Blog

Windows 10 Tip: Five ways to personalize notifications on your PC

Did you know you can easily personalize what notifications you get on your Windows 10 PC and how they show up, so you can focus on the ones most important to you?

To get started, head to Settings > System > Notifications & actions‌.

First, send notifications, reminders and alarms directly to the action center by right-clicking action center in your taskbar, then selecting Turn on quiet hours.

Stop notifications from showing during a presentation by turning on Hide notifications when I’m duplicating my screen. Or, keep them from showing on your lock screen when you’re not logged in by turning off Show notifications on the lock screen.

If you’re tired of seeing notifications from a particular app, turn them off next to the app under Get notifications from these senders – or, click on the app for more options.

You also always have the option to stop getting notifications on your PC by turning off Get notifications from apps and other senders.

Pidgeon, Elana. “Windows 10 Tip: Five ways to personalize notifications on your PC” Windows Blogs August 2017

Posted in: MS Office Tips and Tricks, Tech Tips for Business Owners

Leave a Comment (0) →

5 Easy Ways to Find Your Phone

What would you rather give up than your phone? According to surveys over the last few years, many have said they’d rather give up sex (30%), chocolate/alcohol (80%) or even their car (%30) than do without their phone. So when our phones are lost or misplaced, we panic. Fortunately, there are many easy ways to track a phone, whether it’s hiding in the couch cushions with the ringer off, left behind at a restaurant or even stolen and turned off. Here are 5 ways to find your phone when it goes missing.


The first four ways of locating your phone require that your phone have location capabilities turned on BEFORE you lose your phone. For Android phones, you’ll find this under Settings > Security & Location > Location (for some phones, you’ll just see Location). For iPhones, go to Settings > [Your Name] > iCloud then select Find My iPhone and then turn on Find My iPhone and Send Last Location. You may be prompted to enter your Apple ID and password.

1. Google it (Android)

If you have an Android phone, you can find your device by Googling “find my device” on any device with a browser and internet access. Depending on the browser you use and whether you’re logged into your Google account, you may be taken directly to Find My Device – Google or you’ll need to select “Find My Device – Google” from the search results. Either way, you’ll then log into your Google account or re-confirm your password. Once you’re logged in, you’ll be presented with a screen that shows your phone’s location and the option to “Play Sound,” “Lock” or “Erase.” If you select “Play Sound,” your phone will ring for up to 5 minutes, even if the ringer is off. If your phone is off,  you will see its last known location.

If you have multiple Android devices, you can also download the Find My Device app (free for Android) to view all of the device associated with your account.


2. Use Find My Phone (iPhone)

If you have an iPhone, you can use Find My Phone, an app that comes preloaded on iPhones and iPads and is available on iCloud.com. As noted above, you’ll need to turn on Find My Phone before you’ll be able to use Find My Phone (go to Settings > [Your Name] > iCloud then select Find My iPhone and then turn on Find My iPhone and Send Last Location). Then you’ll be able to see your phone’s location by logging into iCloud.com and selecting the Find My Phone app. You’ll also be able to see other devices associated with your account and, if you’ve set up Family Sharing, you’ll also be able to see their devices’ locations, unless they’ve decided to keep their location private.


3. Use a phone tracking app

Tracking and recovery apps like Prey Anti Theft (free for iOS and Android) provide one place to track all of the mobile devices in your home, whether they run on iOS or Android (It covers Macs and PCs as well). Once you’ve installed the app on a device and created a Prey account, you’re ready to start locating.

Depending on your issue—loss or theft –you can set your device to respond in different ways when you notify Prey the phone is missing. First, the phone determines its location and sends it back with a time stamp and pictures taken with the phone’s front and back cameras. Then you can have the phone sound an alarm, receive a text message that states the phone is lost or stolen or operate in stealth mode. You can also set up Control Zones, areas in your city that you’ll be notified if the phone enters or leaves.

The free version covers 3 devices and one Control Zone and will store the last 20 location reports (you can get as many as you want, but the older ones are deleted as new ones come in). You can upgrade to a Personal account for $5 per month for 3 devices and 3 Controls Zones, saves 100 location reports per device and generates reports more quickly when you report a device missing. A Home account will cover 10 devices, comes with unlimited Control Zones and costs $15 per month.


4. Use your smartwatch

One feature on my Apple Watch that I use at least once a day is Ping iPhone. I just swipe up on the watch face and select the ringing phone icon. Tapping will ping the phone once. If you have an Android Wear watch and an Android phone, you can say “Ok Google, find my phone.” Then you scroll up and tap Start and then select Find my phone. It will start ringing, even if the ringer is off.

Your smartwatch must be paired with your phone, Bluetooth must be turned on and the two devices must be in range.


5. Use a device tracker

While you’ll likely use your phone to find your keys and other items clipped to the Tile Pro, you can also use this tracker to ping your phone. You simply double press the Tile icon in the center and your phone will start to ring, even if the ringer is turned off. The Tile Pro has a range of up to 200 feet. You can pick up one Tile Pro for $34.99 or two for $59.99 on Amazon.

Kantra, Suzanne. “5 Easy Ways to Find Your Phone” Techlicious September 27, 2017

Posted in: Mobile Computing

Leave a Comment (0) →

Ransomware Can Destroy Backups in Four Ways

I just found a very interesting blog post by Jerome Wendt, President & Lead Analyst of DCIG, Inc., an independent storage analyst and consulting firm.

He started out with “The prevailing wisdom is that if you back up your data you can recover from a ransomware attack. While this premise generally holds true, simply backing up your data no longer provides an absolute guarantee that you can recover from a ransomware attack. Here are three techniques that ransomware may use to circumvent existing backups and make your “good” backups bad.” I have added number 4 at the end as a bonus.

