Securing your tablet and smartphone

/in , , , /by

Think for a moment about how much of your life is on a tablet or smartphone. Personal information such as texts, emails, apps, photos, passwords, financial information, as well as work related information.

As time and technology move forward, tablets and smartphones become an item we cannot seem to live without. These devices have become a necessity in the workplace, especially for those people who travel frequently – you can even translate signage abroad or do videoconferencing. They’re convenient, easier to carry, have built-in cameras, thousands of handy apps, and even offer GPS technology. There’s no doubting the convenience these devices offer – but, here are a few things to be aware of whether you use these devices for personal use, work, or both.

Now, with all this great technology comes the risk should your device(s) be stolen or lost. Losing your smartphone can be very stressful, and costly. With this in mind, there are some relatively easy steps you should take to secure your devices so that the door is not left wide open for a hacker or thief to steal your valuable information.

  1. Set a passcode/password. A passcode is a basic multi-digit code. Without a passcode, anyone who has your device in hand can access everything. Many of the newer devices also offer an option to use a longer alphanumeric password. Immediately after you have set your passcode or password, you should turn on the auto-lock function and set it to as short a time frame as possible. Usually 2 – 5 minutes is recommended. It will save a little bit of battery life, and by shortening the window, it’s much less likely that someone will stumble upon it while it’s still powered on.
  2. Be App-Savvy. Installing apps from Amazon Appstore, Microsoft’s Windows Store, Apple iTunes, or Google Play is much safer. Bad Apps can be loaded with Malware which can infect your device and steal your information. Be leery of third party app stores as they often host malicious apps, and are usually disguised as more “popular” real apps.
  3. Read the app permissions instead of blindly accepting the terms and conditions. Is there a reason a game wants access to your camera, microphone, and contacts?
  4. Update the Software. Updates to your mobile OS and any apps on your tablet or smartphone often include security fixes and should be downloaded as soon as they are available.
  5. Beware of Public Wi-Fi. Always use caution when browsing the Web on a public Wi-Fi. Since your traffic is public, it can be captured.
  6. Don’t be Gullible. Immediately delete suspicious text messages from people you don’t know, don’t click on any embedded web links or call any unknown phone numbers. Scammers and spammers are increasingly targeting smartphone users, be it through text messages, emails or even phone calls pretending to be someone they’re not. This could lead to them locking your device and extorting money from you to unlock it (“ransomware”).
  7. Enable Remote Location and Wiping. Preventing someone else from gathering your sensitive data is the most important task you have. One piece of good news is that the percentage of smartphone theft has decreased over the past few years thanks to the increased number of “kill switches” that make it harder to wipe and resell them. If your device is lost or stolen, tracking apps can tell you the location of your device. These types of apps can also let you wipe your sensitive or business data remotely. A remote wipe is similar to a factory reset; it erases all the data on a smartphone or tablet.
  8. Consider Antivirus. For those of you who are Android users, it’s highly recommended to protect your mobile data with security software. Not only do these apps protect your device from viruses and other malware, but it will lock down your privacy settings, scan apps and files for threats, and some solutions can snap a photo of someone attempting to log into your stolen phone via the front-facing camera, and send the image to you.
  9. Data Backups. Backing up data on your smartphone or tablet is relatively simple and it is something that should be done in the event the device is stolen, lost, or simply stops working. By using automatic online backups stored in the cloud or backing up data by syncing your device to your PC or office network are good options to help secure your device.

Regardless of which smartphone you use, it’s critical to prevent your personal (and professional) information from falling into the wrong hands. Even if your device isn’t lost or stolen, your data could still be accessible by a remote thief if not properly protected. No system or protective measure is completely foolproof, but the steps outlined above will make your device much safer.

Bryley Basics: Apps that send an “I’m busy” text from an Android phone

/in , /by

You can’t always be there to respond when you receive a text, but you might want to send an automated “I have received your text” message; much like an “out of office” email response. You can even setup a schedule that provides a response that switches on when your calendar shows a current meeting and switches off after the meeting ends.

Two Android applications, each of them $2.99, accomplish this task:

Both apps are available at GooglePlay.

Please see Sharon Machlis’ How to automatically send an ‘I’m busy!’ text from your Android phone from the 1/6/2016 edition of ComputerWorld.

