Archive for Security – Page 2

Security – 4 Ways to Travel Safe for Your Business

or aMobile Security for your Business

Working from anywhere is now as simple as accessing the internet on any number of devices. Managers, owners, and employees are all embracing the flexibility of working while travelling, making it the new norm.

But while you were in the office, you were protected by professionally designed firewalls, security infrastructure, and robust software. As soon as you step away from the building, those protections disappear, leaving your device and the data inside at greater risk.

Cyber attackers love to collect any data they can obtain, often preferring to hack first, assess value later. It doesn’t help that almost all data can be sold, including your personal details, those of your clients and suppliers, as well as your proprietary business data. These days, the information stored on your device is usually worth much more than the device itself.

Here are 3 ways a hacker will attack:

Making use of Opportunity – getting hold of the device

Whether an employee left their laptop at a café or a thief stole the phone from their pocket, the outcome is the same – that device is gone. Hackers will take advantage of any opportunity to gain access to a device, including taking them from hotel rooms and even asking to ‘borrow’ them for a few minutes to install spyware, before handing it back.

Have you ever handed your smartphone to a stranger, asking them to take a photo for you?

Spoofing a Wi-Fi Hotspot

We’ve all come to expect free Wi-Fi networks wherever we go – we can even create them ourselves using smartphones. Hackers will take advantage of this trust to create their own free, insecure network, just waiting for a traveller to check a quick email.

When they do, they can monitor traffic and if your device is not secured, hackers can obtain all sorts of information.

Intercepting an Insecure Network

Hackers don’t need to own the Wi-Fi network to steal content from it. Data travelling across an insecure genuine network is visible and available to anyone with the right software.

Taking these four precautions will help to increase cyber safety and help to protect your business data while on the move: –

1.    Make a backup before you travel: In the event that your device is lost or damaged, you’ll be able to replace the device with a new one and quickly restore all the data from a backup, all with minimal downtime. (Also bear in mind that many devices have a remote delete or lock function in the event of a theft – if yours does you may want to consider it).

2.    Don’t use public Wi-Fi: Wait until you have access to a secure network before going online – even just to check email.

3.    Use passwords and encryption: At a minimum, make sure you have a password on your device, or even better, have full drive encryption. That way, even if your data storage is removed from the device, the contents are inaccessible.

4.    Act fast after loss: If your device is lost or stolen, immediately notify the appropriate people. This might include your IT provider so they can change passwords, your bank so they can lock down accounts, and any staff or colleagues who need to be aware of the breach, so they aren’t tricked into allowing further breaches.

So much personal, financial and business information is now held on our mobile devices that they are a potential goldmine for the wrong people. Think objectively and try to minimise the risk now, because a cyber breach is happening to someone else whilst you are reading this – don’t let it be you.

Need help with mobile cyber security? Call us at 01455 209505.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone

Beware – the fake TalkTalk Scam is Still Going Strong

Keep your computer secure from scammers

A couple of years ago, TalkTalk made the news after admitting that they had been hacked and large amounts of customer private data had been accessed illegally. At that time there were a number of scammers pretending to be from TalkTalk, phoning people trying to get remote access to their computer by saying that they were infected or their emails had been hacked.

The idea was to convince people into paying them a lot of money, by accessing their computers to either create a problem (to pretend to fix), to syphon details to be used later in ID and bank fraud or just to scare the customer.

Scammers are back

We are now seeing an increasing number of cases where scammers are using the TalkTalk excuse but are even more believable, by giving information that a customer would assume could only be from TalkTalk. For example, customers who have had problems with their emails and who have contacted TalkTalk about it, who have then got a call from the scammers.

Even if these calls are just a coincidence, and that the contact information they are currently using is from the original hack, we strongly suggest that all TalkTalk customers be extra vigilant anyway as these people are very believable and make a lot of money doing this. This also applies to ANY other company that calls you out of the blue, as TalkTalk is not the only company name misused by scammers in this way.

Remember that TalkTalk would never call you to ask for passwords, or contact you out of the blue to ask to remotely access your computer for some reason. Also, they could not tell if your computer is infected or not without examining it, so they would not call you to tell you that it was.

What to do if they call

If you do get a call from someone saying that they are from TalkTalk (or other company), no matter how believable, do not let them access your computer. Go to the genuine company website, get contact details and call them, to make sure that the person you are talking to is genuine.

Also, remember that remote connections can be used legitimately too and you should not be put off using it – just be especially careful who you allow to connect remotely to your computer and you should be ok.

