Drive Encryption

Securing your data is done in layers. Usually we talk about firewalls and antimalware but just as important in our highly mobile world is drive or disk encryption. Most mobile devices support encrypting all the data on the device, and many even come set up this way by default. The reason is because we carry so much data on our mobile devices that we need to be able to ensure its security. What about laptops and flash drives though? Do you have client files on your laptop? Do you have a backup of Quickbooks on your flash drive? What if either of these is lost or stolen? Is the data safe?

Drive encryption or whole disk encryption allows you to encrypt every file on your computer or a flash drive so that a password or key is required to read those files. On a laptop there is usually a special security chip called a TPM that requires a password in order to boot up the computer. Once you enter the password you are able to access the files and the laptop boots up normally. Where having the drive encrypted comes in handy is if someone removes the hard drive from your laptop to try and get at the data directly. All the thief gets is gibberish and the data is useless because they don’t have the key to decrypt it. The same is true if you encrypt a flash drive. Without the key or password the data is scrambled and unreadable. Now encrypting these devices not only protects the data but some states even have “safe harbor” clauses in their data breach notification rules that say if you lose a device that contains client information and the device is encrypted you are exempt from the notification requirements of the law. I would recommend checking with a legal professional to better understand your local data breach notification rules and laws.

Many of today’s modern operating systems include tools for providing whole disk and removable disk encryption. Windows 8 Pro, Windows 7 Ultimate and Enterprise, and Vista Ultimate and Enterprise include Microsoft Bitlocker to provide disk encryption. Mac OS X Lion has FileVault2 for whole disk encryption. There are also 3rd party tools like Symantec Drive Encryption that you can also use for Windows systems that do not include Bitlocker. Drive encryption is a great way to stave off the loss of data; however, if something goes wrong and you lose your key or for some reason you get totally locked out of your system by the encryption software (yes this can happen) having a good backup of your data is very important. If you do have data on encrypted laptop that isn’t backed up some place you should certainly start backing that data up. To also keep that data safe remember to encrypt your backup as well. Most cloud backup solutions encrypt your data both in transit and at rest on their systems. Next month I will share a tutorial on encrypting a flash drive with Bitlocker on a Windows 8.1 device.

Hands- On Review of Surface Pro 3

I have had several opportunities to set up Surface Pros for clients since the first Surface was released 3 years ago. I have finally been able to get my hands on my very own, and I have to say I am just as impressed with this one as I was with the ones I set up. The Surface Pro 3 runs Windows 8.1 which for many is a turn off, but I love it. Once I got used to a few navigational quirks I was off to the races. But getting started was easy — all my apps where presented to me on the start screen and I was able to quickly move between the desktop interface and the Modern UI of Windows 8.1. I highly recommend Windows 8.1 for your next Windows device (desktop, laptop, or tablet). This is not a Windows 8.1 review even though much of the tablet’s functionality is due to the operating system.

The first thing I did when I turned on the Surface was to complete the set up wizard which was simple and straight forward. I was asked to choose a language and to join my wireless network. Towards the end of the process I was asked to supply my Microsoft ID and password. This is an important step because your Microsoft ID is what links your device to the world of Microsoft cloud services, much like an Apple ID for iPad. If you don’t have an ID you can create one, they are free. You also have the option of creating a local account though I don’t recommend this option.

Once I finished the setup wizard I logged into my Office 365 account and installed Office 2013. My favorite Office application has quickly become OneNote. With the stylus I can take natural handwritten notes, sketch out ideas, and convert handwritten notes to typed text automatically. The stylus works perfectly with the palm blocking technology allowing me to lay my hand on the screen as if I were writing on paper. OneNote comes with the Surface, so even if you don’t have office you can enjoy this powerful application.

I have played video from services like YouTube and Netflix as well as run some graphics editing software on the tablet and it has performed flawlessly, so far. I have not experienced any lag or lockups. As for Office, I am writing this article on the Surface in Office 2013 saving directly to my OneDrive, and the experience has been great. I take that back… one thing would truly make this tablet a laptop replacement and that is a type cover. I have been using the onscreen keyboard; however, in writing this article just like when one I wrote on the iPad a few months ago an external keyboard is needed for prolonged typing tasks.

