Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT

Know your exits

  • 0
Christopher Woo
Tuesday, 27 July 2021 / Published in Woo on Tech

It’s become abundantly clear from how we handled the pandemic that humans, as a general rule, aren’t very good at planning for, and dealing with, unexpected scenarios, especially if it is something that they don’t believe can happen to them. Life insurance agents will tell you this, and as a guy who’s spent the past 30+ years working in technology, I can also say that regardless of how long you’ve been using a computer for whatever reason, most of you aren’t planning for when it breaks. Some of my clients do actually plan for failure, and even they are caught off guard sometimes. If there’s one thing that you can count on with technology, failures won’t go as planned.

Not the kind of exit you might be thinking

We don’t want fires to happen in buildings, but when they do, it’s of paramount importance that we know how to get to safety. While I can easily list plenty of failure scenarios for your technology, I can’t tell you when they are going to happen. But there are plenty of things I can help you plan for because our use of technology is fairly predictable, and if we prepare accordingly, we can react effectively when failure rears its ugly head. Here are some examples and some ways to approach common internet problems:

“Our internet just went down.”

This happens all the time, and is always at the worst possible time. You should always know (a) who to call when it goes down, and (b) know where to go to get internet when (a) tells you that the outage is being worked on but there is no ETA at the moment. Do you know how to fire up a hotspot on your mobile phone? Do you know where the nearest free WIFI source may be? Do you know how to reboot your router? Is it just WIFI that is down, or your internet connection, or everyone’s internet connection?

“My computer just stopped working.”

Windows is going through a rough time at the moment – their QA is absolutely crap lately, but not applying updates is almost as bad as applying them, so have an idea of how you can get your important work done without your primary computer. What can be done via another device, platform or even someone else? Do you know how to access your email via the web or on your phone? Could you pull that important file off a cloud backup and work on it on another computer, or even your phone?

“Know where your data resides.”

In the end, for those of us who need technology to perform our work, it is as fundamentally important as know where your data is as it is know how to safely get out of a building in an emergency. If the thing you need to do isn’t accessed via the internet, then the internet being down isn’t (necessarily) a problem. If the thing you need to do can be done on another computer, then your computer being down is just an inconvenience that can be worked around. As long as you know where your data resides and you understand how to access it, the technology you use to get there is just a means to an end. Just as most of us aren’t meant to fight fires in buildings – we just need to know how to get out quick, fixing broken technology should not be your focus – instead plan and learn how to work around those eventualities.

Image by Alex Fox from Pixabay

Amazon Throws Ring Users a Privacy Bone

  • 0
Christopher Woo
Tuesday, 13 July 2021 / Published in Woo on Tech

Hot on the heels of a moderate backlash on their Sidewalk initiative, Amazon has decided that maybe Ring doorbells should be a little more considerate of your privacy. Up until today, if you had subscribe to the Ring Protect Plan which provided a means for you to store history of your Ring camera’s footage in the cloud, that video – in theory – could be viewed by Amazon and local law enforcement depending on the partnerships they have set up with various jurisdictions. There has been much debate about whether doorbell camera videos should be considered private, but once you account for all the various uses and placements of the devices, especially backyards and sideyards, the video footage really shouldn’t be considered “public space.”

Make your Ring truly private

Assuming you are using one of the 13 models that are compatible with the service, you can add device-specific encryption to your videos which essentially makes them only viewable on your mobile device with the Ring app. Previous to this new feature rollout, law enforcement could send out bulk-requests to users in a geographic area to “share” their video footage. Now, if you opt-in to the E2EE version of the Ring app, law enforcement must request access via warrant, and supposedly neither Ring nor Amazon can see this footage without requesting it from the specific user. Keep in mind that you have to OPT IN to this feature and it will break certain accessibility, such as viewing on Alexa devices or Shared User access. If privacy is more important to you than accessibility, you should enable this feature immediately:

https://account.ring.com/account/control-center/video-encryption/advanced-settings/end-to-end

