September 9th, 2013
You’ve probably heard of phishing and even spear phishing. But have you heard of smishing?
Criminals are using text messages, or SMS, to send phishing scams directly to your smartphone. Dubbed smishing by some, it’s another way for hackers to steal your money, information or monitor your activity.
Just like phishing and spear phishing, smishing relies on social engineering to play on your fears. Most smishing messages offer you money or gift cards, or claim to be your bank or credit card company.
About.com’s Andy O’Donnell published some tips to help you avoid becoming a victim of a smishing scam.
- Know Your Bank’s Texting Policy
If your bank sends you a text regularly, it might be harder to decide when it isn’t legitimate. However, if you’ve never received a text from your bank before, you should be extremely wary when a text from a bank shows up on your phone. This goes for any accounts you have with any company. If a text comes to you, don’t respond to it. Instead, look up the customer service number for that business and contact them directly.
When an email-to-text service is used, a 4-digit number will usually be shown as the sender. Not all email-to-text users are malicious, but criminals use them to mask their actual location. If you get a text from someone without a typical phone number, be extra cautious.
- Use The Text Alias Feature
If you seem to be getting a lot of spam texts, or just don’t want to worry about them, your phone provider likely offers a text alias feature. This allows you to use an alias number to send and receive text messages and you can then block texts from coming to your actual number. This alias will only be known to those you give it out to, so scammers won’t have access to it.
As mentioned earlier, email-to text and other internet text relay services help scammers mask their identity and allows them to send a high volume of messages. Your cell phone provider will allow you to block all texts coming from these services. This will reduce the number of smishing texts you receive, but you might also miss out on legitimate texts from companies using these services.
Putting additional security on your mobile device is another great way to ensure your safety. To find out more about mobile security, contact Geek Rescue at 918-369-4335.
September 9th, 2013
Google Chrome, Microsoft’s Internet Explorer and Mozilla Firefox are the three most popular browsers for PC users. One of the reasons for this is that each offers users security tools to keep them safer while surfing the web.
Kim LaChance Shandrow reports for Entrepreneur that 31-percent of internet attacks target businesses with fewer than 250 employees. This means that regardless of who you are, or how big or small your company is, you have a significant chance of being the victim of a cyber attack. You can’t afford to browse the internet without the proper security in place. With that in mind, here’s a rundown of the security each of the top three browsers offer users.
This browser’s maker, Mozilla, is a non-profit foundation and is mostly funded by Google, who pays to have their site incorporated into the browser. It is also considered by many to have the best security features of any of the most popular browsers. “Undercover” mode and the “Do Not Track” tool both help keep your activity online invisible to others, including website who would normally track you. Firefox also warns you when you encounter a potentially malicious site. Malware, phishing scams and dummy sites are all recognized and you are given advance warning.
Google’s browser is the most used in the US and boasts the fastest performance. Privacy settings are highly customizable and the “Incognito” mode works just like Firefox’s “Undercover” to keep your activity hidden. There’s also a “Do Not Track” tool but it’s not as user friendly as Firefox’s. While Chrome does a good job protecting users from malware and dummy sites, a big flaw is that information saved, like passwords, contact and credit card information, isn’t encrypted.
Microsoft boosted their security offering in the latest version of their browser. “Enhanced Protected Mode” safeguards against malware, tracking and hacking. Internet Explorer specifically protects against cross-scripting attacks and offers “Do Not Track” and “InPrivate” modes, much like Chrome and Firefox. One security gap exists in ActiveX, which is included to make rich media like video and animations run smoother. Cyber criminals are able to use ActiveX as a hacking tool when it’s allowed to run. IE10 does allow users to disable ActiveX, however, and only use it on trustworthy sites.
Browser security is certainly improving with each new version, but a browser’s protection will likely never be enough to keep you fully secure. Antivirus and anti-malware software should be installed and regularly updated on your machine and firewalls should be in place. The idea is to make it as difficult as possible for hackers to infiltrate your device.
For help improving your security at home or the office, call Geek Rescue at 918-369-4335. We offer a variety of security solutions to keep your data safe.
