A few weeks ago, I was surprised to get a call from Microsoft offering to help “fix my window”.  This was surprising because:

1. My window wasn’t broken and having worked at Microsoft for a while, I’m pretty sure we don’t do home repairs.
2. Microsoft doesn’t call people out of the blue to offer technical support (I knew what he was really talking about).

When I replied that I didn’t realize that Microsoft had anything to do with the windows on my house and there wasn’t anything wrong with them, the caller quickly set me straight.  This was about my computer and he was going to help me, all I had to do was give him some information and then install a program on my PC.

Continue Reading

Here is a great website for anti-fraud in Canada.

Here is a great information graphic produced by Microsoft.

Federal agencies that have adopted cloud computing have already saved approximately $5.5 billion, according a federal IT consortium that McKendrick quoted in his article. The real question here is where will those savings go? Will they be distributed evenly among programs like Medicare and Social Security, or will they go to pay for things like education and struggling state governments? Obviously, we’ll just have to wait and see. Still, the federal government’s decision to embrace cloud computing will set the tone for the entire country.

According to a report issued in February 2011 by the federal government’s chief information officer Vivek Kundra, “cloud computing has the potential to play a major part in addressing inefficiencies and improving government service delivery. The cloud computing model can significantly help agencies grappling with the need to provide highly reliable, innovative services quickly, despite resource constraints. For the Federal Government, cloud computing holds tremendous potential to deliver public value by increasing operational efficiency and responding faster to constituent needs.”

As with any organization, the federal government also worries about security. Government agencies have fallen victim to hackers in the past and probably will again in the future. For this reason, it’s important that the U.S. government follow the same advice that many MSPs give to their own clients: Be careful what you put in the cloud. Although government agencies make use of safety features such as complicated passwords and encryption, they still would be wise to avoid putting classified information in the cloud. There’s no such thing as a fail-proof safety measure.

In many ways, storing documents in the cloud can be safer than locking paper documents away in a file cabinet. For one thing, paper documents can easily get misplaced or misappropriated if they’re left lying around. When they’re in the cloud, something as simple as a password prevents unauthorized individuals from accessing important documents. Encryption, of course, makes transferring those documents between departments or organizations faster, safer and less expensive than using FedEx or a personal courier.

According to McKendrick, who quoted statistics from a survey of 108 federal IT managers, 48% said their agencies were moving collaboration tools to the cloud, 47% said that they were moving email to the cloud, administrative applications (43%), conferencing software (28%) and “mission applications (25%) rounded out the top five cloud-based applications that federal agencies and organizations are currently implementing.

Many in the U.S. would say that it’s about time the federal government started taking serious strides to cut spending. Others might worry that adopting cloud computing is a bad move. Honestly, it’s an inevitable move. How can the United States ever hope to remain competitive either in business or politics if its led by a government that clings antediluvian ideals.

It’s unclear how New Jersey authorities intend to enforce this new law, but if someone is caught texting while walking, he could be cited for jaywalking and fined as much as $85. This may sound silly, especially to those who regularly commit this offense, but it really isn’t.

If it hasn’t happened already, it’s only a matter of time before someone carelessly steps out into traffic and gets hit by a car, truck or bus or causes an accident. Watching people walk into walls and stumble into water fountains because they’re more focused on looking at their cell phone screens than looking where they’re going is amusing. So is seeing people walking down the street and bumping into trash cans and lamp posts. What wouldn’t be funny is to see someone disappear into an open man hole or fall down a flight of stairs. But these things can and probably do happen, whether we get to see them on YouTube or not.

So far, texting while walking hasn’t caused as much pain and suffering as texting while driving has. Still, it can’t hurt to stop, step aside, send your message and then continue walking. There really are times when multi-tasking isn’t a good idea.

Search Security defines spear phishing as “an email spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data.” Spear phishing emails can look like résumés from job applicants, invoices from vendors or invitations to conferences. The hacker’s goal is to get the recipient to share confidential information such as usernames and passwords, click on links to malicious websites, open tainted documents or get involved in some kind of underhanded activity.

In her article for Entrepreneur.com, Riva Richmond warns that spear phishing emails are crafty. Hackers will address the emails to specific employees and even go so far as to mine LinkedIn for enough information to lend the emails greater credibility. Both large and small companies have fallen victim to frighteningly plausible spear phishing emails, which resulted in the loss of intellectual property, among other things.

