Posts

Disable Unused Sharing Options on Your Mac If You’re Not Using Them

/in /by

Many security breaches—even high-profile ones—stem from simple oversight. There’s one spot in macOS that has long been particularly susceptible to such lapse: the Sharing pane of System Preferences. In it, you can enable a wide variety of sharing services, some of which could allow another user to access your Mac remotely. They all let you limit access to particular users, but passwords can be stolen, accounts can be compromised, and server software can have bugs. For safety’s sake, if you’re not actively using a sharing service, turn it off. The most important ones to disable when not in use are Screen Sharing, File Sharing, Remote Login, Remote Management, and Remote Apple Events. We also caution against leaving Printer Sharing and Internet Sharing on unnecessarily.

(Featured image by Morgane Perraud on Unsplash)

Intuit Has Stopped Updating the QuickBooks Online Mac App; Switch to a Web Browser

/in /by

If you’re using QuickBooks Online with the service’s Mac app to manage your business’s accounting, you may have seen a message like the one below announcing that Intuit has stopped updating the QuickBooks Online app. This doesn’t affect your QuickBooks Online account, which you can and should use via a Web browser at qbo.intuit.com now. Even if the QuickBooks Online Mac app continues to work, which it likely will for some time, we recommend that you delete it and switch entirely to a Web browser. It’s not safe to use an unsupported app for financial records because Intuit won’t be fixing any security vulnerabilities going forward.

(Featured image based on an original by RODNAE Productions from Pexels)

Don’t Store Confidential Files in Online File Sharing Services

/in /by

Given their integration into the Mac’s Finder, it can be easy to forget that online file sharing services like Dropbox, Google Drive, iCloud Drive, and Microsoft OneDrive can be accessed using a Web browser by anyone with your username and password. Obviously, you should always have strong, unique passwords, but to be safe, it’s best not to use services designed for public file sharing to store unencrypted files containing sensitive information like credit card numbers, Social Security numbers, passport scans, privileged legal documents, financial data, and so on. Keep such data secure on your Mac—outside of any synced folders—where accessing it requires physical access to the machine.

(Featured image based on an original by Kenaz Nepomuceno from Pexels)

When Asking about Phishing Email, Make Sure to Write Separately Too

/in /by

Sadly, email is not an entirely reliable communications medium, thanks to spam filters, addressing errors, and server failures. With certain types of email, it’s worth double-checking that a message was seen. One example of that we see is with reports of phishing email, which miscreants use to try to trick you into revealing passwords, credit card info, or other sensitive information. Phishing messages can be tricky to identify—that’s their goal. If you’re forwarding a possible phishing email to us or another trusted technical contact for evaluation, remember that spam filters often catch such messages, so they may go unseen. To work around this awkwardness, send a separate message saying you’ve forwarded what you think might be a phishing message so the recipient knows to check their Junk mailbox if need be. It’s helpful if you can include the Subject line of the suspect message.

(Featured image by Mikhail Nilov from Pexels)

What Are Those Orange and Green Dots in Your iPhone’s Status Bar?

/in /by

In iOS 14 and iPadOS 14, Apple added two new status indicators to the right side of the status bar at the top of the screen. They’re designed to give you feedback about what an app is doing. An orange dot indicates that an app is using the microphone, and a green dot means that an app is using the camera (and possibly the microphone as well). They’re subtle and shouldn’t be distracting, but if you ever notice them when you don’t think the camera or microphone should be in use, look for apps that might be using them in the background.

(Featured image by Bruno Massao from Pexels)

5 New Year’s Resolutions That Will Improve Your Digital Security

/in /by

Happy New Year! For many of us, the start of a new year is an opportunity to reflect on fresh habits we’d like to adopt. Although we certainly support any resolutions you may have made to get enough sleep, eat healthy, and exercise, could we suggest a few more that will improve your digital security?

Keep Your Devices Updated

One of the most important things you can do to protect your security is to install new operating system updates and security updates soon after Apple releases them. Although the details seldom make the news because they’re both highly specific and highly technical, you can get a sense of how important security updates are by the fact that a typical update addresses 20–40 vulnerabilities that Apple or outside researchers have identified.

It’s usually a good idea to wait a week or so after an update appears before installing it, on the off chance that it has undesirable side effects. Although such problems are uncommon, when they do happen, Apple pulls the update quickly, fixes it, and releases it again, usually within a few days.

Use a Password Manager

We’ve been banging this drum for years. If you’re still typing passwords in by hand, or copying and pasting from a list you keep in a file, please switch to a password manager like 1Password or LastPass. Even Apple’s built-in iCloud Keychain is better than nothing. A password manager has five huge benefits:

  • It generates strong passwords for you. Password1234 can be hacked in seconds.
  • It stores your passwords securely. An Excel file on your Desktop is a recipe for disaster.
  • It enters passwords for you. Wouldn’t that be easier than typing them in manually?
  • It audits existing accounts. How many of your accounts use the same password?
  • It lets you access passwords on all your devices. Finally, easy login on your iPhone!

