Periodically checking things like oil levels and tire pressure is not enough.  Because the Mini is really a little computer on wheels, it needs consistent preventive care to keep it happy and healthy.

Unless the car tells us that something is wrong, we wouldn’t think to check for any vital signs on a regular basis.  And that’s a mistake.  Cars – like people - need proper care and feeding.
Your office network is the same. Sometimes it’s difficult to know when problems are brewing.  Usually, we don’t realize we have problems until something doesn’t work, like you can’t log onto the network, can’t print, or can’t get your emails.

How would you know your network is in trouble?

There are a few signs that indicate potential problems.  And if you catch those issues sooner rather than later, you can prevent expensive downtime and repair costs:

Persistent viruses

Do you get those annoying pop-ups?  Are your computers slow?  Are they locking up or freezing?  Are you getting warning messages?  These are good indicators of deeper problems and your network not being properly maintained.

Granted, no network is completely immune from viruses and spyware. However, if the problems are regular and persistent, something is amiss and it needs to get fixed asap.

Multiple and ongoing complaints

If several employees complain of computer issues and their productivity is legitimately affected by those issues, then you need to pay closer attention. Multiple complaints are a good indicator your network is in trouble.
Imagine you are sailing a ship and your crew members are reporting leaks from different spots on the ship. It’s probably time to dock and do some maintenance and repairs.

Sluggishness

If it takes forever to log into Windows, to open a program or to copy a file -
it’s a symptom of network trouble.

Remember, the original purpose of computing is to boost productivity, save money, and increase earnings. If you have to wait for several minutes to open a document, you are wasting your time and money.  The more employees you have who are affected by slow speeds, the more money your business is wasting.

Expired Updates

Do any of your computers have a little yellow shield with an exclamation point on it?  Typically you will find it in the lower right hand corner of your computer screen.
That shield is a warning message from Microsoft.  It means you’re missing important software updates.  It’s critical to update your software regularly to make sure you have adequate protection against viruses.

Likewise, if you’re logged into Windows and you are prompted to update Adobe, Java, or another application, it’s a clear sign the network is not being properly maintained.

No one knows

Does your office suffer from “no-one-know-itis”?  For example, no one knows where the important documentation is located, no one knows whether the backup works, and no one knows when the passwords were last changed?

If you were in a hospital and discovered your patient history is missing, no one remembers your name or that you are allergic to a certain antibiotic, you get out of that hospital as soon as possible.

As for your network’s health, it’s critical your important information, such as passwords and network map, is securely stored.  You also want to be sure there is a designated person responsible for managing that information.

You should be able to ask that person whether the backup was actually tested, when it was last tested, and whether there’s a recent backup offsite.

The bottom line is this:  If you feel something may be wrong with your network, or if your computers get in the way of your work, then your network probably has problems.

A healthy, happy network is critical to business.  Any downtime means high costs and missed opportunity.  Be sure to take care of the problems before they become expensive disasters.

Get FREE Network Assessment

James Kerr is Chief Geek of SuperGeeks.  You can also follow him on Twitter: Supergeeks.

To mitigate the cost of ownership, there are some free goodies out there you may want to consider installing while your computer is still fresh out-of-the-box.  And though ‘free’ in the computing world doesn’t necessarily equate to ‘good’, all of the software listed below has been thoroughly geek-tested and is wholly SuperGeeks-approved:

Enjoy your new computer.  Take good care of it.  Let me know if I can help with anything.

James Kerr is Chief Geek at SuperGeeks.  You can reach him at (808) 531-GEEK and on Twitter: SuperGeeks

1. Pre-K

The littlest keiki will require your help going online.  The key is not to let her play online too long, limit the time to 30 minutes.  It should be a collaborative experience, similar to reading a book together.  A small child will have manual dexterity issues but will enjoy computing very much.  With the right approach, it can be a valuable, educational and interactive experience.

2. Elementary to middle school

This age group is more autonomous but still very innocent.  They can stumble across inappropriate information online.  You should closely supervise all online activities and explain what is acceptable online and what is not.

