Categories
CEO Best Practices IT Best Practices

Tech Stuff :: What You Need to Know About Pokemon GO

If you haven’t already heard, Pokémon GO has quickly become the biggest mobile game in U.S. history. However, the game’s rapid rise in popularity has also raised some major mobile security concerns. Its millions of users may not be aware of the many data vulnerabilities that lay hidden within the game and its privacy policy. Are you one of them? Here are the answers to your most pressing Pokémon GO questions.

  1. What Is Pokémon GO’s Privacy Policy?

Like most apps out there, Pokémon GO does collect data about its users. When first downloading the app, users need to sign in with a Google account and grant access for the app to use your camera, data and contacts. According to the Pokémon GO privacy policy, Niantic may also collect your username, email address, IP address, the web pages you were using before logging into the game and your entire Google account. In addition, the privacy policy gives the company wide latitude for using all of this information. Niantic can hand personally identifiable information (PII) over to law enforcement, sell it off and even share it with third parties.

This full access can be a huge security risk, and Niantic recently addressed this concern with a statement saying they are fixing the bug that allowed the app to gain full access to users’ accounts.

  1. Why Is Pokémon GO a Target for Cybercriminals?

Niantic’s gigantic database of data is full of information provided by its users, which makes it the perfect target for hackers and criminals. If the Niantic servers are hacked, the hijackers could potentially have access to all of your personally identifiable information (PII). The company has offered minimal details on how it plans to store all that data, but promises that it is taking the appropriate measures to protect the large database of PII – the type of information that hackers have been increasingly targeting.

  1. What Are Other Major Security Concerns with Pokémon GO?

    Pokemon GO is creating some major mobile security concerns.
    Pokemon GO is creating some major mobile security concerns.

The public nature of Pokémon GO has caused some unforeseen side effects and attracted other cybersecurity concerns. Many fake versions of the app have been uncovered, which contain malware that can lock your smartphone and cause more harm. Also, criminals have reportedly been able to use the geolocation feature to lure players to remote areas and rob them at gunpoint. This shows that although the new game has received an abundance of positive feedback, there are some major dangers that players aren’t aware of.

  1. What Problems Can Pokémon GO Present with the Rise of Bring Your Own Device (BYOD) in the Workplace?

The vulnerability of mobile data within Pokémon GO means that there’s a greater need for managed IT security. Especially with the ongoing trend of BYOD, the likelihood of introducing unwanted cyber activity and harmful attacks via these connections is at an all-time high. If your employees are using unprotected devices when using the game, it could lead to exposing sensitive business data in the event of a hack.

  1. How Can I Stay Protected When Using Apps Like Pokémon GO?

Pokémon GO is a prime example of the various security risks that are presented with unprotected mobile devices and the growing need for managing these endpoints. By leveraging a solution like mobile device management (MDM), you can greatly reduce these risks. MDM gives you the ability to remotely wipe an individual’s data if a device is compromised. An MDM solution will also allow you to implement app management policies and put restrictions on app purchases from non-validated markets.

Categories
CEO Best Practices New Trends

Questions to Ask About Me If I’m a Professional Consultant

Do you know somebody who knows me? Are we “linked” somehow?

Here’s what I think you should generally ask that person:

  • Does he know his stuff?
  • Can he solve problems?
  • Does he listen?
  • Does he ask good questions?
  • How long has he been doing it?
  • Is he “sharp”?
  • Is he effective?
  • Is he resourceful?
  • Does he know the right people?
  • Can he communicate?
Categories
CEO Best Practices IT Best Practices

3 Ways to Boost Mobile Security

Mobile security is the protection of smartphones, tablets, laptops and other portable computing devices, and the networks they connect to, from threats and vulnerabilities associated with wireless computing. Mobile security is also known as wireless security.

Securing mobile devices has become increasingly important in recent years as the numbers of the devices in operation and the uses to which they are put have expanded dramatically. The problem is compounded within the enterprise as the ongoing trend toward IT consumerization is resulting in more and more employee-owned devices connecting to the corporate network.

