October 21st, 2013
As we’ve mentioned before, it’s impossible to be completely secure. Hackers continually adjust their tactics and upgrade their tools to breach any network. Because of this constant evolution, security has to constantly change and be updated as well. Your security infrastructure becomes less effective every day. Debbie Mahler, of the State of Security blog, writes that security is a process. She suggests some tips for how to continually improve your cyber security.
- Identify the weakest link
In order to improve security, you first have to find out where it needs to be improved. Usually, employees are the downfall of any security infrastructure. Unsafe web surfing habits, or human error often result in breaches. It’s important to study their habits in order to put policies in place that will keep your business more secure.
Having a firewall in place, and password protection on routers is a great step towards being more secure. But, too many people fail to utilize the tools they have at their disposal. For example, there have been many instances of security breaches stemming from a failure to change default passwords on routers. If you’ve taken the time to put these measures in place, take the additional time to make sure you’re using them effectively.
This is a common IT security rule. For any file, no one should have access. That’s where you start, then add permissions as necessary. This will keep your most valuable data secure because only a select few will have access to it.
Catastrophic data breaches usually happen after your network has been infiltrated previously. And, each time there’s suspicious behavior on your network, the logs have the evidence. Be sure to regularly review the logs in order to catch potentially harmful situations before they explode into disasters.
Security for your business is a big job that requires constant supervision. For help, contact Geek Rescue at 918-369-4335. We offer security audits and solutions for any breaches in your current security infrastructure.
October 21st, 2013
The security of data is extremely important for any business. The loss of data by any means can mean you’re unable to do business, or you’ve put your customers at risk. Sharon Florentine, of CIO, has a list of some common security risks and how to deal with them.
Smartphones are constantly being left behind in airports, coffee shops and bars. Laptops and tablets are the prime targets for thieves. When these devices have access to vital company data, or store data themselves, it becomes a serious problem. To combat it, back-up everything so you’ll still have access to it when that device disappears. Also, be sure to put protection in place so you can remotely wipe the device of any potentially harmful information.
Bring Your Own Device refers to employees using personal devices to access the company network and company files. This becomes a security headache because most individual’s fail to put proper security in place on their devices, and the devices might be infected with malware, which can then infect the entire network. Limiting employee access to certain files when on their own device is important. Ensuring that each employee has proper security in place on their devices is as well.
Without the proper protection in place, traffic from your network, or to your website, could be redirected through someone else’s server. This would allow that third party to collect data. For your most vital files and applications, create lists of authorized users, devices and IP addresses so no one else is able to access them.
There are unfortunately a number of ways to lose valuable data. Whether a device is physically stolen, or digitally compromised, you need to plan ahead for disaster.
Geek Rescue has the tools to help secure your company data, and recover and restore lost data. Call us at 918-369-4335 to improve your company’s cyber security.
October 21st, 2013
A lot of attention has been paid to Google’s recent changes. From their Hummingbird update of their search algorithm, and encrypting searches, there’s been no shortage of headlines about the search giant’s actions. Their latest move, however, isn’t about improving their own site. Instead, it’s an attempt to improve security for smaller, at risk sites.
Lorenzo Franceschi-Bicchierai, of Mashable, reports that Google has launched ‘Project Shield’, which allows small websites to offer content through Google’s infrastructure to keep them from being taken down by Distributed Denial of Service attacks.
A DDoS attack is a cyber attack that attempts to shut down a website by overloading it with malicious traffic. The traffic is impossible to block because it originates from thousands of individual, compromised machines.
With Project Shield, Google is trying to help individually owned websites that serve a public good in so-called “high risk conflict zones”. These would include Syria, Egypt and any country where the internet is controlled by the government.
In such countries, governments have used DDoS attacks in the past to take down certain websites. One example of this is a Syrian website set up by an activist to track scud missiles. The Syrian government used a DDoS attack to knock the site offline in July.
With it’s own DDoS prevention measures and an offering to serve content through Google’s resources, Project Shield is hoping to protect these types of sites, which are usually operated by small human rights organizations without the means to protect themselves.
Google is currently accepting applications to be “trusted testers” from sites that feel they deserve Project Shield’s protection.
