Tech Stuff :: What You Need to Know About Pokemon GO

If you haven’t already heard, Pokémon GO has quickly become the biggest mobile game in U.S. history. However, the game’s rapid rise in popularity has also raised some major mobile security concerns. Its millions of users may not be aware of the many data vulnerabilities that lay hidden within the game and its privacy policy. Are you one of them? Here are the answers to your most pressing Pokémon GO questions.

  1. What Is Pokémon GO’s Privacy Policy?

Like most apps out there, Pokémon GO does collect data about its users. When first downloading the app, users need to sign in with a Google account and grant access for the app to use your camera, data and contacts. According to the Pokémon GO privacy policy, Niantic may also collect your username, email address, IP address, the web pages you were using before logging into the game and your entire Google account. In addition, the privacy policy gives the company wide latitude for using all of this information. Niantic can hand personally identifiable information (PII) over to law enforcement, sell it off and even share it with third parties.

This full access can be a huge security risk, and Niantic recently addressed this concern with a statement saying they are fixing the bug that allowed the app to gain full access to users’ accounts.

  1. Why Is Pokémon GO a Target for Cybercriminals?

Niantic’s gigantic database of data is full of information provided by its users, which makes it the perfect target for hackers and criminals. If the Niantic servers are hacked, the hijackers could potentially have access to all of your personally identifiable information (PII). The company has offered minimal details on how it plans to store all that data, but promises that it is taking the appropriate measures to protect the large database of PII – the type of information that hackers have been increasingly targeting.

  1. What Are Other Major Security Concerns with Pokémon GO?
    Pokemon GO is creating some major mobile security concerns.

    Pokemon GO is creating some major mobile security concerns.

The public nature of Pokémon GO has caused some unforeseen side effects and attracted other cybersecurity concerns. Many fake versions of the app have been uncovered, which contain malware that can lock your smartphone and cause more harm. Also, criminals have reportedly been able to use the geolocation feature to lure players to remote areas and rob them at gunpoint. This shows that although the new game has received an abundance of positive feedback, there are some major dangers that players aren’t aware of.

  1. What Problems Can Pokémon GO Present with the Rise of Bring Your Own Device (BYOD) in the Workplace?

The vulnerability of mobile data within Pokémon GO means that there’s a greater need for managed IT security. Especially with the ongoing trend of BYOD, the likelihood of introducing unwanted cyber activity and harmful attacks via these connections is at an all-time high. If your employees are using unprotected devices when using the game, it could lead to exposing sensitive business data in the event of a hack.

  1. How Can I Stay Protected When Using Apps Like Pokémon GO?

Pokémon GO is a prime example of the various security risks that are presented with unprotected mobile devices and the growing need for managing these endpoints. By leveraging a solution like mobile device management (MDM), you can greatly reduce these risks. MDM gives you the ability to remotely wipe an individual’s data if a device is compromised. An MDM solution will also allow you to implement app management policies and put restrictions on app purchases from non-validated markets.

3 Ways to Boost Mobile Security

Mobile security is the protection of smartphones, tablets, laptops and other portable computing devices, and the networks they connect to, from threats and vulnerabilities associated with wireless computing. Mobile security is also known as wireless security.

Securing mobile devices has become increasingly important in recent years as the numbers of the devices in operation and the uses to which they are put have expanded dramatically. The problem is compounded within the enterprise as the ongoing trend toward IT consumerization is resulting in more and more employee-owned devices connecting to the corporate network.

Following are three ways to make sure your network is secure from mobile threats:

  1. Set a pin or passcode.

This is your first line of defense. If someone wants to access your device, they will first need to break this code. This is not an easy task, and can operate as a deterrent against theft. Some device manufacturers have an option to automatically wipe your device after a few unsuccessful attempts at your passcode or pin; so, even if your phone is stolen, your information cannot be accessed. For this reason, you should look for MSPs that offer mobile device management (MDM) in their portfolio of services.

  1. Remote locate and wipe tools.

There are thousands of applications out there, and many involve more than just crushing candy or shooting birds at pigs. Certain software can help you locate your lost or stolen device through its GPS. Apple offers a service like this for their mobile devices aptly named Find my iPhone. For Android users, the Android Device Manager offers these services. Windows Mobile users also have this option from the Windows Phone website. Similarly, many third party applications are available in each of the app stores.

