September 25th, 2013
It’s easy to understand why so many hackers are targeting social media for cyber attacks. Where else would you find such a high collection of unsuspecting people? Many users have grown wise to email attacks and have learned to avoid suspicious emails. Social media, however, is still seen by most as a safe place. Throw in that many users access social media on mobile phones, which often lack necessary security, and you have an irresistible target for hackers.
John P. Mello, of CIO, reports that these attacks claim victims using the trust of users against them. Similar tactics as previously seen in creating fake versions of legitimate websites, or sending phishing emails that appear to be from legitimate sources, have been adapted for social media. The trend is to take over an account with a large number of followers and credibility and use it to spread malicious links.
These attacks are difficult to avoid because they appear to be coming from a trusted source. You wouldn’t expect a Twitter account that you’ve followed for years to suddenly be directing you to a phishing site, or infecting you with malware.
This isn’t only a concern for individuals either. Businesses need to be aware of these threats to security also. Another reason that social media is so attractive to hackers is that so many users access social media on their company’s network. This means that if any of your employees encounter a hacked profile, they are putting your company’s data at risk.
There are a number of options for how to deal with these threats. Blocking social media sites is one. Educating employees about the risk and making sure they understand how to avoid these attacks is another.
To improve your company’s security, contact Geek Rescue at 918-369-4335. We offer security software that is capable of blocking potentially dangerous sites and catching malware before it infects your system.
September 24th, 2013
Studies have shown that phishing and malware attacks through email are effective because of uneducated users. Individuals who are unable to identify these malicious emails, or those who don’t fully understand the risk involved, are the ones most often victimized. For a business, this means that more education and security is needed so an employee doesn’t wreak havoc for the entire organization.
Jeff Orloff, of The Email Admin, suggests some ways to safeguard your business and convince employees that email security is an important issue.
You can’t expect employees to follow the rules if those rules are only implied. To keep from having data stolen or malware infecting your network, write out a policy of email usage guidelines. Make sure every employee has a copy and understands it.
The idea of ‘that won’t happen to me’ is a difficult one to overcome in the context of cyber security. To do so, use specific examples from companies similar to yours in size and industry. Detail how they were attacked, why the attack was successful and what the end result was. Personalizing the attack to show how it would affect your employees is extremely helpful.
With a set of rules in place and an understanding of what’s at stake, you can explain how an attack works and how to avoid them. Most employees won’t understand, and don’t need to know, the technical details of malware, but a basic understanding of a hacker’s motivations is helpful. Then, an explanation of what to look for in a typical malicious email.
If you’re able to improve your users’ behavior, your security will improve exponentially. After all, it’s much easier to stop malware from getting in than it is to find it and delete it.
For help with your company’s cyber security, contact Geek Rescue at 918-369-4335. We offer security solutions to keep your business safe, which includes hosted email and spam filters.
September 23rd, 2013
Virtualization in the IT world means creating a virtual version of something. You can create a virtual server, virtual hard drive and more. The possibilities are nearly limitless and allow businesses to use their resources more efficiently. Brian Proffitt, of ReadWrite, explains that virtualization is also useful for fighting malware infections. This new way of thinking about security allows you to protect all of your devices, from smartphones and tablets to servers and PCs.
One method of using virtualization to avoid malware is to create a virtual version of your infected machine. This doesn’t get rid of the infection, but gives you a working version of your computer. It takes storage space and time, however.
Microvirtualization is another option. It virtualizes only one process of an operating system and is useful in keeping malware at bay.
With microvirtualization, you can virtualize the multiple processes needed to surf the internet. A single, virtualized process is programmed with a set of rules, which makes the process shut down if it encounters anything fishy, like malware trying to infect it. The process can even be frozen once the malware starts running, which allows security experts to analyze it.
The main key here is that malware is trapped immediately within a virtual process. It is never given the chance to infect your machine or begin to track your data. With micro-VMs, current forms of malware become obsolete.
