≡ Menu

Checklist for Coffee Shop Computing

With all the news of the data breaches it is no surprise people are concerned with security when connecting their smart phones, tablets and laptops to the internet. However, most folks don’t think twice about connecting to free wi-fi wherever they go. This is a very risky situation and there are defensive actions and precautions to take.

Computer Updates, Security and Network Configurations

This is Tech 101 – always keep your Mac and Windows machines  and phones and tablets updated. This is imperative in today’s hacker environment. Here is a summary checklist for keeping your machine safe:

1. Run the updates for your Operating System. Microsoft and Apple provide tools to do this. Use the automatic update features or manually run the updates; either way, keep on top of it.

2. Disable “File and Printer Sharing” in Windows. Browse to https://support.microsoft.com and search for the solution

For MACs you can control sharing and the firewall. Details are here: https://support.apple.com/en-us/HT201642

3. Security Software

Be sure and run anti-virus software and keep it updated. There is a large selection on the market including many free options. Do your research and pick one and install at once if you don’t already have it.

4. Network Security

When connecting to public Wi-Fi networks use a VPN client. VPN or Virtual Private Network, is an encrypted connection to Internet. This is the only way to safely connect and a necessity in today’s environment. Do not skip this step, do your research, pick a company and get it installed.

A word on the difference and “S” makes

You may or not have notices the little “s” after the http prefix on the URL’s your are connecting to. That little “s” means a secure socket is connecting you and is a minimum requirement for securely connecting to websites. Always use “https:\\” before the address.

5. General Tips

Don’t do financial transactions over public Wi-Fi. This is a risky environment and you don’t want to take chances with your personal financial data.

Use strong passwords for all your logins. My previous article at …. Has a good overview of password best-practices.

Don’t forget to physically secure your laptop. Don’t leave it unattended even for a moment.

In our next article we will look at the “Cloud” and some best practices to protect your data while making it accessible from anywhere on any device. Until then, stay safe our there.

{ 0 comments }

Death and Taxes and Passwords…Oh My!

With so many digital assets in our lives  these days it takes a wake-up call to realize how critical online accounts are AFTER we die. Everyone knows the famous two things that are certain in life – Death and Taxes. Recently in a church class, appropriately named “Set Your House In Order” a good friend brought in a Wall Street Journal article  “What a Tangled Web We Leave”  about the trials and tribulations for loved ones after a spouse’s unexpected death. Not having the  passwords to email, social media and financial accounts can be extremely frustrating. Make sure your survivors have the information needed to log on to all your accounts, especially at this very challenging time. In this next example someone got advanced notice and instructions BEFORE they died.
In those days Hezekiah became mortally ill. And Isaiah…came to him and said to him, “Thus says the LORD, ‘Set your house in order, for you shall die and not live.'” Isaiah 38:1 NASB
We usually do not get advanced notice that we shall die at any appointed time.  Most people don’t want to think of their mortality and put off getting their documents in order BEFORE they die. There are many sources on what documents are needed for your estate and one of the best summaries I have read is  “25 Documents You Need Before You Die“.

What about the Passwords?

Recent events in the lives of friends and family and business associates  have taught me that a big part of setting your house in order is manage your passwords. Yes, passwords. This often annoying but absolutely necessary  part of modern life can escalate to critical levels quickly after the death of a loved one.  Making password management a part of your end-of-life plan can be one of the most thoughtful things you do for your survivors. A word of caution – do not list user names and passwords in your will. After probate, the will becomes accessible to the public. Even if the estate does not go through probate the law requires that the will be filed.

Passwords – Making Them More Secure

In an earlier article, I wrote about ways to create and manage strong passwords. There are manual and automated ways to create passwords. For the security required today, I recommend using automated passwords with a mix of letters, numbers and special characters. To protect online accounts from hackers passwords must  be 14-15 characters long. If you need the reasons for that, just Google “Brute Force Password Cracker”. If you use simple passwords, especially words in the dictionary,  hackers can crack them in a matter of  seconds.  WordPress Security Expert Regina Smola has lots of great information on passwords and Internet security. This article from WPSecurityLock.com has solid advice on managing your passwords.

