If there is one thing that has been consistent with the Apple brand throughout the years, it’s that they have a fiercely loyal customer base that has expanded from what was once a very small percentage of the market, to worldwide dominance through their mobile devices. The reasons why Apple’s brand is so popular could be the subject of numerous dissertations on the power of marketing, psychology and design aesthetics, and for the most part, their hardware and software has consistently been of high quality (with a handful of high-profile exceptions) since the very first Apple computer took the world by storm. If you are choosing Apple products for their hardware, software, or design aesthetic and can afford their comparatively higher cost, I find no fault with that reasoning. However, if all other things being equal (hardware, software, design) when determining which brand to pursue, and you select Apple based on their perceived ideological stance, it may be worth considering the below.

What this means for you

Since taking over for Steve Jobs in 2011, Apple CEO Tim Cook has work studiously and successfully to elevate Apple’s branding to represent the company as having a more socially and environmentally conscious stance. This includes several, high-profile incidents such as where he challenged stockholders to sell if they disagreed with Apple’s increasing investment in renewable energy, Apple’s public filing of a friend-of-the-court brief on Trump’s intent to cancel DACA, and most recently in the spat with Facebook over recent changes to the Apple iOS to provide more transparency on the apps that track their user’s activities. While there is nothing wrong with these stances – they are each of them laudable – these are the ones that Apple wants you to recognize them for, and not for other, more questionable decisions, such as their removal of a Hong Kong protest app at the request of the Chinese government, and most recently, their change in policy to allow phones sold in Russia to prompt users to install state-approved Russian apps, something they have never done for any other country or market…until now.

As I’m sure you are aware, Apple is a publicly traded company and is, in the end, beholden to its shareholders, regardless of its stated ideals. Yes, Tim Cook told disgruntled investors to sell if they don’t like Apple’s decision to invest in renewable energy sources, but as time has since revealed, this appears to be a shrewd forecasting of the world’s turn towards renewables. Likewise, Apple punished Facebook in January of 2019 in a highly-publicized incident where Facebook was revealed to be using an app to scrape users phones for data. Apple appeared be championing privacy for its users, but in fact the punishment levied against Facebook was for violating the licensing terms Apple extended to Facebook for the app – the license granted Facebook the ability to distribute apps for non-public apps, which this “research” app was clearly not. They were not punished for the intent of the app nor did Apple address the fact that participants were paid by Facebook for access to their data.

Social media has popularized a concept known as “virtue signaling” (controversial on its own) which seems to fit Apple’s publicity model. While Wikipedia’s definition seems to imply that Apple (as a company) should not been seen as a champion of human rights while quietly doing the opposite when it serves them, they aren’t the only company doing this, and this is not something new to for-profit companies. In the advertising world, this is known as “good branding” and Apple, if nothing else, is a textbook example of excellent brand management. Make no mistake, as long as you recognize Apple (or any other company behaving similarly) as company with a bottom line and not an entity forwarding an agenda, their ideological stance should be viewed first as a marketing strategy and evaluated on what they do, and not what they signal.

I would hazard a guess that a large percentage of Facebook’s user base was actually alive at the time it was first created as a dating app for college students, but it’s very clear that a significant portion of Facebook users now look upon it as an (if not their only) authoritative information source, valuing the opinion of their social circles more than scientific evidence and fact-checked expertise. An internal Facebook study has confirmed that a very small number of accounts out of the 3.3 billion total on its platforms (including WhatsApp and Instagram) account for half of all “vaccine hesitancy” content appearing on the platforms. While Facebook has only recently started banning false and misleading content related to the Coronavirus Pandemic, apparently there is still a vast amount of content expressing concerns about vaccine effectiveness or severity of side affects.

