security

Apple's Big Announcements!

June has swept in with glorious weather and a bit of green remains on our golden hills. Local schools let out last week and traffic is already lighter - hurray!! June is the month the world seems to melt into summer mode - a slower pace, longer days and permission to be lazy. All of which I classify as a good thing in this crazy, hectic world today. I'm doing my best to comply which is often easier said than done.

This newsletter is a bit late because I elected to send it AFTER Apple's World Wide Developer Conference (WWDC) which kicked off this week. Jillian has some highlights of the WWDC keynote below, and there will be more information and news in our July Newsletter. The tech world of course never seems to slow down which is a good thing. I always feel that the benefits of technology outweigh the drawbacks. My personal love is teaching technology to my clients - helping people learn to use and enjoy their technology is fun! With all this new tech I'm thinking business looks good.


APPLE'S BIG ANNOUNCEMENTS

By Jillian Dorman

At their annual Worldwide Developers Conference on June 6, the opening keynote was full of exciting news! It was the biggest display of product advances that I can remember in a long time! Apple announced new operating systems for both computers and mobile devices that will power new and more advanced iMacs, Mac Book Pros and iPads/iPhones. There was also fresh information about the Watch, Apple TV, and a robust new iMac Pro.  Also, the HomePod, a totally new and exciting device was introduced. Below you will find just a few highlights of the products announced and we will offer more details soon to come. The HomePod, Apple's home smart speaker with Siri, warrants an article of its own, so look for an article from our tech John Wentworth next month!

MAC OS 11

MAC OS 11 will be the force that takes Apple into the augmented reality work of the future. But there are improvements we will enjoy now in the aptly named follower of Sierra, High Sierra. One of the most welcome updates will be the addition of a side bar in Photos for greater ease of use. There are changes to Safari that will help with ad spam, and a more efficient way to store video data, just to list a few.

For our mobile iPads and iPhones, iOS 11 will similarly be full of improvements in cluding a new capabilities for the "dock," a redesign of the Control Center, and a brand new App Store that should make searching for or learning about apps a cinch, and finally, I know many of you will welcome the ability to organize and store files in a spiffy new app. You will use it like files and folders on your computer. This article tells you more about the tips and tricks coming your way. 

Both iOS 11 and MAC OS 11 are now in beta test. Apple is predicting a fall release for both, but we'll keep you posted as they near availability, with our usual recommendations on upgrading.

iMAC

Screen Shot 2017-06-09 at 12.34.18 PM.png

The new version of the iMac will benefit from more powerful processors (Intel 7th generation), better built-in graphics, the ability to expand RAM (21" to 32GB, 27" to 64 GB) and 27" displays up to an impressive, brighter, 5K resolution with up to a billion colors. These machines will have outstanding performance and will smoothly run High Sierra. These new computers are built for the imminent work ahead in virtual and augmented reality. It is exciting to know the machines are available for order now. You can learn more here. The MacBook and MacBook Pro line received similar improvements.

iPAD

Screen Shot 2017-06-09 at 12.37.21 PM.png

Have you been waiting to get a new iPad? The 10.25 iPad Pro looks amazing. A great size, it can double as a note pad because the ability to write with the pencil is very much like the real thing. In fact, the on-screen keyboard is the size of a conventional keyboard. It is powered by the same chip as the larger iPad Pro. It is faster that previous iPads in processing and graphics, has four speaker audio, 4K video recording, and optical image stabilization to improve your photos. Ronnie has already ordered hers and she will provide a complete review in the months to come. 

Again, this is just a brief of some of the announcements from a very big collection of news. If you'd like to read more comprehensive information about everything, here is more information if you want to look it over. Check out this article, too. 

Finally, although a full compliment of changes were announced across almost the full line of Apple products, there was not a peep about an new iPhone. Apple traditionally announces iPhones in the fall, so we'll have to wait and see about the iPhone 8.


TECH TIPS

I am using this email from our local bank, Redwood Credit Union, for this month's tips-- both computer and iOS. We are still getting several calls weekly about folks who have been compromised. The indicators are these attempts to cause havoc in our computing life is only going to increase. The is a great article with easy to follow steps. 

---

Improve your online security with a digital spring cleaning!
Spring is here, which means it's time to clean up those digital dust bunnies and keep your information safe online. Here are some helpful online security tips:

Change your passwords
Update your login information for sites you use frequently. Long, complex passwords that use a combination of letters, numbers, and other characters are best. Don't use your kids' names, birthdays, or any information that can be readily found on social media. Read more tips on creating a strong password

Declutter your device
Review your apps and delete the ones you don't use. Then review the privacy settings of the apps you do use to ensure you're only sharing the information you choose.

