October 22nd, 2013
The Domain Name System, or DNS, is an essential part of the internet. To oversimplify, it associates domain names, or the name of a website, to the numerical IP address. This makes it much easier to navigate the web.
Robert Lemos,. of Dark Reading, explains how DNS services can be used to secure your company’s network through the cloud.
Rather than having to store DNS servers in-house, which requires a large budget, using a third party cloud service offers similar flexibility and increased security features.
There are many forms of malware that can be detected or stopped with DNS services. Recently, a banking Trojan was discovered used an algorithm to generate random domain names and communicate with other servers. Some malware is able to change the IP address associated with a domain, which causes all sorts of problems. In both cases, a cloud DNS service would be able to detect the malware’s actions.
Mobile users won’t be protected when DNS servers are being run on internal servers. DNS services on the cloud are able to protect mobile users, which comes in handy when employees are using their own devices. Even outside your company’s network, there’s still security in place.
Using internal servers for DNS services isn’t possible for most small businesses. Fortunately, there are a number of features cloud based DNS services offer that internal servers can’t.
For help setting up cloud based services, or to find out more about the cloud’s capabilities, contact Geek Rescue at 918-369-4335.
October 21st, 2013
The security of data is extremely important for any business. The loss of data by any means can mean you’re unable to do business, or you’ve put your customers at risk. Sharon Florentine, of CIO, has a list of some common security risks and how to deal with them.
Smartphones are constantly being left behind in airports, coffee shops and bars. Laptops and tablets are the prime targets for thieves. When these devices have access to vital company data, or store data themselves, it becomes a serious problem. To combat it, back-up everything so you’ll still have access to it when that device disappears. Also, be sure to put protection in place so you can remotely wipe the device of any potentially harmful information.
Bring Your Own Device refers to employees using personal devices to access the company network and company files. This becomes a security headache because most individual’s fail to put proper security in place on their devices, and the devices might be infected with malware, which can then infect the entire network. Limiting employee access to certain files when on their own device is important. Ensuring that each employee has proper security in place on their devices is as well.
Without the proper protection in place, traffic from your network, or to your website, could be redirected through someone else’s server. This would allow that third party to collect data. For your most vital files and applications, create lists of authorized users, devices and IP addresses so no one else is able to access them.
There are unfortunately a number of ways to lose valuable data. Whether a device is physically stolen, or digitally compromised, you need to plan ahead for disaster.
Geek Rescue has the tools to help secure your company data, and recover and restore lost data. Call us at 918-369-4335 to improve your company’s cyber security.
October 18th, 2013
Everyone has heard warnings about the dangers of spam. The term ‘spam’ is pretty general, however. The best way to stay protected from it is to understand what it looks like and avoid it.
A post on the All Spammed Up blog breaks down the different types of spam and the tell-tale signs of each.
Not all types of spam are malicious in nature. Some emails that end up in your spam filter are examples of overzealous marketing. They’re usually from a trusted company that you’ve given your email address to at one time or another. There’s a reason they’ve been marked as spam, however. That’s either because their marketing messages come far too often, or they offer little to no value. Whether these are arriving in your inbox or spam folder, you’ll probably want to unsubscribe.
This type of spam isn’t from reputable companies but is hocking some sort of product. Usually it’s supplements, education or financial services. They’re sent out in bulk and not personalized to a single user. Usually, you’ll even be able to tell that there’s a long list of email addresses listed as recipients. These are sent out by individuals who get money each time someone clicks the links in the emails or signs up for the products offered. The products are worthless, if they exist at all. If one of these arrives in your inbox, mark it as spam and move on.
This type of spam email attempts to steal information from users. Many have malware attached to them, or direct you to a malicious website that will download malware to your machine. They use social engineering to convince you to give up information like account log-ins and passwords. There are more specific attempts called spear phishing, that target small groups of people in order to obtain specific information. These types of attacks will appear to know a great deal about you. In order to avoid these scams, it’s a good idea not to follow links provided in emails and never download attachments unless you are expecting them from a trusted source.
