Home Security — OTC or Company Monitored

Are you thinking about adding a security system to your home or business? Security system can be broken into two main categories. The 1st type is what I call over the counter (OTC). The 2nd is company monitored systems.

OTC systems typically are purchased and installed by the home/business owner (sometimes with the assistance of a handyman), do not connect automatically to a police department for automatic reporting, and cost significantly less. Company monitored systems typically are installed and maintained by a 3rd party and include the ability to notify local emergency services/police.

Two factors play the most impact for determining which is best for you — cost vs. scope of monitoring. If you just want to know who is at your door, if someone is on your property, and/or record activity in a specific location; the OTC type system is probably all you need. If you have very valuable assets on location, a repeated history of burglaries, and/or want the ability to dispatch police/fire automatically, a monitored system is what you require.

Some of the most popular OTC systems are:

  • Ring by Amazon — they are known for their doorbell model, but have an entire line of products that can be integrated to give you full camera and light controls, both exterior and interior. Link: https://a.co/d/0XMkXBp
  • Blink by Amazon — really affordable indoor and outdoor cameras as well as doorbell features. Link: https://a.co/d/epezYZn
  • Vivint — great security features and complete line of products. Link: https://www.vivint.com/products/doorbell-camera

Company Monitor Systems:

  • ADT — probably the most known (both good and bad) for company monitored systems. Link: https://www.adtsecurity.com/
  • American Alarm Systems — this is a local company (Orange County, CA) that can give you that one-on-one service to make a customizable system specific to your residential or commercial needs. Ask for Alissa Beale (ph: 714-863-0333 or email: [email protected]) who can help evaluate your situation and recommend the appropriate equipment or system for your needs. Link: https://www.amalarm.com/
  • Postil Property Management — this is a local company (Orange County, CA) that handles property management including security…especially if your business involves residential rental units. Talk to Mike Postil (ph: 949-213-9980 or email: [email protected]) for some expert assistance. Link: https://ppmser.com

Apple and Windows Updates

Should I do it or not? Unless you have really old equipment or running unique software/company applications that may or may not be ready for the latest Windows/Apple OS update the general rule of them is update regularly when the updates are fully released (i.e. not beta status) unless you have been specifically instructed by your IT Support to not update.

Currently, the United States is experiencing cyberattacks at a higher than ever rate, and most of these updates are designed to improve security or remove bugs. The time period you are most likely to be hit with a virus or some other form of malware is the time period from when it was released until when your antivirus software has been updated with the solution. Bugs that most likely will impact the average user are the first to be fixed by Microsoft and Apple because of the number of customers negatively impacted. This means by not doing updates, you are only prolonging your exposure and/or difficulties.

If you have really old hardware (i.e., old IPhone) you may want to hold off on some large “cumulative or OS” updates because it could slow your system down. I would still recommend that any security or bug fix update should be done as soon as possible. Remember, when you purchase hardware, you should always get “more processing” power than you currently need. Reason — because of updates, the tasks performed today will require more resources in the future.

Laptops and desktops have good automatic backup settings but keep in mind this does NOT automatically download driver updates that Apple or Microsoft considers optional. In my opinion monitor, mouse, keyboard, audio are not optional. If any of those features are not working seamlessly, you are down. The likelihood you are not using these accessories is very small, so any security flaw is a major concern. You should have a reminder on your calendar to check for optional updates at least 4 times a year, if not monthly. This is a task that typically can be performed in less than 5 minutes but saves you hours of time if something goes wrong and should be done just after completing a backup.

Gamers and high-end users will need to use their best judgment about updates. Microsoft and Apple perform extensive testing before deploying an update, but they cannot account for every piece of hardware or software potential conflict. The more unique the hardware or applications you are using, the more likely for a problem post update.

Which “Mouse” is Right for You?

There are more types of mice available to use than can possibly be used, but let me cover the ones you are most likely to use and why.

CDW has a great website covering the different mouse device types. Link: The 11 Different Types of Computer Mouse | CDW.