The Surface Pro 3 offers the best of both worlds — a full Windows 8 Pro experience in a light portable tablet form factor. The smooth response and large crisp display are a joy to use, and I would recommend this device to anyone who is looking to upgrade or replace the laptop they carry today with a sleek modern tablet. Be prepared for a slight learning curve with Windows 8.1, but don’t be afraid of it. Microsoft provides plenty of short 2-5 minute video tutorials to help you get started quickly.

Reimagine Your Business In The Cloud

Recently I was asked the question, “If I where to start a new business what technology would I use?” This is actually a very good question and it forced me to think about what technology the average professional office needs to efficiently perform day to day tasks. Given most of the professional offices I work with are in the 5 to 10 employee range I will base most of my assumptions off of the needs of an office of this size.

Every employee needs a computer, email, and access to productivity software such as word processing and spreadsheets. In more recent years social collaboration has also become a major benefit for businesses needing to develop content and work with a more distributed workforce. While not as important as it once was phones and fax still play a big part in day to day business activities. Beyond these basic needs each industry has its specialized applications that provide specific features required in that business’s work flow.

My recommendation is to put as much in the cloud as you can. By using reputable service providers the cloud can provide even the smallest office with the scalability, availability, stability, and security of a large enterprise. These cloud services are staffed by highly trained technical teams that monitor and manage the software and hardware 24/7. The networks are run on high end hardware with ultra-secure settings the likes of which no small business could dream of affording. The other benefit of the cloud is that getting these services set up costs less upfront than buying and installing all of the hardware needed to support having it all set up in house. Also the monthly payment or annual payment plans allow you to plan and budget for your technology needs in a manageable way. Because you are paying a regular fee and everything is hosted in the cloud you also benefit from the provider’s team keeping everything up-to-date so you don’t have to do it.

Now let’s talk about some specific solutions — phones and faxes seem like as good a place to start as any. Internet based fax has been around for quite a while; next to online backup I would argue it is one of the oldest cloud services. Companies like MyFax and eFax allow you to securely send faxes over the internet to a fax number as well as allow people to send faxes to you at your existing fax number. The magic is in the provider converting the data from the fax machine into a pdf or your document into data a fax machine can read on the fly. Phone systems have been making the slow and deliberate move from PBX to IP based systems that use the same network your computers do to share information. It is only natural that as Internet connectivity has improved that these voice over IP phone systems would find a home in the cloud as well. I work with a company called CommCore that provides hosted VoIP systems though there are many more like 8×8 and Switchvox by Digium that provide fully managed hosted IP based telephone solutions. These solutions are simple to install. Just plug the phone into your network and the provider takes care of the rest. Calls are routed over the Internet and then switched and sent out over telephone company lines to the number you called and the reverse happens when someone calls you. For email and productivity I believe Office 365 is the best solution available to any business. You get 5 licenses of Office for each employee to install on any device they use, a 50 GB mailbox on a fully managed and hosted Exchange environment, tools like SharePoint, OneDrive, and Lync for sharing and real time collaboration and communication for a low monthly fee per employee. Lawyers, accountants, and a host of other professional offices have software that is geared to specific functions in those industries. Most of these software providers are now providing their applications in a hosted environment that they manage and maintain taking the burden on maintaining, upgrading, and backing up off of the business. If you choose to still have some of your own servers these too can be made virtual and hosted in the cloud and the cost to do so is generally based on metered usage of resources like processor time and storage space.

