It’s safe to say that the many personal New Year’s resolutions I’ve made and failed to sustain does not put me in a position to shame anyone that inevitably falls off the resolution wagon, but I do like to take the opportunity to encourage “self-improvement” in anyone who uses technology for any sort of productivity. Unlike dragging yourself to the gym, these resolutions take minimal effort, expense and resources to implement, and can make the difference between a very good or bad 2017.
- Resolve to back up your data. If there’s anything I can guarantee, it’s that hardware will fail, mistakes will be made, and it’s a virtual certainty that it will be at the worst possible time (as if there is ever a good time for data loss). Setting up a reliable backup system is trivial and very inexpensive and there is literally no excuse I can think of for not backing up your data. If you want to read up on some reasons why backing up is a good idea, check out these posts: Indiana County Shuttered by Ransomware, New Ransomware Encrypts Entire Disk
- Resolve to install and maintain malware protection. Though it’s becoming less prevalent than previous years, I still see people working on computers without decent malware protection, if only because of performance or cost complaints. On average, reputable antivirus software will cost between $40-80 a year, an expense that is undeniably justified when compared the amount of time and money you might lose to cleaning up a preventable infection. Not convinced? Fake Emails Hit Businesses in the Wallet
- Use unique, strong passwords for your important accounts. There have been numerous massive data breaches in 2016. If you spend any time at all online, your login and password for at least one account is in an exposed database somewhere, and it will be used to attack an account that matters to you. The only way combat this is to stop using the same password everywhere, and to change passwords more often than once a blue moon. 60M Dropbox Accounts Exposed in 2012 Breach, MySpace Breach Exposes 427M Passwords
Image courtesy of krishna arts at FreeDigitalPhotos.net
The end of 2016 is nearly upon us, and I don’t think I’m alone in saying that I hope 2017 will bring more optimism and compassion for everyone. That being said, we at C2 are going to put our game faces on and finish out 2016 as if it was the best year yet (as far as C2 is concerned, it was, thanks to you!), but I will be taking a break for the next two weeks from scaring the spirit of security into you, so the next newsletter after this one will be in 2017. I don’t want to leave you hanging like a stocking on the chimney, so here are some technology gift ideas that I hope will inspire the spirit of giving in you.
- If you spend time in the outdoors trying to get away from all that big-city tech, but can’t put down that mobile device, how about a solar-powered charger? These things are great when paired with a portable battery pack (a 2015 recommendation). Set up the charger in the sun and attach your battery pack while you’re out enjoying nature. You can come back, grab your battery pack and keep going with your USB-powered smartphone, tablet or action camera without having to hunt for a non-existent AC outlet. Repeat until you are tanned, relaxed and chockful of wonderful memories captured on your favorite mobile device, of course!
- Speaking of action cameras, it seems like everyone has one, and why not? They’re very affordable, and when you can capture ridiculously adorable and amusing videos, how can you not afford get one? The GoPro HERO+ is the titular company’s entry-level model and it still shoots awesome video in a highly durable, portable and dare-I-say wearable fashion. GoPro videos will become this generation’s family vacation “slideshow”, minus the boring!
- Cordless headphones seem to be the hotness this year (another 2015 recommendation), but I still see a lot of folks rocking corded earbuds. As simple as they are, they get tangled if you look at them funny, so why not store them in style with a key chain fob designed to tame those unruly earbuds? The simplicity of this thing is hard to beat: your neatly wrapped earbuds will always be nearby, because you never misplace your keys, right?
- Did someone say lost keys? Tile Mate has you covered, fam! Attach one of these babies to your keys (or whatever you seem to misplace frequently) and your phone can lead you to them. And if you are one of those people who misplace your phone, all I got to say is this: Find my iPhone or Android Device Manager.
- Want to really give a gift that can keep on giving, months or even years later? How about the gift of data backup? It’s not whimsical and definitely not romantic, but buying a family member a year’s subscription to CrashPlan, Carbonite or BackBlaze and setting it up for them can mean the difference between “Oh no!” and “Oh well, thank goodness I’ve got a backup.” Bonus gift: you get to be the hero!
To finish out this list, here are a couple of things you might want to avoid:
- Virtual Reality is definitely the hot new entertainment trend, and there are a ton of knock-offs, wannabes and straight up con-artists looking to exploit the hype. Quality VR headsets that are approaching the fiction sold by Hollywood will currently set you back well over $500, and require dedicated systems such as a Playstation 4 or a high-end (+$700) Windows gaming computer, some degree of technical proficiency, and a strong stomach. Make sure you try before you buy, especially something that isn’t an Occulus, Vive or Playstation device.
