Blog

Archive for Security

How to Snoop Proof Any Phone or Tablet

It’s likely that you’ve got details of your whole life stored on your phone—the people you know, the banks you’ve used, the videos you’ve wasted hours watching—and you don’t necessarily want that info getting out into the wider world. If you’re keen to lock down your handset against unwelcome visitors, you need to take a few steps.

There’s lots to cover, from protecting against friends at parties who might pick up your phone and start scrolling through photos, to government agencies who might be eager to tap into your outgoing messages. There are plenty of ways to put up barriers and stop all but the most advanced attacks, and we’ll cover the most important ones here, for phones and tablets running iOS and Android—though many of the principles can be applied to laptops and other kinds of devices too.

It’s worth noting at the outset that it’s very hard to make a device completely snoop-proof—even if you physically remove the camera and the microphone, Edward Snowden-style, determined hackers can still get at your data.

Basic security tips

Every so often a new report appears lamenting the high number of people who leave their phones unlocked, or who use an easily guessable PIN like 1234. In 2017 there really is no excuse for leaving your device unprotected, with so many options available—from trusted locations on Android, which helpfully turns on additional security when you’re not at home, to Touch ID on iOS, which demands your fingerprint for accessing protected data. Go to Security in Android’s Settings app or Touch ID & Passcode in the iOS one to get something in place.

That should stop passers-by and curious friends from getting at your phone, but more information than you might think can be accessed from the lock screen—for example, by default on an iOS device you can launch Siri and ask “who do I call most?” to see a list of recent calls, no unlock required.

The feature is designed to help someone return your phone to you if it gets lost, but if you’re not comfortable with it you can turn this and other lock screen pop-ups off by going to Touch ID & Passcode menu in Settings. You can disable notifications too if you don’t want people taking a peek at your Twitter mentions as they flash up on screen.

On Android devices the only settings to really be aware of are the notification ones controlling what appears on the lock screen. Go to Notifications in Settings and you can disable all alerts or just ones for certain apps; the recent versions of Android also let you hide “sensitive” information on the lock screen, which typically means anything that comes through one of your messaging apps.

Securing your apps

As we’ve explained before, some apps are more secure than others when it comes to protecting and encrypting your data. Our picks for the most snoop-resistant messaging apps are currently Signal (iOSAndroid) and WhatsApp (iOSAndroid), and if you’re using anything else you’re leaving yourself more at risk to getting snooped on.

When it comes to browsing, the built-in apps do a decent job protecting you against various kinds of snooping, but there’s certainly room for improvement as well. Apps like Orbot (Android) and Onion Browser (iOS) will keep all your browsing encrypted, anonymous, and very difficult (though not impossible) to track. On top of that, a VPN tool such as Opera VPN (AndroidiOS) will encrypt all the data going to and from your device, and they’re especially useful on public Wi-Fi networks in coffee shops and hotels.

Worried about app developers snooping on your activities? Besides studying the terms and conditions very closely, you can check on (and revoke) permissions for a particular app—on Android tap Apps in Settings, then select an app and choose Permissions, or on iOS, from Settings tap Privacy then choose a category to see which apps have privileges and take them back. As a nuclear option you can simply uninstall offending apps.

On Android devices, you also have the extra option of installing an app locker, which adds an additional layer of protection for specific apps or files if someone should get past your lock screen. It can range from demanding a pin number or password, to demanding a fingerprint scan every time you want to open the app. AppLock (Android), Privacy Knight (Android), and Norton App Lock (Android) are all great choices.

One of the best ways of minimizing the risk of snooping is to have as little data on your phone as possible at any one time. How you go about this will vary from app to app, but to take iMessage as an example, you can go to Messagesfrom Settings and then tap Keep Messages to have them automatically cleaned up after 30 days or a year. Other apps will have similar options. Though be sure to offload photos and videos to the web using something like iCloud or Google Photos before you start auto-deleting old texts.

Your phone also has a habit of tracking places you’ve been and subjects you’ve searched, so you’ll want to deactivate that, if possible. Check in the Activity Controls page of your Google account, where you can enable or disable location history, the storing of voice searches, YouTube viewing history, web browsing activities, and so on.

And something you might not often think about are third-party apps hooked up to your main apps—all those little utilities and add-ons you’ve granted permission to use your Facebook or Twitter accounts. While these are usually nothing to worry about, out-dated and unsecured connected apps can be used to snoop on your activities remotely, so it’s best to keep as few active as possible.

Head into the settings pages for all your services on the web to do this. For Google, you can go to the Connected apps and sites page; on Facebook, connected apps are listed in the App Settings page; while on Twitter, you can go to the Apps page to kick out any connected tools you don’t recognize or no longer have any need for.