Following are three ways to make sure your network is secure from mobile threats:

  1. Set a pin or passcode.

This is your first line of defense. If someone wants to access your device, they will first need to break this code. This is not an easy task, and can operate as a deterrent against theft. Some device manufacturers have an option to automatically wipe your device after a few unsuccessful attempts at your passcode or pin; so, even if your phone is stolen, your information cannot be accessed. For this reason, you should look for MSPs that offer mobile device management (MDM) in their portfolio of services.

  1. Remote locate and wipe tools.

There are thousands of applications out there, and many involve more than just crushing candy or shooting birds at pigs. Certain software can help you locate your lost or stolen device through its GPS. Apple offers a service like this for their mobile devices aptly named Find my iPhone. For Android users, the Android Device Manager offers these services. Windows Mobile users also have this option from the Windows Phone website. Similarly, many third party applications are available in each of the app stores.

  1. Keep your device clean.

Utilizing an Antivirus and Malware scanner is never a bad idea. Your phones are mini-computers, and just like your “big” computer – they need to be cleaned up from time to time. Malware and Virus threats can compromise information stored on your mobile devices. Malware has a snowball effect, and can continuously pile up until it slows downs or stops your device. Look for an MSP that offers Malwarebytes as a solution to this problem for both mobile devices and computers. It will keep your end points clean and secure from outsiders. Consider Webroot as an antivirus application that scans your downloaded apps and devices for any threats. Many MSPs offer Webroot antivirus in their managed IT services package. Equipped with Internet security, this defense will give you a heads up if it detects any malicious activity from your device’s browser.

Categories
CEO Best Practices

Agile Solutions for Everybody!

A long, long time ago, when The Internet Design Firm existed (Scott Smeester’s 1990s startup), consulting firms used to get into LONG and BIG contracts, for HUGE amounts of work. They used to generate big ‘ol requirements, and create phases in the project to make sure there was no scope creep! Changes?! Pfftt!

In 2002, Mr. Peter Provost, now of the Microsoft Corporation, paradigm shifted me into 2016, which is why I’m here now. He told me that the way we were doing it was bass ackwards. He said we should be doing smaller projects, with shorter timespans between deliverables, with the ability of the client to make changes (oh, God!). No more huge commitments! He told us this was the “Agile Development Process” and it was meant to keep software developers and clients from butting heads.

So that’s how we do business now, with our clients and with our vendors. It allows us (all) to iterate. It allows us to succeed in more projects.

** The picture of the two college guys is merely coincidental. That is not me and Peter Provost, but those types of things did happen in the vicinity of Peter. Those two cats are SO party’n! Courtesy of Sun International South Africa.

Categories
CEO Best Practices IT Best Practices

5 Ways to Stay Secure Online

Using the internet to do business brings huge opportunities and benefits, however just like a shop on the street, you need to take a few security measures to protect your business. It’s just as important as locking your doors or putting your cash in a safe, and most security issues can be addressed with simple security practices.

  1. Hook up to a network that you know.

Free Wi-Fi is tempting, but be sure that you consider who is providing the connection. Public connections at the local coffee shop are usually unsecured and leave your machine open to outsiders. While these networks provide a convenience, there are risks to be aware of.

  1. Bank and shop with caution.

Shopping from familiar websites is a good place to start. Stick with the reputable sites that are tried and true – like Amazon or eBay. Also, when checking out and finalizing the purchase, look for the ‘padlock’ symbol or the abbreviation ‘https’ in the address bar at the top of your browser. This will ensure that you are on a secure, encrypted part of this webpage. Keeping an eye on your bank statements for suspicious activity is always a good idea, among these other best practices for shopping online.

  1. Use secure passwords.

Passwords for logging into any website should contain a mix of letters, numbers, and special characters – as well as be different for each website that you log into. It can definitely be a pain to remember all of these passwords, but ask yourself which is more of a pain – remembering these, or recovering stolen personal information.

  1. Lock Your Computer.

When you walk away from your machine, lock it. In Windows, it is as easy as pressing the Windows key + L. On an Apple Mac, pressing “Control+Shift+Eject” will do the trick (unless you do not have an optical drive, then you can hit the “Power” key instead of “Eject”). This practice would be the equivalent to deadbolting the front door of your home. It acts as a deterrent to the bad guys as well as a line of defense. It may even be worth setting up a password lock on your Apple or Windows machine as well.

  1. stay-safe-onineDo not click on anything unfamiliar.

If an offer is too good to be true, it probably is. If you get an email from an unknown source, do not click any of the links within it – and immediately report it to your IT department. If a window pops up while browsing a website, immediately close it. Familiarity is always your friend. Using your judgment and trusting your gut is the ultimate defense when online. Always play it safe!

Photo: geralt

Categories
CEO Best Practices Managed Services

Holiday Cyber Scams – How to Avoid The Grinch Who Stole Christmas

 

Now that we’re officially in the middle of the holiday season, there’s a flood of emails flying through cyberspace from family, friends, online retailers and charities. This heavy online traffic makes it easier than ever to sneak in malicious emails, targeting unsuspecting users looking to connect with old friends and find holiday deals. Whether it’s a phishing scam that is trying to snag your credit card number or a malware campaign that installs unauthorized code on your system from an email link, ‘tis the season to protect yourself.

Taking Precautions

So where, exactly, do these seasonal cyberscams come from? Many of these malicious Grinches send emails from fake URLs, disguising them to appear legitimate. Faux charities are another common scam designed specifically to take advantage of your generosity during the season of giving. Even friends and family may send what looks like an innocent forward your way, only to discover that they inadvertently launched some decidedly un-cheery, unpleasantness to your inbox instead.

However, if you take some basic online protective measures you’ll be in a lot better shape to avoid the latest cyberscams this holiday season:

  • Change your email settings so that attachments aren’t automatically downloaded. This gives you more control over what gets into your system.
  • Never open attachments or click URL links in emails from unknown or unverified senders. Even be cautious of known senders.
  • Remember that cyberscammers can spoof return addresses; their malicious emails might look like a holiday e-greeting from Grandma judging from the subject line alone. If there’s nothing specific in the subject or body of the message (i.e. “Check out the great Holiday pics I took!”), it’s worth verifying with the sender before opening the attachment.
  • Never respond to requests for financial information that arrive via email. Instead, visit the applicable site or account directly from your web browser to verify any claims.
  • Always research charities and other organizations before you donate a penny.
  • Keep your antivirus and anti-malware software updated and run regular scans to keep your system squeaky clean.  Also assure that patches are applied regularly to the operating system.
  • Listen to your intuition. If something seems fishy about an email, even if it’s from someone you know, don’t download any attachments or follow embedded URLs. Again, return addresses can be spoofed to look authentic and familiar, so use caution even with trusted senders.

Spread Cheer, Not Fear

There’s no better time than the holidays to wrap up a nice bit of malicious code masquerading as an online promotion for a major sale or a holiday e-card. That’s why the U.S. Computer Emergency Response Team (US-CERT) has released a security alert that focuses specifically on how to avoid holiday-related cyberscams. Additionally, the Anti-Phishing Working Group (APWG) offers a comprehensive list of suggestions on avoiding phishing scams that are good any time of year.

The holidays should be a time for celebration. Use smart online practices to help spread seasonal cheer, and stay safe this holiday season.

Categories
CEO Best Practices IT Best Practices Leveraging the Cloud Managed Services

Your Fiduciary Responsibility to Your Client’s Data

Make the most responsible choice to protect your client’s data, regardless of what they think is the best method. They’re not the experts.

I saw Leonard the other day, and he started the conversation off like he always does; “what are your thoughts about storing data in the cloud, like Google or Dropbox or something?  My clients would have a problem with that so I keep all of their data in house.”