Passwords – In a Mobile World

Now that you are convinced you need strong passwords, you will need a management tool to keep track of them.  The days of keeping a few passwords on sticky notes on your monitor or under the keyboard are over. Why is that? The mobile device explosion has changed everything we knew about accessing online resources. If you need to log on to the bank from your smart phone, the stickies at home won’t help. So, what is the answer?

Password Managers – Which one do I use?

I have learned that it is impossible to keep up with passwords on paper. At current count, I have 107 passwords to various accounts online!  You might think that is absurd, but take an inventory of our own and good luck finding all the sticky notes! You will be surprised. The logical conclusion is: You need a web-based system (in the Cloud)  to manage your passwords. But you may say “I use the same password for everything”. Ouch! I once did that too, until I got hacked.  Don’t do that anymore! Decide to change your evil ways and use a Password Manager.

My two recommendations for password managers are Roboform and Lastpass. I realize there are many other contenders available, free and otherwise, but these two have risen to the top as the best. A common element of both these is there is only one password to remember… the master password. Choose wisely and keep the master password safe. You can’t get in without it!

Roboform
Roboform has been around for years and has been the password manager of choice for many folks. There is a “free” version but you will need the paid version to cover your needs. The paid versions with a Roboform Everywhere account will enable you to synchronize all your passwords on all your devices. With mobile devices, the “everywhere” option is a must-have.  Roboform costs around $30 per year and has a long track record and lots of users. The”Everywhere” option is a subscription based charge that runs $10-20 per year. Roboform is feature-rich and still one of the best password management programs available.

 

Lastpass
Recently, Lastpass has risen to the top challenging the long-time champion, Roboform. Lastpass is available free but I recommend the premium version that costs a whopping $1.00 per month. The advantages to the premium version are will worth $12 a year and comes as a better value of the two. If you don’t have an existing manager for your passwords, download Lastpass and get started. If you have Roboform and are satisfied with it, stay with it. Whatever you do, don’t continue to be negligent about getting your passwords in order.

 

Final Thoughts
Before you die, be sure and share the “keys to the kingdom”, that master password, with only your trusted family members, especially the executor of your estate. Be sure they know how to use the Password Manager and test the process. There are plenty of things for your survivors to deal with after your death. Don’t make the lack of passwords an additional burden. Set your house in order.
If you have comments and suggestions on password management, please share. What password manager are you using?
Have you included your “digital after-life” information in your estate plans?

 

{ 0 comments }

Thinking About Risk
As many bloggers have found out in recent times, the ease and joy of setting up a WordPress self-hosted blog can turn sour quickly. Reality strikes in many forms – hackers, hosting service issues, getting blocked by Google and countless other risks.

In the off-line world natural disasters, fire and flood can also put you out of business if you have data hosted on computers and servers in high-risk areas.

Are you running a business or is this a hobby?
If you are treating your sites as a business and a source of revenue, it makes sense to apply sound business continuity practices to protect you and your visitors. You should have a Business Continuity Plan and Disaster Recovery Plan.

What Is A Business Continuity Plan?
According to Wikipedia, a BCP (Business Continuity Plan) is “…the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption”.

Let me translate: You must have a plan to recover from natural or man-made interruptions to your business. If you don’t, you are risking everything you have invested in your on-line business. So, what are the parts of a Business Continuity Plan?

For a large business with buildings and people working onsite, a BCP is fairly complex. The scope here is to focus on the small to medium on-line business primarily running in a virtual structure in cyberspace.

