Archive for Security

How to Tell if You Have Been Hacked

How to Tell if You Have Been Hacked

Being hacked is the single biggest fear of most computer users. Many believe that the first sign of strange behaviour or errors on their PC is a sign that hackers have taken control. But are hackers really inside your machine, stealing your information? Or should we be on the lookout for more subtle signs? What does being hacked really look like?

There is an important distinction to make between being hacked by a person and being infected with a virus or malware. Virus software and malware are automated processes designed to damage your system, steal your data, or both. There are of course ways that we can defeat these processes, but what if we are instead hacked by an individual?

Remote Connections

Our previous blog posts have warned people about not allowing strangers to remotely access their computers unless they are 100% sure that they are genuine.

Remote Support technology is a very useful tool but if you allow the wrong people to remotely connect, they can be doing things in the background that you may not be aware of. For example, whilst speaking to you they can be downloading software that they can then use to convince you that your computer has a problem – i.e. displaying fake error messages. Needless to say, they can also be gathering information from your computer too.

They can also leave software on your machine which in many cases is very difficult to spot. You should only allow people to connect when you have approached them – never from a phone call or email coming to you out of the blue, no matter how believable or what they appear to know about you.

Logins not working

One of the first steps a hacker might take would be to change the computers passwords. By doing so, not only do they ensure future access to the account, they prevent you from accessing the system to stop them. For the hacker, this is a crucial step that keeps them in control.

Being hacked is not the only reason why you may not be able to login, but it is a possible symptom that you need to bear in mind. We always need to make sure to keep on top of our own login details and how often we change them.

Security Emails or SMS’s from online services

Many services track which device and location you logged into your account from last. If your account is accessed from a new device or a different country it might trigger an automated email or SMS to ask if this new login is your own.

If you have logged in using a new computer, tablet, or phone; an email that asks “hey, is this you?” need not be cause for alarm. If you haven’t, it may be time to investigate further. This service is an important part of information security and may be a key first step to identify someone else gaining access to your account.

Bank accounts – strange transactions

Most commonly today, hackers commit crimes to steal money. The end goal for hackers is typically to profit from their crimes by taking money from people online. Obviously it pays to keep a regular eye on your financial transactions to make sure you know what money is coming and going from your account, especially when doing online banking.

Whilst you may see a large sum missing where hackers have attempted to take as much as they can in a single transaction, this is not always the case. Alternatively small, hard to notice transactions may sometimes appear. These often account for small purchases where attackers have tested the details that they have, to make sure they work. Hackers may even wait months before attempting a transaction.

Either way, the sooner you spot unusual or unrecognized transactions, the better.

Sudden loss of cellular connectivity

Mobile network interruption is a symptom that few people expect but occurs commonly when hackers attack. Many banks and online services use a security feature known as Two-factor authentication. To do this they send a short code to your phone or app when you log in. Two-factor authentication is ideal in most cases and is a great boost to security.

Determined hackers can try to work around this by calling your mobile service provider to report your phone as lost or stolen. During this call, they will request your phone number be transferred to a new sim card that they control. When your bank sends its regular two-factor authentication code to the number registered, it goes instead to the hacker who may be able to log in. From your perspective the phone service will simply stop working.

Unusual or unrecognized icons

In many cases hacking software tries to be stealthy and not be seen, but there are some that do not hide themselves so much because the hackers believe that it may not be noticed. A common one is remote connection software that can only be seen as a tiny icon in the bottom right-hand corner of a Windows computer, which automatically starts up every time you switch the computer on. It is hiding amongst all the other small icons and is frequently overlooked.

Similarly there may be an icon appearing on the Desktop which you do not recognize or remember installing, or your normal search engine changes to something else – if a virus or malware has caused this, what else is going on?

Keeping vigilant and maintaining security

These are only some of the modern techniques that hackers can try to use to gain access to your accounts. You don’t need to be paranoid but it pays to be extra vigilant and pay close attention to the signs and signals that indicate you may have been hacked.

Also, make sure that you have a good security product installed – it makes it that much harder for hackers.

If you suspect that you might have been hacked, or would like help to prevent hackers in future, give us a call on 01455 209505 and we’ll help improve your security.

