On February 17, 2017 Southern California was drenched by an epic (according to SoCal standards) storm. As any long-time resident will tell you, even a little bit of rain results in major disruptions in our otherwise sunny and mild climate. Friday’s torrential rain and high winds wreaked apocalyptic levels of chaos, including wide-spread power and internet outages. Because we also live in the land of earthquakes, wildfires and drought, Californians suffer from chronically high levels of disaster-preparedness fatigue, so when the lights went out on that Friday, a lot people were left sitting in the dark, both literally and metaphorically, as to what to do about their technology (or sudden lack thereof).

Yes, I am beating the “be prepared” drum again:

When meeting new clients (oftentimes in the exact situation depicted above), it’s not uncommon for them to have very little “hard” documentation on the technology in use at their organization. By “hard” I mean paper and digital files that outline the very basics of their technology foundation. “But Chris,” you protest, “Now that I have C2 on speed-dial, what more do I need?” As honored and pleased as we are to have your back in a disaster, and as much as it pains me to consider it, we may not always be there when you need us, which is where that technology documentation comes into play.

Every company should have the following recorded in a physical manual that is kept somewhere safe and secure, as well as a digital copy stored off premise in cloud-based storage:

1. Contact information for your TECHNOLOGY SUPPORT PROVIDER, including names, phone numbers, email addresses and mailing addresses. Staff photos may help company personnel or proxies identify authorized support providers.
2. Contact information for your INTERNET SERVICE PROVIDER, including account number, technical support phone number, type of service (a brief, layman-esque description), a picture of the physical equipment installation, and a description of the install location (basement MPOE, kitchen cabinet, Suite #, etc).
3. Contact information for your EMAIL provider if you don’t host it yourself. Provider name, support number and account number (if relevant) as well as a list of all administrator accounts (not the same as office admin), ie. people who are authorized to make changes to the account such as password changes, billing information, etc.
4. Contact information for your WEBSITE HOST and DOMAIN REGISTRAR, including login information, accounts with admin rights, and the name of the company providing the services.
5. Contact information for your BACKUP PROVIDER, including vendor name, account number/name, login information, and a list of which devices were being backed up.
6. A HARDWARE INVENTORY of all technology devices, including servers, workstations, laptops, printers and critical network equipment. Make sure you include serial numbers, make and model, and who the equipment is assigned to if relevant.
7. A SOFTWARE INVENTORY of all purchased software, including proof of purchase, activation keys, account email addresses (and passwords) and on which machines the software was installed.
8. Contact information for your PREMISE SECURITY PROVIDER, including company name, account number, account rep, and if there is a physical security infrastructure on premise, descriptions of systems, login information and a list of provider and company personnel authorized to access and/or change the listed systems.
9. Contact information for your PROPERTY MANAGER. Include contact names, numbers and email addresses, as well as after-hours contact info.
10. A brief description of how to access office space after hours (if possible), including who outside of the company may be able to provide “approved” access to office and associated spaces, such as data closets, server rooms and building MPOEs (Minimum Point of Entry).
11. A company directory of, at minimum, critical office personnel and their emergency contact information, including cell numbers, home addresses and possibly next of kin contact info as well.

While the above list is by no means complete, even the above contains highly sensitive and confidential information. When storing it physically, the data should be in a locked file cabinet with limited access, and when stored remotely, it should be encrypted and accessible by a very limited set of personnel and designated providers. If you need assistance building this very important collection of information, C2 is ready to gather and compile this information into a document we call the Technology Assets Binder (TAB), which will assist you in keeping “tabs” on all your technology.

Image courtesy of winnond at FreeDigitalPhotos.net

Depending on your current level of cynicism, the news that the CIA exploits technology vulnerabilities to pursue their various agendas will probably come as no surprise. However most everyone should be able to enjoy the irony of their current predicament: actual evidence of this practice comes to us courtesy of a leak of their own documents that lay out their repertoire with eye-opening detail. However, unlike Snowden’s exposure of the NSA which led to worldwide shock and outrage over the brazen invasions of privacy perpetrated by nation-state surveillance programs, the papers published on Wikileaks delve instead into the technical methods and tools the CIA had at their disposal – trade secrets in the most literal sense.