For businesses in the US, Google is not offering such protection, but DDoS attacks and other cyber threats remain a serious concern. To improve your company’s security, contact Geek Rescue. We offer a variety of security solutions to keep you safe from attacks. Call us at 918-369-4335.
October 18th, 2013
Everyone has heard warnings about the dangers of spam. The term ‘spam’ is pretty general, however. The best way to stay protected from it is to understand what it looks like and avoid it.
A post on the All Spammed Up blog breaks down the different types of spam and the tell-tale signs of each.
Not all types of spam are malicious in nature. Some emails that end up in your spam filter are examples of overzealous marketing. They’re usually from a trusted company that you’ve given your email address to at one time or another. There’s a reason they’ve been marked as spam, however. That’s either because their marketing messages come far too often, or they offer little to no value. Whether these are arriving in your inbox or spam folder, you’ll probably want to unsubscribe.
This type of spam isn’t from reputable companies but is hocking some sort of product. Usually it’s supplements, education or financial services. They’re sent out in bulk and not personalized to a single user. Usually, you’ll even be able to tell that there’s a long list of email addresses listed as recipients. These are sent out by individuals who get money each time someone clicks the links in the emails or signs up for the products offered. The products are worthless, if they exist at all. If one of these arrives in your inbox, mark it as spam and move on.
This type of spam email attempts to steal information from users. Many have malware attached to them, or direct you to a malicious website that will download malware to your machine. They use social engineering to convince you to give up information like account log-ins and passwords. There are more specific attempts called spear phishing, that target small groups of people in order to obtain specific information. These types of attacks will appear to know a great deal about you. In order to avoid these scams, it’s a good idea not to follow links provided in emails and never download attachments unless you are expecting them from a trusted source.
This is similar to phishing and can even be combined with a phishing scam. An email arrives claiming to be from a legitimate source that you have an account with, like Facebook, Verizon or even a credit card company. It usually tells you there’s a problem with your account and you need to log-in by following the link provided. This link will take you to a different site where your log-in information will be recorded and used to hack your account. Again, don’t follow links provided in emails. If you want to check out the legitimacy of an email, go to the source’s site directly, or call them. Also, check the sender’s email address. A representative of Facebook, for example, will have an email ending in @Facebook.com. Many of these scammers have email addresses like FacebookHelp@ccvs.com.
Knowing what to look for is key to avoiding email scams. Improving the security on your email and your computer are also important.
For help bolstering your cyber security, either at home or at the office, contact Geek Rescue at 918-369-4335.
October 17th, 2013
Nearly every day, there’s a new report about a corporation being hacked and experiencing downtime or losing account information for thousands of customers. These attacks and the subsequent fallout are incredibly costly. Debbie Cohen-Abravanel, of Seculert, reports that network security for most businesses is shockingly lacking and it allows targeted attacks to easily slip past defenses.
Spear phishing, SQL injections and cross-site scripting are fairly basic attacks that have been surprisingly successful recently. Hackers have been able to spot weaknesses in security and attack them with these basic tactics. This makes attacks much less labor intensive for criminals, which in turn makes them much more attractive.
Some suggestions for closing up potential holes in security are :
- Keep all software, not just antivirus programs, updated.
- Perform an audit on server login security.
- Regularly delete unused and unnecessary browser plug-ins.
- Enable “click-to-play” in browsers to protect from drive-by attacks.
- In Microsoft Office, disable ActiveX.
These measures won’t keep you completely secure, but they do fix common weaknesses in a company’s security. A more serious investment in security goes a long way to protecting you against attacks. Hackers are usually looking for easy exploits, so if your security is difficult to by-pass, most criminals will move on to an easier target.
For help improving the cyber security at your home or office, contact Geek Rescue.
October 17th, 2013
Passwords are a constant object of concern for security experts. We’ve used this space previously to talk about the potential weakness of passwords to protect your online accounts. Robert Lemos, of Dark Reading, reports that the habits of users creating easily guessed passwords and an upgrade in hackers’ capabilities for breaking them have made password protection increasingly weak.
When creating passwords, even seemingly strong ones that include upper and lower case letters, numbers and symbols, most users still use similar passwords so they’re more memorable. This use of mnemonics makes passwords predictable.
