Should you use Full Disk Encryption (FDE)?

by

Image result for disk encryptionWe get asked this often, usually after a client has attended a seminar on computer security. The answer is… it depends. Mostly it depends on what your expectation is. Most people are looking for something that “will protect them”, and should be “automatic”. Well, keep looking, because FDE is not the panacea you’re looking for.

Full Disk Encryption essentially locks a disk, so it can’t be looked at, or booted, unless a password is entered. If you enable FDE on a computer’s primary disk, it will prevent the computer from being turned on without a password. If you enable FDE on a flash drive or other removable media, you won’t be able to look at that drive until the proper password is entered.

Unfortunately, FDE does NOTHING to protect you once the password has been entered. That means that once you’ve entered your password and booted up your computer, you are still vulnerable to viruses, malware, infected attachments, dangerous web-links and illicit remote access. In fact, FDE pretty much only protects you from the theft of your computer or portable USB media.

Don’t get me wrong, FDE does provide an extra measure of security, but its benefit is best used on laptops and flash drives containing sensitive data.

Full Disk Encryption also has some downsides worth mentioning:
⦁ FDE is not available in all versions of Windows and will not operate on all chipsets.
⦁ FDE may make your system “non-standard” and could interfere with some programs or utilties.
⦁ FDE may slow the performance of the hard drive.
⦁ FDE may render your hard drive useless if it develops corruption or bad sectors.
⦁ FDE may interact with some virus/malware to make the hard drive useless.

By all means, use FDE if you want extra security and can deal with the downsides… but just don’t think FDE solves all of your security issues. In the grand World of Security, FDE is the answer to maybe 1% of your potential problems.

BTW – FDE is known as “BitLocker” in Windows. Other popular FDE products are TrueCrypt, VeraCrypt, CheckPoint, and DiskCryptor

Warning – Email attachments are not secure!

by

Image result for email danger attachmentsMicroSupport is reminding our law firm and CPA clients of the dangers of Email attachments.  No, this has nothing to do with malware, viruses, or phishing.  This reminder is about legitimate emails containing authentic attachments coming from (or going to) your clients.  These attachments are NOT SECURE and may expose private, sensitive, information to the criminal underworld.  Names, birthdates, account numbers, financial data, SSN, credit card numbers or other information that can lead to identity theft.  Or sensitive, proprietary information relating to your clients’ businesses or private lives.

Email attachments are not only insecure while they are being transmitted, they represent a point of exposure while they are sitting in your mailbox, often for years.  From anywhere in the World, a hacker can wreak havoc if they get into your mailbox.

We recommend that you stop receiving insecure Email attachments from your clients… Instead, set up a secure file transfer system, for as little as $20 a month.

Also, we recommend that you turn on 2 factor authentication for your Email.  This way, even if a hacker has your Email login and password, they can’t get into your mailbox.

Call us at MicroSupport (602-692-7300) if you’d like help with either of these important security protections

 

Beware the Fake Tech Support Scam

by

BEWARE – It happens every day… scammers are after your money or personal information. It usually happens one of three ways:

  • They call you on the phone – pretending to be from “MicroSoft”, “Windows”, Dell, or a generic techie sounding name.
  • They tell you to call a phone number – via an annoying pop-up or voice on your computer.
  • You call them – thinking you’ve found a legitimate tech support company via a Google search.

In each case, they’ll tell you a great story that has been honed by thousands of calls to other people. They’ll attempt to convince you there is something very wrong with your computer, or that you’ve been hacked and are at risk of identity theft or worse. In most cases they will get into your computer remotely to “fix things”. Of course, things are worse than they thought, and they will need money to fix things. They’ll scare you in many ways and may even run programs that generate false error messages.

These bad guys will take every opportunity you give them. One of our clients admitted to giving them 3 different credit card numbers, as the crooks kept saying “oh, that one was declined”. Another read them the routing numbers from the bottom of a check. And another realized something was up as she found herself driving to Target to buy $1500 worth of iTunes gift cards!

