Is anything fishy going on? Best practices.

How can you tell? Here a few things to watch for:

1. Late-night logins.
2. Increase in spear phishing, from internal or external.
3. Malware frequently picked up on your networks.
4. Data flows to new places.
5. An increase in computer usage.

At some time, someone will get through your layered defenses, so have these three best practices in place:

1. BACK UP your data.
2. Employ image backups.
3. Create local admin accounts to be able to access computer with admin rights.

Ransomware Recovery

If you’re hit by ransomware, do not panic. Think through the processes below.

1. When can you start on your client’s recovery? At least seven days will lapse before you can get to work on the systems.
2. How long will my client be down? Give your client some ready, loaner servers.
3. Should my client pay the ransom? Keep your client asset list ready. What is the priority for bringing the data back online.
4. Am I as an MSP going to be liable? You will encounter this later in the process. Make whoever provides your errors and omissions insurance aware of the problem.
5. How do I prevent this?
– Set up users so they don’t have admin rights.
– Do not log in to workstations with domain admin accounts.
– Create an alert to let you know if you have a domain admin logged into a machine that’s been idle for more than an hour.
– Don’t give normal users domain access rights. Only give them these rights when they are applying updates. Give them local admin rights only as needed and create these rights on a separate account.
– Do not share passwords or usernames between accounts.
– Never log in to your backup servers or solution from the servers you are backing up.
– Check your AV status, running or not? Make sure it gets updated and users can touch it.

*** Ransomware doesn’t work if it doesn’t kill the backups. ***

Google takes responsibility

I can’t do any better than to point out that Google incognito mode shares your IP address, device data, and browser history despite seemingly offering a private browsing experience. “Google has updated its disclaimer in Incognito Mode according to MSPowerUser, and lawyers have been working to finalize a settlement.”
Read for more.

Market Basics pt. 2

Markets allow us to operate according to our own plan. The price system–supply and demand–is the creation of a spontaneous order. It creates wealth for consumers and interference in the market brings unintended consequences, such as removing a species from an environment. Naturally, the demand curve works like this: if prices fall, then more people buy, and if prices rise, less people buy.

Self-interest is not the same as selfishness. Self-interest is doing what you are better off doing, and philanthropy functions on it. Mother Theresa felt she was better off doing what she did; she felt better doing it.

Price is what you give up to get something else. Mother Theresa felt the added benefit of working was greater than the cost of working.

Market Basics pt. 1

Contrary to current thought (from among others, college-age Americans) about capitalism, the spontaneous order of the market fosters philanthropy. The pricing system is based on voluntary exchange and mutual benefit occurs because everyone is better off. This is freedom. Outside interference with the market system will reduce freedom. Most people do not think of how the market involves enormous coordination with no central planner. Cooperation brings efficiency and innovation. Innovation takes X (raw materials) and makes it more than X. Profit is the incentive to innovate and creates things others want.

Consumer demand and the will to serve and please others leads to philanthropy. Acting to one’s own plan actually allows us to bless others from our excess. The market is moral because it is based on merit and it requires you to think of others.

China and WWIII

A number of things are going on around the globe concerning China:

– China is only calling for a two-state solution in Israel, not condemning Hamas. It seems the efforts to support a cease-fire are only words; Beijing is leveraging anti-Israel sentiment to enhance its standing. This is all to do with China’s desire to challenge U.S. authority and standing in the world.

– Beijing has not said a thing about the Houthi attacks on civilian shipping in the Red Sea. The crimes and threats there don’t seem to be a bother to Xi. Again this comes down to Chins wanting a geopolitical advantage over the United States. China says the U.S. is creating chaos and offers no support to solving that problem.

– A regional war over Taiwan could cost the world $10 trillion.

– And, of course, China is saber-rattling over Taiwan’s upcoming election. They’re pushing “US skepticism” and sowing doubt about our alliance. Because of Beijing’s disinformation campaigns Taiwan opinion about the U.S. may be changing and Taiwan’s geostrategic importance is evident.

– Tibet, ethnic Uyghurs, Mongolians, and Manchus; Beijing is seeking to erase Tibetan identity like it has done with those people groups.