What this means for you

Conversations about vaccine hesitancy and fears are considered nuanced enough to fall well short of being labeled as “harmful” and rightly so – Facebook is a place for people to share their opinions. However, when those opinions are formed from what may have been deliberately planted misinformation, they can sway large swaths of populations into making choices that may prove detrimental to everyone’s health, such as vaccine reluctance in 30% of Americans. According to the Facebook’s own study, there appears to be 111 accounts that were the source of half the content published on Facebook that is causing a widespread distrust of a vaccines. Social media communities, especially ones that identify around a single (possibly controversial) belief tend towards reinforcing narratives instead of challenging them. The basic human need for validation has always created “echo chambers” in society, even well before the internet, but the size and speed of platforms like Facebook allow for the viral spread of both harmless fun and extremely harmful ideology with horrific outcomes.

To deliberately misquote a line from one of my all-time favorite movies, “What can we do against such reckless misinformation?” Riding out on a horse, while glorious, isn’t going to be effective. Make sure you are challenging misinformation by gathering information from a wide variety of sources. Don’t just assume those sources are reputable or trusted because they are on the internet or worse, found in your own echo chamber. Facebook can be a source of information, but as has been demonstrated time and time again, not one that should be fully trusted any time soon.

Image by Pablo Jimeno from Pixabay

Despite their best efforts, SolarWinds isn’t going to be able to slip back into obscurity anytime soon. Up until late last year, most regular folks wouldn’t have any idea who SolarWinds was, let alone what they did. But when one of the world’s largest outsource IT providers gets hacked, leading to the compromise of approximately 100 very large companies and NINE federal agencies including the National Nuclear Security Administration, you aren’t going saunter casually out of sight after such a massive gaffe. You might try a little misdirection by throwing an underling under the bus, but all that is doing is making things worse, regardless of whether it’s true or not.

True leaders know where the buck stops

As the SolarWinds “saga” started to slowly unfold for us in December and January in all of its terrible glory, one of the minor “subplots” that was revealed involved a comically weak password that was used to secure a SolarWinds server. If you ever want to bring a rain of derision and reproach from the technology community, use a password like “solarwinds123” as part of your infrastructure while providing IT to the agency that manages our nuclear arsenal. And if you want to double-down on your foolishness, blame an intern for it.

It’s entirely possible that an intern might actually be at fault; all of us were young and “wet behind the ears” at some point in our careers, and let’s face it, there are a ton of people out there who might think that this is at least an OK password. But let me tell you something: every single SolarWinds technician, engineer, senior engineer and up that typed in that password KNEW it was a bad password and didn’t bother changing it. Everyone reading this article knows this is a bad password, and if you’ve been a reader for any amount of time, you’ve known this for years. It’s reasonable to assume that a fresh-faced intern with no IT experience may have chosen such a password, but it should have never survived the moment any SolarWinds employee had to use it even once. Regardless of who made the initial mistake, allowing it to continue being used is absolutely leadership’s fault – all the way to the CEO. Bad passwords have consequences, but excusing and ignoring them is even worse.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

Not even three months into Apple’s release of new computers powered by the Apple M1 processor, researchers have discovered at least two malware platforms that seems to have been specifically written to target Apple’s new CPU. One of the new apps, “GoSearch22” is actually a recompiled version of a known adware app called “Pirrit”. The new M1 variant has already been decertified by Apple, meaning that it will be blocked from running in the OS if your Mac is current on updates. The other malware app, dubbed “Silver Sparrow” appears to be brand new and is showing up on at least 30K Macs both M1 and Intel-powered machines, but at the moment, researchers aren’t quite sure what it’s intended to do.

