Well that’s not a problem. There’s several public WiFi’s available, you could just hop on one of them for a minute. It shouldn’t be an issue…. right?

But how do you know if the public WiFi you’re connecting to is going to protect your identity? It may be hard to believe, but it’s not the public provider’s job to protect your data. In today’s digital world it is up to each individual user to be aware of the dangers and risks by using unprotected public WiFi and plan their own protection accordingly.

Public Wi-Fi can be risky, especially on poorly secured networks, but it’s not automatically dangerous every time you connect. Modern websites and apps largely use HTTPS, which already encrypts your data in transit, making basic “packet sniffing” attacks much less effective than they used to be.

Here’s a more real-world breakdown:

What risks are real:

• On unsecured or fake networks (“evil twin” hotspots), attackers can try to intercept traffic or trick you into connecting.
• If a site doesn’t use HTTPS, your data could be exposed.
• Malware distribution or phishing attacks can happen, especially on compromised networks.
• Session hijacking is still possible in some cases.
• If you’re out of the country and try to use VPN to make it look like you are near home, banks and other companies can flag your attempted access as hacking and lock down your accounts causing you to lose access.

At the present time just because a hacker may be on the same WiFi connection doesn’t mean they can see everything you do. Apps and browsers are more secure than they once were. However, they are only as secure as their last update. (i.e. when was the last time you updated all the apps on your phone?)

A Virtual Private Network (VPN) is helpful, but it’s not a magic shield, it doesn’t stop social engineering, phishing, malware downloads, or weak passwords.

What actually helps most:

• Stick to HTTPS sites (your browser usually enforces this now).
• Avoid logging into sensitive accounts on unknown networks if possible.
• Use two-factor authentication.
• Keep your device updated.
• Disable auto-connect to Wi-Fi networks.
• Verify the network name with the business when possible.

Where a VPN does help:

• Adds an extra layer of encryption, especially on untrusted networks.
• Hides your traffic from the network operator (e.g., a café or airport).
• Useful if you’re handling sensitive work or want extra privacy.

There are several good VPNs out there, such as…

• Private Internet Access (PIA)
• NordVPN
• ExpressVPN
• ProtonVPN

Using a VPN on a public WiFi is a good habit, but it is only one layer of protection and sometimes the connections can be slow.

Almost every smartphone today has some sort of security built in to their software and hardware. If you are using an Android phone, it has a built in browser protection through Google. Apple iPhones also have platform security built in.

We are here to help prevent the loss of your business and to help you avoid unnecessary stress.

If you are interested in learning more about securing your computer systems send an email to jnay@jimnay.com. You can also call or text us at 615-443-4842.

All the best,
Jim Nay

When he got the drive to us, it appeared okay externally but had errors on the internal drive that the client was not aware of at the time. So we had to repair the drive before we could even address the issue with the overwritten files. Finally we were able to recover the data that was not part of the full system backup.

It took 3 days of computer time to recover what we could from the formatted drive. Also, the names of the files were overwitten in the process of repairing the drive. Since our techs don’t know the client’s method of storing and naming files, it is generally the responsibility of the client to rename the files which they want to keep. This will add hours of recovery time on the client’s side.

A good way to prevent this is to have an online backup system in place. For businesses we use an online backup system called Cove Data Protection. For an in-depth look at how Cove Data Protection works, check out this video.

Cove Data Protection makes an image of the hard drive and backs up changes as they are made. It is a set it and forget it type of software. Should a file or files become corrupted or lost, they can be recovered in a few clicks either by the end user or through Nay & Associates, LLC. If the entire computer crashes or is lost due to a natural event, fire, flooding, tornado , etc. the entire computer recovery can be made onto another computer.

Cove Data Protection encrypts the data on the local computer prior to being sent over the internet and encrypted again at the server level.

Cost is a consideration. With on premise data backup, there is the cost of the additional hardware, the upkeep of the hardware and backup software. There is always the potential for backups to be lost, stolen, corrupted, or destroyed.

While online first backup, such as Core Data Protection, may seem like it is more expensive depending on the amount of data to be stored and recovered, it actually reduces the cost and risk for the business by reducing personnel time. It also removes the issues of scheduling backups, performing the backups, checking the backups to make sure they are not corrupted and maintaining the software plus protecting hardware from damage.