Top 5 I.T. Problems for Businesses

Top 5 I.T. Problems for Businesses

Companies that suffer security breaches nearly always have at least one of these IT security problems. Do any apply to your company?

No Backups

A shocking number of businesses are not backing up their data properly. According to market research company Clutch, 60 percent of businesses who suffer a data loss shut down within six months.

Not only should every business be fully backing up their data, but their backups should be regularly tested to work too. It’s a step that businesses miss surprisingly often. Many businesses don’t find out that their backup can’t be used until it’s already too late.

Reactive and not proactive

The world is constantly changing. The IT world doubly so. Attackers are always figuring out new ways to break into businesses, hardware evolves faster than most can keep up, and old systems fail due to wear and tear far quicker than we would like. A huge number of businesses wait until these issues impact them directly before they respond.

The result is usually higher costs, longer downtime, and harder hitting impacts.

By responding to hardware warnings before it fails, fixing security holes before they’re exploited, and upgrading systems before they are out of date: IT can be done the right way. Being proactive about your IT needs means systems don’t have to break or compromised before they are fixed. The result for your business is less downtime, fewer losses, and lower IT costs.

Weak Passwords

A surprising number of people will use the password “password” to secure some of their most important accounts. Even more still will write their own password on a post-it note next to their computer or allow everyone else to know what the password is. In some cases, many will even use no password at all.

Strong passwords act, not only as a barrier to prevent unwanted entry, but as a vital accountability tool too. When system changes are made it’s often essential that the account that made changes is secured to the right person. With an insecure password or worse; none at all, tracking the individual responsible for reports or accountability becomes impossible. This can result in both auditing disasters on top of technical ones.

Insufficient Staff Training

Humans in the system are commonly the weakest point in IT security. Great IT security can be a bit like having state-of-the-art locks on a door propped open with a milk crate. If staff aren’t trained to use the lock, it’s worth nothing at all.

Many times businesses can justify spending big on security for the latest and greatest IT defences but the very same firms may exceed their budget and spend almost zero on training staff to use them. In this instance, a little goes a long way. Security training can help staff to identify a threat where it takes place, avoiding and mitigating damage, often completely.

Weak Data Controls

Some companies can take an ad-hoc, fast and loose approach to storing professional data. Often crucial parts can be spread across many devices, copied needlessly, and sometimes even left unsecured. Client data can be found regularly on employee laptops, mobile phones, and tablet devices. These are famously prone to being misplaced or stolen out in the field along with vital client and security data.

It can be easy for both employees and firms to focus on the costs of devices and hardware purchased for the business. The reality is that the data held on devices is almost always worth many times more than the device that holds it. For many firms, their approach to data hasn’t been changed since the firm was first founded. Critical data is often held on single machines that haven’t been updated precisely because they hold critical data. Such machines are clearly vulnerable, outdated, and prone to failure.

Common problems with simple solutions

Each of these common issues have simple solutions to secure against IT failure. With a professional eye and expertise in the field, every business should be defended against IT issues that risk the firm.

If you need help securing your IT to protect your business, give us a call on 01455 209505.

Are Registry Cleaners a Good Idea?

Are Registry Cleaners a Good Idea?

We regularly see programs on customer computers that claim to be “Registry Cleaners”, “PC Boosters” or similar names, so we thought it best to talk about these so-called ‘helpful’ bits of software.

For example, a recent virus infection near Lutterworth was the direct result of one of these software programs.

You may have been alerted by popups while browsing the web, by (often flashing) advertisements claiming that your computer has hundreds or even a thousand errors requiring urgent attention to fix. Perhaps helpfully, these popups offer a solution to cure your computer with a click of the mouse and buttons marked “fix now” appear to offer a simple fix to all your computer troubles.

These advertisements are often described as “Registry Cleaner”, or by a few other names that attempt to convince the user they will somehow clean or improve their computer, such as “Optimizer”, “Tune Up” and the like. Within the IT industry they are known as “scareware” – they are software programs designed to convince you that your computer has problems that it might not have.

Are they trustworthy?

Almost all popups and advertisements that use banners saying “Fix now for free” are not trustworthy at all. They are little more than a scam attempting to take your credit card details, PC data or both. These programs might claim to scan your computer and show a convincing list of plausible sounding computer problems. Using this, they will ask for payment to “fix” these problems, to get your PC back in shape again.

