Archive for Computer virus

Update iTunes and iCloud against Ransomware Vulnerability

Update iTunes - Ransomware Exploit

A vulnerability has been found in the Windows version of iTunes and iCloud, which may allow ransomware to be inserted into Windows computers, bypassing antivirus security programs.

Mac versions are not affected.

Bonjour software exploited

The Bonjour component that both iTunes and iCloud uses, is meant to allow communication between devices on your network and is often used to allow Windows to communicate with Apple devices.

A bug has been found (by security company Morphisec) in Bonjour, called a ‘zero day vulnerability’ which in geek-speak, is an ‘unquoted service path’ – essentially code which has been written incorrectly. As iTunes and iCloud are classed as trusted programs, the vulnerability can avoid antivirus security software and install ransomware software, which can potentially encrypt hard drives and prevent you accessing your data.

Get your iTunes and iCloud update patches

Apple has now patched the vulnerability in iTunes 12.10.1 and iCloud 7.14, so grab your updates if you haven’t already and ensure that automatic updates are enabled, to provide maximum benefit from security fixes in the future – especially as other vulnerabilies were found at the same time, which are yet to be resolved.

Uninstalled iTunes? You can still be vulnerable

Even if you have previously uninstalled iTunes, the Bonjour software is probably still present on your system, as it is a separate program and is not automatically uninstalled when iTunes is removed.

If Bonjour is still on your system it may be still have background services running but in a potentially unpatched state, so you would need to go to your Control Panel and remove it manually.

Has Your Email Been Hijacked?

Has Your Email been Hijacked?

A common problem found by some customers in recent months has been spam emails appearing to come from their own accounts.  Despite not knowing why, there are reports of friends, family, and contacts receiving spam email that appears to come from them and this has understandably worried many people.

Some have had their accounts suspended or shut down by their service providers as a result.  For many, this experience can be highly disruptive as well as worrying. It’s a problem that can cause many issues in both your professional and personal life.

The key to defence is learning how these attacks happen, and figuring out what you can do to protect yourself and your contacts against them.

Hackers Using Your Email Against You

Scammers that send out spam messages are continually looking for ways to make the process faster, cheaper, and more efficient. It’s the best way in which they can make more money every day by scamming unsuspecting victims for even more cash.

One of the most efficient ways they do this is by hijacking ready-made, trusted email accounts like your own. Hackers have several tools at their disposal to attempt to hijack your accounts.

Unfortunately some of the things which make emailing fast and easy to use, means that details such as those in the ‘From’ field, are easy to fake. A hacker might change the ‘From’ information to make it appear as if the email comes from anyone, simply by creating an account in that name in an email program – the details of the real sender are usually hidden away in something called an email header.

Defending yourself against this kind of misuse is difficult but you can help yourself by being cautious and if you believe something to be out of place, such as a strange ‘Subject’ title or attachment, you can try to verify that an email, even one you expect to receive, does come from the person that you believe it to be from. If you have any doubt, give them a quick call to verify – if their emails have been hacked, then they will appreciate the warning.

If your email provider flags up an incoming email as ‘suspicious’, or ‘untrustworthy’, it may well be.

Stolen Credentials

Hackers often buy large bundles of email addresses and passwords from the dark web. Leaked emails are often put up for sale following hacks of major companies and service providers (for example see previous Blog post here).

The value of these details comes from the fact that most passwords are unlikely to have been changed, the details attached to them are trusted, and often get hackers access to additional services too.

It is unlikely that you will know about every single hack incident that happens to a company that you use, so change passwords regularly.

How To Detect an Email Intrusion

It can take a long time before you’re aware that malicious hackers are using your details. You might even be the last person in your contacts to know.

The first sign to look out for is a large number of unexpected emails in your Inbox. These are likely to be replies to emails you never sent in the first place. Out of office, automatic responses, people complaining about spam, and people responding to the email as if it were genuine may all come to you first.