This is similar to phishing and can even be combined with a phishing scam. An email arrives claiming to be from a legitimate source that you have an account with, like Facebook, Verizon or even a credit card company. It usually tells you there’s a problem with your account and you need to log-in by following the link provided. This link will take you to a different site where your log-in information will be recorded and used to hack your account. Again, don’t follow links provided in emails. If you want to check out the legitimacy of an email, go to the source’s site directly, or call them. Also, check the sender’s email address. A representative of Facebook, for example, will have an email ending in @Facebook.com. Many of these scammers have email addresses like FacebookHelp@ccvs.com.
Knowing what to look for is key to avoiding email scams. Improving the security on your email and your computer are also important.
For help bolstering your cyber security, either at home or at the office, contact Geek Rescue at 918-369-4335.
October 15th, 2013
Spam and other malicious email threats are a steadily growing problem, but some recent headlines suggest that spam email is actually on the decline. In a post on the All Spammed Up blog, the author notes that these headlines are inaccurate due to a flaw in their researching methods.
One reports claims that 68-percent of all email traffic in August was unsolicited, or spam, emails. That still looks like a daunting number, but it’s actually a decrease of more than 3-percent from previous months. These numbers aren’t wrong, but they only take into account spam emails that are caught by spam filters. As any experienced email user knows, there are still plenty of other threats that end up in their inbox.
In actuality, phishing scams went up by 10-times since August of 2012 and emails containing malicious attachments were 2.5 times higher. These threats are even more dangerous because they’re able to by-pass many spam filters and appear with trusted messages in the inbox.
Rather than email becoming safer, the true message is that spam is getting smarter. Hackers study the way typical spam filters work, then design their malicious emails to get around them. This will prompt an update to spam filters, which will be countered by a change in hackers tactics and on and on.
The other issue with claims that spam is on the decline is that it ignores spam outside of email. SMS spam sent to users’ smartphones is becoming more of a problem. Spam messages over social media like Facebook and Twitter has been a successful endeavor for hackers and is reportedly up 355-percent in the first half of 2013. These new threats don’t show that email is being forgotten by criminals, but instead shows that email is not the only target.
Spam and other malicious attacks are a profitable business so cyber criminals won’t be slowing down their efforts any time soon. For help improving the security on your computer, smartphone, tablet or other device, contact Geek Rescue.
October 10th, 2013
Phishing scams are attempts to trick users to give out personal information so hackers can then use it to break into accounts and steal their identities. Most phishing scams start with an email that directs users to a website where they’er asked for information like their phone number, physical address and even social security number or banking information. There are a number of tell-tale signs of a phishing email, which makes many people believe they could never fall for one. As Sam Narisi of IT Manager Daily reports, a recent study by the Polytechnic Institute of New York suggests otherwise.
The study consisted of 100 science and engineering students. The students were given a personality test and asked about their computer use and proficiency. The researchers then anonymously sent a phishing scam to their personal accounts. The email included the usual signs of a scam, including misspellings and other errors. Still, 17 students fell for it and willingly gave out personal information.
What this study uncovers is that everyone is at risk to become a victim of a phishing scam. Due to social engineering when developing these scams, and a carelessness by users, even the most educated individual could still be a victim.
This extends to other threats, like malware, that infect your system through careless user actions. When a user isn’t extremely cautious online, bad things happen. This is costly for users on their personal computers at home, but it’s a huge risk for businesses who have to safeguard their entire network from numerous careless users.
Education is a great place to start to protect yourself and your office. Knowing what to look for in a potential cyber threat is important, despite the results of the study. Additional security measures also need to be put in place, however, with the knowledge that, eventually, someone is going to click on the wrong link.
To improve the security on any of your devices, at home or at the office, contact Geek Rescue at 918-369-4335.
October 7th, 2013
As previously mentioned, antivirus programs can’t be expected to fully protect your computer. Hackers produce hundreds of thousands of new malware every day and even the most up to date security software can’t possibly keep up.
That’s why it’s important to do your part and keep your machine out of harms way as much as possible. Shay Colson, of Information Space, has some tips on how to avoid malware and other potential threats online.
