The Latest on Krack

On October 16, 2017, security researcher Mathy Vanhoef publicly disclosed a serious vulnerability in the WPA2 encryption protocol. This  Wi-Fi vulnerability affects millions of routers, smartphones, PCs, and other devices, including Apple’s Macs, iPhones, and iPads. By using a  key reinstallation attack, dubbed Krack, an attacker can exploit the weaknesses and gain access to sensitive information such as: credit card numbers, personal information, passwords, usernames, photos, and business data that is accessed via the Wi-Fi in question.

 

While this latest attack has many computer and mobile users concerned, it is not really the time to push the panic button quite yet. There are still steps that you can take to protect your information. In fact, only six weeks after the event most operating systems have a patch and workaround planned that will eliminate this weakness. Apple has announced that it already has an antidote to the vulnerability affecting Wi-Fi routers across the board. The only catch is that the solution is currently only available as part of the latest beta version for iOS, 11.1 Developer beta 3. Google was also reported to release a patch in early November to secure Wi-Fi connections on Android devices. In the meantime, here are a few suggestions for users to exercise caution and prevent the Krack attack from impacting you and your sensitive information.

 

Protect Yourself from Krack

 

  • Avoid using public Wi-Fi, but if you must, stay away from any personal or business activities such as banking, business software, CRM, patient management software, or Medical EMR applications.
  • Consider using a VPN or Virtual Private Network, which means that all your network traffic (not just your web browsing) is encrypted, from your laptop or mobile device to your home or work network, even if it travels over an unencrypted connection along the way
  • Companies that deal with sensitive client data and material should stay away from accessing any sites that contain PII or PHI as it could be at risk unless using a secure VPN.
  • Be sure to install patches that are available from Apple and Microsoft and listen to what your IT department tells you to do regarding safeguarding business data.

 

Check back with M&H Consulting as we stay on top of recent breaches and will keep you up-to-date. Call M&H Consulting at 1-(866)-964-8324 or visit our website at http://www.mhconsults.com

You’ve Been Hacked! Now What?

Millions of Americans have had their personal information exposed over the past ten years with thousands of small- and large-scale hacks responsible for most. Maybe you opened an email you shouldn’t have or maybe a company that you do business with was vulnerable to cyber attacks. Either way, now you need to figure out what the next steps are and how to protect yourself moving forward.

 

If it is your personal computer that is compromised, then there are several steps you should take to rectify the situation.

 

  • Isolate the computer so it can not interact with other networks. This will prevent the hacker from continuing to be able to obtain files and other information.
  • Shutdown and remove the hard drive to stop it from damaging other files. If you don’t feel comfortable removing a hard drive yourself or you don’t have a spare computer then you may want to take your computer to a reputable professional who can help you.
  • Scan for Problems – Using antivirus, anti spyware and anti malware, scan for problems once your drive has been placed in a secondary computer. Remove all problems from the hard drive.
  • Back up important files if you have not already done so. Copy to a clean drive.
  • Decide on what to do with the old drive. Talk to a professional about scanning, cleaning and replacing the old hard drive back into your computer once it has been dealt with and can be reused safely and without threat to your system.
  • Reload the operating system and all security measures. Update software wherever possible to have the most recent security protocols available.

 

If you are a business owner and you have been hacked it is best to call in the professionals for a thorough investigation, notification to clients and solution to getting your system up and running again. If you have hacking issues or want to avoid them call M&H Consulting today at 1-(866)-964-8324 or visit our website M&H Consults

Lessons from the Equifax Breach

Protecting your clients’ personal information is extremely serious business. There are examples all around us on a weekly, (and sometimes daily) basis about companies that have been subject to hackers or malware that allowed cyber criminals to access client information. The Equifax Breach is just one more recent example of the importance of maintaining and updating your security protocols, especially if your company has access to client or consumer information, such as social security numbers, credit card information, and/or financial statements.

 

Equifax is one of the nation’s three major credit reporting agencies. The breach lasted over three months from May-July 2017 and may have exposed sensitive information for more than 143 million Americans. Information such as social security numbers, birth dates, addresses, credit card numbers, and driver’s license numbers was potentially accessed. If you have a credit report, there is a good chance that you could be one of the people impacted by this breach.

