee. We need to plan for less-than-optimal service (sometimes no service) and problems with internet access, and we need to have some flexibility.

When we were in a game reserve in South Africa, we knew there would be limited Wi-Fi or cellular service, but we were too busy being awed by all the animals we saw. We were surprised on our cruise ship when we were in Madagascar. The ship had internet blackouts; there was no Wi-Fi service. Satellite connections were not available. We also had to work around 3G technology (which has basically been eliminated in the United States). In some cases, VPNs would not allow access to certain websites – and we had counted on that access for certain business needs.

This presents an interesting dichotomy. We take vacations to get away from our normal routines, but sometimes we need to stay in touch. We like being able to resolve issues remotely for our clients or get a detailed understanding of issues so that we instruct those who provide services on our behalf. We believe it’s a critical part of our pledge to serve you.

We also like to take a lot of photographs and shoot videos to share with family and friends during our vacations. With images and videos creating ever larger files, we rely on fast internet service, which may not be available.

Then, there’s the matter of security, especially with authenticator apps and VPNs (virtual private networks).

Authenticator apps are part of the two-factor authentication (2FA) process for accessing websites. The first thing you should do is log in to your authenticator app and make sure it works. You should especially make sure it works with any privacy measures you might take, such as a VPN. Microsoft Authenticator (our preferred app) and Google Authenticator are two of the most commonly used apps, and they work with mobile devices – even if you are logging in from a computer.

If you get a new phone or tablet, you’ll need to reinstall your authentication app; it doesn’t transfer. When we get a client call about an authenticator problem, the first question we ask is whether you have a new phone. We can always walk you through the setup process.

While we’re on the subject of VPNs, be prepared for yours not to work when logging in to a website you normally use. In some countries, an international company’s website might be hosted in a country outside the US. If you are running a VPN that identifies your device as being in the US, just hope it works well so that you can access the site. If you need to contact that company’s tech support, make sure you know what time it is in their location.

If you’re planning a trip to remote locations anywhere in the world – even here in the US – we can help you with contingency plans based on your needs. Call us – 973-433-6676 – or email us to see what you can do.

Is ‘Zero Trust’ in Your Future?

The words “zero trust” in Zero Trust Network Access (ZTNA) are probably appropriate in a time when it seems like we don’t trust anybody about anything. ZTNA is being touted as a replacement for VPNs (Virtual Private Networks), especially for remote business needs. It could be more effective, but small businesses will need to jump through hoops.

ZTNA is a technology designed to limit who can access a network and where in the network they can go. The limits are important. For example, anyone who can access a Microsoft 365 network as a global administrator can effectively play God; they can do ANYTHING.

The goal of a ZTNA is to keep out false gods. Its proponents tout the following benefits:

  • Invisible infrastructure: ZTNA allows users to access applications without connecting them to the corporate network, thereby eliminating risk to the network.
  • More control and visibility: Managing ZTNA solutions is easy with a centralized admin portal with granular controls. Managers can see everything and create access policies for user groups or individual users.
  • Simpler app segmentation: Because ZTNA isn’t tied to the network, organizations can segment access down to individual applications instead of complex network segmentation.

Proponents further contend ZTNA is faster and more convenient than VPNs, offer better security, and are easier to manage. Gartner, a technology and research consultancy for large corporations and government, predicts its client base will largely phase out VPNs for ZTNA.

If you’re a small business or nonprofit organization that deals with large companies and government agencies, you may need to learn how to live in the world of ZTNA at the very least. If you want to adopt for your own use, you’ll need to answer some risk/reward questions:

  • Do you need a Ft. Knox type of defense system?
  • Are you willing to build new access systems to maintain your current business process?
  • Are you willing to take on the learning-curve risks of implementing a new security system?

There are no cookie-cutter solutions to changing your security measures. Call us – 973-433-6676 – or email us to discuss the specifics of ZTNA, especially if you need to use it to comply with another organization’s directive. We can help you design and implement a plan that minimizes your risk as best as possible.

New Device, Same You, New Problem

You’re still the same person you always were, but when you get a new device, you’re a different person as far as some login procedures are concerned. You need to get back to basics in setting up account access. It’s a more acute problem as we do more work outside the office.

We recently got a call from a client who had trouble logging into a work system through a VPN with two-factor authentication (2FA). Nobody had changed any of the login information, so it was all baffling until the client mentioned they had a new phone.

Another client called because they couldn’t get into their email. Again, they had a new phone.

These incidents highlight the good and the bad of multiple authentication steps. The good is that they’re based on the device being used to verify the right of the person to access an account. That means a hacker halfway around the world can’t use their computer to get in. The bad is that you have to take the time to reconfigure all your access info. (Hey, we’re really sorry for the inconvenience.)

Because both cases involved clients with new cell phones, we had to invalidate their old cell phones. We registered one client as a new user and registered a new cell phone number for the other. These are essential steps everyone needs to remember to take as you get new devices.

And because all the 2FA steps in common use are tied to devices, it’s a good idea to make sure your devices require some extra steps to unlock them. Many people use a four- or six-digit PIN, and more people are going to biometrics. While nothing is impossible, even if someone knows your online login info and has your device, they can’t access your accounts if they can’t unlock the device.

If you or your employees are getting new devices, we can help you make sure that they have access to email and online accounts and protect them from unauthorized users. The process isn’t difficult, but it does involve diligence to check all the boxes in the setup process. Call us – 973-433-6676 – or email us if you have questions or need help in going through the process.

Making ‘Work from Home’ Work

As the “shelter-in-place” orders rapidly clamped down on our mobility, the massive and sudden shift in how we worked forced employers and employees to scramble. Equipment and security became the key issues to address.

Most of the equipment issues our clients faced revolved around laptop computers. Because of last year’s chip shortage, computer manufacturers were already behind in building enough machines to meet the market’s needs. Those needs shot up as COVID-19 hit, making computers as scarce as toilet paper. Simply, there are just not enough business-grade laptops to go around. In some cases, our clients have gone to consumer electronics stores to buy home-use laptops for employees and have us set them up.

In our view, that’s better than just having employees use their personal devices to log onto a business network and access files and apps. Unless an employer knows exactly how a computer is set up for security and how secure the employee’s home network is, that employer is rolling the dice.

Many employers have VPNs (virtual private networks) to protect the security of computing from the office to their servers or cloud servers. But that only covers the traffic between their covered computers and the server. Those who regularly work remotely use the VPN, but their computers and devices should have security measures installed, and the users should have been trained in internet security.

When your employee sets up a computer or device at home and logs into your network, here’s the worst-case scenario. Your employee may not have up-to-date anti-virus and malware protection software installed and running. Your employee may not have an adequate firewall – or any firewall – installed and running. Your employee may not have a secure Wi-Fi network. If your employee’s security system is like Swiss cheese, you can be sure a hacker will find a way to tunnel into your corporate data.

Fortunately, we have found a workaround.

Working with your employees, we can install VPNs and we use your ISP’s (internet service provider) IP address as an external IP address when your employee logs into your work network from home. That helps keep the connection secure. Then, we use Microsoft’s Remote Desktop to connect the home computer to your office network and the employee’s office computer. That allows employees to work just like they were in the office.

The keys to making this workaround successful are making sure that all the office computers are on and that someone can monitor the office computer system to make sure everything is functioning properly.

If you haven’t taken these steps yet, call us – 973-433-6676 – or email us to schedule the work and to run through a checklist of things to be done before we begin.