Blog

January 25th, 2016

2016Jan20_Security_AIt’s been said so many times that many small business owners are likely to block it out, but the truth remains: cyber criminals target SMBs. Perhaps the reason for this ignorance is that when an SMB falls victim to an online attack, it’s not breaking news. But this time, in a recent NY Times article, a cyber attack wasn’t focused on the Ashley Madisons or Dropboxes of the world. This time the focus was on a small business who is lucky to still be in business after a serious cyber attack.

Last holiday season, Rokenbok Education, a small, California-based toy company of seven employees realized its worse nightmare. During the busiest time of the sales year, the files in their database had become unusable, infected with malware. The hackers used ransomware, a malware designed to hold a business’s data hostage, to encrypt their files and demanded a payment to make them usable again. However, instead of paying the ransom, Rokenbok restructured their key system. To do this it took four days. That’s four days of downtime, lost sales, and confused customers who likely lost confidence in the integrity of their company. Luckily this did not put Rokenbok Education out of business. But many SMBs aren’t so fortunate, and are forced to close after such a security debacle.

So why do security breaches like this happen to SMBs?

There are many reasons, but a common one is that small and medium-sized businesses often focus on profits over security. And really, it’s hard to blame them. When you’re small, you want to grow your organization as quickly as possible. And you likely think that because you’re small, no one is going to attack you. However, nowadays hackers are on to this way of thinking. They know that SMBs don’t focus as much on security, which make them a perfect target. In fact, according to Timothy C. Francis, the enterprise lead for Cyber Insurance at Travelers, 60 percent of all online attacks in 2014 targeted SMBs.

So what can your business do to protect itself against online attacks? There are a range of options, but it’s best to start off with an audit of your current security system to see where the holes are. This audit should check areas of risk which include customer data, employee access, and assets such as servers, computers and all Internet-enable devices.

After that, an obvious thing to do is to strengthen your passwords. While this has been said thousands of times over, many SMB owners do not take heed. Clay Calvert, the director of security at the Virginia-based firm MetroStar Systems, notes that hackers analyze how we create passwords and use big data analytics to crack them. “They have databases of passwords,” Calvert said. The best way to create a strong password is to make it long with a mix of characters. Password managers that encrypt your passwords can also help.

Aside from passwords, there are many other ways to boost your business’s security that include installing a firewall, keeping your antivirus up-to-date, and moving data over to the cloud (instead of storing it on company servers). Also, since many security attacks occur because an employee clicked on a malicious website or link, training your employees is a smart move. A good way to start this training is to create an employee manual that includes security guidelines they must follow. For ongoing training, you can keep them up-to-date on the latest security threats through email updates and regular meetings. Once you feel confident that your employees are up-to-speed and your security practices are updated, you can try hiring ethical hackers to test your systems and try to break through your security. This will let you know if there are any security holes you missed.

Calling in a security specialist

However, if all of this sounds far too much to bother with, consider outsourcing your security to a service provider that specializes in digital security. This can oftentimes save valuable time and money in the long run. Best of all, this can provide peace of mind, knowing that you have a security specialist watching over your business.

If you’re feeling overwhelmed and unsure where to start with your business’s security, we’re happy to help perform a thorough audit and provide you the digital security solution you need to keep your business protected. Security worries don’t have to keep you up at night, and we can help you implement the measures that will protect your business from disastrous security problems.

Published with permission from TechAdvisory.org. Source.

Topic Security
December 29th, 2015

Security_Dec14_AThere are numerous strains of malware out there, but one particularly unpleasant one is ransomware. While this malicious software has been around for some time, recently a newer, nastier upgrade was discovered. Posing a threat to businesses of all sizes, the program, called Chimera, has upped the ante when it comes to scaring its victims out of their hard-earned cash. But what exactly is this malware, and what do you need to look out for?

