By -- 2023-02-3 in Blog

The orange and green dots that you may now see on the top of your iPhone screen (for devices with iOS 14 or later) are part of an enhanced privacy and security update. When an orange dot appears right above your cellular bars, it means an app is using your iPhone’s microphone. It can be any third-party app, or a basic function of your iPhone such as making a call or utilizing Siri. When you see the orange dot appear, you can swipe down from the top right of your screen to view which apps are currently using your microphone.

When a green dot appears in the top right corner of your iPhone’s screen, this means an app is using your camera and/or your microphone. Just like with the orange dot, you can swipe down from the top right corner of your screen to see which apps are using your camera. If you have an Android 12 or later, a green dot in the top right corner of the screen will inform you when your phone’s camera or microphone is being used. You can swipe down on your screen to show the notification bar, and from there click the green dot to see which apps are using your camera/microphone.

If you see an indicator that your microphone/camera are in use even though you aren’t using any apps, it likely means an app has permission to access those features even when it isn’t in use. If this is not the case, it’s possible your phone may have been hacked. To avoid this, you may want to look into installing antivirus software on all your devices. If you have any questions about your phone’s security or IT in general, feel free to contact us at info@optfinity.com .

By -- 2023-02-1 in Blog

It’s National Change Your Password Day, so it’s a great time for a refresher on creating good passwords and why you should use a secure password manager. These steps are easy to follow and don’t take much time but are essential to keeping your personal information safe on the internet.

Best Password Practices

  • Passwords should be a minimum of 8 characters
  • You should use a mixture of upper and lowercase letters, numbers and symbols
  • Refrain from spelling any dictionary words
  • Enable multifactor authentication (MFA)
  • Never use the same password for more than one account
  • An example of an effective password would be: %PLxO23saX2#q

For a lot of people, this might seem very difficult to do when you have so many accounts.   That is why we recommend the use of a password manager. If you aren’t familiar, password managers record your log-in information when first signing into a website, and then auto-fill the information on subsequent visits. This allows for all your accounts to have different passwords without having to remember each specific one. Password managers can even auto-generate strong passwords for you.

Many password managers keep your master password locally and not on a remote server, protecting your account in the event of a data breach. Even the best password managers have vulnerabilities and can be hacked, but quality managers are based on zero-trust security. This means that all your passwords are encrypted at the device level, and not accessible to the password manager itself or any outside parties. However, if someone did get access to your master password, they could access your vault. This is why using multifactor authentication is still vital.

Creating strong passwords, enabling multifactor authentication, and using a password manager are all great and easy ways to keep your personal information secure in 2023. If you have any questions about password managers or IT in general, feel free to reach out to us at info@optfinity.com.

By -- 2023-01-25 in Blog

Apple announced Safety Check in 2022, an iOS security feature designed to view the information you’re sharing with others, such as your location or credentials. The feature allows you to instantly revoke those permissions, with the intention to help protect against domestic abuse. However, Safety Check can be useful for anyone with an iPhone that’s interested in their privacy and security.

The Safety Check feature not only protects against domestic abuse, but also can be used to keep an eye on all your downloaded apps and revoke permissions as desired. For example, camera and speaker permissions for any app can be changed at will.

How to use Safety Check to monitor app permissions:

  • Launch Settings
  • Click Privacy & Security, and then click Safety Check
  • Select Manage Sharing & Access
  • Use Face/Touch ID to access the security feature

After these steps, you’ll get a detailed summary of what you can review, such as people, apps, and account security. Since we’re focusing on app permissions, we’ll skip through the Sharing with People section and go directly to App Access. Here, you will see a list of your third-party apps, as well as what information is being shared with them.

To revoke an app’s permissions, just check the circle next to the app and then tap Stop App Access at the bottom of the screen. You can revoke different permissions from apps, such as Bluetooth, camera, location and more. Just be mindful of what you disable, as some permissions are needed for apps to function properly.

If you have any questions about your phone’s security or IT in general, feel free to reach out to us at info@optfinity.com.

By -- 2023-01-18 in Blog

Apple has positioned itself as a company that cares about consumer privacy over the past decade. However, a shift in Apple’s business model towards services such as Apple Music, iCloud, and Apple TV has led to more in-app advertising than ever before. Apple has always collected data about its customers but increases in their service business and advertising may lead to additional data collection. This creates room for concern, so we’ll go over what is known regarding Apple’s data collection policy.


Data Apple Collects by Default

As soon as you start using Apple’s products, data begins to be collected. Basic data such as your name, email address, and payment information are stored (standard practices for any business). Apple’s privacy policy also states it can collect data on how consumers use their devices. This data includes the apps you use, search history within apps, analytics, and crash data. Location, health, and fitness information can be collected as well, but only if you give permission. While you don’t need to give out this information, it is necessary to properly utilize certain Apple apps – such as the Health app, which can track useful data including statistics on sleep and exercise.

Some Apple systems, such as Game Center, don’t send your data back to company servers. Additionally, Apple Maps uses a rotating identifier instead of linking directly to your Apple ID, making it harder to identify you individually. Measures such as these show that Apple does try to take user privacy into account.