  1. Keep your device clean.

Utilizing an Antivirus and Malware scanner is never a bad idea. Your phones are mini-computers, and just like your “big” computer – they need to be cleaned up from time to time. Malware and Virus threats can compromise information stored on your mobile devices. Malware has a snowball effect, and can continuously pile up until it slows downs or stops your device. Look for an MSP that offers Malwarebytes as a solution to this problem for both mobile devices and computers. It will keep your end points clean and secure from outsiders. Consider Webroot as an antivirus application that scans your downloaded apps and devices for any threats. Many MSPs offer Webroot antivirus in their managed IT services package. Equipped with Internet security, this defense will give you a heads up if it detects any malicious activity from your device’s browser.

Agile Solutions for Everybody!

A long, long time ago, when The Internet Design Firm existed (Scott Smeester’s 1990s startup), consulting firms used to get into LONG and BIG contracts, for HUGE amounts of work. They used to generate big ‘ol requirements, and create phases in the project to make sure there was no scope creep! Changes?! Pfftt!

In 2002, Mr. Peter Provost, now of the Microsoft Corporation, paradigm shifted me into 2016, which is why I’m here now. He told me that the way we were doing it was bass ackwards. He said we should be doing smaller projects, with shorter timespans between deliverables, with the ability of the client to make changes (oh, God!). No more huge commitments! He told us this was the “Agile Development Process” and it was meant to keep software developers and clients from butting heads.

So that’s how we do business now, with our clients and with our vendors. It allows us (all) to iterate. It allows us to succeed in more projects.

** The picture of the two college guys is merely coincidental. That is not me and Peter Provost, but those types of things did happen in the vicinity of Peter. Those two cats are SO party’n! Courtesy of Sun International South Africa.

Understanding Cloud Technology

Cloud technology offers your business many benefits. It allows you to set up what is essentially a virtual office to give you the flexibility of connecting to your business anywhere, any time. With the growing number of web-enabled devices used in today’s business environment (e.g. smartphones, tablets), access to your data is even easier.

  1. What is the Cloud?

The cloud is virtual and therefore does not require any hardware of your own to deliver a service. Cloud technology can deliver that service to you, without having to install anything or have it on a server at your business. This is something that you can access remotely, or via the Internet through your web browser. Offsite, secure third party data centers manage all of your cloud data so that you can access it at your convenience.

  1. You May Already be Using the Cloud

Are you using Gmail? Amazon Music? A Kindle? Dropbox? These are all cloud services that store the data you access. All you have to do is log in to their servers to get what you need. If you use an Apple iPhone or iPad, then you’re familiar with the iCloud service, the cloud technology that allows you to sync and upload your photos and contacts.

  1. Why Use the Cloud?

The cloud is convenient for accessing and backing up data no matter where you go. With it, you can access servers anywhere, rather than just locally from your office. This allows you to perform your job duties at home and on the go! There is no need to carry around (and risk losing) USB drives with sensitive information on them. If you lose that USB drive, then your files are gone forever. If you back them up to the cloud or store them there, however, you can easily retrieve that data.

  1. Why is the Term “Cloud” Used?digital-world

There is both a literal and figurative meaning here. Have you ever laid down in the grass, and looked up at the clouds in the sky? Oh, look, an elephant! A boat! Oh nice, a dinosaur! But the person next to you may not see the same shapes. They may see a sandwich, a skyscraper or an airplane in the clouds instead. The possibilities are almost endless, and not everyone has the same vision. Cloud technology is similar, offering a plethora of possibilities to help support and scale your business. Also, clouds are generally always above us. Just head on up, and grab whatever you need on-demand. The sky is always accessible.

So, you can store and access files in the Cloud. You can use cloud-hosted applications, like Gmail and GoogleDocs. Finally, the cloud gives you access to your data anywhere with a network connection. This all sounds great, right? It is, but as with anything on the Internet, these services need to be used responsibly. Is your IT services provider helping to manage this?

 

5 Ways to Stay Secure Online

Using the internet to do business brings huge opportunities and benefits, however just like a shop on the street, you need to take a few security measures to protect your business. It’s just as important as locking your doors or putting your cash in a safe, and most security issues can be addressed with simple security practices.