Business is booming in the world of cyber crime, and scammers, extortionists, phishers and hackers are constantly on the lookout for new ways to exploit our fears and naivety in order to boost their bank accounts, steal our data, or simply cause us mayhem for their own twisted pleasure. One of worst types of malware for playing with our emotions - and therefore increasing the likelihood of us capitulating to its demands - is ransomware. If you don’t know how this program works, read on for an introduction.

If your computer has been infected by ransomware, the first sign that something is wrong is normally discovering that you are unable to open one or more of your files. That’s because the malware encrypts them, rendering them completely inaccessible. The next thing you see will be a ‘ransom note’, either in the form of an email or a notice that appears directly on your screen. You will be told that if you want to see your files again you will need to pay a sum of money. After making payment you will (allegedly) be sent a code that will allow you to decrypt your files.

Some types of ransomware up the fear factor even further by pretending that the FBI, CIA or other national law enforcement or government agency is behind the ‘kidnapping’. You will be told that your files are being held hostage because you have downloaded pirated software or files, or visited an illegal or illicit website - such as those depicting extreme pornography or threatening national security. Regardless of whether or not you are guilty of any of the above - be it a visit to an x-rated website, or downloading a pirated copy of the latest episode of The Walking Dead, your first instinct is probably to panic. The thought of no longer having access to any of our information, files or data is enough to make most of us break out into a cold sweat. If you haven’t backed up, everything from your vacation pictures to your company’s data could be lost for good.

The problem for ransomware creators, however, is that many users have wisened up to their tactics, and are refusing to pay, instead calling in an IT specialist to try and restore their encrypted files. This has left cyber criminals needing to find a way to boost ‘trade’. And that is where Chimera comes in. Christened by the Anti-Botnet Advisory Centre - a part of Germany’s Association of the Internet Industry - unlike previous forms of ransomware, which were indiscriminate when choosing their victims, this latest threat primarily targets businesses.

An employee will receive an email, purporting to be an application for a job within your firm, or some kind of corporate deal. This email will include a link ostensibly to the applicant’s resume or to details of the offer, but will in fact go to an infected file stored in Dropbox. Chimera then infects the user’s computer and encrypts any local files. Once the PC has been rebooted, the ransom note will be displayed on the desktop. Payment is usually set at around $680 USD, which must be paid in Bitcoins. And in order to further scare the victim into paying, the note will also state that failure to make payment will result in the user’s files being published online.

If there is a slight silver lining to the Chimera cloud, it is that the Anti-Botnet Advisory Centre has not found any proof that files have been published - at least not yet. In fact, it is still unknown whether the ransomware does actually take the encrypted files or if it is just an empty threat. Regardless, it is still a threat which could easily convince many users to pay the ransom. And should Chimera make good on its threats, the ramifications for a business are huge - and that’s without taking into consideration the nightmare of having your files encrypted in the first place. With Chimera targeting businesses of all sizes, and random employees within the business at that, isn’t it time you took another good look at your organization’s security posture?

Contact us today and talk to one of our security experts. We’ll be more than happy to help ensure that your small or medium-sized business isn’t taken hostage by Chimera or any other type of ransomware.

Published with permission from TechAdvisory.org. Source.

Topic Security
December 28th, 2015

Security_Dec24_AOnline security has probably never been such a hotly debated subject as it was in 2015. From recent numerous high-profile attacks on Sony and others, to this year’s leaking of data stolen from the extramarital-affair-facilitating website Ashley Madison website, have pushed cyber security firmly into the spotlight. So what can we expect from 2016? Experts predict that this year will only see cyber crime increasing yet further. Here’s what you need to know.

If you think that only big corporations and prominent organizations are targeted by cyber criminals, you are making a deadly mistake. It might be tempting to sweep cyber crime under the carpet and assume that you are flying below the average hacker’s radar, but that simply isn’t true. In fact, it’s the polar opposite, since smaller enterprises are actually far more likely to be at risk than larger ones, owing to their typically less sturdy security postures.