And then he described three bad guy tactics to ruin your backups:

  • Finding and encrypting backups on network file shares. Many backup products backup data to file shares accessible over corporate networks. Further, many organizations use the default directory name created by these backup products to store these backups. The default names of these directories are readily accessible in the documentation published by backup providers. Some creators of ransomware have figured this out. As part of their malware that find and encrypt data on production servers, they also probe corporate networks for these default backup directories and encrypt the backups in these directories. In so doing, they increase the possibility that companies cannot recover from backups.
  • Hacking the backup software’s APIs. A number of enterprise backup software products offer their own application programming interface (API). Using these APIs, organizations can write to them to centralize backup and recovery under their broader data center management platform. However, ransomware creators can also access these published APIs for nefarious purposes and used them to corrupt and/or encrypt existing backup.
  • Plant a ransomware “time bomb.” To date, when ransomware encrypts a company’s data, the encryption generally occurs as soon as or shortly after it gets onto the corporate network. However, ransomware continues to evolve and mature and, as it does so, it grows both more patient and more insidious. Rather than encrypting data as soon as it breaches the corporate firewall, it begins to infect the data but does not immediate encrypt it. Then, only after days, weeks, or months go by and this infected data has been backed up for months does it initiate the encryption of the corporate data. In many respects, this is the worst type of ransomware attack. Not only is all of a company’s production data encrypted, the company thinks it has “good” backups and when it goes to restore the data, the restored data encrypts as well because it was infected when it was backed up. This may make it almost impossible for an organization to determine when it was initially infected and which of their backed up data they can reliably and confidently restore.
  • Delete your Shadow copies. You know about this one, several major strains have been doing this for a few years now, and are constantly improving this part of their malicious code.

Wendt concluded: “Ransomware arguably represents one of the most insidious and dangerous threats that organizations currently face to the health of their data. The inability to access and recover from a ransomware attack may put the very survival of a company at risk.

“To counter this risk, many look to backup software as their primary means to recover from these attacks. But as ransomware takes aim at backup software, organizations need to take a fresh look at their backup software to make sure that it has the right set of features to counter these newest forms of ransomware attacks to ensure they have a verifiable path to recovery.”

Excellent advice!

Sjouwerman.Stu. “Ransomware Can Destroy Backups in Four Ways” KnowBe4 CyberheistNews Vol7 #37 Sept 2017

Posted in: Security

Leave a Comment (0) →

Microsoft Excel: Why your spreadsheet is so slow

How to deal with “Out of Memory,” “Not Enough System Resources,” and more.

When your Microsoft Excel spreadsheet slows to a crawl, you can’t help but notice. It may take longer to open and save your files, longer for Excel to calculate your formulas, and longer for the screen to refresh after entering data, or sorting and formatting the cells.  System memory is the other issue that relates to Excel’s slowness.

Slow spreadsheets take longer to manage and, as always, time is money. We’ll show you how to tackle this problem.

When Excel spreadsheets get too big

Excel is capable of creating a very big spreadsheet, but the bigger it gets, the more memory is needed to keep it open on your PC.

In the current version of Excel, each spreadsheet has 1,048,576 rows and 16,384 columns (A1 through XFD1048576). Each cell can hold a maximum of 32,767 characters. I would not advise pushing these limits.

The number of records (rows), fields (columns), and formulas can slow down performance considerably. Every time you add new records, then press the Enter key—or use features such as Sort, Format cells, or Insert/Delete Columns or Rows—Excel recalculates all those formulas. This can cause a lag time of several seconds or more between each process. Using a lot of graphical elements can also hinder performance.

One solution, and one that I highly recommend, is to keep your spreadsheets small and tight, with fewer fields and, if necessary, fewer records. You can accomplish this by creating multiple spreadsheets in a single workbook, with links or three-dimensional formulas. You could also create Relational Database spreadsheets that connect your tables with unique, key fields.

Turn on Manual Calculation and use F9

Another solution is to turn off the Automatic Workbook Calculation option, instead using the Function key F9. When Manual Calculation is selected in the Calculation Options, Excel withholds calculating your formulas until you press F9.

1. Select File > Options > Formulas.

2. In the first section: Calculation Options under Workbook Calculation, click the Manual button.

3. Check the Recalculate Workbook Before Saving box if you want to ensure that the spreadsheet calculation is always current. Or uncheck this box if you plan to calculate the spreadsheet manually using the F9 key before exiting.

4. When finished, click OK.

Excel memory limits

Users constantly ask me: Why does my spreadsheet say “Excel cannot complete this task with available resources. Choose less data or close other applications?” Similar errors include “Not enough System Resources to Display Completely,” or “There isn’t enough memory to complete this action. Try using less data or closing other applications,” or just “Out of Memory.”

Although memory does not affect Excel’s calculation or manipulation speed, the size of your database (number of columns and rows used) is affected by the amount of available RAM in your system. Remember, just because your computer has 8GB of RAM, that doesn’t mean you have that much available to work with.

Excel has its own memory manager and memory limits. The 32-bit version has a limit of 2GB of virtual memory, while the 64-bit version offers up to 8TB of virtual memory. Contrary to some rumors, those numbers include the software itself, plus any add-in programs you have installed.

And that’s just in Excel. Other demands on your system’s memory include the OS, all the other applications that are currently open on your computer, plus a dozen other hidden processes such as DLLs, drivers, and a long list of .exe (executables) that are running in resident memory and/or in the background. Graphics, charts, formulas, and features such as the spell checker, sorting, and printing also consume memory.