Here are some key points for building your plan:

Assess Risks and Take Action
Take the time to go over the things that could happen to your site. The focus here is the virtual world where your data is hosted but don’t neglect to evaluate your physical office, too. Once you have your list of risks, investigate options to mitigate those risks.
Risk – your hosting service is hacked either due to weak server security or outdated code. Be sure and have your part under control by keeping all code up-to-date. If your hosting service is a problem, you will need to consider moving your sites.
Other risks range from a crashed drive on your laptop to someone stealing your WP-admin user and password information. These and many other risks need to be accounted for and plans made to recover.

Backups – Your First Line of Defense
My friends at WPSecurityLock put it “We have backups of our backups!”. In the business world, data is a key asset and has to be protected. Get your backup strategy in place. At minimum back up locally as well as remotely. Windows has a backup utility built in. Use it! I also recommend an online service to keep your data safe. More articles on this crucial subject are in the pipeline. Stay tuned for more information.

Who has a Business Continuity plan in place? For extra credit…Who has tested their plan?

{ 0 comments }
Internet Change Your Password Day

This is NOT the way to manage your passwords!

 

“Internet Change Your Password Day”

This new annual event has been created by Internet Tech Guy to remind you to change your passwords on a regular basis.

Start with these tips and take action to celebrate Internet Change Your Password Day!

 

  • Make your passwords at least 14 characters…really!
  • Make your passwords a mix of letters, numbers and special characters.
  • Make your passwords unique to each account – don’t use the same password over and over.
  • Manage your passwords in a secure way – sticky notes under your keyboard will not suffice.
  • For more ideas on password management, see my earlier post below.

              What is YOUR password management system? I like Roboform – how about you?

{ 0 comments }

Thanks For Paying Attention!

We would like to send out a big thanks to everyone that participated in National Cyber Security Awareness Month!

I hope everyone will be more alert and PAY ATTENTION while on line.

‘Tis the Season!

The holiday season is coming upon us quickly and the retailers aren’t the only ones looking forward to sales and profits. The bad guys will seek ways to take advantage of the increased email traffic and scams and phishing attempts will be flying like reindeer. We at Internet Tech Guy remind you to keep alert and Think Before You Click on any suspicious or even non-suspicious emails.

Let’s all have a safe and happy season!

{ 0 comments }

National Cyber Security Awareness Month

As you know, this site is very focused on computer and Internet Security. Because of this focus, we at Internet Tech Guy fully support and endorse National Cyber Security Awareness Month (NCSAM).

This campaign has been conducted every October since 2004. It is a national public awareness campaign to encourage everyone to protect their computers and transactions on the internet. Here is a quote from the site Stay Safe Online:

“Cyber security requires vigilance 365 days per year. However, the Department of Homeland Security (DHS), the National Cyber Security Alliance (NCSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), the primary drivers of NCSAM, coordinate to shed a brighter light in October on what home users, schools, businesses and governments need to do in order to protect their computers, children, and data.”

Please do your part in these endeavors. The Internet is a fabulous resource shared by the world but it is not free of dangers and risks. Get smart about staying safe online by educating yourself, your family, and your company what it takes to get safe and stay safe – online!

This month our friends at WPSecurityLock are hosting a Website and Internet Security Telesummit. These events will take place during the month of October. Click here to sign up for these important and informative events!

“Get Safe and Stay Safe on your PC, Laptop and the Internet”

{ 2 comments }

Self-hosting Your WordPress Blog? Read This

My friend Regina Smola over at WPSecurityLock.com has written an excellent article on hosting services.

Click on over to read and learn from her experience helping hundred’s of folks to secure their WordPress blogs… (Read the article here)

{ 0 comments }

Internet Tech Guy wants to help spread the word to “Get Safe! Stay Safe!”

Many folks got hit today (September 10, 2010) with a fast-spreading virus with a not-so-masked URL to a domain in the UK.