Image by Tumisu from Pixabay

700M LinkedIn records for sale on Dark Web

  • 0
Christopher Woo
Tuesday, 29 June 2021 / Published in Woo on Tech
Linked In

Reports are now popping up in my technology news feed that a database containing information from over 700 million LinkedIn members is now available for purchase on the dark web. Unlike some of the other information dumps that have made headlines recently, this one doesn’t contain passwords or other sensitive information, but it does contain the information that LinkedIn members typical put in their profiles, including phone numbers, addresses (mail and email), job and education history as well as whether or not a particular member might be looking for a job. According to LinkedIn and which other sources seem to corroborate, this isn’t actually a data breach, but what is known as an “information scrape” which is shorthand for a database built by reading and indexing information that is readily available on the web. Keep in mind, “readily available” does not necessarily mean authorized use, especially when it is gathered and put on sale by someone not LinkedIn.

What does this mean for you?

Even if you aren’t on LinkedIn, if you do any sort of business that requires to you interact with others via the internet, you should be aware of why these types of databases are still considered a significant security risk, and I can sum it up in one word: Phishing. One of the most common tactics in use now by phishers is leveraging data gathered in these databases to build and send fake emails that contain enough real information to trick even the most savvy email veteran. Especially vulnerable are the millions of job seekers who use LinkedIn everyday to contact plenty of people they don’t know directly, and have to rely on information found on the website. Cybercriminals are using this particular weakness to infect job seekers with trojans as part of a fake employment application, which can then lead to identity theft, extortion and a definite disruption in the job seeking process. In the end, there isn’t much you can do about this except the following:

  1. Set up 2-factor authentication on all your important accounts, especially email.
  2. Back up your important data. Cloud-based backups are best.
  3. Make sure you are running malware protection on your computer.
  4. Make sure your network (home and work) is protected by a proper firewall.
  5. Establish freezes on all your major credit reporting identities via these websites: Experian. TransUnion. EquiFax.
  6. Never trust an email link, especially one that seems to ask for a password right off the bat. Always call and verify.
data theftidentitylinkedinprivacy

Should you disable Amazon Sidewalk?

  • 0
Christopher Woo
Tuesday, 22 June 2021 / Published in Woo on Tech

Amazon announced its controversial “Sidewalk” platform nearly two years ago, but most of you probably missed the announcement and the uproar it caused as we were consequently distracted by the mother of all distractions in 2020. Now that we are all starting to stumble into the daylight like hermits emerging from a cave, Amazon is taking advantage of our befuddlement and online shopping addictions to roll out Sidewalk for realsies. On June 8th 2021, unless you specifically opt-out, your Amazon devices like Ring doorbells and security cameras, and the various smart-speaker/screen devices like Dot and Echo, will be automatically enrolled in Amazon’s ambitious effort to bring better network connectivity to your neighborhood. But what is it actually doing?

What is Sidewalk and why should you care?

In a nutshell, Amazon is leveraging the absolutely gigantic install base of Echos, Dots, Rings and Tiles to create what amounts to a vast mesh network. Depending on your training and professional interests, your reaction to this may vary from the “Awesome, maybe my Ring doorbell won’t keep falling off the internet,” (average homeowner reaction) to “This seems like a very bad idea,” (average security/technology consultant reaction). If you were concerned about Sidewalk bogarting your bandwidth, according their specs, it should be skimming a very small amount off the top which, unless you are on very constrained bandwidth (DSL is still the only choice in many neighborhoods believe it or not!), should not even be noticeable. From a security standpoint, Amazon seems to have its head on straight, again at least on paper, about how they are keeping the data transmissions encrypted and separate from your data. Huge caveat on this one – just because a bunch of engineers say something is safe now, does not make it so forever, as we have seen numerous network standards get dismantled and abandoned as dangerous flaws are discovered.