You can take advantage of many parental control tools supplied by ISP providers, routers, Windows Vista, Mac OS, or stand-alone software.  See, for example, Vista parental controls options: http://www.microsoft.com/windows/windows-vista/features/parental-contr ols.aspx.  Some common antivirus software like Norton, Trend Micro, or McAfee may include parental control features or offer them as optional downloadable extension.

3. Teens

Protecting your teen involves a whole new host of issues, iluding ncbullying, sexual predators, divulging personal information, etc.

As a starting point, it is imperative that your computer stays in a public space where you can monitor any online activities.  Leaving your child in a room behind the closed door with computer and internet is like leaving him within the arms length of a sexual predator.  Naturally, teenagers are at a highest risk because of their tech savviness, pressures of adolescence, and superhero belief that nothing bad will happen to them.  Add their reluctance to listen to the parents and you have a recipie for disaster.

Another problem is teens’ frequent use of the file sharing sites, such as Kazaa, Lime Wire, Bit Torrent, etc.  These sites are swarming with spyware and viruses that can expose all of your computer files to the rest of world.  You should encourage use of legitimate sites, for example, iTunes.  Having a full security suite and frequent updates is also a must. Finally, you should probably reformat your operating system at least once a year to purge all the accumulated spyware and viruses.

It’s also a good practice to have your teen sign a computer usage contract – agreeing to acceptable behavior.  You should educate yourself and your child about the online dangers and teach them not to be too trusting.  Everything in the online world is not what it seems to be.  People you meet online – are frequently not people say they are – a woman can turn out to be a man, a young boy can actually be a grown man.  The best protection is behavioral.

As parents, it is important to take interest in what children are doing, develop rapport, and keep an eye on dangers.  Spend time to learn about online issues – the same way as you learned about how to buy a home, fill out a college application, or garden.  With your child’s safety at stake, you can’t waive your arms and say ” I don’t know anything about computers.”

The bottom line is, I don’t encourage spying on every keystroke of your child.  The best fence is no fence at all. You can use a great monitoring software but the best protection is – an open communicative relationship and laying down the laws – such as : you can’t meet with strangers you met online.

James Kerr is Chief Geek at SuperGeeks. You can also follow him on Twitter: supergeeks

First of all, the email correspondence was well written, no typos, bad grammar, etc. It came from an Asian company with a link to their website in the email. The company really existed. They wanted us to collect debt from a Hawaii company that really exists and the connection between the two companies made sense (one manufactures an item that the local company installs) The BIG hook was that they used the NAME OF AN ATTORNEY FORMERLY ASSOCIATED WITH OUR FIRM AS A REFERRAL!! Unfortunately, this attorney received a cold call and was asked for the name of a Hawaii law firm that could help them and he did indeed give them our name.

The scammers hook the attorney into an attorney/client relationship (thus barring you from reporting them), then request funds to be sent immediately upon receipt of funds from the local company. (you get a check from the local company for “amounts due”, you deposit it, then wire the funds out before making sure the local check has cleared) Attorneys on the mainland have had hundreds of thousands stolen from their IOLTA accounts.
Things that should set off alarm bells:

1. The urgency of acting quickly. You must do due diligence.
2. Client wanting funds before checks deposited have cleared your IOLTA account;
3. When a logical referral name is used, check with the referral source about the legitimacy of the referral.
4. They make excuses that they cannot find a convenient time to talk on the phone, they strictly stick to email correspondence.
5. The email is different from the company email.

Make sure your attorneys do not make referrals to cold callers, let the HSBA referral line do that.

We have had a staff meeting regarding this latest development so everyone in the firm is aware. I have attached some info to supplement any staff meeting you wish to have.

lawyers targeted.pdf

In both cases, the emails contained payloads which – if you clicked on the links – quietly installed viruses on your computer.

The latest scam uses the same kind of social engineering tactics.  Instead of an email, the cybercriminals will send you a fairly official looking pop-up which says,

“WARNING! Viruses detected on your computer.  Click OK to remove.”

If you click OK, you risk getting infected, let alone being conned into buy software which doesn’t work.

If you see one of those messages and you’re not sure if it’s legitimate, you should NOT click on anything on that pop-up, including the ‘X’ in the top, right-hand corner.

