TechBytes

I just read this warning: “Don’t overcharge your mobile phone. Make sure you unplug it from the charger after it reaches 100%. Don’t leave it charging overnight.”

Why is this?

It’s because your mobile phone charger doesn’t stop charging after your phone reaches 100% capacity. It keeps topping off the charge during the night. This is called a “trickle charge.”

While you’re sleeping, and the phone is plugged in, it works to keep fully charged by compensating for the small amount of charge it loses by just being turned on. This is bad because the trickle charge causes your mobile phone to retain a higher ambient temperature than it should. This ultimately reduces the battery’s capacity.

I wondered why I couldn’t seem to keep my phone charged all day. It’s barely three-years-old, and I’m already having battery issues! Now I know why. I’ve been damaging the battery all this time by charging it at night while I sleep. I wish I had known this before!

Mobile phones contain a rechargeable lithium-ion (or Li-ion) battery that charges faster than traditional rechargeable batteries. So, when we plug our iPhone or Android into a charger, it can get fully charged in just about two hours.

By keeping our phones charged overnight we’re increasing the amount of time it spends on the charger, thereby degrading its battery capacity that much sooner.

Hatem Zeine, the founder of Ossia, a developer of wireless charging technology, tells us: “If you think about it, charging your phone while you’re sleeping results in the phone being on the charger for 3-4 months a year. So even though the manufacturers try their best to cover this scenario, this process inevitably lowers the capacity of your phone’s battery.”

Batteries decay from the moment you start using your new phone. This means they gradually lose their ability to hold a charge. By charging your phone overnight, you’re increasing the amount of time it spends with the charger. As a result, it degrades the capacity much sooner.

If you’re like me, you’re always on your phone checking text messages, emails, calling people, listening to music, watching videos, surfing the Web and more. It’s no wonder the battery runs down so quickly. However, if we’re careful about the way we recharge our phones, we can get much more life from the battery.

The people at Cadex Electronics that make lithium phone batteries say:

“Go ahead and charge to 100%. There’s no need to worry about overcharging as modern devices will terminate the charge correctly at the appropriate voltage…Modern smartphones are smart, meaning that they have built-in protection chips that will safeguard the phone from taking in more charge than what it should. Good quality chargers also have protection chips that prevent the charger from releasing more power than what’s needed. For example, when the battery reaches 100%, the protection hardware inside the phone will stop current from coming in, and the charger will turn off.”

However, they go on to say:

“Li-ion does not need to be fully charged as is the case with lead acid, nor is it desirable to do so. In fact, it is better not to fully charge because a high voltage stresses the battery.”

Don’t wait until your phone battery gets to 0% to charge it. A good time to charge it is when the battery reaches 35-45%. Doing this will help to preserve the battery life. If you do this religiously, then you should be able to keep your smartphone for longer than two years.

So essentially what I’ve learned is that rechargeable batteries are doomed to failure. They are constantly decaying from the moment you first turn on your brand-new phone and eventually lose their capacity to hold a charge. How depressing!

This is why my phone keeps losing its charge more quickly the longer I have it! I’ve owned my current iPhone 7 for over two years, and I’ve experienced a significant reduction in battery capacity.

Even worse, Apple tells us that constantly charging and recharging the iPhone battery isn’t good because the capacity of Li-ion batteries diminishes slightly with each charging cycle.

Most Android phones have a feature that allows for fast charging. They also have a chip with a Power Management IC (PMIC) that tells the charger when it’s receiving the higher-voltage fast charging to prevent it from overheating. Heat is a bad thing for all mobile phones. This is why you should never leave your phone in a hot car. The same goes for freezing temperatures.

So, what do the experts advise us to do? How should we charge our smartphones?

Here’s what the people at Cadex say to do:

“Don’t wait until your phone gets close to a 0% battery charge until you recharge it. Full discharges wear out the battery sooner than do partial discharges. Wait until your phone gets down to around a 35% or 40% charge and then plug it into a charger. That will help preserve the capacity of the battery. You should also keep your phone cool, as higher temperatures accelerate the loss of battery capacity.”

Another tip: Take off your phone’s case before you charge it so it won’t overheat.

Well, I guess this is the reason why I never seem to keep a phone longer than two years. This, coupled with the fact that Apple keeps coming out with cool new phones entices me to replace my old one. I know–This can be an expensive proposition. Maybe this is what the phone companies planned for all along–To keep us buying new phones! And with the pay-by-the-month plans that providers now offer, they make it even easier to swap out our not-so-old phones for a new one.

But for those of you who want to keep your phones for longer than two years, charge your phone during the day after it reaches 35 to 40 percent and unplug it when it reaches 100%. This might get you more longevity from your Li-ion battery so you can hang onto your phone for another year or so.