What this means for you

For the majority of Windows users this is not relevant and you can carry on worrying about the myriad other security concerns that the platform is infamous for, but if you happen to use Apple computers for your daily work, take note. At the moment, Silver Sparrow isn’t doing anything except existing and looking very suspicious. It may never be deployed – think of it as a sleeper agent whose cover has been blown. The fact that it exists and a version of it written explicitly for Apple’s new M1 CPU means that cybercriminals are leaving no stone unturned in their pursuit of exploiting every internet connected device. Where before Apple users could work knowing that because of their relatively small market share they were unprofitable targets for malware developers and as a result slightly more secure than their Windows brethren, this is clearly no longer the case. OS X is definitely being targeted by mature, sophisticated adversaries. While security through obscurity was never a good enough reason to not run malware protection on OS X, it’s definitely been invalidated by the sudden and widespread appearance of Silver Sparrow. Make sure you are running up to date and effective malware on your Mac, old or new. If you don’t know what to install, contact us for advice or a managed solution.

Last week the sleepy Florida town of Oldsmar made headlines as its municipal water utility was targeted in a cyberattack. The attack resulted in the unauthorized access of a computer that controlled the chemical treatment of the city’s potable water supply, and the attackers actually managed to adjust a setting that could have poisoned the water for 15k people. Fortunately, the computer was actually being monitored by an employee who was able to safely reverse the settings change and alert authorities. Aside from the ominous implications evoked by cyberattacks on critical infrastructure like water supplies, this specific attack garnered additional attention because of Oldsmar’s proximity to the stadium hosting this year’s Super Bowl and the fact that it happened 2 days before the actual game.

What this means for you

What many of you might not realize, even though we’ve written about it before, is that our nation’s utility infrastructure is protected by technology that is outdated, underpowered and poorly managed. And it has been under constant attack since at least 2013 and most likely even before then. That being said, it appears the Oldsmar attack was not perpetrated through a series of exotic, Hollywood-esque tactics, but rather by exploiting a forgotten install of remote management software TeamViewer that was using a shared password set for the entire company. On top of this, the computer was connected directly to the internet with no firewall in place. While this lack of security isn’t uncommon in small organizations around the world, the fact that this is happening at companies that control vital services like drinking water should be fairly alarming to you. According to utility officials, there are plenty of other safeguards in place that would have prevented the actual poisoning from actually occurring, but one has to wonder whether or not an audit might be in order? If they installed a bit of software in a fashion that allowed it to be exploited with almost no effort and then forgot about it, what else might they have installed poorly and then forgotten?

When working with people who are actively attempting to correct or remediate behaviors that were previously unproductive or destructive it’s important to provide encouragement and feedback on the positive changes. Common sense would dictate that any progress is better than none at all, and it serves no one to berate someone for shortcomings they are actively working to improve. But corporations aren’t people, and social media mega-corporations like Facebook have such a significant impact on the world that they should given no quarter when it comes to criticism. I understand that they are a for-profit company and have no other master to serve, and if they just openly stated that everything they do serves that master, I wouldn’t bother taking them to task. But what they say and what they do are two different things.

Facebook – Hold Them Accountable

In February 2019, a full year before the start of the pandemic in the U.S., California Representative Adam Schiff asked Facebook point-blank why they were allowing misinformation about vaccines to spread on their platform knowing full well that this type of activity would be a danger to the public, and is a direct violation of their own terms of use.

On April 16, 2020, over a year after the “friendly warning” from Congressman Schiff, and months after the pandemic had already spread around the globe, Facebook finally acknowledges that their platform is being used to spread misinformation and promises to engage “fact-checking” and warning labels to inform users of possible misleading information.

In May 2020, they pat themselves on the back for putting warning labeling 50 million (!) pieces of content. “Warning labels”, like the ones on packages of cigarettes that clearly keep people from smoking them.

Fast forward to Feb 8 2021, over 2.3 million Covid-related deaths later, and Facebook is finally getting around to straight-up removing misinformation from its platform. How many deaths could have been avoided if they hadn’t allowed rampant misinformation, fear and hate to spread on Facebook? Don’t get me wrong, never at any point since the day I first heard of Facebook did I suspect them of possessing any shred of altruism or compassion. The initial concept of Facebook sprung from a crude looks-based popularity contest (Hot or Not), and it still remains in part, like most of social media, a popularity contest. If any company in the world had the resources and the brain power to be ethical and compassionate and profitable, Facebook should have this advantage in spades, and yet they have been content to let the market rule until it’s more convenient (read: a shift in political power) for them to behave otherwise.