Just as in the forest it’s important to watch where you step, online it’s important to watch where you click. Most malware is downloaded to a computer when the user clicks on something they shouldn’t have. Particularly when you’re on a less reputable website, it’s important to avoid clicking on ads or links as much as possible. Also, make sure any security software you have installed is up to date. That way, if you do encounter malware, you’ll have the best chance of having it detected before it does any real damage.
The simple solution for making all of your accounts online more secure is to improve your password. Make sure it is 8-characters or longer and includes both upper and lowercase letters, numbers and symbols. Some advocate using your least secure passwords for throwaway accounts, medium passwords for social media, but if you want to avoid a potential hacking, use unique, strong passwords for each account. Using all of those different passwords can get confusing, so it’s also a good idea to use a password manager.
Almost everyone makes purchases online. It’s a good idea to use a credit card, rather than a debit card, however, since it’s easier to dispute fraudulent charges on a credit card. Most eCommerce sites give you the option to save payment information for your next purchase. This is a time saver, but it puts your account information at risk. It’s much better to enter your card number each time than have it available to anyone who gains access to your account.
Your mobile device also has access to sensitive data. Keep it safe by utilizing the lock screen. As seen with an iOS bug that allowed users to bypass the fingerprint scanner, or Android’s notoriously easily hacked lock, this doesn’t fully protect your device. However, it offers some protection and is easy to use. Also, be sure to enable services to remotely disable and wipe your phone in case it’s stolen. Both Apple and Android offer this service. It’s extremely useful in keeping your data out of a criminal’s hands.
These tips keep your information safe without installing additional security software. However, you should always have antivirus programs and other security in place. To improve the security on any of your devices, contact Geek Rescue at 918-369-4335. We also remove viruses and other malware from infected machines.
October 7th, 2013
It seems like everyday there’s a new story about a major company or website that’s been hacked or attacked by malware. Many times, as Steve Johnson of the San Jose Mercury News reports, these attacks stem from initial infections that slip past security software and remain undetected for days, weeks or even months.
The New York Times recently encountered 45 pieces of malware that had remained on their computers for about 4-months. Only one of those was detected by their antivirus protection. Security company Kaspersky reported that a global malware attack that stole individual’s data had eluded antivirus software for five years.
Globally, an estimated $8.4-billion is expected to be spent on antivirus software alone this year. So why doesn’t it offer better protection?
The reason is in the sheer volume of malware being produced. Kaspersky finds 200-thousand new pieces of malware every day, which means there are likely several thousand more being produced each day that avoid detection. That number is up significantly from only 700 piece of malware daily in 2006 and 7-thousand in 2011.
Keeping antivirus programs updated protects you from known threats, which means you’re safe from the majority of the malware that’s out there. However, there are varieties of malware that have been produced, but not yet discovered that pose a significant threat.
In addition to the unknown malware is new techniques by hackers that disables antivirus products all together. Security software is continually getting smarter to protect against these hacks, but it’s an uphill battle.
One way security is improving is to expand the capabilities of antivirus programs. Rather than scanning systems for known malware, they’re able to scan for suspicious behavior from any program, whether it is suspected of being malware or not.
Unfortunately, creating malware is a big, lucrative business. Security software will always be behind the curve in keeping up with new ways for hackers to attack your computer. To stay safe, it’s important to practice safe surfing. Be careful of what you download to your computer, don’t open emails you suspect to be spam and don’t click suspicious looking links.
Even though antivirus programs can’t offer impenetrable security, it is still vital to have updated security in place. To improve the security for your computer at home or at the office, call Geek Rescue at 918-369-4335. If you think you’ve already been infected with malware, we fix that too.
October 4th, 2013
More than half of all smartphone users are using an Android device. Unfortunately, that has made Androids a target for hackers, who are starting to produce more malware for the mobile operating system.
Besides adding security software to your phone, one way to stay safe is to identify potential risks. Sam Narisi, of IT Manager Daily, has a list of some of the most common.