At worst, these advertisements can be downright malicious. Some may attempt to use fake warnings and scare tactics to trick customers into installing spyware on their own computers. When installed, spyware will attempt to steal information in the background. Attackers may use this technique to steal usernames, passwords, emails, and credit card details and sometimes the first sign a user has that something is wrong, is when a virus scan detects software doing something it shouldn’t be.

Quite often, you can find that the program itself will automatically download further scareware or malware.

Do I need to clean the Registry?

The Windows Registry is a collection of settings that essentially cover everything on your computer, from the desktop that you see when you log in (which may be different to someone else’s) to important settings for programs that are installed. The Registry is vital to your computer and if it is corrupted or incorrectly modified, it can cause your computer to be unusable.

As professional technicians, we do not go into the Registry unless we have to and then only after backing it up first, so that it can be replaced if necessary. Even though searches on Google, Bing etc. and forums show entries routinely talking about changing this and modifying that in the Registry, we do not recommend doing so.

More importantly, we do not recommend letting any computer program do it either, but don’t just take our word for it. Microsoft do not supply a Registry Cleaning program for good reason and they actively discourage people from using one.

What about Optimising?

The Windows system and various applications installed on your PC do leave files stored your computer. These files can stay behind or go out of date even after the application that initially made them has been removed. These files can use up a little space on the hard drive and generally cause minor clutter within the system.

Despite the large amount of “scareware” and fraudulent computer cleanup scans out there, legitimate applications designed to clean your system do exist. This can be something we cover and is often done as a single small part of a complete computer tune up. Keeping up with out of date files and freeing up unused space is worthwhile and can be considered “good housekeeping”.

However, the vast speed boosts many online advertisements claim to unlock, by simply moving files around are almost always false.

Do your research before installing any program that purports to “Optimise” your computer, especially from an advert or worse still, a pop-up. Also check to see if that program has a Registry cleaning module and if it does, switch that module off.

Remember that computers are commonly upgraded and can be boosted by more conventional means. If the speed of your PC is no longer up to the task, there are ways in which we can unlock far greater gains than simple housekeeping chores.

PC “Boosters”

Some programs claim to boost the performance of your computer, but again we do not recommend letting a computer program automatically change important system settings, which may have a negligible impact anyway.

Relatively low-cost hardware components such as memory can often be added to boost the speed of even an older PC and unlock a new lease of life. Depending on the computer, upgrading the computers RAM can double the working memory available to the operating system. With extra memory, many programs can keep more information available to work with and this upgrade can reduce loading times and increases the computers ability to run more programs at once.

Another common speed boosting upgrade involves how we store and load data from the computer. Switching from an older style mechanical hard drive to a modern Solid State Disk (SSD) can bring down the startup and loading time of any PC – again depending on the age and condition of the computer in the first place.

These upgrades offer boosts in speed to rival a modern system at only a fraction of the cost originally paid for the computer. Upgrading the RAM, swapping to an SSD, or doing both will provide an instant, dramatic, and safe improvement to the speed of your PC, without introducing dodgy or po.

The most important thing to remember, is to not trust Registry Cleaning programs if at all possible and if you must access it, back up first or better still, get a professional to help you. When it comes to Tune Up programs, check the programs out by reviews and search engine research, before letting that program anywhere near your computer, let alone paying for it.

If your computer is running slow give us at a call on 01455 209505 to arrange a real and professional cleanup.

Protecting your Privacy Online

Protecting your Privacy Online

Maintaining your privacy while using the internet has become more challenging over the years. The recent Facebook privacy scandal made that abundantly clear, with users shocked at how much information had been recorded about them. While it’s almost impossible to enjoy the internet and leave zero digital footprints, there are things you can do to hide your online activities – some more effective than others.

1. Get a virtual private network (VPN)

A fancy name that means that an encrypted connection is created between your computer and the VPN company, so that when you visit a website, the website can only see the VPN company computer – not yours. VPNs aren’t just for business and downloaders now, they’ve gone mainstream and are even advertised on national TV (such as NordVPN advertisments).

The other computer could be in another city or another country, which is why some people use VPN’s to watch movies and programs that you do not get in the UK, as you can get extra content in other countries and can access that extra content if the VPN computer is in that country (although this is usually frowned upon by providers such as Netflix who actively try to block it).

You essentially run around the internet pretending to be another computer in another location. Since your connection is encrypted, even your broadband company can’t see what you’re doing online, making your usage anonymous.

The downsides: Because your internet usage has to route through another computer first, your browsing and download speed could be affected. Some (not all) can be tricky to set up and not all VPNs offer the same privacy levels (the better ones tend to be more expensive). Some websites may even block visits from people using VPNs, so you may end up switching it on/off as required.

2. Go Incognito, InPrivate or Private Window

Most browsers have a private browsing mode, each called something different. For example, Google Chrome calls it ‘incognito’, Microsoft calls it ‘InPrivate’ and Firefox calls it ‘Private Window’. Before you take the name at face value, it’s a good idea to talk about how they define ‘private’.

Unlike a VPN where you can dance around the internet anonymously, private browsing simply means it won’t show up in your browser history, or what you entered into forms. This feature is free, so you always have the option to use it, and it’s actually more helpful than you might think. Common uses include price shopping to reset sale timers, access local-only pricing and overriding usage limits on certain sites.

Some sites use cookies to control your free trials and private browsing can help you get around that.

While private browsing can help keep your internet usage under wraps, it’s not a magic bullet to cover all possibilities. Many people believe they’re invisible AND invulnerable while private browsing, a mistake they end up paying for.

The downsides: It can’t pre-fill saved passwords and it won’t help you type in the website name even if you’ve been there before.

3. Always think about who’s watching

While you might be naturally careful when using a public computer, have you thought about who’s watching what you do on your work computer? Some workplaces have employee monitoring software that tracks all sorts of data, including taking screenshots of your desktop. It helps them create rules about computer usage but it may also provide them with evidence you’ve been breaking those rules.

Stepping out to the internet cafe can be even more risky, as people can install keyloggers that record every keystroke, including your credit card numbers and logins. You’ll never know your activities are being recorded, even if you use private browsing.

The downsides: Being aware of who may be watching? None.

Awareness of the risks and the possibility of being watched ensures you’re more likely to use the internet safely.

Whatever you choose to do to protect your privacy, you’ll still need solid anti-virus and password habits to protect against threat, and to be a smart internet user who avoids suspect websites. Consider the options above as privacy-enhancing measures, not one-stop solutions.

Need help with your online privacy? Give us a call on 01455 209505.

How to Securely Dispose of Old Computers

How to Securely Dispose of Old Computers

Getting a computer can be exciting, but what happens to the old ones? Depending on the age, some people sell them, others throw them out. That’s the easy part – the problem is the sensitive data on them. There are passwords, account numbers, license keys, customer details, medical information, tax returns, browser history…. the works.

Whether it’s for home use or business use, laptops, tablets or desktop hard drives contain a treasure trove of sensitive information that cybercriminals would love to get their hands on. Unfortunately, hitting ‘delete’ on your files doesn’t actually make them disappear, nor does waving a strong magnet over the drive. These mistakes have cost businesses millions over the years.

Why hitting ‘delete’ doesn’t help

Data on a hard drive works like a book with an index page. Every time data is written, it pops a quick entry into the index so that when you need it again, it knows where to look. The index is used for files you create as well as system files you can’t even see. Sensible, right?

Except that if you delete a file it isn’t physically deleted – it’s more like changing the index to say that nothing is on page 10 and you can write something else there when you’re ready. But if you ignore the index and manually go to page 10, you’ll find that the information is still there – the file exists until it has been written over.

The only thing that is deleted is the index reference, not the file itself.

Re-using the computer

Most people are unaware that specialized data cleanup is necessary if the computer is to be reused.

A 2016 experiment proved just how dangerous the situation can be when 200 used ex-business hard drives were purchased and 67% held unwiped, unencrypted sensitive data, including sales projection spreadsheets, CRM records, and product inventories. Frighteningly, they didn’t need any special hacking skills to get this data, it was all right there and helpfully labelled.

It’s also not surprising that with simple data recovery tools, people have also been able to access British NHS medical records and defence data, all waiting patiently on a discarded hard drive.

Wiping data before re-use or selling

Data on a hard drive can only be securely deleted if the area on the drive that contains the data, has been overwritten enough. There are specialist tools available to ‘deep-read’ a drive, so the success of overwriting a drive depends on how effectively it has been overwritten.

For example the US Defence Department requires a drive to be overwritten a number of times, including using random characters, (not just ones and zeros as some programs use) before they class the drive as securely wiped.

There are software tools you can get to do it yourself, as well as dedicated security firms, but your best option is to choose an IT business you know and trust as some software does not clear the hard drive sufficiently. With that in mind, a methodical approach is required to ensure not a single drive is left untreated as you don’t want to leave data behind, or even clues that a motivated person could extrapolate any private information from.

We can migrate any needed data, backup the information then securely wipe or destroy the hard drives for you.

Data when disposing of a computer

When we supply new computers to homes or businesses, we copy the data from the old computer and transfer it into the new one, so things like documents, photos, even internet browser favourites are in the same place on the new machine, ready to use. But the old hard drive is still there, containing all the private data that you don’t want to allow into the wrong hands, so what is the best thing to do?

We give the customer a choice. We hand the customer the old hard drive so that they can either keep the drive securely at home, or at their business – not only can they be sure that the information is still secure but this has the added benefit of having a backup copy available, should it be needed.

Alternatively, they can simply destroy the drive and the rest of the old computer can just go for recycling. Computers need to be recycled as they contain metals such as lead, mercury and cadmium which is not intended for landfill or incineration. Also there are metals (including rare and precious metals) which can be recovered.

You don’t even need special equipment to destroy it, either smash the drive or use some other method of physically destroying it, such as drilling – just be very careful! If the drive is a mechanical one with spinning platters, once damaged beyond repair it is highly likely that no-one could get to your data.

Whether you are passing on, selling or just throwing away your old computer, always bear in mind that the hard drive inside it contains important and sensitive data, so you do need to make a decision about what to do with the drive.

Need help with your old hard drives? Give us a call on 01455 209505.

Why You Need 2-Factor Authentication

Why you need 2-Factor Authentication

You hear about hacks all the time, whether its major websites who have had data leaks containing email and passwords, or computers getting infected and login details for bank accounts and credit cards being obtained. In the worst cases, identity theft occurs because it is an easy crime to commit with a high reward.

Why Passwords are Not Enough Anymore

In 2018, the passwords you used to trust to keep the bad guys out of your accounts, are simply not enough anymore. Cyber attackers now use methods such as ‘phishing’ (pretending to be trustworthy), ‘pharming’ (redirecting to a fake website), and keylogging (monitoring keyboard strokes) to steal your password. Some have the power to test billions of password combinations.

If you’re like the majority of people, you use the same password for several websites. That means anybody who has figured out that password has access to everything you’ve logged into with it. In a time when it is extremely easy to look up what a person named their first pet or high school mascot thanks to social media, such security questions aren’t much help.

Consider how a jewellery store operates. They don’t simply keep their valuables locked away with one key. There are alarms ready to be triggered, motion detectors, and sometimes even bars on the windows. Your data is valuable, just like jewellery. You need more than one line of defence to protect it.

What is 2-Factor Authentication?

In the computer world, your second line of defence after your username and password combination is called “2-factor authentication.” 2-factor authentication is a way to double check a person’s identity by sending a text or email code to confirm that the person logging in, is the genuine person. No code – no login.

It is sometimes referred to as ‘multiple-step’ or ‘multi-factor’ verification, depending on the company using it.

This can be enabled every time a person logs in or just under certain circumstances. For example, signing in from a new device or different country might trigger 2-factor authentication.

Many of the services you may already use, such as Facebook, Gmail, and more, have 2-factor authentication options already. If your bank has ever sent you a special code through text or email to enter before logging in, you’ve already used a type of 2-factor authentication. They can also be in the form of a smartphone app or a physical electronic dongle.

2-factor authentication is absolutely crucial for online banking, email, and online shopping such as Amazon or PayPal. It’s also a must-have for cloud storage accounts (like Dropbox or Sync), password managers, communications apps, and productivity apps. This is especially true if you frequently use the same passwords for different websites and apps.

When should I use it?

Clearly, as much as possible. Some may consider 2-factor authentication unnecessary for social networks, but these are actually very important to keep safe. For ease, a lot of websites and apps allow you to sign up through your Facebook or Twitter account so you need to keep these networks safe, so that somebody with your password can’t suddenly get into every account you have linked.

The point of using 2-factor authentication is to make hackers’ lives harder and prevent them from getting into your accounts. If they have captured your login username and password, they still need a second device to get in, especially when the computer or phone they are using has never logged into your account before. This makes it significantly more difficult for anybody to breach your account.

Plus, if you receive a notification with a special code to enter for logging in, and you weren’t trying to log into that account, you have a good signal that somebody else was trying to get in. That means it’s time to change that password and be grateful you had 2-factor authentication.

It’s unfortunate that there is currently an abundance of skilled hackers ready to take advantage of those unprepared. Luckily, you can still stop them -even if they have your login information at hand. 2-factor authentication is one of the easiest methods to keep your accounts safe.

If you want help in securing your accounts, give us a call on 01455 209505.

Telephone Fraudsters are Back in the Area

Due to a sharp rise in the number of calls we are getting about telephone fraud, where criminals pretend to be broadband companies in order to connect to peoples computers, we thought a reminder would be useful – and hopefully you will not be caught out.

A few years ago, TalkTalk made the news after admitting that they had been hacked and large amounts of customer private data had been accessed illegally. At that time there were a number of scammers pretending to be from TalkTalk, phoning people trying to get remote access to their computer by saying that they were infected or their emails had been hacked.

Unfortunately, the scam continues and the same scammers can pretend to be from BT, Microsoft or any other well-known and well-used company. The idea is to convince people into allowing them to access their computers to either create a problem (to pretend to fix), to syphon details to be used later in ID and bank fraud, or just to scare the customer into handing over money.

Scammers are back

We are currently seeing an increasing number of cases where scammers are using the BT excuse. They call out of the blue, say something like your broadband router has a problem or that your computer has a virus or other issue. In many cases they are so believable that they may accidentally mention something that may actually be true, for example that you have had issues with your email.

Once they have connected to your computer, unknown to you they actually cause the damage that they are pretending to help you with, and/or put something on your computer that seems to support what they are saying.

Big companies like BT and Talk Talk have hundreds of thousands of customers, so the criminals doing this scam can pretty much guarantee that they will get an actual customer if they ring enough people.

How to identify its a fraudulent call

Remember that legitimate companies would never call you to ask for passwords or any other personal information. They will not contact you out of the blue to ask to remotely access your computer for any reason.

If you have an actual broadband problem for example, no broadband company will call you first – its up to you to report it.

Similarly, no-one can tell if you have a computer virus, so if someone calls saying that, you know that they are fake.

What to do if they call

If you do get a call from someone saying that they are from BT, TalkTalk or any other company, no matter how believable they are, do not let them access your computer under any circumstances.

They can do this in a number of ways, for example getting you to download something or getting you to go to a specific website, where they can initiate a download without you knowing.

Go to the genuine company website, get contact details and call them, to make sure that the person you are talking to is genuine. Never click on a link or go to an address that they give you – always use the genuine website address yourself.

Also, remember that remote connections can be used legitimately too and you should not be put off using it – just be especially careful who you allow to connect remotely to your computer.

One of the worst things we see is that having been conned, many people cannot believe that they have fallen for it. If you have been conned by these people, do not be too hard on yourself about it. They have had plenty of practice and can be extremely believable, with people from all backgrounds falling for the scam.

If you think that you may have already been scammed or want help, give us a call on 01455 209505.

Why a Business Website needs to be HTTPS

Why Business websites need to be HTTPS

You may have noticed many business websites now have a green padlock in the address bar next to the letters ‘https’. Until recently, you’d only see that on shopping or banking sites, but it’s now become the expected norm for all business websites – even if you don’t ask people to log in or enter credit cards.

Simply put, the ‘s’ in https stands for ‘secure’ and means any data sent and received by the website visitor is encrypted. It’s an essential feature for e-commerce sites, but why have all the info-only websites started using https too?

The New Google Rule

As of July 2018, Google will mark your page as insecure unless you’re using https. It’s a movement they started a few years ago to make the internet a more secure place by default. Since Google pretty much rule internet search and increasing security is always a good idea, businesses have been gradually switching over.

Without https protection, someone with access to your internet connection, whether from digital eavesdropping or hacking, could intercept the information. They could also place malware onto otherwise legitimate sites and infect innocent visitors. That’s why eighty-one of the top 100 sites online have already switched to https and a strong majority of the web is following suit.

The Browser Bar Says It All

In the same way a green padlock in the browser bar indicates a trustworthy site, you can expect non-https sites to be marked with a “not secure” warning. Previously, users had to click an information symbol to actively investigate non-secure sites. The shift to plain sight markers will be most noticeable on Chrome, however it’s expected that other browser developers will follow suit.

Visitors may be concerned when landing on your site and seeing that the connection isn’t secure. The fact that you may not be asking them to log in, enter personal details or payment is irrelevant. You may not be asking them to enter anything at all, but perceptions matter.

Eventually that warning will be changed to an alarming red as Google declares war on unsecure sites. As the common understanding is that a warning = bad, you may get more visitors bouncing away within seconds or even contacting you to report that your site has a problem.

SEO Boosts for Secure Sites

Google is taking its commitment to safe web browsing further by favouring https. That means that their search algorithm is taking your site security into account, preferring to display results that it knows will protect users from hackers. Since https status gets the nod, you may find yourself climbing in the ranking while other businesses scramble to catch up. It really is a win-win situation.

What to Do Next

In an ideal world, your site would have a secret switch on the back-end that you could flick over and suddenly be https, but it’s a little more complicated than that. In fact, you may have already noticed some sites experiencing trouble with the migration. When the setup goes wrong, users don’t see your website with a little warning in the corner, they’re blocked by a full page error and offered a return to ‘safety’ (away from your site).

The easiest way to make the move to https is to contact your IT technician or web developer, as they’ll be able to make sure you’re keeping Google happy and displaying that green icon.

Need help migrating your site to https? Call us on 01455 209505.

Should You Pay for a Ransomware Attack?

Getting hit with a ransomware attack is never fun, your files get encrypted by cybercriminals and you can no longer access them, so you’re left having to decide: should we pay to get them back? It’s a scene that’s played out across the world with 70% of businesses saying ‘yes’ in 2016 alone.

Here’s what you should consider if you’re ever in this situation.

Do you trust them?

Besides the fact that they’re criminals holding your data hostage, how confident are you that they’ll send the decryption key or that it will even work? Most attackers demand you send the payment via untraceable Bitcoin, so you have no recourse if they take it and run. You’re also equally trapped if they decide they asked too little and come back with increasingly higher demands.

If they do send the decryption key and you successfully decrypt your files, be aware they still have access to your systems and can hit you again at any time until your network is disinfected by experts. Businesses don’t exactly want their breach publicized either, so many don’t admit to paying the ransom, whether it went to plan or otherwise.

Can you manage the impact of a Ransomware attack?

Best case scenario, you can wipe the affected drives and restore from a clean backup without paying the ransom. You might even decide the encrypted files aren’t that important and simply let them go, or even wipe a whole laptop or workstation.

On the other hand, if your data management comes under any special regulations, like health or legal, you may find the attack has a much wider, more intense impact.

The attacker will usually give you a countdown to motivate a payment, with a threat of deletion when it hits zero. If the data isn’t that valuable, or you have confirmed backups, this urgency has no effect.

There are also new types of ransomware like KillDisk which can permanently wipe your entire hard drive.

How much do they want?

Cybercriminals rarely send out global attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals (remember the NHS Ransomware incident not too long ago) are hit with very high demands, while small business demands are more modest. They may be criminals, but they’re smart people who know your financial limits.

They’ll also consider how much similar businesses have paid and how quickly, then expect you to follow suit.

Are your backups good?

Many businesses are discovering too late that their backup systems aren’t robust enough to withstand this type of attack. Either they’ve become infected too, they weren’t up-to-date or they backed up the wrong data.

