How to Stay Safe from Scams and Malware on Facebook

by

At last count, Facebook has clocked up over 2.7 billion users, which makes the platform more attractive than ever for scammers and hackers. While you may be logging in to share your latest family photos or catch up with friends, the chances of accidentally triggering a scam or malware are increasing daily. Here’s how to stay safe on Facebook and stop the spread.

Look out for freebies and surveys

Everybody loves a freebie and for the most part the competition posts on Facebook are legitimate. On the flip side though, when you see a giveaway for vouchers from a mega-store, alarm bells should ring. ‘Do this quick survey and we’ll send you a $50 Amazon Voucher!’ – it’s too good to be true. Even one click can take you on a messy journey through the underbelly of the web, picking up trackers and malware at every stop and at the end, you’re asked to share the post so your friends can get a voucher too…except nobody ever gets the reward.

Check your permissions with games and quizzes

Whenever you access a new game or quiz, you’ll need to give permissions for it to access your Facebook profile. Most people click the okay button without any thought, but if you review the permissions you’re giving, you’ll often find they’re asking for a massive amount of personal data; public profile, friend list, email address, birthday and newsfeed. Do they really need ALL this information? Sometimes the shakedown is from necessity, but sometimes the apps are preparing to launch attacks against you both on and off Facebook. For example, when you call your bank they ask certain questions like your full name, birthday and maybe which high school you went to. All that information is in your Facebook profile and now shared with your permission.

Don’t friend people you don’t know

Having lots of friends is always nice, but that friend accept could end up costing you. It might be someone pretending to know you, or a picture of a pretty girl to entice men (and vice versa). Once you friend them, they get access to everything your friends can see. In this case, it’s more than the risk of someone knowing your personal data, you’ve just given them intimate access to your life. It’s exactly how romance scams start, and there are even cases where the victim finds photos of their children circulating the internet.

If it’s weird, forget it

It doesn’t happen very often, but hackers find ways to take advantage of flaws in Facebook. A common hack that keeps popping up in various forms is to embed malware in a link. The virus then infects your machine and contacts all your friends with an enticing message, like asking whether a picture is of them. When they click to view the picture, the virus catches them and their friend list, and so on. Facebook is pretty good at staying on top of these flaws, but they need time to fix it. Just like if you got a weird email with an attachment from a friend, use that same level of scrutiny in your Facebook and don’t open messages or links that seem out of place.

Need help securing your privacy? Talk to us. Call us at 515-422-1995

New Year’s Tech Resolutions You Should Actually Keep

by

If your typical New Year’s resolutions lasted about 30 seconds, you’re not alone. Pledges to eat better, start running and learn how to juggle can be rebooted again next year easy enough.This year, we challenge you to think about your tech health with some resolutions you’ll want to keep.

No More Junk Mail

Whether you checked a box agreeing to get newsletters, or you have no idea how you got on that list, it’s time to say goodbye. Start by emptying your mailbox to zero unread messages – no you don’t have to read all that spam – you have permission to delete it unread. Let’s face it, if you were going to read it, you would have done so already. Away it goes.

Now that you’re starting with a clean slate and a huge feeling of accomplishment, resolve this: Each day, unsubscribe from 5-10 lists. Generally, if a newsletter gives the option to unsubscribe or Opt Out, you want to do that instead of just marking it as junk. So, keep an eagle eye out for that gorgeous ‘unsubscribe’ link and click it with confidence. Before too long, your inbox will be a refreshing place filled only with people and businesses you look forward to hearing from.

ProTip: Search your inbox for the word ‘unsubscribe’ to quickly find anything that has that option! You don’t need to give a reason if the link redirects to a survey page, but do watch for tricky buttons that will actually resubscribe your address.

Go Password Pro

With all these password leaks from LinkedIn, Myspace, and goodness knows who hasn’t come forward, now’s the time to get smart with your passwords. Because most people use the same passwords on every site, a single breach can be the hack that keeps on giving. If a bad guy has a set of credentials for one hacked site, they have automated programs that will check HUNDREDS of other sites to see if those same credentials get them in! Now that you know how important it is to use different passwords for each site, let’s be real, that’s a LOT of passwords to remember!