For the many users still working with the 32-bit version of Excel, if your spreadsheets are less than 2GB and you’re still receiving memory error messages, try closing all other programs that are running (including the Internet and your email program) to gain additional working memory.

When it’s time to move from 32-bit to 64-bit Excel

If the performance and memory tips above both fail to increase your system’s performance or reduce the number of memory errors, then maybe it’s time to switch to the 64-bit version of Excel. This version does not limit your file sizes, but instead enforces limits only by available memory and system resources. This means if your system has 8GB of memory, Excel can access all of that minus whatever the system uses.

If you’re considering a change from Excel 32-bit to Excel 64-bit, here’s what to keep in mind:

1. Check out the Large Address Aware update. Microsoft rolled out this patch in June 2016, for 2013 and 2016 Excel versions. This update alters the 2GB limit on address space to 4GB when installed for the 32-bit version of Excel in the 64-bit version of Windows. For 32-bit Excel running in 32-bit Windows, the 2GB address space limit is increased to 3GB.

2. Other files are affected when you install this update: For example, for 32-bit Excel with 32-bit Windows, you must make a change in your boot file. Be sure to read Microsoft’s documentation on the Large Address Aware update before you install anything or make any changes.

3. 64-bit Office only works with 64-bit Windows. You cannot run the 32-bit and 64-bit versions of Office on the same computer. If you attempt this, Microsoft displays an error message.

4. If you want to upgrade from your 32-bit version to the 64-bit version, you must uninstall and then re-install Office. The reverse is also true.

32-bit vs. 64-bit Excel: Features you’ll lose

Despite the performance beneifts of 64-bit Office, Microsoft actually recommends the 32-bit version of Office for most users, because of its greater compatibility with other applications (particularly third-party add-ins). Also, some of Office’s application features are not supported in the 64-bit OS, such as:

1. The legacy versions of Equation Editor and Equation Builder are not supported

2. The Word Add-in libraries are also not supported (many dozens available online for free or for a minimal cost).

3. Some ActiveX controls and some VBA codes are not compatible.

4. Some database files in Microsoft Access have source code issues.

5. Outlook MAPI applications must be recreated, and

6. The Graphics Device Interface (GDI) rendering may have performance issues due to incompatibilities between the 32-bit and 64-bit devices.

Sartain.JD. “Microsoft Excel: Why your spreadsheet is so slow” PCWorld September 2017

Posted in: MS Office Tips and Tricks, Tech Tips for Business Owners

Leave a Comment (0) →

Hey, Turn Bluetooth Off When You’re Not Using It

You intuitively know why you should bolt your doors when you leave the house and add some sort of authentication for your smartphone. But there are lots of digital entrances that you leave open all the time, such as Wi-Fi and your cell connection. It’s a calculated risk, and the benefits generally make it worthwhile. That calculus changes with Bluetooth. Whenever you don’t absolutely need it, you should go ahead and turn it off.

Minimizing your Bluetooth usage minimizes your exposure to very real vulnerabilities. That includes an attack called BlueBorne, announced this week by the security firm Armis, which would allow any affected device with Bluetooth turned on to be attacked through a series of vulnerabilities. The flaws aren’t in the Bluetooth standard itself, but in its implementation in all sorts of software. Windows, Android, Linux, and iOS have been vulnerable to BlueBorne in the past. Millions could still be at risk.

So, yeah, turn off Bluetooth if you’re not using it or if you’re near anyone you don’t trust. There might be some inconvenience when you bring your laptop to your desk and want it to connect to a Bluetooth mouse and keyboard. You might end up flipping the switch fairly often to use Bluetooth headphones. But you likely don’t use Bluetooth most of the time. Even if you lean on it all day at work, you can ditch it at a birthday dinner or when you’re asleep. And if you use it 24/7 on your phone because of a peripheral like a smartwatch, you can at least turn it off on your other devices, especially any Bluetooth-enabled internet of things gear.

“For attackers it’s Candy Land,” says David Dufour, vice president of engineering and cybersecurity at the security firm Webroot. “You sit with a computer with a Bluteooth-enabled radio—just scanning for devices saying, ‘Hey, is anybody out there?’ Then you start prodding those devices to look for things like the operating system and the Bluetooth version. It’s a hop, skip, and a jump to start doing bad stuff.”

BlueBorne

As overall device security improves, researchers and attackers alike have turned to ancillary features and components to find ways in. In July, researchers announced a bug in a widely used Broadcom mobile Wi-Fi chip that put a billion devices at risk before it was patched. And in 2015, researchers found a critical flaw in Apple’s Airdrop file-sharing feature over Bluetooth.

And then there’s BlueBorne. Apple’s iOS hasn’t been affected by the flaws since the 2016 iOS 10 release, Microsoft patched the bugs in Windows in July, and Google is working on distributing a patch (though this can take significant time). But in addition to endangering core devices such as smartphones and PCs, BlueBorne has implications for the billions of Bluetooth-equipped internet of things devices in the world including smart TVs, speakers, and even smart lightbulbs. Many of these devices are built on Linux and don’t have a mechanism for distributing updates. Or even if they do, they rarely receive them in practice. Linux is working on but hasn’t yet issued a BlueBorne patch.

“We wanted get the research community on board with this, because it didn’t take us a long time to find these bugs, one thing kind of led to another and we found eight really severe vulnerabilities,” says Ben Seri, the head of research at Armis. “Our assumption is there are probably a lot more. We want to get eyes and ears on this type of thing because it’s largely gone neglected by the research community and by vendors over the past years.”