The big concern should be what else Amazon will be doing on the Sidewalk network. In case you hadn’t guessed it, they will be gathering data. An absolute monstrous amount of data on thousands and thousands of households, neighborhoods, camera feeds, pet walking routes, delivery times, recipe requests, song playlists, etc. All of it tagged with geolocation and numerous other telemetry points that give Amazon (and its data customers) an absolutely staggering market advantage. Depending on your leanings and privacy concerns, this may be of no big concern, or perhaps you’ve decided that Amazon gets enough of your dollars already and as such are not deserving of any more of your data than you’ve already sacrificed on the online shopping altar. If this is the case, then disabling Sidewalk is as simple as (wait for it) using your Alexa app to turn it off. Yes, this is like using the stones to destroy the stones. At least you can just delete the Alexa app after installing it to turn off Sidewalk. Until our government decides it’s time to regulate business use of our private data, it will be up to the average household to draw the line in the ongoing privacy war. Which side will you be on?

alexaamazonprivacysidewalk

Cyber Insurance requirements forcing companies to adopt stricter security

  • 0
Christopher Woo
Tuesday, 01 June 2021 / Published in Woo on Tech

With the recent ransomware attacks on large US companies like fuel distribution company Colonial Pipeline and now JBS, one of the world’s largest beef and pork suppliers, some of you might be thinking, “Oh good, they are focusing on the big fish now,” which gives us smaller companies a little breathing room. While this may make sense from purely predatory “Animal Kingdom” point of view, size matters naught on the internet. The difference in effort and cost to target a big company versus a small one isn’t large enough to deter them from pursuing both. In fact, due to the continually widening dark web market of Ransomware-as-a-Service (RaaS), targeting small companies is just as cost-effective as large ones. After all, 50 ransoms of $1000 is the same as one $50,000 score.

What does this mean for you?

Businesses large and small are starting to understand that it’s no longer “if” you will be attacked, but “when”, and in addition to tightening up their technology, they are also getting insurance to cover potential cyberattacks and ransomware demands, like the ones that Colonial faced (they paid, by the way) and what JBS is facing now. Because claims on these types of policies are on the rise and show no signs of slowing, the insurance providers are now asking for their potential cyber policy holders to batten down their hatches in preparation for the coming storm. Here are the things they are looking for:

  1. Does your company use two-factor authentication for all of its critical infrastructure? Not only email, but VPN/Remote access and administrator credentials for your company’s network as well.
  2. Is your company’s critical data backed up to an encrypted, offsite location that is protected by two-factor authentication?
  3. Are you running up to date malware protection on all devices that access company data and networks? The big gotcha here are all the personally-owned computers people have pressed into service during the pandemic.
  4. Are all devices that contain sensitive data encrypted? This includes mobile devices, and again, personally-owned equipment.
  5. Is your network protected by enterprise-grade firewalls and protocols?

Additionally, insurance providers might also be looking for these advanced security implementations that normally were only deployed by larger companies with dedicated technology and security staff, including:

  1. Dedicated network intrusion detection and active countermeasures.
  2. An information security policy in place for your company that governs how your company retains, protects and disposes of critical, confidential data.
  3. Regularly scheduled penetration testing of your company’s data networks.
  4. Regularly scheduled security audits of all company technology.
  5. Designated security officer/manager responsible for the company’s security.
  6. Regular training of all company staff on information security policy and practices.

When shopping for a cybersecurity policy, or expanding your current coverage to include it, you will be asked about some, if not all, of the above items, and your answers may determine the cost of your premium, or whether the insurance provider will underwrite you at all.

Image by Free stock photos from www.rupixen.com from Pixabay

emailinsuranceransomwaresecurity

Are companies prepared to manage remote workers properly?

  • 0
Christopher Woo
Tuesday, 25 May 2021 / Published in Woo on Tech

When the pandemic came crashing down on the US workforce last year there was a mad scramble by companies to figure out how to continue operating with a work force scattered to the four winds. On top of the realization that essential technologies like webcams and laptops were suddenly scarce, America’s newest telecommuters had to contend with historically crappy residential internet service, ancient Wifi routers and noisy, poorly furnished home office space shared with new office mates that were, let’s say, less than familiar with professional office etiquette. Even now, as the US eyes returning to some semblance of business normalcy, many companies are considering and even committing to keeping some or all of its employees working from home.

Does your company policy cover working from home?

