October 3rd, 2013
There are plenty of articles online about how to improve your own cyber security. Because there are so many, it’s easy to get lost or overwhelmed reading about tactics that provide little help.
Mark Stockley, of Naked Security, suggests concentrating only on the essentials. Here are three things that every home should do to immediately make a significant impact on their cyber security.
- Regularly update security software
Most likely, there is already an antivirus program on all the computers in your home. Those antivirus programs, and other security software, is only effective if they’re continuously updated, however. New forms of malware are issued daily and hackers are constantly inventing new ways to attack your machine. The only way to come close to keeping up is to install updates as soon as they’re available.
If there’s a wireless router in your home, the first thing to do is to protect it with a strong password. After that, check to find out what type of security it’s set to. You want to protect your router with WPA or WPA2. This stands for ‘WiFi Protected Access’ and are considered the best way to protect your router. The other option is WEP, which has been determined to be inferior.
The key to creating a strong password is to make sure it contains both upper and lowercase letters, numbers and symbols. Longer passwords are better so try to shoot for 8-characters or more. Even with a strong password, the chances of your account being hacked is greatly increased if you use the same password for multiple accounts. Using a strong, unique password for each account is the best security tactic. If you think you’ll have trouble remembering all of those different passwords, consider using a password manager, which are available online and encrypt all your passwords behind one master password.
These three tips won’t make your security completely impenetrable, but are all vital steps to take. If your security is missing any of these, you are at risk of a malware infection or worse.
To improve your security, or to clean malware and viruses off your machine, contact Geek Rescue at 918-369-4335.
October 2nd, 2013
Your Facebook profile is an appealing target for cyber criminals. With access to your profile, they immediately have access to all of your friends also. A hacked Facebook account has led to the hacker asking for money from Facebook friends, posting malicious links on friends’ walls and other suspect behavior.
Andy O’Donnell, of About, notes that you’re usually not the first to find out you’ve been hacked. A friend may text you to ask about an odd status update or message. When you try to sign into your account, either you’ll notice that someone else has been posting messages as you, or you’ll be locked out completely. If you believe you’re account has been hacked, follow these steps.
- Go to facebook.com/hacked, which is the Facebook Account Compromise Reporting page.
- Click ‘My Account is Compromised.”
- You’ll be taken to the ‘Identify Your Account’ page where you’ll be asked to enter your email address, phone number, or your name and the name of a Facebook friend.
- Follow the on-screen instructions.
Once you’ve re-gained access to your account, you’ll want to un-do anything that the hacker did. First, change your password. Take this opportunity to make it stronger by using upper and lowercase letters, numbers and symbols. Check your apps page to delete any suspicious apps the hacker may have added. Be sure to tell all of your friends that your account was hacked so they don’t follow any links the hacker may have sent them.
After you’ve taken care of any issues on Facebook’s site, take some time to think about how your account was compromised. Malware on your computer can result in hacked accounts, so a full-scan of your hard drive may be in order.
If you believe your computer is infected with malware, call Geek Rescue at 918-369-4335. We remove malicious programs like malware, Trojans and viruses from any device and have security options to help protect you from future attacks.
October 1st, 2013
Fort Disco sounds like an oddly themed night club, but it’s actually a dangerous form of malware that targets users of WordPress and Joomla. Lucian Constantin, of ComputerWorld, reports that the malware has also been documented attacking POP3 email and FTP servers.
Fort Disco is described as a brute force password guessing form of malware. This means that it infects a machine, then attempts to hack into the user’s accounts by trying random passwords. That’s where the term brute force comes in. There’s no finesse used to break into accounts. Instead, password after password is tried until the malware gains access to the account.
Security experts estimate that Fort Disco has infected more than 25-thousand Windows users and successfully hacked into more than 6-thousand WordPress, Joomla and DataLife Engine accounts.
Once the malware infects a machine, it’s able to communicate with its creator to get instructions on what accounts to attack. Since it is hosted on a user’s machine, email accounts and even FTP credentials are also at risk.