At the time of writing this blog, the news is barely 24 hours old, and the set of documents released on Wikileaks is only part of a larger collection of nearly 9000 files which will require time and resources to verify. Former intelligence officials are saying that the currently published documents are likely legitimate based upon the type and detail of information they contained despite an obvious, “No comment,” verification refusal from the CIA itself. Even more interestingly, the online security community, rather than panicking at the level of exploits documented, seemed to be nodding their heads in collective affirmation, as if to say, “I knew those spooks were hoarding these zero-days for themselves.”

What this means for you:

For the rest of us, this is merely a confirmation of what we suspected (and Hollywood depicted) all along: the CIA, just like any other hacker out there, was using technology weaknesses and flaws to pursue their own interests, often at the expense of someone’s privacy and maybe even their constitutional rights. If you had something to hide that might be worthy of the CIA (or some nation-state’s) interest and you used technology to store or transmit that data, it’s likely they already know about it, as the leaked documents detail programs and technology exploits going back at least four years.

Unfortunately for us, exposure of the CIA secrets is yet another Pandora’s Box of exploits that are now available for anyone, not just morally questionable but somewhat accountable government agencies to use. It also draws even more divisive lines between USA and Russia in the ongoing tangle over alleged Presidential election influence and collusion allegations leveled against the current White House administration. We may have breathed a sigh of relief when 2016 was over, but it looks like it might have been a hastily drawn in light of the dunking we have ahead of us.

Given all the reported breaches Yahoo has reluctantly publicized, not a small number of analysts and pundits were surprised that Verizon was still in discussions to purchase the beleaguered Internet company. Even more surprising was the amount of money being offered for what many see as a dying brand. It seems Yahoo can’t get sold quickly enough, as reports are now rolling in that Verizon’s engineers believe that some Yahoo systems may still be compromised. The cost of selling used and damaged goods? Another $350M off the table, bringing the current deal down to just under $4.5B.

What this means for you:

If you are still maintaining a Yahoo email account or hosting your website with their Small Business services, you should urgently consider migrating to a more reliable and reputable provider. Regardless of whether Verizon is somehow magically able to revive any of Yahoo’s flagging applications, the fact that Yahoo infrastructure might still be compromised after more than a year means your information is at high risk and Yahoo has not invested enough effort in making sure you are safe. If you don’t use any Yahoo services, their plight illustrates two valuable lessons:

1. Breaches aren’t necessarily an “in and out” type of event – this isn’t a real-world burglary. If they are breaching your system for the purposes of stealing information, attackers will try to stay undetected for as long as possible, and will spread to as many systems as they can while keeping below the radar.
2. A security incident, even if handled properly, can significantly damage the value of your company and brand, and if not handled correctly and diligently from the start, can continue to wreak havoc on your bottom line.

Let’s face it – regardless of the amount of money and time spent, technology is going to break. You could be the world’s foremost technology expert, or the richest business tycoon and it won’t mean one iota in the face of technology failure. For the most part, it will always be unpredictable, and will always happen at the worst possible moment. All we can do is control how we respond to these failures, and in many cases, we can save both money and time by responding thoughtfully and deliberately instead of panicking. It would be impossible to suggest responses for every technology failure scenario, but I can outline the most common ones and the responses that can help you regain control of the situation, or even overcome the failure.

Failure #1: Virus Infection

1. Don’t panic. Take out your smartphone and take a picture of the screen, or record a video if it’s making sounds/noises as well.
2. Power down the machine. If it’s not responsive, physically remove the power, either by holding down the power button, or by removing the power source via cord or battery.
3. Assess the chain of activities leading up to the infection and write them down in as much detail as you can recall. Answer these questions: What were you doing leading up to the infection? How did you know you were infected?
4. Notify your designated IT professional OR
5. If you are going turn the device back on, make sure you are disconnected from any network. Unplug Ethernet cables, switch off W-Fi, or if you can’t find the Wi-Fi switch, move the device out of range, or turn off the Wi-Fi network.
6. Run a full scan with your installed antivirus software. Carefully read all screens and results of the scan.

