Make Multitasking a Snap on Your Windows PC

by Leave a Comment

Your Windows PC’s Snap feature is either the best part you’re not using or the best feature you’re probably not using to its full potential. Sure, you may have snapped some windows, but do you know about all the keyboard shortcuts, Snap Layouts, and Snap Groups — and have you tried Microsoft’s even more powerful alternative to Snap?

Microsoft initially introduced Snap in Windows 7, where it was called Aero Snap; it let you snap two windows side-by-side on your screen. It got an upgrade in Windows 10, allowing you to snap up to four windows in quarters rather than two in halves.

It’s even better in Windows 11 with new features like Snap Layouts and Snap Groups, which makes it easier to find — and more powerful.

I’ll show you how to take advantage of Snap on Windows 11 and 10 and go beyond Snap for even more powerful multitasking and control of your open windows.

Snap basics on Windows 11 and 10

Snapping is easy. Just click a window’s title bar, hold down the left mouse button, and drag it to either the left or right edge of your screen or one of the four corners. You’ll see a preview of the shape the window will take when you release the mouse button — either taking up the left or right half of the screen or one of the four quadrants, depending on where you drag it.

In Windows 11, once you’ve dropped the window in place and snapped it to your desired shape, Windows will prompt you to choose from other open windows to fill in the other regions of your Snap layout. Microsoft calls this Snap Assist.

You can snap windows with keyboard shortcuts, too. Press and hold the Windows key on your keyboard and press the arrow keys to move the current window around. If you have a maximized window and press the Windows key + the Right arrow, it will snap to the right half of your screen. If you keep holding down the Windows key and press the Up arrow key after the Right arrow key, it will snap to the top-right quadrant of the screen.

When you grab the handle between multiple snapped windows and drag it to resize a window, Windows will resize both windows simultaneously.

Snap Layouts and Groups on Windows 11

Windows 11 makes Snap much easier to find and use. You can mouse over the Maximize button at the top-right corner of any window to see Snap Layouts. Windows will show you a variety of layouts; click a position to snap the window into that position on your screen immediately.

There’s a keyboard shortcut, too, using the Windows key + the capital letter Z. If you press Windows + Z to open Snap Layouts, you can press the number keys that appear in the overlay to quickly assign the window to a location on the screen without touching your mouse.

You can also drag a window to the middle of the top edge of your screen. You’ll see the Snap Layouts options, then drop the window wherever you like on one of the layouts to snap it to attention.

Windows will show different layout options depending on your screen size. If you have a big widescreen monitor, you may see options to snap three windows side-by-side in columns, while you may see options to snap only two windows side-by-side on a typical laptop screen.

These grouped windows will appear together on the taskbar. You can use Alt + Tab to switch between groups of multiple windows simultaneously quickly. Just hover over a taskbar icon of one of the applications snapped in the group to see the group.

Let’s say you have two windows snapped side-by-side and another four in a grid. You can go back and forth between these two groups with Alt + Tab or by selecting one of the applications on the taskbar — you don’t have to manually pull up all two (or four) windows each time you switch among them.

Fine-tuning your Snap settings

So many of these behaviors are customizable. By default, Windows has all these Snap settings turned on, but you can deactivate any of them individually — or even disable Snap entirely. (I don’t see why you would want to, but Windows is powerful and customizable; the choice is yours if it gets in the way.)

You’ll find the options for controlling Snap in the Windows Settings app. Launch Settings from the Start menu and head to System then Multitasking to find them. On Windows 11, click the “Snap windows” header to see various options. On Windows 10, you’ll see the options under “Work with multiple windows.”

You can turn off the Snap Assist suggestions after you snap a window, prevent the Snap Layouts pane from appearing when you hover over the Maximize button, or stop seeing groups of snapped applications when you press Alt + Tab.

Snap is for everyone

I’m a huge fan of Snap. Assuming you have multiple windows on the screen simultaneously, you should use Snap constantly. It’s hard to believe we had to live without it back in the Windows XP era, resizing our windows by hand to take proper advantage of all that desktop real estate on our PCs.