It doesn’t stop at taking your money. While they are in your computer, the crooks can find names, numbers, account information, passwords, birthdays, and banking information.

A recent Microsoft survey showed 15% of the people surveyed had received fake tech support calls. Of those, 22% admit to falling for the scam, including letting the bad guys into their computers, and even giving them money. The average financial loss was $875, plus over half reported subsequent computer problems.

The bad guys are hard to catch, but thanks to efforts from companies like Google and MicroSoft and Federal authorities, they are being taken down every day. Unfortunately, it seems two pop up for every one taken down.

Don’t become a victim! Don’t fall for the Fake Tech Support Scam!

The Spectre Meltdown CPU issue

by

By now you’ve heard the news… there is a basic design flaw at the heart of many computer chips (CPUs) that leave systems using them open to attack.  It’s bad and there is not much you can do.  There are really at least two flaws, which can affect Billions of devices currently in use… computers, smartphones, and countless other devices.

Perhaps the only good news is that there haven’t been any widespread attacks, and the industry is scrambling to patch things up.

What can you do??? Not much.  Keep your computers and anti-virus/anti-malware products updated, update your hardware (firmware), and be extra careful with your use of the Internet.   The bad news is that the cyber criminals will undoubtedly take advantage of the hysteria, and will be creating fake updates.  And there’s the occasional problems caused by legitimate updates themselves… Buying a new computer won’t help, as all existing chip designs contain the flaw.

The problem and fix is quite complex, and will take years to sort out.  The only things we have right now are a couple of free tools, created by Ashampoo and Steve Gibson, that tests your system and reports on your status.  Neither tool actually do anything to fix the problem.

Ashampoo tool:  https://www.ashampoo.com/en/usd/dld/1304/spectre-meltdown-cpu-checker/

Steve Gibson’s tool: https://www.grc.com/inspectre.htm

Computer Viruses, Malware, and Data Security… Yours and Your Clients’

by

It usually starts with a client saying “I assume we’re protected”. The hairs go up on the back of my neck, and my pulse quickens. They don’t get it… those 4 words tell me some serious education is necessary.

We’re talking about computer viruses or malware and protecting your computer system. The danger of those 4 words is that they insinuate that some outside force or mechanism is responsible for protecting you from disaster, and it couldn’t be farther from the truth. The truth is that 99% of the protection comes from you and your staff, since most of the infections result from personal attacks against YOU. Computer hackers seldom directly attack computers, operating systems, or browsers any more. They’ve discovered it is far easier to trick you into attacking yourself. And if they can cause you to click on something, your antivirus/antimalware products cannot protect you.
Does that mean you can get rid of your antivirus or antimalware software? Probably not, as they might protect you from older viruses, or maybe new ones. And since the “standard of care” is still antivirus programs, it might be considered negligence if you didn’t have one.

Your best protection against infections and data breaches is education. Understanding that YOU are the first line of defense, and staying educated on the current nature of attacks. For instance, education would alert you to the fact that the attacks have recently been tailored for specific industries. CPAs get pop-ups or email links that seem appropriate for the accounting profession, like Emails saying they have tax information, invoices, or banking information. There are even malware scams embedded in fake messages from the IRS. Lawyers are now getting supposed bankruptcy notices, or fake messages about legal seminars.

The scams are continually evolving, but the target is still the same: Your money or your data. Most recently, they’ve combined into an attack called “Ransomware”, where you pay money to get your data back. It starts with one simple click in an Email message. The next thing you know, you can’t open files stored on the computer or even the firm’s server. All of your data, documents, spreadsheets, PDFs, pictures, videos, music, and even accounting data is encrypted and held for ransom. Pay $300-$1500 immediately or lose everything. And the price goes up as the deadline approaches, usually 24-48 hours.

