Tuesday, December 1, 2015

If You Get Viruses, Fire Your Technician - Or Yourself

There's a simple formula for avoiding viruses on your computers. I am extremely frustrated when I go to professional conferences hear people talking about Cryptolocker and other viruses.

There is no excuse for letting your computer get viruses today. Really. Zero.

Twenty years ago a client asked me if computer consultants created viruses so they could stay employed. I said no, we don't have to because the bad guys are creating enough. That's still true.

BUT I have met a lot of consultants recently who do not do the best job they can of patching systems . . . because they want your computer to break. In my opinion, these are amateurs at best and incompetent technicians at worst.


How We Get Viruses Today


Virtually every virus today requires YOU to install it. Something pops up on your screen and you click YES. When that happens, you are to blame and you should pay for the cleanup.

Virus manufacturers try to trick you into clicking in many ways. The most common are

1) A fake virus scanner pops up and says your system is infected. You click to "clean" your machine, but you're really installing a virus.

2) Fake web sites look like the real thing, so you start clicking on stuff. Again, at some point a program wants permission to install something and you say yes.

3) You receive emails with fake lures. For example, your bank needs you to read a notice or says your deposit did not go through. You panic and click. And infect.

4) You receive an email with an attachment, often with a fake extension. You open it and infect your machine.


Five Simple Steps to Zero Viruses


It is extremely easy to stop getting viruses ever again. But you have to do all five. If you do less than five, then you will get viruses. Note: You computer consultant should recommend these steps to you and pressure you to do them. This is worth paying for because it's cheaper than cleaning up one nasty virus.

Step One: Have a good, current anti-virus program. In addition, know what it is! Open it. Look around. See how the quarantine looks. Be comfortable with it. That way, when something pops up and says you have an infection, you will know that it's NOT your anti-virus program and you can close it without clicking.

Step Two: You need a good patch management system. This will cost a little money every month, but it guarantees that your operating system and all your software is up to day. There's a big buzz every week about Microsoft updates. Of course you ignore it because it's not your job. But those updates (as well as updates from Adobe, QuickBooks, Sage, and others) are critical to the health of your computers.

Very often, these updates do not install automatically (even when set to) and sometimes fail to install for weeks or months. That's why you need a managed system. Your computer consultant should be making sure all these patches are applied. On rare occasions, a patch should NOT be applied because it causes problems. Your computer consultant should manage that as well.

Step Three: No one in your company should have "administrative rights" on your computers. As soon as you take away admin rights, programs cannot be installed. Viruses are programs. They need admin rights to install and infect your computer. Once you take this away, 99% of all viruses are stopped dead in their tracks.

WHINE: I always hear the argument that it's a pain in the neck to contact the computer guy every time we need to install something. A) No it's not. B) Here's another thing you can do.

Have your computer consultant create a special Administrative account on your computer. Call it something like AdminX with a password that's easy to remember. This doesn't have to be a super secure password if you have a properly set up and secured network. Now, when a program asks for Administrative credentials in order to install a program, you can put in the AdminX username and password. Ideally, that will slow you down, make you think, and NOT install viruses.

If you do install a virus, you'll know instantly that you did it yourself and you can give up the lame excuse that you browsed to a web site and magically got a virus.

Step Four: You need a good firewall with an anti-virus module installed. That means you can't use a crappy $39 router any more. You need a real firewall with a real anti-virus module - and a subscription to keep that up to date. Yes it costs money. But it costs less than fixing one nasty virus.

Step Five: You need good habits. As you read above, YOU are the cause of all viruses. So change that, educate your people. And stop clicking on everything on the Internet!!! Here are a few rules. Follow these and you life will be good:

1) If you have any doubt whatsoever, do not click. For example, if your bank has a message for you, close the email and log on to your bank site. Since you initiated the connection, you'll know you are at the real bank site. If there's a message, it will be there.

2) Do not open email from someone you don't know. Just delete it. Really. The world will keep spinning.

3) Do not open any email attachments unless you asked that person to send you that file. Even if it looks like it came from your mother or best friend. Send them an email and ask them if they sent you something. If they say no, delete it.

4) Have your computer consultant enable "view extensions" on your computer. That way, you can look for files with two extensions and you can delete them without opening. These files have names like: FILE.DOC.EXE or FILE.PDF.JS.


