Though it doesn’t come as a surprise to most of the IT community, the Federal Communications Commission (FCC) recently added Russian software developer Kaspersky to its list of companies that should not be used by any entity that receives funding through the FCC. Given the current geopolitical climate, this move probably shouldn’t surprise most everyone else at this point as well. The Moscow-based security and antimalware company has been under significant scrutiny since 2017 after an explosive report from Bloomberg Businessweek exposed the company’s close ties to Russia’s intelligence agencies, leading to the software being banned on all U.S. civilian government networks shortly after its publication.
What this means for you
Depending on who you talk to (including C2), Kaspersky has been on the “no-fly” list for most (non-Russian) security advisors since at least 2017, and for many of my clients who grew up during the Cold War, the software has never been a consideration because of its Russian roots, even though it was considered highly competent in the early 20-teens. It was well regarded enough that it had enough American market penetration to the point that it had to be listed and banned to force its removal from the various U.S. government agencies that had based their choices on more technical versus patriotic considerations.
If you are using it, should you remove it? The answer is obvious if you are an entity that is covered by either the US government ban or the FCC’s prohibitions, but what about your family PC? Politics aside, there are enough solid replacements out there that sticking with Kaspersky isn’t worth potential risk or bad optics it presents to U.S. companies. As for your personal computer? It’s a personal choice, of course, but Kaspersky’s technology no longer stands out from the crowd so don’t give it an edge there. Go with an option that maybe has less baggage at the moment. For personal computers we like Webroot, Malwarebytes or Bitdefender, and if you don’t the extra cash for a paid antimalware platform, the built-in options on both Windows and Mac OS X are decent enough if you are vigilant and stay away from those questionable links in strange emails.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Given how complicated it was to set up organizational email services in the previous decade, today’s self-service offerings from Microsoft and Google have significantly eased the process of setting up email for your-company.com with an affordable, highly-reliable and relatively secure provider. It literally takes a handful of minutes (if you know what you are doing) to go from zero to email, but there are still plenty of gotchas that can render your new service less than perfect. If your recipients keep finding your emails in their junk folder, it’s possibly worse than not having email service at all. It would be impossible for me to outline all the ways in which this may happen, but there is a common gotcha you might want to investigate.
SPF? Is my email getting sunburnt?
Recently several of our clients have had problems with email delivery caused by incorrect SPF records. In this case, SPF is an acronym for “Sender Policy Framework” and not “Sun Protection Factor”, but much like forgetting the sunscreen on your day outside, not having proper email SPF will result in you getting “burned” as your emails are marked as spam by your recipient’s email servers. Without getting into the bloody details, the Sender Policy Framework is one way email servers use to verify the sender is who they say they are, “Is this email actually from C2, or is someone spoofing the sending email address?” While spoofers can fake your email address, they can’t typically change your SPF record (if they can, you have much bigger problems), so it’s a reliable source of verification if it’s set properly!
Here’s how you will know your email is getting marked as spam for having an improper SPF record. From your company’s account, send an email to an outside email address that you have ready access to, such as a personal Gmail or Yahoo account. You will need to check the headers on that email for SPF failures – the formatting and verbiage you need to look for in the headers will vary depending on the recipient’s email provider, but Google returns failures that look like this:
Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate ##.##.109.66 as permitted sender) client-ip=##.##.109.66;
Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=20210112 header.b=TJLH3iac;
spf=softfail (google.com: domain of transitioning [email protected] does not designate ##.##.109.66 as permitted sender) [email protected]
If you find “Fail” anywhere in the header, that email will likely get marked as spam and will end up in Junk or Spam folders rather than the inbox. Now how does something like this happen? If you’ve gone through your providers guided setup process, or had email set up by someone like C2, your SPF records will be set properly, but if you recently made changes that might alter your DNS (like a website redesign!) or engaged a new cloud service that sends emails on your company’s behalf, you may need to check your SPF record to ensure it is set properly. You can check your current SPF record using a free tool at MXToolbox.com (not a sponsor, we just like the tools), but unless you are well-versed in DNS and domains, you may not be able to easily interpret the results. Either way, if your emails are getting delivered to spam regardless of your recipient’s whitelisting efforts, an incorrect SPF record may be the culprit and should be addressed as soon as possible!
