Aside from a huge spike in personal hygiene, if there is any other glimmer of a silver lining from the Corona Virus pandemic, one of them is assuredly that a lot of employers are going to need to re-evaluate their telecommuting stances. After working for more than 20 years in corporate offices, some of which had reasonably flexible telecommuting policies, I have now been running C2 from the comfort and convenience of our home for over eight years and I can honestly say I don’t miss working in corporate office at all. That being said, jumping straight into becoming a full-time telecommuter is not just a matter of grabbing your laptop and making a bee-line for home.
It can’t be that hard, can it?
- I.T? You’re it! Sadly, unless you happen to live with an tech-savvy family member you’ll likely be the hands-on technician when things go wrong. As companies spread out, that lone office technician is going to be spending more time in the car and less time helping you, if corporate even lets them service home offices, and most can’t/won’t for a variety of reasons. You can be sure in a quarantine situation no one is going to be making house calls. Being a telecommuter means you will have to become familiar with and responsible for a lot of technology that you never had to worry about previously.
- Is your home internet up to snuff? While broadband has largely become readily available and mostly affordable in larger metropolitan areas, I still encounter plenty of residential neighborhoods, even here in Los Angeles, where the internet provider choices are slim, slow and expensive. Before you raise your hand to work from home, make sure your internet can handle it.
- Do you have space for an office? Just because you don’t have your own office at corporate doesn’t mean you can work long term at the dining room table at home. Even if you live alone you should try to keep your work and home environments separate for many reasons: noise, privacy, organization, and most of all, work-life balance. Make sure it’s close to the router if you can manage it, because…
- WiFi may not be enough. Though it probably works great for enjoying music or movies around the house, home WiFi is often sub-par compared to the reliability of office networks, especially if you’ll be using a VPN or a VOIP phone, or participating in video-conference calls. At minimum, you’ll want to be as close as possible to your WiFi router to guarantee a strong, reliable signal or even a direct Ethernet connection to eliminate the unpredictable nature of WiFi altogether.
- You’re going to need a better chair. Having been in numerous home offices, I can confidently say that most of you do not have the same quality office furniture as even the most humbly outfitted company office. That dining room chair with the worn-out seat cushion will put you in traction quicker than a car accident, especially if it’s paired with a makeshift desk built for a middle-schooler. I’m looking at you, Ikea. Pay attention to ergonomics – a sofa built for Netflix watching is going to wreck your back if you spend eight hours (or more) a day working from it.
- Is corporate actually ready to go virtual? Even if you check all the boxes off on this list, your company may not actually be ready to go virtual, especially if they are being forced into it. Deploying a large chunk of your workforce into the field requires some planning and investment into proper infrastructure and training, both for the workers, staff IT and the leadership of the company. Don’t be surprised if everything doesn’t work like it used to when you were all in the same building. If your company has only dabbled in telecommuting, going full virtual and staying at 100% productivity isn’t something that happens overnight, even for the most nimble
In case you haven’t already seen what Deepfakes are all about, here’s a relatively harmless and entertaining demonstration of what our dark future holds:
The deepfake technology first surfaced in 2017 and even at the time of its first appearance, nearly every pundit paying even minuscule amounts of attention predicted they would have significant political ramifications. Late last year, sophisticated deepfake videos made enough of an impact that legislators and business leaders both called for regulation of the technology.
Deepfake Videos Deployed in Indian Election Campaigns
Though it wasn’t the first politically motivated deepfake video, India has the dubious distinction of being one of the first countries to see a series of deepfake videos distributed by a political party as part of their official campaign. The videos, which feature the opposition party BJP president fluently criticizing the incumbent government in multiple languages he does not speak, went viral on WhatsApp, reaching as many as 15 million people. While party officials and the communications firm behind the videos describes them as “positive campaigns,” watchdogs and fact-checkers are alarmed to the point of dubbing it a growing crisis.
