- 03 9428 4999
Perhaps like many of us you’ve been using Zoom a lot more recently, but are worried about the security issues everyone has been talking about?
Zoom has been a great way for us all to stay connected in these challenging times, because it’s free (for limited personal use) and easy to use. Unfortunately that ease of use has partly come about because Zoom have historically had a rather cavalier attitude to security.
But, things are improving, and Zoom have now made changes to deal with the worst of these issues. So you can now use Zoom reasonably safely, if you follow some sensible precautions.
The most important thing is to make sure you install the recent Zoom updates. If you are not using the newest version of Zoom, the Mac app itself will show an update banner across the top of its main window. Do that update. If you want to make absolutely sure you’re running the latest version, click “Check for updates” under the Zoom.us menu. Likewise, make sure you are running the most recent version of Zoom on your phone.
If you want to dig deeper, there are many security settings in your Zoom preferences.
Most of these settings are in Personal/Settings in the Zoom web interface – accessed by clicking “View Advanced Features” in the Profile tab in the Zoom app preferences on your Mac. There are a lot of settings in there, but the most important are probably these:
When scheduling Zoom meetings make sure to choose to have Zoom generate a meeting ID automatically, rather than using your own Personal Meeting ID, and to require a meeting password for participants to join.
Once your Zoom meeting has started, and all of your participants are in the meeting, you can prevent anyone else from joining in. This is done in the “Security” tab, at the bottom of your meeting window on the Mac. Choose “Lock Meeting”. This will prevent others from joining even if meeting IDs or access details have been leaked.
More broadly, always be cautious what information you share in Zoom meetings (and generally). Under no circumstances should you discuss passwords, banking details or any other highly sensitive information.
Remember, this is a time of high security risk for all internet users, so take no chances.
Mac Aid is still here to help, just ask.
Now that we are all settled into working from home, take a minute to consider whether your security is up to scratch.
A lot of this might seem like plain common sense, and you’re probably on top of it already. But we thought that in these stressful times it might be worth stopping, taking a breath and checking the security of your remote working setup, just in case. Much of this you can tend to yourselves, but if you’re unsure, Mac Aid are still here, and happy to help you through it.
Mac Aid working from home security check list
Many of you are possibly accessing your employers servers and network through a VPN, or dealing with company data on a cloud service like DropBox or Google Cloud. Or perhaps you’re self-isolating at home and finding that you are more dependant on your internet connected devices than you have ever been.
Home networks are inherently less secure than corporate networks, which are generally protected with sophisticated firewalls, and so scammers and cyber-criminals see our current remote working situation as an exciting new opportunity. Make sure your home network is as safe as it can be.
So take a minute to consider the following:
1: Is your home internet connection as secure as it should be?
A surprising number of people leave their home routers and wifi with the default passwords they came with.
In the past that might have sufficed for your own personal uses (although it still isn’t ideal), but this makes your network inherently less secure. It would be good practice to change that password to a strong and unguessable one, that will be unique to your network.
Generally configuration of your router or wifi will be via its IP address, which on a Mac you can find in your System Preferences/Network/Wifi under the advanced tab. Copy the IP address you see beside “Router” and paste into a web browser, and you should be looking at the configuration page for your router. If your router is using its default user name and password, they will most likely be printed on a sticker on its base. Make sure to keep a record of what you change your router credentials to. You will have to re-authenticate all of your devices to use your router/wifi (using it’s new password) after doing this.
2: Is your laptop or desktop computer properly secured?
Your laptop, computer or phone, should be set up to require an unguessable password, or to use touch-ID, to log into it or wake it from sleep. While it might be convenient to have your device set up to not require a password, this is a serious security risk if your system contains details to log into company servers or accounts and has those passwords saved. So make sure your system is set to require a password or touch ID to open.
On a Mac, this is set up in two places in your System Preferences. In System Preferences/Users & Groups: Under Login Options, make sure that “Automatically login” is set to off. You will have to authenticate with your administrator password to change this setting. In System Preferences/Security & Privacy, make sure that “Require password” is set to a modest, yet bearable time-limit, like 15 minutes. Again, you will have to authenticate with your administrator password to change this setting. If you are using a recent era MacBook Pro, MacBook Air or MacBook, make sure that you have set up Touch ID to secure it with your fingerprint.
3: Are you alert to phishing attacks?
With so many of us working remotely now, the chances that someone you know will have their email account compromised are greater. If you receive emails that purport to be from people you know that ask for payments, passwords or such, firstly, stop and consider them, and then check directly with that person by phoning them, or if you are using a chat platform to communicate with co-workers, perhaps ask them there.