Please do not click the link! Pay attention to all email and think before you click. Here is a quote from my bank’s website:

“My Bank” is aware of a global e-mail virus with the subject line “Here You Have” or “Just For You” that contains a fast-spreading e-mail worm that mails itself to all the victim’s e-mail contacts. When the e-mail is opened, the victim sees a short message and a link that appears to be to a PDF file. If the PDF file link is clicked, the computer downloads the worm virus and propagates itself by sending e-mails to everyone in the victim’s e-mail address book. If you receive the e-mail message, delete it without clicking on the PDF link. Also, ensure your computer is updated with the latest antivirus and firewall software, anti-spyware and pop-up blockers.

Internet Tech Guy recommends you add common sense to your tool kit and NEVER click on a link from a source you don’t know.

Get Safe! Stay Safe!

{ 4 comments }

Whether we are casual web surfers or dedicated on-line business people, the primary tool in our technology kit is our web browser. In fact, the various browsers our visitors use shape much of the experience when they come to your site. With this in mind, pay attention to our blogging so that your site is attractive in the major browsers.

The debate over which is the best of the bunch goes on year after year. Many of us have settled on Firefox as our favorite but Chrome and Internet Explorer are stirring up the pot. Here is a quick overview and some ideas on how to use the most popular browsers. The big three are Firefox, Internet Explorer and Chrome.

Firefox is by far the most customizable and the countless plug-ins and add-ons have made it the favorite of on-line business people and serious surfers alike. For the security conscious the “No Script” plugin is a must. The community supporting Firefox is wide-spread and passionate and there is constant work to improve the experience. Though all of these contenders now include tabbed browsing, Firefox pioneered it years ago.

Internet Explorer 8 is a pleasant experience to use now, once you get past the set up pushing Bing and the “Live” products from Microsoft. All the major browser now share tabbed browsing, integrated search engines, custom toolbars and other features that have become common in today’s browser market.  For a good read, see what Microsoft has to say about security in IE8 in their comparison chart. It will be interesting to see what Redmond comes up with in IE 9.

Google Chrome is coming on strong and according to most surveys and speed tests, it is the leanest, meanest and fastest new guy on the block. Once more Google has struck gold with the browser which is a precursor of a coming Operating System of the same name.

There are other choices out there. If you own an iPhone or iPad, you are familiar with Safari. Safari has been improved and works well now in the PC world. One of the cool features is “Safari Reader” which highlights articles on sites by dimming out the sidebar content (which can be quite distracting). If you research a lot of articles, this alone may make it a choice for your browser toolkit.

Opera has a cult following and the iPhone version, Opera Mini,  is particularly attractive to me. It is a rapidly evolving browser and is currently on version 10x. One of the standout features of Opera is searching from the Address Bar. This is quite convenient at times.

So which browser do you choose? The contrarian answer is ALL OF THEM!  Here is what I recommend. Pick your primary browser for input work – writing your articles and blogging. My choice is Firefox. Then choose a secondary for other parts of your business – mine is Chrome. Finally, you cannot ignore Internet Explorer. Always check your blog posts and design in IE. It can be embarrassing to proudly link to a new post that look terrible in IE. Do good work and pay attention on your web presence through whatever browser lens others are using.

{ 4 comments }

We are  in a connected world with our PC’s Laptops and SmartPhones  providing a  window to the Internet. However, we must keep our passwords safe so that those on the outside cannot look in! To get around in that world requires different levels of security. To simply surf the web catch up on the news is not a big risk, but going to your banking sites to pay bill IS a significant risk. Take the explosive growth of  Social Media; Twitter and Facebook provide anyone and everyone with a web browser ways to learn all about you. The recent buzz about Facebook and its privacy policy has made big news lately. For an eye-opening experience, click over to http://www.spokeo.com/. This site is a virtual white page phone book – except on steroids! Take a moment after reading this article to go over there and search on your own name. You will see a glimpse into your public web profile.

