Remote work in the age of COVID-19

Article (PSA-0013)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Remote work in the age of COVID-19
Original release date: May 13, 2020

Remote Work In The Age of COVID-19

What a strange time in world history. Who could have predicted the Wuhan Coronavirus (COVID-19) would close down the US economy? Because of this unforeseen event, many businesses have been taking precautions to reduce exposure and transmission among employees. Global business giants like Amazon and Twitter, as well as local businesses, are implementing precautions which include work travel bans, cancelling in-person meetings and conferences, and encouraging employees to work from home or “self-quarantine” until a vaccine or cure has been found.

With millions of people working from home for many weeks now, there has been a real need for remote desktop services, and video conferencing services to help keep businesses functioning, and to keep families and friends, who are separated by distance, connected.

There are quite a few companies and products that facilitate remote working. Zoom, Google Meet, and Microsoft Teams provide quality video-conferencing services, and TeamViewer and LogMeIn provide remote desktop services.

Working from home can be a real challenge, but with the right set of tools, a healthy dose of patience, and a solid internet connection, you can still connect with your colleagues and access your remote computers to accomplish the work you need to get done.

While working from home, keep these three ideas in mind:

  • Set time boundaries between work and personal time. Working from home can seriously blur the lines between work hours and personal hours. This constant connectivity, if not controlled, can lead to increases in your stress and anxiety levels. It can also make you a very distracted individual –
  • Get some exercise. Going for a walk around the block a couple of times a day can make a world of difference to your stress and anxiety levels. Remember to leave the phone at home –
  • Connect with another person. Take time to sit down and talk with someone in your home, without distractions, and you will feel better for it. If you live alone at home, this can be a little more difficult, considering the stay at home order, but you need contact, so on that walk you’ll be taking, if you see someone else, don’t be afraid to say, “Hi”.

I hope you and your families are well during this time. If you would like more information or have questions about how you can use remote services give us a call.

IC3 Annual Report – 2019 Internet Crime Report

Dear Reader,

The FBI is the lead federal agency for investigating malicious cyber activity by criminals, nation-state adversaries, and terrorists. To fulfill this mission, the FBI often develops resources to enhance operations and collaboration. One such resource is the FBI’s Internet Crime Complaint Center (IC3) which provides the public with a trustworthy and convenient mechanism for reporting information concerning suspected Internet-facilitated criminal activity. At the end of every year, the IC3 collates information collected into an annual report.

This year’s Internet Crime Report highlights the IC3’s efforts to monitor trending scams such as Business Email Compromise (BEC), Ransomware, Elder Fraud, and Tech Support Fraud. As the report indicates, in 2019, IC3 received a total of 467,361 complaints with reported losses exceeding $3.5 billion. The most prevalent crime types reported were Phishing/Vishing/Smishing/Pharming, Non-Payment/Non-Delivery, Extortion, and Personal Data Breach. The top three crime types with the highest reported losses were BEC, Confidence/Romance Fraud, and Spoofing. More details on each of these scams can be found in this report.

Of note, the IC3’s Recovery Asset Team (RAT), which assists in recovering funds for victims of BEC schemes, celebrated its first full year of operation. During its inaugural year, the team assisted in the recovery of over $300 million lost through on-line scams, boasting a 79% return rate of reported losses. We’re also pleased to announce the creation of a Recovery and Investigative Development (RaID) Team which will assist financial and law enforcement investigators in dismantling money mule organizations.

Information reported to the IC3 helps the FBI gain a better understanding of cyber adversaries and the motives behind their activities. Therefore, we encourage everyone to use IC3 and reach out to their local field office to report malicious activity. Cyber is the ultimate team sport. Working together we hope to create a safer, more secure cyber landscape ensuring confidence as we traverse through a digitally-connected world. We hope this report provides you with information of value as we work together to protect our nation against cyber threats.

Matt Gorham
Assistant Director
Cyber Division
Federal Bureau of Investigation

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2019_IC3Report.pdf

Windows 7 End of Life – What You Need to Know

Article (PSA-0012)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Windows 7 End of Life – What You Need to Know
Original release date: October 30, 2019

Windows 7 End of Life – What You Need to Know

Microsoft will end support for the Windows 7 operating system on January 14, 2020. This includes all editions of the Windows 7 operating system: Starter, Home Basic, Home Premium, Professional, Enterprise and Ultimate. If you have not upgraded by January 14, 2020, you will be using an unsupported operating system.

You may wonder what Microsoft means by “ending support”. This means they will no longer provide support for laptops and desktops with Windows 7 installed. If you run into a bug in the operating system, Microsoft will not fix it – so don’t bother calling them.