Keep a close eye on unexpected emails appearing suddenly in your Outbox. A hacker may be ‘spear-phishing’ (pretending to be from a trusted source) to someone that you do business with or trust. By acting as you, using your address and details, they may be able to divert payments or confidential information to their accounts instead.

A typical example is a business that receives an email from another business, stating that their bank details have changed and to make payments using the new bank details. Whenever you get an email like this, then always verify with the sender.

Do bear in mind that extra emails in your Inbox or Outbox do not happen every time, so the absence of these emails does not mean that you can relax your cautious approach.

Protecting Yourself Against Hackers, Attackers, And Hijackers

Sometimes your computer might have been compromised to give hackers access to your services, or malicious software may have infected your machine to steal data and infect your contacts. So in the first instance, use a good (and preferably not just a free version) of an Internet Security program.

Take extra care to change your passwords if you believe your email has or may have been accessed by hacker. Use a different, more secure password for your email than you do for every other service, such as using a mixture of capitals, numbers and special characters. Your email account is often the key to accessing many of the services you use most, so you need to protect it as much as you can.

Run a virus scan and maintain security updates. If you think your computer could have been infected, have your machine and services looked at by a professional if you believe there is a risk that your data is being used.

Business Email Users can Authenticate their own Email

If you have your own email service, you can enable various email authentication methods such as SPF, DKIM and DMARC which are ways that your genuine emails can verify that they are genuine – helping to make it more difficult for someone to pretend that they are you. It also has the added benefit that it helps you pass through spam filtering.

Unfortunately, some email services (especially at the cheaper end of the market) don’t check for these authentications, so you do need to be a little bit choosy about which email service you use.

If you think your email could have been hijacked, or your details used elsewhere, give us a call on 01455 209505.

Don’t Fall Victim to Webcam Blackmail

Don't fall Victim to Webcam Blackmail

Many customers have reported recent scam messages from individuals claiming to have intercepted their username and password. These messages often state they have been watching your screen activity and webcam while you have been unaware.

Typically, attackers threaten to broadcast footage and your web browsing details to your contacts, colleagues, or social media channels. Demanding payment in Bitcoin payments, malicious hackers blackmail their victims to keep confidential information private.

Where Have the Attacks Come From?

In many cases where hackers have claimed to have a victims’ password, this has turned out to be true, but usually its not because you have been hacked – but rather that a company you have had dealings with has.

In the last few years alone, many large websites have suffered enormous hacks which have released confidential details on many of their users. LinkedIn, Yahoo, Myspace and TalkTalk all suffered massive and devastating hacks. Some users of these services are still feeling the consequences today.

The details leaked from these sites, and others facing the same issues, are sold online for years after the initial breach. Hackers buy username and password combinations in the hopes of reusing them to access services, steal money, or blackmail their owners.

How to Respond if You get One of these Emails

If you have been contacted by one of these hackers, it is a scary reality that they could have access to your credentials, data, and online services. That said, accounts that share the same password should be changed immediately. Security on additional services you use should be updated too.

The only thing you can do in response to this type of email is to ignore it. This “we recorded you” email is a scam made much more believable because they probably do have one of your real passwords gained from a site hack, but that does not mean that they have access to your computer or Webcam.

Self Defence On the Web

When using online services, a unique password for every site is your number one defence. A good password manager program makes this practical and straightforward too.

Using a different password for each site you use means that hackers can only gain access to one site at a time. A hack in one place should never compromise your other accounts by revealing the single password you use everywhere – unfortunately we still do come across customers that only use one password for everything.

Often, people think that maintaining many passwords is hard work or even impossible to do. In truth, it’s almost always easier to keep tabs with a password manager than it is to use the system you have in place today.

A high quality and secure password manager such as LastPass, or 1Password, can keep track of all your logins efficiently and securely. They often offer the chance to improve your security by generating random and strong passwords that hackers will have a tougher time cracking.

Password management services offer a host of features that help you log in, remind you to refresh your security, and make your safety a number one priority. After using a manager for just a short time, you can be forgiven for wondering how you managed without it.