In the 21st Century, I believe it is unscrupulous for computer consultants to let their clients get viruses and lose data. It costs the client a lot of money and is completely avoidable.

At the same time, business owners who are not willing to pay for a good firewall, good anti-virus software, and a patch management program are just asking for trouble. It costs money to run your business the right way. If you don't buy a managed service contract and you don't invest in basic security, then please don't complain when you have to pay money to clean up a virus or two. Or three.

:-)

Tuesday, September 29, 2015

DropBox is Not Your Friend

Let me start out by saying that DropBox CAN be the perfect solution for many small businesses - IF it's the solution to the right problem!

There's an old saying among people who work with their hands: Use the right tool for the right job.

When you use the wrong tool, either you injure yourself or you do a really crumby job. Either way, more than likely, it shows. Note also that you have to do the right job. That means even the best tool can be used the wrong way.

As we tip-toe into "cloud" services, a lot of companies are finding out that employees (or owners and managers) are grabbing whatever tool they can find to make their job easier. One of the most common examples of this is cloud-based storage. Time and time again, we see clients who are throwing important company data up on free accounts. Some people even brag about having 5 GB accounts on several different providers - all free!

Free is great when free is appropriate. 

Free means, in the end, you have ZERO guarantees that anyone is responsible for your stuff. Even if everything was lost by a freak accident and you were paid one million times what you paid for the service, you will still get ZERO. If you're not paying for it, assume it's not as secure as when you are. Assume it's not as private as it could be.

Just because a little lock shows up in your browser and the web connection is "encrypted" doesn't mean that you have any level of real security. Most free accounts (I would say ALL, but I don't actually have proof of that . . . But certainly every free account I've ever seen . . .) is NOT compliant with requirements such as HIPAA or PCI.

What does that mean? In a nutshell, it means that these free accounts aren't good enough for use with data that 1) Is important in any way, and 2) You don't want to lose. If your industry is regulated in any way, YOU are responsible for the security of you data and being compliant with regulations.

When you hire a professional technology consultant, they will make sure that your data is secure - in a way that protects you and has your best interest in mind. For example . . .

- It's good to say your data are encrypted. What does that mean? To be truly secure, you need to be in control of that encryption. That means some system you control needs to do the encrypting and decrypting. The service that stores your data should never be able to look inside your encrypted files. Your consultant can show you how this works with the systems they sell you.

- It means that you need a complete system designed for speed, security, and data recovery. All of that needs to be designed intentionally and documented thoroughly. In a disaster, where are your data? Which accounts and emails and passwords are used for everything? Who knows this stuff? Where is it documented?

Cloud services absolutely CAN be secure and keep you inside the law. But that doesn't happen by accident. You can't just put your important company data anywhere you want and assume someone is taking care of it.

The real irony is that good, secure, cloud-based systems are now VERY affordable. That means low-price, not free. But to save a few dollars every month, people choose to do whatever they think is "easy." We all know the free version of games are crippled in some way. We all know the free version of software has key features disabled. We all know that free means you're not getting the whole thing.

What's missing in your free cloud storage?

PLEASE talk to your technology consultant and make sure you have a data storage system that makes sense and was created specifically to meet your needs.

DropBox might be your friend. But only if it's part of an overall system designed to meet your needs and fulfill the requirements of your business.

:-)

Sunday, June 7, 2015

Windows 10 Strategic Deployment Advice

Memo to Businesses about Windows 10:

On June 1st, Microsoft announced that Windows 10 will be released July 29th. Whether you like it not, this affects you. Here are a few points to consider regarding deployment of this operating system.

Executive Summary:

1) After July 29th, Windows 10 will be the only version of Windows available.

2) Machines with Windows 7 or 8 can upgrade for free to Windows 10 for the next year.

3) I recommend that you work with you IT Consultant to schedule an upgrade to Windows 10 on any W8 machines. It’s a much more usable interface and will give you an idea of what the upgrade process will be like for other machines. Labor for this is probably billable.

4) I recommend that you keep Windows 7 machines as is until you decide on a good time to switch over. You do not ever “have to” make the switch. But there's no cost for the software for the next year.


Some Details:

Unlike most Windows updates from the past, this one is quite significant. It means that very shortly Windows 10 will be the only version of Windows available.

