Don’t Neglect Patches & Updates

For most users, security patches & updates are regular annoyances that are dealt with promptly or put on the back burner until you’re harassed by Windows to the point where you do it just to shut it up. Worse yet, some users ignore critical updates, sometimes to their own detriment. So what’s the point of all these patches and updates? Does it matter if you update them immediately or wait?

There are two main reasons why it’s a good idea to go ahead and run those pesky Windows updates regularly. First, Windows regularly puts out security patches to its software. These critical updates are designed to fix a flaw in the operating system’s code that a malicious user could exploit to gain access to your computer and files and/or install software on your computer, oftentimes without you knowing the exploit has already been carried out. Most users don’t even know they’ve been hacked because there aren’t any obvious signs like we see in the movies. Your computer can be exploited simply for its extra processing power along with an army of other similarly infected computers on the internet; modern hackers aren’t always going after sensitive info like passwords and bank account info. 

Second, since operating systems are being updated and pushed out more frequently, there is more of a chance that the underlying code will have flaws in it that need to be updated. These updates may or may not be critical, but they are designed to help things run more smoothly for users. We’d all like our software to run perfectly out of the box, but that’s never been the case with any software. Since the advent of the internet, software developers have taken advantage of its connectivity to fix those problems that prior to the internet would have been a bug that you just had to live with. 

The downside to more complicated operating systems that do more and more is that you’ll have more frequent software updates and patches. It seems like there are updates on an almost daily basis. One of the ways you can make these updates less of a hassle is by scheduling when your computer checks for and applies these updates. You can set times for when your system checks for and applies updates to your computer so you aren’t dedicating time when you should be working to run maintenance. You can also choose to run most updates immediately and then choose to delay restarting your computer to apply those updates until a more convenient time. 

So, running regular updates and security patches is an important part of regular computer maintenance that doesn’t have to be put off until a more convenient time. These software updates can be of high importance and at the very least will help your operating system run more smoothly. You have the ability to structure when and how these updates are run and applied to your computer. How and when you choose to run your operating system’s updates is up to you.  If all of this still sounds like too much trouble for you, please contact us to schedule a consultation for a monthly or annual maintenance contract.  We’ll take over the work of backing up your crucial systems and regularly running security patches, updates, virus updates, malware protection and all of the other crucial tasks necessary for a secure, modern IT environment.

Yes, You Need to Have Antivirus Software

“I’m a small business with only a few computers. Do I really need antivirus software?”

We are all connected to the Internet, whether we like it or not (and whether we know it or not). Because you and your devices are online all the time, you are vulnerable to viruses, Trojan horses, adware, ransomware, and all other types of malicious software (malware). So yes, you DO need to have antivirus software installed on your computers. 

You’ve probably heard of Norton and McAfee; they’re two of the bigger antivirus products out there. They tend to have corporate contracts with companies like Dell, Xfinity, and other large businesses so they can get their software out to a lot of users. They sell software packages for home users as well, but here’s the thing: there are good, secure, free alternatives out there for you to use that don’t require an annual purchase or a subscription fee.  As a matter fact, most software is moving to this model versus an annual purchase of a newer software version, so you end up spending even more money. Antivirus products like AVG Antivirus, Total AV, and Avast Antivirus offer reliable alternatives to many comparable paid antivirus software. 

Now, keep in mind that most of these free alternatives do have paid versions; one of the tradeoffs for using free software is you’ll have some sort of periodic attempt to upsell you to a paid version of some sort. Additionally, some companies use notification alerts to prompt you into upgrading your service to something you don’t necessarily need. You’ll want to research the products offered and read any relevant reviews in order to determine what software might work best for you and your company. 

Once you’ve made your decision, you will need to set up your antivirus software to run on a regular basis; this could be daily or weekly depending on how often your computers are in use. Make sure you pay attention to how often the program updates its virus definitions, that is the database that lists past and current malware threats security companies have identified. 

Bottom line: yes, you need antivirus software on your computer. You don’t need to shell out a ton of money, or any, in order to protect yourself from malware, but you do need to have something that is reliable and updated regularly. 


They Are Listening and Watching Everything

A record number of people have been shopping online this holiday season. The holidays are a time when people increasingly communicate with family and friends with always-connected devices. NPR has published a recent article referencing Mozilla’s “Privacy Not Included” guide, which reviews Internet-connected products based on the privacy features they provide. We recommend you read the article and check out the guide before you buy that newest must-have gift for friends and family.


Stay Safe Online: Use a VPN

We continue to make rapid advances in technology and we are spending more and more of our time online performing tasks that used to chain us to our computers at home. While we experience the freedom and increased productivity this brings, we need to be aware that we are increasingly exposing ourselves to possible attack over the internet.  With much more powerful cell phones than even a decade ago, it’s become commonplace for most of us to bank and pay bills online, communicate with family, check our email, read news, and frequent social media sites.