September 6th, 2013
Most everyone has heard of a firewall, but few really know what it is and what it does. The first thing you need to know is that you need one.
A firewall is a line of defense that monitors and filters data entering and leaving your network or computer. Andy O’Donnell describes a firewall for About.com as a “network traffic cop”.
It’s simple to understand that there are criminals outside of your network that want to get in and steal your data. Keeping them out is important, just as keeping criminals out of your home is important. A firewall is the first line of defense for keeping the criminals out and your data safe.
The other job of a firewall is ensuring that outbound traffic of a malicious nature is also blocked. This is a little harder to understand. Outbound data usually refers to what you are sending out of your own network, so why would you want to limit that direction of traffic? Well, if you do get a malware infection or allow access to your network to a malicious program, data can be sent from your computer to download more malware. A hacker is much more limited if the data sent from the infecting malware is limited by your firewall.
There are hardware-based firewalls that exist outside your computer. It would be a dedicated piece of hardware you add on to boost security. Many people already have a hardware firewall contained in their wireless router. To make sure it’s active, you’ll want to check the router’s settings.
There are also software-based firewalls. Most operating systems, like Windows for example, come with a standard firewall that is active by default. There are also a number of antivirus programs that also include software-based firewalls.
If you don’t have an active firewall, your operating system has probably alerted you to that fact. To improve your system’s security, contact Geek Rescue at 918-369-4335. We have a variety of security solutions to keep all of your devices safe.
September 6th, 2013
You’ve likely heard how cyber criminals can hack your smartphone and gain access to your accounts, or even take over functions of your phone. But do you understand why your smartphone is such a coveted target?
Marshall Honorof, of TechNews Daily, writes that “your smartphone contains as much sensitive information as your wallet” and is always on, connected to the internet and vulnerable.
Your smartphone has a number of vulnerabilities, which makes it a challenge to protect. You’re probably always logged into social media and email accounts on your phone. This means that anyone who gains access to your phone also gains access to all of these accounts. With the information gained from social media and email, an intelligent hacker is able to gain access to almost any account you have online.
Smartphones also present the unique problem of text messaging vulnerability. A text message is practically impossible to block since phones open them as soon as they’re connected to a network. This means text messages containing malware are a near-perfect weapon.
There have even been demonstrations of infecting iPhone’s with malware through charging. Once a phone is infected with malware, any number of bad outcomes is possible. Your data could be collected, activity monitored, accounts hacked and phone functions hijacked.
When Bluetooth, Wi-Fi and GPS are activated, phones broadcast a shocking amount of information. Your location and the model number of your phone are available to anyone who cares enough to look for it. Retailers are actually beginning to use this information to tailor ads to you.
Turning off functionality like GPS and Wi-Fi when you’re not using it not only grants you more privacy, it also saves your battery. Experts also suggest uninstalling social media and email apps from phones. These apps are less secure than the websites they represent and keep you logged in at all times.
In addition to better usage habits, you’ll need robust security software to keep your phone safe. Contact Geek Rescue at 918-369-4335 to find out how to improve the security on any of your devices.
September 5th, 2013
Many companies have adopted an agile, mobile infrastructure to give employees access to vital data from practically anywhere. This is certainly effective for day-to-day business, but what happens when an employee leaves the company? How do you protect your data?
A recent post on IT Manager Daily suggests the key is a balance between your own interactions with the departing employee and security put in place after the individual leaves.
The first step is to develop a plan. In this plan should be a detailed, step-by-step protocol that is followed each time an employee leaves the company. You should also assess the risk an employee poses to the business should they be terminated or resign. Many times a senior member of your organization is more likely to steal data and start a competitor than a low-ranking employee.
Part of that plan should also include a robust contract signed at the time of hiring. This contract, similar to a non-compete, should have a data protection clause that prohibits employees from accessing and misusing company data once they’re no longer a part of the organization. These contracts also typically include a plan of action for lame-duck employees and how they will spend their last work days after putting in notice.