Brute force password attacks against content management systems aren’t rare, but Fort Disco is a unique way to hack those accounts. This malware is easily distributed across a large number of computers, and puts multiple accounts in harms way.
As with all types of malware, there are multiple ways it can infect your computer. To stay safe, be extremely cautious what websites you visit, what you download to your computer and what emails you open. Since Fort Disco has been seen hacking email accounts, it’s likely that a number of spam emails containing the malware are being sent.
If your computer is infected, or if you’d like to improve the security on your machine, contact Geek Rescue at 918-369-4335.
September 13th, 2013
Recent reports show that tablets are overtaking laptops in number of units shipped. With more and more tablet users out there, they become a much more attractive target for cyber criminals.
As Daniel Mellinger writes for IT Toolbox, most tablets must be linked to an email account and some even hook to mobile phone accounts. They’re used to access bank accounts, credit cards and do online shopping. This means they are home to an abundance of valuable data.
Much like the lack of security on smartphones, many tablet users decline to even have a password required to unlock the device. Not only should you set up a more secure way to unlock your tablet, but you should also consider downloading one of the numerous biometrics apps that will add a finger print scan or additional level of security.
There’s also the question of what happens if your tablet is lost or stolen. Whoever finds it will have access to all the sensitive data you’ve stored on it. Consider signing up for a remote wipe service. There are a number of easy to set-up third party apps. If you have an Apple or Android device, there are native options to use, as well. The idea is to be able to erase anything stored on the device so that whoever now has it can’t access any of your data.
Another security concern is malware. Tablet specific attacks will be more common with the tablet audience growing rapidly. This means you need security software in place. You run the risk of malware when you click on a link, download an email attachment or visit a malicious website. Most users aren’t aware that they’ve downloaded malware until it begins to affect their device’s performance. Malware is capable of harvesting data, monitoring activity and even hijacking some functions of your device.
Malware infections lead to hacked email and social media accounts, stolen identities and compromised bank and credit card accounts. That’s why it’s important to practice safe surfing and have robust security apps in place.
For help upgrading the security on your tablet, smartphone or any device, contact the experts at Geek Rescue by calling 918-369-4335.
September 11th, 2013
Many small business owners believe that they won’t be the target of a cyber attack simply because there are larger companies that present more value to hackers. However, this belief leads to more relaxed security protocols, which makes small businesses an attractive target because of their ease of access.
Susan Solovic posted on the AT&T Small Business blog how to immediately improve your company’s security without having extensive expertise.
As with any account, you need to protect your business by having each employee log-in with a secure password. This password should be long, have upper and lower case letters and symbols and numbers and be changed often.
It’s a basic step that pays big dividends. Don’t make it easy for a criminal to steal your information or infiltrate your network. When you’re not sitting at your computer, sign out. This erases the possibility that someone in the area could walk by and immediately access valuable data. This is especially important for mobile devices.
There’s a reason your antivirus software requires regular updates. Hackers are constantly changing tactics and using new techniques. Each update is an attempt to stay ahead of the curve. So, when any of your regularly used applications prompts you to update, do it.
Nothing keeps you 100-percent secure. Even if you are able to avoid a cyber attack, natural disasters could still wipe out data. Regularly backing up vital data is important in order to avoid a catastrophe. Should any of your files be lost or corrupted, you’ll have back-ups to replace them quickly without suffering any down time.
Each employee and each position at your company is different. Some will require different access to different applications. Think of it like a government security clearance. There are different levels depending on your pay grade. For your business, give employees the access necessary for them to do their job, but no more. This way, if their account is compromised, you won’t be allowing access to your entire network.
Keeping your business secure is an important and time consuming job. For help, contact Geek Rescue at 918-369-4335. We offer data storage and back-up, security solutions and more.
September 5th, 2013
Many companies have adopted an agile, mobile infrastructure to give employees access to vital data from practically anywhere. This is certainly effective for day-to-day business, but what happens when an employee leaves the company? How do you protect your data?
