Archive for Security – Page 2

4 Reasons to use Anti Spam Filtering in your Business

Anti Spam for your emails

Remember when spam was obvious and it was easy to identify and ignore? Those were the days! The impact on your business would have been minimal, as spam was more an annoyance than anything else.

Spam has matured into an aggressive threat, marked by sophisticated attacks and rapidly evolving techniques. It’s not just random electronic junk mail anymore and it’s putting a costly strain on your business resources, as well as global resources as spam email accounted for a whopping 85% of all email in January 2018 (source: Cisco Talos).

Unfortunately built-in spam filtering from your server or security software may not be enough to fight the spam threat effectively.

How Spam Impacts Your Business

Spam now contains malware, with hackers sending cleverly disguised emails to your business. Once clicked by an employee, it infects your computer system (virus) or steals your private data (phishing) or even both. The malware can then spread across the entire computer network and beyond, including to your clients and vendors.

The very fact that your employees must pause and examine every single link and attachment adds hours of lost productivity and occasionally, spam is so convincing that only an expert would be able to visually identify it. Employees are also more likely to miss an important email, either not seeing it arrive at the same time as a spam attack or becoming overwhelmed with the sheer number of emails.

How Anti-Spam Filtering Can Save Your Business

1. Block threats:

The spam filter’s purpose is to block the spam from ever reaching your employees’ screens. The threat is automatically identified and either held securely or immediately deleted. This is the best way to avoid activating spam malware, as it’s so easy to click through links in an email that seems authentic and important. The effects of that one spam click may be instantaneous or may lie hidden for months. Removing the email before it becomes a risk is a much better option.

You should get a spam filtering solution that provides you with your own control panel, which allows you to identify any spam that gets through as well as being able to check for any false positives (although this should be minimal with a good filtering system).

2. Filter legitimate emails:

Real mail needs to be able to stand out and avoid the trash. Anti-spam filtering has sophisticated recognition abilities which block spam only and allow real mail to land safely in mailboxes.

3. Meet data regulations:

Many businesses are subject to strict privacy and data storage regulations, some more so than others. To continue operation, they have to meet conditions including always using spam filtering to reduce the risk of data breach.

4. Protect your business reputation:

You can see how uncomfortable CEOs are when they hold press conferences to admit a breach. They must acknowledge that they failed to protect client data, or that users may be infected with a virus. Not only do they then face financial loss, their business reputation takes a nosedive. Anti-spam filtering can help to prevent these types of scenarios from happening to you.

Filtering has come a long way in recent years, with complex algorithms identifying and catching spam before it becomes a risk to your business. Real emails can now pass safely through without the classic cry of ‘check the spam folder’, and businesses can work with greater productivity and safety than ever before.

You need email, but you definitely don’t need spam or the chaos it brings to your business.

We can block spam and keep your legitimate emails flowing. Call us on 01455 209505.

New Google Chrome Browser Scam

New Chrome browser Scam

A new scam targeting the popular Google Chrome browser has been reported, which attempts to panic users into calling a number and – you guessed it – providing a card number to pay to ‘fix’ the non-existent problem.

The way they do this is to display a fake error message in the Chrome browser: –

Fake Chrome Scam Security message

As well as displaying this message, they make the browser completely unusable by making Chrome download and save high numbers of files at so fast a pace, that the browser freezes.The notification that the downloads are happening can appear so fast and then disappear, so that users may not see it and be warned by it.

Chrome Scam downloads

Pretty soon, the computer processor and RAM resources gets used up, leading to the point that the whole computer is rendered useless, which adds to the panic.

The scammers hope that by the user panicking, the phone number is called.

This scam can be introduced onto systems through a website that has been hacked or by malicious advertisements.

What to do if you get this Scam message

In Windows, press the Control + Alt + Delete keys and select Task Manager – with the Chrome browser highlighted, click ‘End Task’. Then the usual virus/malware scanning should be done.

In MacOS, select ‘Force Quit’ by pressing Command + Option + Escape, to do the same.

So if you are unlucky enough to get caught in this scam, whatever you do, do not call the number. Close the browser and run thorough scans using a good security package.

If you need help, call us on 01455 209505.

Stop your Business becoming a victim of Social Engineering

Social Engineering is a danger to your business

You can have top-notch security in place in your business, but there is still one danger – ‘social engineering’. Most people have never heard of it but perhaps the more familiar term is ‘con’: the art of manipulating people to take certain actions or divulge private information.