Leonard is a business attorney I’ve known for years, stemming from a board we were both members of.  He thinks he’d be making a big mistake by trusting his data in the hands of an outsourced entity. “If you put it on Google or Dropbox, it’s out there!” he’ll say.  Yes, it is.  But the truth is it’s out there even on your hard drive in your office if that device is connected to a computer that is connected to the Internet – which it most likely is.

Knowing what I know – that Leonard’s extent of data security knowledge goes as far as his ability to plug in his little external hard drive his IT guy gave him – I’d have a huge problem if that is the way he handled my critical information.  I’d trust the engineers at Google and Dropbox or in a data center handling managed services before I’d trust Leonard and his IT guy.

In our conversation, Leonard agreed that outsourced vendors probably do have better security, given the fact that it’s what they do for their lives (whew, a milestone). So when I asked why he still wouldn’t trust a 3rd party, it boiled down to because his clients would have a problem knowing that.  I get it.  His clients still think like he did (oh no, it’s ‘in the cloud’!).  Well, regardless of their perception, isn’t it Leonard’s fiduciary responsibility (watch out for the legal terminology!) to make sure his clients’ information is safe, regardless of what they think?

Pretend Leonard’s clients’ data was compromised (actually much more likely to happen under his in house system).  In the court of law, I wonder how a judge would rule if Leonard admitted to me he chose to store his client’s critical and sensitive information on his external hard drive when he knew about Google and Dropbox and managed services. I’m willing to bet it would go bad for Leonard.

Categories
CEO Best Practices IT Best Practices Managed Services

4 Immediate Action Items Following a Ransomware Infection

 

It is always best to do everything you can to stop your computer from getting infected with any malicious software. Taking some simple steps, like having adequate security software (antivirus and anti-malware) installed on your computer, applying OS security patches, not clicking on suspicious email links that you don’t recognize and not opening unexpected email attachments, are all sensible precautions that everyone should take.

What to Do If You Get Infected with Ransomware

Even if you do try to protect yourself from attack, sometimes malicious code can still end up on your computer. If your computer does become a victim of Ransomware (such as Cryptolocker) there are some steps you can take to mitigate the damage.

  • Ignore the ransom demand – DO NOT even think about paying the ransom demanded. The demand does not come from any legitimate authority and there is no guarantee that if you pay the money you will ever get your files unlocked. If you pay, you are just passing your money into the hands of criminal gangs and encouraging them to continue with their illegal activities.
  • Remove the Ransomware from your computer – Although Ransomware may appear particularly threatening, it is just another form of malware. There are many companies online that offer malware removal tools, including Microsoft and Bitdefender. Both of these sites offer detailed instructions on how to eliminate the Ransomware from your computer. It is wise to remove the Ransomware as soon as possible. The longer that you leave it on your system the more opportunity you are providing for the malware to spread, both encrypting your files further and potentially spreading to others’ computers.
  • Update your antivirus, anti-malware software and patch your OS – If your current antivirus protection lets the Ransomware get on to your computer, then there is likely a problem with it. It may be corrupted, or perhaps it is not being updated regularly with the latest antivirus definitions. If you are going to properly protect your computer system in the future, it is vital that you have a working antivirus program installed. If your software isn’t up to date, either update it immediately or uninstall it and replace it with a new one that will offer you adequate protection. Once you have the new antivirus software installed it is always a good idea to run a full scan of your system to make sure there are no further problems that need to be dealt with on your computer.
  • Update your passwords – Once you regain access to your computer it is a sensible precaution to change all of the passwords that you use to access websites. If your anti-virus protection has been breached you have no idea what information may have been gathered from your system. The safest approach is to change all of your passwords and access codes and then monitor your accounts for any indications of suspicious activities.

Always Backup Your Files

Once your system is infected with Ransomware, it is likely that you are going to suffer some damage or loss to your computer files. The best preventative measure you can take is to regularly backup your files on an external system (either other hard drive or in the cloud – or both!), so that if your computer is taken hostage, you have your files in another location. However, if you do find yourself infected, removing the malware quickly and following these simple steps can minimize the damage and reduce the risk of further infection as much as possible.