Posts

5 New Year’s Resolutions That Will Improve Your Digital Security

Happy New Year! For many of us, the start of a new year is an opportunity to reflect on fresh habits we’d like to adopt. Although we certainly support any resolutions you may have made to get enough sleep, eat healthy, and exercise, could we suggest a few more that will improve your digital security?

Keep Your Devices Updated

One of the most important things you can do to protect your security is to install new operating system updates and security updates soon after Apple releases them. Although the details seldom make the news because they’re both highly specific and highly technical, you can get a sense of how important security updates are by the fact that a typical update addresses 20–40 vulnerabilities that Apple or outside researchers have identified.

It’s usually a good idea to wait a week or so after an update appears before installing it, on the off chance that it has undesirable side effects. Although such problems are uncommon, when they do happen, Apple pulls the update quickly, fixes it, and releases it again, usually within a few days.

Use a Password Manager

We’ve been banging this drum for years. If you’re still typing passwords in by hand, or copying and pasting from a list you keep in a file, please switch to a password manager like 1Password or LastPass. Even Apple’s built-in iCloud Keychain is better than nothing. A password manager has five huge benefits:

  • It generates strong passwords for you. Password1234 can be hacked in seconds.
  • It stores your passwords securely. An Excel file on your Desktop is a recipe for disaster.
  • It enters passwords for you. Wouldn’t that be easier than typing them in manually?
  • It audits existing accounts. How many of your accounts use the same password?
  • It lets you access passwords on all your devices. Finally, easy login on your iPhone!

A bonus benefit for families is password sharing. It allows, for example, a married couple to share essential passwords or for parents and teens to share certain passwords.

In short, using a password manager is more secure, faster, easier, and just all-around better. If you need help getting started, get in touch.

Beware of Phishing Email

Individuals and businesses alike frequently suffer from security lapses caused by phishing, forged email that fools someone into revealing login credentials, credit card numbers, or other sensitive information. Although spam filters can catch many phishing attempts, it’s up to you to be on your guard at all times. Here’s what to watch for:

  • Any email that tries to get you to reveal information, follow a link, or sign a document
  • Messages from people you don’t know, asking you to take an unusual action
  • Direct email from a large company for whom you’re an anonymous customer
  • Forged email from a trusted source asking for sensitive information
  • All messages that contain numerous spelling and grammar mistakes

When in doubt, don’t follow the link or reply to the email. Instead, contact the sender in some other way to see if the message is legit.

Avoid Sketchy Websites

We won’t belabor this one, but suffice it to say that you’re much more likely to pick up malware from sites on the fringes of the Web or that cater to the vices of society. To the extent that you can avoid sites that provide pirated software, “adult” content, gambling opportunities, or sales of illicit substances, the safer you’ll be. That’s not to say that reputable sites haven’t been hacked and used to distribute malware too, but it’s far less common.

If you are concerned after spending time in the darker corners of the Web, download a free copy of Malwarebytes or DetectX Swift and scan for malware manually.

Never Respond to Unsolicited Calls or Texts

Although phishing happens mostly via email, scammers have also taken to using phone calls and texts. Thanks to weaknesses in the telephone system, such calls and texts can appear to come from well-known companies, including Apple and Amazon. Even worse, with so much online ordering happening, fake text messages pretending to help you track packages are becoming more common.

For phone calls from companies, unless you’re expecting a call back from a support ticket you opened, don’t answer. Let the call go to voicemail, and if you feel it’s important to respond, look up the company’s phone number elsewhere, and talk with someone at that number rather than one provided by the voicemail.

For texts, avoid following links unless you recognize the sender and it makes sense that you’d be receiving such a link. (For instance, Apple can text delivery details related to your orders.) Regardless, never enter login information at a site you’ve reached by following a link because there’s no way to know if it’s real. Instead, if you want to learn more, navigate manually to the company’s site by entering its URL yourself, then log in.

Let’s raise a glass to staying safe online in 2021!

(Featured image based on originals from Tim Mossholder and Jude Beck on Unsplash)


Social Media: Have a safer 2021 with New Year’s resolutions that will help you secure your devices, avoid email and text scams, and stay safe from malware, as well as benefit from the security and ease-of-use of password managers, which can even fill in passwords for iPhone apps.

Flash Is Dead—Uninstall Flash Player to Keep Your Mac Secure

In July 2017, Adobe announced that it would stop distributing and updating Flash Player on December 31st, 2020. Web standards like HTML5 provide a viable alternative to Flash content, and organizations that relied on Flash have had three years to replace it. Because Adobe will no longer be addressing security vulnerabilities in Flash with updates, Flash Player now prompts users to uninstall. We strongly recommend doing so—just click the Uninstall button if you get this alert. If you don’t, a Flash Player Install Manager app in your Utilities folder should be able to remove Flash Player as well. Adobe also provides instructions to uninstall manually.