How to limit the data Apple collects

Apple ads take on two forms: contextual and personalized. Contextual ads are based on device information such as keyboard language, location data (if it is shared/enabled), and searches made in the app store. Personalized ads lump consumers into groups of 5,000+ people sharing similar characteristics such as age, gender, and location (based on registered post-code).

It’s possible to opt out of personalized ads in the App Store. Here’s how:

  • Go to Settings
  • Select Privacy and Security
  • Then click Apple Advertising
  • Toggle Personalized Ads off

Within Privacy & Security, you may also wish to visit Analytics & Improvements. Within this setting, you can stop Apple from collecting iPhone and iCloud analytics data if desired. You can also review all your app’s permissions in the Privacy & Security section. While some data sharing is necessary and can improve the user experience, it’s always a good idea to be aware of what information you’re sharing. If you have any questions or concerns about data collection and security, feel free to reach out to us at info@optfinITy.com.

By -- 2023-01-12 in Blog

Many of us have wound up with Amazon Echo devices in our homes over the last few years, and even more likely received them over the holiday season. While these devices (commonly referred to as Alexa) can go anywhere and offer some great functionality, you may wish to avoid keeping them in your bedroom.

Alexa is hands free – it listens to your requests and instantly plays the song you’re looking for, tells you the weather forecast, or rattles off your shopping list. However, because it needs to listen for these commands, it can also record your conversations without your consent. Due to this reason, you may have greater peace of mind keeping Alexa in a spot you’d feel comfortable having company in. Spaces you’d typically host guests such as the living room or kitchen are ideal.

Amazon has confirmed that their staff listens in to conversations recorded by Alexa in order to improve the device’s understanding of human speech. In fact, members of the staff listen to up to 1,000 audio clips per day. However, due to negative feedback, Amazon now allows user to turn off Alexa’s recording as desired. Here’s how:

  • Open the Alexa app on your phone
  • Access Settings
  • Select Privacy
  • Click Manage Your Alexa Data
  • Choose How Long To Save Recordings
  • Select Don’t Save Recordings, then select Confirm
  • Scroll to Help Improve Alexa
  • Go to Use of Voice Recordings and switch it off

You can also mute your Alexa Echo by toggling the mute button on your device. You can also fully unplug the device to ensure it isn’t listening to your conversations. If you have any questions or concerns about Amazon’s Echo devices, or any general IT inquiries, feel free to reach out to us at info@optfinity.com

By -- 2023-01-9 in Blog

While Macs have a good reputation against malware, they are still vulnerable. What may be relieving to hear, however, is that there is a way you can better protect your Mac. You can do this by removing the largest malware app of them all, MacKeeper

MacKeeper was originally designed to protect Macs from malware through cleaning, security, and performance tools. Ironically, 48% of Macs end up with malware infections though MacKeeper. The app is designed with good intentions but can be easily abused by hackers as a vehicle for malware. This is due to the app’s extensive permissions and access to various files and processes. It’s too risky to keep MacKeeper on your Mac and we strongly recommend removing it.

 

If you wish to remove MacKeeper, this is how:

  • Go to your Finder app
  • Click Applications
  • Search for MacKeeper
  • Select This Mac and click the plus sign
  • Choose Name to open the dropdown menu
  • Select Other
  • Scroll to System Files, click the checkbox
  • Click Name (again), select System Files
  • Switch ‘aren’t included’ to ‘are included’
  • Delete all files in folder (Right-click and select Move to Trash)
  • Empty your trash (Right-click the Trash icon in the bottom right screen corner, select Empty Trash)

 

The best way to prevent malware on your Mac is through good cyber security practices and protection. Look into installing top-rated security software if you haven’t already. For more information on how to protect your devices from malware or any general IT questions, feel free to reach out to us at info@optfinity.com.

By -- 2023-01-5 in Uncategorized

In general, it’s a good thing to be using a password manager to generate a strong, unique password and to keep track of all of your passwords. For many of OptfinITy’s clients, the password manager that has been used has been LastPass – something we ourselves have been using since 2013.

Over the past 6 months, however, there have been reports coming out about a security incident which occurred in August and then again in November at LastPass, about a potential hack. On December 22nd, LastPass clarified a previous security incident they had reported in November as being much more concerning, where the hacker’s data breach actually exposed encrypted password vaults—the crown jewels of any password manager—along with other potential user data.

The details, or more specifically, the lack of details that LastPass provided about the situation a week ago were worrying enough that security professionals quickly started calling for users to switch to other services. While some people have been making those suggestions, OptfinITy does not want to make a knee jerk reaction and is currently doing our own research into the situation.  This is what we know so far:

  • Sometime over the last 3-4 months, the encrypted vaults of all or some of the users were stolen.
  • These vaults which contain all of the usernames and passwords are encrypted with a master password which only the end user knows.
  • The encryption that is used is extremely difficult to hack without massive computer capabilities, something that very few people in the world have access to.
  • Although encryption is great for making it hard to decode what a password is, it does not stop hackers from using other tools to guess passwords on the vaults.  For example, if you utilize a password that is a common dictionary word followed by a number, those passwords will be easier to crack and the usernames and passwords will become available to the hackers.  For those with complex passwords (i.e.  C@nUGu3$$Th~sPw), your data will be much harder to access.