A recent post on IT Manager Daily suggests the key is a balance between your own interactions with the departing employee and security put in place after the individual leaves.
The first step is to develop a plan. In this plan should be a detailed, step-by-step protocol that is followed each time an employee leaves the company. You should also assess the risk an employee poses to the business should they be terminated or resign. Many times a senior member of your organization is more likely to steal data and start a competitor than a low-ranking employee.
Part of that plan should also include a robust contract signed at the time of hiring. This contract, similar to a non-compete, should have a data protection clause that prohibits employees from accessing and misusing company data once they’re no longer a part of the organization. These contracts also typically include a plan of action for lame-duck employees and how they will spend their last work days after putting in notice.
After an employee leaves, it’s vital that you shut off their access to any company data. Passwords should be changed on everything the employee previously had access to. If they used a company email account, you should even change the password to that. All company property should be turned in before the employee leaves. Once out the door for the last time, an employee doesn’t need any access to your data.
Taking these precautions against data theft doesn’t mean you don’t trust employees. They’re just good business tactics to ensure your data stays secure. In fact, developing a trust and allowing employees to leave on good terms is one of the most powerful ways to make sure no data is stolen. If an individual leaves liking you and your business, they’re less likely to do anything to harm it.
If you’d like to increase the security on your company’s data, contact Geek Rescue at 918-369-4335. We have a variety of security solutions to secure your network and keep your data safe.
August 29th, 2013
The instances of phishing attacks is on an aggressive rise. Over the past 12-months, the number of users who have experienced a phishing attack has risen 87-percent, from 19.9-million to 37.3-million.
During that time, there have also been multiple high-profile attacks, whose victims have included Twitter and the New York Times. Anyone can be a victim to a phishing attack and the rise in victims seems to indicate an increase in the number of threats online. It also suggests that more users need to understand the risks and how to avoid them.
Brian Clark Howard delved into this topic for National Geographic to help educate users so they may be able to avoid phishing attacks in the future.
A phishing attack refers specifically to an online scam use social engineering to coerce users in giving up personal information like social security numbers, bank account information and phone numbers. The most common means of phishing comes through spam emails. These emails are sent to hundreds or thousands of recipients and made to look like official correspondence from banks, service providers or even government agencies. Some include the threat of termination of service, while others will promise money or deals.
Spear phishing is an attack specifically targeting an individual or organization. By using information gleaned from other places, a hacker will put together an email that seems more legitimate because it will include information about you that a random person shouldn’t know.
This is usually how large-scale enterprises get hacked. They’re specifically targeted and employees are tricked into giving out their log in information, which opens the door for hackers to access the company’s network.
Anyone using email is at risk of a phishing scam. Trusting your spam filters helps to avoid many of the lazier phishing attempts, but you’ll also need to be wary of unsolicited emails asking for information you wouldn’t feel comfortable giving out to just anyone. Attachments, links, misspelled words and bad grammar are all signs that the email isn’t legitimate. In nearly every case, it’s better to contact a company by phone instead of replying to an email with personal information.
If you do fall for a phishing scam, you should immediately take action to change your passwords and monitor accounts closely for strange activity.
For help keeping your email secure and beefing up spam filters, contact Geek Rescue at 918-369-4335. We’ll help keep hackers out and your information secure.
August 16th, 2013
Getting hacked, having data stolen and money lost is at the front of everyone’s mind. Unfortunately, there’s no way to guarantee that you’re 100-percent safe. Your security will never be unbreachable, no matter how much effort you put into it.
Tom Cochran, of Entrepreneur, calls your efforts to protect yourself against cyber crime “a battle of asymmetry”. Put simply, there are too many vulnerabilities for you to monitor all of them and keep them secure.
This certainly doesn’t mean security shouldn’t be a concern. Even though the reality is you can’t be completely impenetrable, you should still strive to be as secure as possible.
Verizon reports that 79-percent of hacking victims were targeted simply because of opportunity. This means their security was woefully insubstantial and they were targeted because hackers found them to be an easy target. Of those targeted because of opportunity, 97-percent of them were avoidable with simple tools added to their security.