(Featured image based on an original by Gary Meulemans on Unsplash)

Preparing Your Organization for a Possible COVID-19 Quarantine

As of this writing, the respiratory disease COVID-19 has caused nearly 3000 deaths and infected over 80,000 people worldwide. There are relatively few cases in North America currently, but that could increase significantly. For high-quality information about COVID-19, turn to the World Health Organization and the US Centers for Disease Control and Prevention.

For now, the Centers for Disease Control are recommending sensible precautions. They include regular hand washing or using alcohol-based hand sanitizer, covering coughs and sneezes (with your elbow), and staying home and avoiding public spaces if you’re feeling unwell. (These are smart things to do during flu season anyway, given that 10,000 people in the US have died of influenza already this season.)

What if local health officials were to declare a quarantine? Without lapsing into doomsday scenarios, it is always reasonable to make sure that you are personally ready for a natural disaster or other emergency. The Prepared has a detailed guide to help you prepare for a COVID-19 scare or quarantine.

We want to focus on how organizations—either those you run or work for—might prepare for a public health scare or possible quarantine, particularly in the context of your technology use. Here are our thoughts, and contact us if you want help with your preparedness plans.

Infection Prevention

If your organization has numerous employees or serves the public, put some thought into how you can reduce the chance of infection. That might include providing hand sanitizer dispensers, wiping down frequently touched surfaces with household cleaners, and a more frequent cleaning schedule for restrooms.

For an Apple-specific tip, try using or encouraging the use of Apple Pay to reduce the need to touch credit card terminals!

Also, it’s best to avoid shaking hands with customers and colleagues. Perhaps the Japanese custom of bowing will gain traction elsewhere in the world.

Internal Communications

In the event that public health officials discourage people from gathering, think about how your company will communicate internally with people working from home. Many organizations allow such flexibility now anyway, so it’s likely that yours has at least informal communication channels via phone and email, and chat systems like Slack.

Consider formalizing those channels if need be, and if your directory service doesn’t already contain this information, publish a list of phone numbers and email addresses so everyone can contact co-workers easily. If your organization relies on IP telephony, make sure everyone understands how to use softphones or can configure an office phone at home. If you have a switchboard, investigate how it can be operated remotely.

If your organization’s email system is usually available only from computers owned by the organization, make sure webmail access is enabled and that everyone understands how to access it. Similarly, it’s worth making sure everyone has email access from their phones.

Chat systems like Slack or Microsoft Teams can be effective ways for far-flung groups to communicate because they provide real-time communication segregated into topic- or group-specific channels. If you’re not already using such a system and would like to investigate adding it to your communications strategy, contact us for advice.

Remote Access to Organizational Services

For connectivity to office-based file servers and other systems, make sure everyone has access to your VPN and knows how to use it. (Don’t have a VPN, or virtual private network? Again, call us—a VPN is an essential way to provide remote access while ensuring security.)

Are there any specialized servers or services, such as an accounting system, that have security safeguards related to specific access points? Think about what additional access may need to be provided for an employee working from home.

Physical Environment

If most or all employees are working from home, what does that mean for your office? Do physical security systems or climate settings need to be adjusted? Do you want to set up video cameras or other remote monitoring hardware? Who’s going to water the plants? On a more serious note, if you have on-premises servers, make sure they can be administered entirely remotely, including power cycling.

It’s also worth determining who will have responsibility for the office in the event of problems, which could still occur even if no one is there. What if a water pipe in the building breaks, or there’s a burglary? Make sure it’s clear who will respond.

Business Functions

Think about the regularly scheduled aspects of running the business, with an eye toward those that might assume the presence of certain people. Can they run payroll, accounts receivable, and accounts payable remotely? Make sure that every key position has at least one backup, so if one person falls ill, the organization’s ability to function won’t be compromised.

If international travel is a significant part of your organization’s mission, you’re already figuring out how to compensate through videoconferencing and similar technologies. But if you regularly travel only within the country or your area, think about which trips are essential and which can be replaced using online conferencing tools.

Finally, consider how your clients and customers will react to the situation. It’s unfortunately likely that there will be less work taking place, so you may see decreased revenues, but certain organizations may see an increased workload. For instance, if the number of patients in hospitals skyrockets, those who support healthcare systems may struggle under the load alongside the doctors and nurses.

We certainly hope that all these preparations prove unnecessary, but they’re worthwhile regardless. Too many businesses have failed after a fire, hurricane, or earthquake renders an office uninhabitable, and such natural disasters are all too common. As the Boy Scout motto says, “Be prepared.”