 

From a business perspective, there are lessons that can be gleaned from this event as with many of the other recent hacking incidents. Here are a few things your company should consider going forward in regard to security for your system and network.

 

  • Review your Password Strategy – As a small- or medium-sized business, you may not have the time to think about changing your passwords often, but make the time! Not only should you change passwords regularly, but you should also use different passwords for each account and have a password manager create and manage the information.
  • Update Regularly – IT professionals will tell you that if your software is not up-to-date then you are not utilizing the most recent security updates as well. In this digital age, hackers are one step ahead and need to be held at bay with the latest security techniques.
  • Add a Second Layer of Defense – By enabling Two-Factor Authentication, your company is adding a second layer of defense. Two-factor authentication is highly recommended for all your online activity, such as your webmail, online banking, cloud accounts, and so on.
  • Use the Best Antivirus and Anti-Malware – Keep your company secure with the newest versions of all antivirus and anti-malware. Reputable anti-malware on all your devices – laptops, desktops, tablets, and smartphones can identify, quarantine, delete, and report any suspicious activity.
  • Back Ups – As with any digital information, always perform regular backups so that in the case of a hack, your data can be restored and accessed quickly.

 

Do you have questions about your IT security and need help tightening up your SMB? Call M&H Consulting today at 1-(866)-964-8324 or visit our website M&H Consults

Protecting your Business

Are you doing everything you can (and should) to protect the computers, technology, and data related to your business? Do you even know what security risks exist? Here is a quick checklist of things you can do at your company to increase security.

 

  • Conduct a Security Audit – If you don’t know what parts of your business are vulnerable or what data you have that needs to be protected, you can’t properly secure it. Meet with professional IT consultants who can identify what needs protecting and how.
  • Train Personnel – Sometimes all it takes is one employee opening a corrupt email or attachment to cause a disaster. Be sure all employees are trained for red flags on emails and signs of hacking.
  • Beef Up Passwords and Encryption – Make sure you have passwords that are strong and are changed on a regular basis. Limit the number of employees that have access to certain data.
  • Back IT Up – Use systems to regularly backup your data and networks so in case there is a disaster you have the most recent information saved.
  • Protect Your Mobile – Lots of companies have great security but fail to provide the same level to their mobile devices. Be sure that mobile devices are as secure as possible and have limited access since they will be often used in public WiFi locations and remotely.
  • Have a Security Policy – Create a security policy that every level of the workforce knows, understands, and strictly follows.
  • Physical Security – With the focus on cyber crimes it is easy to forget how easily a thief can walk off with valuable technology, such as a tablet or laptop. Be sure you follow smart lock-up policies especially for those employees who travel.

 

If you need a security review, call M&H Consulting at 1-(866)-964-8324 for a free initial consultation.

Cautions to take in Computer Hacking

Computer hacking can occur at the worst of times and when we least expect it. The worse of it being that once the hacking has occurred, you can never undo the damage that’s been done. However, you can take steps to prevent it. Follow along to find out how you can prevent a malicious cyber-attack.

  • SSL – Secure Socket Lockets are the next best thing when it comes to online security. Using an encrypted SSl protocol helps to prevent information being read in transit or gain access without the proper authority. For example, it can help safely transfer users’ personal information between a website and your database, without anyone else seeing it.
  • Updates – Updates are made because it is necessary to maintain the softwares functioning properly, and maintain all its security protocols. If an update is made for a phone, for example, it could be because of a security vulnerability. Delaying this will only expose you to attacks, which is what hackers are looking for.
  • Tighten network security – Doing simple and basic things such as changing passwords frequently, ensuring passwords are strong, as well as making sure all plugged into the network are scanned for malware each time they are attached can make a great difference. This can also apply to installing a web application firewall. A WAF can be software or hardware based, and its purpose is to fit between a website server and the data connection and read every data passing through it.
  • Remove autofill – Leaving autofill enabled on websites, can leave you vulnerable to attacks from any user’s phone or computer that has been stolen. With your information already plugged in and accessible, it is easy for hackers to steal it.
  • Back-up frequently – It is vital to ensure that everything is backed up. Whether it is weekly, daily, or 10 times a day in total, back everything up. From saving files, sharing docs, everything should be backed up. If the worst case scenario were to happen, it is important to backup in case one hard drive fails, etc.