It’s a bit like the old saying about escaping a bear attack. You don’t have to be faster than the bear. You just have to be faster than those around you. You need to have the best security possible to dissuade cyber criminals from even trying to hack your network. If you make it difficult on them, they’ll look elsewhere. Here are a few ways for you to improve your security.
- Password Protected Everything
Businesses have attempted to make more and more of their data available from anywhere, which also means outsiders have the opportunity to hack into your network from anywhere. Passwords on devices and applications help to keep out those who shouldn’t have access. If you’re in doubt about whether an element you use needs a password, add one.
- Strong, Memorable Passwords
Password protection is useless if the password is easily broken. Use a combination of numbers, both upper and lower case letters, and symbols. Make your password eight characters or more. Try not to use whole words or information, like the names of your kids or pets, readily available on social media.
This doesn’t mean your password should be so nonsensical that you’ll never remember it. Passwords should still mean something to you, but be clever and use acronyms or other tricks to make your password strong.
We’re not advocating dancing here, but rather two-step verification. This means, in addition to password protection, there’s another layer of protection required for log in. Usually, this is a code given over the phone or via text message.
For social media, email or cloud services that are accessible by anyone, two-step verification is needed. After all, if the site is available to anyone, then anyone could be trying to break in.
Again, these tips don’t seal up your data entirely. Unfortunately, you are always at a risk of being hacked. But the more effort you put into your security, the more slight your chance of being hacked is.
To discover better security options for your business, or personal accounts, call Geek Rescue at 918-369-4335.
August 8th, 2013
How long do you think it would take an experienced hacker to break into your most valuable account online? For most people, the answer is about 3 minutes.
The average hack time is low because many people make it painfully easy to break into their accounts. Using names, anniversaries, birthdays and other personal information that is also public information, or at least readily available on any of your social media accounts, is a surefire way to get an account hacked. Similarly, using full words in your password makes it easier to crack.
There are four character types available for any password, upper and lower case letters, numbers, and special characters like symbols and punctuation. Use a combination of all four to make the strongest password possible.
As you might expect, the shorter your password is, the weaker it is. Shoot for a length of at least 8 characters.
Since nearly two-thirds of people use the same password for multiple sites, when one site becomes compromised, a cyber criminal gains access to every account using that password.
For more information about creating strong, secure passwords, check out Denise Lu’s article at Mashable and the accompanying infographic from Instant Checkmate.
Even the strongest passwords don’t protect you fully, but they do make it more unlikely that your most precious data remains secure. To put more security in place, contact Geek Rescue at 918-369-4335. We have a number of security solutions for home and business to keep data out of the wrong hands.
August 7th, 2013
When you log-in to your most visited sites on the web, your internet browser will offer to store your log-in information so you don’t need to enter it every time you visit the site. Many users use this function to keep from forgetting passwords or just to make their lives that much easier.
Have you ever thought about who might have access to the passwords you store? Particularly for Chrome and Firefox users, anyone with local access to your machine also has easy access to all of your stored passwords.
Tim Scheisser, of TechSpot, reveals that in two of the most common browsers, stored passwords are not hidden behind encryption or any type of master password. Instead, they are available to anyone using the computer.
Chrome representatives say the omission of any type of security around your stored passwords was intentional. Rather than leading you to believe your passwords are safe because of encryption or other measures, they want you to understand that if anyone gains local access to your computer, all of your information is compromised.
While it’s true that someone who has access to your physical machine is hard to stop, many users would prefer more protection than Chrome and Firefox supply. Internet Explorer and Safari both provide a master password lock before granting access to stored passwords. This is certainly breakable, but at least takes some effort.
Client side protection has never been, nor will it ever be the main focus of a browser. To maximize your security, consider not using the store password function. You’ll also want to call Geek Rescue at 918-369-4335 and have the latest security software loaded onto your machine. With the right tools in place, you avoid devastating losses of data.