Social engineers are a special type of hacker who skip the hassle of writing code and go straight for the weakest link in your security defences – people. A phone call, a cheap disguise or casual email may be all it takes to gain access, despite having solid tech protections in place.

Here are just a few examples of how social engineers work:-

Email

Pretending to be a co-worker or customer who ‘just quickly’ needs a certain piece of information. It could be a shipping address, login, contact or personal detail that they pretend they already know, but simply don’t have in front of them. The email may even tell you where to get the data from.

The hacker may also create a sense of urgency or indicate fear that they’ll get in trouble without this information. Your employee is naturally inclined to help and quickly sends a reply.

Phone

Posing as IT support, a government Official or customer, the hacker plausibly and quickly manipulates someone into changing a password or giving out information. These attacks are harder to identify and the hacker can be very persuasive, even using background sound effects like a crying baby or call-centre noise to trigger empathy or trust.

In person

A delivery man in uniform gets past most people without question, as does a repairman. The social engineer can then quickly move into areas of your business that may have sensitive information. Once inside, they essentially become invisible, free to install network listening software or devices, read a note with a password on it, or tamper with your business in other ways.

For example, if your Wi-Fi code is visible (and we see this all the time on ‘post-it’ notes and written signs) then the hacker can get access to your network simply by sitting in a car outside your building and connecting to your network with that password.

Then, with the right knowledge and software, they can cause all sorts of issues.

It’s impossible to predict when and where (or how) a social engineer will strike. The above attacks aren’t particularly sophisticated, but they are extremely effective. Staff naturally try to be helpful, but this can also be a weakness.

Not just in Businesses either – remember that there are regular reports of people being conned by plausible sounding phone calls out of the blue, from people pretending to be from your broadband company or Microsoft – just wanting to get connected to your computer.

So what can you do to protect your Business? First, recognize that not all of your employees have the same level of interaction with people, the front desk clerk taking calls all day would be at higher risk than the factory worker, for example.

We recommend that there should be awareness of the possibility of a security breach – you don’t need formal cyber-security training for each member of staff but the level of risk needs to be identified, focusing on the types of scenarios staff might find themselves in.

Social engineering is too dangerous to take lightly, and unfortunately far too common.

Talk to us about your cyber security options today. Call us at 01455 209505.

Search Google More Safely

Search Google more safely

We all use Google, quickly finding everything we need on the Internet. It’s replaced dictionaries, encyclopedias, instruction manuals, newspapers and in many cases, even doctors (not such a good thing!).

However, sometimes your search results aren’t the real thing and can be downright malicious. For example, we regularly find that customers search for, say, a printer driver software update and they type in something like “XP442 printer driver” . A close look at some of the results shows things like ‘ epsondrivers.org ‘ or ‘ printerdriversforyou.com ‘ – not the manufacturers official website – so you may get a driver but you are very likely to get something unwanted too!

Here’s how to search more safely: –

Pay attention to the URL in Google

Below every result title there’s a URL (website address) in green. No matter what the title says, this URL is where your mouse click will take you. Unfortunately, cyber-criminals will often list their site with a familiar and trusted title but link you to their scam/malware pages.

Another example can be the title of your bank name (eg, Example Bank), which seems legitimate, but the URL could be www.baabpjhg.com which is obviously not your bank. Sometimes they’ll attempt to trick you by putting the real site into the link too, eg www.baabpjhg.com/examplebank.com which makes it even more likely to catch you out when skimming through results quickly. When you visit the page, it might look exactly like your bank’s site and ask for your login details, which are then harvested for attack.

Whilst jibberish in the link is pretty easy to spot, sometimes they’ll take advantage of a small typo that you can easily miss. For example, www.exampebank.com (missing the letter L).

Notice Google search results v paid adverts

Google does a pretty good job at making sure the most relevant and legitimate sites are at the top of the list, however paid adverts will usually appear above them. Much of the time, these paid ads are also legitimate (and you can quickly check the URL to verify), but occasionally cybercriminals are able to promote their malicious site to the top and catch thousands of victims before being removed.

Similarly, well known businesses can pay for adverts, even though much of their software is classed as ‘Potentially Unwanted Programs’ and technicians remove them from computers every day.

Believe Google’s malicious site alerts

Sometimes Google knows when something is wrong with a website. It could be a legitimate site that was recently hacked, a security setting that’s malfunctioned, or the site was reported to them as compromised.