Image by CrafCraf from Pixabay
After what felt like a golden age of Windows stability (ahh those glorious Windows 7 years!) we are back to Windows computers needing to be rebooted on a regular basis just to keep running smoothly. We can chalk that up to the frequent updates and patches that Microsoft is pumping out to try to keep us safe and running effectively. The unfortunate knock-on effect of this is everything else on your computer is also on this forced march of patches and updates, which means there’s at least one more indicator you have to watch. And if you are like most of us, it’s easy to miss that warning light!
What this means for you
Mozilla recently had to issue an out-of-band (meaning an unscheduled) patch this week for its Firefox browser to plug some security holes it said were already being exploited in the wild. To apply the update, you merely need to close and relaunch Firefox. The same goes for the other browsers – apply updates by closing and relaunching the app. If you are like 99% of web surfers, it’s highly likely your browser has been open and running since you booted up your computer, which also might also be long overdue for a reboot. Some of you are just focused on your work, and some of you have been burned often enough by long updates to carefully ration out the reboots to when you can afford to step away from the PC for what might be an extended bit of down time. Also, all the major browsers are fairly unobtrusive in alerting you about the waiting updates – it’s usually a small flag or dot in the upper right corner of your browser window, and let’s face it, you ain’t looking over there all that often, right?
Do yourself a favor and check to make sure your browser isn’t due for an update. If you are experiencing odd issues with web pages, or the computer is just running poorly, restarting your browser even when there isn’t an update waiting may free up some resources that will smooth out your computing experience. While it has gotten better over time, Google Chrome (and Gmail’s web interface) are notorious RAM hogs that will slowly soak up all available RAM the longer it runs. Microsoft’s Edge uses the same engine as Chrome, and while it seems to be a better steward of resources, it can still consume large quantities of RAM if you have many tabs open. And we all know you have many, many tabs open.
If there is one thing that is certain, if there is a useful technology invented that is supposed to benefit us, there is a corresponding negative usage that can and will be exploited. After the initial dopamine rush had worn off around Apple’s AirTags, people started waking up to the negative implications of a small, easy-to-conceal, wireless tracking device that utilizes one of the largest global networks in the world. Apple’s “Find My…” network is too useful to not be exploited, and the less ethical are already doing so.
What this means for you
Apple’s AirTags were initially created to track items that could be easily lost or stolen and ostensibly were made inconspicuous so that they weren’t unsightly and so thieves couldn’t easily find and discard the trackers. Once reports started flowing in of the “less orthodox” usage of AirTags, Apple immediately tried to get out in front of the problem by letting everyone know that AirTags themselves have unique, embedded serial numbers and their usage is tied to an Apple account – information they will surrender to law enforcement in a criminal investigation. But they glossed over something that more inventive hackers latched onto – what’s to stop someone from creating a “cloned” AirTag that simply bypasses Apple’s security measures? At the moment, nothing. Someone has already done so, and you can assume that Pandora’s box is not going to be closed any time soon without significant intervention from Apple.
Until that happens, you should get caught up on Apple’s lengthy advice on detecting and finding unwanted trackers. The article goes into great detail for Apple device users, so if you are an iPhone user, finding an unwanted Apple-made AirTag should be pretty straightforward (if not a wee bit unsettling). For the rest of us using Android devices, Apple has released an app called Tracker Detect (watch out for copy-cat apps!) that has to be activated manually. Not nearly as useful as its iOS counterpart, but at least they tried. If you’d like something a bit more robust and not funded by Apple, you can try AirGuard which was developed by a research team out of German university TU Darmstadt. I’ve tried both apps and while they appear to do no harm (other than possibly drain my battery faster), I can’t really verify that they work, as I apparently don’t have any unwanted trackers near me. Yay? Either way, if you suspect you are being digitally stalked, make sure you share your suspicions with your loved ones and authorities and get familiar with this site and its resources immediately!