Thanks, and safe computing!

Email Protection is Essential

by Leave a Comment

For the past eight years, I have used a software product called Reflexion (from Sophos) to scan my email for threats. The product offered some wonderful features that enabled me to pursue my business without major threats of ransomware and business compromise emails. Regrettably, Sophos decided to retire the product earlier this year. I was not satisfied their replacement had all of the features and functionality I had become used to, so I searched for an appropriate replacement.

I found Proofpoint and, despite a significant effort on my part to transition, really like how this product is helping keep me and my computer network safe from email-based threats.

Proofpoint scans all incoming emails and rates them on a threat score. This cloud-based product holds the suspect emails in quarantine, and I receive an activity summary each morning. When I review this list, I can block or release (and approve) as needed. This functionality gives me great peace of mind that nothing malicious will hit my computer.

Another significant product feature, URL Defense, analyzes and re-writes hyperlink URLs. The feature scans and refactors all URLs to protect people from malicious websites. For example:

https://www.reddit.com/subreddit/article/topic

would become:

https://urldefense.proofpoint.com/v2/url?u=https-3A__click.redditmail.com_CL0.

The other day I received an email that made it through the standard filter. It was for “pre-approval of a $372K loan” for my company. I was surprised it made it through, but there was nothing inherently wrong with the email contents. I looked for and found the link to unsubscribe from their garbage. At this point, I was so grateful to be using Proofpoint because I received a pop-up window (shown below) indicating the link was for a malicious website.

Proofpoint block

Honestly, this is the first time I’ve seen Proofpoint pop up, and I was both thrilled and scared simultaneously. It was obvious that the bad actors had taken advantage of my normal human response to subject my computer to malicious software based on my decision to avoid getting more emails from this organization. I shook my head at the audacity of the threat and how I had circumvented it.

My SonicWall firewall would have prevented malicious code from being downloaded. SentinelOne would have reacted immediately had any unwarranted programs started taking abnormal actions and reaching out to websites out of my ordinary purview. The bottom line is: I dodged a bullet, and my computing environment is still safe.

I have to wonder: What would have happened in an unprotected computer? What might have occurred in a small business that didn’t have a firewall or SentinelOne? I’m guessing the results would not have been good. The business owner would have called some IT person or company asking if they could help recover a computer — because someone thought they were doing the right thing.

I have blocked the sender’s address to ensure I don’t receive any more emails; however, countless other bad actors will continue to attempt to gain access and run roughshod over any willing victim.

My final words on this are simple: If you do not know the sender of an email, you must consider them suspect. In the past, I would have assured you that clicking the Unsubscribe link was sufficient to remove your name from a mailing list. Now, I’m changing that advice. If you don’t know who sent it, delete it. That will save you endless heartache and grief from potential problems.

For small business owners who own their web domain or email accounts, even if you use Google Workspace or Microsoft Office 365, I recommend you add Proofpoint to your existing SHADE subscription. This low-cost, high-value offering is something that could help prevent problems from occurring on your network.

Thanks, and safe computing!

Threat Actors Will Soon Take Advantage of ChatGPT Features

by Leave a Comment

ChatGPT, the artificial intelligence (AI) agent rocking all news channels will be a threat factor very soon. A recent SonicWall webinar stressed IT Security Providers must be aware of, and repel, phishing attacks. The presenters gave examples of several forms of emails that would get by most office administrators and even some high-level employees.

I was curious about how easy it is to create a phishing email from the two available versions of ChatGPT (versions 3 and 4).

My prompt in both cases was:

Write a false pretext phishing email for educational purposes

Here are the two responses the AI software generated:

Subject: Urgent Account Verification Required – Prevent Data Loss!

Dear Valued User,

We regret to inform you that our system has detected some unusual activity on your account. In order to ensure the security of your personal information and prevent any potential data loss, we require your immediate assistance to verify and update your account details.