So where does that leave you as a small or medium-sized business owner or manager? Does it mean you need to be taking your cyber security even more seriously? You can bet your bottom dollar it does, as industry experts predict that 2016 is only going to become more of a minefield when it comes to online crime.

The headline trend that IT security professionals pinpointed this year was that no longer were criminals hacking into websites purely to bolster their bank accounts. 2015 has seen the emergence of another strain of hackers, launching cyber attacks as part of a moral crusade. These people are not purely after money although in some cases this may also be a contributing factor - instead, their claimed motivation is revenge, or righting what they perceive as wrong. It is this diversification in the hacking community that has led security watchers to predict that, as we enter 2016, we are likely to see some different behavior from hackers.

Among the unpleasant predictions being made, a number of experts agree that hacks of a destructive nature will be on the rise. The fact that hackers are using attacks for retribution rather than simple monetary gain means that a wider cross-section of organizations may well find themselves being preyed upon, all the way from government agencies - traditionally ignored by hackers - to online retailers and other commercial websites.

Remember when Snapchat got hacked back in October 2014, and the hackers threatened to make public as many as 200,000 photos? Well, the bad news is that apps are going to continue to be targeted. In particular, those mobile apps that request access to your list of contacts, emails and messages can, in the wrong hands, be used to create the kind of portal that enables a cyber criminal to steal data or gain access to a company’s entire network. All this means that in 2016, hackers could be taking advantage of apps to do more than just steal your social media photos - they might have in mind the takedown of your entire company.

As a local business owner, social engineering - a means of tricking an individual into disclosing revealing or personal information about themselves or their company - is something you definitely need to be concerned about. You might pride yourself on being too savvy to fall for a cyber criminal’s tricks, but what about your employees? Can you be sure that each and every one of them exhibits the same amount of self control, cynicism, and wariness that you do? Not only that but, as we enter a new era of online threats, the criminals that use social engineering are growing in confidence and creativity. Dodgy emails from a bizarrely named sender containing a link to an unheard-of website are yesterday’s news. Modern social engineering is highly evolved and extremely cunning, and has the potential to convince even the most streetwise internet user.

How confident are you that your entire team of employees would be completely infallible in the face of a stealth attack from a seemingly innocent source? Could you trust them to restrain from divulging not only their personal details but also information pertaining to your company? Multiply the number of employees in your company by the number of phone apps they potentially use, and add to that the fact that any one of them could at any time be targeted by a social engineering scam, and the end result is a less-than-perfect security posture.

The sad fact is that there are people who want to do you harm - regardless of whether you hold confidential information about celebrity salaries, or are privy to a database full of cheating spouses. People, no matter how well meaning or vigilant, are the weakest link in any security chain, which means that ensuring your business’s safety necessitates educating your staff and ensuring that your network is impenetrable.

Professional training and a vulnerability assessment are two great places to start, so why not get in touch with us? We’ll make sure your business is as hack-proof as it can be.

Published with permission from TechAdvisory.org. Source.

Topic Security
December 18th, 2015

Security_Dec18_AEarlier this month, social media platform Twitter alerted a number of its users to the fact that their accounts may have been hacked into by something, or someone, known as a “state-sponsored actor.” While a warning of this kind is certainly not unprecedented – for some time now, both Facebook and Google have also been contacting any of their users who they think may have been targeted – it suggests that attacks of this type are becoming more widespread.

But how at risk actually are you from a state-sponsored cyber attack? Is your small or medium-sized business in danger of being targeted? And who is behind these hacking attempts? Well, going by the warnings recently issued by Twitter, reports so far suggest that people, companies or organizations connected to internet security and freedom of speech are currently most likely to be at risk. But ‘currently’ is somewhat ambiguous, for in the world of cybercrime things can happen at lightning speed, and someone who is a target today might be deemed out of danger tomorrow – and vice versa.