When Bluetooth is on in a device, it is constantly open to and waiting for potential connections. So a BlueBorne attack starts by going through the process Webroot’s Dufour describes—scanning for devices that have Bluetooth on and probing them for information such as device type and operating system to see if they have the relevant vulnerabilities. Once an attacker identifies vulnerable targets, the hack is quick (it can happen in about 10 seconds) and flexible. The impacted devices don’t need to connect to anything, and the attack can even work when the Bluetooth on the victim device is already paired to something else. BlueBorne bugs can allow attackers to take control of victim devices and access—even potentially steal—their data. The attack can also spread from device to device once in motion, if other vulnerable Bluetooth-enabled targets are nearby.

As with virtually all Bluetooth remote exploits, attackers would still need to be in range of the device (roughly 33 feet) to pull off a BlueBorne attack. But even with the extensive and productive BlueBorne patching that has already happened, there are still likely plenty of vulnerable devices in any populated area or building.

The Best Defense

The importance of Bluetooth defense has become increasingly clear, and the Bluetooth Special Interest Group, which manages the standard, has focused on security (particularly cryptography upgrades) in recent versions. But attacks like BlueBorne that affect individual implementations of Bluetooth are attracting attention as well. “Attacks against improperly secured Bluetooth implementations can provide attackers with unauthorized access to sensitive information and unauthorized use of Bluetooth devices and other systems or networks to which the devices are connected,” the National Institute of Standards and Technology noted in its extensive May “Guide to BluetoothSecurity” update.

You can’t control if and when devices get patched for newly discovered Bluetooth vulnerabilities, and you’re probably not going to stop using Bluetooth altogether just because of some possible risks. But apply every patch you can, and keep Bluetooth off when you’re not using it. “With security everything is kind of like the flavor of the week,” Webroot’s Dufour says. “So this week it’s Bluetooth.”

Security’s often a matter of weighing risk and reward, defense versus convenience. In the case of Bluetooth, it’s an easy call.

Hay-Newman, Lily. “Hey, Turn Bluetooth Off When You’re Not Using It” Wired September 13, 2017

Posted in: Security

Leave a Comment (0) →

6 Easy Opt-Outs to Protect Your Privacy

How to shrink your exposure to telemarketers, bulky catalogs, and online data mining

Marketers want your personal data and they’re willing to work hard to get it. The result can be a barrage of unsolicited mail, telemarketing calls, and pop-up ads.

You can cut down on those offers by signing up with the Do Not Call Registry and other services, some set up by industry groups. The World Privacy Forum’s Top 10 Opt Outs is a comprehensive resource of websites and organizations that help consumers reduce the amount of marketing material coming their way.

But you can also accomplish a lot, more quickly, with the whittled-down data-collection cleanse outlined below.

Not all of the online forms you’ll be accessing are equally simple to navigate. Follow these tips for cutting through the clutter and the whole six-step exercise can take under 10 minutes to complete. (I got it down to 9 minutes, 8 seconds.) That’s less time than it takes to do the dishes, and it will help make your inbox equally sparkly and clean.

Let’s start with pesky telemarketing calls.

1. National Do Not Call Registry

You know those annoying calls from “Heather at account services?” The National Do Not Call Registry helps you prevent such unsolicited intrusions from telemarketers.

Where to go: The FTC’s National Do Not Call Registry provides one-stop shopping for telemarketer opt-outs.

How it works: Once you get to the Registry you’re given two options: 1) to register or 2) to check to see if you’re registered. The straightforward form allows you to provide up to three lines, I registered my cell, my home landline, and my office line in just seconds.

What you’ll need: You have to provide a valid e-mail address to receive confirmation e-mails—one for each phone number you register—those confirmations arrived in my inbox almost instantly. When I clicked on the link in each e-mail, I was done.

2. Prescreened Credit Offers

Is your mailbox filled with “pre-approved” credit card offers? Lenders send out those solicitations after buying lists of potential borrowers from major credit reporting firms such as Equifax, Experian, and TransUnion. You can stop that cycle at the source. (This Federal Trade Commission FAQ page explains pre-screened credit.)

Where to go: The Consumer Credit Reporting Industry website, or call 888-567-8688.

How it works: The online form lets you opt out for five years. If you want to opt out permanently, you need to print out, fill out, and mail back an old-school paper form. Maddeningly, to get access to the paper form you first need to fill out another form online. You might want to do the quick-and-easy online opt-out first, and then go back and do the paperwork for the permanent opt-opt later.

What you’ll need: Your Social Security number. I’ll admit I felt a little uncomfortable entering my SSN, but the reality is that if you’re getting these offers, the credit reporting agencies have this information anyway.

How long it took: 1 minute, 24 seconds (not including the time to fill out and mail the permanent opt-out form).

3. DMA Choice

I like the fall Pottery Barn catalog as much as the next guy—until I have to carry 20 pounds of mixed paper to the curb on recycling day. The opt-out program set up by the Data & Marketing Association won’t solve that problem completely, but it will reduce the volume of mail coming in.

Where to go: Head to DMA Choice.

How it works: This is a two-stage process. First, you register with DMA, providing an e-mail, password, and credit card information, including your zip code. Once you’re logged in, you get steered to a menu with three options. Clicking on the Catalogs/Magazines/Other Mail Offers link opens a daunting alphabetical list of companies. Ignore it. Head instead to Stop All Catalogs and click on Remove My Name. The site will ask you if you’re sure, at which point you click on Yes, Take Me Off and confirm your address.

What you’ll need: A credit card. You have to pay $2 for the online opt-out and $3 if you mail in the form. There are free opt-outs for caregivers and those with a deceased relative.

How long it took: 3 minutes, 12 seconds (including the time spent entering my credit card information to pay the small fee).

4. FERPA

Public school enrollment information about your children doesn’t have to be public. FERPA, the Family Educational Rights and Privacy Act, gives parents and students the right keep a range of directory-style information private, such as the student’s address, place of birth, and dates of attendance at the school. The catch is, you have to request this.

