Tag: computer security

Posted in Uncategorized

Using the Cloud–The Real Deal.

Posted on by TechCommGeekMom

As a follow-up to my post about the scamming/hacking attack I had two weeks ago, this week I’m turning TechCommGeekMom.com over to a good friend of mine, Shay Shaked. We first met in grad school at NJIT as classmates, and have been friends ever since. Shay is more of a technology geek than even I am, so when my system got hacked two weeks ago by the phone scammers, he was one of the people who offered me some good advice and pointers along the way to my laptop recovery. I asked him if he would share some of the wisdom that he’s shared with me with my TechCommGeekMom readers, and he said, “Of course!” Here is TechCommGeekMom’s first guest post! It’s a little long, but I encourage you to read the entire thing– good stuff!

–TechCommGeekMom

Two weeks ago, TechCommGeekMom fell victim to the hands of a malicious scammer who managed to access her computer remotely by talking her into believing he was actually a Microsoft employee. The scammer was smart, confident, and very efficient. Reading through her post sent shivers down my spine (as a matter of fact, I am backing up my files as I’m writing this post) and made me realize that we are all vulnerable, especially these days, when technology is everywhere and computers have to be used on a daily basis.

TechCommGeekMom was able to recover rather quickly. The first thing she did was to share her experience with us, so we could all learn from what happened. She also shared a few tips about security of private information, and asked me if I would like to expand and talk in length in this post.

Today, security does not have to come at the price of convenience–quite the opposite. I have switched between four different computers in the last five years, and the transition to the cloud made each switch easy and painless. But the real benefit of cloud apps, I’ve discovered, is in added productivity. I am going to introduce some of the popular cloud services (and some less well-known ones) from the perspective of a paperless, digital person. I hope that when you’re done reading this post you will at least be convinced to give these apps a try, if you haven’t already.

Google Drive

Google Drive’s most important feature, in our case, is its ability to replace Microsoft Word, Excel, Powerpoint and even Access, for free. Throughout my time as a graduate student on a tight budget, I calculated I could do more than 90% of my work using Google Drive’s documents.

Google Documents now features two additional important features that makes it even more effective. It has an offline mode, which allows one to create and edit files even without internet connection. It also has a research pane which allows you to research your topic (via a search term on Google) from inside the document, and add whatever reference one may find directly into the document’s reference list in APA style.

Google gives users 5GB of free space to begin with, and documents created inside Google Drive do not take any room. This includes small pictures included in saved documents, such as background for presentations, mugshots, or logos. Additionally, Google Drive makes sharing or sending files to other people incredibly easy, even if they do not have a Google account! Documents can even be sent from within Google Drive as an attachment (.doc, .docx, .pdf and more) directly to an email address without downloading anything, so no obnoxious email attachment on your end.

Evernote

As great as Google Drive is, it is not the best place to upload files and scanned documents. Google Drive’s interface is still too clumsy to be used for organization, and I often need t search for what I need. For scanned documents and quick notes, I use Evernote.

In my opinion, Evernote is the best place for PDF files. Evernote’s excellent tagging system, flexible folders and powerful search (which can read texts from inside images) is exactly what’s missing from Google Drive’s system. I use it to save anything from receipts (using my phone to take snapshots) to a copy of my driver license (I will explain how I protect sensitive documents shortly). It is extremely easy to email documents directly from the app to someone’s email.

Evernote comes in a free version which allows users to upload up to 60MB per month, or a paid version that allows up to 1GB per month with many additional benefits. I have used the free version for a while and never ran out of space allowance.

Important information tip 1:

One of the best ways to protect your personal information is to keep it separate from your “public” information. It just so happens that Evernote and Google Drive create this separation for me automatically: anything that I need to share, publish, or have others edit and work on, is on Google Drive, while all my personal documents and more sensitive information is stored in Evernote. This means your personal files are stored under different username and a different password (because you do use different credentials for each website, right??)

Adobe Acrobat Reader

Adobe Reader is mentioned here because the newest versions come with a very simple, yet powerful feature: the ability to sign your name electronically directly into the PDF file. In the past, I had to download the PDF file, print it, sign it, scan it, and then send it back as an attachment. Not any more. Today I open my PDF file, sign my name, save it (to Evernote) and send it. Done.

Information tip 2:

When you’re not sure what kind of file to send your document in, use a PDF file. If you don’t know what Word version the HR department has, or you want to make sure your resume looks on their screen exactly the same way it looks on yours, send a PDF. PDF files also happen to be the easiest to open, encrypt (protect with a password) and are the industry standard for scanned papers and official documents online. Make sure you have the most recent version of Adobe Reader installed and save yourself the headache.

