Malicious Extensions Are A Growing Threat

September 26th, 2013

Web Browser

Browser extensions enhance the capability of your web browser. There are a number of uses for browser extensions. Many are designed to improve security or boost productivity. Recently, more and more extensions have been made by hackers, however.

Lucian Constantin, of ComputerWorld, writes that malicious browser extensions are a growing concern among security experts. That’s because they are difficult to protect against.

Malicious extensions have been seen before. They’ve been used to hijack searches and show ads to users. Recently, an IT security consultant was able to create an extension with much more harmful capabilities.

This example malware was able to be controlled remotely. It’s able to bypass two-factor authentication, perform functions, such as downloading other malicious files or controlling the webcam and steal data.

Malicious extensions are a growing concern, but there are few options available to protect yourself from them. Many antivirus programs are unable to detect and remove this malware. Security extensions added to your browser are also powerless.

Your chosen web browser actually has a significant effect on how much at risk you are. Firefox users are considered to be the most vulnerable. This is because it allows for third party extensions to be added, which means hackers can convince users to install the malicious extensions themselves, or can use malware downloaded through other means to install them remotely.

Chrome users, on the other hand, are at a relatively low risk. Chrome only allows extensions to be added from their Web Store, which only contains extensions that have been approved by Google. This doesn’t mean that there can be no malicious extensions added to a Chrome browser. It just means it’s much more difficult than with Firefox.

Exercise caution when adding extension to your web browsers and make sure you understand what your security software does and does not protect against.

To improve the cyber security on your home computer or at the office, contact Geek Rescue at 918-369-4335.

Growing Number Of Cyber Attacks From Social Media

September 25th, 2013

Unlike

It’s easy to understand why so many hackers are targeting social media for cyber attacks. Where else would you find such a high collection of unsuspecting people? Many users have grown wise to email attacks and have learned to avoid suspicious emails. Social media, however, is still seen by most as a safe place. Throw in that many users access social media on mobile phones, which often lack necessary security, and you have an irresistible target for hackers.

John P. Mello, of CIO, reports that these attacks claim victims using the trust of users against them. Similar tactics as previously seen in creating fake versions of legitimate websites, or sending phishing emails that appear to be from legitimate sources, have been adapted for social media. The trend is to take over an account with a large number of followers and credibility and use it to spread malicious links.

These attacks are difficult to avoid because they appear to be coming from a trusted source. You wouldn’t expect a Twitter account that you’ve followed for years to suddenly be directing you to a phishing site, or infecting you with malware.

This isn’t only a concern for individuals either. Businesses need to be aware of these threats to security also. Another reason that social media is so attractive to hackers is that so many users access social media on their company’s network. This means that if any of your employees encounter a hacked profile, they are putting your company’s data at risk.

There are a number of options for how to deal with these threats. Blocking social media sites is one. Educating employees about the risk and making sure they understand how to avoid these attacks is another.

To improve your company’s security, contact Geek Rescue at 918-369-4335. We offer security software that is capable of blocking potentially dangerous sites and catching malware before it infects your system.

Windows Defender Scores Poorly

September 24th, 2013

F on paper

Microsoft Windows users may be tempted to forego any additional security software because of the existence of Windows Defender, a free antivirus program included with Windows. While Defender does offer some security benefits, Mathew J. Schwartz, of Information Week, points out that it hardly is capable of protecting your computer on its own.

In a study conducted with 27 other antivirus programs that tested protection, repair and usability of each, Defender scored the lowest. In fact, out of a possible score of 18 on the test, Defender scored about 5 points lower than any other program.

In a test of about 60-thousand common pieces of malware, Defender was able to detect 97-percent of them. Not so good considering only three other programs failed to achieve 100-percent detection.

Defender does have its advantages, however. It earned top marks in usability and, of course, its price tag can’t be beat.

So, should you run Windows Defender on your computer? Absolutely, but you should have other security in place, as well.

Security experts suggest using multiple layers of security, even if you have the top ranked programs in place. Because malware is constantly changing and new forms are released each day, there’s no way any program can keep up. So, having multiple ways to detect malicious programs gives you a better chance to avoid infection.