As always, the best form of protection is to be forewarned, and you can only do that by learning as much as you can about the latest threats, scams and attacks. If you are a Twitter user, be it personal or for business use, you may be wondering why you have not yet heard of these alerts. That’s because Twitter’s messages were only sent to a small, and mostly rather niche, group of users. The email informed these users that Twitter was contacting them as a precaution due to their accounts “possibly” having been hacked by the state-sponsored actors. The email also stated that they believed that the actors may (or may not) be associated with a government, and that those involved had been looking to obtain personal information such as email addresses, phone numbers and/or IP addresses. So far, so vague!

Twitter then goes on to say that, although they have no evidence that any accounts were compromised or any data was stolen, they are actively investigating. They also lamented the fact that they wished they could say more…but that they had no additional information at that time. The email goes on to attempt to reassure users that their accounts may not have been an intentional target, but admits that if a user tweets under a pseudonym, that Twitter understands they may have cause for concern. But with so many Twitter users tweeting under a different name – and perfectly innocently, at that – what’s the real cause for concern here?

The issue lies with the type of accounts that were mostly targeted. The majority of these belonged to people or organizations connected to, or concerned with, cyber security. In fact, Twitter even offered some handy advice on protecting your online identity, suggesting users read up on the subject at the Tor Project website. Somewhat coincidentally, one of the victims of the attempted Twitter account hack is an activist and writer who currently educates journalists about security and privacy – and who used to work for the Tor Project. Another is a Canada-based not-for-profit organization involved with freedom of speech, privacy and security issues, and one of its founders is a contractor for the Tor Project.

Other Twitter users who received the email are also involved in some way or another in cyber security, albeit as self-described “security researchers” or simply by way of following or engaging with the online security community. This might lead you to the conclusion that, if you’re not in the business of security and instead keep your tweets to sport, entertainment, and the latest must-have gadgets, you are not at risk. But we urge you not to be so hasty. That’s because, within that small group of people who were contacted by Twitter, a large proportion of them had nothing to do with activism, freedom of speech, calls for greater privacy, or anything of the sort.

This means that, far from brushing this latest round of cyber threats under the carpet, individuals and business owners – whatever industry they are in – do have at least some cause for concern. As yet Twitter has not released details of the state the “actors” are sponsored by, so for now we are none the wiser as to whether it’s a homegrown issue or one from further afar – say North Korea or China.

What does all this mean for you as a business owner or manager? It means that you should be taking your online security more seriously than ever. It’s no longer just your network that is at risk; now simply having an account on a social media site such as Facebook or Twitter could be providing less-than-desirable third parties with the portal they need to access your company’s private information.

If you’d like to know how to ensure the online safety of your organization, give us a call today. Our experts have experience in everything from securing your computer network to increasing safety when it comes to sending out those all-important tweets!

Published with permission from TechAdvisory.org. Source.

Topic Security
December 17th, 2015

Security_Dec17_AWith the vast majority of end users turning to Google as their search engine or default browser of choice, it comes as no surprise to learn that the company takes security seriously. But in a perpetually changing landscape where anti-virus and anti-malware tools are constantly chasing their tails in order to stay up to date with the latest threats, there cannot be many small to medium-sized business owners who can afford to ignore the issues surrounding cyber security. So what exactly is the internet giant doing to keep your users – and your organization - safe?

With more than one billion people using Google’s search engine on their desktops, and over a billion more accessing it through mobile devices, it is clear that security is – or should be - paramount. Google already claims to protect desktop users with its Safe Browsing service, but what about its mobile users?

With cyber threats ranging from the annoying, such as adware, to the unsavory – hello spyware - and the downright terrifying (ransomware, we’re looking at you), mobile device users are increasingly demanding to know that they are being adequately protected when using Google’s products, tools and services. So in order to protect the mind-bogglingly large number of people who are using Google on their smartphones, laptops, notebooks and tablets, Google recently unveiled plans to extend its Safe Browsing service to mobile users - or at least to who are using Chrome on an Android device.