These ransomware programs can also wreak havoc on systems that make use of “synchronizing” systems like DropBox or OneDrive. Now a local disaster can be spread, or synchronized, to other computers in the firm, city, or across the Country. An infection in the office can now affect home, and visaversa.

And here’s a chilling thought… As long as a bad guy is going through your data  to encrypt it, what’s to stop him from stealing information about you or your clients? Names, addresses, account numbers, Social Security numbers, passwords, birthdays, you get the idea. If they don’t use it themselves, they’ll sell it to the highest bidding identity thief.

Which brings up the topic of backups. Depending on the infection, backups may be your only source of recovery. Therefore the importance of backups cannot be overlooked, and having backups that are “off-line” is essential. Some of the infections actually target your backups, too! Those 4 scary words “I assume we’re protected” are also applicable to backups, too. It is your duty to make sure backups are adequate and actually running. Never assume “someone else” is responsible. You need to know what is being backed-up, to where, and how to check the backups. Just because a person setup the backup routines, it doesn’t mean they are responsible for checking on them… make sure you know who is responsible for making sure the backup system is working.

How Security Breaches Affect YOU

by

Have you noticed that many entities, Worldwide, have requested that users reset their passwords?  You’ve probably heard about the countless security breaches involving major companies and government offices. Sure, they might involve credit card numbers, or even personal information… but, perhaps more important, HUNDREDS OF MILLIONS OF LOGINS AND PASSWORDS HAVE BEEN STOLEN. Many hundreds of millions more have been stolen from smaller organizations that you’ll never hear about.
Initially, these logins/passwords may be used directly by the thieves, or sold around the World. Eventually, the information is available, for free, through hacker websites.

Recently, major companies (like GoToMyPC, Carbonite, & LogMeIn) have started reviewing some of the stolen login/passwords that have been circulating in the criminal World. To their horror, they’ve found that many of the stolen login/password combinations work on their websites and, in fact, are noticing specific attacks that are utilizing this stolen information.

Because of these widespread and increasing attacks, many companies are ramping up their security and asking all users to change their passwords immediately. In many cases you have no choice, as you will not be able to access your account without a password change.

Unfortunately, many of us use the same login and simple password for many different accounts. It’s easier that way. Some people think they’ve fixed the problem by using more complex passwords, utilizing upper and lowercase letters, numbers & symbols.

The root of the problem is that we tend to use the SAME PASSWORD. Now that the logins and passwords are out there, it’s easy enough for criminals to try a given stolen login/password at hundreds of websites. Like your bank, Amazon, Ebay, dating sites, or government websites. And in each website they get into, they can find more and more information about you, all leading to potential identity theft or financial loss.

The only answer is: Change all of your passwords, use complex passwords, and DON’T USE THE SAME PASSWORD for all websites!!! It’s your choice: Security or Convenience… you can’t have both.

If you want to see if your email address (and password) are floating around in the Dark Web, just visit the site https://haveibeenpwned.com.   This is by no means a comprehensive listing of all compromised logins… in fact it represents a tiny portion of what’s out there, but it should be enough to give you a good scare.

MicroSupport, Inc.

(602) 692-7300
7600 N 15th Street, Suite 150
 Phoenix, AZ 85020
Microsupport Inc BBB Business Review

Testimonials

  • ...highly competent and extremely responsive to any and all technical problems that may come up Read More
    Frank P. – CPA
  • MicroSupport's expertise in Law Office technology has been a godsend Read More
    Warren B.
  • MicroSupport is the only PC Support company we've ever used. Read More
    Debbie S.
  • They are very easy to work with – everything is explained in simple terms even a non-tech person can understand. Read More
    Frank P. – CPA
  • Tim and the technicians at MicroSupport have been helping to keep the technology at my office running well, with no problems unsolved, since the DOS days. I recommend them highly and have no reservations about their service Read More
    Dan Z. – attorney