For help improving the security on your machine, or to get rid of malware that’s already infected it, call Geek Rescue at 918-369-4335.

Improve Email Security By Educating Users

September 24th, 2013

Email inbox

Studies have shown that phishing and malware attacks through email are effective because of uneducated users. Individuals who are unable to identify these malicious emails, or those who don’t fully understand the risk involved, are the ones most often victimized. For a business, this means that more education and security is needed so an employee doesn’t wreak havoc for the entire organization.

Jeff Orloff, of The Email Admin, suggests some ways to safeguard your business and convince employees that email security is an important issue.

  • Have A Written Policy

You can’t expect employees to follow the rules if those rules are only implied. To keep from having data stolen or malware infecting your network, write out a policy of email usage guidelines. Make sure every employee has a copy and understands it. 

  • Use Specific Examples

The idea of ‘that won’t happen to me’ is a difficult one to overcome in the context of cyber security. To do so, use specific examples from companies similar to yours in size and industry. Detail how they were attacked, why the attack was successful and what the end result was. Personalizing the attack to show how it would affect your employees is extremely helpful. 

  • Explain The Hows

With a set of rules in place and an understanding of what’s at stake, you can explain how an attack works and how to avoid them. Most employees won’t understand, and don’t need to know, the technical details of malware, but a basic understanding of a hacker’s motivations is helpful. Then, an explanation of what to look for in a typical malicious email. 

If you’re able to improve your users’ behavior, your security will improve exponentially. After all, it’s much easier to stop malware from getting in than it is to find it and delete it.

For help with your company’s cyber security, contact Geek Rescue at 918-369-4335. We offer security solutions to keep your business safe, which includes hosted email and spam filters.

Microvirtualization Could End The Threat Of Malware

September 23rd, 2013

Virtualization

Virtualization in the IT world means creating a virtual version of something. You can create a virtual server, virtual hard drive and more. The possibilities are nearly limitless and allow businesses to use their resources more efficiently. Brian Proffitt, of ReadWrite, explains that virtualization is also useful for fighting malware infections. This new way of thinking about security allows you to protect all of your devices, from smartphones and tablets to servers and PCs.

One method of using virtualization to avoid malware is to create a virtual version of your infected machine. This doesn’t get rid of the infection, but gives you a working version of your computer. It takes storage space and time, however.

Microvirtualization is another option. It virtualizes only one process of an operating system and is useful in keeping malware at bay.

With microvirtualization, you can virtualize the multiple processes needed to surf the internet. A single, virtualized process is programmed with a set of rules, which makes the process shut down if it encounters anything fishy, like malware trying to infect it. The process can even be frozen once the malware starts running, which allows security experts to analyze it.

The main key here is that malware is trapped immediately within a virtual process. It is never given the chance to infect your machine or begin to track your data. With micro-VMs, current forms of malware become obsolete.

For now, virtualizing every process of an application is not realistic due to limitations in technology. But, improvements are constantly being made and some use of micro-VMs is already possible.

To discover the latest in cyber security options for your home or business, contact Geek Rescue at 918-369-4335.

 

 

Cyber Attacks Cost Business Owners Big

September 23rd, 2013

Safe with money

The goal of most cyber criminals is to gain access to potentially valuable information from whatever source is the easiest to steal from. This means regardless of the size of your business, a hacker will target you if your security is lacking. This also means that regardless of whether or not you think you have information that could be valuable, a hacker will target you.

Small businesses are particularly at risk because many don’t adequately budget for network security measures. Danielle Walker, of SC Magazine, reports that saving money on your security infrastructure usually winds up costing you.

The 2013 Small Business Technology Survey, conducted by the National Small Business Association, found that small companies lost around $8,700 after being the victim of a cyber attack. Of the nearly 900 businesses that responded to the survey, 44-percent say they had been attacked and infected with malware.

These attacks cause downtime, prevent employees from working and prevent your company from providing service to customers. They also affect a company’s credibility and sometimes lead to identity theft of customers.

Despite these alarming statistics, business owners are putting less emphasis on security now than they were three years ago. Although there is no way to be completely secure, businesses without adequate security make themselves an easy target.

