Security for Normal People, Part 5: Your Behavior

At the end of last week's article, I alluded to the idea that no software – anti-virus or otherwise – is going to mitigate your own bad behavior online. So what did I mean by that?

It occurs to me that there are things I do, or do not, do automatically because I know they are security risks. Now, having been online since . . . well, when I first got online, I was very young . . . Prodigy was still a thing (remember Prodigy? Anyone? Bueller?); being on CIS (CompuServe Information Systems) or GEnie (General Electric's answer to CIS) meant you were a geek (I was on both); modems were 1200 baud if you were lucky; Internet was dial-up only; and printers were dot matrix (ask your parents).

My point is that I've had a number of years to develop behaviors that are now so ingrained in me that I don't even think about them . . . behaviors that have kept me from having any major security issues. I've never had anything more serious happen than being infected with the odd virus every now and then, and much of that I owe to knowing what kind of behavior can be dangerous. It's a challenge to write this, since some of these things are completely unconscious at this point, but I'll give it a go. . . .

Be careful where you download from. You probably know this is important. But, though an anti-virus can alert you to problems once they've occurred, or warn you about risky behavior, it won't stop you from downloading that file or program. Why? Because if you want to download a new game or trial program, or whatever it might be, and your anti-virus tells you you can't, what is the first thing you'll do? Disable it! So then you have no protection. So the anti-virus will ask you if you are certain that you want to download it, it will warn you that it could give you a virus, but it won't stop you in the end. It's up to you to make sure that you're downloading from a reputable source, that the website is what it appears to be, and not a fake.

Be careful of fake sites that look like the real thing, and always check the URL (Uniform Resource Locator – also known as the website's address) to make certain it is genuine. If it says, ″www.yootoobe.com″ instead of ″www.youtube.com,″ you should run away! You'd be amazed at how many people don't notice, or worse, don't check. It's entirely possible to create a site that looks like the site you think you're visiting – logos, images and all – but is really a fake. This is particularly dangerous if it's your bank or other financial-related site. This is one place where spelling really does count! If you get an email from what you think is your bank, and it has a link, don't click on that link! If you look closely, what you think is a link to Wells Fargo may be a link to ″welsfargo.com″ - notice the spelling? Only one ″L″. It's the kind of thing that is easily-overlooked, and the Bad Guys know this. This type of link can be used to get you to log in to their fake site with your real password, which is then collected and used to drain your accounts. This is what is meant by, ″phishing.″

In fact, people so frequently are oblivious to this sort of ploy that some phishers, who are either lazy or cocky . . . or both . . . have even been known to use fake addresses like, ″www.hackyou.wellsfargo.com″ in the links they send out in emails. If it's hidden in an HTML email – since you don't see the actual link – you should be able to see it in the address bar if you click on it and it opens up a new tab or window. Which brings to mind a few more things you should not do: don't click on links in emails (with few exceptions), and don't use HTML mail.

Never click on links in emails; type the URL in yourself, from scratch. If your bank or other financial institution, or any other important site such as these, emails you, they shouldn't put links in the email; frankly, they should know better at this point. But if you really believe it's from who you think it's from, and you need to log in to your account, do not click on the link! I can't stress this enough! What you should do is to open a browser page and type in the address yourself. Yes, I realize that can be a little inconvenient, but it's much better than suddenly having no money in your account and no way to pay your mortgage or rent, let alone your bills, isn't it?

Don't use HTML Email. Most people, it seems, use HTML in their mail. I suppose that's because they don't know why they shouldn't. But if you use text-only in your email, for one thing, it can clue you in to a fake link like I've described above. If you can't see the links, you have no chance at all of spotting a fake. An HTML link to, say, Bank of America, can be hidden behind the familiar logo. In other words, you click on what appears to be a genuine Bank of America logo . . . and it probably is . . .genuine in that the Bad Guys downloaded it directly from the Bank of America website. And yes, that's easy. I can do it. (And I'm not even a hacker, I'm just a person with lots of experience on the 'net who knows what's possible – though I don't always know how it's possible. But this time I do know.)

HTML email also carries a greater risk of virus. I won't go into the technical details, because that's not what this series of articles is about. Suffice it to say that HTML email is more dangerous in this respect than text.

Other reasons to not use HTML email seem obvious to me, but you may not know about them. Firstly, it's often slow. Why? It requires more bandwidth. Now, this may not seem important to you when you're on your high-powered desk-top, but if you're on Wifi, or a mobile phone network, you might be able to see the difference. Secondly, it often takes longer to appear than regular text, because it takes longer to load. In other words, it just uses up resources unnecessarily. Thirdly, you may not have any problems composing an email in HTML, but think about the recipients. Not everyone needs or wants your email with fancy backgrounds and pretty colors. (Personally I have my settings so that only text appears unless I click to load the rest.) What's more, there are still a lot of email apps that won't even read HTML email.