While most things can be pushed up to the cloud there is still a fair bit of technology you should have in house. As I mentioned, everyone still needs a computer, laptop, or tablet for accessing these cloud hosted services. You need a reliable internet connection, and I would recommend having a backup connection as well from a different provider. I would also still recommend a small server at a minimum to serve as a domain controller to manage security and configuration of the computers on your network as well as across your cloud services. Switches and wireless access points will still be needed to connect the equipment that is still located in your office. Along with the internet connection your router/firewall becomes more important as it is now the one device that provides your entire office access to all of the cloud services. It needs to be robust and secure and it needs to be able to support the redundant connectivity to the internet I suggested earlier. Another feature you might also want for your router is the ability to work in concert with another router that can takeover automatically should the first one fail.

I fully believe the future of technology is in the cloud and understanding how using cloud services in concert with in house hardware and technology can help you build your business. The cloud allows you to expand beyond the walls of your office and provides access to employees and clients alike anytime, anywhere.

iPad Upgrades

October brought us a pair of new iPads from Apple: the iPad Air 2 and the iPad Mini 3 — just in time for the Christmas shopping season. I love my iPad 2. It has become the primary computing device in our home next to our iPhones. I am ready for an upgrade and the iPad Air 2 looks like it has all the right stuff.

The new iPad Air 2 weighs in at less than a single pound and is 18% thinner than the previous iPad Air. You have seen the commercial where they hide the original iPad Air behind a standard #2 pencil, well the new commercial slices off nearly a fourth of the pencil and hides the new iPad Air 2. It feels great to hold. Head out to a Best Buy and see for yourself. The Air 2 is light and sturdy. Just like the new iPhone 6, the display has been upgraded and features a fully laminated display that makes the images on the screen look like they are sitting on top of the glass which is one of the things I like the most about my new iPhone 6. The Air 2 sports the powerful new 64 bit A8X chip as well as the M8 motion coprocessor. The iSight (rear) camera has been upgraded from a 5MP camera to an 8MP camera for even better pictures and video. The WiFi network adapter also got a little boost by adding support for the latest 802.11ac standard. The new Air 2 also includes the Touch ID sensor allowing you to use your fingerprint to secure the device.

The iPad Mini 3 received only one update from the previous generation…Touch ID. While not earth shattering it is nice to be able to secure the device and be able to unlock it quickly and easily. Beyond that the iPad Mini 3 looks to be identical to the previous generation. The mini 3 is still even running on the last generation A7 processor and M7 motion coprocessor. Even though it did not receive the same love this year the iPad Air 2 did from Apple the iPad Mini 3 is still a solid tablet for any task you throw at it, just in a slightly smaller package.

Both devices come loaded with the latest version of iOS 8, with all the same bells and whistles iOS 8 provides. Cool new apps like health are supported on both the Air 2 and the Mini 3. Apple Pay is supported on both devices using the Touch ID sensor, but there is no NFC radio so you can only make Apple Pay purchases on participating websites.

Tablets are amazing devices with unbelievable power and functionality that is always at your fingertips. I believe iOS still leads the market in ease of use. These 2 attributes are exactly why my entire family has given up in almost every instance using a laptop or PC for our daily casual computing needs.

The Modern Backup Routine

Backups are undoubtedly one of the most annoying parts of the IT process, not only for the IT consultant trying to monitor the success of the backups but also for the small business employee charged with making sure they swap the tape or portable drive out each night and take it with them to keep it safe in case disaster befalls the office before the next backup runs. This process is also the most crucial, especially if disaster does strike because the only way to get back to work is to restore from that backup. For years, we as IT consultants have drilled into our small and medium sized clients that that method of managing backups is the best way. Backing up to physical media, changing the media out nightly, and then taking it off site in someone’s car was the absolute best way to back up your data and keep it safe. This is no longer true, and the potential risks of data theft and loss while that backup media is outside the office could be devastating to your business.