When this happens, Google stops you clicking through with a message saying “this website may be harmful” or “this site may harm your computer”. Stop immediately, and trust that Google has detected something you don’t want in your house.

Turn on Safe Search

You can filter out explicit search results by turning on Google Safe Search. Whilst not strictly a cyber-security issue, it can still provide a safer Google experience. Safe Search is normally suggested as a way to protect browsing children, but it also helps adults who aren’t interested in having their search results cluttered with inappropriate links, many of which lead to high-risk sites.

Switch Safe Search on/off by clicking Settings > Search Settings > Safe Search.

These are just a few tips to make your searching safer, but the most important is you – never take your internet security for granted and always be cautious when using any search engine, as they can only display what they find out there on the internet – good and bad.

Need some help securing your system? Give us a call on 01455 209505.

How to tell if your Computer has a Virus

How to tell if your computer has a virus

Sometimes computers do strange things that ring alarm bells and the next thing is that you’re running virus scans and demanding everyone come clean about their browsing habits. Fortunately, not all weird occurrences are caused by viruses – sometimes your computer is simply overloaded, overheating or in desperate need of a reboot.

Here are some tell-tale signs of a malware attack:-

1. Bizarre error messages

Look for messages popping up from nowhere that make no sense, are poorly worded or plain gibberish – especially if they’re about a program you don’t even have. Take note of anti-virus warnings too, check the warning is from YOUR anti-virus software and also that it looks like it should.

If a message pops up that isn’t quite right, don’t click. Not even to clear or cancel the message. Close the browser or shut down the computer instead, then run a full scan.

2. Suddenly deactivated anti-virus/malware protection

Certain viruses are programmed to take out the antivirus/antimalware security systems first, leaving you open to infection (this is why we advise our customers to always have all the system tray icons visible on the taskbar, on the bottom right-hand side). If you reboot and your protections aren’t back doing their job, you may be under attack. Attempt to start the anti-virus manually.

3. Social media messages you didn’t send

Are your friends replying to messages you never wrote? Your login details might have been hacked and your friends are now being tricked into giving up personal information or worse. Change your password immediately, and advise your friends of the hack.

4. Web browser acting up

Perhaps you’ve noticed your homepage has changed, it’s using an odd search engine or opening/redirecting to unwanted sites. If your browser has gone rogue, it could be a virus or malware, usually one intended to steal your personal or financial details.

Skip the online banking and email until your scans come up clear and everything is working normally again.

5. Sluggish performance

If your computer speed has dropped, boot up takes longer and even moving the mouse has become a chore, it’s a sign that something is wrong – but not necessarily a virus. Run your anti-virus scan and if that resolves it, great. If not, your computer possibly needs a tune-up or quickie repair.

6. Constant computer activity

You’re off the computer but the hard drive is going, the fans are whirring, and the network lights are constantly flashing? Viruses and malware use your computer resources, sometimes even more than you do. Take note now of what’s normal, and what’s not.

Got a virus? Give us a call at 01455 209505.

CCleaner program hacked

Popular Ccleaner program hacked

 

Many people use the free CCleaner program which is used for computer maintenance and file cleanup and it is so popular that millions of downloads take place very week.

Unfortunately Piriform, the company which makes the program, has announced that one of the program versions downloaded by millions of users over a four-week period, had been hacked and has been used to install what is called a ‘back-door Trojan’ virus on people’s systems.

The versions which are affected are CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows – which were downloadable between 15th August and 22nd September.

The hack allowed the program to cause the download of further unwanted software, possibly including keyloggers and ransomware and initial investigations show that that the program was hacked at the company, before being released to the public using their normal download servers.

Information relating to the infected computer may also have been sent to the hackers servers during this period.

CCleaner users with the above versions should immediately uninstall the program and download the latest version as soon as possible. Although the company states that only the above versions are affected, we recommend uninstalling any version downloaded between those dates before reinstalling, just in case investigations later show that more versions were affected.

We also recommend that if you have the one of the versions mentioned above, you should take the usual common sense precautions such as full scanning of your computer with a good security product, as well as keeping an eye on your bank statements, etc.

This incident is not only potentially serious for users it is also embarrassing for the parent company that now owns Piriform – the antivirus security company Avast. Although further investigations are taking place to find out how this happened, many people may now lose confidence in the CCleaner product.

Equifax Data Breach and UK Customers

Equifax Data Breach and what it means for UK customers

Recently, Credit reporting company Equifax has revealed that its databases were hacked in a large-scale breach affecting millions of customers across the US, UK & Canada and personal information was leaked. While no hacking event is ever good news, some are easier to ignore than others – but unfortunately, this isn’t one of them. Major UK companies such as BT and British Gas use Equifax services as well, so there may be UK customers affected too.