For now, virtualizing every process of an application is not realistic due to limitations in technology. But, improvements are constantly being made and some use of micro-VMs is already possible.
To discover the latest in cyber security options for your home or business, contact Geek Rescue at 918-369-4335.
September 23rd, 2013
The goal of most cyber criminals is to gain access to potentially valuable information from whatever source is the easiest to steal from. This means regardless of the size of your business, a hacker will target you if your security is lacking. This also means that regardless of whether or not you think you have information that could be valuable, a hacker will target you.
Small businesses are particularly at risk because many don’t adequately budget for network security measures. Danielle Walker, of SC Magazine, reports that saving money on your security infrastructure usually winds up costing you.
The 2013 Small Business Technology Survey, conducted by the National Small Business Association, found that small companies lost around $8,700 after being the victim of a cyber attack. Of the nearly 900 businesses that responded to the survey, 44-percent say they had been attacked and infected with malware.
These attacks cause downtime, prevent employees from working and prevent your company from providing service to customers. They also affect a company’s credibility and sometimes lead to identity theft of customers.
Despite these alarming statistics, business owners are putting less emphasis on security now than they were three years ago. Although there is no way to be completely secure, businesses without adequate security make themselves an easy target.
Many companies that experience a cyber attack are unable to recover and close their doors for good. This is avoidable by planning ahead and having a robust security infrastructure and a plan for overcoming a malware attack.
For help improving your company’s security, contact Geek Rescue at 918-369-4335.
September 20th, 2013
Malware infects your computer and affects its performance. Or is that a computer virus? Are they the same thing?
Lincoln Spector, of PC World, writes that the difference between malware and virus is ambiguous at best. Technically, a virus is a form of malware. That’s not always the way it’s used today, however.
Not only is a virus a form of malware, but trojans, worms and rootkits are also. Malware is classified as a piece of code that infects your computer and performs actions independent of the user, which is you. To simplify, it’s something that has found a way onto your computer, by way of a download, upload, or a number of other ways, and is doing things without your knowledge, like monitoring your activity, harvesting data or spamming your address book.
A virus falls into the malware category because it infects your computer and is capable of performing independent actions. A virus infects an existing file and corrupts it. But, there aren’t many viruses around today because they’re seen as inefficient by cyber criminals.
The reason the terms malware and virus have become interchangeable is because computers and malicious programs existed before ‘malware’ became a term. So, whenever anyone spotted one of these malicious programs and in the 1980’s and 90’s, they referred to them as a virus. That’s been a hard habit to break even as we now understand the differences between unique forms of malware.
While your security software is called ‘antivirus’, it likely protects you from a variety of malware. To simplify security, call Geek Rescue at 918-369-4335. We understand malware and viruses and, more importantly, know how to keep you safe and secure.
September 19th, 2013
Regardless of how many safeguards you have in place, your company’s data is never completely secure. Security tools like antivirus software and firewalls are helpful, but they can’t guarantee your safety.
Sam Narisi, of IT Manager Daily, points out that data breaches and cyber attacks create a number of negative results beyond just the loss of data. Employee and system downtime, money lost, damage to a brand’s credibility and compliance failure are all possible when your security is compromised.
One step towards improving security is to understand how your current security infrastructure is being infiltrated. Here’s some of the latest hacker tactics.
Everyone is aware of the dangers online so most companies focus their security to protect them on that front. However, 25-percent of companies victimized by a malware attack say it originated from an individual’s USB device. To accomplish this, cyber criminals send out complimentary USB devices, which are disguised as promotional material for a company and infected with malware. They also leave USB devices sitting in coffee shops, bars, restaurants or on the street. Eventually, someone picks it up and tries to use it.
An employee working at the office on your secure network is well protected. That employee may take his laptop or smartphone elsewhere to work, however. Especially if connected to a free WiFi network, that employee would now be vulnerable. Hackers could gain access to anything stored on their device, and then gain access to the company’s network when they return to work.
