So how do you balance being social with staying safe?

People happily share their private information online, building robust libraries that can easily become a one-stop goldmine for fraudsters.

It’s not exactly the intention everyone has when they sign up, as the whole point of Facebook is to share your life with your friends. It hooks us into a global community and the experience does depend on us making certain privacy sacrifices.

So how do you balance being social with staying safe?

On Facebook alone, the average person shares 13 pieces of personal information ranging from a fairly innocent name/email combo, all the way to mothers maiden name and home address.

It doesn’t sound like a lot, but those 13 pieces have the power to unravel your life within minutes.

Even checking in at home has become the norm, helping to create a multi-dimensional online identity. The details are available to anyone who cares to look, whether they’re a friend keeping in the loop, or someone with a much darker agenda.

The problem is, you just don’t know who’s looking at your profile or why.

For example, someone could try accessing your email account by clicking the ‘Forgot password’ link. The email service follows its security rules and asks identifying questions like ‘which high school did you go to? What is your pet’s name?’ Unfortunately, the most common identifying checks and answers are probably available on Facebook.

Once your email address is compromised, hackers can use that to break into other services and go through, clicking ‘Reset Password’ on site after site, account after account – they have full access to your email, so there’s nothing stopping them from emptying your bank accounts – or worse.

7 Ways To Secure Your Facebook Without Missing Out on the Fun

  • Begin by previewing your profile as others see it
  • Review what should and should not be visible to strangers
  • Consider only sharing partial details, like birth day and month, but not the year
  • Only ever ‘Friend’ people you know and trust
  • Be wary of duplicate or ‘odd’ friend activity – hackers will often clone or hack a friend’s profile and initiate an urgent and uncharacteristic request for money
  • Update your past privacy settings too
  • Set default future sharing to ‘friends only’
/by

Should You REALLY Click That Upgrade?

That pop up just won’t leave. It’s been hounding you to upgrade your software and clearly, it has zero intention of giving you a moment’s rest. That software wants to be upgraded and it wants it now.

With a grudging sigh, you click and let it upgrade in the background. Maybe now it will let you get some work done. Except instead of grabbing a competitive advantage by having the latest and greatest edition, you quickly discover it’s given you the exact opposite. Your essential hardware no longer works, you’ve got errors all over the place, and that application no longer runs at all.

Your urgent upgrade was more of an instant downgrade.

Before you click that nagging upgrade button, consider the following:

Is the upgrade going to work with your current systems?

If your project management software no longer talks to your scheduling software, you’ve got a problem. It’s reasonable to expect the upgrade to have gone through robust testing and bug fixes, but even the mega corporations are caught out in an instant.

Is your current solution still an option?

Developers cease support of older software versions after a certain date. In these cases, continuing to use an outdated version leaves your system vulnerable, without patches and security updates. If your software is at the end of its cycle, you’ll need to upgrade regardless. This, however, gives you the perfect opportunity to revise your selection and make some experienced decisions – upgrade or replace.

Will this upgrade benefit your business?

Some upgrades are purely cosmetic. They look great and the developers pitch them as the latest and greatest, but without additional innovation on offer, you’re better to wait.

On the other hand, if the upgrade is going to have a positive effect on productivity, efficiency or customer satisfaction, definitely put it on your to-do list. Hold off for just a few moments though, while your IT technicians research any conflicts that might arise.

Being an early adopter isn’t always the best idea. Sometimes you need to let your other software packages catch up, and compatibility issues will always be relevant. It’s more important than ever before to take your time and research the upgrade to see how others have fared – before things come crashing down.

Call us for a quick compatibility check before you click. Better still, let us take care of it for you with one of our Managed Services Plans.

/by

Could Your Backups Survive A Ransomware Attack?

More and more businesses and organizations are getting stung by ransomware demands. Hospitals, schools, social networks…some days it seems like an epidemic that leaps around arbitrarily, and hackers are raking in millions.

Tallied across the word…billions.

Ransomware attacks are devious in their simplicity. A user in the target business is tricked into opening a file, usually through a phishing email or download. The file contains malware which instantly encrypts your data and demands money in exchange for the password.

No payment = no password = no data.