- Nintendo released a retro-gaming console called the Nintendo “Classic Edition” for $60, featuring a slew of games from many of our childhoods’, and promptly sold out of them, well before the shopping season had even picked up steam. The lack of stock coinciding with the holidays has created a huge gray and black market for these devices, which are being sold for 3 to 4 times their actual cost. Unless you or a loved one are really into retro-gaming, you may want to let the hysteria subside and pick one up for normal price (or even on sale) in 2017.
Image courtesy of Master Isolated Images at FreeDigitalPhotos.net
Keeping track of your family via GPS isn’t a new idea. Remember the tracking device for your teen’s car that could tell you where they are and even how fast they were driving? Mobile phones have had GPS capabilities for about 10 years now , but the relatively recent proliferation of smartphones throughout every generation of the household has made keeping tabs on everyone in the family an affordable reality. Google has just introduced a new app called Trusted Contacts which essentially allows your phone to transmit your location to other trusted individuals (with their own Android devices), who can, in turn, grant you access to keep an eye their locations.
Our version of the “Weasley Clock” or foreshadow of “Big Brother”?
In case you’re not a fan of young wizards with unruly hair, the clock mentioned above allowed the fictional Weasley family to keep track of all members of the household via clockwork hands that pointed out the whereabouts of any given family member at any given time. In this particular case, our real world technology seems to be superior to Rowling’s fantastical device in that we can know in much more detail where our loved ones are, even if the app request is ignored or the phone is offline. In these two cases, if the phone and GPS are operational, the app will report in after a set amount of time, in case the owner is unable to respond or just distracted (as we all often are!), and if the phone is offline, it will report the last known location. Saying that this could be useful in an emergency situation is something of an understatement, especially for helicopter dads (like yours truly) who live in an area prone to unpredictable natural disasters. It could also be a useful trust building tool for parents fretting about teenagers testing the limits of their expanding freedoms, or for grown children to keep a discrete eye on aging parents who may be struggling with mental issues. As is always the case, how we use the technology will make the difference between an Orwellian one or something with more magic and compassion.
Image courtesy of Sira Anamwong at FreeDigitalPhotos.net
One month ago we wrote about a wave of attacks powered by compromised security appliances – mostly Asian-manufactured network video recorders – that disabled popular internet services for several days in late October. Despite the growing awareness of the problem due to this incident, this infected segment of the Internet of Things (IoT) is still active and wreaking havoc on a new front. Security researchers are reporting active attacks on routers used primarily by ISP’s Deutsche Telekom (Germany) and Eircom (Ireland) to service their internet customers. The attacks, powered by a new variant of the Mirai malware that was behind the previous IoT attacks in October, exploit a recently discovered weakness in Zyxel and Speedport routers, and a remote management protocol known as TR-069 which ISP’s traditionally use to manage equipment distributed to their customers. According to Deutsche Telekom, nearly one million of their customers may be affected by this exploit, and security researchers have cause to believe that over 40 million devices on the internet may be vulnerable to exploits of TR-069.
What this means for you:
Data is still being gathered on how widespread this problem may be, so it’s not immediately clear if anyone here in the States is directly impacted by this particular exploit. I can guarantee that if we aren’t affected by this one, there are probably several others we haven’t yet discovered. One of the great conundrums tech service providers (like C2) face is that we must rely on the internet to provide support to our clients, and in doing so have to make devices like routers “visible” on the internet, which in turn opens them to attack. As is typically the advice in the face of unknown threats, preparation is your best defense: change default passwords to strong, unique ones. Shield critical devices from the internet where possible through isolation, control and firewalls, and most importantly, understand and document what devices in your organization have contact with the internet so that when an attack does surface, we can quickly root out the source and hopefully prevent further damage. We are to the point now that a malware infection is a certainty in almost any environment, and the difference comes from how well prepared you are to recover from it.
Black Friday and Cyber Monday are upon us, and I know at least half-a-dozen people that are planning to go technology shopping. Many of you are like me and are wise to retailer shenanigans leveraging seasonal enthusiasm and internet hype to separate us from our hard-earned cash, but there are deals to be had if you look hard enough and are willing to battle the crush of humanity at the brick and mortars instead of just doing your shopping online like any sane human being. If you are one of the hardy Black Friday shoppers physically participating in one of America’s finest traditions (definitely sarcasm that time), please don’t let the shopping bug blind you to shady retailers taking advantage of your holiday spirit. In Office Depot’s case, they didn’t even have Black Friday chicanery as an excuse to sell completely unnecessary malware cleanup services on computers that were brand-new in the box.