In the end, it's up to you whether or not to use and read HTML email, but knowing that text email is less likely to be a security risk, I hope you give this question some thought: do you even really NEED anything more than text in your email?! Does it make that much of a difference to you? If you can't answer an unequivocal, ″YES!″ to those questions, I strongly advise you to turn it off.

Another thing that people – especially younger people who have grown up with the internet and mobile phones – do that they should probably be more careful about is giving out information. People simply overshare information . . . about themselves, about their families . . . about all kinds of things. Without going into great detail (that might eventually become another article itself), let me just say here that it would be wise, before you post something on Facebook or Google Plus or even Path, before you Pin or Tweet or Share, and especially before you Snapchat (because just because you think it will go away, doesn't mean it actually does) . . . to ask yourself: do I really want to put this out their for all the world to see? Because on the internet, that's what you're doing. Regardless of where you post or how private you think it is, the rule of thumb is to never post anything you wouldn't want on the front page of the New York Times.

Once again, it looks like this is running long. So tune in next week for more about how your behavior can affect your security . . . and why you should be suspicious!

Security for Normal People, Part 4: Anti-Virus

The other thing that occurs to me that most normal people know they should do, but often don't, is to have a good anti-virus.

Now, you may think that, because you activated the free trial of Norton or McAfee when you got your computer, you're covered, but . . . not so fast!

Let me tell you why.

Firstly, how old is your computer? If it's older than a few months, your free trial will have expired. Secondly, even if you signed up with one of those companies and paid them for a subscription, that may not be the best thing, which I'll go into in a moment. But even if that were the absolutely best anti-virus software . . . are you updating it? Because if you don't make sure that it's updated, either by manually accessing the updates, or by setting the program to automatically update itself, it's almost like having done nothing.. Have you done that? Or, if you're doing it manually, are you doing it on a regular basis? (Personally, I prefer having the program update itself, since that way you don't just forget.)

Now, back to why Norton or McAfee isn't necessarily the best program to protect yourself with. Which I can tell you in one word: ″bloated.″ Sometimes these programs are bundled and sold as a package called, ″Internet Security,″ which you're charged even more for, and won't keep you any safer. Why? Several reasons. Firstly, because even if you've spent the money, you probably haven't gone through all of the settings and customized them. Secondly, again, ″bloated.″ If the anti-virus or ″Internet Security″ software is taking up so much of your computing resources that it slows down your machine (especially if it pops up while you're working) and you ignore it or – worse – disable it, then it's like you don't have anything at all. But frankly, even the anti-virus-only packages are bloated.

The folks that I listen to regarding security, again, are rather . . . ″in-depth″ is how I'd put it. Meaning they cover their topic thoroughly, to the point where my brain just stops processing information. Now, it's not actually meant for we mere dabblers, as much as for those who are responsible for security in some official capacity. But nevertheless, I listen, figuring that anything I do manage to pick up in the process is icing on the cake. And one of the things I have picked up is that there is one anti-virus software that is both light and efficient, and that would be something you've never heard of called NOD32, which is made by a company called ESET (you can also walk into any Fry's and pick up a copy on disc, which I highly recommend, despite it costing a few bucks more). I've used it, and it runs quietly in the background without taxing my resources, unlike the other two major companies' software, which I've had literally freeze me in my computing tracks from time to time.

If, however, you're looking for something free, which I have done on occasion when NOD32 comes up for renewal and I've had a dry-spell in cash-flow, I have another suggestion if you're using Windows (and yes, I used to use AVG until I heard of this, and my sources tell me that this is better). Go and download Microsoft Security Essentials. It's free, and it's kept me virus-free until I can pay for the next year of NOD32.

Which reminds me . . . don't think that being on an Apple device makes you immune to viruses! Sadly, that is no longer the case. I don't know much about anti-virus software for Apple devices, but I do know that there's a version of the same software I recommended above called ESET Cyber Security for Mac I can't tell you if there's an equivalent to Microsoft Security Essentials, but if anyone wants to chime in on that, feel free to Comment.

Now, if you already have Norton or McAfee, and you don't want to pay for another program while that's still valid, I can understand that. I will only tell you here that, if money's not an issue, I recommend doing that; I would definitely do it myself. But as I've said before, some security is better than no security, so if you can't or won't switch until your year is up, at least you have something. Just remember that you shouldn't have two kinds of anti-virus software at the same time. (I've known people who have done this, thinking it's twice the protection, but all you accomplish is gumming up the works, and neither program will work properly.)