Instead of writing them down, we recommend using a password manager like LastPass or Dashlane. They remember all your various passwords for you, so all you need to know is the super-protected master password. Master passwords are kept encrypted on your system, not theirs (no chance for them to be hacked and expose your info!), and optional 2-factor authentication checks with you via text or a code on your smartphone for all big changes. We use LastPass in our shop, so we certainly feel that you can trust it for your valuable data.

Backup. No Really, Backup.

“I’ve been meaning to backup!” is the cry of someone who just lost all their photos. Good intentions don’t count AT ALL in data security because once the data is gone, it’s gone. With new modern cloud backup options, there’s no reason to put this off because backup apps are now easier and more accessible than ever before. You can backup to local hard drives instead, but this will take a little extra remembering on your part as you’ll want to have at least one drive that stays disconnected in case of encryption viruses.

There you have it. Three New Year’s resolutions you can easily keep, and that will make a real difference to your year. Opening your email will be a pleasure, you’ll be a spectator only in any future password leaks, and your precious files will be safe against all manner of disaster. Feels better than any diet, doesn’t it?

Why Your Firewall Will Never be Enough

by

Firewalls are a well-known security essential, and we’re certainly big fans, but did you know a firewall alone is not enough to keep your business safe? It’s like building a fence around your city to keep the burglars out: You feel safe, private and secure… but the reality is, anyone with a ladder, enough motivation or ninja skills poses a real threat. That’s why despite every networked business having a firewall in place, security breaches are increasing at an alarming rate – further protections are still needed.

A few strategic, well-planned measures can provide all the protection your business needs to keep operating without costly downtime. While it’s cool to imagine a system so secure you’ll be opening doors with retinal scanners, using synchronized keys to activate the server and dodging pressure-triggered plates around the storage drives, the reality is infinitely more usable and affordable. In fact, we’ll help you choose the perfect measures that blend invisibly into your existing processes, boosting security without affecting productivity. Take a look at some of our managed service inclusions:

Proper firewall configuration

While not enough by itself, your firewall is still your first line of defense like the wall around your city. However, there’s a huge difference between the generic firewall that comes standard with your Windows installation, and one specifically chosen for your business and set up properly. Without properly locked doors and monitored gates, your firewall may as well not even be there. Our technicians will work with you to identify which traffic should be allowed, eg remote employee access, and which should be automatically blocked.

Workstation antivirus

Like a bouncer standing at the door to your building, it is the job of antivirus software to check every file being downloaded to your company’s computers and watch every program that runs. So, even if a bad guy gets past the perimeter defenses they will likely be spotted by the antivirus software. Without this layer of protection, it is easy for an attacker to have their way with your files.

Web Filtering

What’s better than detecting and stopping malicious files on your computer? Preventing your users from even downloading them from the internet in the first place! Web filtering acts as a middle-man while you are browsing the web and stops users from being able to even visit a site with known issues. We can also restrict websites based on categories like adult material or social networking if desired.

Patch Management 

Keeping with the analogy of a firewall is like a wall around your city and an antivirus is like a bouncer at the door, software patching is like having someone fixing newly found holes in your walls that could potentially let the bad guys in. Instead of counting on your employees to update to the newest version of Java or Adobe Reader, automated software can take care of this for you.

Access restrictions

It is best practice to give employees access to only the files they need to do their job. It’s not a matter of trust, but rather one of security. If they were the one to accidentally let the attackers through the firewall, perhaps by clicking an email link, you’re then able to minimize the damage. Without this added layer of protection, it’s relatively easy to access (and damage) any and all files on the network.

Encrypt confidential files

More secure than simply password locking a file, encryption uses a secret ‘key’ to scramble the files and their contents so that when anyone else tries to view them all they see is incomprehensible nonsense. This way, if an attacker does manage to access or steal vital files, they don’t get anything useful! Encryption is especially useful on mobile devices that can easily be misplaced or stolen when traveling.

Backup Backup Backup!

As a final layer of defense, when all other protections have been circumvented, it is important to be able to recover from a disaster. If an attacker does manage to access and hold your network for ransom, with the proper backup in place we can simply wipe the slate clean and restore to the way it was before the attack.