With these helpful tips, you’ll be taking the right precautions to limit your chance of a cyberattack.

 

How to Identify & Avoid Unwanted Programs

Unwanted programs are constantly being downloaded, many times, without your permission. This is usually because some programs can only be downloaded as a bundle with another program. Sometimes, even loading up a website can cause other programs to be downloaded as well. Although some unwanted programs might not cause any direct harm or be a malware carrier, they can fill up space in your tech’s system, eventually causing it to shut down. Determining which programs are harmful for your technology can be difficult, especially when there are so many disguised like legitimate ones. Follow along to learn how you can identify and avoid unwanted programs.

Potential unwanted programs (PUPs) can cause technical issues such as:

      Slow computer program

      Display of Pop Up ads

      Collect personal information

One way to avoid installing such programs is by going through custom installation instead of simply clicking on the recommended download method. PUPs can easily be installed when you choose the recommended method. Especially when they are piggy-backing a legitimate program. Many times, the end user licensing agreements (EULA) contain information on the other programs that will be downloaded. Makes sure you read through the EULA and don’t accept bundle programs.

According to The Windows Club, a trick to avoid PUPs is to click on “I Decline” whenever you are downloading a program and the “I Accept” or “I Decline” options come up. However, if “I Accept” happens to be the only option, you should unclick the option and simply click “Next.” Don’t worry; you’ll still be able to download the program.

Want to make sure you haven’t already downloaded PUPs? Here are a few steps on how to identify and get rid of them:

      Go to your browser

      Go to your options

      Manage your add-ons

      Turn off all add-ons you do not recognize

For more information on identifying a PUPs and preventing them, contact M&H online or by phone!

What is Antispyware?

In order to fully understand what anti-spyware is, you must understand what spyware is and does. As we have mentioned before, spyware is a type of malware that can monitor your computer by either tracking the web pages you visit or everything you could be navigating to in order to collect any information available. In order to fully protect your devices from such malware, you must download a security program, like anti-spyware.

Anti-Spyware works very similarly to an antivirus program. It detects any unwanted spyware program, deactivates it and then removes it. The way it does this is by analyzing the codes of the programs and files installed into your devices. It then compares the codes to the spyware definitions the programs already knows. Detection in anti-spyware can either be based on the rules or the actual definition of the active spyware.

Once the security program detects a match between the program’s, or file’s, code and that of which the antispyware knows, it will disable with program and send an alert. When alert is sent, it will ask whether or not you would like to remove the spyware program and, sometimes, even give you the details on the spyware, like the name of it and where it came from. Of course, fully removing the spyware is the best option.

There are many types of malware protection programs. When asked if simply downloading an antimalware program can take care of all system infestations, the answer is no. The reason why there are so many different protection programs (antivirus, antispyware, antimalware, etc.) is because there are so many infections that target your devices a single malware program can only focus on so many. There are new malware being created all the time, it’s best to protect your systems for all those that are predicted as well as the unpredicted ones.

If you are not sure which antispyware program is best for your system(s) contact M&H for guidance.

Antivirus vs. Antimalware

There is a lot of confusion about what exactly are antivirus and antimalware, and what which one works best. Well in order to find out what their purposes are, we must clear out what viruses and malware actually are.

A virus is a code within a program that can copy itself over and can cause damage to a computer by corrupting the system and, even, destroying data.

Malware, on the other hand, is a general word for any malicious infection. This includes Trojans, Spyware, worms, adware, ransomware, and (you guessed it) viruses.

Now that this is cleared out, you are probably wondering why antivirus exists when antimalware can take care of it. Well, let’s get into the differences between these two security software.

Antivirus software was created during the uprising of computers and the Internet. Therefore, this security software was created to tackle older forms of infections, like Trojans, viruses and worms. They are programmed to protect computer users from any traditional malware that are predictable and, still, dangerous.  

Opposite to antivirus, antimalware was created more recently as newer threats began to rise. These malware tend to be much less predictable since new ones are constantly being created and released at high speeds. Antimalware seeks out for more dangerous threats than those that antivirus programs are used to handling.