All of the target businesses should have backups, which they could simply revert to without paying any money, but the FBI reports more than $209 million was sent to hackers in the first quarter of this year alone. Keep in mind, this was just payments within the US, and only counts those who came forward.

Last year it was only $25million.

Aren’t backups helping?

Sometimes the backup solution fails and the data can’t be retrieved. This is particularly true in cases where the solution has been in use for years and something failed along the way. In other instances, the target business has a backup that can be restored, but it doesn’t include everything they need for full recovery.

Finally, and the most common reason so many businesses are forced to pay the ransom: the ransomware attack affects the entire system – including attached and synchronized backups. If the backup is also caught in the ransomware encryption, it becomes useless as a recovery method and the only options are to pay or lose the data forever.

Each day spent trying to recover the data is a drain on valuable business resources and in many cases, results in massive revenue loss.

The only defense is to block the malware before it can infect the first workstation, and then continue the protection with a comprehensive backup strategy for all workstations and servers. Give us a call to discuss how we can help secure your business against ransomware today.

/by

5 Red Flags of Phishing Emails

Think Before You Click

A single click can be the difference between maintaining data security and suffering massive financial losses. From the moment just one employee takes the bait in a phishing email, your business is vulnerable to data breaches and extensive downtime.

Quickly spot the red flags and put phishing emails where they belong:

1. Poor spelling and grammar While occasional typos happen to even the best of us, an email filled with errors is a clear warning sign. Most companies push their campaigns through multiple review stages where errors are blitzed and language is refined. Unlikely errors throughout the entire message indicate that the same level of care was not taken, and therefore the message is likely fraudulent.

2. An offer too good to be true Free items or a lottery win sure sound great, but when the offer comes out of nowhere and with no catch? There’s definitely cause for concern. Take care not to get carried away and click without investigating deeper.

3. Random sender who knows too much Phishing has advanced in recent years to include ‘spear phishing’, which is an email or offer designed especially for your business. Culprits take details from your public channels, such as a recent function or award, and then use it against you. The only clues? The sender is unknown – they weren’t at the event or involved in any way. Take a moment to see if their story checks out.

4. The URL or email address is not quite right One of the most effective techniques used in phishing emails is to use domains which sound almost right. For example, [microsoft.info.com] or [pay-pal.com] Hover over the link with your mouse and review where it will take you. If it doesn’t look right, or is completely different from the link text, send that email to the bin.

5. It asks for personal, financial or business details Alarm bells should ring when a message contains a request for personal, business or financial information. If you believe there may be a genuine issue, you can initiate a check using established, trusted channels.

While education is the best way to ensure phishing emails are unsuccessful, a robust spam filter and solid anti-virus system provide peace of mind that your business has the best protection available.

Give us a call to discuss how we can secure your system against costly phishing attacks.

/by

Got a Bad Case of Password Exhaustion?

You’re not alone! Most people use the same password everywhere – home, work, Gmail, Facebook… even for banking. Considering how many passwords we’re expected to remember and use on a daily basis, password exhaustion is a very real thing. It’s no wonder that when yet another prompt for a password appears, users enter easily guessed combinations like ‘abcd’ or ‘password’.

Trouble is, even if your password is making the required effort, hackers are taking a daily stroll around the internet and collecting logins and passwords as they go, from either leaked details or sites with security flaws.

Then, they’ll try their luck with that login/password set elsewhere. They know more than half the internet users in the world have only one password and email combination, so the chance of gaining access to your accounts is actually quite high. Even the big names in tech are at risk of password breaches:

360 million MySpace emails and passwords leaked.

117 million LinkedIn account details leaked.

Same password used elsewhere? Cue the domino effect! One site breach follows another and another until hackers have nothing more to gain. The only way to break this chain reaction is to use a different password for each site.

How to Create Easily Remembered Passwords

Have a system or template for creating your own unique passwords, that you’ll be able to remember, but is not obvious to hackers.

For example:

<character> <word> <something about the site> <numbers> <character>

Becomes !K1ttyFB75!

It might seem complicated, but the above is really just based around the words ‘kitty’ and ‘FB’ for Facebook. Change the FB to something else for other sites.