An issue often overlooked when discussing the end of support for Windows 7, is the third-party application issue. Many software providers will not support their software if it is installed and running on an unsupported operating system. Additionally, some software you purchase may not install on Windows 7 at all. This will become more prevalent as time passes.

Additionally, Microsoft will stop patching Windows 7 with security updates. The patches provided by Microsoft for Windows 7 help keep the operating system secure, and as time passes the un-patched operating system will become more and more insecure and prone to compromise by hackers.

One bright spot on the horizon, if you choose to upgrade to Windows 10 from a properly licensed and activated copy of Windows 7, is that you may not need to pay for Windows 10. As of this writing, I am able to upgrade Windows 7 computers to Windows 10 and activate them with a valid and legal digital license at no cost other than the $100 flat rate I charge to perform the upgrade. That is a savings of approximately $140 – $200 per computer, depending on the edition you get.

If you need help upgrading your desktop, laptop or a whole organization give us a call.

IC3 Annual Report – 2018 Internet Crime Report

Dear Reader,

The FBI is the lead federal agency for investigating cyber-attacks by criminals, overseas adversaries, and terrorists, and the FBI’s IC3 provides the public with a trustworthy and convenient reporting mechanism to submit information concerning suspected Internet facilitated criminal activity.

The 2018 Internet Crime Report emphasizes the IC3’s efforts in monitoring trending scams such as Business Email Compromise (BEC), Extortion, Tech Support Fraud, and Payroll Diversion. In 2018, IC3 received a total of 351,937 complaints with losses exceeding $2.7 Billion.

This past year, the most prevalent crime types reported by victims were Non-Payment/NonDelivery, Extortion, and Personal Data Breach. The top three crime types with the highest reported loss were BEC, Confidence/Romance fraud, and Non-Payment/Non-Delivery.

In February 2018, the IC3 established the Recovery Asset Team (RAT) to assist in the recovery of funds for victims involved in BEC schemes by streamlining communications to financial Institutions. The RAT works within the Domestic Financial Fraud Kill Chain (DFFKC) to recover fraudulent funds wired by victims. The DFFKC is a partnership between law enforcement and financial entities. In 2018, the IC3 RAT notified 56 field offices and 12 Legal Attachés of 1,061 DFFKC’s totaling $257,096,992, a recovery rate of 75%.

Another new asset of the IC3 was the creation of the Victim Specialists-Internet Crimes (VSIC) position. The VSIC contact victims of internet crimes, provide crisis intervention, conduct needs assessments, and refer victims to resources and referrals when appropriate. This new position is designed to ensure timely support and services are provided to victims to prevent further victimization and to engage the recovery process as quickly as possible. These positions also lead to a greater coordination of services with the victim’s local field office Victim Specialist.

We hope this report provides additional information of value as we work together to protect our nation against cyber threats.

Matt Gorham
Assistant Director
Cyber Division
Federal Bureau of Investigation

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2018_IC3Report.pdf

Security Update – 2019

Article (PSA-0011)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Security Update
Original release date: February 16, 2019

Security Update

“From the sudden spread of WannCry and Petya/NotPetya ransomware, to the swift growth in coinminers, 2017 provided us with another reminder that digital security threats can come from new and unexpected sources. With each passing year, not only has the sheer volume of threats increased, but the threat landscape has become more diverse, with attackers working harder to discover new avenues of attack and cover their tracks while doing so.” – Excerpt from Symantec 2018 Internet Security Threat Report (ISTR), volume 23, clarifications by Billy Long.

The Internet can be a dangerous and costly place. Network and computer security threats are a very real concern for businesses and home users alike. Symantec, the world’s leading cyber security company, reported an astounding 8,500% (yes, that’s correct eight thousand five hundred) increase in detections of coinminers on endpoint computers, a 92% increase in new downloader variants and an 80% increase in new malware on Macs.

Data and identity theft are a profitable sector, but that is not the only thing at risk in today’s Internet connected world. Your network connected device has processing power and that processing power has become a commodity to many “bad actors” who are diligently punching in to work each day.

These “attack teams” or “attack groups” are constantly developing methods for infecting devices and computers with malware for their own nefarious purposes. Malware can spread through, what appear to be, legitimate files, links or websites. What’s even worse is “attack toolkits,” can be downloaded for free or purchased from the Internet making cybercrime accessible and inexpensive to commit and allowing these crimes to be perpetrated by relatively unsophisticated attackers.

It’s important for all Internet users to have a basic understanding of these threats and to learn how to protect themselves. This article is the first in a series of articles which will provide an overview of malware threats, suggestions for infection prevention and steps to take if you suspect your computer is infected.