Don’t make the mistake of thinking Facebook (or any for-profit company) is motivated by ethics or altruism until they demonstrate it at the cost of profit. While I am not foolish enough to believe that all the death and heartache caused by Covid-19 was due to the purposeful spread of misinformation on Facebook, if even one death is attributable to this, isn’t that one death too many? Is it too much to ask the biggest, wealthiest company in the world to be more responsible, more ethical? I don’t think so, and I hope more people will continue ask this same question and demand answers.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

While the past year has been no picnic for anyone except the handful of billionaires profiting from the pandemic, it’s at least given some of us opportunities for improvement and enlightenment that we may not have otherwise pursued given the usual daily routine. Some of you have whiled away your free time catching up on shows, learning languages, or taking up new hobbies, some have even completely remodeled bathrooms, kitchens and garages. Almost every single work-from-home professional has had to become an IT technician whether they wanted to or not, but despite that, many of you still don’t know some things you absolutely should know.

Don’t be afraid or ashamed to ask!

As I’ve said before, I don’t expect everyone to become IT professionals, even after 11 months of working from home with shoestring budgets and Macguyvered technology. Once we get in front of Covid-19 I am anticipating many organizations will seriously reconsider returning to the traditional office environment if they haven’t already marched straight ahead into a virtual workplace future without looking back. In order for that future to work for a business, their WFH employees need be as efficient and productive as before. If you are one of those salivating at the prospect of working from home for the foreseeable future, you need to make sure your tech game is on point with these essential tid-bits:

Who is your internet provider? Not only should you know who it is, you should have their tech support number as a favorite on your smartphone. You should know your account number and what you are paying for, and what you can expect for customer service. Seriously consider paying more for a “Business-class” account if you have a residential account – the quality and speed of the internet won’t (necessarily) be different, but the speed at which they respond to service calls is much better.

Where is your internet router? You should know where it is in the house, what it looks like, and how to turn it on and off. You should know what the lights on it mean, or at least have a quick reference handy to interpret the lights. If you live in a single-family residence, you should know where the service lines come into your home. If you set up your own router or mesh wifi system, you should have the brand and model handy, and if you needed to use a phone app to set them up, what that app is called. If someone else set up the devices for you, have them write down this information for you, especially if they aren’t a member of your household.

How does your work computer get internet? Ethernet wire or WIFI? More importantly, can it do both? Most folks rely heavily on WIFI, not realizing that “hard line” networking is way more reliable and in some cases, dead simple to set up. Not every household can take advantage of an Ethernet connection, but if you have any opportunity to do so, do it.

Know your home workstation. You should know the brand and model, and where all the critical control points are on the computer: power, network and peripheral connections. You should also understand what any visual indicators might be telling you – power and hard drive activity lights, network indicators, etc. If you have additional peripherals like monitors, printers, keyboards and mice, you should know how they are connected and how to replace consumables like toner, ink or batteries.

Know your software. If the machine you are using at home is your own and not managed by your employer, you should absolutely know the following: What operating system and version you are running. Whether or not you have antivirus installed and working (you should). What program or platform are you using to back up your data. You should also have critical passwords recorded in a safe (preferably digital) place that you can get to even if your main computer is inoperable.

Image by Lorenzo Cafaro from Pixabay

If you’ve used a computer – Windows or Mac – in the past 20 or so years, you’ve probably used a handy product called Malwarebytes. Once consider a scrappy bit of software us techs could whip out during the early days of malware infections, Malwarebytes has since “leveled-up” into a very successful security platform that still offers a useful, free version of its malware scanner. Unfortunately, their visibility in the market makes them a big target as well, and they just revealed that they have been compromised by the same hacking group that gutted SolarWinds.