One of the biggest gaps that companies should be reviewing is if their remote workers are using personally-owned equipment to telecommute. Thanks to tight budgets and stock shortages, many newly-remote workers were pressing family-owned equipment into service with the mindset of it not being a permanent solution. But now that many companies are considering making telecommuting a permanent part of their company, they need to account for the use of technology that isn’t owned or managed by the company itself. If employees are allowed to use their own personal machines to access work, are those machines properly secured, and if they can’t be made secure, what is the company’s responsibilities and what are the employee’s? Should they provide equipment, or some form of stipend, and if the latter, what’s the policy governing personal use of that equipment?

Working remotely also requires healthy, fast internet secured by a properly-maintained firewall. Should the company pay for that employee’s internet? What if that worker’s internet quality makes working from home difficult? What if that internet is shared by other household members who don’t work for said company? What if that firewall inhibits said household from properly enjoying other non-work activities? Most residential ISP’s make it difficult to set up separate internet circuits to the same address, and in many cases, the home’s wiring cannot accommodate it even if the ISP is willing to do so.

Is your company’s management prepared to evaluate the performance of a workforce that they cannot physically supervise? Does your company require the remote employees to keep rigid office hours like they did while in the office, or does your policy allow for more flexible schedules, or is it a mixture of both? What facets of their duties govern how that remote worker manages their time, and how much is that influenced by the company’s culture and management style?

At minimum, company management should review their existing employee policy to make sure that it is revised to cover a new type of working environment and new expectations for their remote workers. Many of the decisions will need to be reviewed with HR and legal counsel to make sure they fall within your localities labor laws, and of course, whoever manages your company’s technology.

Image by StockSnap from Pixabay

Pipeline hackers pack it in

  • 0
Christopher Woo
Tuesday, 18 May 2021 / Published in Woo on Tech

Despite their semi-public presence, it seems that ransoming a company that provides fuel to most of the eastern seaboard drew a little too much heat for the Colonial Pipeline hackers. Cybercrime researchers Intel 471 are reporting that the ransomware group Darkside has essentially ceased operations after it appears its technology infrastructure was disrupted or dismantled and as much as $5M in crypto currency was seized by unnamed law enforcement entities.

Chalk one up for the “Good Guys”?

In a statement published in Russian to its “affiliates” Darkside wrote:

A couple of hours ago, we lost access to the public part of our infrastructure…

The hosting support service doesn’t provide any information except “at the request of law enforcement authorities.” In addition, a couple of hours after the seizure, funds from the payment server (belonging to us and our clients) were withdrawn to an unknown account.

In view of the above and due to the pressure from the US, the affiliate program is closed. Stay safe and good luck.

The landing page, servers, and other resources will be taken down within 48 hours.

The moral underground? Ransomware operators retreat… | Intel471.com

In case you missed it, Darkside was presenting themselves as a Software-as-a-Service (SaaS) company but instead of offering cloud-based email or data processing or point-of-sales, dark web shoppers could get access to a turn-key Ransomware platform they could turn loose on their own “customer base.” According to some estimates, Darkside netted nearly $90M in cryptocurrency fees paid by its clients over the course of its relatively short life, and it seems other outfits who shared a similar business model were also equally successful. Fortunately for the rest of us who are trying to make money without committing crimes, when the RaaS purveyors also adopted other more traditional trappings of the business world, namely centralized infrastructure and fee collection, they created a target that law enforcement could leverage to dismantle their operations.

While eliminating these highly-visible (relatively speaking) threats should be taken as a positive, you can bet that other operators are taking notes and learning lessons from their fallen brethren who have encouraged their successors to maybe avoid instead of seeking the limelight. As we all know, scaling in the business world definitely means more profits, but you’ve got to be ready for the scrutiny that comes with it. Selling software is an honest living, unless your software is used to extort millions, in which case an audit is the least of your worries.