Many companies that experience a cyber attack are unable to recover and close their doors for good. This is avoidable by planning ahead and having a robust security infrastructure and a plan for overcoming a malware attack.

For help improving your company’s security, contact Geek Rescue at 918-369-4335.

Change Your Privacy Settings Before Using Your iPhone

September 20th, 2013

iPhone user

Before you start playing with your new iPhone 5s or 5c, take a moment to adjust the privacy settings. Even if you don’t have a new iPhone, it’s a good idea to check that your phone’s settings are set to your liking. For instance, upgrading to iOS7 on your existing iPhone can reset your settings, so checking on them once in awhile is a good idea.

Jason D. O’Grady, of ZDNet, has some suggestions for how your privacy settings should look. These will keep your iPhone from allowing too much access to 3rd party apps and keep you from sharing too much with potential hackers.

  • Location Services

Most of the apps you download want to access your location. Few, however, truly need that access. To limit how you share your location, go to ‘Settings’ then ‘Privacy’ then ‘Location Services’. Scroll all the way to to the bottom to find ‘System Services’. Here you’ll be able to turn on notifications for anytime an app uses your location. That way, if you get a notification from an app that shouldn’t be accessing your location, you can go turn off that app’s capability. 

  • Diagnostics and Usage

This is code for ‘let Apple track my activity’. To turn this option off, touch ‘System Services’ from the screen you were just on. Turn off ‘Diagnostics and Usage’ to no longer send data to Apple, which they say is to help improve iOS. On this same screen, you’ll want to disable ‘Location Based iAds’, which is exactly what it sounds like. 

  • Do Not Track Safari

Finally, go to ‘Safari’ in your ‘Settings’ menu. Make sure that ‘Do Not Track’ is turned on so you’ll be able to surf anonymously. While you’re here, check that ‘Block Pop-Ups’ is also turned on. 

These quick adjustments to your settings help to improve your iPhone’s privacy. Improving privacy settings keeps your phone from sending data to Apple, advertisers and others who don’t need to have access to it.

Privacy settings don’t keep you secure from malware and other attacks, however. To improve the security on your smartphone, or to get rid of malware already on it, call Geek Rescue at 918-369-4335, or bring your device in to one of our locations.

3 Ways Malware Gets Through Security Software

September 19th, 2013

Breaking in

Regardless of how many safeguards you have in place, your company’s data is never completely secure. Security tools like antivirus software and firewalls are helpful, but they can’t guarantee your safety.

Sam Narisi, of IT Manager Daily, points out that data breaches and cyber attacks create a number of negative results beyond just the loss of data. Employee and system downtime, money lost, damage to a brand’s credibility and compliance failure are all possible when your security is compromised.

One step towards improving security is to understand how your current security infrastructure is being infiltrated. Here’s some of the latest hacker tactics.

  • USB Threats

Everyone is aware of the dangers online so most companies focus their security to protect them on that front. However, 25-percent of companies victimized by a malware attack say it originated from an individual’s USB device. To accomplish this, cyber criminals send out complimentary USB devices, which are disguised as promotional material for a company and infected with malware. They also leave USB devices sitting in coffee shops, bars, restaurants or on the street. Eventually, someone picks it up and tries to use it. 

  • Remote Threats

An employee working at the office on your secure network is well protected. That employee may take his laptop or smartphone elsewhere to work, however. Especially if connected to a free WiFi network, that employee would now be vulnerable. Hackers could gain access to anything stored on their device, and then gain access to the company’s network when they return to work. 

  • Holes in Security Software

Even with antivirus software in place, you’re vulnerable. 40-percent of companies who have experienced a malware attack say the threat slipped through security software already in place. That software has a difficult time keeping up with new malware, even when it is regularly updated. Since hackers have such a deep understanding of how antivirus programs work, they are developing malware that stays undetected. 

Having the right tools in place is still a good place to start to avoid a malware infection. Proper training for employees is another necessary precaution. If you still find that your network has been infiltrated, call Geek Rescue at 918-369-4335. We will disable the threat and also keep you better protected for the future.