Equifax is one of the three main organizations in the US that manages & calculates credit scores. To do that effectively, they have access to almost every piece of financial data for adults – social security, tax file numbers, drivers’ licence, credit card numbers…the big stuff. On July 29, Equifax disclosed the breach, stating that hackers had repeatedly gotten in through a vulnerability in their systems from mid-May to July of this year.

Equifax, cyber-security experts & law enforcement officials are on the case, working to minimize the long-term damage and it may be that the number of customers actually affected in the end may well be small. Also, the UK Regulator – the Information Commissioner – has asked Equifax to inform all UK customers that may be affected.

Whilst you do not need to panic, there is a risk of personal information being in the wrong hands. You should consider that risk, particularly as this type of personal information can circulate for a long time due to the fact that these hackers also sell the information on to others.

Here are a few ideas to protect yourself against possible future compromise: –

Keep a close eye on your finances and accounts.

Check for notifications of new credit applications, monitor your statements and bills, and immediately report any suspicious activity or sudden change in billing.

Change all your passwords to be strong, unique and long.

The stolen data may give hackers a free pass into bank accounts, email and personal information. Add two-factor authentication where possible – this is when an account demands a second layer of authentication before allowing access or changes – so just getting the password correct isn’t enough, the hacker would also need to get the special code sent by SMS text.

If you believe that you have been compromised, consider freezing your credit report.

This makes it harder for identity thieves to open accounts under your name, as access is completely restricted until you choose to un-freeze.

BT have provided the Equifax UK telephone number 0800 014 2955 for customers that have a query over their credit file and they can also be contacted via their website www.equifax.co.uk.

If you need help with your passwords, give us a call on 01455 209505.

Too Many Passwords? Try a Password Manager

Keep your computer secure from scammers

One of the regular things we see is customers struggling with the number of passwords they need to remember – so many login details are needed these days. As we have advised previously, it is not a good idea to have just one password for everything so how can you keep track of all of them?

You can try using a Password Manager – this is a program or browser extension that allows you to store passwords in an encrypted form on your device, but also do much more. The bonus is that all you need is one Master password to manage it.

The passwords are saved in an encrypted password ‘vault’ and when you go to a specific website, the Password Manager inputs the password for you. Whilst many browsers already do this for you, a Password Manager does it in a more secure way.

Some Password Managers advise you as to how secure your passwords are – preferably using a mixture of letters, numbers, capitals and special characters. Some can automatically change passwords for you and as well as set up two-factor authentication – this is where you can open the password vault with your Master password, but you also use some form of verification (such as getting a code texted to your phone), which you type in to prove that you are authorised to access those important password details.

The main point is that you would not need to remember large numbers of passwords, which means that you can easily keep your online accounts as secure as possible.

There are a many Password Managers – here is a selection of the best known ones: –

LastPass

This is one of the original Password Managers and installs a browser extension or mobile app. With one master password you can access the password vault and manage passwords for all websites that you log into. It can even generate secure passwords for you.

At the moment the browser extension is free to use and more services are available in the premium version.

True Key

Intel has produced a Password Manager that is free to use for 15 passwords, which is enough for many people, and also a premium version which allows more and extra services. As well as the usual encrypted password facility, it allows multiple ways to access the password vault – master password, second device, email or even facial recognition.

Dashlane

As well as storing your passwords securely, this product helps you by providing a rating of your password security strength. The premium version also allows synching across multiple devices as well as two-factor authentication.

These are just three of the many Password Managers out there but whatever one you choose, do make sure that it is from a reputable company. If using a search engine, take particular care checking the website address the download is coming from as it needs to come from the company itself and not an address that is only similar.

Also you need to remember that whilst Password Managers help you keep track of your password security, you still need to maintain effective security software and keep a cautious eye on what you download from the internet.

If you would like help with password security, call us on 01455 209505.

4 Simple Tips to Help Keep Your Internet Banking Safe

Online Banking precautions

Online banking has boomed in the past few years – branches are fewer and apps are in. Half the time when you visit a branch, you’re steered towards a computer for a DIY transaction – with optional assistance. But is internet banking really safe?

You’re always told to keep your financial details private, but the good news is you CAN bank more safely online with a few simple precautions.