Image by Gerd Altmann from Pixabay

Pipeline hackers don’t want to be viewed as political

  • 0
Christopher Woo
Tuesday, 11 May 2021 / Published in Woo on Tech

Last week, a five-thousand mile fuel pipeline that spans the country from the Gulf Coast to New York was shut down by company operators because of a ransomware attack that had compromised parts of their technology infrastructure. According Colonial Pipeline Company, the pipeline wasn’t shutdown by the attack itself but enacted as a precautionary measure. Though some parts of the pipe system which normally delivered nearly half of the East Coast’s jet, diesel and gasoline fuel supply have been brought back online this week, Colonial is still limiting operations while it deals with its compromised technology infrastructure. Several researchers and news outlets have identified a relatively new APT group Darkside as the perpetrator of the attack, a self-proclaimed, Robin-Hood-style organization that has publicly stated it will not target certain types of organizations, like non-profits, hospitals, and who supposedly donates some of its ransom to charities.

I’m sorry, what?

In keeping with their own “branding,” Darkside published a statement on their darknet website that reads as a back-handed apology for attacking the pipeline:

https://twitter.com/ddd1ms/status/1391741147001892869
(20) π•―π–’π–Žπ–™π–—π–ž π•Ύπ–’π–Žπ–‘π–žπ–†π–“π–Šπ–™π–˜ on Twitter: “DarkSide #ransomware Leaks Press Center: https://t.co/NNmv0UphQw” / Twitter

We are apolitical, we do not participate in geopolitics, do not need to ties us with a defined goverment (sic) and look for other our motives. Our goals is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.

https://twitter.com/ddd1ms/status/1391741147001892869

While it might seem encouraging to think there may be hacking groups out there with a code of honor, you should not mistake them for being a champion of the poor, and they state it quite baldly that their goal is to make money. Their avoidance of political targets may be a shrewd attempt at sidestepping attention from governments, especially ones like the US which can afford to focus a lot of heat on groups like Darkside that appear to operate without nation-state backing. Or at least that is what they would have you believe. Is it a smokescreen, or just a front for another state-sponsored cyberattack from our geo-political rivals. Only a truly naΓ―ve group would think that targeting an fuel distribution company in an oil-dependent country like the US wouldn’t have significant social and political ramifications. Also, that semi-apology note didn’t include any decryption keys so, “Sorry, not sorry?”

Image by Pete Linforth from Pixabay

The Brain-bending Microsoft Account Pt 3

  • 0
Christopher Woo
Tuesday, 04 May 2021 / Published in Woo on Tech

The previous two blogs have walked through some of the basic structure and background of Microsoft’s complex, cloud-based account platform, and we’ve touched somewhat on the reasons why you might have one or more Microsoft accounts. You will definitely have one if you’ve ever had a Hotmail.com or Outlook.com email address, and less common a Live.com or Passport.com email address. You will also have a Microsoft account if you have or had an Xbox Live gaming subscription or used Skype on a mobile device, if you owned a Zune, their personal music player or the short-lived Windows phone. If you have some form of 365 service, whether it be email services, desktop Office applications, OneDrive, Teams or any various combination of those services, you will also have one or more Microsoft accounts that anchor those services.

The compelling argument for the Microsoft account

Marketing opportunities and conspiracy theories aside, there is a compelling and intentional use case for the Microsoft account, one that you might already be “enjoying” with a competing set of devices: Apple’s iCloud. In case you are unfamiliar with Apple’s similarly nebulous cloud-based account platform, the intent, just like Microsoft is for you to have one account that grants access to all your services, settings and data across all devices you own. In today’s implementation Microsoft is definitely chasing Apple’s service in this regard, even though the Microsoft account concept predates iCloud by a number of years. When iCloud evolved into it’s current iteration in 2011, Windows had already been using roaming profiles in Windows since 1993!

Regardless of who was first, the primary reason for using the Microsoft account is to (ostensibly) provide the ultimate portable, roaming profile. In essence, Microsoft (and Apple) would like you to store all your data, settings, passwords, browsing history – everything – in your cloud account which would allow you to use any compatible device and service, anywhere in the internet-connected world in conjunction with your account, providing you with a consistent, familiar and convenient digital environment. When done right, both platforms offer a surprising (and sometimes unsettling) experience whereby logging into a brand-new device almost instantly transforms it into a device that knows who you are and how you work without any tweaking of settings, looking up of passwords, or laborious transfer of documents and pictures. It’s the digital equivalent of buying a new pair of jeans having them instantly fit just like your old, tattered but perfectly-fitting old pair. Note the emphasis on “when done right,” as the Windows account implementation can be difficult to navigate, primarily because many Windows users have multiple accounts on top of having different services attached to the various accounts, which leads to the exact opposite of what the Microsoft account was supposed to do. Also note that if you intend to keep work and personal life separate on separate devices, it’s definitely possible to mix them all together if you aren’t very careful about which Microsoft account is logged into the various services, and disentangling them can be a confusing and frustrating experience.

