February 26th, 2014
It’s common knowledge that computers need to be protected with antivirus programs and other security tools to keep from being infected with malware and attacked by other means. Very little attention is given to protecting a router, however. Wireless routers have become common. A decade ago, many homes used wired connections to the internet, but with the rise of mobile devices came the rise in demand for wireless internet. The more devices are connected to a router, however, the more valuable a target it is for attackers. As many as 70-percent of these routers contain vulnerabilities and suffer from a lack of security. These factors explain why attacks on routers have been steadily increasing over the past year.
So, what’s at stake if your router is attacked? A compromised router allows a third party inside your firewall. From there, they’re able to monitor all activity and data being sent through the router. Emails, log-in credentials, credit card information and more is available to be intercepted and monitored. Steve Bell at the BullGuard blog published a few ways to improve your router’s security.
Just as it’s important to keep your computer’s operating system and antivirus program updated, it’s important to regularly check for router updates as well. Updates to the firmware may not be automatically pushed to your router, even if the update is able to eliminate a serious security vulnerability. That’s why it’s vital that you regularly check with the manufacturer’s website to see if any recent updates have been created.
The lack of security for most users browsers comes from a simple lack of knowledge of the device’s capabilities. Many routers come with an option to encrypt data, but it may not be turned on by default. Be sure to read through your router’s manual or browse through the settings to find useful security tools.
A quick look through settings can not only allow you to enable more robust security on your router, but it also can help you avoid attacks. The first change you need to make after setting up your router is to choose a new name, which is also called a service set identifier, or SSID. You’ll also want to change the password. Routers are sent out with default names and passwords. Attackers know these typical passwords because manufacturers use the same ones over and over. Changing them immediately improves security.
Router attacks are difficult for typical users to detect. That opens the possibility that a criminal could be monitoring your activity through a compromised router for months. To avoid that, you’ll want to take the necessary security precautions.
If you’d like help setting up a secure wireless network, or have been the victim of an attack, call Geek Rescue at 918-369-0745.
February 14th, 2014
There are a number of advantages to becoming a more mobile business. Employees are able to access data from virtually anywhere, which can make them more productive and give them access to vital information when meeting with clients. It’s also much easier for them to collaborate with others. There’s also the bring your own device trend that allows employees to integrate their own mobile devices into their work. All of these allow for more productivity and connectivity, but they also all introduce new security concerns. At Network World, Ed Tittel lists some best practices all business owners should be familiar with for dealing with mobile security.
With more smartphones being used worldwide and more valuable data being accessed with them, it stands to reason that they’re becoming a more valuable target for criminals. Attacks have been observed on both iOS and Android devices. For devices that are used to access company data, you can’t afford to let them connect to your network without proper security apps in place.
Typically, mobile communications are relatively easy for hackers to intercept. That’s why most experts recommend the use of a VPN, or virtual private network, to encrypt all communications between mobile devices and company servers. Cloud storage and an employee’s smartphone may both be properly protected, but when data is transferred between them there exists a vulnerability. Using a VPN eliminates that threat.
If a device is used to access company data, it should be secured with multiple forms of authentication. It goes without saying that smartphones should require a password to unlock, but newer devices also allow for fingerprint scanning or even facial or vocal recognition. In addition, companies need to plan ahead for cases when devices are lost or stolen. The ability to remotely lock and wipe lost devices is vital to security.
Once an employee begins using their mobile device for work, they lose the ability to use whatever software they choose. There must be some consideration to the security of the device and the company’s data. Completely blocking the downloading and using of third party software is one way. Another is to allow exceptions once IT or management is informed that an individual wants to download a third party application and it’s been cleared.
If you feel that you’ve put all the necessary precautions into place, you need to test to make sure there are no penetration points you’ve missed. How else will you be sure that your company’s data is protected from threats? Regular testing allows you to find vulnerabilities before the criminals do.
For help with the security at your business, contact Geek Rescue at 918-369-4335.
February 12th, 2014
Office 365 contains vital tools for businesses of any size. With so many companies relying on Microsoft’s applications, there’s a need for improved security to protect valuable data. As Alexandra Gheorghe reports for Hot For Security, Office 365 users will now be using two-factor authentication to keep the data used within applications safer.
Previously, data being stored in the cloud through Office 365 was protected only by a password, except for those users with administrative roles who have had access to two-factor authentication since June. Now, all users will have be able to use the enhanced security.
Before you are able to log-in, users will need to correctly enter their password, then use a separate, one-time code that’s sent to them via text message or app notification on their smartphone. Users also have the option of having Microsoft call their smartphone or office phone and simply hitting pound to authenticate. This will verify the device being used to access Office 365. To access your account from another device, the authentication process would have to be used again.
