September 30th, 2013
You’ve probably taken some precautions to make sure your computer is protected from malware, viruses and other potential security issues. But have you taken precautions to protect your router?
A recent post on NewsFactor notes that there are router-specific malware threats capable of reconfiguring it. A malware infected router is able to redirect users to malicious sites in order to steal data or infect them with more malware and viruses.
Imagine you are using your computer to check your bank balance. If your router is infected with malware, it could redirect you to a similar looking site that is actually designed to steal your log-in information. Minor differences will alert you that something is wrong, but you have to be looking for them. A slight difference in the way the site looks, or a missing option in the menu are tell-tale signs that this site isn’t legitimate.
Thankfully, most banking websites offer security specifically designed to alert you if you’re not on their official website. However, other websites don’t take the same precautions.
Your browser also has security tools available to help keep you safe in these situations. When the warning pops up that a website’s security certificate isn’t recognized, don’t ignore it. This is a warning that using this site puts your data at risk. If you see that warning, don’t use that website. If needed, contact the business directly by phone and ask them about their website.
To protect yourself, make sure your router is updated continuously. Newer models usually update automatically, but it’s worth checking to make sure. Also, use the password protection options. Not only should your router be password protected, but that password should be changed often and not easy to guess.
To find out how to improve the cyber security at your home or office, contact Geek Rescue at 918-369-4335.
September 30th, 2013
Creating an adequate, effective security infrastructure for your business is difficult. It becomes impossible, however, if you don’t take the time to consider where your weaknesses are.
Patrick Budmar, of ARN, reports that security experts estimate that 80-percent of IT security spending at an average company is focused on only 30-percent of the problem.
Firewalls, intrusion protection systems and endpoint security are noted as receiving the bulk of most security budgets. However, diverting funds to increase prevention and detection of threats is a more efficient practice.
Regardless of the amount of security software in place, there will be breaches and gaps in your security. That’s why experts recommend focusing more attention on monitoring data and constantly checking for abnormalities within your network. Many times, a security breach goes unnoticed for weeks or months at a time. This allows for an exponentially higher amount of damage than if the breach was detected immediately.
An audit of your company’s cyber security exposes the potential flaws. It also shows where more attention or funding is needed, and where funds can be diverted from. This way, you’re able to upgrade security by spending more intelligently, not necessarily by spending more.
Geek Rescue provides security audits and the tools needed to improve security. Call us at 918-369-4335 before an attack to avoid costly damage and data loss.
September 27th, 2013
You’ve heard how important robust cyber security is for your business. You’ve read the articles, you’ve seen the statistics and heard the urging from IT professionals. Unfortunately, for many small business owners, the warnings don’t truly sink in until after they become a victim of an attack.
Ericka Chickowski, of Dark Reading, writes that a cyber attack doesn’t have to solely be a negative on your company. It is costly and it could hurt your credibility with your customers and prevent you from offering your services for a time. But, it’s also a chance to learn a lesson and become stronger.
During the recovery process, it’s important for companies that have been victimized to take time to study why they became a target in the first place. The exploit is like a real-world audit of your security infrastructure and, unfortunately, your security failed. Take this opportunity to improve the holes and the day-to-day processes of your company.
Be sure to take this opportunity to address your entire security infrastructure, not just the part that was exploited. Your security likely doesn’t have only one flaw. And even if you find that the software in place is adequate, you may discover that you employees actions put data at risk.
You should also critique your recovery plan. Think about the company-wide actions after the attack took place and consider how they could be improved. Your goal should be to cut downtime and restore data as quickly and fully as possible.
If your security is breached, you definitely can’t afford to ignore it. Let it be a message to you that a more serious investment in cyber security is needed.
For a security audit, or to find out what your options are for improving security, contact Geek Rescue at 918-369-4335.
September 27th, 2013
Every business has adopted some form of cyber security, but is your security truly aimed to keep you safe from a full-scale cyber attack? Too often businesses believe they won’t be a target of hackers and make that an excuse for not dedicating more resources to true security. Those with minimal security, however, make themselves a target because of how easy it is to attack their network.
Catalin Zorzini, of Inspired Magazine, suggests taking the necessary steps to take your security from minimal to robust. Here’s what to consider when trying to implement adequate security.
- Audit your current security
Conducting a security audit will reveal where you are most vulnerable. This informs you what your security is lacking and specifically what data is at risk. Knowing that will allow you to put into real terms what is at stake. Contact Geek Rescue to perform a thorough audit of your security.