Get Secure And Stay Secure With Strong Passwords

Because there is so much data out there, don’t help by giving the bad guys a head start. Secure your digital world with strong passwords and good security practices. You do not want your User Names and Passwords to be part of the information easily accessible by strangers. One of the fastest growing crimes is Identity Theft. Companies such as LifeLock are capitalizing on the fear of having your identity stolen. Identity Theft Prevention is now a business that did not exist twenty years ago. Many of us have been victims or know of someone that have had accounts compromised by malicious hackers. It is frustrating and costly. So by now you should be convinced that security is important and you should be paying a bit more attention to your password habits. Here are some suggestions on taming the password beast while protecting your identity and assets.

Password Generation – DIY manual method using phrases

The first area to consider is password generation. When confronted with a requirement to create a login for a website, folks often go the easy route and use a memorable password they use on countless other sites. This is no longer a safe option in today’s world of sophisticated hackers. You must use strong passwords. Don’t neglect your User ID either. If possible, don’t use your email address and use the maximum characters that fit the criteria for a user name.

Here are some guidelines from Microsoft. The full list is available at http://www.microsoft.com/protect/fraud/passwords/create.aspx According to the article, the “keys to password strength are length and complexity”.

An ideal password is long and has letters, punctuation, symbols, and numbers.
Whenever possible, use at least 14 characters or more.
The greater the variety of characters in your password, the better.
Use the entire keyboard, not just the letters and characters you use or see most often
One DIY way to generate a good password is to take the first letters of a sentence of at least 10 words and turn that into a password. Here’s a suggested method: Using the sentence “A strong password will protect you from malicious hacker attacks most of the time”. Take the first letters of each word, like this: aspwpyfmhamott. Now substitute the @ sign for “a”. This results in @spwpyfmh@mott. Now change the “S” to $ and capitalize some of the letters, like this: @$pwpYfMH@moTt. Finally use a number or two to add complexity to your strong password, as shown here: @$pwpYfMH@m0Tt. This changed the “oh” to “zero”. This is a strong password that you might even be able to remember. Most likely you will need to store your passwords in a trusted system, or password safe.

Password Generation – Automated

There are also software tools and web-based sites that will generate strong passwords for you. If you don’t want to go through the steps above to manually create a strong password, try http://strongpasswordgenerator.com/ Choose the 14 character option and check the box to include symbols. Another online site for auto-generating complex passwords is at https://secure.msdservices.com/apg// A commercially available password management tool might be the solution for you.

Three Password Management Tools

If you have used the DIY or automated tools to generate strong passwords, how do you keep track of them? Do you use a spreadsheet, 3×5 cards or stickies on your monitor? This may suffice if you have one computer in a secure location at home. But if you are a road warrior or mobile worker you will need an another solution. Options include carrying a USB drive with your password information on it or online password management system. My recommendation is to use an online system so that you can access your sites from anywhere. Here are 3 tools to consider.

Keepass
Keepass is a free password management system that is open source (OSI certified). It has many strong features including the ability to be run from a USB drive on any machine without installing on a Windows machine. It is secured by a master password or key file and encrypts the database. If you are on the geeky side and would like to have the ability to look at source code, Keepass is for you.

LastPass
LastPass is one of the new players in the password management space. It is browser based and supports Windows and Mac as well as mobile devices. LastPass has a free version as well as a subscription based paid model. The premium version costs $1.00 per month and adds many features including mobile device support.

Roboform
The long standing favorite is Roboform. It is available as a 30 day trial as well as a paid version, Roboform Pro. I have trusted friends that have  used it for years and highly recommend it. It is a password management system as well as an auto-form software that fills out the forms necessary to setting up accounts or making purchases online. There are many favorable reviews on Roboform so you can be assured it is cream of the crop.

There are other contenders in the marketplace. Do your research, but take action now and manage your passwords to keep your information safe. Your business, reputation and bank account are at stake!.

Get Secure! Stay Secure!

Allen Dresser

http://InternetTechGuy.com

{ 3 comments }

Bad Behavior has blocked 345 access attempts in the last 7 days.