If you think you might have been hacked already, or want to prevent it from ever happening, give us a call on 01455 209505 to help update your security.

CSH Computer Services is a local business providing PC and Laptop repair and I.T. support services to Homes and Businesses. We are based near Lutterworth, Hinckley and Broughton Astley in Leicestershire and provide a full range of services, from PC and Laptop repairs, PC and Laptop upgrades, sales of new computers and workstations plus business network support. We also provide Virus and Malware disinfection, Broadband installation and troubleshooting, data recovery, Wireless networking and troubleshooting, plus much more. We work in and around the whole Leicestershire area and can be seen daily in Lutterworth, Hinckley, Broughton Astley, Market Harborough, Nuneaton, Rugby, Leicester and surrounding areas too.

Common Malware to Watch Out For

Common Types of Malware Infection

The term “virus” is often used to describe many different types of infection a computer might have and can describe any number of potential computer programs. What these programs have in common are they are typically used to cause damage, steal data, or spread across the network but they are usually designed for a malicious or criminal intent right from the start.

Malware (‘malicious software’) is any software used for negative purposes on a personal computer  and can actually be legitimate software, but which is being deliberately misused.

Adware

Short for ‘advertising-supported software’, adware is a type of malware that delivers advertisements to your computer.  These advertisements are often intrusive, irritating, and often designed to trick you into clicking something that you don’t want. A common example of malware is pop-up ads that appear on many websites and mobile applications.

Adware often comes bundled with “free” versions of software that uses these intrusive advertising to make up costs.  Commonly it is installed without the user’s knowledge and may be made excessively difficult to remove.

Spyware

‘Spyware’ is designed to spy on the user’s activity without their knowledge or consent.  Often installed in the background, spyware can collect keyboard input, harvest data from the computer, monitor web activity and more.

Spyware typically requires installation to the computer. This is commonly done by tricking users into installing spyware themselves instead of the software or application that they thought they were getting. Victims of spyware are often be completely unaware of its presence until the data stolen is acted on in the form of fraudulent bank transactions or stolen online accounts.

Virus

A typical virus may install a keylogger to capture passwords, logins, and bank information from the keyboard.  It might steal data, interrupt programs, and cause the computer to crash but  more commonly, includes a ‘ransomware’ package – see below.

Modern virus programs commonly use your computers processing power and internet bandwidth to perform tasks remotely for hackers – the first sign of this can be when the computer sounds like it is doing a lot of work when no programs should be running.

A computer virus is often spread through installing unknown software or downloading attachments that contain more than they seem but perhaps the most common is by links in emails.

Ransomware

A particularly malicious variety of malware, known as ransomware, prevents the user from accessing their own files until a ransom is paid.  Files within the system are often encrypted with a password that won’t be revealed to the user until the full ransom is paid.

Instead of accessing the computer as normal, the user is presented with a screen which details the contact and payment information required to access their data again.

Ransomware is typically downloaded through malicious file attachments, email, or a vulnerability in the computer system. This si the type of infection that seriously affected NHS machines not too long ago.

Worm

Among the most common type of malware today is the computer ‘worm’.  Worms spread across computer networks by exploiting vulnerabilities within the operating system.  Often these programs cause harm to their host networks by consuming large amounts of network bandwidth, overloading computers, and using up all the available resources.

One of the key differences between worms and a regular virus is its ability to make copies of itself and spread independently.  A virus must rely on human activity to run a program or open a malicious attachment; worms can simply spread over the network without human intervention.

No need to be paranoid!

So with all these types of infections, it would be easy to be put off using computers altogether and we have certainly met people that do the minimum possible with theirs, due to infection worries.

The fact is that we have found that the typical number of calls for traditional computer virus infections has gone down over recent times and that more often than not, infections today are the result of scams or insufficient security protection.

If you use common sense, a good security package (preferably paid for as opposed to a free version) and are cautious with what you do online and download, then you can reduce the chances of infection – but you must remain vigilant.

