Posts

Preparing Your Organization for a Possible COVID-19 Quarantine

/in /by

As of this writing, the respiratory disease COVID-19 has caused nearly 3000 deaths and infected over 80,000 people worldwide. There are relatively few cases in North America currently, but that could increase significantly. For high-quality information about COVID-19, turn to the World Health Organization and the US Centers for Disease Control and Prevention.

For now, the Centers for Disease Control are recommending sensible precautions. They include regular hand washing or using alcohol-based hand sanitizer, covering coughs and sneezes (with your elbow), and staying home and avoiding public spaces if you’re feeling unwell. (These are smart things to do during flu season anyway, given that 10,000 people in the US have died of influenza already this season.)

What if local health officials were to declare a quarantine? Without lapsing into doomsday scenarios, it is always reasonable to make sure that you are personally ready for a natural disaster or other emergency. The Prepared has a detailed guide to help you prepare for a COVID-19 scare or quarantine.

We want to focus on how organizations—either those you run or work for—might prepare for a public health scare or possible quarantine, particularly in the context of your technology use. Here are our thoughts, and contact us if you want help with your preparedness plans.

Infection Prevention

If your organization has numerous employees or serves the public, put some thought into how you can reduce the chance of infection. That might include providing hand sanitizer dispensers, wiping down frequently touched surfaces with household cleaners, and a more frequent cleaning schedule for restrooms.

For an Apple-specific tip, try using or encouraging the use of Apple Pay to reduce the need to touch credit card terminals!

Also, it’s best to avoid shaking hands with customers and colleagues. Perhaps the Japanese custom of bowing will gain traction elsewhere in the world.

Internal Communications

In the event that public health officials discourage people from gathering, think about how your company will communicate internally with people working from home. Many organizations allow such flexibility now anyway, so it’s likely that yours has at least informal communication channels via phone and email, and chat systems like Slack.

Consider formalizing those channels if need be, and if your directory service doesn’t already contain this information, publish a list of phone numbers and email addresses so everyone can contact co-workers easily. If your organization relies on IP telephony, make sure everyone understands how to use softphones or can configure an office phone at home. If you have a switchboard, investigate how it can be operated remotely.

If your organization’s email system is usually available only from computers owned by the organization, make sure webmail access is enabled and that everyone understands how to access it. Similarly, it’s worth making sure everyone has email access from their phones.

Chat systems like Slack or Microsoft Teams can be effective ways for far-flung groups to communicate because they provide real-time communication segregated into topic- or group-specific channels. If you’re not already using such a system and would like to investigate adding it to your communications strategy, contact us for advice.

Remote Access to Organizational Services

For connectivity to office-based file servers and other systems, make sure everyone has access to your VPN and knows how to use it. (Don’t have a VPN, or virtual private network? Again, call us—a VPN is an essential way to provide remote access while ensuring security.)

Are there any specialized servers or services, such as an accounting system, that have security safeguards related to specific access points? Think about what additional access may need to be provided for an employee working from home.

Physical Environment

If most or all employees are working from home, what does that mean for your office? Do physical security systems or climate settings need to be adjusted? Do you want to set up video cameras or other remote monitoring hardware? Who’s going to water the plants? On a more serious note, if you have on-premises servers, make sure they can be administered entirely remotely, including power cycling.

It’s also worth determining who will have responsibility for the office in the event of problems, which could still occur even if no one is there. What if a water pipe in the building breaks, or there’s a burglary? Make sure it’s clear who will respond.

Business Functions

Think about the regularly scheduled aspects of running the business, with an eye toward those that might assume the presence of certain people. Can they run payroll, accounts receivable, and accounts payable remotely? Make sure that every key position has at least one backup, so if one person falls ill, the organization’s ability to function won’t be compromised.

If international travel is a significant part of your organization’s mission, you’re already figuring out how to compensate through videoconferencing and similar technologies. But if you regularly travel only within the country or your area, think about which trips are essential and which can be replaced using online conferencing tools.

Finally, consider how your clients and customers will react to the situation. It’s unfortunately likely that there will be less work taking place, so you may see decreased revenues, but certain organizations may see an increased workload. For instance, if the number of patients in hospitals skyrockets, those who support healthcare systems may struggle under the load alongside the doctors and nurses.