I have written at great length about the cloud; public and private, and about network attached storage. These technologies are at a point where most of the enterprise features large companies have enjoyed for years are now available and affordable to even the smallest business. The modern backup makes use of both the low cost local storage on your network as well as low cost cloud based storage either public or private. In this hybrid solution you are protected from day to day data loss caused by the occasional user error as well as a major server failure by the local backup on your local network attached storage device. This local backup is much faster to restore from reducing the potential downtime in the event of server failure or accidental data loss. A copy of your local backups is replicated to your cloud based storage where your data is safe from major disasters like fire or flood in which the office is damaged or destroyed. This cloud based storage could be a backup service like Azure Backup from Microsoft or an Amazon s3 solution or even a backup to a service to Mozy if you intend to use the public cloud. If you are using a NAS from just about any manufacturer it can be configured to copy data to another similar NAS located at a remote site. This remote site could be a data center you rent rack space from, a buddy’s network closet at their office across town, your home, or even vacation home. This second NAS can be placed anywhere you can provide internet access, even your lawyer’s or accountant’s office.

Once you have your backups going they need to be monitored and reviewed on a regular basis. Backups are not like those infomercial cooking products that are on TV late at night. You know the ones…you just set it and forget it. Backups need attention. You need to make sure you are backing up what you need backed up. Old unused data should be archived and removed from the daily backups because it is wasting precious time and space in your backup window. The backup window is that period of time you have to back up all the data during which you don’t want anything else happening on your server other than your backup. Once that window closes, any number of activities could hinder your backup causing it to fail or for files not to be backed up.

Now is a perfect time to review your backup strategy. Sit down with your office manager and IT pro to determine what needs to be backed up and how often and make sure those backups are still backing up the data you think they are. Backups are important and you need to know that your data can weather any storm and be available when disaster strikes.

POS Malware On The Rise

It seems almost daily there is a story in the news about another retail chain whose credit card system has been hacked. Over the last few months the number of computers running Point-of-Sale systems (POS) that have been infected with a class of Malware designed to target these systems has grown over 50%. Security experts believe that thousands of small and large retailers may be infected and not even know it.

One of the more publicized pieces of malware called “Backoff” is responsible for a number of breaches as of late. The malware scans the computer’s RAM for traces of data left behind after a card is scanned that contains the card numbers and the card holder’s information then reports it back to the hacker’s network. Other similar malware applications record keystrokes and data stored on the POS computer to send back to the attacker for them to pull credit card information from.

I know that most of my readers are not in the retail business; however, I am certain many of you know someone or provide services to someone who operates a retail business. These folks need to take a look at their POS computers and make sure they are as secure as possible to prevent a potential data breach. Like with any system on your network the POS computers should be secured from attacks using best practices. First an administrator account should not be used for daily access to the computer. The login used should be limited only to running the POS and any other common activities associated with the daily use of the system. Complex passwords that have to be changed regularly will also keep many potential threats at bay. The antivirus software should be up to date and have the latest virus definitions installed. Many of these POS viruses use the Remote Desktop Protocol (RDP) to send and receive data. If you can, RDP should be completely disabled on POS computers. Because the POS devices should not be accessing the internet for much, you can use devices like your network firewall to log the connections to the Internet and look for strange connections that should not be coming from a POS device. You can even block access to everything on the Internet from the POS and only allow the few websites it does need access to from your firewall or router. Taking the step of logically separating your POS system from the rest of your network using vLAN technology and access rules to police traffic between the networks can add another layer of protection to these devices.

Hackers will always look for the easiest target. Like any thief they are criminals of opportunity. Smaller retailers may not be making the news like Home Depot and Dairy Queen, but make no mistake the threat is just as real for the mom and pop retail store or restaurant using POS in their business.

Apple ID’s For Kids Under 13

As it turns out, I got the new iPhone 6 and my wife got my iPhone 5s that was less than 6 months old. My oldest son has been absolutely pestering us for an iPod Touch, or an iPad, or an iPhone of his own. He is 8 and even as tech forward as I am, I am not about to give him a phone at that age. The shuffling of phones between my wife and I did however leave us with an unused iPhone 4 that, without the cell service makes a perfect iPod Touch. I began to set the phone up for him and realized he was using my wife’s Apple ID which means he had unlimited access to buy whatever he wanted from the iTunes and App Stores. This is no good, there has to be a better way. Even if I create an Apple ID for him and say he is over 13 I have no real control over the content. Family Sharing, which became available with iOS 8 allows me to create a special Apple ID for my child, one that allows me to control what he can buy.