Purge your digital files
Take stock of your online files, including those in the cloud. Delete documents you no longer need that could contain private information.

Tidy your privacy settings on social media
Assume anyone can see your social media posts. Remember, your personal information can help hackers uncover your passwords, so you may want to limit sharing to friends and family.

Give your software a safety makeover
Software updates are critical because they fix flaws that make your devices susceptible to hackers. This applies to not only your computer's operating system, but also popular browsers and media players. 

Following these steps will help ensure your online privacy and keep your accounts safe! For more security tips, visit redwoodcu.org/security.

redwood credit union

Security Series: Part 4 of 4

SUDDENLY IT'S ALL ABOUT SECURITY! PART FOUR

We have come to the end of this four part security series. My personal feeling is that I want to be informed about what is and isn't a risk and as always our goal is to teach our clients how to do the same. I am so pleased at the positive response to this rather in-depth look at an important topic and I do hope you are all feeling confident and more empowered in keeping your computers and mobile devices safe. In the coming months I will also address privacy- the next big issue facing us as our world becomes more connected.

PART 4: MOBILE DEVICES & PASSWORDS

Staying safe in our mobile world - even just out and about everyday - has become much more of a concern now that many of us carry and rely on iPhones, iPads or laptops. So what is the best way to protect yourself? 

iPhone/iPad Security

iPhone/iPad Security is something that is often overlooked but any smart phone or tablet is a target for thieves or simply getting lost. Many think it is not a big deal if their device is lost or stolen. Wrong!!!! If you have any information stored on your device at all such as names, addresses andphone numbers in your contacts or you receive/send emails, that information can easily be stolen if your device isn't locked. Truly, unless you ONLY play games that require no log in and you have no identifying information on your device, it needs to be locked - ideally with a custom Alpha Numeric Passcode and your fingerprint. I also recommend enabling the "Erase Data" after 10 failed passcode attempts under Settings > Touch ID & Passcode and turning on "Find My iPhone" in your iCloud settings.

Laptop Security

Laptop Security is often overlooked but it truly, like iOS devices, is not optional. Apple has made it so easy to secure your laptop that there is no excuse. Once again it starts with a strong log in password that you use every time you start up your laptop and ideally that is required a short time after your laptop is inactive (i.e., the screensaver starts or it goes to sleep). You can customize this behavior in System Preferences > Security > General. 

There is an additional security feature that Apple has made highly functional especially on newer computers (desktops, too) called FileVault. CAUTION!!! FileVault encrypts your entire hard drive on the fly and keeps your data safe when used correctly but it is also not forgiving - IF you should forget your password and lose the recovery key, you can never get your data back!!!!! This article from Apple explains FileVault in depth.

Secure Passwords

With all the attention given to the recent breach of Yahoo's secure servers it should be easily apparent that weak passwords or using the same passwords over and over is one of the most dangerous things we can do in our modern Internet connected world. I have long preached about using secure, different passwords for all your logins. But with all of us having so many passwords, needing to remember them and different websites having different requirements, it can be overwhelming!! 

My best recommendation is to use a password manager that also lets you create secure random passwords and then memorizes them for you. My favorite is 1Password which I use and recommend but there are others out there. This is a very good article on different methods to create secure passwords should you prefer to mange this on your own. 

Two-Factor Authentication

The latest method of adding extra security to an account is called "Two-Factor Authentication"Typically this means that whenever you log into any existing account from a new location or device you will be sent a code that you will need to enter on the website or device before you can sign in OR you may have to enter a pin number you created or answer a question. Most large services such as Apple, Google and Dropbox have offered two-factor authentication for a long time as have many banks and financial institutions. We are now beginning to see more and more websites that require logging in offering this method. This is how Apple implements two-factor authentication.

Security Series: Part 3 of 4

Suddenly It's All About Security! Part 3

This is part three of four on security for your computer and mobile devices. I am getting great feedback which I love! Thank you!! 

These next two articles begin to cover items that are a real risk and there is a special Security Audit offer at the end of this email. Just a note about these audits - there is also time for some general questions and training. 

An important piece of security on any device is you the user - you want to always pay attention to messages that pop up or offers you receive. It is always better to err on the side of caution!


PART 3: MODERATE TO HIGH RISK 

Moderate Risk
Malware on the Mac is still more annoying than dangerous BUT this could change at any minute. Malware get installed when you download and install software from a questionable web site OR more frequently, you respond to a prompt or pop up that offers to protect your computer or update a plug-in such as Flash. 

You always want to be sure you are accessing legitimate websites and if the website requires a login or password, be sure you see "https://" at the beginning of the address. 