FoxyUtils

FoxyUtils is a website that does one important thing: it protects your PDF with a password. Upload a file to FoxyUtils, and choose to restrict the file from opening, printing, and copying its context to the computer’s clipboard (which means, no copy-pasting). FoxyUtils also allows users to split one multi-paged PDF into several PDF files, or do the opposite by combining several PDF files into one big PDF file.

Information tip 3:

I believe my personal information is safer inside a password protected PDF on a protected server in a locked building than it is in a drawer at my desk. If you’re serious about using the cloud to store your files and using PDFs, I recommend buying Adobe Acrobat (not just the free reader), which comes with additional features, most notably, better encryption. Keep in mind though that if you password protect your file, programs such as Evernote won’t be able to read its content and make it searchable, as it would with non-protected files.

Hardware – The Non-Cloud stuff for the Cloud

1 – Scanner

Most people would assume an external hard drive with good encryption is the best and safest way to store sensitive documents. In my opinion, that’s a bad mistake to make. The most important thing to consider about your information safety is a scanner.

If you don’t already have one, you can probably find an all-in-one printer (a printer, scanner fax and copier) for a price tag of less than $50. Most printers also ship with software that allows users to quickly convert scanned documents into PDFs, but even without such software, users can quickly upload a file into Google Drive and download it as a PDF if needed.

Information tip 4:

Why a scanner? Because prevention is the best form of protection. Your computer should never store your important documents, and an external hard drive with these documents available is nothing but an extension of your computer. You might as well just glue a glowing sticker to it saying, “My most important information is in here!” Remember, when you store sensitive documents on your computer you’re not only putting yourself at risk, but also others whose information is on these documents as well.

2 – The Backup External Hard Drive

The second device you want to have available is an external hard drive for backups. There are two very important rules when it comes to backup hard drives. First, don’t use the backup hard drive for anything else but backups. Second, don’t use the backup hard drive for anything else but backups.

Your external hard drive should be connected to your computer periodically to store files that are either in the cloud already, or on the way to get there. It is a secondary stop; it is an emergency storage in case you have no connection to the internet–like an airplane black box. And, it should be treated that way. Do not use this hard drive to store anything else under any circumstances.

Why am I so strict about this? Because the second you start using your backup hard drive to store music, movies and pictures, it is the second it ceases to be an “in case of emergency” black box and becomes an entertainment storage unit. Soon after, you will start to taking it to work, and your crucial information will be moving along with you in a storage unit that isn’t meant to handle traveling. You could actually severely damage your hard drive by shaking it too hard, not to mention, forgetting it or losing it. Leave it at home on your computer desk, where it belongs.

Information tip 5:

Not storing personal information on your computer means not storing it on your backup hard drive either. If you use a cloud service that downloads files into your computer (like Dropbox), do not use this cloud service for your sensitive information. Remember, your information is and more available on the cloud.

Information tip 6:

A couple of years ago someone came up with the genius invention: a USB drive. To this day, despite the millions of cloud services out there available, there is no more reliable and simple way to keep files you need. An 8GB USB drive is available today for less than $20 (and you can probably get one for less than $10 if you don’t need so much room). That size is enough to store about 2000 songs, or about 7 high-definition movies. Never store your sensitive information on a USB drive! If you need to send someone sensitive information, make sure it’s in encrypted PDF file, and send it directly from the cloud.

Private Information Hard Drive

No matter how secure the cloud is, some information is simply too private. In that situation, I suggest getting an additional, smaller hard drive that can be easily carried and encrypted. A good example for a hard drive for traveling is Western Digital My Passport line. These hard drives do not require a separate AC connection and built with less movable parts that can get damaged. They are also small and light enough to fit in your pocket. Do not mix this private information with your other personal information. Your driver license, passport and tax returns do not belong there.

Shredder

No home-office today is complete without a shredder. No matter how technology savvy and paperless person you are, chances are that some company (especially bank and utility companies) still insist on sending paper statements. These are dangerous and can lead to identity theft if not disposed of correctly. Do yourself a favor and spend the $30 or so on a simple shredder. Not only will you feel safer, you will also save room in your trash bin and become more recycle-friendly. Get rid of any copies of documents you have laying around. After all, a new copy can always be printed .

Some Final Words of Advice

These suggestions are probably not the only ones out there, but they are based on years of personal trial and error experience. Each one of the apps mentioned have many more features than what is covered in this post.

One area not mentioned as it would require a whole blog post to itself is smartphone security. Smartphones, if used correctly, can be an additional security measure and a crucial addition to cloud capabilities, especially if the goal is to go completely paperless. Investing in a smartphone doesn’t have to be expensive, and it can save users a lot of time and frustration.