As part of our ongoing commitment to protect our users from cyber threats, we have implemented a new security protocol that requires all users to verify their account information periodically. Failure to comply with this request may result in a temporary suspension of your account and the loss of important data.
To initiate the verification process, kindly click on the link provided below:

[Malicious Link: example.com/verify-account]

Once you click on the link, you will be redirected to our secure server where you will be prompted to enter your login credentials, including your username and password. Rest assured that this process is completely secure, and your information will be protected.

This step is necessary to verify the authenticity of your account and ensure its ongoing protection.
Please note that this verification is mandatory and must be completed within the next 24 hours. We kindly ask for your cooperation to prevent any potential security breaches and protect the integrity of our system.

If you have any questions or concerns, please do not hesitate to contact our support team at support@example.com. Our dedicated professionals are available 24/7 to assist you.

Thank you for your prompt attention to this matter. We value your partnership and remain committed to providing you with a secure and reliable service.

Sincerely,

[Phishing Sender] Customer Support Representative

The second version, from ChatGPT 4, reads as follows:

Subject: Urgent Action Required: Account Security Update

Dear Valued User,

We hope this message finds you well. We are reaching out to you regarding a critical security update that needs your immediate attention. Our system has detected unusual activity on your account, which puts your personal information at risk. To ensure the safety and integrity of your account, we kindly request your cooperation in updating your security details.

To complete this mandatory security update, we need you to follow the steps below:

Step 1: Click on the following link to access the account security portal: [Insert Malicious Link Here]

Step 2: Once you are on the account security portal, you will be prompted to enter your current login credentials. Please provide your username and password to proceed with the security update.

Step 3: After entering your login credentials, you will be asked to update your account information, including your full name, address, phone number, and credit card details. This information is essential to safeguard your account from any potential threats.

We understand the importance of protecting your privacy and are committed to maintaining the highest security standards. Therefore, we assure you that your personal information will be handled with the utmost confidentiality and will not be shared with any third parties.

Please be aware that failure to complete this security update within the next 48 hours will result in temporary suspension of your account. We strongly advise you to take immediate action to prevent any disruptions to your account access.

If you encounter any difficulties during the process or have any questions, please do not hesitate to contact our customer support team at [Fake Customer Support Number].

Thank you for your prompt attention to this matter. We appreciate your cooperation in maintaining the security of your account.

Best regards,

[Phishing Sender] Account Security Department

As you can see, the AI engine provided actionable email templates that are completely believable. Threat actors can use these to send to unsuspecting recipients. In a “spray and pray” effort, tens of thousands of emails could yield dozens of responses. You must always be on alert when you receive emails with links.

Thanks, and safe computing!

Breaches at Password Manager LastPass Cause Concern

by Leave a Comment

Password managers are programs that let you store an ever-growing list of online credentials in a safe location. These programs remove the need to record this information insecurely, such as by emailing them and writing Post-it Notes.

Many security experts advise clients to use these programs as part of best security practices because they also let you create strong and unique passwords for each online account you have. Additionally, some programs alert you if you duplicate a password across different accounts and can notify you if your password has appeared in a known data breach.

However, if your program’s secure vault is compromised, it potentially puts every one of your online accounts at risk of compromise. This issue drew my attention following last year’s extensive LastPass breach incident.

In 2022, there were multiple breaches at LastPass. In addition to putting the response and actions of LastPass under the spotlight, the incidents have raised questions over the safety of storing multiple login credentials on password managers altogether.

LastPass announced in late August 2022 that “an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account.” This enabled the attacker to take portions of source code and some proprietary LastPass technical information.

After conducting an investigation and forensic review, LastPass said it found no further evidence of activity from the threat actor. The unauthorized access was limited to its development system, which is “physically separated” from its production environment.

At the end of November, they made another announcement that an unauthorized party had gained access to a third-party cloud storage device. This new breach was enabled by the information gained by the attacker during the original August incident.

And a few days before Christmas, the firm informed users that attackers had accessed encrypted customer data (username, password, and notes) and unencrypted data (the website addresses of customers’ online accounts).