A bonus benefit for families is password sharing. It allows, for example, a married couple to share essential passwords or for parents and teens to share certain passwords.

In short, using a password manager is more secure, faster, easier, and just all-around better. If you need help getting started, get in touch.

Beware of Phishing Email

Individuals and businesses alike frequently suffer from security lapses caused by phishing, forged email that fools someone into revealing login credentials, credit card numbers, or other sensitive information. Although spam filters can catch many phishing attempts, it’s up to you to be on your guard at all times. Here’s what to watch for:

  • Any email that tries to get you to reveal information, follow a link, or sign a document
  • Messages from people you don’t know, asking you to take an unusual action
  • Direct email from a large company for whom you’re an anonymous customer
  • Forged email from a trusted source asking for sensitive information
  • All messages that contain numerous spelling and grammar mistakes

When in doubt, don’t follow the link or reply to the email. Instead, contact the sender in some other way to see if the message is legit.

Avoid Sketchy Websites

We won’t belabor this one, but suffice it to say that you’re much more likely to pick up malware from sites on the fringes of the Web or that cater to the vices of society. To the extent that you can avoid sites that provide pirated software, “adult” content, gambling opportunities, or sales of illicit substances, the safer you’ll be. That’s not to say that reputable sites haven’t been hacked and used to distribute malware too, but it’s far less common.

If you are concerned after spending time in the darker corners of the Web, download a free copy of Malwarebytes or DetectX Swift and scan for malware manually.

Never Respond to Unsolicited Calls or Texts

Although phishing happens mostly via email, scammers have also taken to using phone calls and texts. Thanks to weaknesses in the telephone system, such calls and texts can appear to come from well-known companies, including Apple and Amazon. Even worse, with so much online ordering happening, fake text messages pretending to help you track packages are becoming more common.

For phone calls from companies, unless you’re expecting a call back from a support ticket you opened, don’t answer. Let the call go to voicemail, and if you feel it’s important to respond, look up the company’s phone number elsewhere, and talk with someone at that number rather than one provided by the voicemail.

For texts, avoid following links unless you recognize the sender and it makes sense that you’d be receiving such a link. (For instance, Apple can text delivery details related to your orders.) Regardless, never enter login information at a site you’ve reached by following a link because there’s no way to know if it’s real. Instead, if you want to learn more, navigate manually to the company’s site by entering its URL yourself, then log in.

Let’s raise a glass to staying safe online in 2021!

(Featured image based on originals from Tim Mossholder and Jude Beck on Unsplash)

Social Media: Have a safer 2021 with New Year’s resolutions that will help you secure your devices, avoid email and text scams, and stay safe from malware, as well as benefit from the security and ease-of-use of password managers, which can even fill in passwords for iPhone apps.

Flash Is Dead—Uninstall Flash Player to Keep Your Mac Secure

/in /by

In July 2017, Adobe announced that it would stop distributing and updating Flash Player on December 31st, 2020. Web standards like HTML5 provide a viable alternative to Flash content, and organizations that relied on Flash have had three years to replace it. Because Adobe will no longer be addressing security vulnerabilities in Flash with updates, Flash Player now prompts users to uninstall. We strongly recommend doing so—just click the Uninstall button if you get this alert. If you don’t, a Flash Player Install Manager app in your Utilities folder should be able to remove Flash Player as well. Adobe also provides instructions to uninstall manually.

(Featured image based on an original by Gary Meulemans on Unsplash)

Preparing Your Organization for a Possible COVID-19 Quarantine

/in /by

As of this writing, the respiratory disease COVID-19 has caused nearly 3000 deaths and infected over 80,000 people worldwide. There are relatively few cases in North America currently, but that could increase significantly. For high-quality information about COVID-19, turn to the World Health Organization and the US Centers for Disease Control and Prevention.

For now, the Centers for Disease Control are recommending sensible precautions. They include regular hand washing or using alcohol-based hand sanitizer, covering coughs and sneezes (with your elbow), and staying home and avoiding public spaces if you’re feeling unwell. (These are smart things to do during flu season anyway, given that 10,000 people in the US have died of influenza already this season.)

What if local health officials were to declare a quarantine? Without lapsing into doomsday scenarios, it is always reasonable to make sure that you are personally ready for a natural disaster or other emergency. The Prepared has a detailed guide to help you prepare for a COVID-19 scare or quarantine.

We want to focus on how organizations—either those you run or work for—might prepare for a public health scare or possible quarantine, particularly in the context of your technology use. Here are our thoughts, and contact us if you want help with your preparedness plans.

Infection Prevention

If your organization has numerous employees or serves the public, put some thought into how you can reduce the chance of infection. That might include providing hand sanitizer dispensers, wiping down frequently touched surfaces with household cleaners, and a more frequent cleaning schedule for restrooms.