If you think that you may have already been scammed or just want help, give us a call on 01455 209505.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone

Is Anti-Virus Enough These Days?

Is Anti-virus protection enough these days?

Not too long ago, everyone was warned about computer viruses and ‘Anti-Virus’ became the in-word when it came to computers, because the last thing you wanted was for someone to cause damage using a virus program.

Since then, criminals have jumped on board the malicious software scene and big money can be obtained from data – especially yours.

Increasingly the media are telling us that there are more threats than basic viruses now, things like ‘Ransomware’ (a malicious program which encrypts your files so that you cannot access them again without payment), software aimed at stealing your credit card and identity data, telephone scams using remote software, plus others.

Protection – what can you do?

Clearly, if you want to go on the internet you do need anti-virus protection but unfortunately, protection from free programs is not enough these days. Yes they are definitely better than nothing, but you have to ask yourself if big corporations such as Yahoo and TalkTalk can get hacked, maybe minimal protection compared to paid-for protection, is not the way to go.

A good paid-for security suite is the minimum these days and even then, you have to be careful about what websites you visit, emails you open and what you download.

The One Anti-Virus Rule

Traditionally, the rule has been that you must only have one anti-virus program running at any one time on your computer. To have two anti-virus programs was definitely not recommended, as they compete with each other and at the very least slowed your computer to a crawl, if not actually corrupting your data. We have come across many computer systems with two or more anti-virus programs which have caused problems. That was up till now.

There is now a product called Malwarebytes, which has been designed to actually run alongside your traditional anti-virus program, without causing the problems as before. It compliments your current protection by looking for the ransomware / malware-type of threat and assists in the protection of your system by concentrating on the non-traditional danger to your computer, without causing problems having two protection programs.

As it is a paid-for product it runs in real time, bolstering the protection of your system. As the threats particularly of Ransomware are becoming a problem, especially for businesses, it is recommended to seriously think about adding to the scope of your protection.

Ultimately, no protection system is guaranteed 100% effective as they are always catching up with the “bad guys”, but it is worth considering whether or not one protection program is enough these days, bearing in mind online banking and other day-to-day internet use that involves sensitive personal and financial information.

If you do decide to go down the additional protection route, we can supply Malwarebytes at below retail prices, so if interested give us a call on 01455 209505.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone

Is your password in the top ten worst Passwords of 2016?

Computer security with good passwords

When the worst (or most guessable) passwords for 2016 were compiled from data breaches in the past year, the results tended to confirm what we have found in many cases – that many people are still using passwords that are so easy to guess that they are a hackers dream.

You can have the best antivirus protection in the world, but using an easy password means that you are just allowing people access as if you had just left your password on a post-it note stuck on the computer (and we’ve seen that too!).

You won’t need 3 guesses what the top two most common passwords are – 123456 and password – are you using one of them?

The Top Ten most used passwords

The top ten as compiled are: –

1.    123456
2.    password
3.    welcome
4.    ninja
5.    abc123
6.    123456789
7.    12345678
8.    sunshine
9.    princess
10.    qwerty

Is yours one of these, or a combination such as password1?

Other research shows that key combinations are becoming a favourite, such as zaq11qaz and other keys taken from patterns on your keyboard. The problem is that if someone wants to try to get into your computer, it isn’t just a question of some person guessing all the possibilities and typing them in – there are programs built specifically to try password combinations much faster than a human being can do, when typing in details.

These programs are designed to target all the common passwords first, such as names and, of course, the likes of password and 123456. They go through more and more possible combinations, knowing that most people tend to take a less complicated approach to their passwords and as such they may strike lucky.

How can you make your passwords harder

There was a time when the general approach was to have a minimum of 8 characters in your password, using letters and numbers. The advice now is to have a minimum of 12 characters (although 16 characters is becoming more popular), again with a combination of letters and numbers but also using capitals and where possible, using special characters such as @ and ! However some websites do not allow the use of special characters, in which case you would need to stick to the alphanumeric method.

Make your passwords impenetrable but memorable

If you have a secure password such as hGu7vyXakeTgo034 it can hardly be classed as memorable and with good reason. So the ‘sweet spot’ is to have a password that is just as complicated, but is one which you can recall without too much trouble.

We recommend a phrase that you can easily recall but substituting letters with numbers, capitals and if possible, special characters, such as wEd0coMPu73rR3P@irs – a version of “wedocomputerrepairs” – just come up with a phrase that means something to you but which you can change enough to be effective.