Use your brain. Learn to create hard-to-guess passphrases, and remember to change them periodically. Most hackers out there still use brute-force methods to break passwords, which means they would use a software to guess any possible combination of letters and numbers until they get it right. If you use a 20-character passphrase, you are probably much safer than using a 4-digit pin number. Wipe out your computer regularly, and restore your files from your backups. This will not only make your computer safer, it would also keep it faster and free from malicious software. Protect your computer with a screensaver password, so every time you get up from your computer and leave it for more than 5 minutes, it would require a password to resume using it. Never store any passwords in your web browser–you would be shocked to know how accessible these passwords are. Create a guest account on your computer and log out of your account before handing it out to a friend, a coworker or your children–especially your children. Children are smarter than you think and they will snoop around, out of curiosity.

I hope this post was useful to you! If you have any questions, suggestions or any words of feedback, feel free to contact me at my blog, blog.shayshaked.com.

Shay Shaked is an aspiring teacher and educator, specializing in technology and special education. He is currently a teacher at the innovative New Shul School in NYC, and pursuing two Masters degrees, one at NJIT in Technical Communications, and the other at Touro College in Special Education. Shay is also a personal communication and health enthusiast, and blogs about these topics at his blog, blog.shayshaked.com, on Twitter as @blueeyednyc, and on Google Plus.

Posted in Uncategorized

A Cautionary Tale from TechCommGeekMom

Posted on by TechCommGeekMom

This has been a horribly rough week for me, but I’m hoping that I can help someone else avoid the nightmare from hell that I went through this week in telling my cautionary tale. It has to do with internet security.

I have to admit that I’m embarassed by the whole situation, because you would think that someone like me who has at least some sense of computer/internet savvy would not fall victim to this, but I did. It could’ve been worse in some ways, but I still fell for it, so I share my tale.

It started a few days ago, as you may have read from my last post. My laptop, which I cherish almost as much as if it were my child, had gone down for the count. It wasn’t a mere system crash, like a corrupted hard disk drive or something like that. That would have been devastating as well, but I know these things happen. Instead, it was that I was scammed.

First, I have to set the scenario for you. I’ve been experiencing some slow down on my computer recently. I understand that happens now and then because of various programs and files we add. The more we add to our hard drives, the more time it takes for the system to find and execute the files–I understand that. But there would be some sort of strange hesitation as I would try to get things done. I saw that I had some viruses that my anti-virus software was catching, and I know even my husband has said that our internet connectivity from our provider has been spotty now and then, so I didn’t think much of it. Additionally, I have started working for a training consulting company part-time at night, and I had to install their client’s conferencing software on my system. Now, just to clarify– I know the culprit wasn’t the client software, because it comes from one of the biggest OS providers in the world, so I know that it would not be infected. (I’m not allowed to disclose the client, but let’s just say that EVERYONE has heard of them–and it’s not Adobe or Apple.) Some other instructors seem to be having issues using the product, even though I didn’t seem to have problems, but I know connectivity was an issue.

So, one day when I was trying to figure out what could be causing that slowdown, I got a phone call on my home phone (I am not working full-time in the daytime again, so I was home.) The guy on the other side had a strong foreign accent and claimed to be calling from Microsoft. He claimed that my system had sent a message to Microsoft that there was a truly evasive virus that was striking my computer and not allowing updates to happen, or something to that effect. I questioned how they got my number, and he claimed that it was included when I registered my OS with them. In retrospect, I should’ve remembered that I didn’t do that, as my OS came with my machine. I questioned him again, because I didn’t contact them first…that should have been my tip-off right there. He stressed again that when I share information on the system about Microsoft, that’s how they know. Since I actually was having some minor issues with my machine and the teaching consultancy knew about it, I didn’t know if perhaps they had called Microsoft, and asked them to contact me, and this chap was just following through. This is where the caller got lucky.

He proceeded to have me go to my laptop, and have me type a few things there, and open up some files to “prove” his point. Like most who aren’t tech support people, what he showed seemed legit, and then he asked me to download some software from a website. I looked at the website before downloading, and just at a quick glance, it was shareware that allowed a remote person to share the computer. I’ve talked with tech support people in the past, and that’s not an uncommon thing to do, and stupidly I downloaded it, and shared my computer. This was the second stupid mistake I made.

As I was distracted by the fellow opening up Notepad and telling me about what they could do, in the background, unbeknownst to me, he was removing files and planting a vicious malware virus. As he got to the point in the conversation that he said, “And this can all be fixed for a fee of US $177.50…” I stopped him right there. I said if Microsoft is truly trying to provide me with excellent customer service and calling ME, then THEY should be doing it for free, not charging me an arm and a leg for it. I started to argue with the guy that I was not going to pay this fee, and hung up. By then, the damage was done. I noticed that the number of shortcuts on my desktop seems smaller, and the wallpaper in the background was gone. “DAMN,” I thought (although I think I used a different word of profanity, for sure), “He’s still in there!”