For an Apple-specific tip, try using or encouraging the use of Apple Pay to reduce the need to touch credit card terminals!

Also, it’s best to avoid shaking hands with customers and colleagues. Perhaps the Japanese custom of bowing will gain traction elsewhere in the world.

Internal Communications

In the event that public health officials discourage people from gathering, think about how your company will communicate internally with people working from home. Many organizations allow such flexibility now anyway, so it’s likely that yours has at least informal communication channels via phone and email, and chat systems like Slack.

Consider formalizing those channels if need be, and if your directory service doesn’t already contain this information, publish a list of phone numbers and email addresses so everyone can contact co-workers easily. If your organization relies on IP telephony, make sure everyone understands how to use softphones or can configure an office phone at home. If you have a switchboard, investigate how it can be operated remotely.

If your organization’s email system is usually available only from computers owned by the organization, make sure webmail access is enabled and that everyone understands how to access it. Similarly, it’s worth making sure everyone has email access from their phones.

Chat systems like Slack or Microsoft Teams can be effective ways for far-flung groups to communicate because they provide real-time communication segregated into topic- or group-specific channels. If you’re not already using such a system and would like to investigate adding it to your communications strategy, contact us for advice.

Remote Access to Organizational Services

For connectivity to office-based file servers and other systems, make sure everyone has access to your VPN and knows how to use it. (Don’t have a VPN, or virtual private network? Again, call us—a VPN is an essential way to provide remote access while ensuring security.)

Are there any specialized servers or services, such as an accounting system, that have security safeguards related to specific access points? Think about what additional access may need to be provided for an employee working from home.

Physical Environment

If most or all employees are working from home, what does that mean for your office? Do physical security systems or climate settings need to be adjusted? Do you want to set up video cameras or other remote monitoring hardware? Who’s going to water the plants? On a more serious note, if you have on-premises servers, make sure they can be administered entirely remotely, including power cycling.

It’s also worth determining who will have responsibility for the office in the event of problems, which could still occur even if no one is there. What if a water pipe in the building breaks, or there’s a burglary? Make sure it’s clear who will respond.

Business Functions

Think about the regularly scheduled aspects of running the business, with an eye toward those that might assume the presence of certain people. Can they run payroll, accounts receivable, and accounts payable remotely? Make sure that every key position has at least one backup, so if one person falls ill, the organization’s ability to function won’t be compromised.

If international travel is a significant part of your organization’s mission, you’re already figuring out how to compensate through videoconferencing and similar technologies. But if you regularly travel only within the country or your area, think about which trips are essential and which can be replaced using online conferencing tools.

Finally, consider how your clients and customers will react to the situation. It’s unfortunately likely that there will be less work taking place, so you may see decreased revenues, but certain organizations may see an increased workload. For instance, if the number of patients in hospitals skyrockets, those who support healthcare systems may struggle under the load alongside the doctors and nurses.

We certainly hope that all these preparations prove unnecessary, but they’re worthwhile regardless. Too many businesses have failed after a fire, hurricane, or earthquake renders an office uninhabitable, and such natural disasters are all too common. As the Boy Scout motto says, “Be prepared.”

(Featured image based on an original by Gerd Altmann from Pixabay)

Social Media: How would your organization react to a COVID-19 scare or quarantine? Here’s how you can use technology to respond to such an event.

Use Your Apple Watch to Unlock Your Mac, and Apps in Catalina

/in /by

If you’ve resisted requiring a password on your Mac after it wakes up or comes out of the screen saver because it’s too much work to enter repeatedly, an Apple Watch can make authentication much easier. In previous versions of macOS, just wearing an unlocked Apple Watch is enough to enter your Mac’s password; in Catalina, the Apple Watch can also enter your password when prompted by apps. First, make sure your Apple Watch has a passcode (in Watch > Passcode), is on your wrist, and is unlocked. Then, in System Preferences > Security & Privacy > General, select “Use your Apple Watch to unlock apps and your Mac.” From then on, most of the time your Mac or an app wants your password, your Apple Watch will provide it automatically. (This feature requires that the Mac dates from mid-2013 or later, that all devices use the same iCloud account, and that the Apple ID uses two-factor authentication instead of two-step verification.)

(Featured image based on an original by Christin Hume on Unsplash)

Never Send Someone a Password in Mail or Messages: Do This Instead!

/in /by

One of the big no-nos with passwords is sending them to other people as plain text in email or a text message conversation. You presumably trust your recipient with the password, but what if their email was hacked or phone stolen? Instead, always use a site like 1ty.me or One-Time Secret, which lets you turn a password into a Web link that can be opened only once. Send that link to the recipient, and when they get the password out, they can store it in a secure password manager like 1Password or LastPass.

(Featured image by Kristina Flour on Unsplash)