Do I believe you should keep your LastPass account following this last episode? No, but the damage has already been done. There is a high likelihood that your account may have been compromised. But if you want to continue to use LastPass, there are three things you must do to continue using the service.

  • First, you must strengthen your master password and ensure it is unique, long, and complex.
  • Second, as an extra security precaution, you should change the passwords for the websites you have stored in the service.
  • Third, you should be on the lookout for targeted phishing attempts in the coming months, with the attackers accessing your unencrypted contact information and websites.

I have reviewed these services over the years and have not found one I have felt entirely comfortable using – and I have not only my accounts to manage but many of my client’s accounts. I hate to say it, but the safest and most secure way of managing your passwords is to use a notebook and write them down.

If you use a document or spreadsheet and your computer is ever compromised, you will lose that information, and bad actors will use it against you.

What is the best way to implement this Luddite approach? Have one page per account, and write the name and website address at the top. Have a one-line entry per password, preferably with the date you first used it. If you must change a password, cross out that line, and write a new one along with the date, you created it.

The more complex we have made our lives by thinking that computers would make things easier for us, the more I think we need to use simple methods to maintain our security.

A Fresh Approach to Cyber Security

by Leave a Comment

Owners of and partners in small businesses, please take heed: It’s time to revisit your cyber policy.

Most of you think, “Thanks for the advice, but that won’t be necessary.”

Some, if not all, will say, “Cybersecurity is a concern. We’ve seen how ransomware has been in the news and affected local organizations. But don’t worry; we have it under control.”

I’m sorry to say that willful ignorance will not work.

Why? Because despite frequent newsletters and emails from Managed Services Providers (MSPs) like myself, many business owners disregard the hard work required to ensure their business remains operational.

Also, last year’s cyber program will not be enough to address tomorrow’s cyber challenges. Even if your business has successfully addressed cyber-attacks and ransomware threats, newer, more vicious dangers will arise. Sadly, the bad actors are improving as fast or faster than the good guys.

Neglecting cybersecurity can:

  • Undermine the reputation of your business with your clients.
  • Force unacceptable expenditures associated with cleaning up after security breaches.
  • Cripple your ability to conduct your daily business until the threat has been identified and remediated — costing you thousands, if not hundreds of thousands, of dollars.

So, what steps can you take?

To begin, I’ve never met a business owner who said that cybersecurity is unimportant. While true, I’m exaggerating. Most business owners don’t necessarily consider it a priority, if at all. But they acknowledge actions I take, like patching their servers and desktop computers and offering business continuity and incident response plans, are essential.

However, their actions often don’t match their words. I frequently encounter a business owner who checks off the box when their insurance comes up for renewal without giving more thought to the problem.

My job is to make cybersecurity a priority and a core part of everyone’s business environment. In some cases, you will hear me discuss cyber protections more than I have in the past — only because I’ve seen some ramifications when businesses fail to heed common sense measures. Business owners should want advisors on how to lower the risk to their business. Often, that’s not the case.

Next, some business owners think cybersecurity is just a minor aspect of technology. But cybersecurity is a business risk issue that will either strengthen or harm your business. Security experts agree that what is needed is a robust system of training, followed by understanding and actions that start with the business owner and that all employees or staff follow.

There are many ways to improve cybersecurity risk management. These methods include identifying, protecting, detecting, responding to, and recovering from inevitable cyberattacks. But irrespective of your procedures, your employees, clients, business partners, vendors, and others you interact with need to see you — as a business owner — step up and lead those cybersecurity measures.

The start of a new year is a perfect time to realign — or even start over — on cybersecurity. Theodore Roosevelt once said, “In any moment of decision, the best thing you can do is the right thing, the next best thing is the wrong thing, and the worst thing you can do is nothing.” Just make sure you do something!

Thanks, and safe computing!

The Calendar Year has Changed, but Scams Haven’t

by Leave a Comment

In 2017, there was a security breach at the credit reporting firm, Equifax. This breach was significant news at the time, and by 2019 the company agreed to a $425 million settlement of several class action lawsuits. They offered credit monitoring or a cash award of up to $125. At the time, I recommended the former.

In the closing days of December 2022, Equifax began to issue those cash awards. Many people found the amount they received laughable (e.g., most claimed to receive less than $10). However, scammers immediately went on the alert and into action. The website DomainTools.com reported several new domain names, which closely resembled the legitimate one, had been registered in just a few days. The valid website name is equifaxbreachsettlement.com. Fake versions include equifaxbreechsettlement.com, equifaxbreachsettlementbreach.com, and equifaxsettlements.co.

If you get an email notification about payment, do not click on the link in the email. It would be best if you went directly to the legitimate website and manually entered the keycode shown in your email. These instructions also apply if you get a letter in the mail.

Of course, because everyone’s information was made publicly available, scammers know who you are. If you get an email that seems slightly off and want to learn if it is “real,” please forward it to me for verification. Doing so is not an intrusion on my time. I would much rather spend a minute or two to review the contents of an email, than spend several hours — or days — working to restore your stolen identity.

Thanks, and safe computing!

Looking Forward to 2023 With Nary a Prediction in Sight

by Leave a Comment

Last began with more than 100 ships, loaded with goods, lined up outside the ports of Los Angeles. Now there is no backlog. I was looking forward to a new year with some semblance of normalcy in the supply chain for computer-related goods. Unfortunately, that looks like it might not happen.

China was locked down with its zero-Covid initiative and still managed to produce products to keep the supply of goods up and running. Now the government has eliminated that constraint, and people are staying home anyway. Many more are getting sick. Based on recent news articles, the country is prepared for hundreds of thousands of citizens to die. This disastrous result will place many computer equipment manufacturers in the same awful position they were in at the start of the pandemic three years ago.

Lenovo has not announced any planned price increases, but they rarely do. They adjust pricing at the distributor level when they provide their available supply list. I expect to see price jumps on the equipment I usually offer to home users and small business clients by mid-year. I also expect to see the same unavailability of monitors and computers as I did early last year. My advice is if your computers are coming up for replacement, get moving on that project sooner rather than later.

A lack of products will also affect the pricing of items that are still available. SonicWall has increased the price of hardware and software three times in the past two years. They have — for now — indicated they plan to hold the line. Still, I don’t think it will be far-fetched to believe that if they cannot get the necessary components for their firewalls, especially chips, they will increase hardware prices to what they feel is essential to keep moving forward. As a result, a higher price will affect anyone needing a new firewall.

Microsoft is proud of its software and cloud services, generating $25 billion in 2022. The price for Microsoft 365 (most commonly known as Office) will be increasing in 2023 for most business subscriptions. Following an enormous backlash from partners when Microsoft announced a price increase early in 2022, the company offered “discounts” through the end of the year. The cost of Azure, the data center cloud service, will likely increase later in 2023 to account for price spikes for the hardware required in their data centers — mostly solid-state disk drives.

Oddly enough, one of the latest offerings from the world of Artificial Intelligence, ChatGPT, will either wreak havoc for programmers or be a savior. This unique software can provide programming solutions when presented with a mere suggestion of a problem. Companies will still need skilled programmers to complete a full-fledged project. But with the starting point provided by an AI engine, many companies will be willing to reduce their staffing costs by employing this new technology just to hold the line on increasing software costs.

Another feature of ChatGPT is that it can respond to standard English language questions. I foresee customer service help desks will use this functionality before the end of the first quarter to answer commonly asked questions before routing a phone call (or chat session) to a human being. High school English teachers have recently realized the answers to essay questions cannot be reviewed by “did they cheat” software, because ChatGPT responses can be edited to approach grade level equivalency. Only the consistent use of proper grammar and punctuation reveals a software program, rather than an 11th grader, did the work.