Nield, David. “How to Snoop-Proof Any Phone or Tablet” GIZMODO, Mobile

Posted in: Mobile Computing, Security, Tech Tips for Business Owners

Leave a Comment (0) →

12 Simple Things You Can Do To Be More Secure Online

Follow these easy tips to protect the security of your devices, your data, your internet traffic, and your identity.

If a major shopping or financial site suffers a data breach, there’s not much you can do about it except change your password, get a new credit card, and possibly freeze your credit.  Protecting against that sort of attack is just out of your hands.  But there are many kinds of security problems that hit closer to home.

Ransomware could effectively brick your computer until you pay the ransom.  A data-stealing Trojan could lift all your secure logins.  Fortunately, there’s a lot you can do to defend against these local problems.

Making your devices, online identity, and activities more secure really dosesn’t take much effort.  In fact, several of our tips about what you can do to be more secure online boil down to little more than common sense. These 12 tips for being more secure in your online life will help keep you safer.

1. Install an Antivirus and Keep it Updated

We call this type of software antivirus, but it actually protects against all kinds of malicious software.  Ransomware encrypts your files and demands payment to restore them.  Trojan horse programs seem like valid programs, but behind the scenes they steal your private information. Bots turn your computer into a soldier in a zombie army, ready to engage in a denial of service attack, or spew spam, or whatever the bot herder commands. An effective antivirus protects against these and many other kinds of malware.

You may be thinking, wait, isn’t antivirus built into Windows? Not only is Microsoft Defender Security baked into the operating system, it automatically takes over protection when it detects no other antivirus, and just as automatically steps aside when you install third-party protection. The thing is, this built-in antivirus just doesn’t compare with the best third-party solutions. Even the best free ones are way better than Windows Defender. Don’t rely on it; you can do better.

One more thing. If your antivirus or security suite doesn’t have ransomware protection, consider adding a separate layer of protection. Many ransomware-specific utilities are entirely free, so there’s no reason not to try a few of them and select the one that suits you best.

2. Explore the Security Tools You Install

Many excellent apps and settings help protect your devices and your identity, but they’re only valuable if you know how to use them properly. Understanding the tools that you assume will protect you will go a long way toward them actually protecting you. For example, your smartphone almost certainly includes an option to find it if lost, and you may have even turned it on. But did you actively try it out, so you’ll know how to use it if needed?

Your antivirus probably has the ability to fend off Potentially Unwanted Applications (PUAs), troublesome apps that aren’t exactly malware but don’t do anything beneficial. Check the detection settings and make sure it’s configured to block these annoyances. Likewise, your security suite may have components that aren’t active until you turn them on. When you install a new security product, flip through all the pages of the main window, and at least take a glance at the settings.

To be totally sure your antivirus is configured and working correctly, you can turn to the security features check page on the website of the AMTSO (Anti-Malware Testing Standards Organization). Each feature-check page lists the antivirus tools that should pass. If yours shows up in the list but doesn’t pass, it’s time to contact tech support and find out why.

3. Use Unique Passwords for Every Login

One of the easiest ways hackers steal information is by getting a batch of username and password combinations from one source and trying those same combinations elsewhere. For example, let’s say hackers got your username and password by hacking an email provider. They might try to log into banking sites or major online stores using the same username and password combination. The single best way to prevent one data breach from having a domino effect is to use a strong, unique password for every single online account you have.

Creating a unique and strong password for every account is not a job for a human. That why you use a password manager. Several very good password managers are free, and it takes little time to start using one. The good thing is that when you use a password manager, the only password you need to remember is the master password that locks the password manager itself.

4. Get a VPN and Use It

Any time you connect to the Internet using a Wi-Fi network that you don’t know, you should use a virtual private network, or VPN. Say you go to a coffee shop and connect to a free Wi-Fi network. You don’t know anything about the security of that connection. It’s possible that someone else on that network, without you knowing, could start looking through or stealing the files and data sent from your laptop or mobile device. A VPN encrypts your internet traffic, routing it though a server owned by the VPN company. That means nobody, not even the owner of the free Wi-Fi network, can snoop on your data.

5. Use Two-Factor Authentication

Two-factor authentication can be a pain, but it absolutely makes your accounts more secure. Two-factor authentication means you need to pass another layer of authentication, not just a username and password, to get into your accounts. If the data or personal information in an account is sensitive or valuable, and the account offers two-factor authentication, you should enable it.