If you would like us to help  keep your systems safe from malware, give us a call on 01455 209505.

How to Tell if You Have Been Hacked

How to Tell if You Have Been Hacked

Being hacked is the single biggest fear of most computer users. Many believe that the first sign of strange behaviour or errors on their PC is a sign that hackers have taken control. But are hackers really inside your machine, stealing your information? Or should we be on the lookout for more subtle signs? What does being hacked really look like?

There is an important distinction to make between being hacked by a person and being infected with a virus or malware. Virus software and malware are automated processes designed to damage your system, steal your data, or both. There are of course ways that we can defeat these processes, but what if we are instead hacked by an individual?

Remote Connections

Our previous blog posts have warned people about not allowing strangers to remotely access their computers unless they are 100% sure that they are genuine.

Remote Support technology is a very useful tool but if you allow the wrong people to remotely connect, they can be doing things in the background that you may not be aware of. For example, whilst speaking to you they can be downloading software that they can then use to convince you that your computer has a problem – i.e. displaying fake error messages. Needless to say, they can also be gathering information from your computer too.

They can also leave software on your machine which in many cases is very difficult to spot. You should only allow people to connect when you have approached them – never from a phone call or email coming to you out of the blue, no matter how believable or what they appear to know about you.

Logins not working

One of the first steps a hacker might take would be to change the computers passwords. By doing so, not only do they ensure future access to the account, they prevent you from accessing the system to stop them. For the hacker, this is a crucial step that keeps them in control.

Being hacked is not the only reason why you may not be able to login, but it is a possible symptom that you need to bear in mind. We always need to make sure to keep on top of our own login details and how often we change them.

Security Emails or SMS’s from online services

Many services track which device and location you logged into your account from last. If your account is accessed from a new device or a different country it might trigger an automated email or SMS to ask if this new login is your own.

If you have logged in using a new computer, tablet, or phone; an email that asks “hey, is this you?” need not be cause for alarm. If you haven’t, it may be time to investigate further. This service is an important part of information security and may be a key first step to identify someone else gaining access to your account.

Bank accounts – strange transactions

Most commonly today, hackers commit crimes to steal money. The end goal for hackers is typically to profit from their crimes by taking money from people online. Obviously it pays to keep a regular eye on your financial transactions to make sure you know what money is coming and going from your account, especially when doing online banking.

Whilst you may see a large sum missing where hackers have attempted to take as much as they can in a single transaction, this is not always the case. Alternatively small, hard to notice transactions may sometimes appear. These often account for small purchases where attackers have tested the details that they have, to make sure they work. Hackers may even wait months before attempting a transaction.

Either way, the sooner you spot unusual or unrecognized transactions, the better.

Sudden loss of cellular connectivity

Mobile network interruption is a symptom that few people expect but occurs commonly when hackers attack. Many banks and online services use a security feature known as Two-factor authentication. To do this they send a short code to your phone or app when you log in. Two-factor authentication is ideal in most cases and is a great boost to security.

Determined hackers can try to work around this by calling your mobile service provider to report your phone as lost or stolen. During this call, they will request your phone number be transferred to a new sim card that they control. When your bank sends its regular two-factor authentication code to the number registered, it goes instead to the hacker who may be able to log in. From your perspective the phone service will simply stop working.

Unusual or unrecognized icons

In many cases hacking software tries to be stealthy and not be seen, but there are some that do not hide themselves so much because the hackers believe that it may not be noticed. A common one is remote connection software that can only be seen as a tiny icon in the bottom right-hand corner of a Windows computer, which automatically starts up every time you switch the computer on. It is hiding amongst all the other small icons and is frequently overlooked.

Similarly there may be an icon appearing on the Desktop which you do not recognize or remember installing, or your normal search engine changes to something else – if a virus or malware has caused this, what else is going on?

Keeping vigilant and maintaining security

These are only some of the modern techniques that hackers can try to use to gain access to your accounts. You don’t need to be paranoid but it pays to be extra vigilant and pay close attention to the signs and signals that indicate you may have been hacked.