Over the past few years, we’ve actually had to recover files, systems and servers using Cove Data Protection. It was a straightforward process every time.

How exciting is data backup for you? If it’s up there with watching grass grow and paint dry, I’m right there with you. But you still need to cut the grass and paint rooms on occasion. Data backup is not the most exciting thing to talk about but it is a necessary evil.

We are here to help prevent the loss of your business and to help you avoid unnecessary stress.

If you are interested in learning more about securing your computer systems send an email to jnay@jimnay.com. You can also call or text us at 615-443-4842.

All the best,
Jim Nay

“The luck of the Irish” phrase is thought to imply that the miners in the late nineteenth century were finding success in finding gold purely based on luck, rather than based on intelligence and skill.

In the computer world, the people that never seem to get exposed to malware, or computer issues often seem to have “the luck of the Irish”.

It is more often that the people (or their IT department) are being diligent in their “spring cleaning”, utilizing up-to-date hardware and software security, along with best practices such as hard to guess passwords, thinking before clicking and regular training on the dangers lurking in the online world.

Spring is an excellent time to check your computer protection. Are all of your computers on the same antimalware/anti-phishing/antivirus/antiwhatever protection?

I recently completed an initial site survey for a small company that’s been around for awhile that had everything from no protection to expired protection to different vendors on each computer along with other issues, such as…

• They didn’t understand what they had, or the required security needs of the data for their (healthcare) profession.
• Computer hard drives should all have been encrypted (some weren’t).
• Some Windows versions were not official, licensed versions (legal issue).
• There was no uniform administrative login for the company (nightmare for IT help).
• Staff that had been gone for many years still had access if they wanted.
• No layered protection such as software or physical firewalls were installed.

This company was not under a managed services contract, which is a service we provide. A small app is installed on your computer that lets us know what’s going on with your computer systems in real time. It checks for updates, alerts us to potential problems before they become major issues, and allows us to login remotely so we can fix problems before they become a security risk.

Unfortunately, everything with this company was break & fix. They would ignore red flags in their systems until something quit working, then they would fix it. And in most instances, it takes more time and money to fix it when it breaks rather than performing regular maintenance on their systems.

With some hard work and skill, may you have “the luck of the Irish” with regards to your technology world. But it requires preparation, training, and diligence to ensure you are safe from the hackers and bad actors.

Have an “Irish Spring” and clean up your protection. Make sure all your systems, training, and other safequards are in place.

If you are interested in learning more about securing your computer systems send an email to jnay@jimnay.com. You can also call or text us at 615-443-4842.

All the best,
Jim Nay

A catfish scam means someone is using a fake identity to trick you into believing you’re in a real online friendship or romance with them. Often it will start from an unsolicited text or email that sounds like someone you know. In a moment of weakness or curiosity you may reply to the text or email. That starts the relationship, but it isn’t the relationship you expected. A successful campaign the mark, you, can either become embarrassed, humiliated, or adversely financially impacted.

In the old days the catfisher would call on the telephone, meet in person, or write letters. In today’s world with the the advent of AI and spoofing tools and can become much more lucrative for the catfisher to have multiple means of getting your information and can catfish multiple people at once.

Compare this to the days of old computing. In 1945 the ENIAC (Electronic Numerical Integrator and Computer) came out. It encompassed 1,800 square feet, weighed 30 tons and used 170kW of power ENIAC could do 5,000 computations per second. The capabilities of ENIAC is now contained in an area smaller than a grain of sand.

Today’s smartphone chips can pack billions of transistors into a few square millimeters, offering superior performance with negligible power use.

What do the two have in common and how does it affect you?

The catfishers have become much more prolific. If you don’t have tools in place to help protect you and the common sense to be skeptical of these reachouts, you will be taken advantage of.

So, what can you do to protect yourself and your business?

Training your employees to not answer unknown texts, calls, or emails is a good first step. These are the gateways used by the hackers to get into your systems.

Protection such as Huntress and ConcealBrowse can assist with computer protection. Huntress and ConcealBrowse are used together to keep you safe.

ConcealBrowse is a zero trust browser. It assumes the site you are going to online is not legitimate until ConcealBrowse determines it is. Unless it is diagnosed by AI and the websites are whitelisted or protected, ConcealBrowse will keep you from going to the website.