Whether you regard this as a blatant ploy to get users to switch to Android is something we’ll let you decide for yourself, but the fact is that Google is taking steps to protect its users. Back in August 2014, the company bolstered its Safe Browsing warnings with messages alerting users to unwanted software programs trying to sneak onto their computers by attaching themselves without warning to a legitimate download. In addition, both the Android platform and the Google Play Store have security measures in place to weed out potentially dangerous apps.

However, not every cyber security threat comes from an app or installation so, while Google is doing the right thing by guarding against threats in these areas, there are other issues that require a different means of protection. Enter social engineering, and phishing in particular, which can cause untold harm – such as data or identity theft - to a business or individual.

In order to protect against social engineering, an up-to-date list of malicious websites needs to be stored upon the device – this enables Google to send an alert to the user before they get ambushed. But there are problems with this which Google has had to overcome, not least of which is how to keep the list updated in the face of new threats. Compounding this issue further are factors that are unique to mobile browsing: mobile data speeds can be slow and connectivity patchy, depending where the user is. A fast, stable connection is crucial when the timing of an alert is paramount. Not only that, but using mobile data costs the end user money!

Bandwidth (and battery) limitations mean Google has had to find a way to ensure the data they send to users is as small as possible. Protecting their customers is crucial – but so too is not sapping battery life and data plans. Because this boils down to connectivity and speed factors, a device’s location is now taken into account. For example, if a known phishing scam is only affecting certain locations, only devices that are in that part of the world receive a warning.

Google also prioritizes data by sending information on a need-to-know basis - in other words, bigger threats take precedence over more minor issues. They have also designed the software to limit network traffic, and to be as light as possible on memory and processor usage.

Since its announcement in early December, Google is now protecting all Chrome users on Android devices as default, making Safe Browsing part of their Play services from Version 8.1 onwards. Chrome Version 46 is also the first app to initiate Safe Browsing.

How do you know whether you are protected by Safe Browsing mode? Go to your settings in Chrome, and check your Privacy menu. How do you know if your small or medium-sized business stands the best chance of survival in the face of a cyber attack or phishing scam? Talk to us today and we’ll be more than happy to share our up-to-date knowledge with you.

Published with permission from TechAdvisory.org. Source.

Topic Security
October 26th, 2015

164_A_SecWhile small businesses lack the big budgets of their enterprise counterparts, that doesn’t make security any less of an issue for SMBs. In fact, small and medium businesses are more and more often the target of cyber criminals precisely because they generally have fewer security measures in place. So to ensure your business has enough security to stay protected, here are a number of rules every SMB should follow to keep themselves secure.

Recognize where your most critical data lies

Is it in the cloud? Hard drives? Backup disks? Mobile devices? Whether or not you have the budget and resources to adequately secure all of your data, the critical data that your business relies on must be sufficiently secure. If you’re unsure of what that is, ask yourself which data you would need to access within 24 hours of your business suffering a major disaster, in order to ensure your operations remained up and running. Once you’ve answered this question, talk with your IT managers to determine the security measures that need to be implemented to protect your most vital data.

Learn the basics

After you’ve bulletproofed your critical data, it’s time to arm your network with the basics. If you haven’t already done so, ensure that you have anti-malware protection on servers and endpoints, and firewalls for both wireless and wired access points.

If you have the budget, it’s worth seeking outside counsel from an IT expert fluent in today’s security best practices. They’ll ensure your business is protected from the latest cyber threats. However, if you don’t have the budget, then it’s time to take matters into your own hands. Read up on security trends, join technology networking groups, and ask your fellow business owners about their own IT security policies.

Cash a reality check

Bad things happen to nice people. Tornadoes, fires, thieves, and faulty technology couldn’t care less about how your business donates to local charities and supports your community’s youth sports clubs. What’s more, hundreds of small businesses across the country suffer severe data loss each year. Ignorance and turning a blind eye will not protect you, so make a wise decision and automate your data to be backed up daily. This allows your business to remain in operation if you’re hit by a security breach.