7 Steps To Protect Yourself

You probably use a number of personal identification numbers (PINs), passwords, and passphrases to get money from ATMs, to use your debit card when shopping, or to log in to your personal or business email. Hackers represent a real threat to both your personal and business password security and confidential information. Now, these criminals are using a technique called Password Spraying to steal your information.

According to information derived from FBI investigations, malicious cyber actors are increasingly using password spraying against organizations in the United States and abroad. In February 2018, the Department of Justice in the Southern District of New York indicted nine Iranian nationals, who were associated with the Mabna Institute, for computer intrusion offenses. However, password spraying isn’t limited to this group. Other hackers are using it to gain access to both personal and business confidential information.

Manhattan U.S. Attorney Geoffrey S. Berman said: “Today, in one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice, we have unmasked criminals who normally hide behind the ones and zeros of computer code. As alleged, this massive and brazen cyber-assault on the computer systems of hundreds of universities in 22 countries, including the United States, and dozens of private sector companies and governmental organizations was conducted on behalf of Iran’s Islamic Revolutionary Guard. The hackers targeted innovations and intellectual property from our country’s greatest minds. These defendants are now fugitives from American justice, no longer free to travel outside Iran without risk of arrest. The only way they will see the outside world is through their computer screens, but stripped of their greatest asset – anonymity.”

How Does Password Spraying Work?

Password spraying is a type of brute force attack where hackers use a username with multiple passwords to gain access to your IT system. With traditional brute force attacks, the criminal uses one username with multiple passwords. Employing a lockout functionality, which locks the criminal out after a set number of login attempts, is an effective means of dealing with traditional brute force attacks.

However, with a password-spray attack (also known as the “low-and-slow” method), the malicious cyber actors use a single password against many accounts before moving on to another password. They continue this process until they find one that works. This strategy works for them because they can avoid account lockouts. It circumvents lockout functionality by using the most common passwords against multiple user accounts until they find one that works.

Password spraying targets single sign-on (SSO) and cloud-based applications using federated authentication. A federated authentication identity provides single access to multiple systems across different enterprises. Criminals target federated authentication protocols because it disguises their activities and ensures their anonymity.

Attackers use password spraying in environments that don’t use multi-factor authentication (MFA), rely on easy-to-guess passwords, or use SSO with a federated authentication method.

 

Your Email Is Also At Risk

Hackers also prey on email accounts that use inbox synchronization (which pulls emails from the Cloud to inboxes on remote devices). Malicious actors use inbox synchronization to obtain unauthorized access to your organization’s email directly from the Cloud. Then they download email to locally stored files, identify your company’s email address list, and secretly apply inbox rules to forward your sent and received messages to them.

The United States Computer Emergency Readiness Team (US-CERT) details how hackers use password spraying, what you should watch out for, who is at risk, and the impact this type of attack can have on your organization.

Your Technology Service Provider can explain this to you and your employees in plain language, and help you protect your organization against password spraying and other attacks.

 Traditional Tactics Techniques & Procedures

• Using social engineering tactics to perform online research (i.e., Google search, LinkedIn, etc.) to identify target organizations and specific user accounts for initial password spray
• Using easy-to-guess passwords (e.g., “Winter2018”, “Password123!”) and publicly available tools, execute a password spray attack against targeted accounts by utilizing the identified SSO or web-based application and federated authentication method
• Leveraging the initial group of compromised accounts, downloading the Global Address List (GAL) from a target’s email client, and performing a larger password spray against legitimate accounts
• Using the compromised access, attempting to expand laterally (e.g., via Remote Desktop Protocol) within the network, and performing mass data exfiltration using File Transfer Protocol tools such as FileZilla

Indicators That You’ve Been Attacked

• A massive spike in attempted logins against the enterprise SSO portal or web-based application;
• Using automated tools, malicious actors attempt thousands of logons, in rapid succession, against multiple user accounts at a victim enterprise, originating from a single IP address and computer (e.g., a common User Agent String).
• Attacks have been seen to run for over two hours.
• Employee logins from IP addresses resolving to locations inconsistent with their normal locations.

Typical Victim Environment

The vast majority of known password spray victims share some of the following characteristics:

• Use SSO or web-based applications with the federated authentication method
• Lack multifactor authentication (MFA)
• Allow easy-to-guess passwords (e.g., “Winter2018”, “Password123!”)
• Use inbox synchronization, allowing email to be pulled from cloud environments to remote devices
• Allow email forwarding to be set up at the user level
• Limited logging setup creating difficulty during post-event investigations

The Impact

A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

• Temporary or permanent loss of sensitive or proprietary information;
• Disruption of regular operations;
• Financial losses incurred to restore systems and files; and
• Potential harm to an organization’s reputation.