There are also paid and free password manager programs that you can use, which encrypt and remember passwords for you, but make sure that you use a reputable program, so research such as program reviews is important.

Also, as we have advised previously, try not to re-use passwords if at all possible.

It’s easier than you think to make it harder for your password to be compromised, yet many people do not take this important step. The fact is that you need a good password every bit as much as you need protection from viruses and malware – they are both important.

If you would like advice on securing your computer, give us a call on 01455 209505.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone

Ransomware comes to iOS

iOS Ransomware scam

For some time now, Windows users have been targeted by criminals who effectively lock their computers and extort money from them – using malicious software called Ransomware. Much of the time, the scammers display messages pretending to be from law enforcement, alleging user access to pornography, etc. and users generally cannot remove these messages unless they pay.

Mobile Safari flaw

Unfortunately, a flaw in Apple’s Mobile Safari browser brought this problem to iOS users. Malicious code on some websites forced the browser to constantly display a message telling people that Safari could not open a page because it was “invalid” and that it was caused by viewing illegal pornography.

What the scammers did was to exploit a flaw relating to pop-up windows using Javascript, which allowed them to constantly display their ransom message by creating a pop-up window loop – effectively making Safari unusable.

Users were told to email an address for unlocking instructions, or forcing them to buy an iTunes gift card to pay a fine.

How to fix this flaw

Due to the nature of what the scammers were alleging, many users did not ask for help, which is a pity as the message could be removed by going into device settings and clearing the browser’s cache, or going into ‘Airplane mode’ and closing the tab – things which the scammers knew most users would not be aware of.

This flaw has been present for some time, but has now been fixed in the 10.3 iOS release this week, amongst other fixes and tweaks to the operating system.

As with all iOS releases, there are pluses and minuses when upgrading, but Ransomware is just one good reason to upgrade today.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone

The Internet of Things

Internet of Things

Not too long ago, when you watched a TV programme or film that showed someone talking to a computer (and the computer answered back) it was just science fiction. Now it’s fact, just take Amazon Echo for example – one of a number of little gadgets just waiting for you to talk to it. Now, you can ‘talk’ to and control aspects of your home, wherever you are.

What is Internet of Things?

The I.T. world loves its jargon and you may have heard of the phrase ‘Internet of Things’ – this means an interconnected system of everyday devices controllable over the internet.

You arrive at home and the door unlocks because it knows who you are, sensing the key in your pocket. The lights switch themselves on and your favourite music begins to stream through the living area. The home is already the perfect temperature because you switched on the heating using your smartphone, and as you head for the fridge you notice an alert on the screen congratulating you on meeting your exercise goal today and suggesting a tasty snack.

This is actually reality today thanks to the Internet of Things (IoT), for example the ‘Hive’ service from the well-known energy company British Gas uses IoT technology. Almost anything that can be turned on or off is now able to be connected to the internet and an entire industry has popped up to help users create a custom experience designed around their unique needs.  Electronic locks, lights, healthcare wearables and household appliances are just the beginning.

Adapters can transform even the most random appliance into a connected gadget, as well as add new layers of functionality. Millions of people are wearing a Fitbit, Jawbone or other wearable fitness trackers to track steps and calories, while others are letting their fridge order groceries!

The practical applications are almost endless, including: GPS trackers on pets, home security via webcam, patient monitoring of blood pressure/heart rate, weather monitoring, and remote power points. No more worrying all day if you left the iron on, just push a button on your phone and know for sure it’s turned off.

Not everyone wants this interconnectivity, (such as their fridge telling them when to order milk – they may want it to be just a fridge) but the technology is there and is going to be built into more and more devices that you buy from the shops from now on.

With all this connectivity comes risks.

If your home devices are connected over the internet, they are open to internet risks just like everything else. While the idea of having your toaster hacked is a bit mind-boggling, technology connected to the internet is open to exploitation. The webcam that allows you to monitor your pets may also allow other people to glimpse inside your home, but only if it’s not secured properly. Unfortunately, it only takes one small gap for a cyber-attack to get through, and once in, all connected devices are at risk.

Having your lights taken over by a far-away prankster may seem like a small risk, but gaps allow them into your computers, phones and tablets too. That’s the part the movies skip over – the networking protections that exist in the background, shielding against attacks.

Taking the time to properly secure your IoT device is essential to making sure you get the whole, happy future-tech experience.

Got an IoT device? Give us a call at 01455 209505 to help you set it up securely.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone

Browser HTTP – HTTPS warnings and what they mean

HTTPS secure connection in browser

There are two common ways that you can access the internet using an internet browser like Firefox, Chrome, Safari, etc. and they are called HTTP and HTTPS. Some of the main browsers may now start displaying warnings that they didn’t before and this will explain why and what they mean.