Always type in the website address

Many attackers will attempt to trick you into clicking a fake link to your bank website. Usually sent as a ‘phishing email’, they’ll claim that there’s a problem and ask you to click through to your bank and correct it asap. The link points to a fake website that looks almost exactly like your real bank site and is recording your private account info.

You can avoid scams like this simply by accessing your bank by manually typing in the website or using a bookmark – never a link.

Avoid public computers and networks

Jumping onto a PC at the library or other public place might seem like a quick and easy way to check your account, but public computers are often targeted by scammers. In just a few moments, they can install keyloggers (programs that record usernames, passwords and other private data), then sit back as all future user details are emailed to them.

The same problem applies with free, unsecured Wi-Fi.

You’re better off using an ATM or a data-enabled smartphone, preferably one with a security app.

Use a strong password with 2-factor authentication

Create a unique password for your online banking, something you’ve never used anywhere else. Mix up words, numbers and symbols to create a complex password that can’t be guessed easily. Avoid giving attackers a head start with data they can find on Facebook, like childrens names, pet names, birthdates, etc and really think outside the box.

And of course, never write it down anywhere near your wallet, phone or computer.

If remembering is likely to be an issue, you might like to consider a secure password manager app. Many banks will also help boost your security with two-factor authentication, sending random codes to your phone (or a special LCD device that they provide) to verify any activity.

Check page security before entering data

Finally, take a second to spot the small padlock icon at the top before you enter any data. You’re looking for a padlock appearing as part of the browser itself, not just an image on the webpage. It will be either in the bottom corner or next to the URL. The address will also start with https:// instead of http://. If you don’t see these things, the page is NOT secure and you shouldn’t log in.

We have many customers that never use online banking, but for the majority of people who do, these simple steps will help keep your transactions a little bit safer.

Need some help securing your system against scammers? We can help. Call us on 01455 209505.

Facebook privacy and how it could affect you

Check your Facebook privacy

Finding the balance between Facebook privacy and Facebook fun can be challenging – but it’s a double-edged sword. Facebook allows us to connect with friends no matter where they live, but it also publicly shares information that just a few years ago, we’d never dream of putting online.

You can search for people based on where they went to school, the town they live in, clubs they belong to, who they’re related to…but when is it too much information for our own good?

Your birthday is the first piece of information collected when you sign up, and it’s great getting birthday wishes from friends and family when it appears in their newsfeed. But while Facebook is sending you balloons and funny memes, your birthday is now public knowledge. It seems harmless, but when you call your bank or other institution, what’s the first question they ask to verify your identity? Your birthday!

Some password recovery/reset systems even ask questions like ‘which school did you go to?’, “name of your pet”,  name of your mother (or father)”, etc. assuming that this is knowledge that only you would know. Except…you may have publicly shared it on Facebook.

The fact is that unless you are careful, there is a large amount of information that can be gained from Facebook, by people that may misuse it.

Also, we’ve all heard stories of people who’ve lost their jobs after less-than-wholesome pictures or statements have gone public. If you have a reputation to keep, you definitely don’t want pictures from last weekend’s private party showing up, especially if you really let your hair down. While you can’t control what others do with photos they take of you, you can control whether or not you’re tagged in them.

Fortunately, there are settings in Facebook that allow you to control who sees what information and what happens when you’re tagged. Despite what you may have heard or seen floating around in a Facebook share hoax, you do have complete control over your Facebook privacy, and it’s easy to adjust.

How to Check and Adjust Your Facebook Privacy Settings

1. See what your account looks like to an outsider

From your Facebook homepage, click your name on the blue bar at the top of the page. Click the three dots next to ‘View Activity Log’ and then select ‘View as…’

2. Run a quick privacy checkup

Click the question mark in the top right corner and choose ‘privacy checkup’. Think about what you really need to share – do people need to know the YEAR of your birth or just your birthday? Your friends will still get the notification, and you’ll still get the balloons.

3. Edit advanced privacy

While the checkup covers the most obvious info, you can go much deeper. Click the V-shaped dropdown to the right of the question mark. Go to settings and choose privacy.

4. Adjust timeline and tagging

In the privacy settings, you can explicitly control who can tag you, who can see or share the tagged content, and what shows up on your newsfeed.

Just as you shouldn’t tell the world when you are going away on holiday (and your home is unattended), your personal information should be treated with the same care, but tightening your Facebook privacy only takes a few minutes and it can save you a whole lot of trouble in the future.

If you need help with this, just give us a call at 01455 209505.