It’s worth doing some quick checks on your backup processes as even if you have to take the system down for a day as you recover, you’re still light years ahead of those without them.

Can you prevent Ransomware attacks in the first place?

There may have been a time when you didn’t have to consider ransomware as an issue and just had to have some form of basic antivirus service running on your computer – but unfortunately this is no longer the case. You need a good security system in place that includes some form of ransomware protection.

Ransomware is constantly evolving and security is always playing catch-up, so go for the best performing security system – not necessarily the cheapest.

Reduce routes of infection

Ransomware is showing no signs of slowing down. As more businesses keep them funded the cybercriminals are steadily launching new attacks and making it their full-time job. Most attacks come via phishing emails – those emails that trick employees into clicking a link – and they can be extremely convincing. While training helps people spot them, it’s no guarantee.

We recommend using business-class spam filters to catch these types of emails before they land in your employee inboxes so that triggering a ransomware attack becomes something that happens to other businesses, not yours.

Secure your data systems now, we can help! Call us on 01455 209505.

Fake Invoice Scams are on the Rise

Businesses around the world are being struck with a cyber-attack that sends victims a fake invoice that looks real enough to fool to most employees. It’s an old scam that used to see bills faxed or mailed in, but it’s made its way into the digital world and instances are on the rise.

Chances are you’ve already seen some of the less effective attempts, like an email advising your domain is expiring, except it’s not from your host and your domain is nowhere near expiration. These new attacks are more advanced, in that they look completely legitimate and are often from contractors or suppliers that you actually use.

Logos are correct, spelling and grammar are spot on, and they might even refer to actual work or invoice numbers. The sender name may also be the normal contact you’d associate with that business, or even a co-worker, as cybercriminals are able to effectively ‘spoof’ real accounts and real people. While it’s worrying that they know enough about your business to wear that disguise so well, a successful attack relies on you not knowing what to look for, or even that fakes are a possibility. With that in mind, here are two types of invoice attacks you might receive:-

The Payment Redirect

This style of fake invoice either explicitly states payment should be made to a certain account, perhaps with a friendly note about the new details, or includes a payment link direct to the new account. Your accounts payable person believes they’re doing the right thing by resolving the invoice and unwittingly sends company money offshore.

The problem usually isn’t discovered until the real invoice from the real supplier comes in or the transaction is flagged in an audit. Due to the nature of international cybercrime, it’s unlikely you’ll be able to recover the funds even if you catch it quickly.

We have come across two small business customers recently which have been affected by this scam, locally in Lutterworth and Burbage, so it does happen to businesses of all sizes.

You may well be thinking that you would not be caught out by this – but can you say that about all your employees?

The Malware Click

Rather than go for the immediate cash grab, this style of attack asks your employee to click a link to download the invoice. The email may even look like the ones normally generated by popular accounting tools like Quickbooks (or some other well known accounting package), making the click seem safe. Once your employee has clicked the link, malware is downloaded that can trigger ransomware or data breaches.

While an up-to-date anti-virus should block the attack at that stage, it’s not always guaranteed, especially with new and undiscovered malware. If it does get through, the malware quickly embeds itself deep into your systems, often silently lurking until detected or activated.

How to Stay Safe

Awareness is key to ensuring these types of attacks have no impact on your business. As always, keep your anti-virus and spam filters up to date to minimize the risk of the emails getting through in the first place. Third party spam filters on top of your security software may also help.

Then, consider implementing a simple set of procedures regarding payments.

These could include verifying account changes with a phone call (to the number you have on record, not the one in the email), double checking invoices against work orders, appointing a single administrator to restrict access to accounts, or even two-factor authorisation for payments.

Simple pre-emptive checks like hovering the mouse over any links before clicking and quickly making sure it looks right can also help. Like your own business, your contractors and suppliers are extra careful with their invoicing, so if anything looks off – even in the slightest – hold back on payment/clicking until it’s been reviewed.

Also consider placing a message on your email signature which includes the warning that you would never advise of a change your bank details by email – only by phone or personally – to help prevent other people from falling for it.

Fake invoices attacks may be increasing, but that doesn’t mean your business will become a statistic, especially now that you know what’s going on and how you can stop them.

If you need help to increase your security, talk to us today. Call us on 01455 209505.