Dispose of old technology properly

Whether it’s a computer, server or tablet, any device that stores data on it must be properly disposed of when it conks out. Specifically, the hard disk must be destroyed completely. And remember, proper data disposal is not only limited to technology, as critical information is also revealed on paper files. So if you’re migrating the content of physical documents to the cloud, make sure to shred the paper versions too.

Mind your mobiles

The mobile age is here, and along with it come employees who may access your business’s critical information via their smartphones, tablets and other mobile devices. Recognize that many of these devices have different operating systems that require varying security measures. You and your IT manager should be aware of this, which leads to our last point...

Think policy

Have a policy for all your company’s devices. If you don’t inform your employees they shouldn’t access company information via their phones or tablets, then they’ll likely assume it’s okay to do so. But thinking policy doesn’t pertain only to mobiles. You should also determine acceptable online behavior for your employees, as well as how data should be shared and restricted. Put this in writing, and then have your employees read and sign it.

Of course, it’s not always wise to be overly restrictive. Rather the point is to have policies in place and make everyone in your organization aware of them because if you don’t each staff member will make up their own rules.

Are you concerned your business’s security isn’t up to par? Need the guidance of a seasoned IT provider who specializes in security? Talk to us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
October 7th, 2015

Security_Oct2_AVulnerabilities in the web-based version of popular instant messaging app WhatsApp recently left up to 200 million users exposed to hackers and malware. The bug was picked up by an Israeli IT security firm, and WhatsApp put a fix in place before news of the potential threat spread. Nevertheless, it highlights the need to remain vigilant when using apps like WhatsApp, whether for business reasons or in a personal setting. Here’s what you need to know about the security incident and how to protect yourself going forward.

The web-based version of the WhatsApp app was only launched a few months back, initially for WhatsApp accounts on Android and Windows Phone devices and later for those on iPhones, but has already grown in popularity. The recent security vulnerability related to vCards, electronic business cards shared by WhatsApp users, and effectively amounted to a kind of phishing.

An error in the WhatsApp web client meant that less-than-innocuous vCard business cards created by hackers were not properly filtered out by the app. As a result, these phishing-style cards made it through to users who, if they clicked them, were at risk of the cards converting themselves to more harmful executable scripts once downloaded - and potentially accessing and playing foul with users’ personal data. There are even reports of a ransomware approach being taken by hackers in this case, with attempts being made to extort cash from WhatsApp users in exchange for restored access to their infected devices and hijacked data.

WhatsApp put a fix in place, by releasing an updated version of the app, prior to making public news of the security vulnerability. It’s worth making sure you have the latest version of WhatsApp installed on your phone, if you haven’t checked recently - WhatsApp’s phone and web versions are linked to one another, so ensuring you are up-to-date on your phone is the way to ensure you’re safe when using the web client too. The patch is also available directly through the web client, though this won’t update your phone’s version of the app at the same time.

The whole affair also serves as a timely reminder that it pays to be vigilant when it comes to using WhatsApp and other instant messaging platforms - including email. Avoid opening links or downloading files that you’re not expecting to receive, and proceed with caution even if you were anticipating them. It’s better to double check with the sender that they’re consciously passing a file to you, and that they’re fully aware of its contents, than to wait until your device has been infected and damage has potentially been inflicted on your vital data.

Want to learn how to keep your devices safe from phishing attempts and other potential security vulnerabilities? Give us a call and let us equip you with tamperproof solutions.

Published with permission from TechAdvisory.org. Source.

Topic Security
August 31st, 2015

You’re probably all too aware of the Ashley Madison hack by now. Maybe you are closely following the names and people involved, perhaps you don’t care or most likely you are somewhere in the middle. No matter where you find yourself standing on this issue, it should be used as a valuable learning tool for your company’s security. Here are three lessons your business can take away from the scandal.