I quickly turned off my machine, the fastest way I could think of to disconnect this guy from it. Of course, I started to panic. I just fell for a scammer, and I had the warning signs right in front of me, and didn’t heed my own instincts. How stupid I was! At least I hadn’t let him have my credit card information at payment time, so that was safe. I rebooted my machine, and saw the same problem– my wallpaper was gone, and so were the shortcuts. I proceeded to look at what other damage was going on. In the meantime, my anti-virus programs were going crazy picking up the viruses from before as well as some additional ones. I was able to check my bank accounts, which were still safe, but I quickly changed the passwords as a precaution. I also checked to see if the software that I had used to let this guy in was still present, and it was not. I must have just run it from a temp file, and I could clean those out, so I was good. But as time went on, I could not do much. All the executable files would not work. I tried a system restore from an earlier time of the day before the attack, but that didn’t do much. In addition, this scum took some files that were important to me. Some were expendable, but they included more than a decade’s worth of photos of my son. Since the digital age kicked in, this child hasn’t had a film photo taken of him since he was about a year old, so the record of my son’s whole childhood was lost. I was the most distraught I think I’ve ever been in my life.

I mean, in the end, my logical head knows it’s just a computer, and no lives were hurt, no one died, and all was generally safe, but I had truly felt violated, almost as if I had been raped, but knowing that I had not. I had been emotionally and mentally compromised, and I was upset at myself for falling for it, my husband was upset that I had falled for it, and I felt helpless and stupid. I really should’ve known better. I just never thought it would’ve happened to me.

So, it’s now 5 days later after the attack, and we are still working on recovery. By a miracle, I had done a partial backup of files the day before the attack, so we were able to restore my son’s photos and other files. Sweet relief! The malware the scum released into my system was a particularly nasty one–it took about 2-3 days for my husband to figure it out and finally get it out of the system successfully, as it would attack all the executables so that you couldn’t open anything–not a browser to get the special tool kit needed to eliminate it, not the anti-virus programs to get the rest of the scourge out, or even anything to help one repair the whole system. But LMSGeekDad did it, and he did a great job.

So naturally, my next move, now that my system became operational again, has been to work on getting a better backup system in place. I have an external hard drive, but it was cluttered, and I had to truly go through to free up some space so that my system could do a proper backup. I moved those precious photos to a cloud depository so I knew they’d be safe, and moved several other files to the Cloud as well. While my iPad and iPhone were working during this time, and I could have done some of my work from there, I was too distraught and distracted to really participate in anything online like I usually do. The other issue was that I had to teach my first class online, and I had to make sure, even if my own laptop was still out of commission, that I had a means of teaching the class. So I was installing software on my son’s computer as a “Plan B” if my laptop could not be restored in time. I was on the phone with one of the client offices in Korea at 1:00 AM my time to make sure that the conferencing software worked (it did), so at least I had that in place. Nevermind that I was incredibly nervous and anxious about teaching this class as it was, but the residual emotions of the attack were still fresh, as we were still in the process of restoring my machine, and that didn’t help.

Fortunately, LMSGeekDad had my laptop running again just a couple hours before I had the class, and since I had saved the presentation for the class on the Cloud, I could go back and finish customizing it as planned, and I was able to reinstall the conferencing software and make the connection to Korea successfully again. I was able to complete the course, and start to catch up with things, but still not enough. After the class night, I’ve been working to try to clean out my system some more, and figure out the best way to back up my files. Two days after that, we are still working on getting a good backup of the system onto my external hard drive, as we are running into problems. We’re figuring it out bit by bit, but my machine is functioning enough again that I can try to get back on track. While I am writing this on my iPad (I started it on the laptop) right now, we are trying to figure out backup issues with my machine still. It’ll get done, and then all will be right in the world again, but for now, the worst of the crisis is over.

What is the lesson of this tale? Well, there are several.

First, make sure you do your backups regularly and make sure that you run your anti-virus software regularly as well.

Second, use the cloud whenever possible! There are a lot of great resources. I have iCloud for my iDevices, but there’s also Dropbox, Google Apps and SkyDrive among others.

Third, and most importantly, if someone contacts you and claims that they are calling from Microsoft, Apple, or anyone else, and YOU didn’t contact them first about a problem, HANG UP. It’s a scam.

Please learn from my mistakes!

In keeping up with this theme of using mobile and cloud computing when possible, and understanding personal computer security, I’m actually going to have a guest blogger shortly to provide some great information for my readers. He’s actually the person who encouraged me to write this blog in the first place, and greatly supported me through this crisis with some great advice and guidance. He has some fantastic tips that I’m going to have him share with you, and hopefully you’ll benefit from his experience as well.

Happy and safe computing!