The 's' at the end of 'http' is the key and signifies a secure site.

If you are presented with a pop-up or web page while you are on the Internet telling you your computer has been compromised or you must update your software just say NO!!!!

Either close the window or if that doesn't work Quit or Force Quit your web browser. You can read more in my article from last February about pop-ups and safe searching below.


SECURITY

(Article released February 2016) 

POP-UP SCAMS

We have seen a huge uptick in the numbers of calls about pop-up scams in Safari or other web browsers. These are always a scam!!!! Here is one example of a pop-up in Safari.

Here is another example that one client saw in a pop up window: "You have an infected malware or hardware due to ineffective virus protection. You need to call (xxx)123-4567. They said there is a possibility of data and identity theft if not fixed immediately. Your computer has been blocked, with system alert; do not try to restart your computer or it will make matters worse." 

These pop-ups are usually the result of visiting a page that is either malicious itself, or that has been hacked, or that contains advertising from an ad feed that has been hacked. In any case, the page contains malicious code that either displays a pop-up, or redirects to a malicious page that then displays the pop-up.

It is important to understand that no website can scan your computer for malware or suspicious activity. 

Further, Mac OS X will never display such a message within your web browser. (If you are unsure as to whether the alert is being shown by your browser or by the system, try hiding the browser by pressing The Command + H Keys. If the message hides as well, it's being displayed by the current page.) At most, web browsers can warn you that a particular site you are trying to visit is bad, but they cannot make any determinations as to the state of your computer.

It is also important to understand that these messages are not caused by a virus, or any other kind of malware. Many people's first reaction to a pop-up like this is to go download anti-virus software. This is the wrong response, as there is no malware involved, and thus the anti-virus software will not solve the problem.

So what should you do?? 

DO NOT CALL THE PHONE NUMBER PROVIDED. IT IS NOT A REAL TECH SUPPORT NUMBER. 

The people at that number are scammers, and they will do their best to take advantage of you in whatever way you will let them. You just need to get rid of the message - please call us and we can often walk you through the process. (Our phone support charges do apply.)

If you did call:

If you called the number, you may need to take some additional steps. For example, if you gave the scammers your credit card number when asked, you should contact your credit card company and report that your card has been compromised. If you gave other personal information that could be used to steal your identity, see: http://www.consumer.ftc.gov/features/feature-0014-identity-theft

If you gave remote access to your computer:

If the scammers requested remote access to your computer, in order to "troubleshoot" the "problem," and if you did whatever they asked to give them that remote access, your Mac should be considered compromised. 

You need to call us immediately to have your computer cleaned and restored.     

BOGUS WEBSITES OFFERING TECH SUPPORT

The second issue we are seeing is bogus websites pretending to be 'authorized support providers" for various hardware/software. In this case you search for help with a printer or software. Then you call or click through any of the search result offerings and are sent to a questionable company that wants to take remote control of your computer and charge you a lot of money!!! Interestingly enough this is more of a problem IF you use Yahoo as a search engine instead of Google (see my tips below to change your default search engine)

Google Search Results - in this case the fifth offering is bogus.

Yahoo Search Results (note that none of these are legitimate!!) in very fine print you might note that is all advertising but most folks don't even see that!

So how do you get help and avoid getting scammed?? 

  1. Go directly to the web site without using a search engine. 
  2. In your browser (i.e. Safari) type the address of the parent company into the address bar - for example:  www.canon.com, www.epson.com, www.intuit.com, www.apple.com and so on. This will take you directly to the legitimate company web site where you will find links to Support.  

HIGH RISK

Open or Unsecured Wireless networks refers to the public networks that have become the norm in coffeeshops, hotels, libraries, and even parks. While there are some folks who feel it is okay to use public wireless as long as the website you are accessing has "https:" in the address I prefer to just say no and only use public wi-fi to look up benign information such as business hours, menus, movie times, etc. I avoid anything that requires a log in and/or password. The FTC has a great detailed article on do's and don'tsfor public wi-fi. 

Don't forget: Your home wireless needs to have a secure password too and any router or device you have needs to have a custom password for administering it.

Phishing is probably among the longest running scares. But lately we are noticing a large uptick in very sophisticated and legitimate looking emails. The best way to protect yourself from these scams are:

  1. Know that a legitimate company will NEVER ask you to send your password to them or give it to them via a phone call. 
  2. IF you do get a notice that says an account has been compromised or must be verified, you want to open your browser and go directly to a website instead of clicking on a link in the email.
  3. If you receive an email asking you to login in and verify, change a password, etc., read it very, very carefully. Usually there will be a least one typo or poor use of English. The exception to this is verifying a new account, password, or email change you initiated - in that case use the next tip. You may also notice the quality of graphics, such as a company logo, will be incorrect or poor quality.
  4. You can also verify any links in emails by hovering your mouse over them for a moment and the address the link points to will show - you can sometimes use this to verify whether an email is legitimate. 