Also, pay attention to any pop-up notices. Don't just click, ″OK″ to whatever it wants just to get rid of the pop-up! Make sure you read those, as they most frequently are warning you of some sort of problem, like a suspect file. You may, indeed, want to follow the recommended course of action, but you should be aware of what it's warning you about. If you have a lot of warnings, you should look more closely and see if there's a pattern. Frequent warnings about the same thing justify further investigation, and perhaps additional action.

Whatever you decide to use, though, make sure that you keep it up-to-date by updating regularly or having it auto-update, and remember that the software can't protect you from your own behavior. But that's the subject of another article. . . .

Security for Normal People, Part 3: Back-Up

Since I've been on a bit of a roll, I might as well continue with the kinds of basic things that also fall under the security umbrella. Now, if you're a computer-nerd, you probably already know these things. But if you're just a normal person who knows they should be aware of security, but doesn't really know what that means or where to begin, this (along with my two previous articles) is for you.

Other than mobile phone security and how to make a password that is both hard to crack and actually possible to remember, there are a few other basics you should know. While I'm not an expert, I have acquired this knowledge through experience and listening to other geeks and various podcasts, most of which will seem tedious and somewhat boring to regular folk (because frankly, some of it is over my head, too; at a certain point it turns into white-noise hum).

However, I've got a pretty good handle on the basics, and my intention is to give you a place to start. After all, some security is better than no security. Think of it this way: if you lock your car doors, a thief might keep moving looking for unlocked doors; if you have a Club, the thief will prefer someone with just locked doors. The more security layers you have, the more of a nuisance it is to someone trying to get in, and the more likely they will just move on to someone with less security.

If you are interested in learning more, at least you'll know what to look for when you investigate. (You can email me if you need further resources, but for most people I think that these articles are probably sufficient, assuming you even get all the way through them!)

So, here goes . . .

This time, I'm going to talk about backing up. And yes, it still falls under the general heading of security, because if your other security measures fail, you will still have your data if you're backing it up, even if you need to take your computer in to a shop to be worked on. Here's the thing about doing that, and your local computer shop should warn you, but sometimes they assume you know: ALWAYS BACKUP YOUR COMPUTER BEFORE YOU TAKE IT IN TO BE WORKED ON!!! Because if you get a virus, the only real way to be certain that it's been eradicated is to reformat the hard drive, which, by the nature of what that means, will destroy all of your data.

It should go without saying that you should back up regularly, but most people don't. Even one of my friends, who has gone to school to become a bona fide computer geek (and if he reads this, you know I mean you!), ignores this vital function himself, and has lost data because of it. The important thing to remember is that it's waaaaay easier to retrieve data that has been backed up than to have to hire an expert to retrieve it for you. It's also much, much less expensive. If you have a hard drive crash and need to get vital data off of it, it can cost you thousands of dollars, and there's no guarantee it will be successful. So just make backing up a part of your life; get used to it. There are painless and inexpensive ways to do this, so take advantage of them.

There are two ways to go: back up yourself, or pay someone else to do it. If you are like most people and you don't have the time and simply don't want to be bothered, sign up for something like Carbonite. It's relatively inexpensive (about $60 a year for one PC, though they have other plans, depending upon how many devices you need to back up), and once you set it up, you don't really have to think about it.

If you don't like that idea, or you're just a DIYer, there are other ways to backup.

But firstly, there is a strategy you should follow called 3-2-1. That requires a little explanation. You see, most people don't really understand what a back-up actually is. They think that if they copy their data (documents, photos, videos . . . basically any type of file that is user-generated – that is to say, made by you) to a CD or DVD, or jump drive, or whatever, they can then delete it from where it originally was, because they now they have a backup. Let me emphatically tell you that, THIS IS WRONG! And the fact that I'm using capital letters, underlining, bold, and italics – all at once! – should tell you just how wrong it is.

This is important, so I'm throwing the Full Emphasis Package at it:

ANYTHING YOU HAVE ONLY ONE COPY OF IS ***NOT*** BACKED UP!!!

Let me repeat that:

ANYTHING YOU HAVE ONLY ONE COPY OF IS ***NOT*** BACKED UP!!!

Unless you have several copies of your data, it's as good as gone. You are one stray power surge away from having nothing.

The only way to be reasonably sure that your data is safe is to use the 3-2-1 strategy. (And even this is no guarantee; it merely increases your odds of being able to retrieve your data.)

What this means is:

″3″: You should have 3, count 'em, three copies of any one file. That means, an original, and 2 copies.

″2″: They should be on at least 2 different types of media (such as a hard drive, a CD, a DVD, a jump drive, or ″in the cloud″).