Also, make sure that you have a good security product installed – it makes it that much harder for hackers.

If you suspect that you might have been hacked, or would like help to prevent hackers in future, give us a call on 01455 209505 and we’ll help improve your security.

Why You Need 2-Factor Authentication

Why you need 2-Factor Authentication

You hear about hacks all the time, whether its major websites who have had data leaks containing email and passwords, or computers getting infected and login details for bank accounts and credit cards being obtained. In the worst cases, identity theft occurs because it is an easy crime to commit with a high reward.

Why Passwords are Not Enough Anymore

In 2018, the passwords you used to trust to keep the bad guys out of your accounts, are simply not enough anymore. Cyber attackers now use methods such as ‘phishing’ (pretending to be trustworthy), ‘pharming’ (redirecting to a fake website), and keylogging (monitoring keyboard strokes) to steal your password. Some have the power to test billions of password combinations.

If you’re like the majority of people, you use the same password for several websites. That means anybody who has figured out that password has access to everything you’ve logged into with it. In a time when it is extremely easy to look up what a person named their first pet or high school mascot thanks to social media, such security questions aren’t much help.

Consider how a jewellery store operates. They don’t simply keep their valuables locked away with one key. There are alarms ready to be triggered, motion detectors, and sometimes even bars on the windows. Your data is valuable, just like jewellery. You need more than one line of defence to protect it.

What is 2-Factor Authentication?

In the computer world, your second line of defence after your username and password combination is called “2-factor authentication.” 2-factor authentication is a way to double check a person’s identity by sending a text or email code to confirm that the person logging in, is the genuine person. No code – no login.

It is sometimes referred to as ‘multiple-step’ or ‘multi-factor’ verification, depending on the company using it.

This can be enabled every time a person logs in or just under certain circumstances. For example, signing in from a new device or different country might trigger 2-factor authentication.

Many of the services you may already use, such as Facebook, Gmail, and more, have 2-factor authentication options already. If your bank has ever sent you a special code through text or email to enter before logging in, you’ve already used a type of 2-factor authentication. They can also be in the form of a smartphone app or a physical electronic dongle.

2-factor authentication is absolutely crucial for online banking, email, and online shopping such as Amazon or PayPal. It’s also a must-have for cloud storage accounts (like Dropbox or Sync), password managers, communications apps, and productivity apps. This is especially true if you frequently use the same passwords for different websites and apps.

When should I use it?

Clearly, as much as possible. Some may consider 2-factor authentication unnecessary for social networks, but these are actually very important to keep safe. For ease, a lot of websites and apps allow you to sign up through your Facebook or Twitter account so you need to keep these networks safe, so that somebody with your password can’t suddenly get into every account you have linked.

The point of using 2-factor authentication is to make hackers’ lives harder and prevent them from getting into your accounts. If they have captured your login username and password, they still need a second device to get in, especially when the computer or phone they are using has never logged into your account before. This makes it significantly more difficult for anybody to breach your account.

Plus, if you receive a notification with a special code to enter for logging in, and you weren’t trying to log into that account, you have a good signal that somebody else was trying to get in. That means it’s time to change that password and be grateful you had 2-factor authentication.

It’s unfortunate that there is currently an abundance of skilled hackers ready to take advantage of those unprepared. Luckily, you can still stop them -even if they have your login information at hand. 2-factor authentication is one of the easiest methods to keep your accounts safe.

If you want help in securing your accounts, give us a call on 01455 209505.

Should You Pay for a Ransomware Attack?

Getting hit with a ransomware attack is never fun, your files get encrypted by cybercriminals and you can no longer access them, so you’re left having to decide: should we pay to get them back? It’s a scene that’s played out across the world with 70% of businesses saying ‘yes’ in 2016 alone.

Here’s what you should consider if you’re ever in this situation.

Do you trust them?