No one type of protection is 100% perfect. Something (or someone) will inevitably get through. That’s why computer security works best when it’s multi-layered. When one protection fails, the next layer kicks in to keep your business safe. And then the next, and the next…but that doesn’t mean you need CIA level security that gets in your way. Most of the above protections are easily affordable for small businesses, we use all of the above ourselves!

Updated Information about the Equifax Financial Data Breach

by

As you have probably heard by now, credit reporting company Equifax revealed last week that its databases were hacked in a large-scale breach affecting millions across the US, UK & Canada. While no hacking event is ever good news, some are easier to ignore than others – this isn’t one of them. The sensitive nature of the exposed data now requires immediate action for all those even possibly affected.

The short version: Equifax is one of the three main organizations in the US that manages & calculates credit scores. To do that effectively, they have access to almost every piece of financial data for adults in the country, plus pretty much anyone who’s lived/worked in the US. We’re talking social security, tax file numbers, drivers’ license, credit card numbers…the important stuff. On September 7th, Equifax disclosed the breach, stating that hackers had repeatedly gotten in through a vulnerability in the web application from mid-May to July of this year. Since then, there has been a lot of conflicting information floating around the internet. I have gone through and tried to decifer the best course of action to recommend…

The best action now is to protect yourself against fallout:

  1. Go to: http://www.equifaxsecurity2017.com (dead link) to see if your data may have been affected. There was some news that this site was delivering random results, but Equifax announced it has been corrected. I have tested it myself and it seemed to be working now. That being said, it’s safest to assume everyone with a credit history has been impacted.
  2. Claim the Equifax free year of credit monitoring & identity theft insurance (if you’re a US resident). If you’re not eligible, consider sourcing your own. As the hacked data will continue to circulate for some time, consider extending your credit monitoring for a few more years.If you are wary of trusting Equifax with protecting your credit (They dont have a very good track record at this point!), you can instead look at services such as Lifelock to freeze and monitor your credit reports.
  3. Keep a close eye on your finances and accounts. Check for notifications of new credit applications, monitor your statements and bills, and immediately report any suspicious activity or sudden change in billing.
  4. Change all your passwords to be strong, unique and long (you should be doing this anyway!). Now that the hackers have your passwords from the Equifax site, the stolen data may give hackers a free pass into the rest of your bank accounts, email and personal information.
  5. Add two-factor authentication where possible. This is when an account demands a second layer of authentication before allowing access or changes, like a 6 digit code texted to your phone in order to log in. Even if a hacker has your password, they would need to also have your phone in order to get logged in.
  6. Finally, and probably the MOST EFFECTIVE mitigation for this issue…Consider freezing your credit report. Check out a very nicely written article HERE about how to do this. Freezing your report makes it harder for identity thieves to open accounts under your name, as access is completely restricted until you choose to un-freeze. You will have to unfreeze your reports if you ever wanted to get a loan or similar, but how often do you really do that?

4 Simple Tips to Keep Your Internet Banking Safe

by

Online banking has boomed in the past few years to become the new norm. Branches are out and apps are in. Half the time when you visit a branch, you’re steered towards a computer for a DIY transaction – with optional assistance.  But is internet banking really safe? You’re always told to keep your financial details private, but now also to jump on board the online banking train – talk about a push/pull scenario! The good news is you CAN bank safely online with a few simple precautions.

Always type in the website address

Many attackers will attempt to trick you into clicking a fake link to your bank website. Usually sent as a ‘phishing email’, they’ll claim there’s a problem and ask you to click through to your bank and correct it ASAP. The link points to a fake website that looks almost exactly like your real bank site and is recording your private account info. 2-factor authentication isn’t even a 100% guaranteed protection against this. You can avoid scams like this simply by accessing your bank by manually typing in the website or using a bookmark.

Avoid public computers and networks

Jumping onto a PC at the library or mall might seem like a quick and easy way to check your account, but public computers are often targeted by scammers. In just a few moments, they can install keyloggers to record usernames, passwords and other private data, then sit back as all future user details are emailed to them. The same problem applies with free, unsecured Wi-Fi. You’re better off using an ATM or a data-enabled smartphone.