Bryley Basics: Android app-rating site PrivacyGrade

/in /by

PrivacyGrade, developed by a team of researchers from Carnegie Mellon University, rates Android-based applications for privacy and security. Apps for Android devices are rated based on “the gap between people’s expectations of an app’s behavior and the app’s actual behavior”. If an app’s privacy does not meet expectations, it will score poorly.

For example: Google Maps uses location data, as would be expected by most users. However, a game like Fruit Ninja also uses location data, which is unexpected, and which gives Fruit Ninja a lower score.

For details, please visit www.PrivacyGrade.org.

Bryley Basics: Encrypt your iPhone

/in , , /by

iPhones, versions 3GS and later, offer hardware encryption; it is activated through the data-protection feature by enabling a passcode:

  • Tap Settings > General > Passcode.
  • Follow the prompts to create a passcode.
  • After the passcode is set, scroll down to the bottom of the screen and verify that “Data protection is enabled” is visible.

Note: Your encryption protection is only as good as the passcode; try to make this difficult to guess and keep it hidden.

You should also encrypt your backup for added security.  Check the “encrypt local backup” in iTunes if you back up to your computer.  If you back up to iCloud it is automatically encrypted, but be sure you have a really good iCloud passcode.

Google’s ChromeBook – A realistic alternative to a Windows Ultrabook?

/in , , /by

Google introduced its Chromebook in 2009; sales have increased and it can be considered a low-cost alternative to the pricier, Microsoft Windows-based Ultrabook, but Chromebooks have significant limitations.  Some also say that a Chromebook can replace a tablet, but comparison1 suggests otherwise.

Chromebooks run Chrome OS, Google’s Linux-based operating system integrated with Google’s Chrome web browser.  (Chrome was recently ranked the number one Internet browser used in the US with 31.8% of sampled traffic, followed closely by Microsoft’s Internet Explorer at 30.9%; reported by ADI, a marketing research branch of Adobe Systems.2)  As such, they are designed to be used primarily when connected to the Internet and are closely linked to Google’s Cloud-based services like Google Drive, Google Apps, etc.

Reasons to buy3 include:

  • User interface – Intuitive; easy to use and simple to navigate
  • Offline – Works best online, but supports some offline activity
  • Platform agnostic – Can access all Cloud-based data
  • Fast boot-up – Access the Internet within 8 seconds
  • Security – Google Rewards for bug notification
  • Apps – Growing application options
  • Price – Starts at just under $200

Primary disadvantages of a Chromebook:

  • Thin client that gets its best features only via an Internet connection
  • Offline mode requires setup and has severely reduced functionality
  • Fewer compatible apps and games than Windows-based devices
  • Limited connections to printers, scanners, and mobile devices
  • Low-end processor not built for intensive use

My take:  A Chromebook is a good, low-cost option under these circumstances:

  • You do not use processor-intensive applications (i.e.: games),
  • You use Google Apps for content creation and review,
  • Your data is completely based in the Cloud,
  • You do not connect to other devices, and
  • You always have access to the Internet.

Note:  Google dominates the search industry and makes its money through Google AdWords and other advertising programs.  The core emphasis of all of their efforts is to drive consumers to their advertisers.

Visit http://www.eweek.com/pc-hardware/slideshows/chrome-os-features-to-look-for-in-current-chromebook-crop.html?kc=EWKNLEDP06112014A&dni=132495452&rni=25374491 for an informative overview by Don Reisinger of eWeek.  And, visit Microsoft’s take on Chromebooks at http://www.scroogled.com.

REFERENCES

1Please see http://blog.laptopmag.com/chromebook-vs-tablet for the article “Chromebook vs. Tablet:  Which should you buy?” by Cherlynn Low of LAPTOP.

2Visit http://redmondmag.com/articles/2014/06/06/chrome-surpasses-ie.aspx for details on browser rankings from Kurt Mackie of Redmond Magazine.

3Visit http://blog.laptopmag.com/chromebook-buying-advice to review the article “Should I buy a Chromebook?” by Dann Berg of LAPTOP.

Who is winning the smartphone war?

/in , /by

Apple’s iOS phones get a lot of press, but Google’s Android phones own the market while Microsoft’s Windows Phones are showing signs of life.