With the price of a bitcoin reaching record-level lows, many computer industry pundits believe there will be a decrease in ransomware attempts. I am skeptical and don’t think so. In the past, most cybercriminals requested payment in bitcoin — especially when the price was approaching a record level near $66,000. However, the cyber-currency is now hovering around $16,000, dropping from over $50,000 at the start of 2022. So, in addition to asking for bitcoin to return data, bad actors also threaten to release the data they hold to the public. In some cases, various compliance regulations govern this information, which puts the owners (the victims) in more jeopardy than usual. Kyle Hanslovan, CEO of Huntress Labs, confirmed my thinking in a recent interview with CRN magazine when he said:

With the economy changing, there is no doubt that folks have to get paid. Threat actors have to make money somehow. We‘re noticing, even in some places, they’re holding the data for ransom, but they‘re not actually encrypting. They’re skipping that part and just only holding for extortion, or threatening to maybe call a regulator or threatening like, ‘I’m going to call your customer and show them I have your data.’ So there [are] still other ways even by not using ransomware to still hold data theoretically for ransom. For me, it‘s not going anywhere. It’s such a great source of income for them; it‘s clearly not going away in 2023.

Thanks, and safe computing!

Year End News: Transitions

by Leave a Comment

One aspect of my business that never ceases to amaze me is how hardware and software vendors can make sudden changes that affect vast numbers of clients and end-users with little notice. The two I write about this month are significant; however, they are not representative of the entire industry.

Intuit

Intuit is the maker of QuickBooks, the accounting software many individuals and businesses use to manage their finances. There are three desktop versions of QuickBooks: Pro, Premier, and Enterprise. In 2001, Intuit released a cloud-based version of QuickBooks, which purported to match the desktop versions. Often heated discussions on various forums show this effort has fallen short of expectations for those who are used to the desktop product.

Intuit has had a strict support policy for QuickBooks. It states that support for the current product is valid for three years from when it was issued. For example, Intuit released QuickBooks 2022 in September 2021. It will receive support until the fall of 2024, which means Intuit will publish updates and fix problems with its code during those three years. Anyone who purchases the product can call Intuit’s QuickBooks Support to resolve problems with installation and program errors. Help for how to use QuickBooks is relegated to website forums and accountants. After three years elapse, add-ons to QuickBooks will no longer function. These include Payroll Services, Online Backup, and Online Banking.

For the Pro and Premier versions, you used to be able to go to the Intuit website, Amazon, or a big-box store and purchase the software. You’d either get the CD/DVD and a license key or the license key along with a download link. That software purchase gave you three years of support. The Enterprise version was always an annual subscription.

Last year Intuit changed how you can purchase the product. They have implemented a subscription service for the Pro and Premier versions. (I predicted this more than a year ago for some of my clients.) You must buy the product every year if you wish to continue to use it. To make matters just a little bit worse, you can no longer purchase the Pro version from the Intuit website by clicking a Buy Now button. Intuit removed that option this year. You must call the Sales phone number at the top of the page.

As I learned last month, when you call, the sales agent, using a script, will push you to choose QuickBooks Online. If you say no to that option, they will attempt to get you to upgrade to the Premier version. And if you continue to say no, the sales agent is tasked to offer you additional for-fee options to the Pro version (e.g., Payroll Services, Online Backup, and Online Banking). All in all, not a pleasant buyer’s experience, certainly not one conducive to further purchases – except now, everyone who uses QuickBooks is a captive for a higher priced, not necessarily better, product every year.

Microsoft

Most people probably know Microsoft makes Office primarily consisting of Word, Excel, and Outlook. You might also know that Microsoft has made Office available as a cloud-based offering – in many forms and with different names – since 2010.

Over time, Office was installed from diskettes (6 in 1990), CDs, DVDs, and – most recently – using a license key and a download link. These are known as perpetual licenses. They are valid for as long as you use the computer on which you installed the program. For several years, Microsoft hinted there would come a day when they would stop issuing those product versions. That day is now more visible and inevitable. Last month one of my colleagues reminded me that Office 2013 is going out of support in April 2023. While I wasn’t surprised that a ten-year-old product was ending, what surprised me was the end dates for Office 2016 and 2019. Look a look at the chart below.