Because it’s so difficult to discern a spear phishing email from a legitimate one, Carnegie Mellon University associate computer science professor and founder of Wombat Security Technologies Jason Hong created a phishing filter. Hong also provides free email training demos to help you and your employees to become more adept at recognizing nefarious email messages.

Nobody wants to fall victim to a spear phishing email. There are ways to recognize them such as receiving a résumé when your small business isn’t hiring. Trying Hong’s phishing filter could certainly be helpful, but it’s still a good idea to teach your employees how recognize and report dubious emails. Because even a phishing filter can make mistakes.

Just in the last week, two new Ransomware scams were found in the wild. One scam accuses the end-user of copyright violation, as content was found on the victim’s PC and has been moved to an encrypted directory. To release the encrypted data, and to prevent violating the law any further, the user must pay US$80 with the PaySafeCard, which is a card system specialized in prepaid payments. This particular scam is focused on the U.S. and Europe.

The second ransomware scam locks the PC and asks the user to pay a fine for allegedly violating several laws as their IP address was involved in illegal online activity. It’s called the “Police Trojan” because it scared the user with rogue messages that are supposedly from law enforcement agencies. This bit of malware focuses on the U.S. and Canada, and the victim is asked to pay a US$100 fine through Paysafecard. The message shows the logos of supermarkets and chain stores where Paysafecard vouchers can be bought.

Trend Micro researchers said: “What is becoming crystal clear is that the same Eastern European criminal gangs who were behind the fake antivirus boom are now turning to the Police Trojan strategy. We believe this is a malware landscape change and not a single gang attacking in a novel way.”

The following tips, offered by Jason Fell for The Daily Dose could help you know what to do and where to start.

1. What needs to be protected? In my opinion, everything you store on a computer or mobile device needs to be protected. Your clients’ and employees’ personal information should absolutely be protected by encryption, passwords, firewalls and anything else you can think of.
2. Speaking of passwords, make them complicated. Part of making passwords complicated is either making them as impersonal as possible and/or complicated. Include numbers, symbols and a mix of capital and lower case letters. Long words or phrases increase the difficulty level. Change passwords periodically and if you have to write them down, don’t keep them taped to the underside of your computer monitor or desk drawer. That’s like hiding your house key under a flower pot on your porch. It’s the first place a thief would look.
3. Of course, you need to have a backup plan. If disaster strikes, regardless of its form, you need to have an established, well-rehearsed backup recovery plan. Don’t wait until you need lost files to find out whether or not they were indeed properly backed up and that you can actually recover and use them.
4. Use encryption. If you allow employees to store important company files on portable devices like laptops, tablets and smart phones, then make sure those files are encrypted as well as password protected. That way, if a device should get lost or stolen, your important business files will most likely remain safely hidden from prying eyes. Even if important files never get transferred to mobile devices, encrypt them, just in case someone finds a way to infiltrate your network.
5. Security software is your friend. Protect all company devices with security software, even smart phones. Viruses and malware can infect smart phones just as easily as they infect computers. Use firewall protection as well. Avoid using public Wi-Fi connections whenever possible.
6. Upgrade regularly. Anytime your security software needs to be upgraded, do so. Some software programs have automatic updating options so that you always have the latest protection against the latest threats.
7. Training, training, training. If you don’t teach your employees how to recognize phishing scams and get them in the habit of using passwords, encryption and security software, then they’re not going to know what to do.

No matter how large or small your business may be, you need to protect it from hackers. But keep in mind, that more businesses have their important data compromised unwittingly by ignorant employees. Don’t let this happen to your business. The time and money you spend on establishing stronger cyber security measures will payoff in the long run.

As Apple explains it, “An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log where other users of the system could read it.”

In other words remote administrators and anyone with physical access to your computer could see your login password because the debugging feature causes passwords to be saved as plain text. Obviously, that’s not a good thing. Because the compromised information could remain on your computer in its compromised plain text state even after you’ve installed the 10.7.4 update, Apple also provides instructions for safely removing it here.

Apple has also listed here a host of other vulnerabilities that the OS X Lion 10.7.4 update should eliminate.

When it comes to security updates for your computer, especially the kind that fix security gaps like the one in FileVault, it’s a good idea to install them as soon as they’re available. You should also be proactive and if your computer has one – and you haven’t done so already — enable the automatic update feature. This ensures that you always have to latest technology available. And, at least in the case of Microsoft customers, when something goes wrong and a patch has to be issued, those whose computers update automatically get those patches installed sometimes, before the customers even know a problem existed.