Two-factor authentication isn’t foolproof. Attacks that successfully compromised two-factor systems have already been observed in the wild. But, it’s considered much more secure than using a password alone. Since the aim is to protect data stored in the cloud, protecting it from remote access by unknown sources is important.
While two-factor authentication is not yet available for desktop applications, Microsoft is adding App Passwords to offer additional security for those users.
For help implementing Office 365 at your business, or for help improving your security infrastructure, call Geek Rescue at 918-369-4335.
January 9th, 2014
Two-step, or two-factor authentication is a generally trusted way to secure online accounts to ensure that only the account holder can access them. A recent hack on Blizzard’s World of Warcraft online game has exposed a vulnerability many had previously overlooked, however. Antone Gonsalves at Network World details how the attack took place and how it can be prevented in the future.
Two-step authentication requires a user to log-in to their account with their username and password. Then, a second passcode or PIN is supplied to users via text message, email or other means. That second code must also be input to give users access to their accounts. This two-step method is used to verify users anytime they use a new device to log-in.
It seems like a foolproof method for keeping hackers out of accounts that don’t belong to them, but the recent World of Warcraft hack demonstrated how a ‘man-in-the-middle’ attack provides a way around two-step authentication.
First, a trojan infected users on a popular online forum related to World of Warcraft. That trojan allowed for a man-in-the-middle attack, which allows criminals to intercept data and information a user believes they’re entering into a website. In this case, users attempted to log into their accounts using two-step authentication, but were really only giving hackers the information they needed to break into the accounts themselves. This also locked the actual users out of their own accounts.
Similar attacks have been observed on banking sites, where two-step authentication is also commonly used. Experts say these attacks highlight the weakness of most two-step authentication methods, which is the use of in-band authentication or using the same channel to input all information.
Because users are asked to enter their username, password and original generated code at the same time, over the same channel, it makes man-in-the-middle attacks extremely effective. Instead, experts suggest sites use two separate channels. For example, log-in to your account online with your usual information, then users would be prompted to enter a one-time PIN into a mobile app on their smartphone. Another suggested method is to send automated text alerts to users when someone tries to log-in using their information. If the IP address or geographic location doesn’t match their own, users would be able to reject the log-in attempt.
The lesson for users and businesses alike is that even two-step authentication doesn’t keep accounts completely secure. Hackers are getting more intelligent in their attacks all the time and technology that was once thought unbreakable now has vulnerabilities.
If your computer is infected with malware, or you’d like to investigate better security methods for home or business, call Geek Rescue at 918-369-4335.
January 8th, 2014
For many of your online accounts, a password is the only thing keeping criminals out. This makes users incredibly reliant on passwords, but many still make mistakes when choosing one. Kirsten Dunleavy at the Bullguard blog explains “the password management paradox” and how to best choose your passwords.
The best practice for securing each of your accounts is to choose a unique password for each of them. This way, if one account is hacked, your other accounts are still safe and secure. If you use the same password for multiple accounts, one account getting hacked could give a criminal access to all of your information. The issue associated with creating unique passwords, however, is that users can’t remember all of them. This is the paradox of password management because if you can’t remember your passwords, it makes them less secure. Users take actions that weaken the strength of passwords like writing them down, or storing them unencrypted, continuously having to have passwords emailed to them or reset by admins or ignoring a prompt to update an old password.
You need to use different passwords for each account, but you can still use some tricks to help you remember them. Using memorable phrases for each account is one way, but unless that phrase applies directly to the account, it might be hard to keep track of which password goes with which site. Another way is to pick one, strong password and then alter it based on what site you’re using it with. So, the first seven or eight characters of every account might be the same, but the last few characters are specific to that account. Maybe add Y!00 for Yahoo accounts or GO0 for Google accounts. Whatever trick you use, remember that it’s important to use upper and lower case letters, numbers and symbols in each password.
Users’ many problems with passwords has led to the rise of password managers. These services are often free and will store all of your passwords for you. Many will even offer to log-in to stored accounts automatically when you visit the corresponding website. So, you can make each password strong and unique and not have to worry about forgetting them. Your passwords are encrypted and stored behind one master password. Make this your strongest password and make sure it’s one you’ll remember. Use a long phrase and replace letters with numbers or symbols.
Although biometrics and two-step authentication are both being used more, passwords are going to be the main tool used to secure online accounts for a long time. Make sure that you’re using them effectively.
At Geek Rescue, we specialize in security. To improve security on your computer, at your home or office, or fix the damage of malware or viruses on your machine, call us at 918-369-4335.