Be particularly alert to emails seemingly from suppliers informing you of new payment arrangements or unpaid bills. If you’re still in doubt, ask Mac Aid to quickly look at any suspicious emails for you.
4: Is your system free of malware?
Your company servers and networks are likely well protected from malicious attacks, but your home network and systems might not be. By connecting your home network to your work network, you might unknowingly be creating an entry point for attacks.
As always, the most important thing you can do is to be hyper-aware, and not open any suspicious emails or attachments at all. Also be wary of installing browser plug-ins or other new software that you can’t be certain is from a reputable software company.
Ultimately if you want to be as secure as you can be, virus protection software might be the answer. But be alert that some software that purports to “clean your Mac” or otherwise scan for viruses, is in fact malware itself. Be especially wary of any virus protection software that suggests itself to you via pop up windows whilst web browsing.
Malware Bytes is a legitimate virus protection application, and are offering a two month free trial currently. You could avail yourself of that offer to ramp up your level of protection right now, and decide at a later date whether you wanted to buy into it or not. Phone the Mac Aid office to arrange your free trial.
Don’t let the current stressful environment cause you to make unsafe choices or take unnecessary security risks. If you receive any email or message that seems suspicious, stop, consider it, and check its authenticity before doing anything at all.
Mac Aid is still here to help, just ask.
Your business may not be located in China, and your customer base may not be Chinese, but like it or not, the economy is global, and coronavirus may already be having an impact on your business. You may have had employees away on overseas holidays, or travelling for business. Even if they haven’t been anywhere near China, they may have been exposed to Coronavirus on planes or in airports, which are filled with people coming and going to and from every part of the globe. Australian businesses are not immune to the threat caused by the virus. While we don’t yet understand the full impact the virus will have, business owners can take action now to help protect their business from the likely impacts of Coronavirus.
Coronavirus could have a significant impact on businesses (particularly small businesses), and could potentially cause disruptions to supply chains, drops in both customer and sales numbers, and cash flow shortages. Now is the time to set a Business Continuity Plan in place, to help prepare for the potential fallout of Coronavirus. Putting business continuity solutions in place now will give you peace of mind that your business will continue to function in the event of a disaster such as Coronavirus.
Start thinking about how your business will address the following questions, so that you can keep essential operations running:
Timely and honest communication with your staff, suppliers and clients is important, as all need to be made aware of any issues you may have delivering your products and services, and what contingency plans are in place.
Businesses are in a strong position to counter the Coronavirus outbreak by allowing employees to work remotely. Obviously, this is not feasible for every business, as employees need to be physically present in certain fields, but if it’s possible for your employees (particularly those who are unwell or at risk of contracting Coronavirus) to work from home, now might be a good time to look at how you could make this happen. Use it as an opportunity to examine how productive your workers can be from home, and to strengthen your IT infrastructure to allow it to happen.
Clarify your position on all of these questions and put plans in place to address any issues which arise, so that your business has the best chance of staying afloat during a difficult period.
Do you use products manufactured in or supplied from China? Does your company manufacture products there? Perhaps you use remote workers in China? Examine your supply chain in depth, and you may be surprised that your business does have contact with affected areas in some way. If so, now might be the time to seek alternative suppliers.
Sure, you may have been looking forward to that annual conference in the US, but is it really worth the risk? If it’s not absolutely necessary to travel for work, make the decision to avoid overseas travel at the moment.
Chances are the employee with a sniffle doesn’t have Coronavirus, but it’s always wisest to be on the safe side, especially if they’ve recently been overseas or had close contact with someone who has. Make it known that employees need to stay home if they’re sick. And encourage employees to keep their vaccinations up to date, as eliminating the spread of other illnesses will reduce pressure on health services by reducing vaccine-preventable diseases.
If you’re unsure about any aspect of how you can maintain and update your business networks to allow employees to work remotely, contact Mac Aid for help. We can advise you on how best to manage your IT infrastructure to help prevent your business grinding to a halt, and tailor an individual solution to your unique requirements. Don’t just sit back and hope this whole crisis will disappear soon. Get your business continuity plans in place today and help shield your business – and your livelihood – from the Coronavirus fallout.
With security breaches becoming more and more common, everyone needs to ensure they are using the most secure passwords for their online accounts as they possibly can. While this is great in theory, the problem comes with remembering these passwords. Here are some tips to help.