OfferingStartMainstream EndExtended End
2013Jan 9, 2013Apr 10, 2018Apr 11, 2023
2016Sep 22, 2015Oct 13, 2020Oct 14, 2025
2019Sep 24, 2018Oct 13, 2023Oct 14, 2025
2021Oct 5, 2021Oct 13, 2026Not applicable

Please note that the last day of support for Windows 10 is also October 14, 2025.

What is someone with a perpetual “Home and Student” or “Home and Business” version of Office supposed to do? The only solution is to purchase a subscription to the appropriate cloud product, as follows:

Consumer (Student):Microsoft 365 Personal$69.99 per year
Business:Microsoft 365 Apps for business$99.00 per year

I will distinguish between an individual purchasing a “Microsoft 365 Personal” or “Microsoft 365 Apps for business” subscription on the Microsoft website versus a business subscribing its staff to Microsoft 365 Business Standard or Business Premium via my Microsoft partner program, NCE. Individuals must create a Microsoft Account (a unique-to-Microsoft email address) to purchase the license because Microsoft will save your credit card information. I can provide subscriptions for businesses through NCE that get are included on their monthly bills.

While it is going to be relatively easy to create a FirstName.LastName@Outlook.com email address for individuals (unless your name is Bob Smith), Business accounts – for actual businesses – must go through NCE to ensure the default “onmicrosoft.com” administrator account gets created. After that, it requires several administrator steps to link the business’ legal website name to the product.

By October 14, 2025, Microsoft will (most likely) require a Microsoft Account to access any new Windows 11 computer. If so, then you must use the same email address for Office!

I can’t say I’m looking forward to these changes because if they are difficult for me to adjust to, they will probably play some havoc for the clients I support.

Thanks, and safe computing!

An Extended Warranty Is Important – Especially When You Need It

by Leave a Comment

Why do some clients complain about the cost?

I always include an extended warranty whenever I sell a higher-end APC UPS battery backup device. I do this to safeguard my client’s investment in a piece of hardware designed to protect computer and network equipment from electrical mishaps.

Sometimes I get push-back from clients about the additional expense, and I take the time to explain what the extended warranty offers. Of course, I’m using a rational approach to try to offset an automatic response (i.e., a gut feeling), which – I realize – is not one that works well all the time.

But let me tell you about a recent incident with one APC UPS device.

A client was renovating one of their offices. As a result of the new design, the APC UPS ended up underneath a desktop counter with minimal airflow. I received an alert because the battery temperature had increased significantly – to the point where it would reduce the lifespan dramatically. So, I asked for a vent to be placed in that section of the desktop counter.

When the contractor came to do the work, he inadvertently sliced into the UPS with his jigsaw while cutting the opening in the desktop. The device went into battery-only mode because he had severed the electrical connection.

Without an extended warranty, here’s what would have happened. I could take advantage of the APC TradeUPS program to obtain a new device. In mid-2022, there is only a 5% discount ($469 -5% = $445). The model is heavy, so shipping is expensive ($50). And there’s the Bergen County recycling fee for batteries ($35). All in, this comes to $530 to replace a damaged device.

With an extended warranty, the replacement device is free, shipping is free, and the recycling fee is free. There is no cost for a warranty replacement.

An extended warranty costs approximately $120 when purchased with a new UPS. In addition to the unique situation my client experienced, an extended warranty lets you obtain a replacement battery, including free shipping and recycling, during the device’s warranty period. Consider that a replacement battery costs about $130 (not including shipping) without a warranty. As I’ve mentioned numerous times, a UPS battery will last between three and five years based on environmental conditions. That means during the life of the device, you might replace the battery at least once, and possibly twice.

There is no reason not to get an extended warranty when you buy a new UPS if one of your goals is to save money.

How I Prepare for the Security Threats of Tomorrow

by Leave a Comment

There is little doubt that cybercrime is becoming more complex, and ransomware and data breach events are becoming more frequent. As a result, many small business owners have become concerned that they will soon be victims. Some have looked to IT solutions providers, like Heliotropic Systems, to help deal with these evolving threats. That is why it is vital for me to understand the current state and emerging trends of that threat landscape and what tools I can use to combat them.