- Holes in Security Software
Even with antivirus software in place, you’re vulnerable. 40-percent of companies who have experienced a malware attack say the threat slipped through security software already in place. That software has a difficult time keeping up with new malware, even when it is regularly updated. Since hackers have such a deep understanding of how antivirus programs work, they are developing malware that stays undetected.
Having the right tools in place is still a good place to start to avoid a malware infection. Proper training for employees is another necessary precaution. If you still find that your network has been infiltrated, call Geek Rescue at 918-369-4335. We will disable the threat and also keep you better protected for the future.
September 19th, 2013
Everyone is interested in the silver bullet that will magically make them completely secure and afe from any cyber threat. It doesn’t exist, but as Thorin Klosowski points out at Lifehacker, there are a number of ways to become more secure within minutes.
By far the simplest and quickest way to improve security is to enable 2 factor authentication on your online accounts. With this more secure type of log-in, you’ll be prompted for your password, but you won’t be given access to your account until you’re given a second authentication method. In many cases, you’ll be texted or called with a code to enter to prove that you are who you say you are. Once you’ve gone through this process, a hacker would need to using your computer, or have your smartphone to gain access to your account.
A password manager can be added to practically any browser and will automatically log you into accounts that have been added to it. This actually sounds less secure, but the password manager locks away all your passwords and encrypts them so they’re safe. You’ll only need to remember one master password to use the password manager. Many managers will even generate a strong, random password for each site you wish to use with it, so the only way to log in to those accounts is by having access to the password manager.
Email encryption has some headaches associated with it. Most notably, encrypted emails require a key to read, so whoever you’re sending a message to will need the key. But sending them the key over email defeats the purpose of encryption. You probably don’t need to encrypt every email you send, but messages containing information like bank accounts, social security numbers or even contact information are good candidates for encryption. Just be sure to send the encryption key through text, or in person.
Backing up your files is always a good idea, but, just like email, it’s important to encrypt files containing potentially valuable data. There are a number of services that offer encrypted back ups, but one obstacle is that usually these encrypted files won’t be available to you on another machine. That means you won’t be able to access them from your smartphone or at work.
These steps will improve your online security, but nothing is unhackable. The idea is to make it as difficult as possible for anyone to access your data and accounts. Geek Rescue specializes in improving your cyber security to keep your information safe and your devices free from malware. Give us a call at 918-369-4335 to find out how to strengthen your security.
September 18th, 2013
The focus of data breaches is usually on the company who was breached. Articles detail how to better secure your company’s data and how to recover if your company gets hacked, but what about the users whose personal information is now in the hands of criminals?
If you are informed by a company you have an account with that your data has been compromised, Andy O’Donnell of About has some advice for what to do next.
The absolute first thing to do is change the password on the compromised account. This isn’t a futile effort. Most likely, your log-in information is just one of thousands or millions of log-ins stolen. There’s a good chance that the hackers haven’t even been able to try it yet. So, change that password immediately and you could save yourself a lot of trouble. To be safe, take this opportunity to change the other passwords on your most used accounts. Passwords should be changed periodically anyway, but if a knowledgeable criminal has your email address and other information, it’s possible they’ve hacked into other accounts.
- Contact Your Bank And Credit Card Companies
Even if your bank was the company who contacted you about the breach, you’ll want to make sure there’s a fraud alert on your accounts. This way, any suspicious activity will be immediately noticed and you won’t end up with thousands of dollars missing. You’ll probably also want to get new credit and debit cards with new numbers. Credit card information is often the goal of any data breach, so if there’s any way the compromised company had your card number on file, be proactive and get a new card.
- Ask About Free Identity Theft Prevention Services
It has become common practice for a breached company to offer this service to their affected customers. But, you may have to ask to get the offer. Or, asking may cause them to offer it to you even if they weren’t planning to originally.
- Request A Freeze On Your Credit Report
This isn’t for everyone as their are positives and negatives to a security freeze. Do your research before requesting one. The reason it may be useful is that criminals who have access to your personal information will likely attempt to open a line of credit with it in your name. Irreparable harm could be done to your credit score if left unchecked.