We certainly hope that all these preparations prove unnecessary, but they’re worthwhile regardless. Too many businesses have failed after a fire, hurricane, or earthquake renders an office uninhabitable, and such natural disasters are all too common. As the Boy Scout motto says, “Be prepared.”

(Featured image based on an original by Gerd Altmann from Pixabay)

Social Media: How would your organization react to a COVID-19 scare or quarantine? Here’s how you can use technology to respond to such an event.

Use Your Apple Watch to Unlock Your Mac, and Apps in Catalina

/in /by

If you’ve resisted requiring a password on your Mac after it wakes up or comes out of the screen saver because it’s too much work to enter repeatedly, an Apple Watch can make authentication much easier. In previous versions of macOS, just wearing an unlocked Apple Watch is enough to enter your Mac’s password; in Catalina, the Apple Watch can also enter your password when prompted by apps. First, make sure your Apple Watch has a passcode (in Watch > Passcode), is on your wrist, and is unlocked. Then, in System Preferences > Security & Privacy > General, select “Use your Apple Watch to unlock apps and your Mac.” From then on, most of the time your Mac or an app wants your password, your Apple Watch will provide it automatically. (This feature requires that the Mac dates from mid-2013 or later, that all devices use the same iCloud account, and that the Apple ID uses two-factor authentication instead of two-step verification.)

(Featured image based on an original by Christin Hume on Unsplash)

Never Send Someone a Password in Mail or Messages: Do This Instead!

/in /by

One of the big no-nos with passwords is sending them to other people as plain text in email or a text message conversation. You presumably trust your recipient with the password, but what if their email was hacked or phone stolen? Instead, always use a site like 1ty.me or One-Time Secret, which lets you turn a password into a Web link that can be opened only once. Send that link to the recipient, and when they get the password out, they can store it in a secure password manager like 1Password or LastPass.

(Featured image by Kristina Flour on Unsplash)

Here’s How to See Full URLs in Safari’s Smart Search Field

/in /by

By default, Safari on the Mac hides full Web addresses—technically known as URLs—from you, showing just the site name in the Smart Search field at the top of the window. If you click in the field or press Command-L, the full URL appears, which is good for checking that you’re really where you think you should be and not on some dodgy site. It’s also useful if you need to copy just a portion of the URL to share or otherwise work with. To make that check easier, go to Safari > Preferences > Advanced and next to Smart Search Field, select “Show full website address.” Then you can verify that the URL looks right with a glance.

(Featured image by Matthew T Rader from Pexels)

Beware Microsoft Office 365 Phishing Attacks!

/in /by

We’re seeing an uptick in email phishing attacks purporting to come from Microsoft about Office 365. They’re quite convincing messages that tell users that their credit card payment has failed, that an account needs renewing, or that a password needs to be confirmed. Needless to say, they’re all complete scams, and clicking a link in them takes you to a malicious Web page that will try to steal your password or credit card details. As we noted in “Gone Phishing: Five Signs That Identify Scam Email Messages,” large companies never send email asking you to click a link in order to log in to your account, update your credit card information, or the like. Hover over links to see where they go before clicking anything, and stay safe out there!

Look before You Leap with Safari’s Link Preview

/in /by

When you follow a link in Safari, you generally don’t know where you’re going to end up. That’s fine most of the time, but what if you’re concerned that a site might be trying to trick you into going somewhere malicious? Safari provides an easy way to look at the URL under a link. On the Mac, choose View > Show Status Bar, hover your pointer over the link, and look at the bottom of the window. In iOS, touch and hold a link (don’t press for 3D Touch) until a popover appears, showing the link and giving you options for opening it. The most important thing to look at is the domain—us.norton.com in the screenshots. It should match where you think you’re going, or at least look reasonable. If the URL is dubious, don’t follow the link.

Ignore Unsolicited Calls and Texts from Apple and Other Tech Companies

/in /by

We don’t want to belabor the point, but multinational tech companies like Apple, Facebook, and Google will never call or text you personally out of the blue. So if you get a call or text purporting to be from such a company, it’s 99.9% likely to be a scam, and you should ignore it regardless of whether the caller ID seems legitimate. If you’re still worried, look up the company’s tech support phone number separately—never respond directly to such a call or tap a link in a text—and discuss the situation with the support reps. Or contact us, and we’ll talk it through with you.