  1. Hook up to a network that you know.

Free Wi-Fi is tempting, but be sure that you consider who is providing the connection. Public connections at the local coffee shop are usually unsecured and leave your machine open to outsiders. While these networks provide a convenience, there are risks to be aware of.

  1. Bank and shop with caution.

Shopping from familiar websites is a good place to start. Stick with the reputable sites that are tried and true – like Amazon or eBay. Also, when checking out and finalizing the purchase, look for the ‘padlock’ symbol or the abbreviation ‘https’ in the address bar at the top of your browser. This will ensure that you are on a secure, encrypted part of this webpage. Keeping an eye on your bank statements for suspicious activity is always a good idea, among these other best practices for shopping online.

  1. Use secure passwords.

Passwords for logging into any website should contain a mix of letters, numbers, and special characters – as well as be different for each website that you log into. It can definitely be a pain to remember all of these passwords, but ask yourself which is more of a pain – remembering these, or recovering stolen personal information.

  1. Lock Your Computer.

When you walk away from your machine, lock it. In Windows, it is as easy as pressing the Windows key + L. On an Apple Mac, pressing “Control+Shift+Eject” will do the trick (unless you do not have an optical drive, then you can hit the “Power” key instead of “Eject”). This practice would be the equivalent to deadbolting the front door of your home. It acts as a deterrent to the bad guys as well as a line of defense. It may even be worth setting up a password lock on your Apple or Windows machine as well.

  1. stay-safe-onineDo not click on anything unfamiliar.

If an offer is too good to be true, it probably is. If you get an email from an unknown source, do not click any of the links within it – and immediately report it to your IT department. If a window pops up while browsing a website, immediately close it. Familiarity is always your friend. Using your judgment and trusting your gut is the ultimate defense when online. Always play it safe!

Photo: geralt

Improve Your Password Security

Sometimes it is the simplest or most obvious things that can be easily overlooked or taken for granted in life. The IT space is no different and many of the most basic elements, like password management, can often times be overlooked. While it’s not the sexiest of topics, passwords are something we use everyday and should be at the forefront of any security plan.

Passwords are the first line of defense against malicious activities in the digital space. We hear all the time about the importance of strong passwords, and many websites or software require certain password criteria that force them to be difficult to guess. However, the actual execution of these recommended practices is often lacking. The trouble usually lies with the end user who doesn’t take care of their passwords or doesn’t make them difficult enough. As a managed services provider, it is imperative to ensure that your clients are employing some simple, yet highly effective tactics to keep the bad guys out of their information and IT systems.

Hackers’ Tricks

Before we look at the techniques to prevent hackers from gaining access to private information, let’s take a quick look at the most common means these folks use to crack the password code and get the proverbial “keys to the kingdom.”

  1. Guessing – Some people think that no one could ever “guess” their password at random, but hackers are much more sophisticated than that. This technique is not simply sitting in front of a screen and typing many different combinations. First, the hacker finds personal information online and then uses sophisticated programs to help ‘guess’ how that personal identification can be turned into a password.
  2. Dictionary-based attacks – Programs run names and other information against every word in the dictionary.
  3. Brute force attacks – Just like it sounds. By simply running all combinations of keystrokes with a user name, passwords are discovered all the time.
  4. Phishing – Beware of Phishing schemes! These scams try to lure you in with fake offers then track your keystrokes in order to steal private information. If the email or IM request looks odd, ignore it and please don’t click on anything. The trouble is that people are oftentimes tricked into giving away valuable data without even knowing.
  5. Shoulder surfing – Not all hackers are technical whizzes. Shoulder surfers try to catch you entering a password in a public place like a coffee shop or even at a gas station (debit card PINs are vulnerable).

Password Security Tips

So what is the MSP or client company to do? Educate employees on strong password practices. There is simply no-way to guarantee a bulletproof password. If someone wants something bad enough and is smart enough they can figure out what they need to do to get it. Most are not that patient though so any deterrents are usually enough to make them give up and find an easier target.

Many red opened locks around one closed blue lock

Some best practices to be teaching customers and employees include:

  1. Make sure password length is at least 8 characters
  2. Don’t use real words
  3. Use both upper and lower case characters
  4. Include numbers and special symbols when allowed
  5. Don’t use personal data
  6. Make patterns random and not sequential or ‘ordered’

Don’t get lazy when it comes to your passwords. Take the extra time to think of something creative, complex and something only you would remember. Here are some of the web’s most common passwords – and what they say about you as a person.

