Systems and Software Inc
News .

Security Best Practices

Security Best Practices

Passwords

Tip: Use an 8+ character password with mixed case/numbers/symbols along with 2FA (Two-Factor Authentication)

Passwords are among the first lines of defense to fail. It won’t surprise anyone that the two most commonly used passwords are ‘123456’ and ‘password’. Many of us are afraid to create complex passwords for fear of forgetting them.

The easiest method to harden your password security is to think of at least three 8+ character passwords with mixed case/numbers/symbols. ‘Mentally label’ each of the three passwords as green/yellow/red. Choose the green password for the lowest security sites that have no real personal info — save the red passwords for banking or shopping sites that retain your account numbers and credit cards. As these passwords are used for more and more sites, rotate out your green password and replace it with yellow and red — making them the new green password. Lastly, establish a new red password for your highest security sites.

Even an 8+ character password, though, can be guessed by special hacking computers within 5-6 hours. We must also pair our complex passwords with 2-step verification or 2-factor authentication where a successful login then prompts us to confirm our identity with a code sent to our mobile phone or email address. Google has supported 2-Step-Verification for years and if not already using it for your Google/Gmail accounts, you should enable it immediately.

Any site that holds sensitive information that does not support 2FA, should really be reconsidered as a site you continue using or at least should have a 12 or 15 or 20 character complex password — or better, passphrase such as, “my b1rthplace 1s Cleveland” (include spaces).

Website Security

Tip: Login to websites only if they display a ‘lock’ in the address bar

Websites that require a user to login with an established username and password are responsible for protecting the information they retain — passwords, addresses, credit card info, etc — with a security protocol called SSL. This protocol prevents unauthorized websites to mimic or ‘pose’ as valid sites and also prevents ‘eavesdropping’ of data while traveling between your computer and the site.

You can recognize websites that have established this security certification by looking in the web browser address bar when visiting the site.

 

Make it a policy to check for this security ‘lock’ before logging into any website and entering any personal information.

 

Web Browser

Tip: Use a Standards Compliant Web Browser such as Chrome, Firefox or Safari.

Your continued use of Microsoft’s Internet Explorer may be the cause of your past computer infections. The standards used to deliver web data have been notoriously non-standard when involving Internet Explorer historically. Though recent versions (like Microsoft Edge) have improved, there is little reason to maintain a loyalty to IE. Even if a website recommends its use, consider an alternative website that does NOT require it. Your security may be at risk.

Popular browsers like Chrome, Firefox and Safari allow for plug-ins, or helper programs, to add features and functionality by 3rd party software companies. We recommend adding the HTTPS Everywhere plug-in to your web browser. This plugin enforces the use of SSL or https on websites.

 

VPNs

Tip: Install a browser based or standalone VPN (Virtual Private Network) service for ~$4/month

Although mostly used by computer techies and foreign dissidents speaking out against their censoring governments, the use of VPNs is gaining attention in today’s security addled climate. This PC Magazine article best describes the function of a VPN and the excerpt below offers a brief summary.

We use and recommend KeepSolid’s VPN Unlimited which is reviewed in the article and selected as an Editor’s Choice.

What Is a VPN?
A VPN is a lot more than just something you need for remotely accessing your work files. When you switch on your VPN, it creates an encrypted tunnel between your computer and the VPN server, which can foil hackers or even government snoops trying to eavesdrop on your activities. From the server, your web traffic travels off into the public internet, but your actual IP address remains hidden. Data-hungry website advertisers see the IP address of the VPN server instead of your own. We recommend using a VPN as often as you can, but especially when your PC is connected to a public Wi-Fi network. When you hop on an unsecured network at the airport or coffee shop, you have no way of knowing whether the network is what it claims to be. Instead of a convenience offered to thirsty customers and weary travelers, the network could have been created by a hacker looking to intercept your data.  VPNs can also be used to disguise your actual location, which is why these services are often used by journalists and political activists operating in countries with restrictive internet controls.

Recovering a Stolen or Hacked Gmail Account

Q. Does Google have a precise protocol for restoring a hacked Gmail account?

A. Google has two plans of action for compromised Gmail accounts, and the one you use depends on whether you can still sign in to the hacked account. Even if you suspect that your account has been hacked, try logging in anyway. Warning signs of a hijacked email account can include friends complaining of suspicious messages from your address, logins from unknown gadgets shown on the Recently Used Devices area of your account activity page, missing contacts or messages, or even Gmail’s own security alerts based on your last account activity.

Photo

When you turn on two-step verification in your Gmail settings, you log into your account with both your password and a code sent to your phone. CreditThe New York Times

If you can still get into your account, immediately change your Gmail password. While you are in your Gmail security settings, turn on two-step verification, which requires both a password and a code (sent to your smartphone) to log into your account — an extra step that stops those who merely crack your password. Google’s Gmail Help site has a security checklist that offers further suggestions, and the federal government’s site for Internet awareness,OnGuardOnline.gov, has a few safety tips as well.