Where to go: Since the FERPA opt-out procedure is district-specific, there’s no national online clearing house. You need to request a form from your local school district or print out the generic one on the WPF website, which you can then submit to local officials.

How it works: The WPF form is reasonably straightforward. You enter a little info about your student, along with your opt-out preferences. Many school districts only accept FERPA opt-outs at the beginning of the school year, so don’t delay.

What you’ll need: The forms vary somewhat, but there’s a good chance you’ll need to provide a student ID number.

How long it took: 40 seconds (not including the time to fill out the printed form and return it to the school).

5. Banks and Other Financial Institutions

The information collected and distributed by banks varies widely. Since that information can include very sensitive information such as account balances, it’s worthwhile to take the time to protect it.

Where to go: The Federal Deposit Insurance Corporation explains your rights and opt-out options, but does not provide a universal opt-out for financial institutions. The WPF site, however, includes an opt-out list for many large institutions, including Bank of America, Chase, Wells Fargo, and Citibank (1-888-214-0017)

How it works: I bank at Chase. So using the link above, I entered my account information and checked off all the options provided, instructing the bank not to share information about my creditworthiness or other personal information with affiliates and third parties for marketing purposes.

What you’ll need: Your account number and your Social Security number. If you have multiple accounts, you only need to enter the info for one. Don’t forget about your mortgage and investment accounts.

How long it took: 52 seconds.

6. Data Brokers

Data brokers are clearing houses for much of the information that’s gathered about you online and used by marketers. Most don’t have easy opt-outs. But Acxiom, one of the biggest data brokers, is an exception.

Where to go: Acxiom’s website includes an opt-out page.

How it works: I checked Acxiom’s About the Data site, and discovered that the company knows quite a lot about me, ranging from my family status to my income and political affiliations. Some of the information was surprisingly accurate, while other parts were flat-out wrong. You can, however, skip this step and go straight to the opt-out form.

What you’ll need: A little advance research. You’ll want to register your name, but also common misspellings, any maiden name, names from previous marriages, addresses dating back as far as you can recall, and all of your e-mail addresses.

How long it took: 1 minute, 30 seconds. The form itself is quite simple to use, but the dropdown menus slow things down a bit, as does the CAPTCHA confirmation that you’re a human, not a robot.

St. John, Allen. “6 Easy Opt-Outs to Protect Your Privacy” Consumer Reports September 2017

Posted in: Security, Tech Tips for Business Owners

Leave a Comment (0) →

Try These Top Add-Ins for Microsoft Word

You can beef up Microsoft Word with the right add-ins.

Microsoft Word packs a lot of features and functionality into one single application. But there’s always room for more. Perhaps you wish Word included a built-in dictation feature that converted your speech into text. Or maybe you’d like a Word feature that reads your documents aloud to you. Or perhaps you’d like a built-in translator that can translate your text from one language to another. Well, Word may not include these items, but you can tap into them by installing an add-in. Add-ins provide greater functionality and flexibility to an Office application so you can do so much more with the program.

You’ll find an array of Word add-ins through Microsoft’s online Office Store, but I’m going to highlight what I think are some of the top and most interesting add-ins to give you a head start. We’ll look at Dictate, an add-in that lets you dictate your documents directly into Word; TextAloud, an add-in that reads your text aloud to you; Read My Document; another add-in that reads your text to you; Translator, an add-in that can translate text in your document between different languages; Collins Dictionary; an add-in that offers a dictionary, a thesaurus, and a translator with audio pronunciation; and Wikipedia, an add-in that lets you access the online encyclopedia site without leaving Word.

Dictate

Windows 10, 8.1, and 7 already come with built-in speech recognition and dictation. But now there’s a new kid on the block. A Microsoft Garage project, Dictate is a free add-in designed for Word, PowerPoint, and Outlook. Tapping into the technology behind Cortana, Dictate uses speech recognition to convert your words into text. After installing this add-in, launch Word and you’ll see a new menu called Dictation. Click on that menu to display the Dictation toolbar.

Click on the Start button in the Dictate toolbar and begin speaking. As you dictate, you can see the text as interpreted by the Dictate add-in appear in the Response field next to the Start button. You can speak punctuation marks and other non-alphanumeric items, such as periods, commas, and quotes. You can say “new line” or “new paragraph” to move to a new line or paragraph.

The add-in supports 29 spoken languages and can handle real-time translation to 30 languages, so you can speak your text in one language and have it converted into the text of a different language. So, how did Dictate fare? Not as well I had hoped, at least initially. In my testing, Dictation got a fair number of words wrong and was no more accurate than Windows own Speech Recognition feature (which you can access from Control Panel). But the more I used Dictate, the more its accuracy improved. So, if you’re willing to put some time into training it, Dictate is definitely worth trying.

TextAloud

Here’s an add-in I’ve used for years to help me proofread and edit my documents. TextAloud reads your text aloud to you, so you can listen for any mistakes and hear how your documents sound. After you install TextAloud, open Word and click on the new TextAloud menu. From the TextAloud toolbar, you can opt to hear your entire document, the part starting from the cursor, or only selected text. You can pause, stop, and resume the speaking of your document. You can also alter the speed at which the voice speaks.

TextAloud isn’t free. The software by itself costs $29.95. If you want more natural sounding voices, you can add two AT&T Natural Voices for an additional $25. But if you need a reliable tool to help you listen to and verbally proofread your documents, TextAloud is worth the price.