It used to be that you only had to worry about security on your home network, but those times are long gone.  Before we had faster cellular data speeds like 3G and 4G, users had to rely on public Wi-Fi.  It used to be you’d have to go to a coffee shop or a hotel to find reliable(ish) Wi-Fi, but now you can hop on at most restaurants, retail stores, and even some outdoor public places. Most people don’t question connecting to these networks and don’t think about the digital trail they leave behind.  Since we are doing so much more of our business––both personal and personal––on the go, how do we secure ourselves from malicious actors?

One of the easiest ways to enhance our personal network security, short of not jumping on public Wi-Fi at all, is to use a virtual private network, or VPN.  Think of a VPN like a tunnel on the information superhighway, to use an old term.  Using a VPN puts your data inside that tunnel so that nobody can see it, with the possible exception of the VPN provider (often your data is encrypted from the VPN provider as well).  If, for example, you’re on a public network and someone was able to hijack the network and see all of the traffic, your activity would not be seen by the hacker because everything you send and receive through a VPN is in an encrypted tunnel.  

Many online banking services and other activities of a more sensitive nature use HTTPS security on their sites which does encrypt activity between you and the website, but a hacker could still monitor what sites you are visiting even if they couldn’t see what data you are transmitting.  More websites are using HTTPS, but it’s still a good idea to use a VPN in addition to secure browsing.  A VPN hides and encrypts all network data traffic, not just web browsing.  

There are free options when choosing a VPN, but you want to make sure the app you use is from a company you trust.  Paid VPN apps exist as well; one app that is particularly easy to set up and use is Encrypt.me, formerly Cloak VPN.  Setup is fairly straightforward, you can use it on multiple devices (e.g., phones, desktops, laptops, etc.) with one subscription, and you can set the app up to automatically connect to untrusted networks and add any trusted networks like your home network or a friend’s house, for example, to a list of networks that the app can ignore.  The app has different tiers and pricing depending on your needs; you can even purchase a week or month long pass for trips.

No matter which VPN you choose (there are many!), make sure that you do your homework and read many reviews until you know you can trust the provider and that the app is easy for you to use. You can almost always try the app out for a trial period to see how you like it and see if it suits your needs. 

Security is a four letter word

I like to think of myself as pretty up to speed when it comes to online security.  I use a VPN, don’t conduct any banking or other sensitive transactions on public wi-fi, use two-factor authentication whenever I can and I use a password manager.  In spite of all the precautions I take, my information is still vulnerable.  Why?  Because companies sometimes don’t do a very good job of securing users’ data.  

I found this out firsthand last week.  I am a casual gamer (mostly console), and I received an email from a gaming company I have an account with stating that my account had been temporarily locked due to too many unsuccessful login attempts.  I immediately start doing a mental inventory in my head: what, if any, banking accounts I have connected to my login (none, yay!); was the company recently a victim of hacking (yes, ugh); was my password compromised (no, just email addresses according to a report in March); should I look at any other of my 100+ accounts (probably not, since this seems to be a targeted hack at the company).  

After a brief minute or so of reflection on the frailty of man’s existence in this cold, cold world, I decided that I need to log in once my account was unlocked, change my password, and enable two-factor authentication on the account, a feature that I was unaware they had until recently.

After doing some house cleaning, I was good to go.  

So, what lessons can the not-as-paranoid learn from this?  As a consumer of the Internet, you need to assume that you will get hacked sometime in the future.  Count on it.  Once you start from that perspective, there are a few key things you want to do, and these are by no means all inclusive:

 

  1. Enable two-factor authentication on any account you can.  Google, Apple, Facebook, and others provide this as an added security feature.  With it, a hacker must have access to your computer, phone, secondary email address, or authenticator app in order to login to your accounts.  Using email and a password isn’t enough. 
  2. Use strong passwords, change them regularly, and don’t use the same passwords for multiple accounts.  PLEASE don’t use any permutation of “password”, 12345, ilikesportz, nothingcompares2.  Use alphanumeric passwords that have a combination of uppercase and lowercase letters, numbers, and a special character.  Keep in mind that not all sites have stringent password requirements, so you need to assume responsibility for your password’s security.  Using a password manager like 1Password is an excellent way to create and store unique passwords (Remember my 100+ accounts? I use 1Password to help me remember all of those lovely strings of gibberish that I call my passwords).
  3. Refrain from using actual personal information in your secret questions.  Hackers often will try to scrub social media accounts to obtain this kind of information.  The less truthful your answers, the better.   I tend to use nonsense answers like “Chalupa” when asked “What’s the middle name of your first child?” or “Burkina Faso” when asked “What is your mother’s maiden name?”.  Nobody is going to guess that.  Again, a reputable password manager is a great way to keep notes on these kinds of things.

Security online is becoming more and more important as we give companies increasing access to our data.  Don’t assume that companies are keeping your usernames and passwords safe; security is a moving target and companies are often unwilling to spend what is necessary to be proactive.  Taking a few extra minutes to better secure your information will save you a lot of headaches in the future.