As we approach our own 2020 elections and the battle over “fake news” and “alternate facts” become pivotal to voters, it has become painfully obvious why everyone is raising red flags on this issue. Skillful and almost imperceptible image and audio manipulation have been around for decades now. Coupled with the lightning spread of information the internet provides, spreading fakes has become so commonplace that every picture and recording is doubted as a matter of course, leaving the average human with very unsure footing. Once video is undermined as a reliable record, we are literally left with only trusting what we see and experience in person, making our global worldview tragically smaller and provincial, which is the exact opposite of what technology was supposed to do in the first place.
Despite what Hollywood, Apple, Amazon and Google might want you to believe, accessing and securing our technology lives still takes more than scanning various body parts and shouting at inanimate objects. These fancy biometric gateways are still powered by the clumsy password mechanism that has been around for decades and will probably exist for a while longer. Despite much effort from the industry to innovate ourselves beyond this particular security mechanism, we’ve only managed to make it somewhat easier to keep track of the growing number of passwords we are required to maintain just to be a part of modern society.
Post-it notes won’t do anymore
Even though password management platforms like LastPass, 1Password and Dashlane have been around for several years now, the majority of my clients still manage their passwords manually, either via bits of sticky paper, a spreadsheet or a little black book. Even though very insecure, this was at least somewhat do-able when all you had to keep track of was a dozen or so passwords. According to a 2017 report written by password manager LastPass (full disclosure: C2 uses LastPass to manage passwords), the average business user has to keep track of nearly 200 passwords, and I am certain that this number has only grown over the intervening 3 years. Unless you are incredibly disciplined and well organized, managing that many passwords manually is just not practical. If you need to share these passwords with co-workers or family, that system just became wildly unmanageable and very insecure.
Password management platforms are designed to step in to replace the notes, spreadsheets and little black books, and they can add other perks as well. Most will provide browser plugins and mobile device apps that can, once unlocked, automatically enter tracked passwords into your websites and apps as needed, as well as tracking and updating your password database whenever one is changed. These same platforms will also see when you create new passwords and offer to save them, and some, like 1Password and Google will even warn you if you are using a known compromised password. Several of these systems can also be upgraded to allow you to safely and securely share passwords with other people.
While the above-mentioned platforms typically have a subscription fee, there are several no-cost alternatives that are still better than the analog equivalents. Google’s password management service is cloud-based and can help you retrieve passwords across multiple devices, as is Apple’s iCloud-powered Keychain. Firefox also has a password management function if you create a Firefox account.
Ironically, using any of these password management platforms does require yet another password, and on top of that, most will also require some form of 2-factor authorization on top of the complex password you should memorize and never write down. The advantage here is that you only have to keep track of a single password instead of 200+, which should allow you to use your brain for more important things like birthdays, anniversaries and where you put those dang car keys.
Most of my clients are surprised to learned that we spend a large percentage of our troubleshooting time on password issues, and within that particular category of issues, the majority of that time is spent on recovering or resetting lost passwords. They also worry that they are unusually bad at this aspect of their professional life, and are somewhat comforted to know that this is something that everyone, including C2, struggles with on a daily basis. Passwords are like the life insurance of technology usage – nobody wants it, but everyone needs it. I’ve yet to meet someone who was excited or pleased because they’ve been presented with a password prompt. It’s a chore, but you shouldn’t make it more work than it needs to be by leaving the management of it to a stack of sticky-notes, unsecured Excel spreadsheet or little black book that is safely tucked in a drawer of your desk, but unfortunately unreadable from your hotel room half way around the world.
Passwords aren’t going away any time soon
By now, you’ve probably realized that writing down, let alone memorizing passwords in today’s world is a losing proposition. Everything is internet connected, not just work technology – your doorbell, your fitness tracker, your thermostat, your car – everything has a password, and if you are doing it right, they all have unique, hard-to-guess passwords, right? Riiiight. Most of these types of services and devices rarely require you to enter the password, meaning you probably won’t remember them, or even realize they have a password that needs to be written down. But when it comes time to troubleshoot or access the service, you don’t want to be scrambling to find that password, or worse, wasting precious time resetting it.