HTTP is the standard method of accessing websites and you can see it in the address bar of your browser, when you see a website address such as http://www.example.com.

HTTPS is more secure because it creates an encrypted connection between you and your online bank, or a website that you are ordering something from – a website that you may be giving your credit card details to. This is achieved by websites using special security certificates that the browser can verify as secure and you can tell this by seeing the green padlock where the website address is. In some cases, there is a padlock (as the picture above) or the whole website address may be shown in green in your browser.

HTTPS is becoming the preferred choice

Until recently, the main use of HTTPS was to protect financial transactions or personal information from being intercepted. This is now changing because there are many benefits in making all websites use it, even when not doing those transactions. For example, if you are logging into something like Facebook, a membership website or forum, it is better to have your login details protected if possible rather than going over the internet unencrypted.

Also, it makes it more difficult for those people who create malicious websites that imitate a genuine website, in order to get you to hand over personal information.

Browsers are highlighting HTTP/HTTPS

Google Chrome announced a while ago that starting this year, they are changing the way the browser shows websites, in that Chrome will start to identify any website that isn’t using HTTPS – whether the website is a financial one or not.

So if you login to something or enter important information, you may now see: –

Chrome security warnings

Similarly, Firefox is now flagging non-HTTPS websites and when there is a website with a login, this warning is displayed advising you that the connection is not secure, that is not using HTTPS.

Address bar not secure

If you are entering login details, you may also see this: –

Insecure login warning

Eventually, all websites will go the HTTPS route, but at the moment there is generally a cost implication for website owners for the security certificates and setup, so the speed of the take-up of HTTPS will be gradual.

In the meantime, if you see any of the above warnings and you have to enter login details, credit card or other personal information, you now know what they mean and can make an informed choice about what you do next.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone

Search Engines – use with care

Search engine - use with care

In previous articles we’ve mentioned that as well as watching out for computer viruses, you need to watch out for ‘Potentially Unwanted Programs’- technically legal software used maliciously which may install a program without your permission, change your search engine, tracks what you are doing or many other things.

The people behind this malware are getting more clever in finding ways to get their software onto your computer and are even using search engines to help them – search engines that everyone uses every day.

Unfortunately we still find customers that have been misled when searching and have unwittingly gone to the wrong kind of website to download something from.

Check the actual website address

It may sound obvious, but when reading the search results, check the website address itself and not just the title or wording. You would be surprised how many people only look at the title or briefly read the paragraph under it and it is common that people have searched for something on a search engine, (such as printer software drivers for example) and some of the results are not genuine websites. The website addresses may be very similar, such as ‘hp-drivers.com’ instead of the correct ‘hp.com’ but they will not be the website that you want.

Some of these ‘almost’ websites are genuine, but many are not and when downloading from them, they can add unwanted programs (or worse) to what you download. As a lot of these unwanted programs are not illegal as such, they can sometimes be missed by antivirus software.

How do you avoid going to the wrong search result?

The important thing to remember is that you should not automatically assume that all the results of any search are genuine. You need to be careful what you click on, as well as what you download.

As well as being extra careful if you see the website address is not what you expect, many antivirus programs automatically check to see if a website has been reported as a potential danger and if so, will warn you. Sometimes the search engine itself may warn you too, but you cannot rely on being warned every time.

Antivirus programs may show a green icon alongside the website entry in the search list, telling you that the website is ok, which is useful – but that doesn’t mean that you must avoid any results which do not have the green icon. Many people are not aware that a website that does not have the green icon, may still be alright to visit – the fact that they do not have a green icon may just mean that they have not been added to the antivirus program ‘green’ list yet.

Stick to the original websites where possible.

If you are looking for software drivers for your computer, stick to the manufacturer website – this will ensure that you have the most up to date and malware-free download.

If you do not go to a manufacturer website to download something, try not to download drivers or programs from third party sites unless you have to and then only when they are well-known sites.

So called ‘Peer to Peer’ (file sharing) sites can be particularly problematic and again, you need to be choosy where you download from.

So long as you treat search engine results with as much caution as anything else on the web, you will be adding to your computer security. You don’t have to be paranoid – just be careful!

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone

Free Antivirus – is it letting you down?

Free antivirus - is it good enough?