Let’s look at the cybersecurity landscape and analyze the threats, trends, and opportunities.

Protecting Small Businesses from Ransomware Attacks

Cybercriminals are increasingly targeting small- to medium-sized businesses (SMBs). In 2021, more than 40% of all cyberattacks were against small businesses. Digging deeper into that statistic, researchers have found that of those attacked, approximately 60% will go out of business six months following an attack. The primary reason is that so many SMBs don’t have the resources to support an internal IT and data security operation.

In almost all of my security vendor recent annual reports, the most common threat was ransomware. The second tier threat was data breach. To combat these insidious hazards, I must be proficient in three areas.

Prevention

The primary goal is to eliminate the threat of an attack in the first place. While I fully acknowledge there is no “right” way to do this, there are measures I take to help keep my clients from becoming ransomware victims. I recently added Huntress (a threat detection tool) to my portfolio. You subscribe to SPF+ (for consumers) and SHADE (for small businesses), which enables automated patch management to fix potential vulnerabilities as soon as they are discovered.

Another significant measure is to constantly remind clients that rather than click on a link or respond to a suspicious email, you should call me for confirmation. The other day, someone said they received an invoice for three years of Norton Lifelock. No, they didn’t — they received a scam email. It was de-
signed to obtain sufficient information to make fraudulent charges on their credit card.

Detection

I’d be remiss if I didn’t acknowledge that ransomware can still get through the protection layer despite my best efforts. That’s why I have measures in place to identify when ransomware is present, rather than assuming an attack will never be successful. The earlier I can detect it, the sooner I can take action to eliminate it.

Response

When ransomware is detected, responding to the attack, and eliminating it must be done with the utmost efficiency. Some of the steps I must take include:

  • Scan the network for confirmation of an attack unfolding.
  • Identify the infected computers and isolate them from the rest of the network.
  • Secure all backup data or backup systems immediately.

I feel good knowing I have a significantly positive affect on my clients’ businesses by optimizing ransomware prevention and detecting and quickly responding to attacks. Ransomware attacks were estimated to cost roughly $20 billion in 2021. My aim is to save my clients from suffering any financial damages that would hurt their business.

Finding the Right Tools to Combat Ransomware

All my small business clients trust me with access to critical systems and data. They feel protected because they know I will act swiftly and effectively when a threat arises. To accomplish this, I have – over the years – sought to obtain the necessary tools that will facilitate quick and decisive action.

For example, remote monitoring and management (RMM) provides me with access to your computers so I can keep them secure, patched, and operational. I can proactively fix any vulnerabilities before you are attacked with automated patching, whether it is from Microsoft or third-party vendors, which helps optimize ransomware prevention efforts.

But, again, the idea is always to be prepared if ransomware attacks are successful. SentinelOne takes the next step of ransomware defense by including native ransomware detection. It constantly monitors for crypto-ransomware and attempts to kill the malicious software, thus reducing the impact of an attack. You (and I) get alerts at the first detection of crypto-ransomware, and I can automatically isolate any infected computer.

The ability to detect ransomware immediately enables me to execute an action plan sooner rather than later. And I know ransomware infections can cause extensive damage, which may prove too costly for many small businesses to overcome.

Of course, no ransomware response plan is complete without a system to protect the most vital company resource – its data. Regularly backing up data can reduce the risk of downtime when a ransomware attack is successful, but the backup system must be secure and reliable. The Datto Vaults I deploy at client sites are designed to protect physical, virtual, and cloud infrastructures and data. The data is well protected and easily accessible, so I can recover it rapidly when needed. The Vaults also have software that detects ransomware within backups, saving me (and my clients) time locating the last clean system restore point.

Leveraging Security Services to Help You Grow Your Business

Most of my colleagues will tell you that they are all focused on security on many levels, whether securing computers and networks, protecting data, or understanding how to be better against the threat of ransomware. Security threats will never go away – we can only keep them at bay. I believe I can effectively protect my clients and ensure their businesses thrive with the multi-layered security tools I have deployed.

Thanks, and safe computing!