What Is Malware?

The word “malware” is a portmanteau, blended from the words “malicious” and “software.” It is most often used as a catchall term for computer related threats such as viruses, spyware, adware, and other software installed without a user’s consent or knowledge.

Malware can get into your system in a variety of ways. Here is short, non-exhaustive list:

  • Infected email attachments
  • Infected removable storage devices such as portable “thumb-drives”
  • Downloaded software
  • Links in email, social media websites, or instant messages

For more information on methods of attack and attack terminology, check out the “Threat Glossary” being compiled at the PSA Computer Services support website: https://psa-2.com/threat-glossary/

Do You Need to Worry About Malware?

So, you may be thinking this all sounds scary, but does it really affect me at home or at my small business? Yes! It is not just large companies or government organizations that need to protect themselves. Anybody can be a victim of cyber-crime if not properly protected.

If you are a business, your customers trust you with their information. If you’re a home-based user, you may have family pictures, important documents or business data stored on your computer. If you’re not taking appropriate steps to secure your network and data, your computer and information are not safe. Preliminary statistics indicate 1 in 3 people were hacked in 2018. Information security breaches can have major financial and legal consequences.

In the next article we will look at what network and computer protection is available to you and how to exercise common sense Internet usage to help reduce the probability of you or your business being compromised.

Directory Structure and File Name Conventions

Article (PSA-0010)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Directory Structure and File Name Conventions
Original release date: October 19, 2018

Directory Structure and File Name Conventions

When storing data we, as responsible digital citizens, need to ensure our directory structures and file names are human readable and well organized. This ensures the digital information stored within your company (or home) can be retrieved efficiently and accurately. We start this discussion by looking at a few directory structure conventions and a usage example.

As with most things in life, consistency is critical. Organize directories in a way that makes sense within the context of your home or company, and then stick to it. It should make sense to anyone who happens to be working within the directory structure. For example, I work from a home based office, so my computer contains not only personal data (pictures, documents, ect), but also business data. The root of my storage directory structure clearly describes that distinction by providing two directories: ‘Personal’ and ‘Business’. Within the ‘Personal’ directory I have organized my personal digital life, and within the ‘Business’ directory I have organized my business digital life.

Once the initial directories were in place, I began to make more distinctions about the type of data the directory contained by using descriptive names and nesting related directories, where appropriate, in a hierarchical fashion.

Here is a simple example; let’s say you have hundreds (or more) pictures collected over many years. To efficiently organize these pictures, we first, create a ‘Pictures’ directory (one probably already exists on your computer). Then organize the pictures further by creating a year directory within the ‘Pictures’ directory, eg. 2018, 2019, ect. Then within each year directory you could include month directories, eg. JAN, FEB, ect. This directory structure can be as simple or complex as necessary. Personally, I adhere to the ‘keep it simple and consistent’ policy. Next, let’s take a look at ‘File Naming Conventions’.

A file name should be distinguishable among other files. Groups of files should be easily sorted for efficient reviewing and searching. File names should also be unique. Over time files can be moved and without the existing folder structure, important descriptive information about the contents of the file could be lost. Carefully consider whether your filename would be meaningful outside of your directory structure.

Here are guidelines I use consistently for file names within my company as well as at home:

  1. If the date the file was created is important, include it in the filename. If you are going to use the date, be sure to pick a date format and stick to it consistently. I like to use the MMDDYY format (two digit month, two digit day, two digit year.)
  2. If the file is related to a project, consider using an abbreviation of the project name as part of the file name.
  3. If the file is part of a multi-organizational effort, consider using your organizations initials in the name. Be sure your initials are unique among the other involved organizations.
  4. If there will be multiple versions of the file, consider using a ‘zero padded’ numbering system as part of the name. You will need to make an educated guess as to how many versions there may be, and pad the version number appropriately. At a minimum, I pad file versions with two zeros, eg. 001, 002, ect.

Finally, here is a list of the “Do’s and Don’ts” of file naming.

  1. Don’t use spaces and punctuation, except for the hyphen and underscore.
  2. Do use underscore or “camelCase” between file name elements, eg. my_data_file.txt or myDataFile.txt . Neither approach is better – but whichever one you pick, stick to it!
  3. Don’t use spaces, tabs, semicolons or periods in your filename.
  4. Do try to keep the file name to a maximum of 25 characters in length if possible.

A well thought out directory structure coupled with an equally well thought out file naming convention makes searching and sorting information a very straightforward task. If you work at a company, be sure to check and see if they have employee guidelines to directory and file naming conventions … they really should! One day we will retire, will the guy or gal replacing us be able to find anything efficiently? It’s really up to us.