Many Android users don’t enable a lock on their phone at all, which means there’s no security if their phone is lost or stolen. Even those that do use either a pass code or pattern lock don’t get much benefit. The Android lock setup is notoriously leaky and easy to break.
Unlike iPhones, Androids have no built-in option to automatically regularly backup their data. If your phone is infected with malware, you run the risk of losing pictures, videos and more in order to remove it. There are apps available to perform backups, however.
You’ll also need to install a third part browser in order to stay safe when using the internet. The native Android browser has no option to only allow secure sites. This puts you at significant risk of a malware infection.
Adding security apps to close up potential risks is a great idea, but you need to cautious about which apps you download. Many claiming to be anti-malware apps are actually viruses or malware themselves.
Protecting your smartphone is just as important as protecting your computer. In many cases, your smartphone will be in much more dangerous situations because it connects to unprotected WiFi and security is naturally lower.
If your smartphone is infected with malware, or if you’d like to improve the security on any of your devices, contact Geek Rescue at 918-369-4335.
October 4th, 2013
A troubling trend is growing for the creators of malware. More and more malicious programs with legitimately signed digital certificates are being discovered. As Ellen Messmer, of Tech World, reports, this makes malware more likely to slip past security provisions and infect a computer or network.
Security company McAfee starting seeing a significant amount of malware with legitimate certificates in 2010 when they accounted for about 1.3-percent of all malware. That has risen steadily to more than 6-percent now. That actually signifies a huge increase in the sheer number of malware with legitimate certificates since the amount of pieces of malware is estimated to double each year.
This is a problem for mobile users as well. About 24-percent of all malware for Android devices has a legitimate certificate.
These certificates are used to verify that the programs they’re attached to come from a reputable source. There are only a few companies able to sign these certificates and, in the past, many malware programs were using fake or stolen certificates. Now, it seems that hackers have been increasingly successful at obtaining legitimate certificates and using them for multiple pieces of malware.
Many of these certificates were seen attached to malware used in a specifically targeted attack. Hackers knew the type of security being used and used a certificate that would allow the malware to be undetected.
An option available to deal with this growing threat would be to a service in place that would check the “reputation” of a certificate. Those that are being used to by a large number of programs would alert the system to the possibility of malware. As one security expert notes, however, that would only force hackers to obtain a new certificate for each piece of malware, not stop the threat entirely.
Using safe browsing techniques and being extremely cautious about what you download to your computer are the best tactics to take to keep you safe from malware infection. To improve your security, or to check and clean any malware currently on your machine, contact Geek Rescue at 918-369-4335.
October 3rd, 2013
There are plenty of articles online about how to improve your own cyber security. Because there are so many, it’s easy to get lost or overwhelmed reading about tactics that provide little help.
Mark Stockley, of Naked Security, suggests concentrating only on the essentials. Here are three things that every home should do to immediately make a significant impact on their cyber security.
- Regularly update security software
Most likely, there is already an antivirus program on all the computers in your home. Those antivirus programs, and other security software, is only effective if they’re continuously updated, however. New forms of malware are issued daily and hackers are constantly inventing new ways to attack your machine. The only way to come close to keeping up is to install updates as soon as they’re available.
If there’s a wireless router in your home, the first thing to do is to protect it with a strong password. After that, check to find out what type of security it’s set to. You want to protect your router with WPA or WPA2. This stands for ‘WiFi Protected Access’ and are considered the best way to protect your router. The other option is WEP, which has been determined to be inferior.
The key to creating a strong password is to make sure it contains both upper and lowercase letters, numbers and symbols. Longer passwords are better so try to shoot for 8-characters or more. Even with a strong password, the chances of your account being hacked is greatly increased if you use the same password for multiple accounts. Using a strong, unique password for each account is the best security tactic. If you think you’ll have trouble remembering all of those different passwords, consider using a password manager, which are available online and encrypt all your passwords behind one master password.
These three tips won’t make your security completely impenetrable, but are all vital steps to take. If your security is missing any of these, you are at risk of a malware infection or worse.
To improve your security, or to clean malware and viruses off your machine, contact Geek Rescue at 918-369-4335.