Use a strong password with 2- factor authentication

Create a unique password for your online banking, something you’ve never used anywhere else. Mix up words, numbers and symbols to create a complex password that can’t be guessed easily. Avoid giving attackers a head start with data they can find on Facebook, like kids names, pet names, birthdates, etc and really think outside the box. And of course, never write it down anywhere near your wallet, phone or computer. If remembering is likely to be an issue, you might like to consider a secure password manager app like Lastpass. Many banks will also help boost your security with two-factor authentication, sending random codes to your phone (less secure) or a special LCD device they provide (more secure) to verify any activity.

Check page security before entering data

Finally, take a micro-second to spot the small padlock icon before you enter any data. You’re looking for a padlock appearing as part of the browser itself, not just an image on the webpage. It will be either in the bottom corner or next to the URL. The address will also start with httpS:// instead of http://. If you don’t see these things, the page is NOT secure and you shouldn’t log in.

Need some help securing your system against scammers? We can help. Call Us at 515-422-1995

How Much Could A Ransomware Attack Cost You?

by

How Much Could A Ransomware Attack Cost You?

Have you ever thought about how much your data is worth? Information is possibly the most valuable part of your business – there’s your client database, accounting software and inventory management, and of course, any intellectual property you may own.  When the ransomware, WannaCry, tore through the world recently, many businesses were suddenly forced to re-assess the value of their data: was it worth saving, and what would be the deeper cost of the attack?

Most ransomware attacks cost $150-$600 to get your files released, but that’s only IF the cyber-criminals honor the payment and actually give you the decryption key. Meanwhile, new client calls are still coming in and you may find yourself unable to operate with your systems down. Paying the ransom or restoring from an unaffected backup seems like a quick fix, but it doesn’t end there. There’s still the downtime involved to restore all your data – possibly days – and that’s a lot of lost productivity.  Plus, if word gets out that your data has been compromised, you may find confidence in your business plummets and your existing clients head elsewhere.  That $150 ransom may end up costing well over $150,000!

 

Prevent Ransomware Attacks on your Business

Keep your systems up to date: WannaCry took advantage of a flaw in older versions of Windows, one that was since patched by Microsoft. But to be protected, businesses had to be up to date with their patches AND be running a supported version of Windows. Delaying patches and updates puts your business at risk – we can help you update automatically.

Lock down employee computers: Very few staff will require full administrator access to your business network. The higher their level of permissions, the more damage a person can do – either accidentally with a whoopsie click, or by inadvertently installing malware. By locking down your employee computers, you have a better chance of containing a malware attack to non-vital systems. Our experts can design an access management plan that gives you best of both worlds: flexibility PLUS security.

Educate your workplace: Most employees believe they’re being cyber-safe but the reality is quite different. Many malicious links and embedded malware have become hard to spot in an instant – which is all it takes to click and regret. We can work with your staff to establish procedures around checking links for authenticity before clicking, awareness around verifying the source of attachments, and the importance of anti-virus scanning. We’ll help get the message through!

Have a solid backup plan: When ransomware hits, a connected backup = infected backup. Unfortunately, synced options such as Dropbox immediately clone the infected files, rendering them useless. The only safe backups will be the ones both physically and electronically disconnected, with systems designed to protect against attacks like this. Our experts can set you up with a backup system that makes recovery a breeze.

Be proactive: The best way to avoid the financial cost of a ransomware attack is to prevent it from happening in the first place. Remember, many businesses were able to watch WannaCry from the sidelines, completely unaffected and seizing opportunities while their competitors were down.

Our managed services can help protect your business against the next cyber-attack. 

WannaCry Ransomware Explained: Is Your Business At Risk?

by

WannaCry Ransomware Explained: Is Your Business At Risk?

You’d be hard-pressed to miss last week’s biggest headline, the WannaCry cyber-attack sent shockwaves around the globe. Businesses of all sizes and even police departments found themselves crippled without warning.

Among the most prominent victims were many NHS hospitals in the UK, affecting up to 70,000 individual devices such as essential MRI scanners and blood-storage refrigerators. But by the time it hit the news, it was too late – either your system was protected, or it was infected. Here’s how it all went so wrong.

What is WannaCry?