Failure #2: My internet/network is not working

1. Check to see if anyone else on the same network is also offline.
2. Just you – wired connection: check for link lights. Most Ethernet-connections on devices have green and amber LEDs that are lit when a connection is active. No LEDs mean no connection. Look for a loose wire, and follow the connection “upstream”. Red or steady flashing amber? Some other network issue, possibly upstream, but also try a reboot.
3. Just you – Wi-Fi connection: turn Wi-Fi off and back on. Forget the network and re-add it again. Reboot the Wi-Fi access point (most likely your router). Reboot your computer or device. If you have “Hot-spot” service on your smartphone try using that to verify your computer Wi-Fi is working properly. Alternately, pick up and move to another Wi-Fi source, eg. coffee shop, another office or neighbor.
4. Everyone is offline – reboot the router. Reboot the cable/DSL modem if it’s separate from the router. Still nothing – time to call your ISP. Tech support numbers are usually printed on a label on the ISP modem/router, but not necessarily on a router you installed yourself.

Failure #3: My computer won’t turn on

1. All types of computers: make sure you aren’t mistaking a malfunctioning (or off!) monitor as a full device failure. Are the power LEDs lit? Do you hear fans or other mechanical noises, such as drives spinning? Watch the monitor carefully when powering on the machine: do you see any output at all, or does the screen stay completely dark?
2. Desktops – check the power: check for loose cords. Try plugging the device into a different power outlet. Try a known-good electrical device, eg. desk lamp.
3. Laptops – check the power: loose cords? Drained battery? Try unplugging the battery (if removable) with just the AC adapter plugged in. Try the reverse. If you have a spare AC adapter, try that one, or borrow a co-workers AC adapter – make sure you use one that matches the voltage required by your laptop.
4. Still nothing? Don’t panic – your data is likely intact on your hard drive, which can be removed and connected to another device to retrieve your information.
5. Contact your designated IT professional.

Failure #4: On boot, computer says operating system is missing

1. Don’t panic. Try powering down the system and rebooting.
2. Remove all attached USB devices. Remove any DVDs or CDs in your optical drive (if you have one). Reboot.
3. Still no love? Contact your IT pro or local repair shop.
4. Assess your backup situation. Don’t have one? Prepare yourself for possible data loss.

Failure #5: My computer is “pausing” randomly and/or my hard drive is making strange clicking noises

1. Save any open work. Close all open applications.
2. Assess your backup situation: if you have a backup system in place – confirm the last known good backup and skip to step 5. No backups? Prepare yourself for possible data loss.
3. If the computer is only intermittently “pausing” copy any important files to an external USB drive, especially anything that you might need urgently while waiting for a backup restore or repair. This may require patience if the machine seems to pause while accessing certain files or folders. Depending on the damage, even small files may take awhile to copy. Wait as long as you can bear it.
4. If you don’t get far with step 3 try turning off the machine for at least an hour. Reboot. Retry step 3.
5. Contact your IT pro or local repair shop. Drive failures typically result in data loss, but recovery is possible though usually expensive.

While it may seem like everyone on the internet is out to get you, not all of them are pursuing malicious results. Not all heroes wear capes, and in the case of “white-hat” hackers  they will often accomplish their goals in the same way as their more malicious “black-hat” counterparts: by exploiting security loopholes and flaws. Most recently, over 150k printers from various manufacturers including HP, Canon and Epson were hacked. Instead of being leveraged to damage their surrounding network, the hacked devices printed out various messages warning the owners that the printers had been hacked, but did not provide any hints as how to plug the holes.

Is my printer at risk?

It looks like many models and brands may be affected by this particular weakness, but only if they are directly exposed to the internet or not properly firewalled. If you’ve been paying attention at all to any tech news, let alone this blog, even the most technically-challenged among you know that connecting to the internet without a firewall is the equivalent of walking around with a bright-red target on your back. At the moment, the only fix available now is to put the printers behind a firewall and change the default admin password (if one even exists), but this only prevents someone from attacking them from the internet – they are still vulnerable inside your network. Another valuable take-away is this: if it’s connected to a data network and it was made by humans, it’s vulnerable to being hacked. Unless you plan on never connecting to the internet again (a strategy viable for very few people), your plan should be to make sure your security measures are robust and your backups reliable. If you remember that there is no such thing as a perfectly secure network, you will make better decisions on all your technology-related endeavors.