Image by Thomas Wolter from Pixabay
It seems like common sense, doesn’t it? While accidents and mechanical failures do happen, getting hurt while using a chainsaw usually comes from not understanding what the tool is capable of, or how it works. Fire is hot and teaches a clear lesson in an instant, but Technology, despite having an almost unlimited potential to do harm, isn’t always so obviously dangerous like a chainsaw or stove burner. For certain, if you’ve been personally attacked or hacked via technology, you might be a bit more cautious with certain things than someone who hasn’t been “burned”, but unlike fire, technology is constantly changing, and consequently, requires constant lesson-learning. But it also requires a certain level of respect for its sharp edges which most ignore or forget.
What this means to you
As some of you might already know, being book-smart is different from being street-smart, and knowing how to use a piece of technology is a long way from being savvy about that same piece of technology. As an example, most of us know what email is and how to use it, but many still make poor decisions on using or sharing passwords because they don’t truly understand the consequences of doing so. I still regularly meet with clients who don’t understand why their email account getting hacked could have long-reaching financial impact on themselves, their employer and their customers. Not because they are dumb or foolish, but because they haven’t been trained, and our culture deemphasizes it in favor of shiny bells and whistles. Security is rarely featured in marketing and advertising to consumers – advertisers know that security is not sexy, and increased security is often equated with inconvenience or viewed as a necessary evil like warning labels. Similar to the way the mask mandate fight is colored as an issue of freedom instead of safety and compassion, considering security when making decisions about technology is fighting an uphill, cultural inculcation that has been around ever since seat belts were first invented. Humans aren’t always good judges of what keeps them safe – it’s something that has to be learned, and as an employer or leader, you will want to keep this top of mind when considering how to keep your organization and your people safe, technology or otherwise.
Image by Peggy und Marco Lachmann-Anke from Pixabay
Last week we discussed what a properly equipped home office might look like, but another component that is just as important is the technology infrastructure of the company itself. Thanks to the unstoppable force that is the Internet, small and medium-sized businesses now have access to technology platforms and services that were previously the exclusive purview of larger companies with dedicated IT staff, without the associated enterprise-grade price tag. It’s 2022 – is your company still running on technology from the 90’s?
What we consider to be the standards for SMB infrastructure
If you are a decision maker or manager of organization that has survived and possibly thrived during the pandemic, you probably already understand the fundamentals of a successful business, and possibly grasped the core technology concepts that were a part of keeping your business a going concern while we struggle with Covid. Make no mistake, good people are at the root of your success, but so is making sure your technology is secure, readily accessible, and reliable. To make sure they are all these things, we make the following recommendations to all our clients:
- Hosted Email – For reliability, extensibility and widespread familiarity, your email should be hosted with either Microsoft on the 365 platform, or Google Workspaces. There are other providers out there, but from a support point of view, they are distant, distant thirds to the two giants in the industry. While the primary functionality of email will appear mostly the same to the typical end-user, hosting it on a fully modern and robust platform provides you with better expansion and management, and most importantly, security and the ability to implement multi-factor authentication, something that most simple POP/IMAP services don’t offer. And you should definitely not be running it on a free-mail service.
- Cloud File Sharing – Up until recently, we were staunch advocates of premised-based fileservers. They are fast, secure (if maintained properly) and relatively inexpensive to operate. Then Covid came along and rocked the modern office’s world and suddenly premise fileservers became an obstacle to working from home effectively. Just like Zoom swooping in to fill the meeting gap, platforms like DropBox, Google Drive and OneDrive stepped up to allow geographically dispersed teams to collaborate, just like they did in the office, if a little slower and, of course, much more dependent on the Internet not being down.
- Cloud Collaboration/Communication – Everyone’s fairly familar with Zoom, and while we may be heartily sick of it some days, it’s keeping us safe(r) and connected in the “new normal” working world. There are other tools that allow your scattered workforce to collaborate in robust ways, group chat apps like Slack and Teams are great for staying in touch with (and keeping a gentle hand on) everyone in your organization, as well as offering addons to manage projects or tie-ins to your ERP and CRM systems. Just because they are in isolation does not mean they have to be isolated from their co-workers or critical information. Cloud-based VOIP phone systems can also bring some old-school feel to a completely virtual office, while still providing modern, must-have features like SMS messaging, voicemail to email transcriptions, and fully-automated auto-attendants that can deliver office calls to cellphones, mobile apps and softphones on your home office computer. You can also have a desk phone in your home office that uses your internet to make and take calls, just like you were sitting at headquarters.