Android owned over 70% of the world-wide smartphone market in 2012 while Apple iOS held just 21%.  According to IDC, a market-research firm in Framingham, MA, Android-based phones accounted for over 80% of the smartphone market world-wide as of Q3-2013, while market share of iOS-based phones declined.  (Visit http://www.idc.com for IDC’s report on the smartphone market as of Q3-2013.)

Items fueling Android’s dominance over iOS include:

  • More hardware options (from small, sleek phones to mid-sized Phablets)
  • Carrier access (Verizon, AT&T, etc.)
  • Open-source operating system
  • Price

See why eWeek says that Google’s Android is a smarter choice than Apple’s iOS at http://www.eweek.com/mobile/slideshows/android-is-a-smarter-mobile-os-choice-than-ios-10-reasons-why/?kc=EWWHNEMNL03182013STR1.

Microsoft’s Windows Phone accounted for 3% of the worldwide smartphone market in 2012 and edged up to just under 5% as of Q3-2013.  Market share of Windows Phone is projected to grow to 7% by 2018 (according to IDC).  Jeffrey Schwartz of Redmond Magazine reports that most of this is corporate IT rather than consumer-based.  (See Jeffrey Schwartz’s article at http://redmondmag.com/blogs/the-schwartz-report/2014/02/enterprise-demand-for-windows-phone.aspx.)

98% of mobile-device malware attacking Android (DROID) phones

/in , , , /by

Worldwide, a significant portion of the population owns and uses a smartphone;  mobile users search Google over 5.9 Billion times daily while over 6 Billion hours of YouTube are watched each month on mobile devices.  (Statistics taken from a presentation by Intel Corporation at the MOBILE World Congress 2014.)

Since most smartphones are based on Google’s Android operating system, these are the primary targets of malicious attacks.  Kaspersky Labs, a prominent anti-virus software manufacturer, reports that 98% of malware targeted at mobile devices attacks Google’s Android (DROID), which confirms “both the popularity of this mobile OS and the vulnerability of its architecture”.

Suggestions for DROID (and other smartphone) owners to suppress malware:

  • Keep your mobile phone updated with the latest patches
  • Deploy an anti-malware application

Visit http://blogs.computerworld.com/mobile-security/23577/98-mobile-malware-targets-android-platform for the entire article by Darlene Storm at ComputerWorld.

Fitness regime for your IT equipment: Keep it clean, cool, and empowered

/in , , , /by

IT (Information Technology) equipment is somewhat temperamental; it requires reasonable temperatures; stable, uninterrupted power; and some air flow to operate efficiently.  Cleanliness is important.  Here’s how to keep it toned.

IT equipment should be kept in a clean, neat, and (preferably) dust-adverse/static-resistant area; walls with painted surfaces, tiled or coated floors without carpeting, etc.  Fire-suppression equipment is a plus, but cannot be water-based.

Access should be restricted; a separate, locked room is ideal, but a closet with sufficient space and air flow can work for smaller sites.

Dust is the enemy of fans and electrical components; a reduced-dust environment and regular cleaning of equipment fans can lengthen the life of most items.  (Note: cleanings should be performed when equipment is powered-down, which is not always desirable or feasible.)

The area should have dedicated electrical circuits with sufficient amperage to match the power requirements of the equipment.  We also recommend an Uninterruptible Power Supply (UPS) for all critical items (and require them for equipment that we cover under our Comprehensive Support Program); the UPS provides emergency power when the input-power source is unavailable, but it also helps to regulate fluctuations in power, both spikes/surges (voltage overload) and brown-outs (reduction in voltage) that can damage sensitive equipment.

Cooling and humidity control are very important; most equipment runs optimally within a narrow range of temperature (64° to 81° Fahrenheit) and a maximum range of relative humidity of 60%.  HP, in an effort to be “greener”, lists current specifications on its DL360 server that provide a wider range of 50° to 90°F with 10% to 90% humidity (non-condensing).  However, cooler temperatures do make things last longer.  (The DL360 will actually throttle-back the CPU when the air-inlet sensors detect temperatures over 85°F.)

The area should have continuous air flow (to provide new, cool air while removing heated air that is exiting the equipment) and remain uncluttered to facilitate this air flow.  A dedicated A/C unit combined with a closed door is optimal; locating all equipment within a rack enclosure (with blanking panels over open areas) can enhance air flow.