This is all happening while the wars in Ukraine and Israel are taking place.

My voice is my passport

That was one of the famous lines from Sneakers (1992). Today, you may have devices and apps listening in on your passport. Voice assistants like Bixby, Siri, or Alexa may be doing it. Apple says Siri runs a speech recognizer at all times. “Hey Siri” or “OK Google” can start the recording. Apps may also be recording your voice.

Use these recommended steps to protect yourself.
1. Turn off Siri, Bixby, or Alexa.
2. Turn off your microphone by going to the settings for each app that may use your voice (or ambient sound!).
3. Use anti-malware software.
4. Use a VPN.

Anti-virus software may help you. Just like a VPN can.

Friends and Frenemies; Other things

I use the term frenemies very loosely. My friends from college are generally anti-politics in the church. I can see that that is needed. But I am just burned out on this subject and plan to take it up in October.

On to other things, I was intent on starting to read the classics I own from college and read part of the life of Johnson and some Middle Ages material, but after having read the introduction to the Canterbury Tales, I no longer continued to read The Wife of Bath. Since I didn’t have the desire to read the footnotes in every line of Chaucer, I faded out.

I am now reading Isaacson’s Elon Musk. Yes, a big change, but I love it so far. What an interesting man. He is determined and aggressive–but even with his problems, accomplishes great things.

There are, of course, many anti-capitalist people out there today, but many people do recognize his brilliance.

Do the job properly, and upgrade and modernize correctly

Doing a piece on technical debt and cybersecurity. Developers know the term technical debt. When faced with a deadline, peripheral requirements are sacrificed for expediency. The proper course of action is to spend more time to complete a project. Sacrifices cause the solution to deviate and, in the long term, can impact performance, scalability, resilience, or other similar system characteristics.

While not all technical debt can result in negative outcomes, shortcuts, and outdated security and infrastructure can impact your cybersecurity significantly. Not only can efficiency be reduced, but an easy and limited solution can amount to an open door. The organization’s eyes are not on the future and the door gets wider.

In short, you need to do the job right, including modernizing old tech and configuring correctly. You must also adapt to the changing cyber landscape–or increase your vulnerabilities by not doing the job properly.

New Year’s Gadgets

Haven’t done one of these in a while. Some new trends in tech this year:

Foldable Phones – I have a Samsung Flip 4, where the outside miniscreen is about an inch tall. The most recent has a full half screen on the outside. Apple may be waiting until 2025.

Remember the iPhone notch? A new set of devices may be using under-display cameras, i.e., these cams provide an uninterrupted screen experience–no notch or punch hole.

AR Smart Glasses – One thing I am not looking forward to is people at Starbucks with Apple Vision Pro headsets. But a few other players are creating smaller, non-intrusive glasses. Return of the glassholes?

AI Personal Assistants – As I mentioned in my piece on AI, personal assistants are going to be verbal and will have more access to your email, schedule and communication.

Smart Home Automation Systems – People are ceding more responsibility to home IoT devices.

Here are some interesting projects:

This is an exciting convergent toy for work meetings.
https://www.kickstarter.com/projects/cheertok/cheerdots-2-chatgpt-enabled-ai-recording-mouse

I don’t understand earpods, so expensive and can fall out easily. I prefer wired and these are sweet. Less risk of loss.
https://www.kickstarter.com/projects/oladance/oladance-ows-sports-earphones-unleash-epic-buzz-free-sound

Neat hologram display with AI app for your desk. I am wondering about the direction this is taking. Will there be some convergence with AR/VR/MR/XR?
https://www.kickstarter.com/projects/lookingglass/looking-glass-go

Excerpt #1

The powers that be in the Corps thought that the Ceres mineral may have potential for an Alcubierre drive that could let man expand to the stars. Corps miners had extracted some and found negative energy density (a mass lower than that of the vacuum, negative mass)–a type of exotic matter never before found. Now a folded manifold of space-time around the ship could, theoretically, bring two points together. The ship jumps from the first point to the second, faster than light.