- Remote Access and VPNs – For those organizations that cannot (or do not want to) get away from premise-based fileservers, you need to put in better, faster internet (if it’s available, not always a guarantee still in 2022!) and provide centrally managed means for your remote workers to access the premise-bound services. While it’s possible for folks to get access to “free” remote access platforms, using one that is “blessed” by the company and their designated technology support will provide much better security and supportability.
- Malware and Network Protection – Regularly updated and centrally managed malware protection and network firewalls are crucial to keeping all of your technology and services secure. We don’t recommend self-managed solutions for any size organization primarily because your focus should be on your business, not staying abreast of the numerous changes and updates in the cybersecurity world. Not only do we recommend this for all workstations and servers, home and office networks, we also recommend additional filtering services for your cloud-based email, above and beyond the default offerings that are provided. Think of it as a firewall for your email.
- Cloud-based/Remote Backups – your data is the lifeblood of your organization, regardless of the industry. On premise backups are better than nothing, but for improved peace-of-mind and significantly improved continuity and recovery prospects in the event of a catastrophic event (either natural or digital), having your most important data stored somewhere else, encrypted and safe is a must-implement standard. Also consider email and cloud sharing platform backups. Yes they are in the cloud already, but that doesn’t prevent them from being deleted accidentally or even on purpose. Even services like Microsoft 365 only offer a limited roll-back period, whereas managed backups can literally go back to Day 1 (of the backups).
- Regular Security Trainings & Checks – This is something we don’t see very often, even in the most technically-savvy organizations. Your weakest link in technology security is always human. Sometimes its a software developer over whom you have no control, but most often it’s your own employees or vendors. Thankfully there are platforms that can assist with keeping your people current with the most important security fundamentals without taking a lot of their time, or forcing them to sit through boring PowerPoint presentations. Keeping your people vigilant and well-informed will reap huge, long-term security benefits that can’t be realized with hardware and software alone.
It’s 2022 and approaching the third(!) year of the pandemic. Your company is onboard with “telecommuting” and perhaps they’ve decided to lean into it for real, which means it’s time to take a hard look at that 8-year-old computer and rickety chair you bought at a local garage sale. Definitely replace the computer and that torture device you call an office chair, but if you’ve been granted any sort of budget or trying to determine what to ask approval for, here’s what we consider to be “must haves” for an effective, remote technology workstation.
- A solid, wired data connection. It’s 2022, and WIFI is good, but it’s still not nearly as reliable as a wired, gigabit Ethernet connection. I can hear you say, “But I never have problem streaming music and videos over my WIFI!” Yes, because those services are designed for the scattershot data delivery of WIFI, but if you are connecting to an office via the internet you have to eliminate as many variables as possible, and WIFI is still variable, no matter how much you spend or how close you sit to the router. If you are having connection troubles or frequent drops, WIFI is often a major factor. Figuring out how to get a wired connection to your workstation will be worth it.
- Broadband, high-speed internet. If you are still on DSL and you have access to faster options, you are doing yourself a disservice, even if the cost is higher. Everything is internet connected – you are limiting your capabilities and your usefulness to your company.
- A late-model computer, with a big screen. Treat yourself to at least a 24″ monitor if you spend more than a couple hours staring at a screen. And your computer should be at least a 9th generation Intel or AMD Ryzen generation CPU with a minimum of 8GB of RAM. If you can swing 16GB, you will be sitting pretty. Don’t even consider a computer without an SSD if you are shopping – the Windows 10 and 11 operating systems seem to be optimized for SSDs, and spinning drives (HDD) are now better suited for large data storage needs (file servers, video editing, photography, graphic design) and backups.