January 7th, 2014
Taking charge of access management for your company is a vital step towards better security. Very few members of your organization need access to all of the applications and data on your network and access management ensures that each employee is given access only to what they need. This significantly decreases the likelihood of a data breach and allows you to keep closer tabs on who is accessing data and how they access it.
Cloud computing and the bring your own device trend make data security more difficult than ever before. Effective access management is crucial in tandem with these new technologies. David King of IT Manager Daily published a list of policies all businesses should follow to limit access to critical data and prevent data breaches.
The more employees you have, the more roles change. Communication between departments is important so that when an employee’s role changes, due to a promotion, firing or change in projects, their access changes too. Problems arise from individual users having access to data they no longer need. Especially in the case of workers who are no longer with the company, access changes should be a priority and made immediately.
Staying up to date on who can access what data and how and where they’re accessing it is a big time investment, but it’s necessary. Without regular checks on data access, you’ll be caught unaware when a problem occurs. Many times, warning signs of an impending breach, or at least a potential vulnerability, exist days or weeks before any data is actually stolen. Data being accessed during off-hours or being accessed off-site are warning signs that someone is accessing data that shouldn’t be. They don’t tell you definitively that there’s a problem, but they suggest you should look into the matter.
Part of access management is ensuring that employee accounts are only being used by those employees. Educating workers about the dangers of weak passwords is important. Make sure each employee understands what a strong password consists of and is using one. Also, prohibit the sharing of passwords or inheriting accounts from others. This weakens your efforts to limit access to certain employees and opens loopholes that workers can exploit after they’ve left the company.
Data breaches can be extremely costly to any type of business. Investing in security now can save you later.
For help improving all facets of data security at your company, call Geek Rescue at 918-369-4335.
January 6th, 2014
Even with all of the news stories about the latest hacks, such as Adobe, Snapchat and Target, there are still some individuals who don’t fully grasp what’s at stake. Jose Pagliery of CNN Money explains how much becoming a victim of a cyber attack could cost you.
In the case of the attack on Target, debit and credit card information was stolen. It’s easy to understand why you would want to keep that information out of the hands of criminals. But, this type of attack and fraud usually isn’t as costly as others. That’s because most people pay close attention to bank accounts and credit card bills and will notice anything out of the ordinary. Then, it’s an easy process to report the fraud and cancel the card.
It’s actually much worse for users when their log-in information and passwords are stolen. It doesn’t even have to be an account that houses any valuable information. Because about half of internet users use the same password for multiple accounts, even stealing the log-ins for a message board could lead to a much bigger breach in security. With one password, criminals can find an email associated with that account. They then will try to break into that email and, if successful, can take a number of potentially valuable actions.
Think about all of the old messages still stored in your inbox. Many of those could contain information that a criminal could use to steal your identity or your money. Those old messages could also lead hackers to other accounts you have online, which could allow them access to your social security number, or bank accounts. Even gaining access to your phone account could allow them to order a new device and rack up big charges.
With access to your email, criminals also have access to your contacts. They can send emails with malware attached to try to infect other users. Worse still, they can contact friends and attempt to scam them out of money or information.
There is a seemingly endless list of malicious tactics a criminal can take if they’re able to gain access to just one of your many online accounts. Keeping those accounts and your computer safe is worth your time. You need to use strong, unique passwords for each account you create. If you have potentially valuable information stored in your email, back it up elsewhere and delete it. Keep close tabs on all of your accounts so that you’ll be able to quickly tell if one has been compromised and take the necessary action.
At Geek Rescue, we help improve security for your home or business. We also fix devices with malware infections, broken hardware or any other issues. Come by or call us at 918-369-4335.
December 19th, 2013
If you’re on the ball this holiday season, you’ve probably already completed your online holiday shopping. For those who like to wait until the last minute, there’s still time with expedited shipping to find the perfect gift online. When you do shop online, it’s important to know how to stay protected to avoid scams, malware and identity theft. A post on the 2-Spyware blog details some of the threats to your security and what you’ll need to avoid them when shopping online.
Before you start surfing the web, check to make sure your antivirus program is up to date. You need to update your antivirus often because new malware is introduced every day and updating helps your antivirus identify and protect you from those latest threats. When shopping online, you’re more likely to visit sites you are unfamiliar with while searching for a deal. That makes it more likely you’ll visit a malicious site that’s designed to infect your computer with malware. Ecommerce sites also naturally experience more traffic during the holiday shopping season, which makes them more attractive targets for hackers than other times. This means that even trusted sites may be compromised.