The Brain-bending Microsoft Account Pt 2

  • 0
Christopher Woo
Wednesday, 28 April 2021 / Published in Woo on Tech

Last week I wrote about the Microsoft Account that you may or may not be using properly on your Windows 10 machine. Thanks to some very poor user interface decisions from the Windows 8 days as well as Microsoft’s behind-the-scenes efforts to move their vast Hotmail/Outlook.com/Live.com users into a monolithic (sort of) platform, it’s highly likely that you have at least one or more Microsoft Accounts tied to your email addresses, regardless of whether they are Microsoft webmail services (Hotmail.com, MSN.com, Passport.com, Live.com, Outlook.com as well as all the international variants) or another popular “free” or bundled provider like Gmail, Yahoo, SBCGlobal, Pacbell, Roadrunner, etc. Also, if you subscribe to Office 365, either via a personal subscription for desktop versions of Office (Word, Excel, Powerpoint, etc) or for business emails with your company’s domain name, you have a Microsoft Account to which those services are tied.

How do I know if I’m using a Microsoft Account with my Windows PC?

It’s pretty easy to spot. Go to the Windows menu and select Settings (the gear icon) -> Accounts. In the window that pops up you should see your name and/or an email address. If it says “Local Account” you are using the “traditional” Windows profile that is not directly connected to the Microsoft Account platform. If it shows your name and an email address and right below that “Manage my Microsoft account” then you are logging into Windows with a Microsoft Account. The third option you may encounter will be an Active Directory domain account which will be very uncommon in home and small business environments. Depending on the type of AD account, under your name may appear your domain login which may be an email address OR may appear as “domain\username”. The key difference is that it will not say anything about managing your Microsoft account under your user name.

Local Account
Microsoft Account
Domain Account

Why is this important?

If you are using a local or Active Directory login, your Windows login password is not controlled by the Microsoft Account platform. For local accounts, the password is machine specific and can only be changed on that machine and only by an administrator on that machine, which is usually you. Active Directory passwords are controlled by your domain administrator (usually your work’s IT team) and can be changed by you or your administrator (depending on the rules they have established), and may be changed regularly per your company’s policy. If you are using a Microsoft Account login and happen to change the password of that account, say in the course of updating your Office 365 Home subscription or changing a credit card on your Xbox Game Pass account, it changes the password you will use to log into your Windows PC but does not highlight that as a possible consequence. What confuses people is that they sometimes change that password from a completely different device (even on an iPhone or iPad) using Microsoft’s website and then when they get back to their Windows PC, discover that they can’t log in with their usual password. On top of this, you may have added a PIN or some other biometric login (face recognition or fingerprint) and if you change credentials it will sometimes invalidate those login processes as well, meaning you will HAVE to use the Microsoft Account password to get into your computer.

Next week – why you would want to use a Microsoft Account for your Windows login, and why not.

  • 11
  • 12
  • 13
  • 14
  • 15

Recent Posts

  • mid year check-in

    Mid-Year IT Health Check: 10 Things Professional Services Firms Should Review Now

    Most firms set their technology priorities in J...
  • Cloud Migration for Professional Services: When It Makes Sense

    Cloud Migration for Professional Services: When It Makes Sense (And When It Doesn’t)

    Every vendor in the technology industry will te...
  • mid age man working on laptop while floating in the sea summer vacation

    Summer Vacation Security Checklist for Professional Services Firms

    Summer is the one time of year when professiona...
  • The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    I have had this conversation more times than I ...
  • Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote work is no longer a temporary arrangemen...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Β© 2016 All rights reserved.

TOP