Take These Steps To Quickly Improve Cyber Security

September 19th, 2013

Cyber Security

Everyone is interested in the silver bullet that will magically make them completely secure and afe from any cyber threat. It doesn’t exist, but as Thorin Klosowski points out at Lifehacker, there are a number of ways to become more secure within minutes.

  • 2 Factor Authentication

By far the simplest and quickest way to improve security is to enable 2 factor authentication on your online accounts. With this more secure type of log-in, you’ll be prompted for your password, but you won’t be given access to your account until you’re given a second authentication method. In many cases, you’ll be texted or called with a code to enter to prove that you are who you say you are. Once you’ve gone through this process, a hacker would need to using your computer, or have your smartphone to gain access to your account. 

  • Password Manager

A password manager can be added to practically any browser and will automatically log you into accounts that have been added to it. This actually sounds less secure, but the password manager locks away all your passwords and encrypts them so they’re safe. You’ll only need to remember one master password to use the password manager. Many managers will even generate a strong, random password for each site you wish to use with it, so the only way to log in to those accounts is by having access to the password manager. 

  • Encrypted Email

Email encryption has some headaches associated with it. Most notably, encrypted emails require a key to read, so whoever you’re sending a message to will need the key. But sending them the key over email defeats the purpose of encryption. You probably don’t need to encrypt every email you send, but messages containing information like bank accounts, social security numbers or even contact information are good candidates for encryption. Just be sure to send the encryption key through text, or in person. 

  • Secure Back Up

Backing up your files is always a good idea, but, just like email, it’s important to encrypt files containing potentially valuable data. There are a number of services that offer encrypted back ups, but one obstacle is that usually these encrypted files won’t be available to you on another machine. That means you won’t be able to access them from your smartphone or at work. 

These steps will improve your online security, but nothing is unhackable. The idea is to make it as difficult as possible for anyone to access your data and accounts. Geek Rescue specializes in improving your cyber security to keep your information safe and your devices free from malware. Give us a call at 918-369-4335 to find out how to strengthen your security.

Steps To Take If Your Personal Data Is Stolen

September 18th, 2013

Identity Theft

The focus of data breaches is usually on the company who was breached. Articles detail how to better secure your company’s data and how to recover if your company gets hacked, but what about the users whose personal information is now in the hands of criminals?

If you are informed by a company you have an account with that your data has been compromised, Andy O’Donnell of About has some advice for what to do next.

  • Change Your Passwords

The absolute first thing to do is change the password on the compromised account. This isn’t a futile effort. Most likely, your log-in information is just one of thousands or millions of log-ins stolen. There’s a good chance that the hackers haven’t even been able to try it yet. So, change that password immediately and you could save yourself a lot of trouble. To be safe, take this opportunity to change the other passwords on your most used accounts. Passwords should be changed periodically anyway, but if a knowledgeable criminal has your email address and other information, it’s possible they’ve hacked into other accounts. 

  • Contact Your Bank And Credit Card Companies

Even if your bank was the company who contacted you about the breach, you’ll want to make sure there’s a fraud alert on your accounts. This way, any suspicious activity will be immediately noticed and you won’t end up with thousands of dollars missing. You’ll probably also want to get new credit and debit cards with new numbers. Credit card information is often the goal of any data breach, so if there’s any way the compromised company had your card number on file, be proactive and get a new card. 

  • Ask About Free Identity Theft Prevention Services

It has become common practice for a breached company to offer this service to their affected customers. But, you may have to ask to get the offer. Or, asking may cause them to offer it to you even if they weren’t planning to originally.

  • Request A Freeze On Your Credit Report

This isn’t for everyone as their are positives and negatives to a security freeze. Do your research before requesting one. The reason it may be useful is that criminals who have access to your personal information will likely attempt to open a line of credit with it in your name. Irreparable harm could be done to your credit score if left unchecked.

Should you learn that your valuable data has been stolen from a company you do business with, you’ll want to act quickly to avoid as much damage as possible. You can’t get the data back, but you can make it significantly less valuable and prevent it from hurting you.

Geek Rescue helps business stay more secure in order to avoid these data breaches. We also help keep your home computer and network secure, so your personal information isn’t stolen directly from you. To find out how Geek Rescue helps your home and business, give us a call at 918-369-4335.