″1″: One copy of the data should be off-site. If you sign up for Carbonite, or some other, similar service, you have this part covered, but you still need to make sure you have the two other copies. If you don't like Carbonite (there are other, similar services, but some people simply don't like them), or for whatever other reason you want to do this yourself, there are other ways to accomplish this same thing.

A secondary, external hard drive that automatically copies everything you deem vital is great, but it's not off-site. (It's fine to have a backup on an external hard drive if you're also using Carbonite or have some other method of off-site storage.) If, however, you take that hard drive (and you should have at least two to do this properly, so you can switch off) and mail it to your mother or friend in another region for safe-keeping, that will do it. You can also get a Drop Box account (follow this link to get an extra 500MB of space for yourself, and I will get the same, which I will very much appreciate!).  Again, there are other, similar places; Google: ″Drop Box alternative″ or ″cloud storage″ to find them, and regularly copy your most vital files to one such site.

If, however, you want to back up music (and you have a lot of it), or videos (which are much larger files) cloud storage might simply not be practical. In that case, I recommend the external hard drives, or even just CDs and DVDs. As long as you pack them up and ship them out regularly to someone outside of your region, it'll be fine. (Note: The reason I say ″region″ here is that if you are in, for instance, an area where there are frequent hurricanes and you send them to someone who is also in that kind of area, it might not help much. A friend of mine in hurricane-country sends her things to me here, in the desert, where I'm far more likely to have an earthquake, and vice versa.)

This might sound a little overly dramatic, but just think how you'd feel if you lost your children's baby pictures, or the novel you'd finally completed, or home movies of your long-dead relatives. It can happen. Don't let it happen to you!

The one other thing I wanted to mention is a book that I've heard about for photographers, called The DAM Book: Digital Asset Management for Photographers that I am told is excellent. So if you're into photography, and you have any aspirations of being a professional, go take a look. Because you don't get a second chance at photographing someone's wedding.

I had planned on including other things into this article, but since, once again, it turned out longer than I thought it would, I will simply have to cover another aspect of basic security in my next article.

I hope someone out there is getting something out of these! Please leave a comment if you are, or drop me an email!

Security for Normal People, Part 2: Security and Passwords

On first glance, passwords don't seem all that complicated. But too many people use their birthdays, their anniversaries, the names of their pets, or other such easily-hacked information, that an article for normal people – who may not have the experience that I do – about what makes a good password seems like a good idea.

The most commonly-used password, according to ZDnet, is: “password,” believe it or not. The second most common is: “123456.” Also on the list: “letmein,” “baseball,” “superman,” and “111111.”

What this tells us is that most people aren't terribly concerned with their passwords.

They should be.

Being hacked can lead to many problems, aside from the obvious having someone drain your bank account and purchasing expensive items on eBay or Amazon and sticking you with the bill.

Because, make no mistake, once someone has one of your passwords, they can also very likely get into your network and do all kinds of things that will affect you, not to mention your credit report, adversely. And then there's your computer. If someone gains access to your computer it can be used for all kinds of purposes – the most common being as a way to use your computer for what I will just refer to here as Bad Things.

I won't go into a great deal of detail here on what these things are, or how they are done, because that's not really the point. The point this: there are many Bad Things that can be done by devious people who can and will gain access to your computer, files, and/or network. You're just going to have to trust me on this.

The other point is that, though there are other things you can do to help protect yourself, creating good passwords are among the most basic. This is something easy that anyone can do; you don't have to be a computer whiz or a cryptographer, you just have to follow some basic advice.

Firstly, I'll give you the Don'ts:

Don't use any single dictionary word – i.e., any single word that can be found in a dictionary. There are programs that are capable of trying every word in a dictionary in an extremely short amount of time. This includes compound words as well

Don't use your birthday, your spouse's birthday, your children's birthdays, current phone numbers, pets' names, current addresses, social security numbers, credit card numbers, or any other piece of information that is either easily obtained, easily guessed, common, secret, or discoverable – and when I say, “easily,” I mean by people who have abilities or access to things you probably don't have access to, most likely because they've hacked a database that this information is in.

Don't use words related to your favorite fandom, which is to say, if you're a Star Wars fan, don't use things like, “lightsaber,” “Jedi,” or “theforce,” or any other word or catch-phrase from or related to Star Wars. The same thing goes for Star Trek, Game of Thrones, Harry Potter, Grimm, Lost Girl, or any similar universe that has its own vocabulary. And while I'm on the subject, don't use words in Klingon, Castithian, Dothraki, or any other language that is made up for a Science Fiction or Fantasy universe. The same rule that applies to dictionary words applies to these; there are hackers who can run through an entire Klingon dictionary in a very short time, too. Amazing, I know, but true, nevertheless. You'll just have to take my word on this.

And by now you're probably thinking, “What's left?”