If you haven’t heard of Family Sharing it allows you to share applications and a single payment method among a group of Apple users you invite as part of your family. If you haven’t discovered this new feature yet on your iPhone, it is under Settings>iCloud. You can turn on Family sharing here and once it is set up you can go back and invite family members and most importantly create a child’s account. The account creation process is easy. The only requirement is that you have your default payment option set to a credit card and not a debit card. They use this as part of the parental consent process. Once the account is created you can change the default payment method back. It is important to use your child’s actual birthdate when setting up the account because it changes certain defaults. For example the ask to buy feature is turned on by default for accounts of children under 13. This means you have to approve a purchase from iTunes or the App Store before they can complete the transaction.

Now that my son has his own Apple ID I can finish locking down his device. I can set up restrictions on the phone like not allowing in app purchases. I can also set rating levels for the content that is allowed on the device. To access restrictions go to Settings>Restrictions and touch Enable Restrictions. Changes made to the device restrictions are protected by a passcode you create and enter at this step. For more information about the kinds of restrictions you can set have a look at this article from Apple support

It has taken Apple a long time to figure out how to safely cater to their younger users, but I think with the right combination of Family Sharing and restrictions we can be confident our children’s experience using Apple devices will be safe and fun for them and my credit card.

iPhone 6

On September 9th in typical Apple fashion the tech giant announced the release of… you guessed it — the latest iPhones. Since Apple is no longer good at keeping secrets, most of what was announced had already been guessed by avid Apple watchers. The “big” news in the announcement was of course the increased size of not one but 2 new iPhones. Some of you may recall the late Steve Jobs stating that the iPhone was the perfect size and that would not change. Well the iPhone 5 was taller and now the iPhone 6 and its ever bigger brother the iPhone 6 Plus have both taken growth spurts. Welcome to the age of the iPhone “phablet.”

Let’s talk some specs. Both new phones are running Apple’s new A8 processor claiming increased processor speeds by 25% over the previous Apple processor, not to mention 50% better graphics performance. The new camera hasn’t improved much; weighing in at 8MP, it is capable of taking 1080p video at 30 or 60 frames per second. That’s some super-sized video recording capability. Speaking of size did I mention that the screen on the iPhone 6 is 4.7″ and the 6 plus measures a whopping 5.5″? With this new larger size there is room for a new larger battery, increasing the talk time of the 6 by 1 hour and the talk time of the 6 Plus by 14 hours over the iPhone 5s.

Other big news regarding the iPhone 6 and 6 Plus is increased storage. The new phones now come with your choice of the ever popular 16GB and now the new 64GB and 128GB of storage — yup, that’s right. 128GB of storage in a phone. What do these monster phone/tablet hybrids cost, you might ask? Well starting with the iPhone 6 the 16GB model is $199, the 64GB model is $299, and the 128GB model is $399. The 6 Plus will run an extra $100 more than the 6 for each capacity level. These prices are of course with a new 2 year contract from your friendly neighborhood cellular service provider.

By now you are likely to have heard about issues with the new phones and the new version of iOS. They are all true. iOS 8 is causing problems for lots of people. If you haven’t updated to the latest version of iOS 8 hold off. Give Apple a month to shake the bugs out. The same goes for the new iPhones. They are great phones, but like most new devices there are some bugs in the software. Regarding the bending phones all I can really do is shake my head. Why in the world would you put a skinny piece of aluminum in your pocket and sit on it. Thank heaven the glass didn’t break. If you want to sit on your electronics go get a Tough Book — they drive hummers on those little fellas. Have some common sense and protect your investment with a case, like the rest of us.

If you have the new iPhone 6 or 6 Plus I would love to hear how you feel about it so far. Go to and leave your comments below the article.