Next week I will send the final installment in this series: I will be covering mobile devices (laptops and iPhones/iPads) plus secure passwords and expanded security options that are available. 

Security Series: Part 2 of 4

SUDDENLY IT'S ALL ABOUT SECURITY! PART TWO

Low Risk (right now*)

So what do you really need to be concerned about? First you need to remember that security precautions are only good when they are used. If you have a home security system installed but do not activate it when you leave the house, you are negating any benefits of having the system in the first place. So let's start with taking a good look at what you need to be concerned about and how to protect yourself.  

DDoS attacks are typically directed at large companies - think Amazon, eBay, Twitter, Facebook, etc. - so not directly targeting average users. They are not looking for data but rather to interrupt the website itself.  BUT - if you use any cloud-based service such as Gmail/Google, iCloud, Yahoo, etc., you may not be able to access your data for a time should a DDoS attack be directed at any of the sites you use.

*Be sure to have a hardcopy of any critical data.*

Ransomware has been becoming more prevalent on PCs over the last few years but it was only in March of 2016 that ransomware was able to affect a Mac. The best way to protect yourself from ransomware is to make regular backups of your important data

AND keep them separate from your computer (to prevent the malware from trying to meddle with your backups too). To truly do this effectively, it requires either an off site backup via a Cloud service such as Backblaze or a separate backup that you run regularly and then store somewhere such as a safe deposit box. This would be in addition to your local backup!! You can read more in my article from last June

Internet of Things refers to 'smart devices' that connect to your Internet or create their own networks and encompasses everything from thermostats, lights, security systems, printers and even cars and baby monitors. First you need to know that these type of devices are presenting a whole new area of vulnerability that is not so easy to understand or protect. Consumer Reports has an excellent article on the topic. We are mostly dependent on manufacturers stepping up and securing their devices and/or giving users a way to do so.  In the meantime IF you have any device of this type, be sure to frequently change the default password for controlling the device (if you can) and turn off any unneeded features.  

*Something that is low risk right now can change in a moment. Security is an always morphing/moving target and proactive is much better than reactive. Next week I will talk about Moderate and High Risk concerns. 

Security Series: Part 1 of 4

SUDDENLY IT'S ALL ABOUT SECURITY!!

SECURITY.jpg

Over the last several months,Internet, wireless and computer security has been at the forefront of the news. From DDoS (Distributed Denial of Service) attacks, to the security (or lack of ) with the Internet of "things"  to computers being taken over for ransom or compromised via malware, we can no longer ignore the risks. 

In this series of four articles I hope to help you understand security basics, the real risks and how to discern annoyances with low risk. You will also learn how to view these risks from a sensible standpoint, to identify when the risk is real and when you need to take action.

This is an important topic with plenty of information to absorb. To make this easier, I am going to release this article in series of weekly newsletters for four weeks (one of which will be the usual February newsletter). 

 

PART ONE: DEFINITIONS AND TERMS

Let's start with Definitions of a few important terms:

DDoS - Distributed Denial of Service Attacks
A cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. 

Internet of Things
The connection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data."If one thing can prevent the Internet of things from transforming the way we live and work, it will be a breakdown in security." Think smart lights, thermostats, security cameras, printers, personal assistant devices like Amazon Echo, etc.

malware.jpg

Malware
Short for "malicious software," malware refers to software programs designed to damage or do other unwanted actions on a computer system.

Common examples of malware include viruses, worms, trojan horses, and spyware. Viruses, for example, can cause havoc on a computer's hard drive by deleting files or directory information. Spyware can gather data from a user's system without the user knowing it. Malicious websites can include anything from the Web pages causing pop ups in your browser that pretend to be a legitimate company asking you to call their tech support because there is a problem with your computer to out right dangerous websites that lock up your browser. 

Ransomware (a type of Malware)
Ransomware is a type of malicious software that restricts access to a computer system in some way and demands the user pay a ransom to the malware operators to remove the restriction.

Phishing
The fraudulent practice of sending emails that appear to be from reputable companies in order to trick individuals to reveal personal information, such as passwords and credit card numbers.

Risky Behaviors
In addition to the defined risks above we are also vulnerable when using an open/unlocked wireless network, traveling with unlocked/unsecured devices such as an iPhone, iPad or laptop, using old software or using weak/the same passwords for anything. 

OH MY GOSH!! There is so much here!! 
So what do you really need to be concerned about? 

Read Part 2 here!