Hackers have tools capable of brute force password guessing. These programs guess billions of possible password combinations until they’re able to gain access to an account. Some top of the line programs can guess about 1-billion passwords per second.
When a user’s password is predictable because of recurring habits, hackers are able to make intelligent assumptions about what your password will look like. That narrows down their list of possibilities considerably, making their password guessing tools even more effective.
Add that to how many websites don’t have ample security on their customers’ passwords. There have been multiple examples over the past year of hackers stealing huge lists of passwords in one attack. This not only gives them access to those accounts, but also gives them real world examples of the types of passwords typically being used.
These brute force attacks are actually fairly rare. Most criminals won’t take the time to launch an attack against a single account. For that, they prefer to use phishing scams and social engineering to get users to send them their passwords unknowingly.
Having a secure password is still important, but it’s even more important to understand where secure passwords will do you the most good. For example, banking sites usually put the most security on their users’ passwords and they’re very rarely compromised. Using a secure password for your bank account is a given, but you want to be sure not to re-use that account on a less secure site. That’s how many bank website’s are compromised. A user will use the same password on a site that isn’t very secure, then a hacker will steal a large number of passwords from the unsecure site and use them on more secure sites.
Using a password manager is one way to enable you to use unique passwords for each account, but never have to worry about forgetting them. However, even this method is hackable.
Although it’s probably impossible to be completely secure, avoiding phishing scams and social engineering and having strong passwords in place will serve you well.
For more information about how to keep your accounts and your computer safe, contact Geek Rescue. We not only fix devices that aren’t working right, we also protect them against future attacks.
October 16th, 2013
Cloud computing has been hailed as a great innovation that changes the way we do business. It’s not without its flaws, however. There have been a number of well-publicized exploits of public cloud systems over the past few months. Tom Scearce, of Data in Motion, suggests that, while storing some files in the cloud is a great idea, there are a few types of files that aren’t worth the risk.
- Financial and Legal Information
Many businesses store tax records or bank account information in the cloud because it’s always accessible, but doesn’t take up storage space on a physical drive or server. What happens, though, when a hacker is able to access the cloud? Suddenly, your most critical documents are available to a third party. Despite the supposed advantages, storing this type of information on a public cloud is ill-advised.
Security experts advise you to create a strong, unique password for each of your online accounts. That adds up to more passwords than most can remember. Storing your password on the cloud seems like a great solution, but once again, the lack of security could give a criminal access to all of your accounts. Even LastPass, which is hailed as the industry standard password manager, has experienced exploits.
- Employee and Customer Data
Your human resources department has collected social security numbers, tax and financial information from your employees. You’ve also collected credit card numbers from customers. Where should you store all of this information? If you decide to keep it on a public cloud, you’re asking for trouble. While losing control of this data might not directly impact your business, there are liability and credibility issues at stake.
- Presentations and other Time Sensitive Files
The other concern, besides security, with the cloud is availability. One of its advantages is the ability to access and share files from anywhere with an internet connection. There are outages and downtime, however. If there’s a file you absolutely have to have at a certain time, it’s best to keep it off the cloud.
There are other options available for these and other types of files that aren’t a good fit for cloud storage. Rather than using public cloud services like Dropbox and Google Drive, consider investing in a private cloud. Not only will that improve security, but you’ll also be able to directly contact your hosting company if there’s any downtime.
Geek Rescue offers a variety of cloud based solutions. Call us to find out how cloud computing can help you do business better.
October 15th, 2013
Spam and other malicious email threats are a steadily growing problem, but some recent headlines suggest that spam email is actually on the decline. In a post on the All Spammed Up blog, the author notes that these headlines are inaccurate due to a flaw in their researching methods.
One reports claims that 68-percent of all email traffic in August was unsolicited, or spam, emails. That still looks like a daunting number, but it’s actually a decrease of more than 3-percent from previous months. These numbers aren’t wrong, but they only take into account spam emails that are caught by spam filters. As any experienced email user knows, there are still plenty of other threats that end up in their inbox.
In actuality, phishing scams went up by 10-times since August of 2012 and emails containing malicious attachments were 2.5 times higher. These threats are even more dangerous because they’re able to by-pass many spam filters and appear with trusted messages in the inbox.