If you’re shopping at sites you haven’t used before, you’ll probably be asked to create an account. It’s important to use a strong password that is long and uses upper and lower case letters, numbers and symbols so it’s difficult to hack. It’s also important not to use the same password for each account you create. Some of these sites may have less security than others, which means if their passwords are stolen and you use identical passwords for multiple sites, a hacker could gain access to all of your accounts.
Where you do your holiday shopping is also important. If shopping from home, make sure your network is secured and you’re using a firewall. Shopping while out and about it tempting, but it isn’t recommended. Public WiFi doesn’t offer any type of security. So, anytime you enter your account log-in and credit card information, that data can be monitored and stolen by a third party.
There are major sites like Amazon that you can trust to keep your payment information secure, but holiday shopping can sometimes lead you to untrusted sites in search of a deal. Some of these sites are completely legitimate, but don’t do enough to keep your information from being stolen. Other sites are scams claiming to sell popular items, but in reality they’re designed to steal your credit card information or infect your computer with malware.
Online shopping is convenient and a great way to quickly finish buying gifts, but it can also lead to costly cyber attacks.
For help improving the security on your computer or network, call Geek Rescue at 918-369-4355.
December 17th, 2013
For business and even personal use, the cloud is earning the trust of more and more users. But, privacy and security remain major concerns. Victoria Ivey of CIO published a list of ways to maintain better security with the cloud, which mostly involve more diligence from users.
There are a seemingly endless number of options for how to use the cloud, but it’s not for everything. When it comes to storing data, your most valued, vital, important files should probably stay away. Cloud storage isn’t particularly insecure, but it doesn’t provide enough security for the data you absolutely cannot afford to lose.
Perhaps the most disregarded document in history is the user agreement. For cloud storage solutions, however, it’s necessary to wade through them. They contain important information about what your cloud provider offers and what level of protection you’re afforded. If you’d rather not read it, take some time to talk to your provider in-depth about the services. Knowing the details of your cloud service will help you use it better.
Passwords are a respectable security tool when used correctly. Unfortunately, most users insist on using a password they can easily remember and use no other considerations. This makes a password easily hackable. This doesn’t only apply to the cloud, but strong passwords are a must for every online account.
For added cloud security, use encryption on all data stored there. This way, if a third party does gain access to your cloud storage, there will be another layer of security in place to keep them from stealing data. There are a number of ways to encrypt files and some cloud providers will include encryption with your service. There have been cases where cloud providers have decrypted users’ data, however and allowed access to other parties. So, be cautious when choosing a provider and don’t blindly trust encryption services unless you’re the only one holding the key.
These are some basic, general tips for improved security with cloud computing. Research your provider and the services you’re signing up for and make sure you understand how the cloud works and how to best use it.
To find out what the cloud can do for you, call Geek Rescue at 918-369-4335. We offer a variety of cloud services and help you understand how the cloud is best utilized by your business.
December 4th, 2013
A recent discovery of two million passwords to online accounts is making headlines. Violet Blue of ZDNet reports that a botnet is responsible for stealing users’ passwords to Facebook, Google, Twitter, Yahoo, one of the world’s largest providers of payroll services and more.
Though some have reported that the victims in this password heist are all located in the Netherlands, they’re actually believed to be spread across the globe. The criminal responsible used tactics to disguise his actions and make it look like the victims are all located in the Netherlands, but because of this it’s difficult to tell exactly where the passwords come from.
A tool called a Pony Botnet Controller is recognized as the root of this attack. It’s capable of stealing hundreds of thousands of passwords within only a few days of infection. In this particular infection, more than 1.5-million passwords to website’s were stolen along with 320-thousand email credentials, 41-thousand FTP credentials, 3-thousand remote desktop credentials and 3-thousand Secure Shell credentials.
When passwords are stolen in this manner, it should trigger action from all users regardless of whether they are actual victims. The stolen passwords become common knowledge for hackers. These passwords are used in lists that are part of hacking attempts on all kinds of online accounts. So, while your account may not have been compromised, someone with a similar password may have been, which in turn puts you at risk.
Shockingly, some of the most popular passwords found in this batch of stolen log-ins were extremely rudimentary. Almost 16-thousand of the stolen passwords were “123456”. “Password” was used over 2200 times and ‘admin’ accounted for almost 2000 of the stolen passwords. Overall, some form of the numbers 1 through 9 in order accounted for eight of the top ten most used passwords that were stolen.
This suggests that too many users are still using easy to remember, and incredibly easy to hack passwords for important accounts online. Using these passwords puts sensitive data at a significant risk. So, take this opportunity to create a stronger, original password for all of your accounts before you become a victim in the next attack.
If your computer is infected with malware, or you’d like to improve security to prevent an infection, call Geek Rescue at 918-369-4335.