Someone’s heart was clearly “two sizes too small”
Let’s be clear: big-box retailers sell technology at costs that most providers like C2 can’t hope to match. Their volume and industry position allow them to cut deals on hardware that sometimes seem impossible, and here’s a dirty little secret: those invisible margins are in fact not so thin due to bundled software deals and, in some cases, extended 3rd party warranties. Software manufacturers like McAfee, Symantec, and even Microsoft and Adobe will pay computer manufacturers to ship their software pre-installed on your brand-new computer. Sometimes it’s a convenience – who wants to go shopping for anti-virus software after fighting the crowds for your shiny new computer? But not always, as is the case of the above scam. Office Depot seems to have benefited on both sides of the market by selling computers pre-installed with a questionable anti-malware app called “PC Health Check”. This slick piece of work (more sarcasm!) was finding malware on brand-new computers, prompting concerned buyers to go back to Office Depot where they were sold unneeded “cleanup services” often to the tune of several hundred more dollars.
Are dwindling big-box margins to blame for driving adoption of these scummy sales practices? Probably, but it’s a flimsy excuse to take advantage of your customers. If anything, you are driving them online and to companies like C2 who are more interested in partnering with customers instead of merely profiting from them. As always, caveat emptor. If it seems like a deal too good to be true, it just might not be a good deal after all.
Last week’s election has the media and media watchers doing quite a bit of navel-gazing, especially the ones that predicted a wildly different outcome. Among the companies identified as a major agent of influence is Facebook, and not for respectable reasons; the social media platform has been plagued with fake news stories that spread virally throughout its millions and millions of users, most of whom accept the fabrications and hoaxes as if they were vetted and sourced by actual news organizations. Arguments have been made that these same stories might have had a measurable influence on the November elections.
As has been mentioned before, the Internet is the great equalizer when it comes to “presence”. It allows small companies to appear big while allowing big companies to target niche audiences. With a bit of savvy and determination individuals can create a presence that, at first glance, looks established and trusted. And therein lies the rub: as a rule, the public will only give a cursory inspection to the majority of what they find online. Once it passes the “sniff test”, trust is granted and that presence is essentially on equal footing with everything else. After all, who has the time to find out whether the website or person that published this news story has any credibility or reputation? It’s easier and more comforting for everyone (myself included) to read articles that align with our world views and values. Questioning everything is time consuming and often discouraging, and who has the time for that?
What this means for you:
Obviously I’m generalizing here, and I’m definitely not including my clients who have hopefully been well trained in being vigilant and suspicious of anything they find on the internet. I know you don’t come here to be scolded, but instead to learn about technology. Here’s the start of a thing that may help sort out the truth from the lies on one part of the Internet: a group of college students have written a Chrome plug-in that will use the internet to determine whether a story that appears on Facebook is actual verified news or maybe something a bit (or a lot) less. Don’t get too excited – as you might have imagined, the majority of the world doesn’t actually consume Facebook via desktop Chrome. It’s a mobile world at the moment. Hopefully we will see other tools like this appear for mobile apps, or even Facebook itself take on some responsibility as widely read media outlet. The truth is out there – but you still have to work a little harder to see it.
Unfortunately, stories of ransomware holding companies hostage are becoming so commonplace that reporting on them is almost not worth it anymore. The public is building up the same type of awareness fatigue everyone experienced last year with the numerous data breaches occurring in our most well-known companies and platforms. The latest victim is the county of Madison, Indiana which actually had to shut down all non-emergency operations due to a ransomware infection, shuttering courts and county offices, and sending government employees home. Sadly, it appears they did not have backups of what was encrypted, as they are paying the ransom at the behest of their insurance carrier.
What this means for you:
While Madison County’s lack of data backups is reprehensible (if not somewhat predictable when it comes to government IT budgets), the fact that someone in charge was savvy enough to insure county operations with a policy that would actually pay the ransom (less the deductible, of course) is the relevant lesson. Lest you take the wrong message from this, taking out a cyber insurance policy in place of having proper backups and security is being penny wise and pound foolish. The likelihood of an insurance policy getting you out of a technology disaster pales in comparison to the reliability of a solid backup system and managed security. Your best strategy is to have both insurance and a solid technology infrastructure. The insurance is best used to cover the costs of recovery, which may include cleanup, data restoration, client and customer notifications, and possible breach violation fines.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net