Blog

Is Storing Data in the Cloud Safe?

Cloud-based services have become much more common in the last few years, adding convenience to our collection of devices we use each day to go about our business. From syncing contacts or bookmarks across machines to sharing files and backing up data, mobile devices in particular are becoming little internet machines.

But is putting all this data on cloud servers safe?

Using the cloud works similarly to any other internet-connected interaction. Your computer (or mobile device) establishes a connection with a server and exchanges information, except that most cloud-based traffic is encrypted.

One bit of safety most people enjoyed with personal computers at home is the relative anonymity of being “just another person.” Anyone is technically vulnerable to hackers, but hackers generally target businesses or higher profile individuals. The average user usually avoids trouble by blending into the crowd in this sense.

This has raised the concern about cloud servers that they’re targets simply because it’s known that a lot of people’s information is stored there. Cloud servers have teams of people monitoring and maintaining them, however, not to mention they’re armed with security far beyond anything running on most people’s personal computers.

It makes sense when data is the business model.

Like a bank, cloud providers need to ensure a high level of security so that users are comfortable putting their data there (like storing money for a bank). And just like with a bank, any system can be beaten by someone determined. But the security is intense enough to discourage 99% of malicious deeds. Competition is getting fierce between cloud providers, down to amount of space available for free and at each price point.

What none of them wants is a reputation for compromising their user base’s information, and this is good for the user.

Most cloud providers are large companies such as Google, Microsoft, and Apple. There are many others of course, but the point is that these providers have the resources to create a secure environment to store large amounts of data safely.

How to Tell If Your Email Has Been HACKED!

Most people run a lot of information through their email, and when it becomes compromised it can be inconvenient — or if it’s a business email account, both embarrassing and expensive. Often your contacts such as clients, customers, employees, or patients will start receiving junk emails from you, some of which can contain viruses or phishing scams.

That’s particularly dangerous since the email is coming from “you”, so some recipients may trust a link they otherwise wouldn’t click.

It’s important to remember that email is insecure by nature, mostly because it’s sending clear text through the internet that can be read by anyone that intercepts it. When you factor in all the places an email is duplicated, such as the sender’s PC, the mail server that actually sends it, the recipient’s machine and their mail server, it opens up more opportunities for trouble.

That last bit isn’t to scare you, but just to be clear about the technology involved and why it can be vulnerable.

Signs Your Email Might Be Compromised

Particularly if you’re using a free webmail like Gmail, Hotmail/Live, or Yahoo, an occasional check of your mail settings is helpful. This way if anything has been changed you’ll see it. A common change on webmail accounts that allow for external POP access is the activation of this feature that, by default, is usually off. If you haven’t been using POP to check your webmail, seeing this feature activated is a warning sign.

Your contacts can be another valuable sign. If your compromised email has been sending out junk to your contacts, sometimes one of them will reply letting you know or asking about the strange email they received. Since you know you didn’t send it, it’s another giveaway. If you’re curious, you can periodically review your sent items folder to see if there’s anything unusual.

Some mail platforms, like Gmail, actually monitor for this suspicious behavior. If a bunch of strange emails just went out, you’ll see a warning message the next time you log in. Gmail will tell you it either blocked a bunch of spam from being sent or that you should review it.

What You Can Do to Get It Under Control

Change your password immediately, and if you’ve used this password on other accounts that are in any way tied to this email you’ll want to change those as well. Some mail platforms ask for a secondary or backup email address, which can be handy if the spammer has changed your password before you can. This leaves another way to reset your password at a secondary address they don’t have access to.

If you’re using a native application like Outlook to check your mail, a thorough antivirus and antimalware sweep is a good idea. Some malware is designed specifically to affect email, so removing it is the only way to know the email won’t be hijacked again.

Email Best Practices

We are all about prevention, so let’s also talk about some of the things you can do to prevent any form of issues with your email.

Using some type of spam and virus filtering on your email is a must these days. If you’re using a native application like Outlook or Thunderbird to check email on your PC, your antivirus software usually has settings specific to email that you can activate and adjust. If you’re using services like Gmail or Windows Live, they come with pretty solid anti-spam and virus filters.

It’s a good idea to change your password at least every 90 days. This can be a tough habit to start if you have passwords you’ve used for a long time, but the longer you use the same passwords the greater the likelihood is that someone else will figure it out. Avoid using obvious passwords that contain kids’ or pets’ names, birthdays, or other personal information. Use a mixture of letters and numbers, as well as capital and lowercase letters.

Lastly, if you’re using email for business, never send sensitive information through an email. Because it’s un-encrypted, anyone with the right tools and know-how could intercept it and the information within. That’s why sending things like login information, account numbers, financial info, confidential client information, etc. can be a bad idea.

Wait! Before you upgrade your PC to Windows 10…

Microsoft recently released Windows 10 – the newest operating system in its lineup. You might be anxious to check out the new features and looks, but there are two important things to do first.

1. Make sure your data is backed up.

Though Microsoft assures customers that the Windows 10 upgrade is built to be seamless and error-free, it’s always a good idea to back up important files before any type of major upgrade. Users have experienced various issues while upgrading their OS in past versions of Windows, and you don’t want a weird bug during the install to be the reason you lost your crucial data.