What else can be done? Here are some “do’s” and “don’ts” for password safety.

Do:

  1. Create different passwords for different accounts and applications. If you create only one password for everything you do online, you are exposing yourself unnecessarily. Sure it’s easier to use one but it provides more chances for someone to figure your password out, and if they do, gives them a great starting point for accessing other personal data of yours.
  2. Keep corporate and personal passwords separate.
  3. Change your passwords often (ideally every month)
  4. Always log off your computer or lock it when you leave it for any period of time

Now some don’ts:

  1. Don’t write passwords down or store then in the office
  2. Don’t store passwords on any device
  3. Don’t give passwords in emails or IMs
  4. Don’t give your manager your password
  5. Don’t discuss passwords with others
  6. Don’t use remember password function in applications
  7. Don’t use the “it’s easy to type’ rule (like asdfjkl;) since that will be easier for a lurker to see what you typed

After reading this, I’m sure you feel like you have some work to do. It’s never too early to start utilizing these recommended practices and you may not even know what data may currently be exposed or at risk. Changing your passwords and using the above techniques can help protect you and your clients from malicious web attacks. Don’t overlook the importance of password management – it could make all the difference when a hacker sets his targets on you or your clients.

How to Find the Right Help Desk Provider

 

Despite the importance of maintaining a high-quality help desk, a number of companies either don’t have the internal resources to do so, or struggle in finding an outsourced vendor that is truly high quality. By asking the right help desk qualification questions, you can be sure you’re choosing a vendor who will meet your needs and the needs of your clients.

Factors to Consider

Whether outsourcing for the first time or looking for a new vendor, there are several benefits to choosing an outside help desk provider… as long as it’s the right one. Every company has different specifics required of their help desk, and before shopping around, you must first have a good understanding of what you’re looking for and the role you need the provider to fill. Start by auditing your current support levels, and then assessing where reinforcements are most needed.

Once you have a solid benchmark in place, you can start comparing vendors. There are several help desk qualifying questions you can ask to help narrow the field:

  • How are the engineers with the help desk vetted? What does the provider look for in a help desk agent? Do they check backgrounds? What typical education and certifications do they have?
  • Do help desk technicians understand HIPAA compliance? As the definitions of HIPAA compliance continue to evolve, it’s essential for help desk techs to always be up-to-date with the latest compliance regulations and be able to answer any questions that may arise regarding compliance.
  • Does the help desk provide any SLAs? SLAs ensure that all parties are on the same page when it comes to response expectations, which is an essential component of an effective help desk. This will help you manage your clients’ expectations as well.
  • What objective metrics can you show? Ask potential providers to offer specifics about their service. What’s their average speed to answer (ASA)? What are their abandoned rate (AR) and their percentage of first contact resolution (FCR)? These numbers are an excellent indicator of your prospective vendors’ efficiency and effectiveness. Lastly, don’t forget to ask for their customer satisfaction (CSAT) statistics.
  • How does your number of calls/tickets per month stack up against your customer satisfaction rating? Be wary of vendors who only boast about how many calls come through. The volume isn’t as important as how well customers’ issues are resolved and how pleased those customers are with their resolution. Metrics should reflect both quality and quantity to really determine the effectiveness and work ethic of the help desk team.
  • How are metrics made available? Are metrics available in real time? Do you receive raw data or interpreted information? What types of reports will you receive? Will you only receive information according to the vendor’s timeline, or can you request them on an as-needed basis?
  • How does your help desk compare to industry standards? If you’re unsure about the quality of a help desk provider’s metrics, check them against industry standards to see if your candidates are coming out ahead. Metricnet.com is a great source for industry metrics.

By asking these qualifying questions and putting in due time and effort in hiring your help desk providers, you’ll ensure that your vendor can take on your immediate help desk needs and grow alongside your own organization into the future.

What other metrics should you ask for when vetting your help desk? Did we miss any important ones?