After an employee leaves, it’s vital that you shut off their access to any company data. Passwords should be changed on everything the employee previously had access to. If they used a company email account, you should even change the password to that. All company property should be turned in before the employee leaves. Once out the door for the last time, an employee doesn’t need any access to your data.
Taking these precautions against data theft doesn’t mean you don’t trust employees. They’re just good business tactics to ensure your data stays secure. In fact, developing a trust and allowing employees to leave on good terms is one of the most powerful ways to make sure no data is stolen. If an individual leaves liking you and your business, they’re less likely to do anything to harm it.
If you’d like to increase the security on your company’s data, contact Geek Rescue at 918-369-4335. We have a variety of security solutions to secure your network and keep your data safe.
September 4th, 2013
The growing trend of BYOD, Bring Your Own Device, means that more and more employees are using their personal smartphones on company networks. The initial concern surrounding BYOD is that sensitive and valuable information will be stored on personal devices and potentially lost or stolen. But, as Sam Narisi points out for IT Manager Daily, there’s another significant threat to consider.
A security researcher for Tripwire recently demonstrated how a single compromised Android device could be used to hack into a company’s IT infrastructure. This is possible through Google apps, which many companies use for cloud computing and email.
Android uses a “single sign-on” feature, which means that users aren’t asked to continuously authenticate their Google account with a password. Instead, the Android device stores a cookie the first time you authenticate your account and remembers that your device and your account are linked.
The problem is similar to forgetting to log-out of your email or social media account on a shared computer. For example, if you’ve ever checked your Facebook page at a computer lab or library and forgotten to sign-out when you left, you probably ended up with some joke statuses on your account. College students know exactly what we’re talking about.
For this Android flaw, when an employees device is lost or stolen, their accounts remain active. Whoever holds that device has access to everything stored in Google apps, including the employee’s email account.
An intelligent hacker, however, doesn’t even need to physically hold the Android to access Google apps. If they are able to infect the device with malware, they could also gain similar access to Google accounts.
The simplest fix for this security flaw is to keep anyone from accessing corporate Google apps with their Android device. Failing that, keep from downloading any extraneous apps, especially outside of the Play Store. That will go a long way in keeping malware off your smartphone.
For more help keeping your smartphone or other device safe and secure, contact Geek Rescue ta 918-369-4335. We offer a variety of security solutions for both home and business.
August 30th, 2013
Protecting your security and keeping your privacy online is possible. It takes more of a commitment than just keeping your antivirus software updated, however.
John Okoye, of Techopedia, suggests that your own browsing habits have as much to do with security as your security software. Here are some of the ways you can protect yourself.
Do a little research and discover how the internet browser you’re using stores your data. It may be tracking your history and selling it to advertisers without your knowledge. However, many browsers have options to surf privately without saving your history or data.
Even if you are extremely careful about who you give your email address out to, you’ll still receive your fair share of spam emails. When one appears in your inbox, don’t respond. That includes following the ‘unsubscribe’ link. Once spammers learn that your email is active, you’ll actually receive more spam than before. Also, be sure to mark the email as spam, rather than just deleting. it. If you find that more spam emails are making through your spam filter, consider adding additional rules, or changing email providers.
- Be Careful With Social Networks
Social media profiles are a resource for hackers. By learning your birthday, address, phone number and email address, they can intelligently hack into other accounts, or send you phishing scams. Be sure to take advantage of security options to keep your information private and don’t over share. There’s usually no reason to include a phone number on your Facebook page.
Do some research and find an secure email provider. One that protects you from spam and doesn’t save your emails in a log. Your email should also be encrypted to ensure that no one but the intended recipient is reading them. You may also consider having multiple email accounts. That way, when registering for accounts on ecommerce sites or anywhere that you don’t want to have your primary or business email, you can use a secondary account.
These are just some of the ways you can take action to stay safer and more secure online. To beef up the security for your home PC or your business network, call Geek Rescue at 918-369-4335.
August 29th, 2013
The most used mobile operating system in the world is Android. If you own an Android device, you’re also the most likely to be the victim of a malicious attack.