Once you convince yourself that your current method of (barely) managing passwords isn’t going to be sustainable there is also the fear of letting someone else keep track of them for you. My clients’ biggest concern is, “What if my password management platform gets hacked?” which is a fair concern given that it seems like everyone and everything is getting hacked these days. There are no guarantees out there – hackers are clever and humans, as a rule, are careless enough that this combination results in security that is as flawed as we are. What I always tell my clients is that they don’t need to be perfectly secure – they just need to be more secure than the average person to improve their defenses significantly. I also remind them that they are more likely to be successfully hacked than a business whose primary mission is to protect your data. If there is one thing that criminals do not want to do is waste time chasing difficult marks. So make sure you’re not an easy target by upping your password game.
Next week – showing those passwords who’s boss
Image courtesy of Graphics Mouse from FreeDigitalPhotos.net
In my not so humble opinion, there is no lower form of life than those who take advantage of disasters and tragedy to spread misinformation, fear and hate, either for profit, political gain, or even worse, for their own entertainment. Sadly, the internet, as I have written about previously, is amazingly efficient at spreading information paired with the unfortunate inability to provide any differentiation between truth and lies. Ideally, this is how the internet is supposed to work – no one should have the ability to censor any of the information shared on the internet, but this double-edged sword cuts both ways.
Who can you trust for news?
The outbreak of the Corona Virus has dominated the news headlines lately, so it’s only natural to expect a lot of buzz in social media about the illness, and because the internet is a target-rich environment for anyone looking to spread misinformation, either for profit or general mayhem, naturally all sorts of crackpot miracle cures, conspiracy theories and racist stereotypes are finding audiences starved for information about the disease. It doesn’t help that the outbreak is happening in China, a nation with a history of other deadly viral outbreaks and a notorious lack of transparency, on top of having a bit of a human-rights image problem at the moment.
Unfortunately for us, most of the major social media outlets are already struggling to combat “fake news” and general distrust of scientific procedure and evidence on a wide variety of topics. While some have prevaricated on politics, most of them seem to have their heads on straight when it comes to medical matters, especially when misinformation can lead to significant health issues. Even though they have fact checking organizations publishing corrections, algorithms downgrading inaccurate posts, and moderators cracking down on pseudo-science discussion groups, plenty of misinformation continues to spread.
The “signal to noise” ratio on the internet is not getting any better, which only it makes it harder for those of us who are trying to make sure the information we receive not only confirms our beliefs, but is also backed by facts and scientific rigor. Here are a list of trusted organizations that can help us all separate fact from fiction online:
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
It seems apropos with all the recent chatter about our country’s Constitution to discuss a well known bon mot from an eminently quotable founder, Benjamin Franklin.
Our new Constitution is now established, and has an appearance that promises permanency; but in this world nothing can be said to be certain, except death and taxes.Benjamin Franklin, 1789
I make no claim on being nearly as clever or influential as our esteemed
sixth president founding father, but I can say with some confidence that we should add a third certainty: hard drive failure. If my thirty-odd years of working in technology has taught me anything, it’s that devices can and will fail. Whether it’s a device that is spinning magnetic platters at thousands of revolutions per minute, or tiny bits of metal and mineral pushing millions of tiny sparks around an object the size of your thumb nail, the laws of nature say that at some point, chaos wins and your orderly world of ones and zeroes turns into a lot of, “Oh no’s…”
“If you fail to plan, you are planning to fail.”
You can probably guess who said that, right? I’m pretty sure Mr. Franklin would have felt right at home with today’s technology. This week alone I’ve seen more hard drives fail than feels comfortable, and in at least 2 of those cases, the individuals did not have a backup of their data.
Mechanically, all hard drives will inevitably fail. Even though most models are supposedly built to run for years of non-stop operation, statistically, we are seeing that the average life span of a spinning hard drive to be between four and six years. Just because you’ve got a hard drive that seems to have beaten the odds and is still performing like a champ, the opposite is way more likely – you are working on borrowed time. And the same goes for drives that are younger – just because they haven’t hit their expiration date doesn’t mean something can’t go wrong.