7 Steps You Can Take To Mitigate Password Spraying Attacks

1. Enable MFA and review MFA settings to ensure coverage overall active, internet facing protocols.
2. Review password policies to ensure they align with the latest NIST guidelines and deter the use of easy-to-guess passwords.
3. Review IT helpdesk password management related to initial passwords, password resets for user lockouts, and shared accounts. IT helpdesk password procedures may not align with company policy, creating an exploitable security gap.
4. Many companies offer additional assistance and tools that can help detect and prevent password spray attacks, such as the
5. Make sure your employees change their corporate passwords every 60 days.
6. Establish a password policy that prohibits easy-to-guess passwords. Enable multi-factor authentication (MFA) for all web-based applications. If MFA practice is already in place, review current protocols thoroughly to ensure it is maintained well
7. Ask your Technology Solutions Provider to conduct Security Awareness Training for your employees at all levels.

The FBI Reporting Notice

The FBI would like you to report any suspicious or criminal activity to your FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch). Field office contacts can be identified at www.fbi.gov/contact-us/field. CyWatch can be contacted by phone at (855) 292-3937 or by e-mail at [email protected].

Your report should include:

• The date,
• Time,
• Location,
• Type of activity,
• Number of people affected,
• Type of equipment used for the activity,
• The name of your company or organization, and
• A designated point of contact.

Today’s internet has literally changed the way businesses function. It has redrawn the boundaries and changed the rules of competition in today’s business climate. The Internet has allowed business owners to create much closer relationships with their customers. In addition, it has given consumers more power through access to unlimited information.

Regardless of the size of your business, you probably have a website and a pretty decent one at that. In fact, websites are not as costly as they once were to build and manage. Thanks to the increase in the number of web developers and online sites that host websites, almost anyone can have a website if they want it.

For savvy business owners, their website is the key to greater sales and stronger relationships with customers. A successful website is constantly adding new content that offers value to consumers. They update the site regularly with the latest security and technology. A company with an amazing website almost always excels in the marketplace over competitors who don’t. Why? Because they understand that their business website is the voice of their company online.

Websites have become a valuable commodity to business owners. They are the first stop of prospective clients who want to find more information about your business. Current clients also rely on websites to find product information and updates. Your website is the place where all the action takes place each day. Your website can make or break your business. Knowing how important websites are, most business owners are interested in learning how they can get the most out of their site.

Allow your website to communicate your story to clients

With the understanding that websites do speak to your customers, you should ask yourself the question, “What do you want your website to say to customers?”

Each day, you must make sure that the information you provide is important to your customers and that it’s accurate. Does it resonate well with them? Will it make them want to purchase your products or services? Image is everything in a business. Since your website represents the first image that people have concerning your business, it’s important to make a good first impression. As it is commonly said, first impressions matter. What story do you want the website to tell?

The best websites always tell a compelling story. Sometimes your story is all about why you started your business and sometimes it’s more about your roots, your background. Great businesses have a unique reason for their existence. Bill Gates got the idea for Microsoft when a friend, Paul Allen, showed him the 1975 issue of Popular Electronics. This issue featured a story on the Altair 8800, one of the first microcomputers. Both Gates and Allen saw the potential for developing a programming language for the computer. The rest is history.

In putting together the story behind your business, it may be necessary to hire a good writer to help craft the message. This expense is well worth it. Once you create a great story that customers can relate to, your next job is to write professional content for your site. Though your budget may initially be small, you can go back and redo this once you have the time and money to do so. Usually, your website is a work in progress anyway. It is constantly evolving and changing as your business grows.

Good content will make customers feel that they need your goods and services to meet a need in their lives. You should include information about how these goods or services are better than those offered by others in the same industry. Many of today’s most successful brands have become indispensable to their customers. Think about how Prada and Louis Vuitton have changed the handbag industry. Their customers feel a strong urge to own one of these exclusive handbags and many are priced in the thousands of dollars.

Provide contact information

Imagine locating a website online, and the information given therein is attractive. You read through their homepage and look at what they offer. In your mind, you are convinced that this is it. They are exactly what you need. You pick up your phone while scrolling down, looking for the contacts page and you find nothing. No phone number, no email address, no physical address, nothing. This can be frustrating, right? In fact, most people will get disheartened immediately. They will look elsewhere for other products. Consumers feel that if there’s no contact information, then the business must be shady. So it’s important to include your physical location, email address and phone number. This degree of transparency tells consumers that you have nothing to hide.