Everything from the ‘Yes’ to the ‘No’ to the ‘X’ in the top right corner may contain  a payload of malicious software.  Your computer risks infection just by clicking on anything in that warning message.

Instead, do this:  Alt + F4.

In other words, to close the window, hold down the Alt key and hit F4.

So how bad is rogue security software?  Fake antispyware and antivirus programs have been around for a few years now, but we’ve noticed more computers coming in with this problem.  We are now so conditioned to keep our computers clean, we respond almost automatically to any urgent requests to remove viruses.  The bad guys know this, hence the ‘scareware.’

For a growing list of fake programs masquerading as the real thing, go here: http://en.wikipedia.org/wiki/Rogue_software

Be careful of wolves in sheep’s clothing.

“I received a telephone call last evening from an individual identifying himself as an AT&T Service technician who was conducting a test on telephone lines. He stated that to complete the test I should touch nine(9), zero(0), the pound sign (#), and then hang up.

Luckily, I was suspicious and refused.

Upon contacting the telephone company, I was informed that by pushing 90#, you give the requesting individual full access to your telephone line, which enables them to place long distance calls billed to your home phone number.

I was further informed that this scam has been originating from many local jails/prisons I have also verified this information with UCB Telecom,Pacific Bell, MCI, Bell Atlantic and GTE. Please beware.

DO NOT press 90# for ANYONE.

The GTE Security Department requested that I share this information with EVERYONE I KNOW.

After checking with Verizon they said it was true, so do not dial (9),zero(0), the pound sign # and hang up for anyone.

PLEASE HIT THAT FORWARD BUTTON AND PASS THIS ON TO EVERYONE YOU KNOW.”

Is it true? By pushing 90# on my landline, am I really relinquishing access to my phone?

The Solution:
Hacking, cracking, freaking, phishing, spoofing…. There’s so much to worry about these days when using the internet it’s surprising we hop online at all!

Fortunately, it doesn’t take much to be relatively safe. Of course, you’ll need to safeguard your computer with the usual prescription: firewall, antivirus solution, antispyware solution, updates, etc. When it comes to questionable e-mails like the one above, you will also need a good dose of skepticism.

The internet is full of lies. Just take a look at some of the stuff making it into your inbox. A lot simply aren’t true.

When you see something that seems a little over the top, take a moment and check its validity before forwarding it to your friends and family. A good place to start is TruthOrFiction.com, where you can check out everything from urban legends to pleas for help. To see what they have to say about the above email, go to their website and search on ‘90#’. (You didn’t think I will divulge the answer here, did you?!)

Other useful sites for questionable e-mails are:

HoaxBusters
Snopes
Break the Chain

All of them make for great reading. Enjoy!

Worms use parts of an operating system that are automatic and usually invisible to the user.

It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.

Trojan horses are malicious programs disguised as something benign. They’ve been known to pose as games, utilities, and email attachments. Once opened, Trojan horses act much differently than you expect. Some merely annoy, sending emails to everyone in your address book. Others do serious damage, to the point of stealing passwords and data files. Unlike viruses, Trojan horses are not self-replicating.

Active Trojan horses are an advanced type of Trojan horse. They use unprotected ports to open lines of communication with your computer, and they can ultimately give hackers control over your machine. Active Trojan horses are also called Remote Access Trojans.

Frequency of attacks. Nearly nine out of 10 organizations experienced computer security incidents in a year’s time; 20% of them indicated they had experienced 20 or more attacks.

Types of attacks. Viruses (83.7%) and spyware (79.5%) headed the list. More than one in five organizations said they experienced port scans and network or data sabotage.

Financial impact. Over 64% of the respondents incurred a loss. Viruses and worms cost the most, accounting for $12 million of the $32 million in total losses.

Sources of the attacks. They came from 36 different countries. The U.S. (26.1%) and China (23.9%) were the source of over half of the intrusion attempts, though masking technologies make it difficult to get an accurate reading.

Defenses. Most said they installed new security updates and software following incidents, but advanced security techniques such as biometrics (4%) and smart cards (7%) were used infrequently. In addition, 44% reported intrusions from within their own organizations, suggesting the need for strong internal controls.