Besides the fact that they’re criminals holding your data hostage, how confident are you that they’ll send the decryption key or that it will even work? Most attackers demand you send the payment via untraceable Bitcoin, so you have no recourse if they take it and run. You’re also equally trapped if they decide they asked too little and come back with increasingly higher demands.

If they do send the decryption key and you successfully decrypt your files, be aware they still have access to your systems and can hit you again at any time until your network is disinfected by experts. Businesses don’t exactly want their breach publicized either, so many don’t admit to paying the ransom, whether it went to plan or otherwise.

Can you manage the impact of a Ransomware attack?

Best case scenario, you can wipe the affected drives and restore from a clean backup without paying the ransom. You might even decide the encrypted files aren’t that important and simply let them go, or even wipe a whole laptop or workstation.

On the other hand, if your data management comes under any special regulations, like health or legal, you may find the attack has a much wider, more intense impact.

The attacker will usually give you a countdown to motivate a payment, with a threat of deletion when it hits zero. If the data isn’t that valuable, or you have confirmed backups, this urgency has no effect.

There are also new types of ransomware like KillDisk which can permanently wipe your entire hard drive.

How much do they want?

Cybercriminals rarely send out global attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals (remember the NHS Ransomware incident not too long ago) are hit with very high demands, while small business demands are more modest. They may be criminals, but they’re smart people who know your financial limits.

They’ll also consider how much similar businesses have paid and how quickly, then expect you to follow suit.

Are your backups good?

Many businesses are discovering too late that their backup systems aren’t robust enough to withstand this type of attack. Either they’ve become infected too, they weren’t up-to-date or they backed up the wrong data.

It’s worth doing some quick checks on your backup processes as even if you have to take the system down for a day as you recover, you’re still light years ahead of those without them.

Can you prevent Ransomware attacks in the first place?

There may have been a time when you didn’t have to consider ransomware as an issue and just had to have some form of basic antivirus service running on your computer – but unfortunately this is no longer the case. You need a good security system in place that includes some form of ransomware protection.

Ransomware is constantly evolving and security is always playing catch-up, so go for the best performing security system – not necessarily the cheapest.

Reduce routes of infection

Ransomware is showing no signs of slowing down. As more businesses keep them funded the cybercriminals are steadily launching new attacks and making it their full-time job. Most attacks come via phishing emails – those emails that trick employees into clicking a link – and they can be extremely convincing. While training helps people spot them, it’s no guarantee.

We recommend using business-class spam filters to catch these types of emails before they land in your employee inboxes so that triggering a ransomware attack becomes something that happens to other businesses, not yours.

Secure your data systems now, we can help! Call us on 01455 209505.

Phishing – What Is It and How to Avoid It

Phishing – What Is It and How to Avoid It

There’s always some IT jargon to contend with and here is another one – ‘Phishing’ – but you do need to look out for it. ‘Phishing’ is the attempt to obtain your personal information (login details, credit cards etc.) by someone pretending to be someone trustworthy in an email or other electronic communication.

Typically, they may try to get you to a website which may look completely legitimate and identical to the genuine website, such as a bank, and there they get you to disclose information that they want for their own purposes. On the face of it you may read this and think “They wouldn’t catch me out”, but they are very good at what they do and can be very persuasive.

A single click can be the difference between maintaining data security and suffering financial losses and not just personal bank accounts – businesses are especially vulnerable. From the moment just one employee takes the bait in a phishing email, your business is vulnerable to data breaches and extensive downtime.

As well as being vigilant, here are a few tips for things to look for :-

1. Poor spelling and grammar

While occasional typing errors happen to even the best of us, an email filled with errors is a clear warning sign. Most companies push their campaigns through reviews where errors are caught and corrected. Unlikely errors throughout the entire message indicate that the same level of care was not taken, and therefore the message is possibly fraudulent.

2. An offer too good to be true?

Free items or a lottery win sound great, but when the offer comes out of nowhere and with no catch? Take care not to get carried away and do not click without investigating deeper. Remember, this can look as though this is coming from anyone that you may actually happen to deal with – your broadband provider, bank or any other source – and the criminals have just struck lucky in your case that you are an actual customer.