So, if you schedule an event to teach people about Internet security, make attendance optional. And with that, chances are, you’ll only have about 5% of your office population show up, and that 5% will consist of, primarily, the people who need the training the least. Why conduct a study in futility? There are easier, more effective ways to provide your employees with Internet security training and establish the kind of good habits that will make your business less vulnerable to either internal or external cyber threats.

Here are six steps to a successful Internet security awareness training program:

1) Formulate and make easily available a written Security Policy. Each employee needs to read the document and sign it as an acknowledgment of his/her understanding of the policy and a promise to apply it.
2) Give all employees a mandatory (online) Security Awareness Course with a clearly stated deadline. It is highly recommended that you explain to them in some detail why this is necessary.
3) Make the Security Awareness Course part of the onboarding process of each new employee. This sets the tone right away, making it easier for new employees to adopt the good Internet security habits that you want them to practice.
4) Use regular, periodic testing to keep employees on their toes and security top of mind. Sending a simulated phishing attack once a week is an extremely effective way to keep them alert.
5) Never publicly identify an employee who fails a simulated attack. Let the employee’s supervisor or HR take this up privately. Give a quarterly prize for the three employees with the lowest ‘fail-rates.’ Competition motivates people far better than humiliation does. Survey your employees to find out what prizes they would most like to have. This increases their sense of motivation because they’ll be competing for items that are of real value to them.
6) If you use posters, stickers and/or screensavers, change the pictures or messages monthly. After a few weeks, people simply don’t ‘see’ them anymore. It’s more effective to send them regular ‘Security Hints & Tips’ via email. You could further engage your employees by inviting them to share their own hints and tips such as mnemonics that they use to memorize passwords or lists of rules such as how to recognize phishing scams, etc.

You know it’s important for your employees to have Internet security awareness training, but you also know that training classes just don’t work sometimes. So, you’ve got to get creative in order to eradicate those bad habits that have the potential to ruin your business and put your employees out of work.

You may recall that the FBI, back in November 2011, began warning people about the DNSChanger virus that allowed Estonian-based hackers to gain control of people’s computers and redirect close to 600,000 unsuspecting victims to websites with bogus software or money-making advertisements. Two “symptoms” of the virus include a sluggish Web browser and an inability to update, activate or install security software.

You may also recall that the Federal Bureau of Investigation (FBI) used government computers to help people with infected computers maintain Internet access. The FBI never intended for this solution to last forever. It was a temporary fix that will expire on Jul. 9. Anyone who hasn’t rid his computer of the DNS Changer virus by then will find himself unable to access the Internet on Jul. 10.

In a post on its website, the FBI cautioned, “It is important to note that the replacement servers will not remove the DNSChanger malware — or other viruses it may have facilitated — from infected computers. Users who believe their computers may be infected should contact a computer professional. They can also find additional information in the links on this page, including how to register as a victim of the DNSChanger malware. And the FBI’s Office for Victim Assistance will provide case updates periodically at 877-236-8947.”

According to Fox News, federal officials had originally intended to discontinue their temporary fix on March 8, but a federal judge in New York issued a four-month extension to give people more time to get their computers fixed.

If you don’t know whether or not your computer has been infected with this virus but would like to find out, you can do so on the FBI’s security partner’s website DCWG.org.

Emergency calling on any network

The Emergency Number worldwide for Mobile is 112. If you find yourself out of the coverage area of your mobile network and there is an Emergency, dial 112 and the mobile will search any existing network to establish the emergency number for you, this number 112 can be dialed even if the keypad is locked.

How to disable your Mobile phone, if it goes missing.

To check your Mobile phone’s serial number, key in the following digits on your phone: *#06#.

A 15-digit code will appear on the screen. This number is unique to your handset. Write it down and keep it somewhere safe.

If your phone is stolen, call your service provider and give them this code. They will then be able to block your handset. This will completely stop anyone using your cellphone even with a different SIM card. You probably won’t get your phone back, but at least you know that whoever stole it can’t use/sell it either. If everybody did this, there would be no point in people stealing mobile phones.

Free directory search – using a phone number

Cell phone companies are charging us $1.00 to $1.75 or more for 411 information calls when they don’t have to. Most of us do not carry a telephone directory in our vehicle, which makes this situation even more of a problem. When you need to use the 411 information option, simply dial:

(800) CALL-411 or (800) 225-5411

Free directory search – using texting

If you need to find an address or phone number of a business just text 46645 (GOOGL). Then put in the criteria you are looking for (Name of Business) (Town). The more details you enter, the more accurate it will be.