Reporting. Just 9% said they reported incidents to law enforcement, believing the infractions were not illegal or that there was little law enforcement could or would do. Of those reporting, however, 91% were satisfied with law enforcement’s response. And 81% said they’d report future incidents to the FBI or other law enforcement agencies.

Conclusion: Computer crime is serious and every company must give it high priority.

So if I were the bad guy wanting to pillage, your company’s proprietary information, here’s how I might do it:

Tap your wireless network. Despite all the warnings, many companies so not protect their wireless networks. The router’s login and password are the same factory defaults and no one bothered to use the built-in encryption. Danger: I can access your files.

Send email containing a payload. If I can just get someone to click on the attachment, then I’m in. I can remotely record all keystrokes from the infected machine, including logins and passwords and email communications.

Send an email which looks official. In this case, I impersonate your bank, for example, with an official looking email which includes some call to action, like “Please take care of this now or the account will be closed.” I may ask for logins and passwords or just entice the user to click on a link. Most organizations don’t teach their employees about such tricks. They are easy victims.

Call and pretend to be “Barry upstairs in tech support”. This tactic is called social engineering. You may have never heard of “Barry”. Neither have your employees. They just want their computer to work well. Barry to the rescue. Again, the employee doesn’t know any better. There goes a network login and everything else on that network.

Hire the janitor. Most computer crime comes from within the company. Known as the ‘triangle of opportunity’, an employee – for whatever reason – feels he’s been victimized, they are owed something in return, and there’s a good chance he can get away with it. If I can gain physical access to a computer, I can quickly and easily install hardware that will record everything done on that computer and email me hourly reports. Game over.

For more info, please checkout www.infragard.net. Feel free to email (help@supergeeks.net) or call me (808.942.0773) if I can help with anything. And no attachments, please!

DO NOT
• Use a network login ID in any form (reversed, capitalized, or doubled as a password).
• Use your first, middle or last name or anyone else’s in any form. Do not use your initials or any nicknames you may have or anyone else’s.
• Use a word contained in English or foreign dictionaries, spelling lists, or other word lists and abbreviations.
• Use other information easily obtained about you. This includes pet names, license plate numbers, telephone numbers, identification numbers, the brand of your automobile, the name of the street you live on, and so on. Such passwords are very easily guessed by someone who knows the user.
• Use a password of all numbers, or a password composed of alphabet characters. Mix numbers and letters.
• Use dates e.g., September, SEPT1999 or any combination thereof.
• Use keyboard sequences, e.g., qwerty.
• Use a sample password, no matter how good, that you’ve gotten from a book that discusses information and computer security.
• Use any of the above things spelled backwards, or in caps, or otherwise disguised.
• Write a password on sticky notes, desk blotters, calendars, or store it online where it can be accessed by others.
• Use shared accounts. Accountability for group access is extremely difficult.
• Reveal a password to anyone.

SUGGESTIONS
Common suggestions for constructing seemingly random passwords are:
• Use the first letter of each word from a line in a book, song, or poem. For example: “Who ya gonna call? Ghost Busters!” would produce “Wygc?GB!”
• Use the output from a random password generator. Select a random string that can be pronounced and is easy to remember. For example, the random string “adazac123″ can be pronounced a-da-zac, and you can remember it by thinking of it as “A-to-Z,1 through 3.” Add uppercase letters to create your own emphasis, e.g., aDAzac.2
• Use two short words connected by punctuation, e.g., T1me#0ff
• Use numbers and letters to create an imaginary vanity license plate password, e.g., 1H8work!

A common theme of these suggestions is that the password should be easy to remember. Avoid passwords that must be written down to be remembered. If unrecallable, someone in your office may find the password you have written down, and compromise your network identity.
These guidelines and suggestions should enable you to choose strong passwords that will help you improve the security of your system.

Additional Notes:
The CERT/CC (Computer Emergency Response Team / Coordination Center), a federally funded organization based at Carnegie Mellon University, estimates that 80% of all network security problems are caused by bad passwords; therefore, good passwords are the simplest, and most important part of information security.