The BBC reports that Android users were 79-percent of attacks on mobile devices in 2012. Apple’s iOS, on the other hand, suffered less than 1-percent of attacks.
The simple fact that more users are available through Android than iOS plays a role in why hackers dedicate more time to that operating system. Another reason is chalked up to Android’s very architecture. The same thing that makes Android so developer friendly and customizable also makes it susceptible to malware.
There have been many security vulnerabilities exposed in older version of Android operating systems. Since many users are still using devices with those systems installed, they are still at risk. Apple, on the other hand, reports that more than 93-percent of their users have the latest operating system installed on their device.
Two key threats have been identified as the main sources of malware infections. One, Text trojans, sends unsolicited SMS messages to users containing harmful links. The other are fake sites that appear to be the legitimate Google Play store, but actually contain harmful apps.
Although older versions of the Android operating system are most at risk, newer version have displayed vulnerabilities as well. Recently, the so-called ‘Master Key’ bug allowed hackers in China to take control of a number of Android phones.
To keep your device safe, you need a combination of security apps and smart surfing practices. To increase the security on your device, be it Android, iOS, mobile or desktop, call Geek Rescue at 918-369-4335.
August 28th, 2013
Bring your own device, or BYOD, is a growing trend in business. It refers to employees using their own devices, like smartphones and tablets, to access their company’s network and make their jobs easier. This becomes a problem in terms of security.
As Anders Lofgren writes for All Things Digital, an estimated 80-percent of employees are already bringing their devices to the office but many employers aren’t embracing this trend. This doesn’t mean that workers will stop using their smartphones to check their work email. It does mean that they’ll be doing so in an unsecured manner.
The threat of data being lost is exponentially higher when there are no security mandates on employees devices. Just by password protecting a smartphone, you greatly reduce your risk. There’s also a need to ensure that any device accessing your network has adequate security software installed.
Beyond adapting to the growing BYOD trend, you should also have an eye on what’s ahead.
Bring your own cloud, or BYOC, is another employee habit companies must plan for. Using Dropbox, Google Drive or other public cloud services makes an employee’s job simpler, but there are a number of security concerns.
If you allow individuals to bring their own device to work, what happens when they leave the company? Take your own device, or TYOD, refers to the policy of remotely wiping a former employees device of any sensitive data specific to your company. Currently, less than a quarter of all businesses have a policy to ensure former employees don’t still have sensitive data on their personal devices.
Compatibility issues also become a major problem when employees bring their own devices. Many will have iPhones or iPads, which may not be immediately compatible with your companies software choices.
To lock down your security in the face of the BYOD trend, call Geek Rescue at 918-369-4335. We solve compatibility issues, close gaps in security and offer solutions to keep your business running efficiently.
August 28th, 2013
Is your organization the target of a cyber attack? Almost definitely, yes.
John P. Mello reports for CIO that “about half of global organizations have suffered a cyber attack in the last year”.
What you should take away from that statistic is that every organization is at risk, regardless of size, who they cater to and what industry they’re in.
Here’s why an attack is such a major concern for any business. About 65-percent of attacks result in a loss of revenue because of system and employee downtime. About 19-percent result in the loss of potentially valuable data. If you aren’t protecting yourself properly, you’re inviting criminals to affect your bottom line.
Many of the cyber attacks that affect businesses worldwide are not of the targeted variety. A targeted attack implies that an individual hacker or group specifically came after your company for a reason. That reason can be because they wanted specific data, or just because they don’t like your company.
If an attack isn’t targeted, it’s usually the result of bad surfing practices by employees or lax security. Hackers unleash malware on the public with no specific target in mind and wait for their tactics to pay off. Clicking a bad link, opening spam email or downloading a file all opens the door for these attacks.
Detection of these attacks is key. Just as stopping a virus attacking a human body is easiest when detection is early, early detection of a cyber threat makes stopping the threat and closing the gap in security much easier.
To improve your company’s security, call Geek Rescue at 918-369-4335. We offer a customized approach to safeguard your data and network.