TechAdvisory has 9 tips at http://techtimes.techadvisory.org/2011/11/9-steps-you-must-know-to-prevent-a-server-crash/.

CryptoLocker Case Study

/in , , /by

The following event depicts a real-life malware attack that infected a New England manufacturing firm. The company has chosen to share its story anonymously to help other businesses avoid a similar fate.

The unsuspecting sales rep certainly reacted in a way anyone would expect. He received an email with a voicemail attachment that looked like it came from the company CEO. When the CEO calls, reps jump to attention, and at this particular manufacturing firm based in New England, the business relies on a communication system that sends voicemails as email attachments. So the sales rep had no reason to suspect anything was wrong.

As it turns out, something was very wrong.

Click the link below to read the full article.

Bryley — CryptoLocker Remediation — 2013

Deploying software systems to manage a growing organization

/in , , , /by

Most organizations use software to manage at least these items:

  • Accounting – Perform vital bookkeeping and accounting functions
  • Contacts – Organize and manage clients, prospects, vendors, etc.
  • Operations – Match assets to organization’s need on a daily basis

In organizations with funding limitations, deployment of a software-based system to manage specific functions often starts as a cost-based decision, which can lead to several miscues along the way since cost is only one of the factors that should guide the decision.

I’d categorize deployment options in this manner:

  • Build your own using all-purpose, brand-name, productivity software
  • Purchase stand-alone applications and manually integrate them
  • Deploy an integrated, all-inclusive system
  • Outsource this mess to someone else

I’ll address the first three options now and provide some feedback on deployment.   Outsource is a large topic that will be covered separately.

Build your own

Organizations with a do-it-yourself perspective often turn to the build your own approach; you basically use the functionality of productivity software (like Microsoft Office) to create a custom-built solution.  Generally, this works OK to start, but can be difficult to manage and maintain with growth.

Popular productivity-software options include:

  • Microsoft’s Office suite (currently Microsoft Office 2013), which includes:
    • Outlook to manage contacts, calendar, email, and tasks
    • Excel to create proposals and track financial information
    • Access to build and manage contact and production databases
  • Microsoft Office 365, a Cloud-based alternative to the Microsoft Office suite
  • Google Apps for Business, which is a direct competitor to Microsoft Office 365

When Bryley Systems first started in the mid-1980s, we used Lotus 123 (a then-popular spreadsheet application) as our primary tool for everything financial; it quickly became unwieldy, so we purchased an accounting-software package.

Stand-alone applications

Stand-alone applications target a specific function and provide work-flows and best-practices to address this function through use of the software application.

Stand-alone applications are often categorized by function (as described above):

  • Accounting
  • Contacts
  • Operations

Below is a brief summary of these categories.

Accounting

The accounting system is very important; it automates the various accounting and bookkeeping functions (Accounts Receivable, Accounts Payable, Inventory Control, Payroll, etc.) and provides a shared foundation for other capabilities.

Intuit’s Quicken is easy to use as a checkbook replacement, but QuickBooks is a full-function accounting system that leads this market.  Peachtree is another popular accounting package, but with only a fraction of the market share.  Intaact is making headway in mid-sized businesses.

FindAccountingSoftware.com provides an easy-to-use, online guide at http://findaccountingsoftware.com/software-search/.

Contacts

Contact-management applications permit the input and retrieval of contact information with tracking and communications activities, including scheduling.  (You can manage your contacts within your accounting system, but this becomes less practical as your account base grows.)

ACT was one of the original contact managers and claims to be the market leader.  It is now owned by Sage Software (which also owns Peachtree and other accounting packages) and can be purchased or leased online.

Other popular options include:

  • Salesforce
  • OnContact
  • Prophet

We started with ACT in the early years, but shifted to Prophet in the early 2000s since it integrated with some of our other systems.

For a recent ranking and review, please visit http://contact-management-software-review.toptenreviews.com/.

Operations (both manufacturing and service-delivery)

 

In a manufacturing environment, a production-management system enhances control over materials flow (from raw materials coming into the organization to finished goods flowing out), production resources (tooling, equipment, and employees), and scheduling.  It is the glue that binds these items together, permitting the company to manage its flow of work.

We often see these packages at our manufacturing clients:

  • Exact Macola
  • Exact JobBOSS
  • GlobalShop Solutions
  • IQMS  Enterprise IQ

Capterra lists many of these options at http://www.capterra.com/production-scheduling-software.