Here’s why: Microsoft has always allowed people to legally use the current version of Windows purchased, or the previous version. That’s why Windows XP was allowed to stay around so long. Some folks didn’t like Windows Vista, so they bought machines with XP.

Well, the current version is Windows 8.x, even though no one likes it.

When Windows 10 is released, the “previous” version will be Windows 8. Manufacturers will be allowed to ship machines with Windows 10 or Windows 8. Since they are all currently shipping Windows 8 “downgraded” to Windows 7, you know they’re not going to ship Windows 8.

Therefore, the only real option after July 29th will be Windows 10.

ALL versions of Windows 7 and Windows 8 will be eligible for FREE updates to Windows 10.

Note: If you have Home versions of Windows 7 or 8, they will be upgraded as part of the regular Windows Updates. When this happens, you will lose Windows Media Center, all desktop gadgets, and certain Microsoft games.


Work with your IT Consultant or Managed Service Provider

It's always best to work with your Managed Service Provider (MSP) to coordinate these upgrades. In this case, it's particularly important.

With an "unmanaged" computer, the Windows Updates are probably set to automatic. If that's true, then all Windows 7.1 and Windows 8.x machines will soon see a new icon in the lower right-hand corner.

If you click it, you'll install Windows 10. You can't undo this.

Managed computers go through an upgrade vetting process. That means that only approved patches and fixes are installed. So, your Managed Service Provider can stop the installation of the Windows 10 Upgrade App.

That gives you time to decide when and whether you want the upgrade.


Mixed Environments

If you have a few machines with Windows 8, that's probably good for you. You'll definitely want to upgrade those to Windows 10. Once that happens, you'll see how much better it is than W8. And you can decide whether you want to run a "mixed" environment of W7 and W10 of just upgrade all the W7 machines.

Our general advice is that you should plan to keep business class computers for three years and then get newer machines AND you should always get machines with the latest operating system. So, for most people, we advice that you leave the Windows 7 machines alone unless you have a need for some feature of Windows 10 that you don't get with Windows 7.

Once again, the good news is that your Managed Service Provider will help you figure out a reasonable schedule for upgrade to make sure that all of your hardware and software works properly with Windows 10. 

It's fine for Microsoft to release a new operating system and assume everyone should just get it. But you need to make good decisions about your business.

This is a great time to rely a professional IT consultant to make sure you have a smooth transition.

- - - - -
Microsoft has a nice FAQ on this upgrade process from their perspective:

:-)


Tuesday, March 24, 2015

It's Surprisingly Easy to Opt Out of Ad Tracking

One of the "truths" of modern life is that advertisers track everything you do on the Internet. But you can easily take back some control.

You've seen this tracking. If might even have freaked you out a bit. You might have searched for a product at the Staples or Office Depot web site. Then you hop on Facebook . . . and instantly see advertisements for the product you were browsing. Yikes! How do they do that?

Well . . . a number of advertisers have joined together to improve YOUR browsing experience and THEIR sales. When you visit a site, they put a "cookie" on your browser. Then when you go to the next site, it reads that cookie and accesses your browsing profile.


Don't Freak Out

To be honest, there are hundreds of millions of people browsing these sites at any given time. No one is trying to tie all this information together an get to know you personally. But they ARE trying collect a massive and growing amount of information about you as a unique web surfer. It might be a little scary if they actually connected up all that info and added your personal information.

But no one other than the NSA is really doing that.

So you need to be prudent, but don't get too worried.

Here's how to be prudent.

Visit the Digital Advertising Alliance's consumer choice page at http://www.aboutads.info/choices. There you'll find over a hundred companies who have put a premium on addressing your privacy rights with regard to advertising. As they say on that page,

"Some of the ads you receive on Web pages are customized based on predictions about your interests generated from your visits to different Web sites. This type of ad customization is sometimes called 'online behavioral' or 'interest-based' advertising. Such online advertising helps support the free content, products and services you get online. The DAA Principles apply to interest-based advertising and other applicable uses of Web viewing data collected from a particular computer or device over time and across unaffiliated Web sites."

When you click on the "Choice" icon, the browser will look at all the member advertisers who have cookies on your browser. Then you can check boxes and opt out of their advertising.

In addition, the site is a great educational source about advertising, privacy, and industry ethics. Take a look around!