Some basic considerations that you should consider:

  • Your usage. The smaller the mouse, the more discomfort you will experience over time….especially when working long uninterrupted hours with repetitive motions.
  • Workspace configuration. If you don’t have much space or are “traveling” for your work, think about a trackball. This type of device doesn’t have to move when using the mouse.
  • Type of connection. The most secure form of connection is wired. Depending on your industry, your work may REQUIRE a wired connection. Bluetooth technology is pretty secure, especially considering it has a very short range, therefore a “hacker” would need to be within feet of you. It also uses very little power compared to other wireless technologies. Wi-Fi connectivity has a much longer range and good for someone who picks up their device and moves away from their computer/laptop. This has only a basic level of encryption (i.e., not the same as your Wi-Fi home/business network) and therefore may be ok for a mouse but probably should not be using something like a keyboard.
  • Optical vs. Mechanical. Laser mice/trackball typically have better sensitivity and control, which makes theme easier to use. Mechanical devices are not recommended if you have a lot of dust/hair/fur in your work environment.
  • Presentation controller. Make sure that if you present, you have a device to control the presentation without needing to go back to your laptop/desktop to control your slides.
  • Features. Some mice have a scroll wheel, which is very useful for scrolling through websites and other content. 2nd feature to consider is programmable buttons — if you do repeatable activities like opening a specific web, performing a specific macro in Excel, etc… — then programmable buttons are a must.

Here are some devices/brands as examples of the various features above:

The more expensive the mouse the more I would consider sticking to major brands, but for basic input devices save some money.

Email — Best Practices and Etiquette

Have you ever been on an email storm? You know, where you receive 10 or more I agree, Yes, No Problem responses, and one person who writes a dissertation about how this is not something they personally like. Here are a few best practices that prevent this and other email related issues.

  • If the email has 10 or more people OR is likely to receive multiple responses that not everyone should see, do NOT fill in the TO portion. Instead, place all the recipients in the BCC option. Some email systems do not automatically show the BCC or CC options, so you may need to either change your default email settings OR select/expand the sending options on your email. Everyone will receive it with their name/email in the TO field (even though that is not what you used) and if they reply it will ONLY come to you…..even if they use REPLY ALL,
  • Do not send emails with attachments greater than 10 MB and staying below 5 MB is a good idea with non-corporate accounts (i.e., free email accounts used by the average user not from their employer). If you need to “attach” large files, upload them to a cloud storage location and provide only an access URL in the email. Emails that are too large will get “stuck” in cyberspace and never arrive at the recipient.
  • Remember to BCC yourself (i.e., personal account) when dealing with HR or some other work email that you will need if you are no longer employed by that company. An example would be an email stating reporting a conflict to HR about paid time off/vacation approval conflicts, your resignation email, or final listing of equipment distribution/turn-in on your last day.
  • If you work in a regulated industry with information handling requirements, all emails should have a disclaimer about how to handle if the recipient is NOT the intended person.
  • Use the read receipt and send receipt features. Most users never change the default email settings, which is to automatically respond with this information WITHOUT notify/asking permission of the recipient. Especially read receipt is a great way to know if someone has taken the time to not only receive an email but opened it and read it. Since this feature is typically “real time”, this is a great indicator of when you should call someone to follow up.
  • Do NOT use polling or other features that are specific to one type of email software. For example, the polling feature is great in Outlook but if you are sending it to anyone not using Outlook, they will not see the polling content. Typically, this means do not use these features when sending outside your company.
  • Use encrypted systems like DocuSign if you need to send or receive information with Personally Identifiable Information (PII). Standard email does NOT meet this standard. The state of California holds companies responsible for identity related damages, therefore emails with this content are a potential liability risk.
  • Remember that many users have various support staff who can see their email and/or calendar. Make sure you do NOT include information in subject/title lines that might cause conflicts (Ex. Information about termination of XYZ employee, Layoffs for tomorrow, etc….). Most companies have email/calendar privacy feature, but most users forget to use them, so assume their support staff will have access.
  • Do NOT send .zip files via email. There are ways around these limitations, but .zip files/folders cannot be scanned by most email antivirus tools, therefore the email will be blocked and never received by the recipient.

Use my contact me feature if you don’t have my information on speed dial if you have additional questions or situations I have not covered here

Using Public Wi-Fi

Most of us will travel and want to use public/free Wi-Fi at some point. Let’s talk about one of the most easy hacks bad guys will use to access your data. You walk into a coffee shop in a hotel or high tourist area and hook up to the local Wi-Fi. What you didn’t know is that a “bad actor” got their first and set up his own Wi-Fi signal. He/She will use a Wi-Fi name that looks legit and since they are sitting probably within feet of you it has the strongest signal. They even setup some “fake” term pages to have you agree to usage rules, just like you expect when you connect to a public Wi-Fi. Now here is the problem. They give you internet access but remember you have told your device that this connection is “trusted”. That means your security is probably not going to stop anything it does. So, unless you are using a VPN they can see every website you go to, every username you type/select, every password you enter, every credit card you use, etc….

How would you protect yourself? First, don’t use public Wi-Fi for financial transactions (i.e., don’t pay for something). Using it for surfing the web, watching a video, etc… is relatively safe. Next, really look at the “I agree” pages that come up. Does it have misspelled words, does the URL look like it is from a different website/company, are the details what you expect, etc….and most importantly, do NOT remember and automatically connect to this connection. Especially in a hotel restaurant, coffee house, or lobby, the bad guy will setup up shop and you “trust and remember his connection”. Then at night he/she will walk through the hotel with their device on, checking to see if anyone left their computer, smartphone, tablet on so it will automatically connect when he/she is in range. Now, when you are sleeping, and he/she can access your device without worrying about you noticing anything is happening.

Use a VPN if you can. A virtually private network (VPN) can best be described as your device (when on the internet) is on a highway system (like a car) and there are entrance/exit ramps all the time that go to specific website locations or addresses. When you use a VPN, it creates a tunnel or wall around your device, so none of those ramps are available except for the one you specifically want to use, nobody can drive up beside you and “see in your windows”, nobody can make eye contact with you because they cannot see in the windshield, etc… Sometimes VPNs will prevent a website from working properly (Ex. if you are watching TV via an app from your cable provider they need to know your physical location to be in compliance with various broadcasting agreements because some content it location specific therefore the VPN blocks with information transfer or provides false information that will prevent the website from functioning).

Have antivirus and a firewall installed and active. This will not prevent the bad guys from seeing your data but will help prevent any “care package” of malware they leave behind from working correctly.

Connect with your cellular connection instead of using free/public Wi-Fi. Your cellular connection has some built-in security features, and your phone technology is hardwired to ensure it can ONLY connect to a legitimate connection via cellular signal. Especially when on international travel this may be prohibitively expensive, so weigh the risk vs. benefits before using your cellular connectivity for data.

Use a password or network key protected Wi-Fi that has encryption when possible. Even if it is used by lots of customers, it should be more secure than something accessible to anybody within physical range that can answer the terms with “I agree”. An example of this would be a bed and breakfast that only gives out the Wi-Fi password to paying clients.

Pay attention to your account/device activity. If you start seeing transactions you didn’t authorize, emails sending you didn’t send, etc… make sure you run a “stinger” to check for a malware BEFORE you start using that same device to change passwords. If the bad actor has access as you start changing account passwords, he is going to know the new ones the same way he accessed the original passwords. Give me or some geek you trust a call if this is happening, and make sure you leave the device OFF until you get it checked out. Do this quickly, not days later when you have “time”. The more time they bad guys have access to your accounts, the more damage they can do.

Wire Fraud — How to NOT be a Victim!

Unfortunately, as cashless transactions have become more popular, wire fraud has too….as well as much more sophisticated. Now days, especially with large transactions like purchasing a home, bad guys will hack your email in order to change the wiring instructions.

Best Practices

  • Only send funds to parties you know.
  • Turn OFF near field communications (NFC) on your cell phone. Only turn it on when you specifically want to use it for making a transaction or transfer data phone-to-phone. Do NOT leave it on, especially when you cannot see the screen. Not only will this help with battery life, but it can help prevent acts in public locations.
  • If this is a large wire transfer, pick up the phone and call them directly (not using information they provided, but what you looked up on your own). Verify the instructions with a human being.
  • If this is a 1st time transaction, send a test amount (not an even $1.00), and call the person directly to see if they received it. Once you have it confirmed, make sure they are added to your contacts so you can “select” them in the future. Keep in mind that if a bad actor compromised your computer, he may have changed the saved contact information in your computer/phone.
  • Have firewall and antivirus applications installed on ALL devices that perform financial transactions — including your cell phone.
  • Question emergency or rushed needs for funds. Make sure your friend or family members really are in trouble before you send.
  • Verify in triplicate ANY international funds request.

Allstate has an excellent resource that can help you understand the reality of wire fraud today. What is Wire Fraud? Examples & How to Prevent Them | Allstate

If you have experienced identity theft and know your data is on the dark web, you need to think about locking down your credit and using services like “Life Lock”.

Controlling Notifications and Pop-up Ads

Do you ever wonder why the corner of your computer is constantly flashing with “notifications”?

You have control over what will be interrupting your work. Both in Apple and non-Apple world. For purposes of this posting, I will be using non-Apple examples, but their systems work very similarly.

To start, go to the search field on your taskbar and type “Notifications”. You want to select “Notifications and Actions”. On the pop-up menu, review the settings and make sure that only have turned on stuff that you want to know about. As you scroll down you will see a list of applications typically sorted by most recent. Change the order to name and start going through the list. Most likely you will not have enough time to do them all at one time….so pick a specific letter of the alphabet to stop on a do a few every day. Pretty soon you will be through the list. When you are done, I recommend putting it back to recent order.

You have the option of on or off and if you click the right side chevron you can even be more specific. This does NOT disable the application. It only prevents it from popping up in the corner. Typically, I like email and nothing else to pop in the corner.

The 2nd pop-up source is your internet browsers. If you have more than one, start with whichever one you are using the most. You will have to do this task on each one. Each browser is different, but everyone one of them has a setting for notifications and a list of websites that have permission to disturb you. This is a common tool used by various forms of malware. The most common one is a pop-up that says it is from a popular antivirus program, and you need to click on it to respond to a problem. You are actually not opening your antivirus program on your computer but a website that looks like it, and they are getting you to give them permission to install viruses on your computer disguised as help.

If this is happening, I HIGHLY recommend you have a “geek” help walk you through how to remove the permissions, make sure they didn’t install something, and run a stinger to make sure your computer is safe. This is something I can help with and if you want, I will even walk you through the steps so you don’t have to call me each type it happens. Text, email, call or use the “contact me” on the top right of this website to request my assistance.

Laptop/Desktop/Cell Phone Security

The cyber world is a pretty scary place at times. The reality is that in the USA we are considered a high value targets for various political and financial reasons. Bad guys and gals who write viruses, specifically design them to impact applications and hardware found by USA users. Let me explain some basic threats and how to minimize your risk WITHOUT having to stop using technology.

First – Passwords. If your password is so complicated you cannot remember it, you have to use the “forgot password” feature often, you are using the same password for multiple applications/websites, etc… then what you are doing is NOT working. Here are some basic best practices when making a password.

  • Make it at least 8 characters long
  • Do NOT start with a number or special character
  • Have at least one capital letter and one lower case letter
  • Include numbers and a special character (@, #, $, % ,&, !, ?, etc….)
  • Do NOT reuse passwords on multiple websites/applications
  • Do NOT make it so complicated you cannot remember it
  • Do not have your computer/website “auto remember” your passwords UNLESS you only work in a secured environment (i.e. don’t use multiple computers, not connecting at places via public Wi-Fi like Starbucks or an airport, etc…..).
  • Have someplace you write it down (assuming you are not working for a high-end security situation) that is NOT easily lost, is readily accessible when you are using your computer but not under your keyboard, and not in a file call “passwords” or “really important stuff”.

Ok now I know what you are thinking. That there is NO WAY to follow all those rules. That is not true. Give me a call and I promise you using my “password philosophy” concept I promise you can do all of those without hurting your brain. If you want to use a password manager, do not go cheap. There is NOTHING more frustrating than your manager getting hacked and now everything is compromised or if it is not user-friendly.

Firewalls/Antivirus. If you are running a small business or have financial information (i.e. login to your bank or credit card account), you need to have a firewall and antivirus application. Windows, Android, iPhones, and Macs all have some basic security, but you get what you pay for. The free stuff is not as good as even the very inexpensive major players like McAfee and Norton. You need it installed on all your devices, including your cell phone. Give me a call if you want some help figuring out the best solution that will not break the bank.

Backup. Data storage is cheap. If you do not work in an industry that has special security requirements (ex. HIPAA) you need to select a cloud storage option. Window, Apple, and Android all have various solutions that can run in the background and automatically back up your data. I HIGHLY recommend you check them once a month to make sure they are working. There are viruses and various other reasons that the backup stops working, and you don’t realize you have a problem until you require it (i.e., hard drive crash) and the backup has nothing from the last year. I recommend a reminder on the 1st of the month for checking your backup (1 cell phone and 1 or 2 computers can be done in about 5 minutes). Give me a call and I can get one setup and show you how to “check it”. If you need one with extra security requirements, I can help you find that solution too.

Data Best Practices. You need to store your data in a way that makes it easy to dump old stuff you don’t need once a year, find stuff you use daily quickly, and not be so complicated that someone cannot understand your filing system at a glance. Give me a call and I can help you set up your folders and file names in ways that will keep your head from hurting even when you have a lot of files.