Saturday, 9 September 2017

Spam management

Spam is unsolicited email that you get in your inbox, usually attempting to sell you something or entice you to a website. This email can be annoying if it arrives en masse but some spam can also be malicious, attempting to phish information or install malware on your computer. Depending on your email provider, they will usually have a spam filter applied to your email, but these can be overcome if you signup for marketing emails, or your email address is added to a spam list.


One of the largest spam databases has been discovered recently, weighing in at a massive 14GB and approximately 711 million email addresses. Worryingly, some of these email addresses also included passwords. These are likely to have been harvested from hacked sites such as Yahoo. If you want to identify whether your email address is on the list then go to https://haveibeenpwned.com/ and check there. If you do find your email listed, then it is a good idea to change the passwords associated with that email address so that hackers don't use those details to gain access to your information.


The other issues with being on the spam list is that you are likely to get more spam emails. Once your email is added to a spam list it is difficult to remove it. While legitimate companies will provide an unsubscribe feature, this can be used by illegitimate spammers to confirm that your email address is active. So once you click on the unsubscribe link, you will be targeted for further emails. As mentioned earlier, depending on your email provider, the spam protection may vary. The larger email providers like GMail and Outlook.com allow you to identify spam in your inbox, and this helps fine tune the settings for your email. Bigpond don't have the same level of protection so you will need to use a client based spam filter to fine tune the spam settings. Spamfigher (http://www.spamfighter.com/) is a paid product with a free ad supported version, that can be added to the common email clients (Outlook, Windows Mail etc.) to provide additional spam protection if required. Some anti-virus products will also include spam protection as part of the security suite.


Often the best way to beat spam is to avoid it. To prevent your email address being used for spam, use a separate junk email address for signing up to sites or marketing lists. This way you can check the junk email occasionally for any legitimate email but keep your private email safe from spam. For more information on tuning your spam filter in gmail and outlook.com, take a look at these sites.


https://support.google.com/mail/answer/1366858
https://support.office.com/en-us/article/Help-keep-spam-out-of-your-Inbox-in-Outlook-com-a3ece97b-82f8-4a5e-9ac3-e92fa6427ae4

Tuesday, 1 August 2017

Limiting internet data usage

If you are unfortunate enough to only have access to mobile broadband or satellite broadband, then chances are you will need to keep a close watch on how much data you use over the month. These plans have a limited allocation (or quota) and you will either be charged excess usage fees, have your internet shaped (limited speed) or have no internet access at all, if you exceed your monthly quota. As a result it is important to manage your bandwidth usage, and there are a few ways to do this.

One of the most common causes of excess usage is system updates. In the case of Windows 10 PCs, these updates are mandatory and can be large, especially for feature updates. There is a way to prevent automatic downloads on Windows 10 by changing your network setting to a metered connection. Go to Start > Settings > Network & Internet > Wi-Fi > and then either Advanced or your Connection name. Set Metered Connection to On and you will now be prompted when updates are available. It is still advisable to apply updates regularly, especially security updates, but at least with this setting on you can choose when to download them.

iPhones and iPads are also bandwidth hogs when it comes to updates. These can be as large as a gigabyte for major updates. Apple does not make it easy to prevent these updates but if the pre-requisites aren't met then it will not download the updates. In particular, the device needs to be on charge and connected to a wifi network. Disabling wifi when you charge your phone is one work around. For other options take a look at this post (https://discussions.apple.com/docs/DOC-9741). It is possible to restrict automatic updates of Apps on iOS devices. This can be done by going to Settings > iTunes and App Store and disabling all the options under Automatic Downloads. This way you can choose to update Apps when you have the bandwidth available.


If your updates are not causing your bandwidth usage then it may be the content that you are downloading. Video streaming will quickly use up bandwidth, this includes the likes of Netflix, YouTube, Facebook and Instagram. Any site that shows videos has the potential to eat into your precious monthly quota so keep a watch on the sites you visit.


Unfortunately there is a big disparity between prices for data on mobile broadband and other forms of broadband. Until this improves, it pays to be careful about what is download over these expensive connections.

Monday, 3 July 2017

Cyberwar and ransomware

Ransomware has been making the news lately with the WannaCry and, more recently, Petya strains grabbing the headlines. These threats were so dangerous because they easily spread to unpatched computers. The reason these malware attacks were so effective was because they used a zero day exploit that was developed for cyber attacks by the U.S. National Security Agency (called EternalBlue). The exploit was made public by hacking groups and Microsoft did develop patches to protect their systems, but the issue is that many systems remained unpatched resulting in outages to many businesses. More exploits are being released. The CIA hacking tools were released on Wikileaks in March 2017 (https://wikileaks.org/ciav7p1/) which will no doubt lead to further malicious threats being released in the wild.

So what is a patch? These are software updates to the system developed by the software vendor. Microsoft regularly releases patches to improve performance or fix security flaws on Windows systems. These show up as Windows Updates. It is a good idea to apply these updates as they are released. In fact, Windows 10 doesn't give you the option, it enforces the updates automatically. This does require internet access in order for the updates to be downloaded though.

So the computers most effected by these exploits were running older Windows systems (mainly Windows 7) and Microsoft took the rare step of releasing a security patch for Windows XP (which is no longer supported and doesn't get security updates any more). Even though WannaCry preceded Petya, many systems were still impacted when Petya was released. Initially it was thought that Petya was another ransomware threat but it turned out that it was not possible to get the encryption keys and the email address used to contact the criminals was shut down, making it impossible to get in contact, even if a company wanted to. It would appear that Petya was written to destroy data while acting like ransomware. As this threat first appeared in the Ukraine, it would seem that they were the initial targets of the attacks, which subsequently spread to the rest of the world.

With the continued release of these exploits that are used by nation states for cyber warfare, it raises issues about disclosure to the software vendors. Is it ethical for a government to withhold these zero day exploits from the vendors, especially when they can be used for criminal purposes? More to the point, it has become critically important that companies maintain regular updates to avoid being attacked by malware. It is surprising to me that many companies do not stay on top of this. For the home user, it is also important to ensure that they maintain regular patching for their system and software they use (such as Microsoft office, Adobe reader, Adobe flash and java etc). Be aware though that updates must come from a trusted vendor site and not a third party website as these can be used to inject malware instead of legitimate software. For more information on how to maintain patching in Windows go to https://support.microsoft.com/en-us/help/12373/windows-update-faq. For Apple Macs check this link https://support.apple.com/en-au/HT201541.

Thursday, 1 June 2017

Backups

TL;DR
  • Backups are not often considered important
  • Cloud storage services can mitigate risk of data loss
  • External drives and NAS are other options for backup
  • Test backups and keep a copy offline

For most people, backups are the sort of thing you don't pay attention to until you need them. A number of clients have recently required specialist data recovery as their hard drives had failed and they wanted to get back their precious photos and documents. These services can cost upwards of $1000 so it is generally the last resort. The reality is that hard drives and storage devices do fail, so it is always worth have at least 2 copies of your data. Fortunately there are a number of ways you can do this these days.

Cloud services such as Dropbox, iCloud, Google Drive or Microsoft's OneDrive are all ways that you can store documents and photos somewhere other than your PC. Most cloud services offer a free service but this is usually limited to a few gigabytes of storage. This won't last long as photos and videos will easily fill that space in a very short time. Paid options are worth looking at (especially compared to the price of professional data recovery) and if you are bundling in your subscription with other services, this can be good value. In the case of Drive and One Drive, if you are paying for the G Suite or Office 365 packages then you will get increased storage bundled in with those plans (see https://gsuite.google.com.au/intl/en_au/pricing.html and https://products.office.com/en-au/office-365-home). The other benefit of cloud storage is that you can access your files from other devices and locations. Be aware though that you will need a reasonable internet connection and data quota in order to sync your files to the cloud. 

A more traditional option is to backup to an external drive. These are readily available from Officeworks, or other tech stores, and a reasonably sized 2 TB portable drive will cost around $100.  Windows PCs and Macs require require an initial setup to connect the external drive for backup, but once this is done, they will automatically backup after that. The guide to backing up in Windows 10 is available at https://support.microsoft.com/en-us/help/17143/windows-10-back-up-your-files and for Macs you can access this at https://support.apple.com/en-au/mac-backup.

Another option for local backup is to use Network Attached Storage (NAS). These are essentially hard drives that connect to your network and can be used as centralised storage for backups and file sharing (photos, videos etc.). The benefit of NAS is that you can backup multiple computers to the same storage on the network. QNAP and Synology are popular brands and their products start from $150. You may need to purchase the hard drive separately so consider this when evaluating these options. To backup to a NAS device, you will typically use the software that comes with the product. Ensure that your router is fast enough to support the network traffic (at least gigabit ethernet). For more information go to https://www.qnap.com/en-au/ and https://www.synology.com/en-global/support/nas_selector.

Cloud and local drive backups are not exclusive and I would recommend using both. Having multiple backups can reduce the risk of losing your data to a ransomware attack or other failure.  It is also worth testing your backups by restoring a file every now and then. You don't want to find out after the fact that your backups are not working, so test these regularly. So before your computer storage fails, make the effort and get a good backup, fast!

Monday, 1 May 2017

NBN Address checker

If you were wondering when the nbn will be available at your home or business, the nbn have recently improved their address checker on their website (http://www.nbnco.com.au/connect-home-or-business/check-your-address.html). This will now give an estimate of the availability of the nbn at your address and the type of connection you can get. It is based on nbn's updated three year construction plan. If a rollout is not planned or underway then you will be advised that you can access the skymuster satellite service. This is an improvement as previous searches only advised when building may commence and did not give a detailed description of what you may be able to access. 

In the Chittering Shire, the address checker advises that nbn fixed wireless services are planned to be available in March 2017 in Upper Chittering. It should be noted that these plans are subject to change, but this is looking promising for that area. Lower Chittering and Bindoon are slated for October to December 2017 and will also be receiving fixed wireless within that coverage area.  Building has also commenced in townsites throughout the Gingin Shire, with some sites already available.

The nbn coverage map is useful if you would like to see how far the fixed wireless coverage goes in your area. It will also show the progress of the fixed wired technologies and can be accessed at the nbn website (http://www.nbnco.com.au/learn-about-the-nbn/rollout-map.html). 

Tech for non-profits

If you are involved in a not-for-profit (NFP) or income-tax-exempt (ITE) organisation, then it may be possible for you to get discounted technology for the use within that organisation. TechSoup is a global alliance of technologies companies that provide discounted products to NFP organisations. Donor companies include Microsoft, Google, Cisco, Symantec and Adobe, to mention a few. In Australia, Connecting Up is the Australian partner of the TechSoup alliance and you will need to register with them to access these discounts.

Some of the examples of products available under the program are all of Microsoft's licensed products including Office suites and Desktop and Server licenses. There are some limitations as to the number of licenses that can be redeemed within a two year allocation cycle. Similarly, Google's Apps for non-profits (G Suite) is available and this provides access to Google's cloud services for business, such as docs, email, calendar etc. There are also security products available and discounts on accounting software. In addition discounted hardware can also be redeemed, including laptops, desktops and networking equipment. A full list of donors and products can be found here https://www.connectingup.org/discounts. Connecting UP also offer a premium membership model which costs $150 per annum. In addition to accessing the partner program (which is available under free membership), you will also be able to access events, mentoring and promotional facilities provided by Connecting Up (https://www.connectingup.org/membership/benefits).

Joining Connecting Up is as simple as registering your details and providing information about the NFP. Within three working days, your details should be validated and if successful, you can then start ordering from their site. Being listed on the Australian Charities and Not-for-profits Commission Register or income tax exempt on the Australian Business Register will help with qualification for the program. In addition, donor companies may require other criteria to be met for their products. Details can be found at https://www.connectingup.org/help/will-my-organisation-qualify-connecting-ups-donation-and-discount-program.

Once you have qualified and your account is setup for purchasing, you can place a donation request through the Connect Up site. Not all products are free. Some are discounted from retail pricing. In addition, there may be an administration fee charge by Connecting Up when making donation requests. Some partners restrict the number of requests that can be made. The details are available at https://www.connectingup.org/help/how-often-and-how-much-can-i-order-from-each-of-your-partners


So if you are involved in a NFP group that may benefit from reduced tech purchases, I would recommend taking advantage of the discounts offered by Connecting Up. For more information go to their website https://www.connectingup.org.

Monday, 6 March 2017

Square Up POS app

I have previously written about mobile payment options for merchants provided by the major banks and PayPal. In this edition I am going to discuss another point of sale solution which provides a lot of functionality for a shopfront.

Square Up is an online provider for payments and point of sale. They started with an Apple only app but have now expanded that to Android devices. The square app can accept payments through these devices using a card reader which you can purchase from them ($59 for the contactless card reader or $19 for the chip reader). Credit card payments processed through Square attract a flat rate 1.9% fee. The benefit of square though is not just in the card processing. In fact, you don't even need to use the payment gateway to access the extensive features of the point of sale app.

The app provides extensive ability for creating shop items and can track insights on purchases and repeat customers (if the details are added). Customer feedback is incorporated into the receipts provided via sms or email. If you already have a payment gateway then you can record the transaction as a paid item and this is tracked against your sales.
Logging into the Square Up web portal provides details on sales history and sales items. This is a very useful resource for small businesses as it provide insight into the top sales items and sales times as well as a number of other metrics. It is also possible to expand the solution to multiple locations (if you have a number of shopfronts).

Square Up also provide an employee management function for $3 per month per employee. Employees can log their time into the app and it also allows restriction of access to certain functions per employee. This may be useful for more complex businesses that have multiple employees.

So for a free app it provides a lot of functionality and can either be used as your payment gateway provider or with an existing provider if you have one. For more information go to the Square Up site at squareup.com.