Huntress works with built in virus and malware protection and stops bad stuff from entering your computer in the first place.

Using ConcealBrowse and Huntress will stop catfishing attempts on your computer, but will not stop catfishing attempts by text or phone call. Don’t answer phone numbers you don’t know especially text messages. I often wait for a person/number I don’t know to leave a message to determine whether it is real or not. This is why employee training is essential. Meeting with your employees at regular intervals to discuss computer safety and security is time well spent.

When you combine ConcealBrowse and Huntress with diligent employee training, you will have a much better chance of thwarting any attempts to steal your business (or personal) information.

Call me at 615-443-4842 if you have questions or need help implementing any of the above.

While I’m not an expert on governments, corporations, or hackers, I have a great track record helping “mom and pop” businesses in these areas.

In the case of government regulations, I have trusted business associates such as bookkeepers, wealth management teams and CPAs that can assist.

For corporations, we help businesses in their transition if they are purchased by other companies.

As far as protection from hackers, phishing attempts, viruses, etc., we have multiple layers of protection from zero-trust browser extensions to software that works with AI along with real security experts to protect your business from threats,

If you are interested in learning more about securing your computer systems send an email to jnay@jimnay.com. You can also call or text us at 615-443-4842.

Best,
Jim Nay

AI is moving at such a rapid pace, we cannot fathom what the future holds or even what we will see in the coming year as far as how AI will affect jobs and how people interact with each other. Of course, some new jobs will be created because of AI, but there will be a transition period for everyone.

There is nothing wrong with AI, but here at Nay and Associates, we strive to have a personal relationship with all our clients. When you deal with us, you are talking to an actual person (me). There is no automated system that you must work through. You are talking directly with the person in charge.

And that personal relationship we have with all our clients was really brought to light this past year. We have had a difficult year personally, and I want to acknowledge everyone that was so supportive of our family.

First, We want to thank you (our clients) for allowing us to assist with your computer needs this past year. Often, we work with clients dealing with stressful situations, such as the loss of a loved one, a partner in the business, or cyberattacks. Often issues arise with clients other than just computers and we are there to assist as best we can.

This year seemed to be worse than most for several of our clients and for us as well.

Within a week’s time in November, we experienced an emotional rollercoaster. My daughter-in-law had a premature birth that caused complications for both mother and baby. They are fine now, but it was frightening for bit. A few days later, a long-term client/friend passed away suddenly. That same day, the Donoho Hotel in Red Boiling Springs where Penny and I got married 40 years ago burnt down. Two days after that my father succumbed to bladder cancer. We traveled to Ohio for his celebration of life.

While we were gone, another friend/client/local business had a devastating car wreck. Another had a daughter that had surgery complications They are both recovering now.

During one of the most difficult times for our family, we have been deeply moved by the outpouring of love, compassion, and support from each of you. Your kindness has been a light in our darkest days.

From heartfelt messages and thoughtful cards, to messages, to meals, flowers and simply being present every gesture has reminded us that we are surrounded by an extraordinary community.

Local businesses (the BNI Vibe Tribe and members of the BNI Core Group) and my Dad’s church (Southern Hills Baptist Church in Cambridge, OH) who stepped in to help, friends who offered their time, and clients who extended patience and understanding. Please know that your generosity has not gone unnoticed.

Your support has not only comforted us but has also strengthened our belief in the power of God, connection and community. We are truly blessed to work and live among such caring people.

From the bottom of our hearts, thank you for standing with us. Your compassion has been a source of healing, and we will carry your kindness with us always.

If you are interested in learning more about securing your computer systems send an email to jnay@jimnay.com. You can also call or text us at 615-443-4842.

With deepest gratitude,
Jim Nay

Within a short period, all of his email over the years was deleted, his contacts copied and bogus emails sent out to all of his contacts requesting help and a reply to a bogus email the scammer set up.

It took over an hour on the phone with Comcast security to get the password changed, two factor authentication (2FA) set up and also set up a passkey.

Comcast security was able to recover the majority of his emails within a few more hours.

The client had to send out an email notifying his entire contacts list about the spoofed email.

Why did this story get told? A word of caution that what once was enough, isn’t anymore.