1. Make sure your company’s security data is actually secure

You probably tell clients their information is secure, but just about every company makes that claim. One of the biggest mistakes made by Ashley Madison was the failure to know if its data was truly secure. The company publically lauded its security, but it now seems like those claims were rather hollow. In fact, it appears as if no one at Ashley Madison knew a whole lot about its security practices until it was too late.

Don’t simply pass off your business’s security to the IT department. Being involved will allow you to see how it works. You don’t need to be a tech expert to understand how your data is being secured. Your security provider, whether it be in-house or via a managed services provider, should be able to explain security practices in layman’s terms. This will allow you to ask questions and be proactive because chances are if you see a weakness, others will notice it as well.

2. Beware of your employees and their email and Internet activities

Another takeaway from this scandal was the fact many employees, both from private companies and government offices, were using business email accounts to sign-up for Ashley Madison and office Internet connections to access the site. Putting the ethical questions aside for a moment, public sentiment is undoubtedly negative and companies with employees who used Ashley Madison at work have been exposed to the scandal’s backlash.

By placing the appropriate email and Internet security solutions in place at your business, you can reduce the amount of risk your company is exposed to by employees. No one really wants to put restrictions on their employees’ Internet and email access, but it is important to be smart. Being connected to scandals like this can bring unwanted publicity to your business. Worst of all, your employees might not even realize they are putting your company in harm’s way when they access this type of content at work.

3. Be prepared for data loss

As the Ashley Madison case has shown us, massive data theft or loss can be the end of your business. When clients trust your business with their data, they are confident in your ability to protect it. Of course, things do happen and if your data does go missing, it’s important to have a plan of action ready. While it’s unlikely your company’s data breach is unlikely to garner the attention of Ashley Madison, it means a whole lot more to you, your company and your employees. Just because your company isn’t big doesn’t mean it’s invincible.

A disaster recovery plan can help your company ensure it has backups and even backups of your backups. If you believe your data has been stolen by hackers, it is important to act immediately. You’ll need to quickly assess what information has been stolen and inform the appropriate parties so they can take the necessary steps to protect themselves. From there, you will want to re-secure your company closing any security loopholes that have been found. Finally, access your backups and make sure your business continues to operate as close to normal during the crisis.

Worried about your security? We can show you how to protect yourself. Contact us today for more information on how to keep your company safe.

Published with permission from TechAdvisory.org. Source.

Topic Security
July 22nd, 2015

164_Sec_AOver the decades of the internet’s existence, cyber threats have evolved at a rapid pace. When once there were only viruses and malware to watch out for, now you have to protect your business from worms, trojans, ransomware and dozens of other online threats. But what’s the difference between all of them? Let's take a look. Here are four of today’s most common cyber threats and the tips you need to protect your business from them.

Malware

Malware is the short version of the word malicious software. And this is a general term that encompasses many types of online threats including spyware, viruses, worms, trojans, adware, ransomware and more. Though you likely already know this, the purpose of malware is to specifically infect and harm your computer and potentially steal your information.

But how do the different types of malware differ from one another? How can you protect your business from them? Let’s take a look at four of the most common forms of malware below.

Virus - like a virus that can infect a person, a computer virus is a contagious piece of code that infects software and then spreads from file to file on a system. When infected software or files are shared between computers, the virus then spreads to the new host.

The best way to protect yourself from viruses is with a reliable antivirus program that is kept updated. Additionally, you should be wary of any executable files you receive because viruses often come packaged in this form. For example, if you’re sent a video file, be aware that if the name includes an “exe” extension like .mov.exe, you’re almost certainly dealing with a virus.

Spyware - just like a spy, a hacker uses spyware to track your internet activities and steal your information without you being aware of it. What kind of information is likely to be stolen by Spyware? Credit card numbers and passwords are two common targets.

And if stealing your information isn’t bad enough, Spyware is also known to cause PC slowdown, especially when there is more than one program running on your system - which is usually the case with a system that’s infected.