What this means for you

According to Malwarebytes, unlike SolarWinds their products were not compromised but their email was hacked in the same manner. Even so, email is the lifeblood of any organization, so this is still a blow to their brand and to their internal morale. In their defense, the group responsible for the hack is credited with possibly one of the most devastating cyberattacks in history and it’s pretty evident we are only just starting to discover the breadth of their campaign which is conservatively estimated to include thousands of companies. These types of wounds (and scars) are earned on the front-lines of a war most of us don’t see, and it is at once disconcerting and strangely comforting that even the largest, best prepared organizations still fall victim to cyberattacks. This should not discourage you from making every effort to stay safe. If anything this should serve as a stark reminder that there are powerful forces aligned against ethical, honest people who are just trying to get some work done, and as such always allocate a healthy amount of resources and respect for security and backup for your technology infrastructure.

Much of what I learned from my father about being handy around the house was from watching him work, and then, once I was old enough to be more useful than distracting, from actually doing the work while under his careful supervision. His style of instruction was typically hands-off and non-verbal, letting me experience the tools and work for myself, but he spared no words when it came to warning me about the dangers of the various tools (powered or not) with which we worked. His hands were covered with various scars that did not require more than one terse explanation, and my grandfather was missing parts of two fingers from a woodworking accident that served as a silent and regular reminder of a life lesson I carry with me to this day: Tools are dangerous regardless of your familiarity with them – always treat them with respect and understand their proper use and application.

Ignorance and injury go hand in hand

The attack last week on the nation’s capitol by extremist thugs will no doubt grace numerous textbooks and will provide plenty of lessons for everyone, but there was a particular behavior exhibited by many of the invaders that has provided plenty of amusement for the rest of nation and illustrates my point perfectly. While I’m sure many of the people participating in the violence last week thought they were justified and not committing crimes, documenting your “activities” via social media demonstrates a clear lack of understanding of what that act actually achieves. Not only did they visually document numerous criminal activities that directly or indirectly led to the deaths of 5 individuals, they pinpointed themselves at the scene of the crime via GPS on their “smart” phones. This same crowd used the conservative social media platform “Parler” to organize this attack, to foment additional hate, and then documented it with thousands of posts, pictures and movies, all of which was scraped by a hacktivist and made available to the public and, presumably, numerous law enforcement agencies. I’m sure there were plenty of law abiding citizens engaged in reasonable discourse on Parler – one of the most common arguments offered by conservative politicians on the dismantling of your privacy is, “If you’ve done nothing wrong, you have nothing to fear.” Over 50 terabytes of data is a lot to sort through, but you can be sure that plenty of self-incrimination will be found within.

In addition to the lessons taught by my father and grandfather, I learned plenty of times the painful lesson that even tools you know well can “bite” if you are careless or try to use them in unintended ways. While poetic justice is rare and should be celebrated when it is encountered, Parler’s unintentional incrimination of some of it’s hate-filled user base should also pose a sober lesson for everyone. It’s clear that social media (and the internet) was meant to bring the world closer to together but it has, at the same time, driven a dangerous wedge into society. Ignorance, misinformation and hate spread just as quick as knowledge and compassion on the internet, and we just got bit by the sharp edge of this tool.

Later on in life, once I was old enough to appreciate it, my father told me that it was a constant struggle to not snatch tools from my hands if it looked like I might hurt myself. He knew I had to learn the hard way, but not necessarily at the cost of a finger or worse. Unfortunately, my dad isn’t around snatch this tool out of our careless hands, and it’s clear Twitter and Facebook’s “dads” aren’t keeping a watchful eye either. By allowing hate and lies to ferment online, social media usage played a direct role in creating one of the darkest days of American history and led to the loss of 5 lives. Seeing as this tool can’t be put down and another used, we must learn how to use it properly, safely and for constructive purpose.

Image by Peggy und Marco Lachmann-Anke from Pixabay