Two-factor authentication verifies your identity using at least two different forms of authentication: something you are, something you have, or something you know. Something you know is the password, naturally. Something you are could mean authentication using a fingerprint, or facial recognition. Something you have could be your mobile phone. You might be asked to enter a code sent via text, or tap a confirmation button on a mobile app. Something you have could also be a physical Security Key; Google and Microsoft have announced a push toward this kind of authentication.

If you just use a password for authentication, anyone who learns that password owns your account. With two-factor authentication enabled, the password alone is useless. Most password managers support two-factor, though some only require it when they detect a connection from a new device. Enabling two-factor authentication for your password manager is a must.

6. Use Passcodes Even When They Are Optional

Apply a passcode lock wherever available, even if it’s optional. Think of all the personal data and connections on your smartphone. Going without a pass-code lock is unthinkable.

Many smartphones offer a four-digit PIN by default. Don’t settle for that. Use biometric authentication when available, and set a strong passcode, not a stupid four-digit PIN. Remember, even when you use Touch ID or equivalent, you can still authenticate with the passcode, so it needs to be strong.

Modern iOS devices offer a six-digit option; ignore it. Go to Settings > Touch ID & Passcode and select Change Passcode (or Add Passcode if you don’t have one). Enter your old passcode, if needed. On the screen to enter the new code, choose Custom Alphanumeric Code. Enter a strong password, then record it as a secure note in your password manager.

Different Android devices offer different paths to setting a strong passcode. Find the Screen Lock settings on your device, enter your old PIN, and choose Password (if available). As with the iOS device, add a strong password and record it as a secure note.

7. Pay With Your Smartphone

The system of credit card use is outdated and not very secure at all.  That’s not your fault, but there is something you can do about it. Instead of whyipping out the old credit card, use Apple Pay or an Android equivalent everywhere you can. There are tons of choices when it comes to apps. In fact, we have an entire roundup of mobile payment apps.

Setting up your smartphone as a payment device is typically a simple process. It usually starts with snapping a picture of the credit card that you’ll use to back up your app-based payments. And setup pretty much ends there; you’re ready.

How is that better than using the credit card itself? The app generates a one-use authentication code, good for the current transaction only. Even if someone filched that code, it wouldn’t do them any good. And paying with a smartphone app completely eliminates the possibility of data theft by a credit card skimmer.

Some smartphone payment apps let you pay online with a similar one-time code. If yours doesn’t, check with your credit card provider. Bank of America, for example, has a program called ShopSafe that works like this: You log into your account, generate a 16-digit number as well as a security code and “on-card” expiry date, and then you set a time for when you want all those digits to expire. You use the new temporary numbers in place of your real credit card when you shop online, and the charges go to your regular account. The temporary card number will not work again after it expires. Other banks offer similar services. The next time your credit card company or bank calls you to try and sell you upgrades, ask about one-time use card numbers.

8. Use Different Email Addresses for Different Kinds of Accounts

People who are both highly organized and methodical about their security often use different email addresses for different purposes, to keep the online identities associated with them separate. If a phishing email claiming to be from your bank comes to the account you use only for social media, you know it’s fake.

Consider maintaining one email address dedicated to signing up for apps that you want to try, but which might have questionable security, or which might spam you with promotional messages. After you’ve vetted a service or app, sign up using one of your permanent email accounts. If the dedicated account starts to get spam, close it, and create a new one. This is a do-it-yourself version of the masked emails you get from Abine Blur and other disposable email account services.

Many sites equate your email address with your username, but some let you select your own username. Consider using a different username every time—hey, your password manager remembers it! Now anyone trying to get into your account must guess both the username and the password.

9. Clear Your Cache

Never underestimate how much your browser’s cache knows about you. Saved cookies, saved searches, and Web history could point to home address, family information, and other personal data.

10. Turn Off the ‘Save Password’ Feature in Browsers

Think about this. When you install a third-party password manager, it typically offers to import your password from the browser’s storage. If the password manager can do that, you can be sure some malicious software can do the same. In addition, keeping your passwords in a single, central password manager lets you use them across all browsers and devices.

11. Don’t Fall Prey to Click Bait

Part of securing your online life is being smart about what you click. Click bait doesn’t just refer to cat compilation videos and catchy headlines. It can also comprise links in email, messaging apps, and on Facebook. Phishing links masquerade as secure websites, hoping to trick you into giving them your credentials. Drive-by download pages can cause malware to automatically download and infect your device.

12. Protect Your Social Media Privacy

You can drastically reduce the amount of data going to Facebook by disabling the sharing platform entirely. Once you do, your friends can no longer leak your personal data. You can’t lose data to apps, because you can’t use apps. And you can’t use Facebook to log into other websites (which was always a bad idea).