Collect lead information

If you have been in business long enough, you know that some clients will visit your website more than once before they decide to make a purchase. Do not despair, this does not mean that your website is not fulfilling its mandate. It simply means that many customers enjoy doing lots of shopping before they make a purchase. In the meantime, you can collect lead information using a lead capture form. This will give you the opportunity to send them regular email updates about specials you might have. Often, if a prospective customer gets an email telling them they can get a discount by making a purchase right away, they will do so. Everyone loves to get a great deal.

User friendly navigation

The whole science behind user experience has grown tremendously in the past ten years. A site must be intuitive, responsive and user friendly. You cannot afford to hide things or make it hard for customers to get information. Websites that are difficult to understand end up chasing customers away. Try to get regular feedback from users. Find out what people are saying about your site. Correct any issues you may have right away.

Final thoughts

All in all, if you maximize each component of your website, you will discover the magic that a great site can offer. Customers will visit often. They will tell their friends about your site. An amazing website truly is priceless.

At nearly $1 Trillion in earnings a year, hacking is now at record proportions. Your data is a valuable asset, not only to you but to criminals as well. Don’t get hacked.

Here’s what you need to know.

• 1 in 3 Americans has been hacked.
• A hacker attacks someone every 39 seconds.
• 61% of small businesses experienced a cyber-attack within the past year.
• The average cost of a data breach in the U.S. is $7.35 Million.
• $5 Billion was lost due to hacking in 2017. This is more than 15 times the total losses in 2016. Most of this cost was due to data breach fines, downtime, and productivity losses.
• 54% of breaches are caused by negligent employees who click on suspicious websites and emails.
• 20% of businesses experienced downtime of over 100 hours due to ransomware attacks.
• 64% of businesses paid ransoms even though paying doesn’t guarantee that data will be returned.
• The anticipated cost of cybercrime in the next 3 years is $6 Trillion.

The pool of cybersecurity experts is shrinking. By 2021 there will be 3.5 Million jobs that can’t be filled. The demand for security experts is increasing and is outpacing the supply.

5 THINGS TO DO RIGHT NOW

 Ignore Ransomware Threat Popups and Don’t Fall for Phishing Attacks.

These attacks say that your data will be encrypted so you can’t access it, but in many cases, this isn’t true; it’s just a ploy to get you to click on something harmful. Once you click on the link, then you’re in trouble. You may have to pay a ransom to get your files unlocked.

Ransomware is a type of malicious software (malware) that blocks access to a computer. It infects, locks, or takes control of a system and demands a ransom to unlock it. It’s also referred to as a crypto-virus, crypto-Trojan or crypto-worm. It then threatens that your data will be gone forever if you don’t pay using a form of anonymous online currency such as Bitcoin.

Phishing is when a scammer uses fraudulent emails, texts, or copycat websites to get you to click a link so they can steal your confidential information. Thieves are looking for information like social security numbers, account numbers, login IDs, and passwords. They use this information to rob you of your money and your identity. The odds are good that phishing will work. A campaign of 10 messages has a better than 90% chance of getting clicked on. The majority of account takeovers come from simple phishing attacks where you or someone in your organization gets tricked into releasing private credentials and information.

Use Hard-to-Guess Passwords and Two-Factor Authentication.

Use complex passwords with 9+ characters and don’t reuse passwords across your different accounts. Consider using a password manager like LastPass. For accounts that support this, two-factor authentication is an extra step worth taking to ensure the privacy of your data. It requires both your password and an additional piece of information to log in to an account. The second piece could be a code the company sends to your phone or a random number generated by an application or token. Two-factor authentication will protect your account even if your password is compromised.

Secure Wi-Fi With a Virtual Private Network (VPN).

Hackers now emulate free open Wi-Fi to steal your IDs and passwords. You can be fooled when you try to login to free Wi-Fi in airports, restaurants, and other public areas. When this happens, everything that you type is copied and archived by these criminals and used against you. Using a VPN encrypts your Internet connection and protects your privacy. When you connect to the Wi-Fi over your Virtual Private Network, no one can see the information you send, and your privacy is safeguarded at all times.

 Back Up Your Data.

Store data both onsite and offsite in a secure Enterprise-Based Cloud System. Back up your files regularly to ensure you have a duplicate of all your files and applications if your network is compromised. Traditional data backups can’t always restore all of an IT system’s data and settings. This is why you need both an onsite backup and a reliable backup via the Cloud. An enterprise-based cloud backup solution safeguards your data and ensures that it’s recoverable under any circumstance.

 Hire a Reputable Technology Solutions Provider to Help.

A reputable Technology Solutions Provider can deploy a layered security protocol with regular software patches, vulnerability management, and continuously-updated endpoint protection. They can also provide Security Awareness Training for your employees to help them recognize potential threats. With the right provider, you’ll boost your defense posture and decrease the likelihood that a data breach will take down your business.

Don’t get hacked. Contact us, and we’ll keep your data secure.