Passwords have been around since 1961 when the first time-sharing computer was created. As computers got faster and more complex, more complex passwords became necessary.

Due to hackers, crime syndicates and nation-states using the same sort of technology, complex passwords are no longer enough.

Password Limitations.

Passwords can be:

• Shared
• Guessed, or
• Stolen, which means they aren’t secure.

Password resets account for up to 40% of helpdesk calls in some industries.

The average cost of a password reset is $70 for a business, according to Forrester.

Users using multiple accounts (up to 100+ passwords on average) create higher risk by reusing and only slightly modifying passwords.

2FA is what came next. 2FA is two-factor authentication, sometimes called two-step verification or multi-factor authentication.

Here are three examples of 2FA:

• Something you know: passwords, PINs, answers to security questions, etc.
• Something you have: smartphone, USB drive, smart card, etc.
• Something you are: fingerprint, facial recognition, retina scan, etc.

2FA Limitations:

• user inconvenience
• device dependency, and
• vulnerability to phishing

It can stop a lot of attacks, but not all of them.

Passkey, what is it?

Unlike passwords (which need to be remembered), passkeys are cryptographic key pairs where the private key remains securely stored on the user’s device and the public key is stored on the service’s server. Authentication happens when the device proves possession of the private key.

For example, your health portal for your hospital or medical services provider may tell you that you have the option of using your username/password or a passkey. Generally, when you are using a passkey, you will key in a 4-6 digit number when logging into your portal on a secure website. This number is a shortcut to the long cryptic key. You use the passkey instead of using your login username/password combination to login to your account. Using the passkey is much more convenient and safer.

Passkey Limitations:

• Device dependency.
• User education and adoption.
• Cross-platform and cross-device issues.
• Recovery and backup.
• Initial setup and management.
• Security concerns.
• User experience.

Passwords, 2FA and passkeys will decrease your chances of being hacked, but there are no guarantees. The cautionary tale at the beginning of this email is proof of that and, as you can see above, none of them are foolproof. But they are the best security we have at this time to keep people out of our computer systems and to protect us from hackers.

If you are interested in learning more about securing your computer systems send an email to jnay@jimnay.com. You can also call or text us at 615-443-4842.

All the best,
Jim Nay

Webroot was purchased by OpenText about 2 years ago. The EDR (Endpoint Detection Response system) is the same, but they are rebranding it. It’s now called OpenText in the bottom right hand corner of your screen.

OpenText/Webroot is an antivirus software that will safeguard your devices from viruses, malware and phishing attacks. It is a traditional Endpoint Detection Response (EDR) system. The version is decent and affordable but not fully comprehensive.

OpenText/Webroot EDR provides a limited rollback feature so it can rollback to an uninfected file (or files) for your PC or Mac if a compromise is found.

OpenText/Webroot Total Protection is a more comprehensive consumer based protection versus business-based protection.

For small business I lean toward a layered approach from different companies. That way if one layer is breached, the other layers stay intact to help protect your system.

There are five levels (or layers) of software protection that I recommend (not including firewalls):

Nay & Associates, LLC remote-managed systems include a version of Bitdefender unless the client expressly wants that feature turned off.

The next level of protection is Windows Defender (if on Windows systems). XProtect is used in Macs.

The third level is Huntress which stops incoming intrusions. It can lock down a computer to keep it from infecting others. SentinelOne is a similar program but is designed for larger clients.

The fourth level of protection is ConcealBrowse. It is a browser extension that checks every click or link that opens another browser window or tab. If the AI engine determines a suspicious site, or a known compromised site, the user is blocked from going to it. The user can go to the site but the site is “sandboxed” so that nothing can be activated. This can be overridden by Nay & Associates, LLC in the case of a required “nested” link that opens to a specific company designed site such as a bank payment site.

The fifth level of protection is training a client on what to look for and be proactive so they question any emails or notifications that seem out of sorts.

If you are interested in learning more about securing your computer systems send an email to jnay@jimnay.com. You can also call or text us at 615-443-4842.

All the best,
Jim Nay

New technologies such as AI have been introduced and are changing how we interact with computers and each other. AI is making a lot of people’s jobs much easier.