Should you learn that your valuable data has been stolen from a company you do business with, you’ll want to act quickly to avoid as much damage as possible. You can’t get the data back, but you can make it significantly less valuable and prevent it from hurting you.
Geek Rescue helps business stay more secure in order to avoid these data breaches. We also help keep your home computer and network secure, so your personal information isn’t stolen directly from you. To find out how Geek Rescue helps your home and business, give us a call at 918-369-4335.
September 18th, 2013
A Denial-of-Service attack, or DoS, refers to an attempt by a cyber criminal to interrupt your ability to connect to users. These attacks are launched against websites, networks and apps to disable them, usually by overloading the target with communication requests. In other words, the hackers force the website or network to shut down due to an excessive amount of traffic.
Bob Gorski, of PivotPoint Security, notes that about 65-percent of organizations have experienced three DoS attacks in the past year. The assumption is that hackers target large enterprises like banks and government agencies. However, small business owners need to be prepared for attacks also because their lack of security is attractive to criminals and they also possess valuable data.
The motivation behind a DoS attack can be as simple as an individual being upset at a company. That individual then launches the attack to shut down service and cost that company money. It can also be more complex than that.
DoS attacks have been known to be fronts, or distractions, from more sinister actions. While your security team works to get your website or network back online during an attack, hackers are installing malicious software or harvesting your data.
In another scheme, hackers disabled a site with a DoS attack, then were able to hijack the company;s social media account and redirect users to a phishing site. Users have log-ins and personal information stolen and blame the company.
Firewalls and antivirus software doesn’t protect you from a DoS attack. The best way to be prepared for one is to test. Load testing puts a strain on your website or network to find out if it can handle a DoS attack. This can cause the target to go down, which is why it’s best to run these tests at off-times but when an administrator is available to quickly get your website or network back up.
Geek Rescue helps you prepare for cyber attacks and uses the latest security solutions to safeguard your website and network. Give us a call at 918-369-4335 before an attack causes your business to grind to a halt.
September 17th, 2013
The iPhone 5s will be released soon, which has security experts scrambling to figure out what flaws could be exploited by hackers. Because the new iPhone, and even its new operating systems, iOS7, haven’t been officially released, Matthew J. Schwartz made some educated guesses about possible security concerns at Information Week.
New operating systems usually make sure to shore up any security holes that previous versions may have had. In the iPhone’s case, the previous operating system was considered “a freaking vault” according to one security researcher. The concern then, is that any new operating system will have flaws of its own that are just waiting to be discovered.
A new processor also suggests new flaws to be exploited. But, the new processor promises to make previous exploits obsolete and reportedly makes jailbreaking, or gaining root access to the device through bugs, much more difficult.
Multiple security experts suggest the fingerprint scanner, or Touch ID, will draw most hackers attention initially. There have already been multiple suggestions about how to break through the new iPhone’s security measure.
One tactic, dubbed a “phish finger”, would be to take a finger print from the touch screen and use it to fool the fingerprint scanner. New technology is supposed to make it difficult to fool the scanner without an actual finger, but it can still be done.
Fingerprints of the iPhone’s owner are encrypted and stored on the device, so one theory is that these fingerprints could then be stolen and used to hack into the device. However, the way the fingerprints are stored makes them only recognizable to the iPhone’s processor, which means they can’t be exported to another device.
Touch ID isn’t the only security measure on the iPhone 5s. A password is still in place as well and is required in some situations.
There are certainly some security upgrades on the new iPhone, but there appears to be some potential vulnerabilities as well. In the coming days, more of these vulnerabilities will likely be revealed as more hackers and security experts have hands-on time with the iPhone 5s.
If you need additional security on your mobile device, be it a new or old iPhone, Android or other, bring it to Geek Rescue. We improve security, get rid of malware and fix broken hardware. Come by or call us at 918-369-4335.