Read My Document

Want a no-frills but free add-in that can read your documents to you? Read My Document fills that bill. Add Read My Document to Word. You have to trust the add-in and follow a few more steps. You then control it from the right pane and can access it by clicking on the Insert menu and selecting My Apps from the Add-ins button. Select the text you wish to hear or select the entire document and then click on the Read selected text button. You can pause or play the reading. The voice used by Read My Documents doesn’t quite have the smoothness of the AT&T Natural Voices but it’s not bad. It has a certain accent to it that makes it pleasing to the ear. You can’t switch voices or control the speech as you can with TextAloud. But for a free program, Read My Document is quite effective.

Translator

Using the power behind Microsoft’s own Translator app, the free Translator add-in can translate text in a document into a different language. After adding Translator, you’re prompted to open Word and trust the program. You can then access it by clicking on the Insert menu and selecting My Apps from the Add-ins button. The program pops up in the right pane. Choose the source and target languages. Select text in your document or select the entire document, and Translator displays the translation in the right pane. You can change the target language, and the displayed text automatically switches to your new language. Translator is a cool and convenient tool if you need to translate text on the fly.

Collins Dictionary

This helpful and free add-in provides a dictionary, thesaurus, and translator in one package, and can even pronounce words for you. Add Collins Dictionary from its page at the Office Store and then open it in Word. After you trust it, the add-in appears in the right pane. Select a word in your document, and the dictionary serves up a definition. In some cases, you can click on a speaker icon to hear the word spoken aloud.

Click on the link for the Thesaurus, and Collins offers synonyms for the word you selected. Then click on the Translator link, select a source language, and Collins translates the text into your chosen language, courtesy of Microsoft Translator.

Wikipedia

Yes, you can always access Wikipedia directly from the Web. But this free add-in provides access to the online encyclopedia within Word. After you add Wikipedia, the usual right pane pops up. Writing about a specific topic, and want to learn more about it? Just type a word or phrase in the search field and click on the search icon, or just select text in your document. The program displays the Wikipedia entry about your subject. Scroll down the pane and you’ll find more information and a link to expand the article to get even more details. Clicking on a link within the article brings you to a new article corresponding to the link, and all within the same pane. If you use Wikipedia as a source of information, you’ll find this a helpful and handy add-in.

 

Whitney, Lance. “Try these Top Add-in’s for Microsoft Word,” Windows Secrets July 2017

Posted in: MS Office Tips and Tricks, Tech Tips for Business Owners

Leave a Comment (0) →

Scrap Everything You Know About Creating Strong Passwords And Do This Instead

You know the drill: make a password with a hodgepodge of special characters, numbers, and letters, then change it periodically – or just ignore change alerts until a hacking scandal suddenly arises.

You may want to rethink your strategy.

Bill Burr, the man behind how we commonly think of devising passwords, recently told The Wall Street Journal, “much of what I did I now regret.”

The password creation shakeup

The retired 72-year old was reportedly a manager at The National Institute of Standards and Technology (NIST) back in 2003 when he wrote “NIST Special Publication 800-63. Appendix A,” featuring the password guides we’ve held true for years now.

According to The Wall Street Journal, this included, namely, the rule that passwords should be a combination of numbers, special characters, and uppercase letters, which you change every 90 days.

Why is Burr changing his tune years later?

He reportedly had to produce the rules quickly and wanted them to be based on research, but he had no “empirical data on computer-password security.” So he turned to a white paper from the 1980s.

Burr told The Wall Street Journal that his advice has led people astray because those rules were probably too challenging for many to understand and caused people to use passwords that were not too difficult to crack.

In June, the NIST released new guidelines, which don’t call for “special characters” or changing passwords frequently anymore. Instead, the NIST says the rules now preach “long, easy-to-remember phrases” and just coming up with new ones “if there is a sign they may have been stolen.”

A xkcd comic by Randall Munroe from August 2011 shows that figuring out the password “Tr0ub4dor&3” would take three days to solve, according to the cartoonist’s calculations, compared to the words “correct horse battery staple” typed as a single word, which would take a staggering 550 years to solve. Computer-security specialists found this to be true.

Be careful changing passwords

You may also want to rethink how often you update your password. This practice can place us at risk if we take the wrong approach.

When we repeatedly change passwords, we don’t always change them properly.

Professor Alan Woodward of the University of Surrey told BBC News that NIST publications have a far reach, giving the rules “a long lasting impact.” But he also mentioned “a rather unfortunate effect”:

For example, the more often you ask someone to change their password, the weaker the passwords they typically choose. . . . And, as we have all now so many online accounts, the situation is compounded so it encourages behaviours such as password reuse across systems.

Steer clear of these password options

So if you’re looking to change your password soon, don’t pick these.

SplashData, which supplies password management applications, released the 2015 version of its “Worst Passwords List.” Here are the top 10 worst ones featured:

1. 123456
2. password
3. 12345678
4. qwerty
5. 12345
6. 123456789
7. football
8. 1234
9. 1234567
10. baseball

Morgan Slain, CEO of SplashData commented on the findings in a statement.

We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers…As we see on the list, using common sports and pop culture terms is also a bad idea. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites.

Embracing the new way of thinking when it comes to passwords just might keep your online accounts out of harm’s way.

Burnett, Jane. “Scrap everything you know about creating strong passwords and do this instead” Ladders (theladders.com) August 2017


You can go to the site www.HaveIBeenPwned.com, put your login names one at a time (ex: Jkalli, JohnKalli, Jkalli@trinityww.com, etc. – whatever login names you might have) and it will tell you if it has ever been part of a hack.  If so, change the login/password combination wherever you might have used it.

Also, go to www.passfault.com to see how long it would take a hacker to crack your password.

Posted in: Security

Leave a Comment (0) →

The life-saving browser shortcut everyone should know

I can’t believe I’d never heard of Ctrl-Shift-T.