So, now I'll tell you how to make good, secure passwords. There are a number of strategies, any one of which (or combination thereof) will help you come up with solid passwords.

Firstly, the longer a password is, the harder it is to crack. While many sites will only let you do eight characters, some will allow you to create much longer ones. I'd say that unless you've got highly sensitive information or are security-conscious to the point of paranoia, usually somewhere between 8 and 16 characters is sufficient. (If you're using a password locker, such as LastPass, you might just want to use the password creation function and set it to 16 characters.)

Other things that make passwords stronger are including both upper- and lower-case characters, numbers, and special characters (such as $ or %, and so forth). Or, better yet, all of the above. The more of these things you include, the harder it is to discover your password. If you use a mnemonic method (or even if you don't), which often won't include special characters or numbers, you can also add a little something additional to all passwords, like, for instance, the phone number or zip code from where you lived as a kid (of course, if you inherit your parents' house, you might have to come up with something else).

So, knowing what makes a password stronger gives you several ways to create passwords. . . .

1. Use three short dictionary words that are unrelated, connected with or interrupted by upper- and lower-case letters, numbers, and/or special characters. For example:

bear!Arm53soccer is good, though if you want go a little further: be2ar!Arm53soc7cer is even better.

Which may be hard to crack, but may also be a little difficult to remember. (Though you might come up with some weird memory trick even for unrelated words like this: “If the bear ate my arm, I'd miss the soccer game.”) So, a couple of strategies that may make remembering your passwords a little easier. . . .

2. Use a mnemonic device to create your passwords, such as the first letters of a line of a song, or a quotation, using capital letters, for, say all nouns (or any other part of speech you like), for example, using this technique, taking the first line of Edgar Allan Poe's “The Raven,” and capitalizing the letters that represent nouns, you would get, “ouaMdwIpwaw,” which may not roll off your fingers, but is reproducible, as long as you know the poem. Of course, there are no numbers or special characters in this, so as I mentioned above, if you add your childhood zip code, and you're from Boston, you might get, “ouaMdwIpwaw02134,” which is probably pretty hard to crack.

3. Make up your own word, then add capital letter(s), numbers, and special characters. So, I just made up a word, “suvavatinz.” I know it's not a word because I just Googled it. If you include less-frequently-used letters in your word, like z, or q, in your made-up word, so much the better. But now, add a cap or two and an old phone number, and you wind up with “suVaVatiNz9084873311,” and that's pretty hard to figure out, too. A good way to remember your made-up word, though, is to give it a meaning that makes sense to you – in this case, it sounds like a competitor to No Doz to me.

You can mix and match these methods, but by now you probably get the idea now how to go about making up your own relatively secure passwords.

There are a few other things you should think about doing for basic computer and Internet security, in addition to mobile phone precautions and good passwords, so I'll do a separate article about those. . . .

Security for Normal People, Part 1: Security and Phones

Firstly I must apologize for my long absence here.  I've just been extremely busy with some great new clients.  However, one of my clients had an experience recently that made me think that I should write a little about security in general, and mobile phones in particular.

What happened to that client is that their smart phone was stolen. It's something we all dread, we all think will never happen to us, and therefore, something most of us don't prepare for.

So here are a few recommendations that I'll be making to my clients . . . all of them, because frankly, everyone should know these, but not everyone does.

Firstly, most smart phones come with the ability to set a combination or screen-lock of some sort, which is the first line of defense. Mine is an Android, and has one built-in, located in Menu/Settings/Location & Security. This particular one uses dots and you create a pattern sliding your finger through them. I'm sure that both BlackBerrys and iPhones both have some version of this kind of screen-lock, and if it doesn't come with it (like my previous Android didn't), you can most likely download a free app that does this.

Next, if you have any confidential data that is accessible on your phone, it should absolutely be password-protected. And under no circumstances should you EVER leave the, “keep me logged-in” box checked. It might be a pain to keep typing in the password on your bank app, but trust me that you'll be very glad you did if your phone is lost or stolen.

I think it should go without saying that you should be careful who you trust with your phone, as well as any confidential information. I also have a client who showed a college assignment file to a classmate they thought trustworthy, only to have a good portion of their work stolen and presented as the work of the thief, thus also getting my good-natured client in trouble as well.

You should also obviously be extremely careful with regards to passwords. Please, don't keep your passwords on a sticky-note on your desk. If they're so hard to remember that you need to do that, then they're too complicated; the whole purpose is defeated. At the same time, you need to keep track of them, and you shouldn't really use them for more than one account. I know, I know . . . who can come up with – let alone remember – the number of passwords you'll need, if you use a distinct password for each account?