Unfortunately, the growth of AI has also led to the growth of ransomware hackers can use to get into your computer system. Everything in the computer industry and in ransomware is changing so rapidly the protection you have now for your systems may not be enough to keep the hackers at bay.

Here are a few recommendations for keeping your data safe and secure.

Fourth Quarter IT Best Practices

• Make sure to back up your data on a regular basis and to check the backups to make sure they work. The best way to back up your data is automatically using something individually like Carbonite or a business grade backup, such as Cove-Data-Protection. Think about how much data you can afford to lose and backup accordingly. For some people that will mean backing up your data every hour and for others daily or weekly. And we can do this for you automatically.

• Review your computer internet security for the coming year. Are you protected against the latest threats? Call us at 615-443-4842 to discuss your current systems and how you can ensure you are protected.

• How many of your computers are on Windows 10 and cannot be updated to Windows 11? These Windows 10 computers will need to be replaced because they do not have the security that is included in Windows 11. This will leave your business vulnerable to attack. Staples, Dollar Tree, AutoZone and HCA are a few of the latest examples of corporate security breaches where data was stolen. And these same attacks are happening to small businesses every day.

• Just like Windows computers, Mac computers also have an end date for their software. It is usually 10 years from when a specific version is released. So if a new Mac computer is purchased, it will have up to 10 years of support, but may have significantly less if the computer was purchased a couple of years after that specific iteration came out.

• Unfortunately, AI is also helping hackers bypass some of the more sophisticated protection systems. So having the latest layered protection (Endpoint Detection Response, Firewalls (cloud or onsite), reduced user permissions, etc. using software from different companies) is more important than ever. It an attacker can figure out one bypass, they run into a completely different type of protection on the next level that keeps them from accessing your systems.

• Charon ransomware attack chain uses Windows processes. It is a new ransomware family. Charon bypasses security controls. These processes work within the Windows environment and appear to be legitimate. At the moment, this ransomware attack does not appear to affect Apple computers but there are other attacks such as data breaches and mercenary spyware attacks on iPhones to be concerned about.

• Huntress as an Endpoint Detection Response (EDR) and Managed Identity Threat Detection and Response (ITDR) solution that appears to not be affected by the new virus. So, for the moment, it is an excellent choice for protecting your valuable data.

• Have you made sure employees no longer with you have been removed from all access to databases? Have their passwords and all their permissions been revoked?

If you are interested in learning more about securing your computer systems send an email to jnay@jimnay.com. You can also call or text us at 615-443-4842.

All the best,
Jim Nay

That happens in my business too. Some think I only repair desktops and laptops. Others think I provide backup solutions. Still others think I provide software solutions for malware. Their perspective is based on whatever the original issue was when they needed me.

While Nay & Associates provides the individual solutions above, we specialize in a one-stop approach in providing any and all computer and networking services to our clients.

In the following then and now scenarios, I describe the services we provided when we started Nay & Associates and how everything has evolved over the years.

Then: We used to monitor the Dark Web for clients to check for whether or not you or your company has been breached.

Now: We know that a lot of your information is out there due to third party database cyberattacks beyond your control and protect you from further damage. Look here https://haveibeenpwned.com/ and see for yourself.

Then: Internal monitoring of network systems to protect business owners from possible internal threats.

Now: We still monitor internal threats, but we also monitor and protect incoming threats before they can access your systems.

Then: Data recovery from hard drives.

Now: We still can do data recovery in some cases, but with today’s solid state drives, it’s better to have a consistently updating backup in a different location to be able to recover from all threats, physical damage from fire, theft, weather events, mechanical, etc.

Then & Now: Supplying Microsoft 365 (formerly Office 365) and Google Workspace (formerly G Suite), plus the backup of those SaaS (Software as a Service) products.

Then: Online shared file storage.

Now: Online storage but allowing files and directories to be shared securely with others.

Then: Building servers and specialty computers.

Then & Now: We are still part of a national and international group of businesses that combine our skills and resources to provide comprehensive solutions to safeguard your business from internal and external threats to your business.

At Nay & Associates, we take pride in the fact that we stay on top of all the latest trends and technological advances in the computer industry. We want to make sure you get the best whenever we are dealing with your computers, computer network or your other computer systems.

You can also text or call 615-443-4842 to get an onsite free initial review.

All the best,
Jim Nay