Category: Security

E-mail authenticity

Was that e-mail really from you?
I got asked this question by a client recently.  And it makes me think about trust in e-mails. We all have the right to question whether e-mails are authentic. I seek the same answers. I take the security of my e-mails and client contact information very seriously.
I guess I could start by saying that my business e-mail account has never been hacked.  With that said, this fact would not stop a bad actor from an account pretending to be me.  With the right e-mail program you can make the “From” address anything you want.  However, they would need my address book.  I send all of my group e-mail out as BCC (which means that you don’t see all of the recipients).  That address book is stored in the cloud in an account protected by two factor authentication (something you should have enabled on your iCloud, Google, and Microsoft accounts used with e-mail / contacts).  Further enhancing security, my second factor is not my phone number, meaning I authenticate by something more secure than a text message.  My contacts are locally stored on 3 devices – a laptop, a smartphone, and a tablet.  All three of those are locked with encryption.  Considering all of this, it would be pretty hard for a bad actor to send an e-mail to all of my clients.   I should also add that I almost always use one of three salutations in my e-mail updates:   Dear Clients and Computer Students (for all clients), Dear Mac Family, and Dear Windows Clients, depending on the group I am addressing.  Great question!  Thanks for asking.
Advertisements

Technology Update 8/8/18

Trusting in Technology
Have we given too much control of our lives over to companies like Google (You Tube), Apple, Facebook (Instagram), and Twitter? In my mind I try to rationalize the idea that Microsoft is a half-step better.  However, they own a major information distribution platform in Linked In.  Microsoft certainly has the power to shape how job seekers and those engaged in professional networking see the world.  We couldn’t have a conversation about the techno powers of the universe without talking about payment processors.  The most well known, PayPal, comes to mind.  Some I know and respect had a business relationship with PayPal dating back at least 5 years.  Revenues were approximately $500K per year.  Recently PayPal told him, we don’t agree with your values, so you can’t accept payments with PayPal anymore.  Is this where we are headed?  Will we let protests by internet mobs, with no due process, no right to confront accusations literally shut down the ability of individuals to earn a living?  However, I think what we have to remember is that the six companies mentioned above are private businesses.  They are not an open, democratized soap box like the public square.  They do have the right to de-prioritize or even ban accounts.  My point is, they should just say we are a private business and we say what goes.  Don’t claim to be something you are not.    Additionally, individuals and organizations should not base their business model off of someone else’s sandbox.  Having a website that you control is crucial.  Roadblocks will give rise to innovation and new platforms.
Still waiting for “consumer” Mac laptops…

Beware Browser Hijacks

Most of you use the Google Chrome browser.  It is my browser of choice as well.  However, this message is still applicable if you use Firefox, Safari, or even Microsoft Edge.

The security threat I see most often these days is the browser hijack.  This does not mean your whole computer had been taken over by malware.  However, your browser has been corrupted.  Your homepage may be unfamiliar to you.  Google searches are being rerouted to a strange search engine.  Its even possible that all of your browser traffic is being intercepted.  Scary stuff!

You can tell if you are being hijacked by searching in the search box of your browser or going to Google.com.  Search for whatever you’d like, “new restaurants Philadelphia” for example.  The results page should CLEARLY come up on a Google page (or possibly Bing if you use the Edge browser).  It should be obvious – clear as day.

If you do not see Google search results, you have a problem.  It’s likely that you have mistakenly installed a bad extension in your browser.   Most often, this is not a crisis requiring the operating system to be reinstalled.

However, your browser history needs to be cleared, the offending extensions need to be removed, and the browser needs to be reset.
Don’t lose hope!

Weekly Technology Update

A. Privacy:  GDPR and Oath.   You may have received a bunch of notices recently detailing the updated privacy policies of various services that you use.  The European Union’s new privacy laws take effect on May 25th.  These regulations are known as GDPR.   They are taking customers’ data a lot more seriously than we are on this side of the pond.  International companies such as Facebook and Google are adhering to these standards even for their American customers.  It’s a solid business practice.  Did you know that you can download all of your Facebook (or Google) data in a single file?  Did you know that you can control how Facebook advertises to you?   GDPR = Good.   To find out more http://money.cnn.com/2018/05/21/technology/gdpr-explained-europe-privacy/index.html

Additionally, some of you who have a Yahoo or AOL account may have received notices about policies from an organization known as Oath.  (My joke is — “zero authorization to violate your privacy,” but I’ll get back on topic.).  Oath is a division of Verizon that oversees both Yahoo and AOL.   Yahoo users may have even been asked to accept the new terms.  You really don’t have a choice if you want to keep using the account.   As a quick primer for those new to the VIP Computer Care family — my favorite free e-mail accounts are Google and Outlook.com.   Customers may choose a paid e-mail account if they want to get actual customer support.  My favorite choices  here are Fastmail ($20 per year), G (G Suite a paid Google account, $5 per month), or Office 365 (a paid e-mail account from Microsoft, $5 per month).

B.  Windows:   I’m still compiling reports of horror stories from users that had bad experiences with the latest version of Windows 10 (version 1803), released on April 30th.  Whenever possible, I have set your Windows computers to a 120 day delay schedule.   Unfortunately, I had to help a customer last weekend who couldn’t delay Windows version upgrades.  He purchased a consumer grade Windows desktop.  I offered the next best thing.  I managed the upgrade for him.  It took 2 hours, which is about what I expected.  With fingers crossed, there were no hiccups.  I am not recommending that I do this proactively for others, at this time, if you have already been set up for a delay.  Ultimately, Microsoft will iron out the wrinkles.  After all, hundreds of millions of business customers rely on Windows.   Version 1803 should be ready for prime time in a few months.  In August, lets talk about upgrading your computer. 