- Consider disaster recovery
Keeping security threats like malware out is only one aspect of good security. You also need to have a plan in place for a disaster that wipes out your data. This could stem from a cyber attack, or it could be a natural disaster that destroys your servers. Regardless of the cause, you need a plan that will minimize the amount of downtime you suffer and how much data is lost.
- Don’t forget about mobile
Mobile technologies create complications for your security infrastructure. Employees sharing data with cloud systems or through email and connecting on unsecured WiFi cause headaches. There’s also the growing bring your own device, or BYOD, trend. That is also a potential problem as employees could bring infected devices to the office and infect the whole network.
By thinking about potential security problems and patching holes, you’ll avoid large scale data loss and downtime in the future.
Geek Rescue helps you improve cyber security. Call us at 918-369-4335 to set up a security audit, make a disaster recovery plan or more.
September 26th, 2013
Craigslist has long been known not only as a legitimate online marketplace, but also a potentially dangerous hub of scams and hackers. A report posted on the Symantec blog alerts that a current scam is harvesting phone numbers from Craigslist ads and texting them spam links.
The actual scam has nothing to do with Craigslist, but that seems to be where the hackers are getting phone numbers. From there, they send a text containing a link. However, the link won’t work on a smartphone.
Instead, users are prompted to use their PC and arrive at a page prompting them to install “GIMP Viewer”, which is legitimate open source software. If the user agrees, they aren’t taken to the actual GIMP site. Instead, they are taken to a fake site where GIMP software is installed with a number of other programs.
Hackers make money each time these additional programs are downloaded. For now, it doesn’t appear that any malware is included in the scam, but it could easily become part of it if criminals decide the current scam isn’t lucrative enough.
To avoid any similar scams, be wary of text messages from unknown sources. You certainly shouldn’t be agreeing to download anything to your phone or PC unless it comes from a trusted source. A link in an unsolicited text message would not be a trusted source.
To protect your smartphone and PC from future malware infections, contact Geek Rescue at 918-369-4335.
September 26th, 2013
Browser extensions enhance the capability of your web browser. There are a number of uses for browser extensions. Many are designed to improve security or boost productivity. Recently, more and more extensions have been made by hackers, however.
Lucian Constantin, of ComputerWorld, writes that malicious browser extensions are a growing concern among security experts. That’s because they are difficult to protect against.
Malicious extensions have been seen before. They’ve been used to hijack searches and show ads to users. Recently, an IT security consultant was able to create an extension with much more harmful capabilities.
This example malware was able to be controlled remotely. It’s able to bypass two-factor authentication, perform functions, such as downloading other malicious files or controlling the webcam and steal data.
Malicious extensions are a growing concern, but there are few options available to protect yourself from them. Many antivirus programs are unable to detect and remove this malware. Security extensions added to your browser are also powerless.
Your chosen web browser actually has a significant effect on how much at risk you are. Firefox users are considered to be the most vulnerable. This is because it allows for third party extensions to be added, which means hackers can convince users to install the malicious extensions themselves, or can use malware downloaded through other means to install them remotely.
Chrome users, on the other hand, are at a relatively low risk. Chrome only allows extensions to be added from their Web Store, which only contains extensions that have been approved by Google. This doesn’t mean that there can be no malicious extensions added to a Chrome browser. It just means it’s much more difficult than with Firefox.
Exercise caution when adding extension to your web browsers and make sure you understand what your security software does and does not protect against.
To improve the cyber security on your home computer or at the office, contact Geek Rescue at 918-369-4335.
September 25th, 2013
It’s easy to understand why so many hackers are targeting social media for cyber attacks. Where else would you find such a high collection of unsuspecting people? Many users have grown wise to email attacks and have learned to avoid suspicious emails. Social media, however, is still seen by most as a safe place. Throw in that many users access social media on mobile phones, which often lack necessary security, and you have an irresistible target for hackers.
John P. Mello, of CIO, reports that these attacks claim victims using the trust of users against them. Similar tactics as previously seen in creating fake versions of legitimate websites, or sending phishing emails that appear to be from legitimate sources, have been adapted for social media. The trend is to take over an account with a large number of followers and credibility and use it to spread malicious links.
These attacks are difficult to avoid because they appear to be coming from a trusted source. You wouldn’t expect a Twitter account that you’ve followed for years to suddenly be directing you to a phishing site, or infecting you with malware.