Of course, other social media sites need attention too. Google probably knows more about you than Facebook, so take steps to manage your Google privacy, too. Make sure you’ve configured each social media site so that your posts aren’t public (well, all except Twitter). Think twice before revealing too much in a post, since your friends might share it with others. With care you can retain your privacy without losing the entertainment and connections of social media.


This article offers excellent cyber security measures that you should apply.  However, knowing, choosing, and implementing the right tools for your environment can take a lot of research and time.  We are here to offer our expertise, so that you can focus your time and energy on your business!

If you are in the market for a managed service provider that specializes in cyber security – CALL US!  We can assess your IT environment, identify areas that can be improved and implement inexpensive, effective cyber security measures to keep you safe.

Email us at support@trinityww.com or give us a call at 732.780.8615 to get more information, or to schedule an appointment with one of our trained professionals.

Posted in: IoT, Mobile Computing, Security, Tech Tips for Business Owners

Leave a Comment (1) →

For Goodness’ Sake, Get a Web Filter

Recently in the news we heard about a government agency being infected with malware because one of its employees watched porn on his work computer.  This mishap could have been avoided if only the organization had a Web Filter in place.

Unfortunately, it was discovered that this employee had been visiting thousands of porn sites, as well as being guilty of  downloading images onto an unauthorized thumb drive.  This type of behavior is a potential nightmare for any organization.  But it’s important to learn from this and know that this could have been prevented if a web filter had been in place. Your employees’ shouldn’t be able to access unauthorized sites like this in the first place.

The Inspector General, who wrote a report on the incident, had some rather obvious recommendations. For starters, he recommended “a strong blacklist policy.” He also recommended regularly checking the web history of employees’ computers to make sure they aren’t visiting websites that could put the agency at risk again.

It’s advice that every company, regardless of size, should be heeding. While you would like to think that employees at small companies are more bought into the mission, it doesn’t mean they aren’t doing foolish things on your computers.

Seems like every week we hear a story blaming employees for being lax about security. They have bad passwords or they fall for phishing scams. They do all kinds of things that compromise your company’s security position, but here’s the thing. You shouldn’t be blaming only your employees, when they are using the systems and policies you’ve put in place.

It is easy for us to blame the user, but as a business owner it is also your responsibility to implement safeguards that will ensure that employees cannot access potentially harmful sites that could end up infecting your network.

This can be easily prevented by simply implementing a web filter!  By doing so you are protecting your valuable business assets.  Your company assets shouldn’t be at risk because one of your employees was poking around questionable websites that exposed your network to the dangers of malware.

You should also consider some basic training to lay the groundwork for what’s acceptable at work. While it might seem like common sense, and it often is, people don’t always behave sensibly. That said, you also have to be careful of being overly rigid when writing the rules of what’s acceptable. For example, some companies have blocked social media when the fact is a lot of business gets conducted on these sites.

In the end, it’s your business and you need to ensure that it’s safe. If you’re allowing employees to explore the internet without any kind of filtering tools, you’re leaving yourself vulnerable to a host of malware. While you can blame the employees for not being smart about the sites they visit, in the end it all comes down to you and putting the tools and training in place to make sure they don’t do that.

Miller, Ron. ” For Goodness’ Sake, Get a Web Filter”. TechCrunch October 2018


As a rule, we implement internet security filtering for all of our “managed clients.”   This service has the potential to stop most ransomware in its tracks, by blocking their ability to contact their command and control server.  We consider this to be as critical a part of your overall security as antivirus protection.

Whether you are in the market for a managed service provider or looking into adding a web filter to your existing network  – we can help.  We can have one of our professional network engineers evaluate your needs, and identify any areas that can be improved.

Email us at support@trinityww.com or give us a call at 732.780.8615 to get more information, or to schedule an appointment with one of our trained professionals.

 

Posted in: Security

Leave a Comment (0) →

Forget Passwords! It’s Time for Passphrases!

 Mr. Henry Williams is a deputy editor for The Wall Street Journal in New York, and he reported on something we just also recommended. Here is an excerpt with a link to the full article at the end. You should forward this to your C-suite:

Two researchers say they have come up with a system that makes passphrases more secure and practical.

We all know the drill: When signing up at a website, you’re told to choose a password. It has to be at least a certain number of characters. It must contain letters and at least one number and perhaps at least one special character. Oh, but some special characters aren’t acceptable.

The death of complicated passwords—which are both hard to remember and not that secure—has been forecast for years, but reality hasn’t quite caught up yet.

Now, however, two researchers have developed an idea for replacing passwords with more-secure passphrases that people will actually remember and use.