The iWatch Is Coming

I mentioned in a previous article that wearable technology was here to stay, and with Apple now on board with its new iWatch you can bet Apple believes that too. The new iWatch is not due out until sometime early in 2015, but Apple debuted this new little piece of tech as one more thing at their annual iPhone release.

Like everything else Apple makes, the iWatch looks beautiful. There is a look for every occasion from formal to fitness. The focus on form is truly evident in the multiple designs that will be available for this “watch.” But it is not really a watch. It is an extension of the iPhone that you carry with you everywhere you go. The iWatch gives you access to email, text, and social media without having to take your phone out of your pocket. The iWatch integrates with Siri, allowing you to use voice controls for your phone through the watch. It is a fitness tracker that includes a sensor for tracking your heart rate. All of the health data integrates with the new health dashboard and feeds a health app that helps you set and meet fitness goals. The face of the watch is customizable and the home screen displays a cloud of apps that you can move around in with simple touch gestures. The crown is part of the user interface, allowing you to zoom in and out of apps like maps and scroll quickly through lists. The touch interface is pressure sensitive so it can distinguish between a tap and a push allowing the interface to respond correctly.

The iWatch comes in 2 sizes, 3 models, and has 6 interchangeable bands. As I mentioned earlier, iWatch is due out early 2015, and the price will start at $349 for the “Watch” model. The other 2 models are Sport and Edition, each of which should be available at the same time with faces in sizes for both men and women. To borrow a line from Apple, “one more thing”…Let’s talk about the charger. This watch needs power. A single coin cell battery isn’t going to keep this digital beast going. It has to be charged. You don’t plug it in to charge it though. The iWatch uses a magnetic cable that latches on the back surface of the face and uses inductive (wireless) charging to feed juice to the iWatch. I am looking forward to the iWatch release. Maybe if I save up my wife will let me buy one for my birthday.

The Bash Bug

You may have heard in the news about the latest apocalyptic technology threat, the Bash Bug also known as Shellshock. The media may have over hyped this one a little but the threat is certainly real. Most of the servers on the internet that provide access to the web pages you surf every day run Linux and are potentially vulnerable. The Bash Bug is also capable of getting into other equipment like routers and switches whose software is frequently based on Linux. Macs running OS X are also based on similar software at the core and are vulnerable to the Bash Bug but only if they have the advanced Unix services enabled. OS9 and earlier Macs are not affected according to Apple. The good news — for once, Windows devices are unaffected!

Linux is an operating system like Windows and provides the basic interface for people to interact with the device. Bash is part of that interface in Linux and it has a very old bug that hackers have discovered how to exploit. By sending a properly structured text command over a network to one of these machines a hacker can get the Linux computer to run programs and do things that would require authentication and security privileges normally. This is frightening because a hacker can essentially hijack one of these devices and use it for anything they want: sending spam, hosting viruses or illegal content, or attacking other systems.

Now for the part that really makes security pros nervous. In the past I have talked about The Internet of Things. The light bulbs, toasters, and ovens you can control from your phone over the internet are all examples of devices that are part of The Internet of Things. These devices in many cases run a tiny Linux operating system that uses in many cases the insecure version of Bash. Unlike the Servers, routers, and switches that run the internet and many internal networks, these devices don’t have good security and typically lack any way to patch them when security flaws are discovered. You might be thinking really who wants to hack my cool new remote controlled GE light bulb? How could it have the power to do anything? Have you ever seen a locust? They are small and easy to kill, but if you have a swarm of them like in one of those movies that shows the plague of locusts on Egypt you have a good reference point for thinking about what kind of power someone controlling hundreds of thousands of these devices might be able to wield.

If you are concerned about your web servers and network hardware most vendors have patches out already to secure the affected devices though your toasters are still vulnerable and there really isn’t anything to do to fix them at the moment. I recommend that if you are running a Linux server you contact your IT department and patch it. You should also have your IT provider check to see if any of your network devices like routers, switches, and wireless access points have been identified as vulnerable by the manufacturer and patch them immediately as well.