3. Random sender who knows too much

Phishing has advanced in recent years to include ‘spear phishing’ (more jargon!), which is an email or offer designed especially for you or your business. Culprits take details from your public channels, such as a recent function or award, social media, etc. and then use it against you.

The only clue can be that the sender is unknown – they weren’t at the event or involved with you in any way. Take a moment to see if their story checks out.

4. The Website address or email address is not quite right

One of the most effective techniques used in phishing emails is to use domains which sound almost right. For example, [microsoft.info.com] or [pay-pal.com]. This technique is also used in search engine listings where someone pretends to be a company.

Hover over the link with your mouse and review where it will take you. If it doesn’t look right, or is completely different from the link text, send that email to the bin.

5. It asks for personal, financial or business details

Alarm bells should ring when any message contains a request for personal, business or financial information. If you believe there may be a genuine issue, you can check using established, trusted channels such as calling the company using a telephone number that you know is genuine.

Take care if using a search engine to get the number – ensure that the information comes from the genuine website (see tip No.4 above).

While education is the best way to ensure phishing emails are unsuccessful, a robust spam filter and solid anti-virus system provide peace of mind – especially if you are running a business.

Give us a call on 01455 209505 to discuss how we can help secure your system against costly phishing attacks.

3 Internet Habits to Keep Children Smart and Safe

Protect Children Online

How can you make the internet a safer place for your children? It’s a common concern as all parents want their children to be protected and happy whenever they go online. It’s relatively easy to supervise and monitor the very young ones as they stare delightedly at the Disney website, but the risks increase greatly as children get older and more independent.

Safe internet usage goes beyond reminding them not to talk to strangers. With the evolution of the internet and the way it’s now woven seamlessly into our lives, the focus now needs to be on ingrained habits. That means ensuring your children have the tools and responses to online events so that no matter what happens, they’re not placing themselves (or your family) at risk.

Setting up these habits is easy, and begins with three basic understandings:-

Downloads are a no-go

Most children can’t tell the difference between a legitimate download and a scam or malicious link. It’s not their fault, the online world is full of things that will trick even the most savvy adult. The difference is that children tend not to take that extra moment to check exactly where that link is pointing, question whether it’s too good to be true, or even read what they’re agreeing to.

For example, only this morning we collected an infected computer in Lutterworth which had become infected through a teenager downloading software which unknown to them, contained malware.

They want to get back to what they were doing, and if something pops up, their first instinct is to click ‘yes’ – purely so that it goes away. Unfortunately virus and malware writers know this and target children, for example games software patches and music are prime examples. That single click ‘yes’ may have just opened the door to malware and viruses that will ruin their computer – or worse.

Set a family rule that they need to ask permission for all downloads (and an adult will check it first), and to never ever click a popup. When you’re called over to give download permission or check a popup, talk through exactly what you’re checking and why. As your child matures, get them involved in this process so their safe habits extend outside the home.

Critical thinking is essential

Most youngsters think the internet is a magical place and can’t imagine their life without it. With that acceptance though, comes unwavering trust that the internet would never lie to them, never trick them and never hurt them. While we adults know better, it’s only because we already view the internet with a certain level of distrust.

The best way to keep children safe is to teach them to view the internet with critical thinking and not be blindly trusting. That includes teaching them to question the motives of other people online. Is that person really a child? What do they really want? Simply make them think that they need to treat the internet in the same way as they should beware of strangers in the street.

Unfortunately, all children do need to be aware that predators use the internet to target and lure children. Ensure your children tell you immediately if a stranger makes contact. Along with this stranger danger, teach them to identify what marks something as suspicious, and what they should avoid. If they come across anything inappropriate, they should shut down the computer and come straight to you.

The internet is forever

Children have an overwhelming drive to contribute to the internet, they don’t think twice about recording a video, jumping in a chat room or onto social media. The world really is their playground!

But what they don’t understand (until its too late), is that anything that they upload, write or say is on the internet forever. Even if they delete it or use a platform where content self-erases, someone can still screenshot and send it right back out.

Many cyber-bullying cases are based around this exact type of scenario.

Once your children know that everything they post is permanent, they’ll hopefully be more likely to pause and think before posting – every time.

If you would like us to help you to secure your computer and help keep your family safe – give us a ring on 01455 209505.

Why Spam is a Small Business Nightmare

Why Spam is a Small Business Nightmare

15 years after the world united to crack down on spam emails, we’re still struggling with overloaded Inboxes and estimates of the extent of global spam, range from 60% to over 80% of email traffic. All that unwanted email continues to flood the internet, much of it targeted towards small businesses, and the impact goes wider than you might think.

Here’s the full breakdown of how modern spam works and how it’s hurting your business.

What is spam?

Generally speaking, spam is any unwanted message that lands in your email, comes via text, social media messaging, or other communication platform. It might be sent to your main business account, eg your ‘contact us’ email, or direct to your employees. Most of the time, spam is annoying but relatively innocent messages from another business inviting you to buy/do/see something. They’re newsletters, reminders, invitations, sales pitches, etc. You may know the sender and have a previous relationship with them, or they might be a complete stranger.

Occasionally, spam may even be part of a cyber attack.

Why you’re getting spammed.

Maybe you or your employee signed up for a newsletter or bought a raffle ticket to win a car. Perhaps you got onto the mailing list accidentally after enquiring about a product, not knowing that simply getting a brochure sent through would trigger a spam-avalanche. Often there’s fine print that says they’ll not only use your details to send you their marketing, but they’ll share your details with 3rd parties so they can send you messages too. That single email address can be passed around the internet like wildfire, and before you know it, you’re buried under spam.

Sometimes, and more than we’d like to think, your details are found illicitly, perhaps through a hacked website for example, like the recent LinkedIn leak. More often though, your email is simply collected by a computer ‘scraping’ the internet – scouring forums and websites for plain text or linked emails and selling them as prime spam targets. It’s easy to see how individual office employees receive an average of 120 emails daily, over half of which are spam!

Spam is not just annoying.

We all know spam is annoying, but did you know it’s also resource hungry? Your employees are spending hours each week sorting their email, assessing each one for relevance and deleting the spam. Too often, legitimate emails from clients and customers get caught up and are accidentally deleted. Add in the temptation to read the more interesting spam emails and productivity drops to zero.

On the other side of the business, your email server might be dedicating storage and processing power to spam emails, occasionally to the point where inboxes get full and real mail is bouncing out. While most spam is simply an unwanted newsletter or sale notice, there’s also the risk that any links may be a cyber-attack in disguise. After all, one click is all it takes to open the door to viruses, ransomware, phishing or other security emergencies.

How to reduce the spam.

Normally, spam is filtered out locally by your antivirus security software (depending on your choice of software of course) and all email servers have the capacity to use in-built filtering software before you get it – one of the most common software packages being called ‘SpamAssassin’. On top of that, there are third-party anti-spam companies which you can use to add further filtering, where typically the third party gets all your emails first and processes their filtering on them, before it even gets to your server.

Also the 2003 Can Spam Act is a global set of anti-spam laws that was set up that requires all marketers to follow certain rules, like not adding people to mailing lists without their permission, and always including an ‘unsubscribe’ link. This why many companies send you an email to confirm that you want to be added to their mailing lists, even when you have asked for it in the first place.

So firstly, make sure you’re not accidentally giving people permission to email you – check the fine print or privacy policy. Next, look for the unsubscribe link at the bottom of the email. Unfortunately, not all of them include the link, or they hide it somewhere impossible to see.

The worst spammers use that ‘unsubscribe’ click to confirm that your email address is valid/active and then sell it on, so don’t automatically go for the ‘unsubscribe’ link – look at the email first and decide before clicking.

If you need help with your anti-spam protection, call us on 01455 209505.