Kevin Juang, a former doctoral student at Clemson University, and his co-author and adviser, Joel Greenstein, have created a working prototype of an online system for websites and their registered users to replace passwords with randomly generated passphrases that in theory, in combination with other cues, will be much easier to remember and to enter accurately.

Passphrases have been discussed in online-security research for over 30 years, but most websites and apps still use passwords. Partly, that’s because long passphrases are harder to type, leading to more log-in failures, but it’s also because users tend to pick phrases from common sources, likes song lyrics, making them easy for hackers to figure out. People also sometimes use a passphrase on more than one website, or use a certain word repeatedly to make the passphrase even easier to remember.

Williams, Henry. “Forget Passwords. It’s time for Passphrases” The Wall Street Journal. 2018 September

Wall Street Journal Article: “Forget Passwords It’s time for Passwords”


This is only one aspect of our layered security strategy that our cybersecurity team has been recommending to our customers. To see how fast any of your complex passwords can be cracked, go to www.passfault.com.

A good place to start is to see if your employees credentials (email and password combinations) are on the Dark Web.

Right now, we are offering a complementary Dark Web Scan for your business’s email domain. This report will immediately reveal if you or any of your employees have been compromised within the last 36 months.

If nothing turns up, you’ll have peace of mind and you can take preventative actions to make sure it stays that way. On the other hand, if the report reveals a compromise, you are in the best position to take the next logical step towards protecting your business!

You can always contact us at CyberSecurity@Trinityww.com or by calling (732) 780-8615 if you have any questions about what you can be doing to put your business in the best position to avoid a cyber security breach

Posted in: E-mail, IT Support, Security, Tech Tips for Business Owners

Leave a Comment (0) →

Scam of the Week: “Another” New CEO Fraud Phishing Wrinkle

So, here’s a new CEO Fraud phish: see these fresh screen shots from emails reported to us through the free KnowBe4 Phish Alert Button. Bad guys spoof the managing partner and CPA and an accounting & consulting firm and ask an employee for the  “Cash/Bank Statement Reconciliation” for June of this year.

 

Now, it’s not immediately clear what the bad guys could do with the data from such a statement, but this may simply be a first step of a one-two punch that is meant to establish credibility. The next step would be a malicious request for salary payment records like a pay stub that allow the bad guys to change bank accounts for direct deposit salary payment to accounts they control.

Here is another variant, where the employee seems to be willing to comply:

And here is another variant

See the payroll phish screenshot, which asks an employee at a credit union to change the email associated with another employee’s ADP account to a non-company email address.

Of course, ADP already allows employees to do this on their own: http://www2.ccga.edu/Faculty/HumanResources/ADP/files/PersonalContact.pdf

We are expecting the scheme to work like this: once the email address is changed, the bad guys who control that email address can force a password change by selecting the “I forgot my password” option on the ADP portal, change the password, then effectively hijack the account. From there they can change the direct deposit info, mine the account for identity/tax refund theft, and so forth.

Presumably this same scheme could work with similar services (SAP, Paychex, Zenefits, etc.).

The “beauty” of this approach is that targeted employees as well as their employers would remain blind to all the fraudulent changes made after the email address is switched. How often do employees tend to log in to their ADP accounts anyway? Once every few months would be my guess. Perhaps even as infrequently as once a year. Two interesting observations about this particular phish:

  1. The bad guys didn’t bother spoofing the targeted employee’s corporate email address. They used the same address submitted as a substitute.
  2. The targeted employee doesn’t appear to be very senior in the organization. So, this might be some kind of initial test to see if the scheme works.

Sjouwerman, Stu. “Scam of the Week:”Another” New CEO Fraud Phising Wrinkle” KnowBe4.com blog July 20, 2018

Posted in: Security, Tech Tips for Business Owners

Leave a Comment (0) →

7 Tips to Using a Password Manager Safely

Password security can look pretty grim! However, the benefits of a good password manager – generating and saving complex, unique passwords you can easily update – mean that most experts recommend using one. “While it’s impossible to be completely immune from the most advanced threats, selecting the right third-party password manager can help users to protect their credentials from the majority of attacks that they may face,” says Baumgartner.

You can also take the following seven steps to ensure you’re protecting your accounts:

  1. Choose a password manager without master password recovery

Whatever you do, choose a password manager that does not allow for recovery of the master password. “If a malicious actor is able to get ahold of the master password through account recovery tools, this renders even the most secure password management programs useless,” says Baumgarten.

  1. Use Two-factor authentication

Any online account has a risk of being hacked. One way to circumvent this risk is to use two-factor authentication to protect your password manager. Chrome supports two-factor authentication with your smartphone, and, along with Firefox and Edge, also works with authentication hardware keys such as Yubico. Third-party password managers including Dashlane, LastPass and Sticky Password supports two-factor authentication with your smartphone. “While two-factor authentication may still have some risks due to threats like SIM hijacking, at a minimum it puts one more layer of defense between the cybercriminal and your full arsenal of login information,” says Baumgarten.

  1. Turn off autofill

You may want to consider turning off autofill. This also means logging into your password manager, then copying and pasting your passwords into the login screen.

  1. Use strong passwords

When composing your master password, make it strong. “By today’s standards this means 20 characters or more, randomly generated passwords that contain lower and uppercase letters, digits and symbols,” says Palfy.  You might be proud of how devilishly uncrackable it is – but don’t reuse your master password.

  1. Make sure all of your passwords are unique

Make sure all your other passwords are unique. Dashlane Premium is one of the options that can automatically check for weak or repeated passwords then automatically replace them with a random, complex password.

  1. Keep your software up to date

Download security updates for your password manager as soon as available – often, they will be patching newly discovered vulnerabilities.

  1. Be wary of downloads and browser extensions

In general, be wary of your downloads especially browser extensions – unwittingly installed malware could end up logging keystrokes or copying logins.

Choosing the right password manager

The best password managers do not allow you to recover your master password, they let you use two-factor authentication, they monitor your accounts for password breaches and weak passwords, they generate strong passwords for you, they back up your passwords securely online and they let you use a fingerprint or face ID to log in on your smartphone. Our favorite password manager, Dashlane Premium($60 per year), has all of the aforementioned features and more. It also fills out forms, including your credit card information, syncs across all of your devices, scans the Dark Web for personal data and account information and provides VPN service for your computer and smartphone to encrypt all of your data when using internet-based services over public WiFi.

This excerpt is taken from “Is it Safe to Use a Password Manager?”, an article written by Natasha Stoke, Techlicious.com. Click here if you would like to read the article in its entirety.

Posted in: Security, Tech Tips for Business Owners

Leave a Comment (0) →

Make your Android or iPhone’s Fingerprint Reader Work Every Time

This dead-simple trick will keep you from wanting to throw your phone across the room.

Raise your hand if this is you: The fingerprint reader on your iPhone or Android phone fails often enough on the first try that you’re starting to wonder if you’ve been cursed with weird fingers.

Relax; there are plenty of reasons why you may not get an accurate read your first try, besides your mutant appendages.

  • Your fingertip hasn’t fully covered the sensor
  • You have wet hands
  • The phone didn’t get an accurate read when you first registered your print
  • The phone maker’s implementation may make the reader more sensitive, like if there are more demanding layers of security built into the software

This tip won’t help with all of those, but it definitely helps.

If you’re up to here with trying to unlock your phone so many times that you have to revert to a password or passcode, stop. Take a deep breath. And try this dead-simple solution that really works.

Register the same print two or three times. I do this with the phones I review and it makes the devices much more likely to unlock the first time around. For example, I’ll scan the finger I usually unlock the phone with at least twice — say, my thumb — and then scan a second finger that I might use to also unlock the device, like my index finger. I’ll usually also scan the index finger of my non-dominant hand, which has bailed me out more than once when I had my hands too full to unlock the phone as I normally would.

The reason multiple scans of the same finger works is because when you register your fingertip the first time around, it isn’t always clear which parts of your print the software has captured. A nominally helpful animation will urge you to lift your finger to capture more area, but that doesn’t necessarily reflect the data your phone’s actually storing.

By laying down the same fingerprint more than once, you’re doubling or tripling the chances that your phone will capture enough data.

Of course, adding duplicate digits won’t solve your unlocking issues if you constantly struggle to reach the reader, or if your hands are too wet for the phone to register your print.

How to register multiple fingerprints on your phone

Most phones give you a maximum of five fingerprints for security reasons. The more fingers you wave through, the higher the probability the phone will unlock for false positives, the reasoning goes.

On Android phones:

  • Open Settings
  • Tap Security
  • Tap “Fingerprint”
  • Re-enter your PIN
  • Tap “Add fingerprint”

On iPhones with Touch ID:

  • Open Settings
  • Tap Touch ID & Passcode
  • Enter your passcode
  • Under the section “Fingerprints” tap “Add a Fingerprint

Dolcourt, Jessica. “Make Your Android or iPhone’s Fingerprint Reader Work Every Time” CNET July 5, 2018

Posted in: Mobile Computing, Security, Tech Tips for Business Owners

Leave a Comment (0) →

7 Passwords You Should Never Use at Your Small Business

Owning a small business means owning data. You’re constantly acquiring new information related to your customers, your financial details, and all the vendors and contractors with whom you work.  One cyber criminal, though, one lucky hack, and you’ve just exposed your business to a major blow. From lost trust among your clients to costly lawsuits for the damage done, protecting your company from data theft is among your most important responsibilities.​

A lot of it comes down to one simple choice you make:  passwords.

“Overall, passwords still present the biggest challenge for businesses of all sizes,” said Ron Schlecht, founder and managing partner of BTB Security. Businesses hire Schlecht’s company to test their digital security for weak spots and, he said, “you can’t imagine how many times we still break in to companies because of a bad password.”

If you want to avoid weak passwords at your business, start by steering clear of the following list. Read on for seven passwords you should never (ever) use.

Password

Arguably, this is the number-one and most common bad choice. Also prevalent are variations such as P@ssword and P@55w0rd!. These might be easy to remember, but they’re also among the first options hackers will try.

QWERTY

Easy-to-guess passwords often take root because they’re simple to remember. That’s the story with this hacker-friendly option constructed from the sequence of letters at the top left of the typical computer keyboard.

12345

Or, 98765. Or, 4567. You get the picture — no consecutive numbers (and the same goes for sequential letter combinations). You can only count on passwords such as these to expose your business to digital theft.

BusinessName1

If your shop is called Serafina’s Weddings, don’t set your password as SerafinasWeddings1. That would be a early choice for hackers looking to break into your valuable data.

Business Address

Skip it entirely, when it comes to passwords. Also avoid trying to mash together similar details, such as your street name and street number — i.e. Main215. 

Date of Birth

Thanks to the Internet, it doesn’t take much effort to find a person’s DOB. Birthdays, birthdates, years of birth — all of them make for readily attainable passwords and are poor choices for your company.

Simple Dictionary Words

Especially if they’re related to your business, don’t use them. No baseball, football, or soccer for your sporting goods store. No muffler, tire, or spark plug for your auto garage.

 And so, what should you do when it comes to picking a password?

A key approach starts with thinking of a passphrase. Next, substitute letters, characters, and abbreviations for parts of it. For example, my first car was a Honda in 1990 would be easy enough to remember, if that was the case in your life. Now, change it to my1stc@r=honda90.

Steer clear of the not so magnificent seven above, and protect your data with hard-to-guess constructions. With a strong password strategy, you’re well on your way to foiling online attacks.

O’Brien, James. “7 Passwords You Should Never Use at Your Small Business” The Hartford, Small Biz Ahead. June 2018

Posted in: Business, Mobile Computing, Security, Tech Tips for Business Owners, Technology

Leave a Comment (0) →

How to export saved passwords from Chrome to a CSV file

This process shows you how to export your passwords stored in Chrome into a CSV file, so that you are able to import your account credentials into a password manager. However, there’s one big caveat.

At first blush, you may think I’ve lost my mind. Wouldn’t exporting passwords to a text-based CSV file be insecure? Although that may be true, when you want to migrate your passwords from Chrome to a password manager (especially when you have a large number of passwords), the last thing you want to do is rely upon your memory to recall all the URLs, usernames, and passwords. And if you’re migrating away from Chrome—which you might be so inclined to do after reading this piece—you’ll want to export those passwords, such that they can be imported into your password manager of choice.

I’m going to walk you through the process of exporting your password information from Chrome. How you then import that information into your password manager will depend upon the tool you use. Fortunately, many of the better password managers are capable of importing CSV files.

With that said, let’s take care of this.

What you’ll need

You’ll need a working version of Chrome. That’s it. As long as you’ve stored your passwords with that browser, you should be good to.

A word of warning (IMPORTANT!!!)

This exported CSV file stores all your information in plain text. The idea here is to export the file, import it into a password manager, trash the exported CSV file, and then undo the process. If you leave that CSV file on your hard drive, you run the risk of leaving yourself exposed. If you don’t undo Chrome’s ability to export, someone could come along and export the file (more on that danger in a bit). Because of that, it is very important you delete that file after you’ve imported it into your password manager. Or you can always save that file to a USB drive, and then lock that drive up in a safe. Either way you go, make sure to protect that file at all costs.

Exporting

The first thing to do is enable password exporting. To do that, open Chrome and type chrome://flags/ in the address bar and hit Enter. In the resulting window type Password export in the search field. When the search result appears, select Enable from the drop-down.

You will then be prompted to restart Chrome. When Chrome restarts, click on the menu button (three horizontal lines in the upper right corner) and click Settings. In the Settings window, click Advanced and scroll down to Manage passwords. Click the three vertical dots associated with Saved passwords and then click Export.

When prompted, click the EXPORT PASSWORDS button and save the .CSV file.

You can now import that newly downloaded file into your password manager.

Undoing your work

First off, remember to delete that file or tuck it away for safekeeping. Once you’ve done that, go back to Chrome, type chrome://flags in the address bar, search for Password export, and disable the feature (set to Default). Relaunch Chrome and the feature will no longer be available.

THE BIG CAVEAT (IMPORTANT!!!)

Unfortunately, Chrome no longer allows the browser to use a password for profile locks. Because of this, you might consider deleting Chrome from your desktop, if you are migrating to Firefox for example and aren’t planning on using Google’s browser. Otherwise, someone with the understanding of how to export passwords could gain access to that data by following the above process.

In the end, the last thing you should do is allow Chrome to save your passwords. If you do, and a malicious user has access to your browser, there’s nothing keeping them from exporting your passwords to a file and using them to gain access to your accounts. Lock those passwords away in a password manager, and remove the passwords from chrome (Chrome | Settings | Advanced | Manage Passwords).

Consider this a word of warning.

Wallen, Jack. “How to export saved passwords from Chrome to a CSV file” TechRepublic, March 22, 2018

Posted in: IT Support, Mobile Computing, Security

Leave a Comment (0) →

How to Lock Down Your Facebook Privacy Settings

Facebook deserves a lot of the flack it gets, be it for providing Russian propaganda with a platform or gradually eroding privacy norms. Still, it has some genuine usefulness. And while the single best way to keep your privacy safe on Facebook is to delete your account, taking these simple steps in the settings is the next best thing.

Remember, it’s not just friends of friends you need to think about hiding from; it’s an army of advertisers looking to target you not just on Facebook itself, but around the web, using Facebook’s ad platform. In the video above and the post below, we’ll show you how to deal with both.

Fine-Tuning Friends

Limiting who can see which of your posts is an easy first step. On a desktop, go to the little dropdown arrow in the upper-right corner, and click Settings. From there, click on Privacy on the left-hand side. This is where the magic happens.

Under Who can see my stuff, click on Who can see your future posts to manage your defaults. You can make public to anyone at all, limited to your friends, or exclude specific friends. You can quarantine your posts by geography, or by current or previous employers or schools, or by groups. Just remember that the next time you change it, the new group becomes the default. So double check every time you post.

This section has other important privacy tools you can fiddle with, including who can look you up with your email address or phone number. We’d recommend not listing either in the first place, but if you do, keep the circle as small as possible. (If you do have to share one or the other with Facebook for account purposes, you can hide them by going to your profile page, clicking Contact and Basic Info, then Edit when you mouse over the email field. From there, click on the downward arrow with two silhouettes to customize who can see it, including no one but you.)

But pay special attention to the option to (deep breath) Limit the audience for posts you’ve shared with friends of friends or public? If you ever had a public account, taking it private wasn’t retroactive. If you want to hide those previously viewable posts, lock this setting down.

Over on Timeline and Tagging you can control over what shows up on your own Facebook timeline. Basically, you can’t stop your friends from tagging you (sorry!), but you can stop those embarrassing photos from popping up on your page. At the very least, you should go to Review posts you’re tagged in before the post appears on your timeline, and enable that so that you can screen any tags before they land on your page.

To test out your changes, go to Review what other people see on your timeline. You can even see how specific people view your page, like your boss or your ex or complete strangers. It also never hurts to take stock of you present yourself to the world. (Looking at you, people who haven’t updated your cover photo since the Obama administration.)

That should about cover your friends. Now onto advertisers, which are like friends, except they never leave you alone, even if you ask nicely.

Ad It Up

In that same Settings panel, head down to Ads. As you probably realized, Facebook knows what you do pretty much everywhere online. So does Google, so do dozens of ad networks you’ve never heard of. You’re being tracked pretty much all the time, by everyone, thanks to this here internet.

You can still limit how Facebook uses that information, though. Tired of that lawnmower you looked at following you to Facebook? Turn off Ads based on my use of websites and apps. Saying no to Ads on apps and websites off the Facebook companies does the same, except for all the sites Facebook serves ads to around the web. Which is most of them.

Lastly, for some fun insight into how advertisers think of you, click on Your Interests. There you’ll find all the categories Facebook uses to tailor ads for you. You can remove any you don’t like, and marvel at the ones that don’t make any sense. This won’t make the ads go away, but it’ll at least you can banish all those off-brand kitchen gadgets from your News Feed.

And you’re good! Or at least, as good as can be expected. It’s still Facebook, after all.

Barrett, Brian. “How to Lock Down your Facebook Privacy Settings,” Wired, Security, November 14, 2017

Posted in: Security, Social Media Marketing

Leave a Comment (0) →
Page 1 of 7 12345...»