Holiday Cyber Scams – How to Avoid The Grinch Who Stole Christmas

 

Now that we’re officially in the middle of the holiday season, there’s a flood of emails flying through cyberspace from family, friends, online retailers and charities. This heavy online traffic makes it easier than ever to sneak in malicious emails, targeting unsuspecting users looking to connect with old friends and find holiday deals. Whether it’s a phishing scam that is trying to snag your credit card number or a malware campaign that installs unauthorized code on your system from an email link, ‘tis the season to protect yourself.

Taking Precautions

So where, exactly, do these seasonal cyberscams come from? Many of these malicious Grinches send emails from fake URLs, disguising them to appear legitimate. Faux charities are another common scam designed specifically to take advantage of your generosity during the season of giving. Even friends and family may send what looks like an innocent forward your way, only to discover that they inadvertently launched some decidedly un-cheery, unpleasantness to your inbox instead.

However, if you take some basic online protective measures you’ll be in a lot better shape to avoid the latest cyberscams this holiday season:

  • Change your email settings so that attachments aren’t automatically downloaded. This gives you more control over what gets into your system.
  • Never open attachments or click URL links in emails from unknown or unverified senders. Even be cautious of known senders.
  • Remember that cyberscammers can spoof return addresses; their malicious emails might look like a holiday e-greeting from Grandma judging from the subject line alone. If there’s nothing specific in the subject or body of the message (i.e. “Check out the great Holiday pics I took!”), it’s worth verifying with the sender before opening the attachment.
  • Never respond to requests for financial information that arrive via email. Instead, visit the applicable site or account directly from your web browser to verify any claims.
  • Always research charities and other organizations before you donate a penny.
  • Keep your antivirus and anti-malware software updated and run regular scans to keep your system squeaky clean.  Also assure that patches are applied regularly to the operating system.
  • Listen to your intuition. If something seems fishy about an email, even if it’s from someone you know, don’t download any attachments or follow embedded URLs. Again, return addresses can be spoofed to look authentic and familiar, so use caution even with trusted senders.

Spread Cheer, Not Fear

There’s no better time than the holidays to wrap up a nice bit of malicious code masquerading as an online promotion for a major sale or a holiday e-card. That’s why the U.S. Computer Emergency Response Team (US-CERT) has released a security alert that focuses specifically on how to avoid holiday-related cyberscams. Additionally, the Anti-Phishing Working Group (APWG) offers a comprehensive list of suggestions on avoiding phishing scams that are good any time of year.

The holidays should be a time for celebration. Use smart online practices to help spread seasonal cheer, and stay safe this holiday season.

Your Fiduciary Responsibility to Your Client’s Data

Make the most responsible choice to protect your client’s data, regardless of what they think is the best method. They’re not the experts.

I saw Leonard the other day, and he started the conversation off like he always does; “what are your thoughts about storing data in the cloud, like Google or Dropbox or something?  My clients would have a problem with that so I keep all of their data in house.”

Leonard is a business attorney I’ve known for years, stemming from a board we were both members of.  He thinks he’d be making a big mistake by trusting his data in the hands of an outsourced entity. “If you put it on Google or Dropbox, it’s out there!” he’ll say.  Yes, it is.  But the truth is it’s out there even on your hard drive in your office if that device is connected to a computer that is connected to the Internet – which it most likely is.

Knowing what I know – that Leonard’s extent of data security knowledge goes as far as his ability to plug in his little external hard drive his IT guy gave him – I’d have a huge problem if that is the way he handled my critical information.  I’d trust the engineers at Google and Dropbox or in a data center handling managed services before I’d trust Leonard and his IT guy.

In our conversation, Leonard agreed that outsourced vendors probably do have better security, given the fact that it’s what they do for their lives (whew, a milestone). So when I asked why he still wouldn’t trust a 3rd party, it boiled down to because his clients would have a problem knowing that.  I get it.  His clients still think like he did (oh no, it’s ‘in the cloud’!).  Well, regardless of their perception, isn’t it Leonard’s fiduciary responsibility (watch out for the legal terminology!) to make sure his clients’ information is safe, regardless of what they think?

Pretend Leonard’s clients’ data was compromised (actually much more likely to happen under his in house system).  In the court of law, I wonder how a judge would rule if Leonard admitted to me he chose to store his client’s critical and sensitive information on his external hard drive when he knew about Google and Dropbox and managed services. I’m willing to bet it would go bad for Leonard.

>