The WannaCry cyber-attack was a type of malware (the collective name for computer viruses & bad juju) called ‘ransomware’. Just like the name suggests, it’s actually a demand for money. Like all ransomware attacks, WannaCry encrypts your files and holds them hostage until you pay. In this case, the price was set at $300, payable with internet currency Bitcoin, and you had 3 days to pay before it doubled. If you didn’t pay, the ransomware threatened to delete your files permanently. It’s yet unknown how much money the WannaCry hackers have earned with their latest attack, but you can be sure plenty of people have paid the ransom. Even the FBI recommends paying the ransom, especially if the ransomed files are of a sensitive nature or weren’t backed up.

 

How It Spread So Fast

It seems WannaCry may be a ‘computer worm’ that self-replicates and spreads, rather than a phishing attack that needs to be activated with a click. So far, no common trigger has been identified, as is normally the case with phishing links. WannaCry moved rapidly from system to system, spreading out through the entire network, including all connected backups and storage devices. At the same time, it spread out to infect other networks, who then spread it further, and so on. Given the nature of the internet, it was everywhere within hours.

Why Some Businesses Were Safe

WannaCry could ONLY infect systems that have fallen 2 months behind in their Windows updates. This is because it was created to take advantage of a specific vulnerability in Windows, one which Microsoft patched months ago. Without that patch, the ransomware could waltz right past the firewall, past the anti-virus and directly into the system (the NHS were reportedly running Windows XP – no longer supported). Those running Windows 10 or a fully patched, recent version of Windows were completely unaffected – the virus literally had no way in

It just goes to show the importance of staying up to date. We haven’t seen a second spike in WannaCry attacks yet, but that doesn’t mean there won’t be one. A quick update could protect your business from weeks of downtime and lost revenue, making attacks like this a non-issue.

With our managed services, we can make sure you stay up to date – and protected. Give us a call today at 515-422-1995

Why Your Windows Updates are More Important Than Ever

by

Why Your Windows Updates Are More Important Than Ever

In recent news, the ransomware WannaCry swept the world, knocking out computers in an instant. It hit businesses, government and police departments and of course the NHS hospitals in the UK. It was a mess! Affected users had all their files encrypted and couldn’t get them back unless they paid a ransom of around $300. This attack was particularly bad because it took advantage of a Windows vulnerability to spread itself from network to network. What wasn’t clear in the media though, was that home users were also exposed to the attack – but only those with a vulnerable Windows installation.

One simple security patch, issued by Microsoft months before the attack was all it took to create a no-entry zone for WannaCry. This just stresses the importance of keeping your Windows up to date at all times, no matter what you use your computer for or how often.

Updates Explained
Whenever Microsoft discovers a potential flaw, they push out a small piece of software to all Windows computers running a supported version. If set correctly, your computer will check if there’s any updates or patches and install them automatically. In new versions, this usually happens when you’re shutting down or starting up, and doesn’t impact your experience at all. Unfortunately, some users will manually disable or delay their updates, creating a risky situation.

The update may include security patches, drivers or a simple tweak to address bugs or issues with Windows. Sometimes, they even include new features or applications to improve the stability of your operating system. They’re a good thing!

Not All Versions Get Updates
Some older operating systems are no longer supported, which means unless there are extenuating circumstances, Microsoft won’t issue any new updates. Not a single one – generally, if cyber criminals discover a flaw after support ends, they’re free to exploit it.  For example, Windows XP support ended in 2014, and Windows Vista just ended in April this year. The moment an operating system is retired it becomes a playground for cyber-criminals.

It’s not just Microsoft walking away from these old versions either. Third party software like the Google Chrome browser will still work, but they’ve also stopped supporting old versions with crucial updates and patches. It might seem like everything is working fine because your anti-virus isn’t pinging in alarm, but it just becomes a case of risk, upon risk, upon risk.

What to do with older Windows
As much as you’re comfortable with your older version of Windows, each time you boot up you’re exposing your system, important files and entire network. It only takes one weak entry point in the chain to allow malware into all connected devices. That could mean your photo storage, media center or even smart appliances. It’s not worth it – if you’re running Windows XP or Vista (or older), you need to update to a more modern operating system ASAP. Give us a call to upgrade your computer.

We can also monitor your system remotely and apply your Windows updates with our Managed Services packages, ensuring you are always up to date and protected. 

Click to see our BBB Report

VISIT US