A common mistake many people make is they assume their antivirus software automatically protects them from Spyware. This is not always true as some antivirus isn’t designed to catch spyware. If you’re unsure if your antivirus prevents Spyware, get verification from your vendor. And for those that are already suffering from Spyware infestation, two programs that work wonders to clean it out are Malwarebytes and SuperAntiSpyware.

Worms - similar to viruses, worms also replicate themselves and spread when they infect a computer. The difference, however, between a worm and a virus is that a worm doesn’t require the help of a human or host program to spread. Instead, they self-replicate and spread across networks without the guidance of a hacker or a file/program to latch onto.

In addition to a reliable antivirus software, to prevent worms from infecting your system you should ensure your firewall is activated and working properly.

Trojan - like the trojan horse from ancient greek mythology, this type of malware is disguised as a safe program designed to fool users, so that they unwittingly install it on their own system, and later are sabotaged by it. Generally, the hacker uses a trojan to steal both financial and personal information. It can do this by creating a “backdoor” to your computer that allows the hacker to remotely control it.

Similar to the other malware mentioned above, antivirus software is a dependable way to protect yourself against trojans. For further safety, it’s wise to not open up suspicious attachments, and also ensure that your staff members aren't downloading any programs or applications illegally at the office - as this is a favorite place hackers like to hide trojans.

Curious to learn about other common malware that can cause trouble for business owners? Want to upgrade your existing network security system? Give us a call today, we’re sure we can help.

Published with permission from TechAdvisory.org. Source.

Topic Security
July 8th, 2015

164_Sec_ALog on to Facebook, Instagram or Twitter, or even simply take a walk in a city park, and one thing is clear: the selfie revolution is upon us. And now it looks as though this contemporary pastime is becoming more than just a social media trend. Major industry players are now using facial recognition technology to replace passwords as the new method of online identification. MasterCard is the most recent corporate bigwig to join the party.

At the beginning of this autumn, MasterCard will acquire the help of 500 customers to test out a new application that enables people to verify their identity and authenticate online transactions with a facial scan. What does this mean? Instead of using a traditional password at the online checkout, MasterCard wants to give you the option to snap a selfie instead. According to the credit card giant, they’ve partnered with every smartphone company in the business to make this mode of identity verification possible.

Why is this happening?

A quote from Ajay Bhalla, security expert at MasterCard, suggests this is an attempt by the credit card giant to appeal to a younger crowd of digital natives. "The new generation, which is into selfies...I think they'll find it cool. They'll embrace it," Bhalla recently said.

That said, the “cool” appeal to youth is likely not the only reason for this change. The firm is likely attempting to make online purchases both more secure and more convenient.

How it works

To use this technology, users will have to download a dedicated app, which they can then use to take a photo of themselves at checkout. But how does MasterCard prevent a thief from using a photo of you to fake your verification? Simple - the app requires you to blink to prove that you’re a living, breathing human being.

However, it’s been noted by critics that, in today’s technological world, even a blink can be animated on a static photo. This leaves those of us with security concerns wondering whether MasterCard will make this app more secure before it’s released.

Note as well, though, that MasterCard is not getting rid of traditional passwords completely. Users will still have the option of the more conventional method of verification, as well as the choice of fingerprint scanning to check your identity.

Is this where the future of online security is headed?

With the release due later this year of a similar Windows 10 security application to identify users using biometrics, it appears that this is where the future of online security is headed. And with ever more applications and online services requiring a password, it is becoming increasingly difficult for the average web user to create one that is both unique and secure for each individual service. So whether it’s facial recognition, a fingerprint scan or some other technology that’s yet to be perfected, it seems as though some sort of more advanced security solution is inevitable.

Want more of the latest security news? Looking to implement new security to protect your IT infrastructure from cyber threats? Get in touch today.

Published with permission from TechAdvisory.org. Source.

Topic Security