If I had a dollar for every time I’d accidentally closed a browser tab — or worse, an entire windowful of ’em — I’d be rich.

But there’s a simple keyboard shortcut that can instantly correct this error: Ctrl-Shift-T.

Or Apple-Shift-T, if you’re using a Mac.

Honestly, I’m a little embarrassed to admit I only discovered the shortcut a few months back, but it’s changed my life ever since. (I used to use a browser extension called TooManyTabs to do something similar, but this is way better.)

Just know that some browsers work better than others. With Chrome or Safari, you can restore an entire window full of tabs with this one quick three-button press, so long as your browser is open.

But with Firefox or Microsoft Edge, you can only restore tabs one at a time, and only if you opened those exact tabs in the same browser window.

If this keyboard shortcut is new to me, I’m betting it could be new to you too. If not, maybe it’ll help someone else?

Hollister, Sean. “The life-saving browser shortcut everyone should know”. CNET August 2017

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

7 Common Scams We’re Still Falling For

The other day, I received an SMS from Uber containing a two-factor authentication code that I hadn’t asked for. Panicked by the prospect that someone was trying to hack an account that stores my credit card details, I embarked on a flurry of password-changing, starting with my Outlook.com account—where I found an email from PayPal informing me that my account had been compromised. Now doubly panicked, I clicked the enclosed link to log in and change my password, and was about to enter the last character of my current password when I glanced at the URL in the toolbar—it didn’t say paypal.com.

As a relatively tech-savvy person who writes about internet security, I’d nonetheless been the target of two nearly successful scams in the space of an hour—what gives?

“Cybercrime is growing, and one of the biggest areas is credential-stealing—the theft of someone’s login details,” says Jon Clay, director of global threat communications, Trend Micro. Login credentials are valuable—and to obtain them, cyber criminals try to infect users’ machines with threats such as trojans that can spy on all activity on a computer, keyloggers, which can track inputted characters, or spoof screens that invite unwitting users to voluntarily give up their username and password (known as phishing). Once criminals have these details, they can not only breach the account in question, but potentially set into motion a daisy chain of account breaches that could lead to identity theft.

“In the vast majority of cases, cyber criminals are trying to obtain money,” Clay says. Ransomware is a form of malware that entirely bypasses credential-stealing to encrypt a user’s device, rendering it and its files inaccessible unless a ransom is paid. And the use of ransomware is skyrocketing. Symantec found that the average ransom demanded in such attacks in 2016 was $1066 per person—266% higher than the year before—while on mobile, ransomware attacks have risen by 250%.

Cyber threats, from ransomware to spy software to phishing attempts on valuable logins, commonly gain access to users’ devices when users unknowingly click a malicious link in an email, on a webpage or in an online ad. The increasing availability of personal information online via sites such as LinkedIn, Twitter and Facebook means that scammers are getting more precise at social engineering—manipulating people to click on malicious links or give up personal information by using seasonal cues, current events or, more insidiously, facts gleaned from their public profiles.

“Social engineering is all about exploiting users’ irrational behavior,” says Rahul Telang, professor of information systems and management at Carnegie Mellon University, who’s currently working on a project examining consumers’ security and privacy behavior. “You may know something is too good to be true—that winning lottery ticket, a get-rich-fast plan, a chance to meet your life partner—but the rewards are so high, you think, why not try?”

The chance of making such a cognitive error rises when scammers use language or make offers designed to appeal to our specific circumstances—or when we aren’t on guard.

We all know what spam email looks like—it’s the stuff that our email filters normally catch, with subject lines that use our email handle as a first name, notify us of vast lottery winnings or offer various bodily enhancements. But spam filters have gotten so sophisticated that when an email does slip past—as with my PayPal spoof email—we’re not necessarily in the right frame of mind to catch it.

“The most common ways cyber criminals can get to you is through your email,” Telung says. “When you’re checking your emails, even if you’re not interested in shopping, if an email says you’ve got this great deal, you’re likely to click.”

Scammers’ psychological tricks can even include the time of day. “There are many cases where spam is sent at certain times of day when people are less likely to be diligent, such as in the morning,” Clay says.

Subject: “Your account has been compromised!”

 

Spoof emails from financial accounts are on the rise, and this scam targets the rising fear of the consequences of hacked bank (or PayPal) accounts by claiming an account has already been hacked. Users are then exhorted to protect their account by clicking a link to change their password—except they’re really taken to a bogus screen that records login details, sending them straight to hackers, who now have access to a previously safe account.

“We are seeing phishing as a big one to steal credentials,” Clay says. “In most cases, the link pops up a phishing screen to get details, or downloads a banking trojan that contains a keylogger or runs scripts to transfer funds out of the account.”

Subject: “Please check your tax return”

Around tax season, scam emails appearing to be from the IRS tend to make the rounds, says Clay—usually with a request for your personal information or for taxes associated with a large sum of money you’ve mysteriously come into. These links end up taking users to a phishing screen or a malware download that gives the criminal access to the victim’s computer. “Financial scams are often successful because people are concerned about their finances, and if they receive an email about an audit, or their taxes, they tend to take action,” Clay says.

Seasonal Spam

Holidays can also bring on a wave of seasonal spam, ranging from shopping discounts, which, in a sea of similar promotions from your favorite retailers, can be hard to spot, to greeting cards from email addresses that appear to belong to friends or family.

“Black Friday is a big one. You might see scam emails offering links to a 50% off coupon,” Clay says.

Emails from friends

You may have received an email from a friend purporting to be in trouble overseas and in need of cash, recommending you donate to their favorite charity, or, in a particularly virulent phishing scam earlier this year, with a link to a Google Docs document that led to a Google sign-in page and request to authorize “Google Docs” for email—which would give the scammers control of the user’s account.