(Featured image based on an original by Gerd Altmann from Pixabay)


Social Media: How would your organization react to a COVID-19 scare or quarantine? Here’s how you can use technology to respond to such an event.

Use Your Apple Watch to Unlock Your Mac, and Apps in Catalina

If you’ve resisted requiring a password on your Mac after it wakes up or comes out of the screen saver because it’s too much work to enter repeatedly, an Apple Watch can make authentication much easier. In previous versions of macOS, just wearing an unlocked Apple Watch is enough to enter your Mac’s password; in Catalina, the Apple Watch can also enter your password when prompted by apps. First, make sure your Apple Watch has a passcode (in Watch > Passcode), is on your wrist, and is unlocked. Then, in System Preferences > Security & Privacy > General, select “Use your Apple Watch to unlock apps and your Mac.” From then on, most of the time your Mac or an app wants your password, your Apple Watch will provide it automatically. (This feature requires that the Mac dates from mid-2013 or later, that all devices use the same iCloud account, and that the Apple ID uses two-factor authentication instead of two-step verification.)

(Featured image based on an original by Christin Hume on Unsplash)

Never Send Someone a Password in Mail or Messages: Do This Instead!

One of the big no-nos with passwords is sending them to other people as plain text in email or a text message conversation. You presumably trust your recipient with the password, but what if their email was hacked or phone stolen? Instead, always use a site like 1ty.me or One-Time Secret, which lets you turn a password into a Web link that can be opened only once. Send that link to the recipient, and when they get the password out, they can store it in a secure password manager like 1Password or LastPass.

(Featured image by Kristina Flour on Unsplash)

Here’s How to See Full URLs in Safari’s Smart Search Field

By default, Safari on the Mac hides full Web addresses—technically known as URLs—from you, showing just the site name in the Smart Search field at the top of the window. If you click in the field or press Command-L, the full URL appears, which is good for checking that you’re really where you think you should be and not on some dodgy site. It’s also useful if you need to copy just a portion of the URL to share or otherwise work with. To make that check easier, go to Safari > Preferences > Advanced and next to Smart Search Field, select “Show full website address.” Then you can verify that the URL looks right with a glance.

(Featured image by Matthew T Rader from Pexels)

Beware Microsoft Office 365 Phishing Attacks!

We’re seeing an uptick in email phishing attacks purporting to come from Microsoft about Office 365. They’re quite convincing messages that tell users that their credit card payment has failed, that an account needs renewing, or that a password needs to be confirmed. Needless to say, they’re all complete scams, and clicking a link in them takes you to a malicious Web page that will try to steal your password or credit card details. As we noted in “Gone Phishing: Five Signs That Identify Scam Email Messages,” large companies never send email asking you to click a link in order to log in to your account, update your credit card information, or the like. Hover over links to see where they go before clicking anything, and stay safe out there!

Look before You Leap with Safari’s Link Preview

When you follow a link in Safari, you generally don’t know where you’re going to end up. That’s fine most of the time, but what if you’re concerned that a site might be trying to trick you into going somewhere malicious? Safari provides an easy way to look at the URL under a link. On the Mac, choose View > Show Status Bar, hover your pointer over the link, and look at the bottom of the window. In iOS, touch and hold a link (don’t press for 3D Touch) until a popover appears, showing the link and giving you options for opening it. The most important thing to look at is the domain—us.norton.com in the screenshots. It should match where you think you’re going, or at least look reasonable. If the URL is dubious, don’t follow the link.

Ignore Unsolicited Calls and Texts from Apple and Other Tech Companies

We don’t want to belabor the point, but multinational tech companies like Apple, Facebook, and Google will never call or text you personally out of the blue. So if you get a call or text purporting to be from such a company, it’s 99.9% likely to be a scam, and you should ignore it regardless of whether the caller ID seems legitimate. If you’re still worried, look up the company’s tech support phone number separately—never respond directly to such a call or tap a link in a text—and discuss the situation with the support reps. Or contact us, and we’ll talk it through with you.

This Is Hands-Down the Easiest Way to Give Someone Your Wi-Fi Network Password

You know the drill—a friend comes to visit and wants to get on your Wi-Fi network. You’ve written the password down somewhere, but where? Even if you have it handy, it’s a pain for your friend to type in. Since macOS 10.13 High Sierra and iOS 11, Apple’s operating systems can make connecting a lot easier. Have your guest choose your network, and then put their device next to one of your devices that’s awake and connected to the Wi-Fi network. As long as you have a card in your Contacts app whose name matches your friend’s My Card in their Contacts, your device should ask if you want to share the Wi-Fi password with them. Just tap Share Password when prompted and you’re done!