If you cannot get into your account, fill out the account recovery form on the Gmail Help site. It may take a frustrating bit of time to regain control of your account, but once you do, visit your Gmail security settings to update the recovery options you can use (like an alternative email address or a mobile phone number) to regain access to your account if someone else tries to steal it. To avoid losing your address book from a compromised account, you should also consider exporting your Gmail contacts to a backup file for safekeeping.

Dropbox finally adds Gmail Compose Integration

Dropbox for Gmail extension

The Dropbox for Gmail extension makes attaching and viewing files simpler and more powerful:

  • Easily send large files. Just click the Dropbox icon in the compose window, select files or folders, and click Insert Link(s). No waiting for uploads to complete, no file size limit, and no eating up space in your inbox.
  • Say goodbye to zip files. Attach folders and multiple files instantly, without having to zip files up.
  • Send files to anyone. Even if they don’t have Dropbox or the extension, recipients can see and download the attachments you send them.
  • Quickly save files sent to you. Add files to your Dropbox with a click so you can access them anywhere.

Get started today by downloading the Dropbox for Gmail extension from the Chrome Web Store. If you already have the extension installed, you’ll receive the update automatically. You’ll also notice that you can now select multiple files, as well as folders, when you share.

Windows 10

 

 

 

 

 

The New York Times review of the Windows 10 release offers us a sober and articulate summary of what Windows 10 will offer.

5 Safety Concerns with Cloud Data Storage, Answered

5 Safety Concerns with Cloud Data Storage, Answered

cloud keyStill a relatively new innovation, cloud storage has attracted a lot of scrutiny in recent months. Before entrusting sensitive data to third party storage facilities, consumers want to know that their information is going to be stored safely and reliably. And is it? The simple answer is yes. Despite scare tactics devised by hackers to undermine consumer perception of the cloud, cloud storage remains one of the safest ways to store your data today. Let’s take a look at why.

 

 

1. If the Cloud is Secure, How was Apple’s iCloud Hacked?

After the well-publicized attack on Apple’s iCloud, polls showed an immediate drop in the popularity of cloud storage. Users reported feeling more vulnerable, and began questioning the security of their own personal data. But what really happened? The headlines said that the cloud had been hacked, that nude pictures had been stolen from the private accounts of 26 celebrities. While the photos were indeed stolen from the victims’ personal accounts, the important distinction that the popular media never made was that the cloud wasn’t hacked. The breach was a result of vulnerabilities in Apple’s password security system, enabling persistent hackers to guess the passwords and security questions of select users. The cloud itself was never actually breached.

2. How is the Cloud Protected?

To keep data secure, the front line of defense for any cloud system is encryption. Encryption methods utilize complex algorithms to conceal cloud-protected information. To decipher encrypted files, would-be hackers would need the encryption key. Although encrypted information is not 100% uncrackable, decryption requires a huge amount of computer processing power, forensic software, and a lot of time. Can it be done? Yes, the only way to keep your data safe for certain is to lock it up in a safe beneath the ground. That being said, your cloud-stored data is generally safer than your locally stored data. Cloud services utilize more complex security methods than the average computer owner is able to devise, giving your cloud-stored data an added level of protection.

 

3. What Can I Do to Help Keep My Cloud Data Safe?

Keeping your data secure is your responsibility as well as your cloud provider’s responsibility. As hackers demonstrated through the celebrity iCloud breach, poor password security can give cybercriminals an all-access pass to your private data. To keep your password safe, avoid using the same password over multiple platforms; add letters, numbers and symbols to your password, and do not utilize a password that is in any way related to your personal life. Any hacker worth his salt will know your address, your husband’s name, the type of car you drive and your favorite restaurant.

Data security is a major concern, and although options are currently limited, they exist. The most secure is likely a military grade encryption from providers like Credeon or nCrypted Cloud. This allows users to encrypt and store data with their own specifications, and securely share files with other parties that can view files with a key management system.

However, the biggest cause of concern for Cloud storage isn’t hacked data, it’s lost data.

 

4. Is Cloud Storage Really Reliable?

Your data might be safe if the system that it is stored on has failed, but that won’t do much to mollify you in the event of a system outage. While cloud storage keeps your data secure from fires, floods, hurricanes and computer meltdowns, it is still vulnerable in the sense that it is in the hands of a third-party system. Fortunately, since there are no geographical limits to cloud storage, you don’t have to use your local Joe schmo’s cloud services. Before selecting a cloud storage provider, do your research. Top cloud providers can keep your data safe and consistently accessible. If the company you are working with has a history of data loss and security breaches, then it’s time to move on to a new provider.

Cloud storage is much more reliable when used in tandem with another storage system, such as Google Drive. As stated earlier, the biggest concern with cloud storage is lost data, not hacked data. But that issue is eliminated if the cloud is used more as a “sharing” platform instead of a “storage” platform. By taking shared files and storing them into something like Google Drive, you can ensure that if your data are lost, you can easily locate them through the other platform.

 

5. Who is Currently Using Cloud Storage?

A recent poll stated that 86% of companies not only use extensive cloud storage systems, but multiple cloud storage systems. The survey consisted of companies from 80 different countries and collected data from as far back as 2005, before cloud storage became a hot button issue. 30% of business of 1 storage account, 16% have 2, 12% have 3, 8% have four, and 19% have 5 or more (with 13% having 0 accounts).