I couldn’t tell you how long hotels have been using keycards for locks instead of old-fashioned mechanical keys – at least two decades or more, and they’ve probably been using computer-encoded keycards for at least the past ten years. There’s at least one hotel waxing nostalgic for the glory days after suffering a ransomware attack that locked down their keycard system and disrupting normal operations. Fortunately for the hotel, the system was designed to operate safely in a power failure situation, so guests weren’t locked in or out of their rooms, but after paying the ransom to regain control of their systems, the hotel spokesperson said that they intend to go back to more traditional door locks due to this incident.

A lesson learned and a best practice proven

The hotel’s situation can actually be summed up tidily by this hoary but solid piece of advice: “Always have a back up plan.” Fortunately for the hotel’s guests, safety regulations (and proper business management) made sure that such a crucial system could actually operate without computers or power, but you can bet it was a stressful day for the front desk. If they had committed to the above maxim in a technological sense, they would have had a proper data backup system in place, saving them the headache, the $1500 ransom to unlock their keycard system, and the cost of replacing this now-compromised technology. We haven’t even touched on the reputation damage this might have caused to the hotel itself.

Several clients have asked me about home automation products such as bluetooth door locks, voice-activated lighting and smart thermostats, and my advice in most cases is, “Make sure you know how to operate those systems when the technology fails.” Because it will, and usually at the most inopportune time. In the case of crucial operations that rely on technology, make sure you evaluate the true cost of the system failing, and weigh that against the marginal expense of implementing and maintaining a proper backup plan and a continuity plan for operating without the downed system.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

President Trump’s pick for FCC chair has internet activists in full-on Ned-Stark-Winter-is-Coming-Mode over his stance on Net Neutrality. Despite the previous administrations efforts to preserve Net Neutrality, Ajit Pai has publicly sided with big business by proclaiming his intent to take a “weed whacker” to current regulations in the name of “investment, innovation, and job creation”. In case you were wondering on which side of this issue you fall, do you identify more closely with Comcast, ATT and Verizon, or Google, Netflix and Facebook? Still not clear? It’s not cut and dry, but put in the most simple terms, Net Neutrality benefits consumers the most, while most carriers believe it weakens their ability to maximize shareholder value.

If that sounded just a wee bit biased, then you are picking up what I’m laying down:

There are dozens (if not hundreds) of explanations about what Net Neutrality is, and why each side is right or wrong, and in light of the administration’s decidedly big-business agenda, it should come as no surprise that regulations standing in the way of mega-corporations are facing a “whacking”. Don’t get me wrong – as a business owner, I’m all for capitalism, but I’m also a strong believer in protecting consumers from the depredations of monopolies, which is what internet carriers in the US have become. Now that fast internet access is a must-have for everyone, it is critical that equal access for everyone is guaranteed, regardless of content, culture or net-worth. Speaking as someone who only has one choice for affordable, fast internet, I fail to see any fair market practices in this space, and recent anti-consumer moves by Comcast and Cox are doing little to persuade me that they have my best interests at heart.

Image courtesy of dream designs on FreeDigitalPhotos.net

It’s the day that most of us have been fearing: Microsoft has started the 3-year countdown on Windows 7, and has even stated publicly that the firmly-entrenched operating system is too outdated to secure properly. Released in 2009, Windows 7 is still very widely used throughout the world, and despite Microsoft’s best (and sometimes overbearing) efforts, Windows 10 has only managed to secure just under 20% of the worldwide PC market. You might be surprised to learn that Microsoft ended free support of 7 in 2015, and will retire the OS officially in 2020 when it ends support for enterprise customers as well.

What this means for you:

Some of you have already waded into Windows 10 waters (albeit involuntarily in many cases), and though the transitions weren’t always harmonious, if you are working on relatively new hardware, you are actually better off in the long run than your Windows 7 compatriots. Though we’ve all heard Microsoft say that Windows 10 modern software architecture makes it more secure, recent reports indicate that the Anniversary update version of Windows 10 (August 2016) was able to mitigate two zero-day exploits without specific patches to address the security flaws. Independent corroboration of this feat will go a long way to convincing die hard 7 proponents, but for those who deal in long-term planning, you should start the work to migrate your office to Windows 10 now. Depending on the nature of your work and the applications and services on which you rely, a lot of preparation is required to switch to Windows 10. If Microsoft is telling the truth about Windows 7 deteriorating defenses, it could be the next XP in terms of vulnerability and liability.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net