The Bad News

Yeah! Enjoy your freedom. But just be aware that this is browser specific. Here's what that means.

- If you use more than one browser, you need to do this for each browser (Chrome, Internet Explorer, etc.)
- If you use more than one computer, you need to do this on each computer (and each browser)
- If you browse the Internet on a "device" such as an iPad, Kindle, cell phone, etc., you need to do this on each of those

In other words, it's nice to have the ability to opt out - but you might have a lot of work ahead of you.

Have fun!

:-)

Friday, January 2, 2015

NOW is a Great Time to Change Your Passwords!

Guess what time it is?

It's password time!

Whether you like it or not, you need to change passwords - a lot.

In the last year there have been thousands of stories about passwords being stolen and accounts being compromised. That's not an exaggeration.

Here's an easy two-step process to improving your security this year:

1) Get a password vault.
That's a kind of software that allows you to store your passwords in an encrypted file. Keeping them in Word or Excel is NOT good enough - especially if you store them on your laptop.

I use a product called TK8Safe (www.tk8safe.com). It's 256-bit encrypten, which is good. And it's cheap. Like $20.

There are online password vaults, but there are several things I don't like about that. First, if the bad buys get your file, then can download it and proceed to work on it until they break in. No matter how secure it is, it will eventually be cracked.

Second, if you have problems getting to the Internet, you can't access your password vault. So if you choose a cloud-based system, make sure there's a local version as well.

Anyway, search for "Password Vault" - or ask your technology consultant what they prefer - and use it!

2) Change Your Passwords on a Schedule.
There are some passwords you should change a lot and others you only need to change from time to time.

The beginning of the year is a great time to change passwords. Just make it part of your day for the next few days.

Every time you're asked for a password in the next week, finish logging in, then change your password. As you go through your normal day, this virtually guarantees that you'll be changing the most important passwords you use every day.

After that, you should change some passwords every month or so. Super-unimportant passwords you might only change once per month. Note: If any account is connected to your bank or your credit cards, that password should be changed every month.


Three Levels of Passwords

I recommend (and use) three levels of passwords: Low, High, and Critical.

At the low level of security are things like Pandora, online stupid games, and sights that give me free things. And I reuse passwords a lot at this level. Think about it: If someone guessed my Pandora password, the worst thing that could happen is that I have to listen to music I don't like. That's it. Period. End of crisis.

Beware: Anything that touches your money or personal information should NOT be on the "Low Level" list.

In my opinion, you can change these passwords once per year. At the low level, it is perfectly acceptable to use the same 1-5 passwords over and over again. Each should still be a decent password (8-12 characters), but it doesn't have to be a 28-character phrase with every possible variable.

These sites either never ask for money, or they require that you put in your payment information each time. So if someone breaks in, they can spend their money but not yours.

At the high level of security are those things that do cost money and can cost you a lot more if someone breaks in. This includes your Amazon account with the stored credit card. And your favorite store account where your account credit is on the line. At the high level, you can still reuse a few passwords, but they should very good passwords, and you should change them monthly.

Here's one approach: When a bank asks you to change your password, that's a good time to change your password on your other bank accounts, your QuickBooks account, etc. That way you can keep your passwords in synch and still change them regularly.

A high-level password should be long and complicated. In a perfect world, it will be random characters - like this: 2Zb)Em!7mT#9V3b

Most password vaults include random password generators, like this:

You can also come up with screwy fake sentences, like: Y0uW1llL0v3Thi5!

But remember that bad guy computers know you're doing this, so they are programmed to crack passwords like that. Having said that, really long passwords are less likely to be broken, no matter what they look like.

At the critical level are services that can really cost you a lot of money. For example, I put the payroll service in this category. I use a password there that is not used anywhere else. And it's a great, long, random password. And it changes every 30 days.

The reason is simple: A hacked payroll could wipe out my operations bank account and get me in trouble with both the state and federal government all at once. You only have a few critical passwords. The main thing you need to do is to change them on a regular basis.


I think the three tiers make sense. We all know that Netflix is not as important as your stock portfolio account. But the bad guys are getting better and faster. So you need to take this seriously.

If all of this is just confusing, talk to you I.T. consultant! Schedule a time to get trained on modern best practices.

And have a safe year!

:-)