C.  Mac:  Apple’s big annual event, the WWDC, is happening on June 4th.  While it’s not specifically a new hardware event, Apple has been known to release new Macs at this event.   We can only hope that they offer a mea culpa on the Mac Book Pro and their awful keyboards.  At the very least, they could update the Mac Book Air with 2018 innards.  (The 2017 Air, while still my #1 choice at this date and time, features 2015-era parts.)   Additionally, the Mac Mini needs a major refresh.  It has not been updated since October 2014.  Apple needs to keep a $500-600 Mac on the market to welcome new customers into the family. 

Facebook and Google Privacy

If you are a Facebook user, I would encourage you to tweak your privacy settings or get some help doing so.  From the computer, when you are on Facebook.com you need to click the triangle in the upper right corner of the Facebook page.  From there click on Settings.  Then click privacy.  Those settings can be tweaked to your liking. I  think the most important one is the setting all the way down at the bottom.   Do you want search engines outside of Facebook to link to your profile?  That should be set to “No.”   After you have adjusted those options, you will also want to look at Apps and Websites from the Settings page.   There you will see all of the websites and apps that you have given access to using your Facebook account.  Some of these may be valid, but there may be some that you want to revoke.   In the Security and Login section you can turn on two factor authentication for your Facebook account.   I highly recommend it if your Facebook account is important to you and you want to prevent unauthorized access.   Finally, you need to go to your Facebook profile page by clicking on your name at the top of the screen.  You should go through each entry in the About section and decide whether info like your birthday, employers, Likes, and so on are shared with Only Me, Friends, Friends of Friends, or the whole world.   It’s time for a tune up!   You may need to put the same effort into your Google account as well. 

Technology Update for March 20th

Today’s themes are security and privacy. I hope these tips can make a difference for you.

1. Make sure you have a real billing passcode with your cellular provider

For years cellular providers have used the last 4 digits of your Social Security number as your billing passcode.  However, they also allow you to set your own passcode (some sequence of 4 to 8 numbers).  PLEASE set up your own passcode with them if you haven’t already. Do you know who is at the other end of the line when you give the last 4 of your SS# time after time? Of course not.  They might be a rogue employee or an overseas contractor looking to do you harm.  I recently heard two first hand accounts of customers (who happened to be with T-Mobile) who had their cell phone numbers transferred (aka “ported”) to another service without their authorization.  With access to their phone number, the criminal was then able to access their bank account via a code that was text messaged to them on the “new” phone.  You can only imagine the transactions that followed.  This was possible because the bad actor knew the billing passcode on the cellular account with the original provider.  It was the last 4 digits of the Social Security number.  I have been told that you can also set up your own billing passcode with other companies like Comcast.   Stop using the last 4 of your SS#.  Act now.

2. Facebook data collection nightmare

The free service they have provided you for over a decade is not free. Chances are, your data has been mined repeatedly since you signed up for the most used social network.  By no means am I calling for a mass exodus from Facebook.  I have clients who post no content of their own, but use it to stay in touch with family, their community, and organizations they support.  There are practical and very positive uses for Facebook.  However, you’ve likely seen the news over the past few days.  Facebook claims to have been exploited by a data analytics firm that relied heavily on its site for their business model.  Frankly, the practice has been going on for years (with many partners) and Facebook has been a willing provider when it suited their interests.  Think of all of the games, apps, and surveys you have logged into with your Facebook account.  Parts of or all of your entire Facebook profile have been shared with those 3rd parties.   It is time for you to tighten the belt on your Facebook profile and privacy.

3. Net Neutrality:  Bye Bye

Are you worried about the FCC doing away with Net Neutrality protections?  The end is near.  Your internet service provider may not be able to know what you do on secure (https) websites but they will be able to sell the data of which websites you go to and use this info for their own marketing purposes.   If they take their newfound latitude to an extreme, they could even create tiers of internet service based on usage.  Ok, so you want to use You Tube and Netflix?  We will charge you more!  You can block your provider from seeing your traffic, period.  Use a VPN – a virtual private network.  A VPN is a service (think of it at as a small program) that runs in conjunction with your internet service.  It is easy to turn on and off or just leave on automatically.  There are only two VPN’s that I can recommend faithfully.  They are Private Internet Access and Tunnel Bear.  These services work on Windows, Mac, iOS, and Android.  They cost approximately $4 to $5 a month.  Put the brakes on further exploitation of your data.

Best Windows Anti Virus

My Windows clients are divided.  Some of them use a paid, 3rd party anti-virus.  The others use Windows Defender which is the built in solution provided for free with Windows 10.

It’s my aim today to end the division.  I think for most of my clients, typically age 55+ consumers, small biz, and small non-profit users, the Windows’ own Defender is more than adequate.  There I said it.  I think that a lot of you do not need to pay to renew your anti virus whether it be ESET, Avira, etc. the next time it expires.  The best security strategy is good defensive computing.  Your anti virus solution is just a tool, not the tool in your overall security plan.

However, I will offer a caveat.  Paid solutions like ESET are a good choice if you like having the comfort of a US based phone number to call when you have security concerns.  They have been very respectful to my customers over the years.  The only other anti virus that I think may be worth paying for is PC Matic.  Some of you may have seen their TV commercials.  Unlike nearly every other solution on the planet, PC Matic is an American company.  That may mean something to some users.  This company also uses a unique approach to block harmful websites. They also offer prompt support.

For most Windows users, the built in Windows Defender will be just fine.  Only pay for anti virus if that provider offers something you really want.