This Is Hands-Down the Easiest Way to Give Someone Your Wi-Fi Network Password

/in /by

You know the drill—a friend comes to visit and wants to get on your Wi-Fi network. You’ve written the password down somewhere, but where? Even if you have it handy, it’s a pain for your friend to type in. Since macOS 10.13 High Sierra and iOS 11, Apple’s operating systems can make connecting a lot easier. Have your guest choose your network, and then put their device next to one of your devices that’s awake and connected to the Wi-Fi network. As long as you have a card in your Contacts app whose name matches your friend’s My Card in their Contacts, your device should ask if you want to share the Wi-Fi password with them. Just tap Share Password when prompted and you’re done!

Did You Know iOS 12 Lets You Add a Second Person to Face ID?

/in /by

Touch ID lets users register up to five fingers that can unlock an iPhone, which has long been a boon for those who share access to their iPhone with trusted family members. However, users of the iPhone X haven’t been able to give a second person Face ID-based access, forcing those people to wait for Face ID to fail and then tap in a passcode manually. iOS 12 lifts that limitation, allowing a second person to register their face with Face ID on the iPhone X and the new iPhone XR, XS, and XS Max. To set this up, go to Settings > Face ID & Passcode. Enter your passcode and tap Set Up an Alternate Appearance. Then give your iPhone to the person who should have access and have them follow the simple setup directions.

Have Your Online Passwords Been Stolen? Here’s How to Find Out.

/in /by

Data breaches have become commonplace, with online thieves constantly breaking into corporate and government servers and making off with millions—or even hundreds of millions!—of email addresses, often along with other personal information like names, physical address, and passwords.

It would be nice to think that all companies properly encrypt their password databases, but the sad reality is that many have poor data security practices. As a result, passwords gathered in a breach are often easily cracked, enabling the bad guys to log in to your accounts. That may not seem like a big deal—who cares if someone reads the local newspaper under your name? But since many people reuse passwords across multiple sites, once one password associated with an email address is known, attackers use automated software to test that combination against many other sites.

This is why we keep beating the drum for password managers like 1Password and LastPass. They make it easy to create and enter a different random password for every Web site, which protects you in two ways.

  • Because password managers can create passwords of any length, you don’t have to rely on short passwords that you can remember and type easily. The longer the password, the harder it is to crack. A password of 16–20 characters is generally considered safe; never use anything shorter than 13 characters.
  • Even if one of your passwords was compromised, having a different password for every site ensures that the attackers can’t break into any of your other accounts.

But password security hasn’t always been a big deal on the Internet, and many people reused passwords regularly in the past. Wouldn’t it be nice to know if any of your information was included in a data breach, so you’d know which passwords to change?

A free service called Have I Been Pwned does just this (“pwned” is hacker-speak for “owned” or “dominated by”—it rhymes with “owned”). Run by Troy Hunt, Have I Been Pwned gathers the email addresses associated with data breaches and lets you search to see if your address was stolen in any of the archived data breaches. Even better, you can subscribe to have the service notify you if your address shows up in any future breaches.

Needless to say, you’ll want to change your password on any site that has suffered a data breach, and if you reused that password on any other sites, give them new, unique passwords as well. That may seem like a daunting task, and we won’t pretend that it isn’t a fair amount of work, but both 1Password and LastPass offer features to help.

In 1Password, look in the sidebar for Watchtower, which provides several lists, including accounts where the password may have been compromised in a known breach, passwords that are known to have been compromised, passwords that you reused across sites, and weak passwords.

LastPass provide essentially the same information through its Security Challenge and rates your overall security in comparison with other LastPass users. It suggests a series of steps for improving your passwords; the only problem is that you need to restart the Security Challenge if you don’t have time to fix all the passwords at once.

Regardless of which password manager you use, take some time to check for and update compromised, vulnerable, and weak passwords. Start with more important sites, and, as time permits, move on to accounts that don’t contain confidential information.

Social Media: Have any of your online passwords been stolen in a breach? The answer is probably “yes,” and today’s article helps you discover and correct your most problematic passwords.