What to Do If Your Password Has Been Hacked

You can check to see if any of your accounts have been compromised by entering your email into a site like haveibeenpwned.com If it alerts a breach, you need to change your passwords immediately – all of them. Use the example system above to create a new set. If you’re struggling to remember your set of passwords, consider using a secure password tracker such as LastPass. (http://www.lastpass.com)

If you need help changing your passwords or setting up a secure password system, let us know on 07 4767 7202 and we’ll be more than happy to help you.

/by

How To Spot A Tech Scam Before You Get Stung

If your computer had a virus, you’d want to know about it ASAP, right?

Before your important files become corrupted, you lose your photos and your digital life is essentially destroyed. Even thinking about it is terrifying.

Tech scammers know we’d be lost without our computers, and that we don’t always know what’s going on behind the screen – which is why they’ve been able to swindle millions from everyday people across the world.

The scam goes like this:

You receive a random phone call from someone with a heavy accent (usually Indian) saying they’re from Microsoft, or an alarming pop-up appears on the screen, saying it looks like your system has been infected with a virus.

To fix the problem, they need to you to download some support software, which they’ll give you a special link for.

A technician then uses that software to gain access to your system and make it appear your system is riddled with viruses. Flashing screens, mysterious diagnostics whizzing by, fabricated errors…they’ll do or say anything to make you panic. They’ll even go as far as claiming your system has been infected with illegal content and if not corrected, you’ll face criminal charges.

Demands for credit card information follow immediately after. Once paid, they simply stop fiddling with your system to make it seem the problem is fixed. To continue the scam, they’ll soon access your system to recreate the problem, this time offering a subscription for ongoing protection.

What To Do If You’re Targeted By A Tech Scam

1. Don’t taunt them. Just hang up. Right now you’re only a phone number in their system and they’ll move onto the next – if you give them cause to target you personally, you may find yourself in a dangerous situation.

The real Microsoft will never randomly call people like this. Ever.

2. If a pop-up appears, immediately run an anti-virus scan. Don’t click the pop-up or call the number.

What To Do If You’ve Already Been Scammed

It’s okay. It feels horrible, but you’re not alone and the situation can be corrected.

Call your financial institution and have the charges reversed and your card reissued. It’s easier than you might think and helps the authorities locate the scammers.

Then give us a call and we’ll make sure they no longer have access to your computer.

/by

6 Quick Security Tips To Keep Your Business Safe

Every employee shares one inescapable flaw that is putting your business at risk.

They’re human.

59% of data breaches can be traced back to something an employee did (or didn’t do), which invited a cyber-attack.

The scam goes like this:

To lock hackers out, build security awareness and respect into your company culture so that maintaining digital security becomes as routine as making coffee.

Use complex passwords: Every employee, including management, needs to use an alphanumeric password that they haven’t used before. Password managers can assist with making sure they’re never forgotten.

Verify unknown identities: Not familiar with ‘Jenny from Accounting’ who has called to ask for sensitive information? Double check caller identity and access permissions before releasing any information. Hackers love to play on our desire to be helpful.

Encrypt by default: People regularly transfer data to a laptop or smartphone so they can work more efficiently. Unfortunately, this equipment can be easily stolen. Set operating systems to encrypt data by default, so that it becomes useless in the wrong hands.

Protect portable devices: Laptops and mobile phones should always require a password and be set to auto-lock after a short period of time. Never leave them unattended in cars, buses, restrooms etc, and take them as carry-on luggage.

Set personal usage rules: While you may have blocked productivity-vacuums such as Facebook, what are the rules regarding games, video streaming or shopping? Can they install their own software? When business computers are used for personal usage, security vigilance tends to slide, resulting in unintentional malware installation.

Educate often: Digital security threats change regularly, and people become comfortable with a certain level of danger, thinking ‘it will never happen to me’. A 5-minute discussion once a month may be the barrier that keeps hackers out.

Starter Topics:

  • Links in emails – Hackers often send emails that look like they are from your bank or similar. Be sure to check the link by hovering over it with your mouse. This is known as ‘phishing’.
  • Tech scam popups – Be on the lookout for popups advising that your computer is infected and you need to call a phone number or download software.
  • Email attachments – Never open an unknown attachment, and even from people you know and trust, always scan for malware before opening.

If you need help implementing better security practices in your business, give us a call.

/by