Instead of planning to fail, why not plan for failure by backing up your data? For less than $100 a year you could be backing your data to the cloud with essentially zero effort. It almost takes more effort to not back up your data given how pushy Microsoft is with OneDrive, so why aren’t you you backing up your most important digital assets?
Image courtest of Stuart Miles from FreeDigitalPhotos.net
As you are reading this, Microsoft will have officially ended support for Windows 7 on January 14, 2020. It’s a testament to the popularity of the OS that despite Windows 10 being offered as a free upgrade for any licensed copy of Windows 7 or 8, it took Windows 10 nearly 4 years to finally surpass the installed base of Windows 7 users. Even now, though the upgrade is still being offered for free, 26% of all PC’s are still running Windows 7. In prior years, I had warned about charging headlong into upgrading to 10, as the process was fraught with problems, and some of you inadvertently upgraded through Microsoft’s rather heavy-handed and confusing update messages. Fortunately, though it still has its problems, the upgrade process is much more stable and many computers, even though they may be relatively old (in computer years), can run the “new” OS just as well as they ran 7.
January 15 begins the slow retirement of Windows 7
One of the things that is worrying most of my clients are the various dire warnings they are receiving from many software vendors that “Windows 7 will no longer be supported” by that company. When conversing with the support desks of these various software vendors, you can ask them point-blank, “Will your software stop running on Windows 7,” and you will receive the answer, “We no longer provide support for computer running Windows 7,” which doesn’t really answer the question. Any well-trained support representative cannot answer this question without getting into trouble, as any variation of “Yes, but…” will result their customers continuing to use an OS that is no longer guaranteed to get fixed by Microsoft if something breaks. And therein lies the heart of the matter.
Though we can’t guarantee it, it’s pretty likely that your software, if it was running properly on Windows 7 on January 14, will continue to run properly on January 15th. While it is technically possible that a software developer could code their applications to stop running if it sees your computer running Windows 7, you can see how that may not sit well with customers if a program they paid for just stopped working. Instead, they are taking a gentler path, hoping to use a thinly veiled threat/warning instead of an outright cattle prod.
In the short run, if you hit a problem with a piece of software that requires a call to tech support, you’ll get nowhere fast as soon as they notice you are still on Windows 7. Though the software may still be running despite the issue, you’ll be on your own to solve the issue (even if it’s not caused by Windows 7), and if it’s not running at all, you are out of luck.
In the long run, continuing to use Windows 7 will be a problem for everyone, as the Microsoft will likely stop producing security patches after a year if they follow a similar retirement path to the one used for Windows XP. Not only will this make the OS increasing dangerous to use, it will likely result in Windows 7 becoming more unstable as time passes, and performance will decrease as new hardware and software are optimized only for Windows 10.
Even though you will probably be just fine running on Windows 7 for the next few weeks (or even months depending on your environment), unless you have a compelling reason to not upgrade, moving to Windows 10 should be on your first or second quarter to-do list. Be prepared for some disruption, whether you upgrade the OS or buy a new computer with 10 already installed. If you need a primer on what to expect on going to 10, have a look at our three part series here:
Just saying the year sounds like the opening of a science fiction movie, “In the year 2020, human technology had long outgrown the archaic communication medium known as ’email’…”
To be fair, quite a few famous sci-fi films were wildly off on where we would be in 2020. Instead of interstellar travel by 2016 (Blade Runner), moon colonies and superhuman AI (2001: A Space Odyssey), or hoverboards and flying cars in 2015 (Back to Future Part 2), instead we have entire governments, economies and even generations struggling with overflowing, polluted inboxes based on a technology developed in 1972.
Email is 48 years old. Microsoft Outlook is officially 30 years old.
In celebration of exactly how much email has stayed the same, I’m cataloging past blogs I wrote about managing email that, sadly, still apply, even years later. Fortunately, they should still be useful to you, managing your email in the distant year “2020”:
- Petraeus-Gate and Fallacy of Email Privacy (2012) – TLDR: your email is not private. Seven years later, surprise surprise – still not private.
- Your email is not private (2014) – TLDR: Email providers host your email governed by Terms of Service that state they can read your email. Still true in 2020.