So what does this mean? It means that most companies either trust cloud storage enough to incorporate it significantly in their data storage efforts, or that the benefits of cloud storage are so great that it’s worth the risk. Nevertheless, the trend is not stopping. Cloud usage has seen an exponential rise every years since 2009.

So although safety seems to remain a concern, despite the guidelines and practices put forth by experts in the field, big companies are still investing resources in acquiring and developing the storage platform. Which means that cloud optimization and security will mimic the rise in its popularity.

New Dropbox Pro plan offers 1TB of storage, sharing controls for $10 per month

Dropbox is consolidating its three Pro account options into a single plan that’s priced at $9.99 per month and includes 1TB of storage and added controls for document sharing and security.

The Pro plan is aimed at freelancers, contractors and other workers who want more storage and tools than come with the free Basic plan, which starts at 2GB, but for whom a Business account might be overkill.

Previously, Dropbox had three different Pro plans with 100GB, 200GB and 500GB of storage, priced at $9.99, $19.99, and $49.99 per month, respectively.

In addition to a terabyte of storage, the new plan includes several features for collaborating with clients. There’s “view-only” permissions, which an interior designer could use to let a client see a mockup of a design but not make changes to it, for instance.

Users can also password-protect links to documents and folders, and apply expiration dates to links, so—for example—a wedding photographer could provide access to a group of photos for a limited amount of time.

dropbox pro password
Dropbox’s password feature in action. 

Finally, there’s remote wipe feature. If a user loses their mobile device, they can log on from another computer and have Dropbox stop syncing to that device and delete the files on it the next time it comes online.

The new Pro plan aims to provide a more compelling option for those willing to pay for online storage, but Dropbox is competing with larger competitors like Google andAmazon who continue to slash prices and increase the storage they offer.

In March, Google cut the price of its 1TB Drive plan by 80 percent, from $49.99 to $9.99, and Amazon cut the price of its 1TB S3 plan by 65 percent, $0.03 per GB per month.

The Dropbox for Business plan, which includes the sharing controls in Pro plus many admin tools for employers, starts at $15 per month for five users.

10 Tips for Google Apps Success

  1. Learn to search!  The search bar is already your favorite part of Gmail — use it better! Click here. Read “Why can’t I sort my email?” to learn one of the core principles of using Gmail.  Other principles can be found here.
  2. Change your password.  Your initial password is known to others so if you will be sending or receiving sensitive email, please change this password now.  Click ‘Settings’ in the upper right of your Gmail window and then ‘Accounts.’  ‘Google Account Settings’ will appear at the top of the screen.

  3. Consider changing your web browser.  Microsoft’s Internet Explorer is not the only program for browsing the internet — others are faster and less prone to “feature bloat” and malware.  Consider Mozilla’s Firefox or Google’s own Chrome browsers.  When using Gmail, they will not produce the obtrusive messages you will see with Internet Explorer. Internet Explorer 10 is the exception — use if you wish (Windows 7 only).

  4. Practice attaching a document.  If you are unfamiliar with this process, please click here for help.  If you use Firefox or Chrome as your browser, you can drag and drop your attachment as shown here.

  5. Try out your calendar.  The Google calendar system is one of the most powerful features of your new system and can dramatically improve your office scheduling.  Please attempt to add to your personal calendar and to create shared calendars.  Create a Calendar and share it.

  6. Want to add your company logo to your signature?  The easy to follow instructions are found in this document.  You can create documents like this to share among your co-workers using Google Docs.  For a brief introduction to Google Docs, click here.  Create a Google Document and share/edit it with someone.

  7. Check your Signature settings: Select “Insert this signature before quoted text in replies and remove the “–” line that precedes it.”

  8. Among your email settings is a “Labs” menu where optional features can be enabled or disabled.  Experiment with some of these features.

  9. Create, Drag and Drop Labels.  Change colors to help you identify mail as it resides in your Inbox or elsewhere.

  10. Create a Group in Contacts and select the group when composing an email.

Visit http://gahelp.yougetIT.net for these and other learning resources.  Handouts for training classes can be found here.  The official Google training site is found at http://learn.googleapps.com.

 

The State of Maryland goes Google

                     On January 17, 2014, the State of Maryland announced it would move its messaging infrastructure to Google Apps.  Some 54,000 state employees will join the 2000 State Police employees already using Google Apps to streamline messaging and collaborate on workflow. Read the full article here.

NYTimes – Dropbox Aims at Business

nytimesDropbox

 

The popular online storage service is introducing a business version. To this increasingly crowded field, Dropbox brings some interesting security and management features, a large developer community, and perhaps most powerfully, a different take on enterprise software: The company has control, but the worker is the center of attention.  Read more. . .

Travel Expenses

In an effort to clarify our invoices and comply with accounting best practices, we are now detailing the actual travel time incurred for on-site visits which are billed at 1/2 the standard rate. Please note that travel expenses may vary to account for tolls, parking and unexpected traffic conditions.