This isn’t only a concern for individuals either. Businesses need to be aware of these threats to security also. Another reason that social media is so attractive to hackers is that so many users access social media on their company’s network. This means that if any of your employees encounter a hacked profile, they are putting your company’s data at risk.
There are a number of options for how to deal with these threats. Blocking social media sites is one. Educating employees about the risk and making sure they understand how to avoid these attacks is another.
To improve your company’s security, contact Geek Rescue at 918-369-4335. We offer security software that is capable of blocking potentially dangerous sites and catching malware before it infects your system.
September 24th, 2013
Studies have shown that phishing and malware attacks through email are effective because of uneducated users. Individuals who are unable to identify these malicious emails, or those who don’t fully understand the risk involved, are the ones most often victimized. For a business, this means that more education and security is needed so an employee doesn’t wreak havoc for the entire organization.
Jeff Orloff, of The Email Admin, suggests some ways to safeguard your business and convince employees that email security is an important issue.
You can’t expect employees to follow the rules if those rules are only implied. To keep from having data stolen or malware infecting your network, write out a policy of email usage guidelines. Make sure every employee has a copy and understands it.
The idea of ‘that won’t happen to me’ is a difficult one to overcome in the context of cyber security. To do so, use specific examples from companies similar to yours in size and industry. Detail how they were attacked, why the attack was successful and what the end result was. Personalizing the attack to show how it would affect your employees is extremely helpful.
With a set of rules in place and an understanding of what’s at stake, you can explain how an attack works and how to avoid them. Most employees won’t understand, and don’t need to know, the technical details of malware, but a basic understanding of a hacker’s motivations is helpful. Then, an explanation of what to look for in a typical malicious email.
If you’re able to improve your users’ behavior, your security will improve exponentially. After all, it’s much easier to stop malware from getting in than it is to find it and delete it.
For help with your company’s cyber security, contact Geek Rescue at 918-369-4335. We offer security solutions to keep your business safe, which includes hosted email and spam filters.
September 23rd, 2013
Virtualization in the IT world means creating a virtual version of something. You can create a virtual server, virtual hard drive and more. The possibilities are nearly limitless and allow businesses to use their resources more efficiently. Brian Proffitt, of ReadWrite, explains that virtualization is also useful for fighting malware infections. This new way of thinking about security allows you to protect all of your devices, from smartphones and tablets to servers and PCs.
One method of using virtualization to avoid malware is to create a virtual version of your infected machine. This doesn’t get rid of the infection, but gives you a working version of your computer. It takes storage space and time, however.
Microvirtualization is another option. It virtualizes only one process of an operating system and is useful in keeping malware at bay.
With microvirtualization, you can virtualize the multiple processes needed to surf the internet. A single, virtualized process is programmed with a set of rules, which makes the process shut down if it encounters anything fishy, like malware trying to infect it. The process can even be frozen once the malware starts running, which allows security experts to analyze it.
The main key here is that malware is trapped immediately within a virtual process. It is never given the chance to infect your machine or begin to track your data. With micro-VMs, current forms of malware become obsolete.
For now, virtualizing every process of an application is not realistic due to limitations in technology. But, improvements are constantly being made and some use of micro-VMs is already possible.
To discover the latest in cyber security options for your home or business, contact Geek Rescue at 918-369-4335.
September 23rd, 2013
The goal of most cyber criminals is to gain access to potentially valuable information from whatever source is the easiest to steal from. This means regardless of the size of your business, a hacker will target you if your security is lacking. This also means that regardless of whether or not you think you have information that could be valuable, a hacker will target you.
Small businesses are particularly at risk because many don’t adequately budget for network security measures. Danielle Walker, of SC Magazine, reports that saving money on your security infrastructure usually winds up costing you.
The 2013 Small Business Technology Survey, conducted by the National Small Business Association, found that small companies lost around $8,700 after being the victim of a cyber attack. Of the nearly 900 businesses that responded to the survey, 44-percent say they had been attacked and infected with malware.
These attacks cause downtime, prevent employees from working and prevent your company from providing service to customers. They also affect a company’s credibility and sometimes lead to identity theft of customers.
Despite these alarming statistics, business owners are putting less emphasis on security now than they were three years ago. Although there is no way to be completely secure, businesses without adequate security make themselves an easy target.
Many companies that experience a cyber attack are unable to recover and close their doors for good. This is avoidable by planning ahead and having a robust security infrastructure and a plan for overcoming a malware attack.
For help improving your company’s security, contact Geek Rescue at 918-369-4335.