- Email’s growing problem (2015) – TLDR: Email boxes got huge, but programs to manage them haven’t kept up. Sadly still true, and even more so now that people have a decade or more of email stored.
- Dealing with oversized inboxes, Part 1 and Part 2 (2015) – TLDR: Part 1 has several ways you can thin out your bloated inbox. Part 2 discusses why you might not be deleting your emails.
- Get rid of those old email accounts (2017) – TLDR: Wherein I exhort you to get rid of your old email accounts. Full disclosure 2020: I still have my Gmail account that I created in 2005.
- What to do with all those old emails (2017) – TLDR: I discuss ways you can keep the data but not the email accounts. Three years and umpteen-thousand emails later, those old emails aren’t going away by themselves.
- How to spot fake emails (2017) – TLDR: I dissect a fake email that almost fooled me. Fast forward to now – fake emails are still around and trickier than ever, but the basic spotting concepts still apply.
Given the number of accounts included in this recent action, it’s highly likely you were one of the 44 million people with a Microsoft account that were recently subject to a forced password reset. Sadly, the number of accounts affected is no longer considered unusual – it doesn’t even crack the top ten in terms of size according to website Have I Been Pwned – but what is interesting is how Microsoft determined which accounts needed to have their passwords reset. In this particular case, the 44 million affected weren’t exposed in a new security breach, but were using passwords that were known to be compromised.
Is Microsoft psychic?
Though it may seem like magic, Microsoft’s prescience actually comes from utilizing really large databases. In this case, their own massive internal database of passwords was matched against over three billion known compromised passwords and 44 million Microsoft users were identified as currently using a password found on that list. Microsoft’s proactive action undoubtedly saved a lot of people and businesses quite a bit of time and money, but given how frequently breaches are exposing millions of passwords with each passing week, how practical is it for anyone to run this sort of back-end search, if one even had the technology to do so? Fortunately for you, there are password managers that will check your passwords in a similar manner to the method utilized by Microsoft above. You shouldn’t need another good reason to use a password manager – not a day goes by where I don’t commiserate with a client on their password woes, but the fact that both LastPass.com and 1Password.com will proactively check your passwords against known compromised databases should a really dang good reason to start using one of them now.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Since Android OS version 6, the widely used smart phone platform has been vulnerable to an exploit of a feature that Google touts as a competitive advantage over its chief competition – multitasking. Without getting down into the technical weeds, the vulnerability takes advantage the operating system’s inherent ability to do multiple things at once, allowing malicious apps to impersonate a legitimate, trusted app on your phone while asking for permissions that it will then use to invade your privacy and steal data.
Surely Google Play’s security scans will stop this?
Despite being documented as far back as 2015, Google has continued to downplay the security loophole even though up to the time of the article’s publication, 36 different apps were available on the Play Store that were identified as exploiting the weakness, dubbed StrandHogg, and apps exploiting this “overlay” technique have been showing up in the store since 2017. Unfortunately, despite Google’s efforts, many malicious apps still manage to make it through their security screening, including highly popular apps such as the infamous “CamScanner” app that had been compromised and turned into hidden malware conduit.
Unfortunately, there’s only so much heavy lifting you can do on your own. In the case of the CamScanner incident, even the developers allegedly did not know their app had been compromised and injected with the malicious dropper library that went on to infect its users. If you were being diligent on updating your apps to repair bugs and patch security holes, you walked right into a trap you couldn’t possibly have avoided. That being said, there are things you can watch out for:
- Apps that suddenly ask for permissions it should already have.
- Apps that ask for login credentials it should already have.
- Apps that ask for permissions that don’t make sense, ie. a Calculator app asking for permission to access your camera or microphone.
- Permission or login popups that look strange or don’t match the app it supposedly comes from.
- Spelling, grammar and punctuation errors.
- Email warnings from services detailing unusual activity or unexpected logins.
If you notice anything of these things, immediately stop and assess the situation. If you are uncertain how to check your phone for malicious apps or compromised security, definitely do not grant new permissions or enter confidential information into any prompts until you can verify your devices integrity.