So what you really need is one of two things. The first would be a place you can keep your passwords written down that is not accessible online (don't put a file called “passwords.doc” on your desktop – and yes, I actually know of more than one person who did this!). This would be a low-tech solution, such as a notebook that is stored someplace secure, but that you can access yourself, like in a journal mixed in with a bunch of other books on your shelves. If you have something offline like this, it means no one can hack into your home network and retrieve them. It also means that you're going to have to remember the ones you need most often, and that, if you need a less-frequently-used password, and you're not home, you're out of luck (or you have to have someone else you trust know where to look for them). But on the plus side, it won't be wiped out if you get a virus and have to suddenly reformat your hard drive.

The other option is to use a password “vault” program, such as LastPass (the only one I've used thus far, which is recommended by Leo LaPorte, The Tech Guy, and Steve Gibson of Gibson Research Corporation, though I'm sure there are other ones that are equally good). The basic idea of these is that they record and encrypt your passwords and then you no longer need to remember one for each site . . . you need only remember one: your Master Password. LastPass (and probably others) will also create a random string of characters as a password if you tell it to, and use a different one for each site, which is extremely hard to crack. Remember the client whose phone was stolen? I signed them up for LastPass. The one thing you need to remember is to NEVER, UNDER ANY CIRCUMSTANCES, SHOULD YOU CHECK THE BOX THAT SAYS “KEEP ME SIGNED IN,” in LastPass, or you've just negated all that work you just did setting up the program. Not to mention making yourself just as much or possibly even more vulnerable than you were without LastPass.

Also be extremely careful with whom you share your passwords, because if you ever do reuse them for more than one site or program, and you give out, say, the password to your Facebook account, so a friend can post photos for you, and you've reused that password, what's to say that “friend” won't try to get into Amazon or some other store site where you've stored your credit card information? If the passwords are the same, not only have you just bought your so-called friend some new tech, but who knows what else?

If you have to share an account for any reason, before you give your account name and password out, check to see if there's a sub-account you might be able to set up, in order to maintain ultimate control over that account. (Also, never, ever give any account information to your employer or potential employer. Aside from being an invasion of privacy, it's also against the End User License Agreement, which means that account could be canceled for no other reason than that.)

This is where something called Two Factor Authentication (or Multi Factor Authentication) comes in. Even if you have to share a password, if you have this, it helps protect you. This is when you create a password, and then are asked for your alternate email address, phone number, and possibly to select and complete security questions like, “What was the make and model of the first car you owned?” or, “Who was your first girlfriend/boyfriend?” or even, “What was the name of your third-grade teacher?” Don't ignore these! They're there to help you; take them seriously! (You can and should make up the answers, as long as the answers are something you will remember. I never use my mother's maiden name or other such easily-obtained information.) So if someone steals your phone and tries to change your bank password, and your phone gets the text message with the verification code, you may also get an email alerting you to the fact that someone is trying to tamper with your account, so you can take appropriate action. In the meantime, the person with your cell phone still may be trying to answer some question like, “Who was your favorite singer in high school?”

Now, if your phone does go missing, there are several ways to approach it. If you think you just left it somewhere in your daily travels, or, as I have done more than once, had it fall out of your pocket in your car, the first thing to do is call it, and see if you hear your ringtone. But if you think it's actually been stolen, may want to track it (there are apps that will allow you to do that; I believe all iPhones have that installed by default), you may want to call your phone company and have it disabled, or you may use software you previously installed (yes, there's an app for this, too) to brick it, or wipe the entire phone, thus rendering it as useless as a brick.

I have some advice on passwords and other security measures as well, but they can take up their own articles, so I'll deal with them separately.

The whole point here is that you really need to set things up ahead of time. You need to set up the apps for screen-lock, phone location, or wiping your phone now, before anything can happen. You need to be careful to whom you give access to your mobile phone and your passwords. You need to set up Multi Factor Authentication on any account with confidential or financial information. Basically, you need to prepare for the worst and then, if you're lucky, you will never have to use any of these tools. The best time for this is when you get a new phone, because you're setting everything up anyway. But if you're reading this and you haven't really given much thought to this, start with the easiest thing (the screen-lock) and work on the rest as time allows. 

 You can thank me later.

Update: 6/23/13: I've just found an Android app called "Lookout" that's supposed to protect your (Android) mobile phone by detecting malware and allow you to track your phone, and even wipe it if need be.  I'm installing it right now.  At some future point I will probably post more about it, once I've lived with it a while.  Watch this blog!

Wax On, Wax Off

A few weeks ago I went to meet a writing client in her store, and I noticed that next door was a karate studio, or dojo. They had pamphlets out about their free women's self-defense classes, and I just had to check it out!