It’s surprising how many people choose passwords that are easy for them to remember, such as ones containing obvious phrases, their partner, pet or children’s names, or their own name or birthdate. Yes, they may be easy to remember, but they’re also easy for hackers to crack. A better way is to think of a phrase that you will remember, such as a line from a song, movie or book, and then take the first letter of each word to make the foundation of your password. For example, this classic quote from The Princess Bride: “My name is Inigo Montoya. You killed my father. Prepare to die.” would translate to mniimykmfptd. This is long enough to fulfil most password requirements and is not something that could be easily guessed.
However, you need more than that to make your password really strong and secure. You need to add some capitals, numbers and special characters.
To make it easier, capitalise the words that would already be capitalised in the phrase, such as names and words starting the sentence. That would now make it MniIMYkmfPtd. If there’s none of these, use a repeatable system such as capitalising nouns, or verbs, or whatever you choose.
Then add some numbers in. You could try a few strategies for this, such as adding the year of the movie/book/song, or changing certain characters to numbers, for example, changing ‘I’ to ‘1’, ‘S’ to 5 or ‘E’ to 3. Find a strategy that you’re likely to remember and apply it to all your passwords. In this case, our password now becomes Mn1IMYkmfPtd87 (changing the first ‘i’ to ‘1’ and with the year of the movie on the end).
Then to finish, add a special character in somewhere. You could use ‘@’ for ‘a’, ‘$’ for ‘S’, ‘!’ for ‘I’ or anything that makes sense for you. In this case I’ve added brackets around the year of the movie, so the password now is Mn1IMYkmfPtd(87).
Easy, right? Now you have a super strong password that no-one will be able to guess. The secret is remembering it. You could use a password management program (such as Apple’s Keychain Manager or Dashlane) to keep track of all your passwords. Or you could write down a hint to your password somewhere – in this case I might write down ‘The Princess Bride’ to jog my memory about what the password is. And no-one reading your hint would be able to guess your password, so you’re safe to commit it to paper.
Make sure you use a memorable system to create your passwords, so that you have a way to create and remember strong passwords, without allowing them to be cracked by criminals. Good luck!
Security threats abound in today’s digital world, and Macs are not immune to them. Here are a few tips to help make your Mac as secure as it can possibly be.
Create a standard account (non-admin) for use in everyday activities. Only use your administrator account to install software and perform system actions. This will strengthen your system’s security.
Apple’s FileVault encryption is a powerful tool that will protect your data even if your system is compromised. It will automatically encrypt the contents of your Mac until you use your login password or a recovery key to access the data. It’s available from the Security & Privacy System Preferences menu. You should also ensure that your backups are encrypted and password protected, whether you’re using Time Machine or a cloud service.
WARNING: With FileVault enabled you will need your login password or a recovery key to access your data. If you forget both your password and recovery key, your data will be lost.
There are a few settings you can tweak to enhance your Mac’s security.
Here you’ll find a range of security options you can tweak, turn off or on to give you more control over your Mac’s security. You can enable your Mac’s built-in firewall here, to make your Mac less visible on public networks.
Spotlight can offer you suggestions from the internet, but if you’re not careful it can also leak your private information back to Apple and other third party providers. Turn this feature off by opening System Preferences, choosing Spotlight and deselecting Spotlight Suggestions. Easy!
Location services require you to swap privacy for convenience, by allowing Spotlight and Siri to offer suggestions based on where you are. While these are fairly harmless, you don’t want unscrupulous criminals to be able to take advantage of these services for their own ends. Don’t use it if you don’t need to.
Apple periodically distributes software updates that correct problems and it’s wise to install these updates as soon as you can after you receive notification. You can set your computer to automatically check for updates as well.
Use strong passwords that are not easily crackable and use different passwords for each site. Using Apple’s Keychain Manager or a password application such as Dashlane makes this process a breeze.
Yes, it’s a bit painful, but the benefits to security achieved by this extra layer of protection outweigh the few extra seconds you have to spend logging in.
Never use public Wi-Fi to access a confidential service such as your online bank or superannuation account. It’s just not safe and secure.
Create a disposable email address that you can use to sign up for websites and services. This will reduce the amount of spam you receive to your primary email address. iCloud makes it easy to create an email alias for this purpose. Do this:
Inbound and outbound firewalls are both necessary for protecting your Mac against particular kinds of attacks. Implement multiple layers of protection by turning on two-way firewall. Go to System Preferences, Security & Privacy, and choose the Firewall tab. Enable the firewall by choosing Turn on Firewall, and you can choose which apps can receive inbound connections.