Rather than email becoming safer, the true message is that spam is getting smarter. Hackers study the way typical spam filters work, then design their malicious emails to get around them. This will prompt an update to spam filters, which will be countered by a change in hackers tactics and on and on.
The other issue with claims that spam is on the decline is that it ignores spam outside of email. SMS spam sent to users’ smartphones is becoming more of a problem. Spam messages over social media like Facebook and Twitter has been a successful endeavor for hackers and is reportedly up 355-percent in the first half of 2013. These new threats don’t show that email is being forgotten by criminals, but instead shows that email is not the only target.
Spam and other malicious attacks are a profitable business so cyber criminals won’t be slowing down their efforts any time soon. For help improving the security on your computer, smartphone, tablet or other device, contact Geek Rescue.
October 15th, 2013
Keeping your data private while surfing the web is a challenge, regardless of what device you’re using. A recent study conducted by at Stanford reveals that mobile devices in particular present a unique challenge because of their sensors.
Security researchers at Stanford were able to uniquely identify smartphones based on their accelerometer. James Temple writes on the SFGate blog that other sensors included on most smartphones would be similarly vulnerable to tracking.
The accelerometer aids smartphones in a variety of functions. Most notably, it is how your smartphone recognizes when you have it turned vertically, for portrait mode, or horizontally, for landscape display. When your phone is sitting still, the accelerometer is still active. It has a reading of numbers representing its current location in space. For example, if your phone is resting on a table, it should have a reading of 1 when it’s face up and -1 when it’s face down. However, that’s not actually the case.
Each smartphone has tiny defects that are unavoidable. They make the accelerometer’s readings off by minuscule amounts so instead of 1 and -1, you’ll actually get something like 1.103234 and -.823432.
Since every smartphone is slightly different in its accelerometer readings, those readings can be used to uniquely identify each device. Without you even knowing it, a website you visit on your mobile browser could capture your accelerometer readings and use them to track your actions online.
The Stanford research team compared accelerometers’ readings to cookies. Many websites save files called cookies to your device so they can identify you and target you with specific ads or other actions.
Your smartphone has other uniquely identifiable quirks as well. Each device’s microphone is also different, so fingerprinting is similarly possible. Radio signal inaccuracies have also been used to identify users and their devices.
The use of these tracking methods could be to market relevant products to you or something more sinister. The challenge for security experts is to determine how best to combat these tactics since they don’t require downloading malicious programs or any actions from the user.
To improve the security on your mobile device or desktop PC, call or come by Geek Rescue. We not only offer a variety of security solutions, but we also fix your devices that aren’t working correctly. Call us at 918-369-4335.
October 10th, 2013
Phishing scams are attempts to trick users to give out personal information so hackers can then use it to break into accounts and steal their identities. Most phishing scams start with an email that directs users to a website where they’er asked for information like their phone number, physical address and even social security number or banking information. There are a number of tell-tale signs of a phishing email, which makes many people believe they could never fall for one. As Sam Narisi of IT Manager Daily reports, a recent study by the Polytechnic Institute of New York suggests otherwise.
The study consisted of 100 science and engineering students. The students were given a personality test and asked about their computer use and proficiency. The researchers then anonymously sent a phishing scam to their personal accounts. The email included the usual signs of a scam, including misspellings and other errors. Still, 17 students fell for it and willingly gave out personal information.
What this study uncovers is that everyone is at risk to become a victim of a phishing scam. Due to social engineering when developing these scams, and a carelessness by users, even the most educated individual could still be a victim.
This extends to other threats, like malware, that infect your system through careless user actions. When a user isn’t extremely cautious online, bad things happen. This is costly for users on their personal computers at home, but it’s a huge risk for businesses who have to safeguard their entire network from numerous careless users.
Education is a great place to start to protect yourself and your office. Knowing what to look for in a potential cyber threat is important, despite the results of the study. Additional security measures also need to be put in place, however, with the knowledge that, eventually, someone is going to click on the wrong link.
To improve the security on any of your devices, at home or at the office, contact Geek Rescue at 918-369-4335.