With your essentials safely tucked away, you can begin the upgrade with confidence knowing that in the worst case you can reformat and install a fresh copy of Windows 10.

2. Check that your business applications (including cloud and SaaS apps) and hardware are compatible.

There’s nothing worse than upgrading the OS only to discover none of your applications work. This was a big issue years ago when Windows Vista first came out, and a lot of users struggled to use their printers, business software, etc.

That can cripple your operation at work and cause frustration at home. A brief bit of research – or a few questions to your IT partner – can alleviate this stress.

If you discover that not all your apps are compatible, you can either prepare alternatives or know to wait on the upgrade and avoid that headache. On the other hand, you may discover that you’ll be good to go and can upgrade with peace of mind.

Play it safe and secure! Let us help with your Windows 10 upgrade plans!

A Failure to Plan is a Plan to Fail (eventually)

A short story before we get to the point.

My parents just updated their wills and put some contingency planning into effect.  This is a great time for them to do this, because their circumstances have changed.  They have sold their house, and do not plan on living in any one place for longer than 6 months at a time.

Why should you care?  Why am I telling you this?

Because, this is a GREAT example of how most small businesses are run.  Yes, Entrepreneurs have grand ideas, and some planning, but the stuff that is more than a month or two away is fuzzy, and what is going to happen in 2015 is a guess by any stretch of the imagination.

Most business owners plan to adapt to whatever happens, and they don’t feel that writing it down is going to help them adapt.  The problem with this thinking is that while writing your plan down may not help you, it will help the people you work with and having it written down can help keep you on your preferred path.

The Plan:

So before leaving on the next stage of their travels, my parents sat down with some experts and got their stuff in order.  They are in reasonably good health, and fully capable of taking care of their affairs, so why do this now?

  1. They had not updated their plan in a while.  In fact, their old wills stated who the guardian for my brother and I would be.  >> Does your plan contain outdated information?
  2. They could be out of touch for weeks at a time. >> No matter what your role is, there are times when you are unavailable.  Will having a written plan keep your business running when you are not there to approve every single decision?
  3. Having a succession plan also means having a backup plan.  Preparing for who gets your stuff also means preparing for who can help regain access to your accounts when your wallet gets stolen overseas.  >>  What is your backup plan?  Do you have a backup for your backup plan?
  4. My brother and I have not lived in the same state in years. Depending on which one of us is closer, we need to both be on the same page, and having a written document makes it easier to ensure their wishes are respected. >> How do you make sure your plan is followed when you are not available?

I know that you have plans and ideas for your business, and while most people do not expect to fail, the statistics show that many businesses will suffer unexpected events (sooner or later).

Our recommendation:  Plan for the expected and the unexpected.  Talk to your Trusted Advisors:  your lawyer, your accountant, your insurance agent, your business coach/mentor, and your IT Professional.  And MAKE A PLAN. It doesn’t have to be perfect, it just has to be customized and a good fit for you and your business.

Heartbleed Bug: The bare facts, and the (mostly) simple solution.

Heartbleed is not a virus, but a software bug.

The Facts:

Heartbleed is an exploitable bug in the way that servers running OpenSSL with the heartbeat feature can securely communicate with devices requesting information over the internet.  The best simple description for Heartbleed that I’ve seen was done by Randall Munroe of XKCD.

Fixing Heartbleed is a two step process.  First, you patch the bug in the software, then you protect any potentially compromised information.

Who needs to patch their systems?

  • Workstations, laptops, tablets, and phones are mostly unaffected, with some exceptions:   Android version 4.1.1 phones, Cisco VOIP desk phones, some software products, including VPNs, VMware,Oracle,
  • Most servers will be fine, only servers using OpenSSL and the heartbeat feature should be affected.

If you think you are affected, or a vendor has sent you a notification that your equipment may be affected, then you need to immediately verify if your equipment is affected, and if so, ensure it has been patched.  One of the many tests available, will check your webpage for you. If you are not sure if you are affected, call or email us with questions.

 

The Fix:

Even if you don’t need to patch your systems,YOU ARE STILL AFFECTED.  Many large Internet businesses were affected, but they have since installed the patch.  To start to protect yourself, you need to change your account passwords for any affected sites.  Please remember the best practices for passwords.

1: Use separate passwords for each site

2: Make your passwords more complex  (longer is better)

3: Don’t use words found in a dictionary.

Affected Companies include:

  • Google / Gmail / Youtube
  • Yahoo / Yahoo Mail
  • AT&T webmail (hosted by Yahoo)
  • Facebook
  • Instagram
  • Pinterest
  • Tumblr
  • Reddit
  • Etsy
  • Godaddy
  • USAA
  • Flickr
  • Netflix
  • IFTTT
  • Github
  • OKCupid
  • Box
  • Dropbox
  • Wikipedia
  • SoundCloud
  • Minecraft
  • Wunderlist
  • Amazon Web Services (not Amazon.com)

The Future:

Security Experts are finding that this bug affects more systems than previously thought, there has already been another attack vector discovered called “Reverse Heartbleed”, which uses a malicious server to attack a client connecting to it.

Until all companies who have a web presence change their passwords, reconfigure their servers’ security credentials, and release updated mobile apps, DO NOT USE any mobile apps to connect to a compromised, or formerly compromised site.

Just to be on the safe side, plan to change all your passwords again in May or June 2014.