**********

I know next to nothing about the martial arts. Like many other people, what little I do know comes from movies and TV. In other words, my prior knowledge of the subject consisted entirely of, “Wax on, wax off.”*

So when I recently discovered that the local dojo holds a free, monthly women's self-defense class, I wondered whether it was even something I could do.

Certainly, it seemed like something I should sign right up for. After all, I'm a small woman (5'2” and 95 pounds) who often runs around town by herself – shopping, doing errands, meeting clients, and so forth – and so I'm often in a potentially vulnerable situation. Let's face it, all of us are inevitably, at least occasionally, in a position to become a victim.

And I do not want to be a victim.

On the other hand, I had some reservations. I also have some injuries from an auto accident that left me with some weaknesses – a serious spinal injury for which I've had surgery and pretty severe psoriatic arthritis (a cousin to rheumatoid arthritis). I really wanted to go, though, and so I did, figuring that at the very least I could observe and see what was involved before deciding to participate.

There were a few other people there in addition to the instructor, but they seemed to be more advanced students who had just come to help out, in addition to the man who was playing the attacker. However, besides myself, there were only a couple of other students.

So, I took the plunge.

I informed Sherese, the instructor, of my injuries and that I might not be able to do everything, and she said we could work around it. And we set to work.

I had no idea I was going to get such a workout!

It wasn't long before I was breaking the grip of Arthur – the lovely man who was playing the attacker – and striking back with hands or elbows, kneeing, or kicking him in places that are vulnerable (and not necessarily where you might think!). You see, the goal of this class isn't necessarily to learn a particular discipline, such as karate, or even to learn how to fight. The goal is to avoid being injured: in other words, the goal is to get away.

Remember that saying, “She who fights and runs away lives to fight another day”? That pretty much sums up the philosophy here.

We went through several scenarios of how someone might attack and strategies for responding. And as it turns out, “wax on, wax off,” isn't really that far off. 

The principle it works on – muscle memory – is valid. Or, in other words, you need to practice. Having competed in figure skating as a teenager, I am very familiar with this idea. If you do something over and over again – such as a long program, or, in this case, the basic response to any physical aggression – it becomes second nature. Something you can almost do in your sleep.

I can't count the number of times that I ran through my skating programs in an early morning practice without actually thinking about it, suddenly finding myself at the end. Ever drive somewhere and then not remember having done so? Only knowing that, well, there you were?

Same idea. “Autopilot,” they call it.

You just have to keep practicing until you do it without thought. You should just react.

This being a new discipline to me, I had to acclimate myself to the positions involved. Balance is very important, and I kept feeling like I was not in a stable enough position to step forward and use leverage to break Arthur's grasp. So I asked to go through the moves in slow-motion to figure out what foot to put where so as not to put myself in a position to end up on the ground. Another thing you want to avoid is getting too close; stepping forward can be aggressive, but for someone my size, it's an invitation to get picked up and carried off. These things were demonstrated with great patience by Sherese and Arthur many times over.

Because of my injuries, I was worried I wouldn't be able to do much at all. But it turns out that an elbow is just as effective as a hand, and in my case, even more so. And from first ballet, then skating, and now the walking I do every day, my legs are in pretty good shape, so I learned how to use them.

We went over different attack approaches, and how to thwart them. Twist out of a grip, knee in a thigh, elbow to a bicep. We were practicing, and I had Arthur as an opponent. At one point Sherese stopped what she was doing with another student to come over to me. Apparently she had heard the noise it makes when you hit someone in exactly the right spot on a muscle. She said she hadn't made that noise herself until she had faced an opponent in competition.

Now, I know a lot of people who are afraid of really fighting, lest they injure their opponent, “the attacker.” I am not one of those people. Firstly, Arthur is much taller than I am, and a conservative guess would mean he outweighs me by a mere 50 pounds (and since muscle weighs more than fat, I would think he weighs more than . . . well, than I think). Secondly, he was wearing protective gear, and I felt that there was little, if any, chance that tiny little me would do anything more than get in a lucky shot and give him a moment of discomfort. And thirdly, I had come there to learn how to defend myself and to get away, preferably without anyone pursuing, as well as without bodily injury. How would I know if I were doing it right if I didn't really give it my all?

So I did give it my all. And I was extremely sore the next day. But I don't care, because if I ever need to use what I learned, a few bruises would be a small price to pay. I don't pretend to be ready for a fight, but at least if I ever am attacked, I have some idea of what to do, how to do it, and what to aim for, as well as what my goal should be.

I would love to be able to go back and practice. I don't know that karate, or any martial art, would be for me. But I would highly recommend to all women – especially those of us who are small and therefore might be mistaken for a good target – to go check out your local dojo. Perhaps you have a branch of the one I visited (United Studios of Self Defense) where you live. And even if you don't, you still might find a good self-defense class. Take advantage of it!