- A proper, ergonomic desk and chair. If you are sitting for 6+ hours a day, most importantly make sure you are taking regular breaks, but also make sure you are working at a desk and chair that is properly sized and aligned for typing and viewing. This means your keyboard and mouse should be placed so that your forearms and wrists are (at most) at a flat, 90-degree angle to your upper arms and body, your monitor directly in front of your body with the top of the screen no higher than a straight line to your eyes while sitting up straight. Feet should both be flat on the floor, with thighs flat and calves again at 90-degrees to your thighs. Get a footrest if you are short or your desk is a bit taller than usual, but don’t compromise on the angles. Trust me. I’ve been doing this for 30 years – you don’t want wrist, back or hip problems.
- A good headset and webcam. If you spend any time on the phone, whether it be a VOIP, soft or cell phone get something comfortable with a dedicated mic. Your callers will notice the difference. Your ears will thank you, and your housemates (if you are in a shared office) will appreciate it. If you prefer “speakerphone” mode and can do so without disturbing the peace, getting a webcam with a good mic will be a step-up, especially if you are using any sort of amplified speaker for audio. The $30 webcams we purchased in the early pandemic rarely had decent mics, and if videoconferences will be a regular part of your day-to-day, upgrading to a more expensive webcam will be noticeable to you and your fellow attendees.
- Proper, up-to-date software. Regardless of whether your workstation is just a means to remote into a workstation in an office, or your primary device, it should be protected by up-to-date malware protection, an active firewall, and if you store any important data (personal or work) some form of cloud backups. If data is processed on the computer in front of you, it should have the latest version of software being used, and that software should be kept up to date, or at least in line with your company’s expectations. It should be managed no differently than an office machine, regardless of who owns it.
If there is one thing that the holiday seasons are known for, it’s the broken-record playlists we are subjected to wherever fine background music is played, but rather than torturing your ears with “All I want for Christmas” for the 50th time today, I’ll sing another familiar tune that starts like this, “Protect yourself before you wreck yourself.” Not quite as catchy as Mariah, and definitely not as earwormy, but you probably already know the words, because I sing this song all year long. Digital crime is up, and more and more people are falling victim to scams and the scumbags who run them.
Here’s your list, you should check it twice
- Back up your data. Preferably to a cloud-based platform that you don’t even have to remember to run. Most self-managed services come as little as $7 a month. Some of us spend more than that on coffee in a single day. Don’t want the cloud? Grab a small, portable hard drive in the multi-terabyte range and set up backups to that device. Most come with a free, downloadable backup app that will handle rudimentary backups. Not as good as cloud-based automatic backups, but better than nothing.
- Turn on 2-factor authentication for your email. This probably won’t cost you anything – even most of the free email platforms offer some form of multi-factor authentication. Yes, having multi-factor is a pain, but you know what hurts even more? Having your email account hacked and used to con friends, family and clients. Don’t be that Grinch this season!
- Keep your work and personal stuff separate. Thanks to Covid, everything is all mixed together. Working from home is great if you are fortunate enough to have that “privilege”, but it also means that it’s harder to keep the two worlds from colliding constantly, especially from a security standpoint. If it looks like you are going to be working from home for the long run, perhaps it’s time to make sure the computer and devices you use for work are dedicated to just that, and not moonlighting as a homework/videogaming platform after hours. Working parents, you know what I’m talking about!
- Keep track of those pesky passwords. Let’s face it, Santa ain’t bringing us the gift of freedom from passwords this year, so treat yourself to a real password manager. Again, the good ones aren’t that expensive, as little as $3 a month! You can even get a family plan that allows you to share passwords – might be useful for multi-generational households and the multitude of streaming services they are guaranteed to be watching!
- Get a “mask” for your computer. Let’s face it, long before the pandemic darkened our doorways, the internet was polluted enough that the smart computer users were masking up with malware protection. The pollution has gotten worse, and shows no signs of abating. Having your computer go out in public without a mask is just asking for an infection and unfortunately monoclonal antibodies won’t save your data.
Image by Arek Socha from Pixabay