“Criminals are getting smarter [about getting] access to your social network data,” Telung says. “It’s easier for them to impersonate someone close to you and send an email that you’re more likely to trust.”

What to do:

  1. Be very wary of any email that tries to get you to click on a link or open an attachment, especially if it involves some urgency, Clay says, such as a breached account or friend in distress. Stoking panic is one way of pushing users into a state of mind when they may be less vigilant about looking for signs of fraud.
  2. If you’re on a computer, hover the cursor over a link you’re being asked to click, and check the bottom left of your browser window—you should see the true URL you’ll be directed to.
  3. Check with your financial institutions for guidelines describing the type of communication you can expect. For example, the IRS doesn’t initiate contact to request personal or financial information, while PayPal emails always address the recipient by first and last name—which my spoof email did not.

Bad ads on good sites

Nobody loves online ads, but the last year has seen a spike in the prevalence of “malvertising,” malware-ridden ads that redirect browsers to phishing sites or sites that serve more malware.

“A lot of people still click on ads. Criminals are now targeting legitimate websites with malvertisements designed around current news events or the time of year—such as tax time, Christmas, Black Friday—that invite users to click a link that ends up infecting their computer with malware or ransomware,” Clay says.

Because of the way online ads are served via third-party automatic platforms, websites’ security controls usually can’t detect or block malvertisements. Like online ads, which appear to certain users based on their past browsing, malvertisements can be targeted to particular profiles and times of year, making it all the more likely that an unsuspecting user will click on an appealing offer, especially when the ad appears on a trusted site, such as The New York Times, Newsweek and MSN—all of which were hit by a major malvertisment attack last year.

In many cases, users don’t need to click on the ads to be infected: Malicious script can run as soon as the ads loads—an attack known as a drive-by download.

What to do:

1.       Download all security patches for your OS, browser and other programs. Malware works by targeting security holes in browsers and plugins, most notably Flash or Java—both of which are notoriously full of vulnerabilities. If your systems are up to date, malware has a lesser chance of slipping in undetected.

2.       Enable “click-to-play” for plugins such as Flash and Java. This stops plugins from automatically running page elements, including ads, until you click them. You can find this in your browser’s Settings menu, under Plugins.

3.       Uninstall plugins you don’t use. The more plugins, the more potential vulnerabilities there are for a drive-by download to target. Websites are increasingly eschewing Java, for example, and Microsoft’s Silverlight plugin, once essential for Netflix and some radio stations’ “listen online” options, is also far less prevalent.

Finally, “avoid clicking on things you weren’t looking for,” advises Telung.

Unsolicited two-factor authentication texts

Many accounts, from banks to Gmail, use two-factor authentication to protect users’ data by requesting a code, often sent by SMS, in addition to a password. However, researchers recently demonstrated that it’s possible for scammers to spoof these texts.

In the scam, the criminals try to log into the account—or change the password—which would trigger the SMS code to be sent, as occurred with my Uber account. After that, a second—spoofed—SMS requests that the user reply with the code to confirm that the account is theirs—thus delivering the authentication code into the hands of the hackers.

What to do:

1.       If you haven’t tried to log into your account or change your password, ignore such texts.

2.       Never reply to these texts with the authentication code or any other login details.

3.       Change your password.

4.       Where the accounts support it, change the code delivery method from SMS to an authenticator app, such as the ones used by Gmail and Outlook.

Whether it’s free business-class flights to Australia or a clearance sale on totally authentic designer sunglasses, scams circulated via Facebook were the most common online attack method in 2016, according to Cisco’s annual security report.

One prevalent scam involves spoof pages for trusted brands advertising unbelievable sales, which are shared by unsuspecting Facebook users. These ads then appear in their friends’ feeds—and because it appears as a recommendation by someone they know, they’re all the more likely to click through. The links may lead to phishing sites that make a play for credit card details, or to legitimate-looking online shops where victims end up purchasing counterfeit goods.

What to do:

1.       Look up the website or company name—often, if it’s a scam, others will have fallen prey and posted about it on site-review websites such as Trustpilot or Reviewcentre.

2.       Look up the URL registration at Whois.net, which will tell you how long the domain has been active, among other details that should give you an idea of whether the site is legitimate.

3.       If the site appears trustworthy, make sure the transaction is done over a secure (https) connection.

4.       Use a credit card, not a debit card—credit transactions can be reversed by banks in case of fraud.

Securing the digital gates

Awareness about cyber fraud can go a long way to avoiding malicious links and sites, but as scams become more sophisticated, internet users will need to be increasingly dependent on software providers that can detect an ever-evolving array of cyber threats.

“Criminals are really starting to target legitimate websites with malvertising, redirects to bad sites, and malicious scripts that download malware as soon as the site loads,” Clay says. Where human error is still the “in” for most cybercrime, the rise of threats such as malvertising and drive-by downloads that can infect a user’s computer with barely any interaction means that strong security software is more crucial than ever.

“Cyber security is a war between scammers trying to figure out how to get into your machine and the security companies trying to stop them—and the user is just in the middle,” Telung says. “At some level, the game can be so sophisticated, even well-informed people may not be able to avoid being scammed. Users just have to hope they have the tools to prevent attacks.”

Those tools include a comprehensive security program with advanced features such as firewall, phishing detection and website scanning to flag potentially dangerous destinations. As Clay notes, cyber security is no longer just about blocking viruses.

Stokes, Natasha. “7 Common Scams We’re Still Falling For”  Techlicious August 2017

 

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →
Page 2 of 18 12345...»