So what should you do?  

We are still investigating the issue and do not feel that it makes sense to switch to another provider today. The reason for this is that there is no 100% secure software or cloud-based solution and it is imperative that the solution you switch to is in fact a better option than the current one, or as the adage goes, the “devil you know is better than the devil you don’t”.

That being said, we are recommending that all LastPass users do the following immediately:

  • ALL LastPass users must change their MASTER password to login to LastPass and that the password should be complex in nature, containing a mixture of letters, numbers and symbols and without spelling a dictionary word.
  • All users should enable multi factor authentication on their vaults.
  • Whether you do use LastPass or not, we are recommending all users create an account on Have I been Pwned? (https://haveibeenpwned.com/) to ensure they learn of any breaches affecting them as soon as possible.
  • While the vaults were encrypted, the meta data about the users of the vaults was not.  As a result, hackers will have access to potential contact info, which means customers should be on extra alert for phishing emails and phone calls purportedly from LastPass or other services seeking sensitive data and other scams that exploit their compromised personal data.  Nobody will ever need your master password for any reason.
  • If you were an end-user who used a simple master password, it is our recommendation that you go through and change all of the passwords within your vault.

At this moment, OptfinITy is evaluating the situation while also testing out two potential replacement products for password management and will be in touch with our clients about their concerns and any potential changes.  Should you have any questions in the meantime, please don’t hesitate to reach out to us at info@optfinity.com.

By -- 2023-01-3 in Blog

A major security flaw has been discovered in macOS that can be exploited by hackers to install malware. This vulnerability has been dubbed “Achilles” and was first found in July 2022. Apple patched this vulnerability earlier this December (which is why we’re now hearing about it) but your Apple products could still be in danger. You should approve the latest Mac update on your Macbook, iMac, Mac mini, or any other Apple computer you may have as soon as possible. Hackers like to target vulnerable machines, so the sooner you update the better.

About “Achilles”

Apple includes Gatekeeper and XProtect in every version of macOS. Gatekeeper ensures all new software is verified before it’s installed, while XProtect scans for malware. The Achilles flaw was abusing a logic issue in Gatekeeper’s security protections, allowing malicious apps to be installed on Macs. The latest version of macOS fixes this vulnerability and should be installed as soon as possible. You may also want to consider installing a well-rated Mac antivirus software as an additional measure.

While this “Achilles” flaw is resolved through the latest update, hackers will continue to look for ways to exploit operating systems. For more information on cyber threats or if you have any general IT questions, feel free to reach out to us at info@optfinity.com.

By -- 2022-12-30 in Blog

Thieves love to steal iPhones. They’re easy to target and sell for quick cash. However, changing one iPhone setting can stop thieves in their tracks. Smart thieves will look to instantly turn on airplane mode once they swipe a phone. They do this so the phone can’t be located from the Find My app. Fortunately, there’s an easy way to prevent them from doing this.

Disabling Control Center When iPhone is Locked

  • Go to your iPhone’s settings
  • Find Face ID & Passcode
  • Enter your passcode
  • Scroll to Allow Access When Locked
  • Turn off Control Center

Now, thieves won’t be able to access your iPhone’s control center from the home screen. This will allow you to still track your iPhone using the Find My app. This can scare thieves off, as they’ll be aware that they can be tracked. Thus, many will opt to ditch the phone somewhere, allowing you to safely retrieve it using the Find My app. This setting change will have minimal impact on your phone’s ease of use as well. This is because your phone will still unlock with Face ID, allowing you to access the Control Center as usual. For more information on phone security or any general IT inquiries, feel free to reach out to us at info@optfinity.com.

By -- 2022-12-23 in Blog

TikTok, the latest social media titan, recently announced a new feature called “Why this video”. This feature is being rolled out in the “For You” section and will be accessible through a question mark icon. Users will be able to review why each video is selected for their feed. There will be several different listed reasons, such as previous interactions, accounts followed, user posted content, and regional content.

TikTok said in a press release that “Looking ahead, we’ll continue to expand this feature to bring more granularity and transparency to content recommendations.” TikTok has also made additional strides towards safety, such as customized content recommendations, parental controls, and improved content moderation systems.

However, there are still some major security concerns despite TikTok’s strides towards transparency. The video-based app has an algorithm that can be concerningly good, leading to questions about how much data is being accessed. Some states have banned the app from government devices and it is going through a national security review with the US Committee on Foreign Investment.

So, while TikTok can be a great source of entertainment, it’s wise to be cautious of it. Lots of data can be collected from the app, and it’s also important to make sure minors aren’t exposed to inappropriate content. For more information on best internet safety practices or any other general IT questions, feel free to reach out to us at info@optfinity.com.