Disclaimer: If you have a spinal injury, or some other injury that might affect your ability to do this, or might be affected by it, I have to stress that you should check with your doctor before doing anything like this. But, assuming you do get the okay, let the instructor know. They can help you compensate and figure out how to work around it.

*Note for anyone not recognizing the quote, it's from the classic 1984 film, The Karate Kid. Everyone should see it at least once. It had a couple of sequels,The Karate Kid, Part II and The Karate Kid, Part III, which were actually pretty good as sequels go.  Both worth a viewing as well, if you haven't seen them.

Why Facebook Does Not Replace Your Own Business Web Site

If you have a small business and think that you don't need a dedicated web site of your own, think again.

I have noticed in my research that a great many businesses--most of them mom-and-pop-sized, though some surprisingly large--have no web site to call their own. Their business name, when put into the address bar, is often either not taken, or takes me to an entirely unrelated business, sometimes with the same name, but hundreds or even thousands of miles away.

A Google search often reveals that they have no site of their own. Over and over again, I have looked up local businesses in a search engine and scanned the results, only to find everything but a web site. Now, granted, in a few cases, a URL (Uniform Resource Locator) for that company does turn up, but it's not the same as the business' name. Obviously this can't always be helped, since there might be another business with the same in another state, or even another country. It happens. It's unavoidable: their ideal URL had already been taken. But you find a way around that, and you move on.

What I mean to address here is those businesses who don't even bother.

I understand how a business-owner can think that a site of their very own, with their own domain, isn't necessary. If I were a small business person whose company was coming up in searches and listed on Yelp, or Urbanspoon, or Citisearch, perhaps I would think that's enough. I might think that between that, and the fact that I have my own Facebook page, I don't really need my own domain. Because, after all, those are complicated, and expensive, and I don't really know how to go about doing all that. I might think that.

And I would be completely and utterly wrong.

The reason for that mistake can be summed up in one word: control.

You see, while a Facebook page may seem almost like your own domain, it's not. While it's great to be listed on yellowpages.com or Dex or Manta, like Facebook, they are very different.

You, the business-owner, have no control over them whatsoever.

Yes, some of them offer a way for the person whose business is listed to contact them and add information, or even correct it when it's wrong, these processes can be long and drawn-out. If they make even a minor mistake--say, in your business hours--anyone who is viewing that information may think you're not open when you are, and that can cost you business. But say a customer who, through no fault of your own, was unhappy or dissatisfied with a product you sold them or a service you provided, and out of spite (because there are people like this) posts a bad review or says something bad about your company. There may be a way to request that it be removed, or to post a response with an explanation. But while you're going through that process, there is often no way to counter that. You have no control over it. And if you rely on one of these sites to promote your business, you're stuck.

Having your own domain and site may not counteract that bad review, but it does give you the advantage of being able to post the positive comments and feedback you receive. Also, since often when your potential customers search for your business, your own site is the first to come up (aside from the paid advertisements), they will likely see your own site first. They may never get to that other site to see the false bad review.

You might be asking yourself at this point what this has to do with Facebook. Facebook, it turns out, seems to many people like it's the main part of the internet. But it isn't. It's a business like any other. And while it's great to have a place you can put information about your small business, it shouldn't be any company's main place on the internet.

Again, you have no control over it.

Yes, you can add and delete information. (I won't go into the every-changing rules and privacy settings here; if you use Facebook at all, you're familiar with that.) But as a very large entity, Facebook has to automate many things. And sometimes people get caught up in that. You can have your account suspended without much notice, if any, for any number of reasons. If their automated systems believes for any reason that you have violated the TOS (Terms of Service), you can be suspended.

This is not unique to Facebook, of course; they are simply the largest entity with this issue. A friend of mine had this happen with a blog site she uses. Some automated subroutine looked at her blog and, for whatever reason, decided that it resembled a pattern of spam. Like me, she is a writer, and uses her blog to display her writing and keep her followers interested. But one day, she just couldn't log in. She was informed of the supposed issue, so she made the prescribed report, and was told that a human would have to check her blog and determine if it could be restored.

It took nearly six weeks.

She had absolutely no control over this process, nor could she even tell any of her regular readers what had happened, that it was all a mistake, and that she would return . . . eventually.

This sort of thing happens all the time, be it with my friend's blog or with some poor person who was either accused of posting something inappropriate or against the TOS on Facebook.

This, above all other reasons--and there are many!--is why you, as a business-owner (small or otherwise) should have your own domain and your own web site.

Often this isn't as expensive as you might think, depending upon how elaborate your site needs to be. But for a small business, having that control is absolutely vital!