Service-delivery management is a bit more diverse; what works for one type of service operation might not be appropriate for another type.  Typically, these are industry-specific solutions.

For example, we started with BridgeTrak, which is a service-ticketing application with scheduling and limited contact management.  It served well for a number of years, but we found it difficult to integrate with our accounting package (Peachtree at the time) and with other applications.

Stand-alone applications can be deployed internally, but many companies exist to assist with this process. Multi-user versions should have a dedicated, Windows-based server or be Cloud-based.

The lines are blurring between stand-alone applications and integrated, all-inclusive systems, but the primary issues with stand-alone systems:

  • They can become separate islands of information
  • They do not readily integrate with one another

Integrated, all-inclusive system

ERP (Enterprise Resource Planning) and PSA (Professional Services Automation) systems integrate all company functions and departments; it provides one repository for all organization data, which is available to all employees.  A related option, Customer Relationship Management (CRM), software is similar, but has less functionality and is often a component of an ERP or a PSA system.

High-end, all-inclusive systems from SAP, Oracle, Epicor, etc. cost hundreds of thousands or even millions to procure and deploy, but integrate every aspect of the organization.  Most large organizations work with one of these vendors and use their software nearly exclusively for all functions.

For mid-sized and smaller companies, there are many accounting-based systems that can be expanded through modules and customization to provide ERP and PSA-class alternatives.  Three of the more-popular options:

  • Microsoft Dynamics/GP (formerly Great Plains)
  • Sage 100 (formerly MAS 90)
  • NetSuite

There are also many software-development firms that focus on a specific, vertical market and provide a complete, market-specific solution.  In the mid-2000s, we chose this direction and purchased a PSA system from ConnectWise which is custom-tailored to our industry.

ConnectWise handles all facets of our business and integrates with our accounting system and with our sales-quoting tool.  All employees are required to enter every scrap of data into ConnectWise; our adopted slogan is “If it is not in ConnectWise, it did not happen”.

We also use QuickBooks, but primarily because it integrates with ConnectWise in a downstream direction.  We create our proposals through QuoteWerks, which integrates with both QuickBooks and with ConnectWise.

The initial investment is significant, but the time spent deploying an integrated, all-inclusive system solution within the organization and training employees can far surpass the cost of the software licensing. It is a demanding process, but it pays big dividends in uniting all functions and groups.

The primary benefits:

  • All functions integrate together
  • The system can usually integrate with other applications
  • All employees use the same interface and share the exact-same information

Deployment

To deploy these packages on-premise (rather than in the Cloud), you would need:

  • Infrastructure hardware – Physical server with reliability items (UPS, RAID, redundant power supplies, backup solution, etc.).  We recommend HP servers, but also support Dell.
  • Infrastructure software – Most business software are compatible with Microsoft Windows Server and Microsoft SQL Server.  Microsoft Exchange Server may be needed for email integration.
  • Infrastructure deployment – Setup the Infrastructure hardware and software (listed above), configure the end-user devices (PCs and mobile), etc.
  • Business software – Usually sold in a series of modules with add-ons and licensed to match your user count.
  • Business-software deployment – Usually sold as a project, which includes all of the setup stages needed to get the business software operational and assist in the transition.  A fair amount of process customization is needed; report customization is also part of this stage.  (Most folk select an internal “champion” or a “deployment team” to evangelize, build enthusiasm, watch-over the process, and keep things on-track.)
  • Training – We recommend several, time-spaced sessions followed by occasional tune-ups to allow acclimation and to provide hand-holding for those that will have the most challenges.

Cloud-based deployments eliminate the Infrastructure stages (except setup of client devices) and price the business software in per-user increments; however, customization and training are still needed.  The major incentives to Cloud-based deployments include:

  • Reduce capital expenditures (Infrastructure equipment and software)
  • Shift to operating expenses on a per-user basis
  • Speed-up time to deploy

Cloud-based deployments requires great trust in the business partner providing these services, but they can free-up cash (by eliminating the need to purchase Infrastructure) and get you setup quicker.

Summary

Many cash-strapped organizations start with build-your-own and later morph to one or a combination of the other three options as they grow.  However, deploying an integrated, all-inclusive system provides significant benefits and is now easier to budget and deploy with Cloud-based alternatives that spread costs over time.