Post-Christmas Cautionary Tech Settings and Practices

So your living room may still have wrapping paper on the floor and it was easy to unwrap those gifts and forget to set them up correctly.  Use the following settings and practices to make your new gadgets run privately and securely:

  • Set up privacy settings that can help you locate your new, missing devices, like “Find my…”
  • Physical privacy can be improved with a privacy screen protector, so you won’t have eavesdroppers sitting or standing next to you tuning in.
  • Set up anti-malware software on your new devices.
  • Clean the data off your old devices and recycle them.
  • With new computers, tablets, and TVs, disable ads and tracking.
  • Set strong passwords/passphrases, PINs, and multi-factor authentication.
  • Turn on backups!
  • Use Brave or Vivaldi.

These are indispensable actions. I hope you had a great Christmas!

Christmas Greetings From Your Local Scammer

Some basic cyber practices for the holiday!

  • Guard your Personal Identification Number (PIN) in public. Eavesdroppers may be spying on you from behind while you are typing it in or if you write it down. Cover the keypad. Watch for skimming devices attached to ATMs, which can capture your PIN.
  • Watch out for indications of tampering or skimming on card readers or someone trying to distract you or offer you help, especially at gas stations, bars, and restaurants. Inform the merchant or authorities if you think you’re a victim.
  • When you are traveling, you want to avoid shopping hassles. Head this off by calling your bank or credit card company to notify them. This way, the company will know not to lock your cards for unusual activity.
  • Keep your bank and credit cards secure; avoid public display.
  • Contactless payments through an RFID credit card (contactless or tap-to-pay cards) are among the safest purchasing methods. Your RFID-enabled card, smartphone, or other wearable uses encryption and tokenization to protect your personally identifiable information (PII). RFID technology sends information between a tag and a scanner using radio waves. A credit card is RFID enabled if you see the contact list symbol on the front or back (similar to a sideways WiFi symbol). To protect your RFID device, an RFID-blocking wallet can prevent someone from robbing you even if you don’t take it out of your pocket.
  • Use the chip on your card rather than the magnetic strip.
  • Use a combination of letters, numbers, and symbols for your passwords, update them regularly, and avoid reusing them. A password manager is the best way to create complex and secure passwords.
  • If you are shopping online, make sure you see the lock icon or “https” in your browser’s address bar.
  • Your credit card or payment service should offer fraud protection.
  • Don’t use public WiFi or computers when performing online transactions.
  • Take advantage of your bank or credit service’s transaction alerts and review them routinely for unauthorized or suspicious transactions.
  • Report to a bank or credit card company if you lost your card or had it stolen. Most times, these companies have 24/7 hotlines for this.
  • Beware of phishing emails with links or attachments, and do not expose your PII over the phone or online to any unknown person or company.
  • Use anti-malware software to protect yourself from data breaches.
  • Don’t use credit cards on public WiFi networks.
  • Use the Apple Pay, Google Pay, or Samsung Pay digital wallets to store your credit and debit card information safely. You can use these features on a smartphone or smartwatch, which operates with Near Field Communication (NFC) technology to process your payments. If your device has one of the digital wallets, you can wave your device over a contactless reader for a few seconds to process the secure payment.
  • PayPal and Venmo offer an alternative secure purchasing method. You can link them to your bank account, credit, or debit card to a PayPal account to execute transactions without exposing your financial details to a third party and take advantage of encrypted financial data and fraud protection.
  • What do you do if you’ve been scammed?
  • 1) Change your passwords and call your account provider if you can.
  • 2) Review your account statements for any unrecognized transactions.
  • 3) Use a Fraud protection service like LifeLock or other identity theft companies. You can get dark web monitoring of your Social Security Number, driver’s license, phone number, email information, and transaction alerts.
  • 4) Report cyberattacks to the Federal Communications Commission or other law enforcement.
  • 5) Get the advice of a lawyer and then speak with law enforcement afterward, especially if you are charged with a crime.
  • 6) Run your own or request a background check.
  • 7) Alert the Equifax, TransUnion, and Experian credit bureaus if you want to freeze or lock your credit report.