One of the best ways to avoid a computer virus is by using common sense, but that doesn’t mean you’ll be safe from attack. Even the most careful user can find themselves infected in an instant and spreading the virus faster than a sneeze in flu season. It’s why antivirus software is still the first package we install on all systems – because you never know when you’ll be attacked. But should you choose free or paid antivirus?

Advertising in the program

Much like a free mobile app making its fortune with in-app purchases, the free antivirus software will push for payment. Expect popup boxes pestering you to sign up to the paid version with some free options also trying to change your browser home page and default search engine, an inconvenience you may be stuck with. Paid options are more respectful and largely invisible unless they’ve detected a problem.

Effectiveness of free antivirus

It’s fair to expect your antivirus to detect malware, and testing showed that in a head-to-head battle free and paid are about equal at catching known infections – although some are better than others as you would expect. Unfortunately,  free antivirus generally needs to have recorded a virus into its virus lists before it can detect it. Paid antivirus is more likely to identify and stop a new virus because it also bases the detection on suspicious behaviour, the source and its attributes, a far more effective method of detection.

Features in free versions

Free antivirus programs are usually created from the paid version, taking out everything except the bare minimum. In your free version, it is unlikely that you will have all the advanced features like spam filters, firewalls, parental controls and secure web browsing. Some paid antivirus will also update your other software packages, forming a more secure protection against attacks. For example, you might view a malicious image file that takes advantage of an exploit in your PDF software so anything that reminds you to update your PDF program is a good thing. Unfortunately, hackers have advanced beyond simple tactics and it’s not just about avoiding email attachments anymore.

Support

Free antivirus options are the most popular choice because they’re… free. Obviously.  This also means there’s generally little or no support available. If there’s a problem or conflict, you may find yourself without protection until it can be resolved. Paid antivirus options usually include telephone support, ready to help with problems ranging from installation to system diagnostics.

Ease of use and flexibility

Depending on what you use your computer for, this may be an important concern. Free antivirus options are easy to install and use, but are very limited in their flexibility. They come as-is, meaning you can’t pick and choose what it monitors or how it reacts. For example, users occasionally find it necessary to disable ALL protections in order to install or play a network game. Paid versions are more likely to allow you to adapt the way the antivirus runs, switching features on and off as required e.g. many paid antivirus programs have a ‘gaming mode’ available, which restricts interference by the antivirus product.

Free antivirus is fine for very basic protection or those with an older PC. In these cases, something is always better than nothing. But we generally recommend that you go with a paid antivirus to defend you from the new attacks that are released daily, and to ensure you’ve got solid protection that will make a real difference to your digital safety.

If you want to upgrade to a paid antivirus, give us a call on 01455 209505.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone

How to spot a Tech Scam

avoiding computer scammers

If your computer had a virus, you’d want to know about it ASAP, right?

Before your important files become corrupted, you lose your photos and your digital life is essentially destroyed. Even thinking about it is terrifying.

Tech scammers know we’d be lost without our computers, and that we don’t always know what’s going on behind the screen – which is why they’ve been able to swindle millions from every day people across the world.

The scam goes like this:-

You receive a random phone call from someone with a heavy accent  saying they’re from Microsoft, Talk Talk, BT or some other well-known company, or an alarming pop-up appears on the screen, saying it looks like your system has been infected with a virus.

The real Microsoft will never randomly call people like this. Ever.

To fix the problem, they need to you to download some support software, which they’ll give you a special link for.

A technician then uses that software to gain access to your system and make it appear your system is riddled with viruses. Flashing screens, mysterious diagnostics whizzing by, fabricated errors…they’ll do or say anything to make you panic. They’ll even go as far as claiming your system has been infected with illegal content and if not corrected, you’ll face criminal charges.

Demands for credit card information follow immediately after. Once paid, they simply stop fiddling with your system to make it seem the problem is fixed. To continue the scam, they’ll soon access your system to recreate the problem, this time offering a subscription for ongoing protection.

What To Do If You’re Targeted By A Tech Scam

  1. Don’t taunt them. Just hang up. Right now you’re only a phone number in their system and they’ll move onto the next – if you give them cause to target you personally, you may find yourself in a worse situation.
  1. If a pop-up appears, immediately run an anti-virus scan. Don’t click the pop-up or call the number.

What To Do If You’ve Already Been Scammed

It’s okay. It feels horrible, but you’re not alone and the situation can be corrected.

Call your financial institution and have the charges reversed and your card reissued. It’s easier than you might think and helps the authorities locate the scammers.

Then give us a call on 01455 209505 and we’ll make sure they no longer have access to your computer.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone