Triona's Tech Tips

I’d like to say thanks to Jane Friedman, former publisher and editorial director of Writer’s Digest, for publishing my guest post on her WD blog, There Are No Rules. The post is called Ten Steps To Secure Your WordPress Blog From Hackers. It’s geared toward those running their own installations of WordPress, but also applies to those hosting their blogs with WordPress, Blogger, or other services.

Also, don’t miss my Blogs For Business seminar this Friday, April 1, 2011, from 8:30am-10am, part of the Crystal Lake Chamber Business Builder Breakfast series. To register, please contact the Crystal Lake Chamber at 815-459-1300. Here are more upcoming seminars in April and May. For registration details, see my web site.

Social Networking For Business
Business Networking Group
Friday, April 22, 2011, 7:30am-8:30am
Routes 176 and 45, Mundelein IL

Leveraging LinkedIn
Cary Grove Chamber Of Commerce
Thursday, May 26, 2011, 12pm-1pm
Fox River Grove Village Hall, 305 Illinois St., Fox River Grove IL

Hope to see you there!

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

I’ve gotten an increasing number of reports from people who either received messages similar to the following, or discovered that such messages had been sent from their email accounts:

Subject: Hello

Dear friend,

i would like to introduce a good company who trades mainly in electronic products, They provide the best service to customers,they provide you with original products of good quality,and what is more,the price is a surprising happiness to you!

The web address: (removed for safety)

If you check online you’ll find reports of this coming from users of Hotmail, Gmail and other email services. There are variations in the scam. Some may cite a different web site, or may have a different subject or message in the email.

If you receive a message like this, the important thing is NOT to click on any links because it will infect your computer with viruses. The same goes for messages you may receive via instant messaging (IM), Facebook, Twitter, or other means. Inform the person who sent it to you by another means (like the good old fashioned telephone) to let them know they have been hijacked.

How can you tell if a message is real or not? If it seems generic, contains no subject or a bland subject like “hi” or “hello,” doesn’t mention you by name, contains spelling, grammar or punctuation errors, or has been sent en masse to a large number of people, those are indications it may be a scam. Ask yourself: Is this the sort of message I would expect this person to send?

If your account has been hijacked, it’s vital to change your password immediately. Here’s some information on how to create strong passwords:

• Triona’s Tech Tips: How To Create Secure Passwords

And here is some more information on what to do if your email account is hijacked:

• Triona’s Tech Tips: What To Do If Your Email Account Is Hijacked

Be sure to scan your computer with your security software. If you’re using free software you should consider purchasing a security software suite. You should also check your email signature and any autoresponders you may have set, as they may have been modified to send malicious links to your contacts. Inform your contacts that your account was hacked and that they should not respond to any scam messages they have received. And you should report the incident to your provider.

These hacks are becoming more and more prevalent. It is absolutely vital that you protect yourself by using strong passwords that are unique for every account, and that you stay vigilant about your computer’s security.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

While social media can be beneficial for businesses, some companies have chosen to ban their employees from using it at work. But company computers aren’t the only way to access social media. If you ban your employees from using Facebook, aren’t they just going to whip out their smart phones? Is there a way to balance employee social media use with the needs of your business?

Years ago people asked this same question about computer games, specifically Windows Solitaire. Some businesses found that access to the game actually helped employee performance by allowing them to blow off steam or entertain themselves while on break. Others made it standard policy to remove all games from corporate computers.

In the case of social media, there are other dangers besides lost productivity. Sites like Facebook and Twitter are some of the hottest entryways for viruses and malware. And, as a business, you want to make sure that those who speak for you online are presenting a consistent marketing message and refraining from inappropriate comments.

However, you may be stifling your business if you don’t permit your employees to interact with customers and business contacts via social media. A presence on LinkedIn, Facebook and/or Twitter is becoming as necessary for businesses as a Web site or an email address.

There really is no one right answer. Whether you permit social media sites at work depends on whether the business use outweighs the risks, and whether you consider reasonable personal usage a benefit you want to extend. If you do choose to allow it, make sure you educate your employees on how to use it in a safe, secure, and effective fashion.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Businesses and consumers alike find convenience in sharing passwords but doing so is highly risky, as demonstrated by a recent incident concerning wireless carrier Vodafone. Vodafone’s customer database was compromised using login information that was shared among employees. Shared passwords may seem convenient, but if you establish the proper procedures you can do without them while still enabling your people to get the job done.

When employees need network access, the proper thing to do is assign usernames and passwords specific to those employees, then grant or revoke permission to network resources depending on what the employees require for their jobs. Yet I routinely see companies setting up shared passwords. Because these passwords are typically not changed when people leave the company, it widens the potential for unauthorized access. Also, it muddies the audit trail. You should always be able to tell specifically who logged into what and when. It’s vital to establish a process for creating and deleting accounts as employees come and go, as well as mechanisms for altering access to network resources as appropriate. This is especially true if someone has administrative access to networks and servers. If you have an account that is not assigned to a particular person, say for shipping or vendors, you should limit who has access to that account and make sure the password is changed when employee duties are reassigned. Is that inconvenient? Perhaps, but ask Vodafone how inconvenient it was to have a journalist call them up and tell them she had access to their customer database, and imagine the damage if such access was gained by a competitor.

Shared passwords are equally risky for consumers. While it’s a good idea to make sure a trusted individual such as your spouse can access your accounts in an emergency, it is never a good idea to blithely give Aunt Gertrude access to your Facebook account so she can see your kids’ pics. Better for her to get her own account and friend you. It’s not that your family and friends intend to do harm, but a password once shared is a genie out of a bottle, and getting used to sharing passwords trends toward complacency in your computer security mindset. You should take your home computer security as seriously as any company does, if not more so. A company can lose face and revenue, but you can lose your own personal identity.

Don’t forget the rules of strong passwords, and remember they need to be unique on every system and changed on a regular basis. Again, inconvenient? Not when you compare it to the damage control you’d have to do if your company suffers a data breach, or if your individual identity is stolen.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

What do you do if your business needs a new web site, or you need help changing the old one? How do you find a web designer who understands your needs?

A top-quality web designer will discuss your goals with you, and develop a site that is professional, clean, and easy to navigate. Ask for references and examples of previous work. Once you have chosen your designer, don’t hesitate to ask questions. You may have your heart set on a particular design, but keep your options open. Your web designer may have suggestions that will increase your site’s appeal and marketability. He or she may also have advice about content that will increase your traffic and search engine rankings.

If you’re interested in changing an existing site, ask your designer what information he or she needs. Text changes are relatively simple, while changes to graphics can be more complex. If your site looks outdated, it may be better to create a new one than modify the existing one. Your web designer can help you evaluate.

Be wary of web “designers” who have no references or experience, or who try to upsell you on services like search engine optimization. While SEO is important, unscrupulous people may try to talk you into expensive and unnecessary options. Know what you’re getting and how much it will cost. When in doubt, ask for clarification. A good web designer will keep you informed of your costs and let you know if the price is going beyond the original estimate.

Some Web designers can help you integrate your blog with your web site, or teach you how to use LinkedIn, Facebook and Twitter for marketing. You can also ask about followup services such as making site changes or learning how to change the site yourself.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

There’s a new version of the popular AVG Internet security software available. Many people use the free version of this software to protect their Windows computers.

For a long time the free version was enough. Then I began to notice a trend. People running AVG were becoming infected with threats not detected by the free version. So I began recommending the paid version of the suite, known as AVG Internet Security. However, after testing AVG 2011, I have some qualms about this new version.

First, AVG 2011 is a memory hog. If you have an older computer it may slow you down, although this could be said of any security program. Reports of bugs in AVG 2011′s LinkScanner also give me pause. This will slow down your computer as well as your network. Not everyone has experienced this, however; PC Magazine reports that their tests showed AVG had a small effect on system performance.

On the plus side, it’s easy to use and offers solid protection. I also like the LinkScanner feature that checks your Facebook posts and marks them as safe. My hope is that AVG will resolve any issues and that AVG 2011 will continue to provide people with strong security software.

What are your alternatives? I still don’t recommend Norton or McAfee because they’re also memory hogs (especially Norton). But, I’d rather have you using one of those than nothing. What I really want is a security suite with a high detection rate and a small impact on system performance. You could try Kapersky Internet Security 2011, although its interface is not as friendly for non-technical users. Trend Micro Titanium Internet Security 2011 is good but scored weak on malware removal. Webroot Internet Security Complete 2011 is another option. The thing I don’t like about it is that its firewall constantly pops up warnings, a big turn-off for most users.

In short, there is no one right answer to security software for Windows. If you have an older computer, you’ll want a solution that doesn’t bog you down. If you have a mobile computer, you’ll want strong WiFi protection. If you don’t do much surfing, a free solution may suffice. The best way to determine your needs is to have a computer professional assess your environment and make a recommendation.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Don’t miss my upcoming fall seminars:

Advanced Social Networking
Cary Grove Chamber Of Commerce
Thursday, October 7, 2010, 12pm-1:30pm
Fox River Grove Village Hall, 305 Illinois Street in Fox River Grove

You may submit your questions ahead of time to info@guidryconsulting.com.

Discover real tips for using Facebook, LinkedIn and more. Learn advanced techniques for staying on top of today’s social media, and bring your questions and issues for our expanded Q&A session. To register, contact the Cary Grove Chamber at (847) 639-2800.

Maximize Your Membership Benefits
Cary Grove Chamber Of Commerce
Wednesday, October 13, 2010, 12pm-1pm
The L.O.F.T. at Holy Cross Lutheran Church, 2107 Three Oaks Rd. in Cary

Join our panel of Chamber experts over lunch to learn how to maximize your Cary Grove Chamber membership benefits. I’ll be participating in the panel, talking about how to use Social Networking with the Chamber. To register, contact the Cary Grove Chamber at (847) 639-2800.

Getting The Most Out Of Your Mac Computer
Crystal Lake Chamber Of Commerce Business Builder Breakfast
Friday, November 5, 2010, 8:30am-10:00am
Crystal Lake Chamber, 427 W. Virginia St, Crystal Lake, Illinois

Discover how to get the most out of your Mac computer. We’ll review the basics, discuss the similarities and differences between Macs and PCs, then delve into some of the Mac’s advanced features. We’ll also talk about Mac security and troubleshooting. To register, contact the Crystal Lake Chamber at (815) 459-1300.

PC Troubleshooting
Crystal Lake Chamber Of Commerce Business Builder Lunch
Wednesday, November 10, 2010, 11:30am-1:00pm
Home State Bank, 611 S. Main St., Crystal Lake, Illinois

Learn how to fix your own computer with the same techniques used by the experts. We will discuss troubleshooting, preventative maintenance and security tips for PC (Windows). To register, contact the Crystal Lake Chamber at (815) 459-1300.

My column in today’s Northwest Herald talks about the recent uptick in hijacked email accounts. Hackers hijack your account in order to prey on your contacts by sending spam, malicious links, and outright requests for money in your name. And not just your email account… Facebook, LinkedIn, and other accounts can also be hijacked.

Here are some things you can do to protect yourself, not just from hijacked accounts but also from viruses, spyware and other Internet threats:

• Use strong passwords that are unique on every system, and change them every few months. Earlier this week I posted an article about how to create secure passwords. This is the number-one thing you can do to prevent your accounts from being hijacked.

• Use a high-quality security software suite. I used to recommend free solutions for Windows like AVG combined with Spybot or AdAware, but these days I’m finding the freebies aren’t enough to protect you. Norton and McAfee will do the job, but Norton in particular tends to take up a lot of memory which may make older machines run more slowly. I prefer AVG’s paid Internet Security Suite or Trend Micro’s Titanium Internet Security or Titanium Maximum Security. If you’re using free AVG, you can get a discount on the full AVG suite if you buy through the “upgrade from free version” option.

Whatever solution you choose, be sure it is a full suite—containing antivirus, anti-spyware, and firewall—and not just antivirus. And be sure it’s real software and not one of the many rogue security programs that are actually viruses in disguise.

Mac users, you need security software too. My personal favorite is Intego VirusBarrier or Internet Security Barrier. If you run Windows on your Mac through Apple’s Boot Camp or a program like VMWare or Parallels, try Intego’s Dual Protection options: VirusBarrier DP or Internet Security Barrier DP. These include BitDefender for Windows to protect the Windows half of your computer.

• Make sure ALL of the software on your computer is regularly updated. In one of my previous Northwest Herald columns, I talked about the dangers of old software. Here on my blog I’ve also talked specifically about the risks posed by old versions of Adobe (Acrobat) Reader and Flash.

• If you’re on Windows, use a browser other than Internet Explorer. Using Firefox or Opera instead of Internet Explorer offers you that much more protection. If you must use Internet Explorer, find out why older versions of Internet Explorer pose a greater risk of virus infection.

• Watch out for poisoned search engine results and learn how to spot bad web links.

• Never click on links or open attachments in email. Always visit the site directly. For example, if you get an email saying you have a new Facebook message, go directly to facebook.com from your Web browser instead of clicking the link in the email.

• Learn about social engineering and how hackers will do anything and everything to trick you into letting them in.

• And, finally, subscribe to the free email version of Triona’s Tech Tips for easy-to-understand tips you can use to protect yourself from the latest Internet threats. You can click this link or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe.”

Many people say to me, “I don’t need a secure password. I don’t have anything sensitive on my computer, so I don’t care if a hacker gets in.” You, my friends, are a hacker’s dream. Because it’s not necessarily your personal information they want, although they’ll happily steal your credit card info if they can. No, what they really want is control of your computer, your email address, your Facebook page… anything and everything that will let them do their dirty work from behind a smokescreen.

Let me teach you how to be a hacker’s worst nightmare by using strong passwords that are:

• At least 6-12 characters in length
• A mix of upper- and lowercase letters, numbers, and symbols if allowed
• Not common words or proper nouns found in a dictionary
• Not in use on any other system
• Changed regularly (at least once every few months)

The most common password mistakes I see are:

• Using no password at all (e.g. hitting Enter)
• Using common passwords like “password,” “123456,” spouse’s name, or pet’s name
• Using a common dictionary word with an exclamation point at the end
• Using the same password for everything
• Rotating through the same two or three passwords for everything
• Sharing passwords with others
• Sending passwords via email
• Sticking passwords on Post-It notes on monitors or under keyboards

Why not take this opportunity to change your passwords? It’s the best thing you can do to protect yourself against identity theft and cybercrime.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.