With that said, if you are wondering which one should be used, the answer is both. You want to protect your computer from all malware, whether it is predicted or unpredicted.

If you need more advice on which antivirus and/or antimalware programs are best, contact M&H for help!

All About Macs

Joshua Hewitt

So you have a Mac and you hear about all the PC users getting some sort of “virus”, “spyware” or “malware”. You do not have to worry because you have a Mac, right? Wrong! Macs are now becoming the target of viruses, spyware and malware. Back in the day, there was much less worry about any “junkware” infecting your PC. Now that Macs are becoming more popular in homes and offices, they are becoming bigger targets than previously seen. While there is no I 00% fool proof protection, here at M&H, we highly recommend to make sure that your investment in a computer is protected. The Apple system OS began setting up some built in protection since system release 10.6. 7, but as you know, computers and programs evolve by the minute! The built-in security features of OS X reduce the risk of malware attack, but they’re not absolute protection. It’s very important to have not only an antivirus solution (such as Sophos antivirus for example), but to also have a malware/spyware solution as well. So, how can you get said “malware” and/or “spyware”?

  • Software from an untrustworthy source
    • Software of any kind is distributed via BitTorrent or Usenet.
    • Software with a corporate brand, such as Adobe Flash Player, doesn’t come directly from the developer’s website.
    • Rogue websites such as Softonic and CNET Download distribute free applications that have been packaged in a superfluous “installer.”
    • The software is advertised by means of spam or intrusive web pop ups.
  • Software that is plainly illegal or does something illegal
    • Software that you would otherwise have to pay for is “cracked” or “free.”
    • An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission.
  • Conditional or unsolicited offers from strangers
    • A web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the “DNSChanger” malware. That exception to this rule no longer applies.)
    • A web site offers free content such as video or music, but to use it you must install a “codec,” ” plug-in,” “player,” “downloader,” “extractor,” or “certificate” that comes from that same site, or an unknown one.
    • You win a prize in a contest you never entered.
    • Someone on a message board such as this one is eager to help you, but only if you install an application of his choosing.
    • A “FREE WI-FI!!!” network advertises itself in a public place such as an airport, but is not provided by the management.
  • Unexpected events
    • You open what looks like a document and get an alert that it’s “an application downloaded from the Internet.” Click Cancel and delete the file or message.
    • An application does something inexplicable, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
    • Software is attached to email that you didn’t request, even if it comes (or seems to come) from someone you trust.

macs

So here is the bottom line, be careful of what sites you visit, what emails you open and what programs you run. Say if you were walking on the streets of Boston, and someone came up to you and said “Hey, I got a free watch! You want it?” I would be very cautious of that person. The same thing should go for using the internet. You want to make sure you have your information protected, and again, we advise to protect your investment. Macs are great machines, but like a car, they need to be taken care of Remember, if you ever have any questions or concerns, ask our tech experts at M&H during your next tech for a day visit or email us at support@mhconsults.com

——————————————————————————–
TAKE SSSCASHSSS FROM M&H CONSULTING
Refer a new Tech-For-A-Day client to M&H Consulting and mention this offer to
us, and you will receive $25 for each PC the new client has. Call for details.
If you would like to be removed from this newsletter, send an email to
info@mhconsults.com with the word remove in the subject line.
——————————————————————————–

Keeping You and Your Devices Safe

In today’s fast paced world we are becoming more and more dependent on our electronic
devices. We access our data and spreadsheets on our laptops and tablets. We call and email our clients on our smart phones. The devices we use are becoming more integrated with everyday life, and as such we use them for more than just business.

Many people will stream a video, or listen to music on their devices. Imagine, however, you click on a link to watch a video, and instead your device becomes locked, with a message stating that there is child pornography on your device and you will be reported to the FBI unless you pay to have it removed. This is exactly what happened to a young girl in Tennessee. She unknowingly installed malware that took over her phone and started to wreak havoc. This type of malware is called “Ransomware”. It is a form of malware that installs on your devices, and can be from
websites, emails, etc. Some of it will threaten to delete or encrypt your data unless you pay a fee. Some will delete the data and then demand a fee to restore it. Some, like above, will install illegal things and demand that you pay or if not that you will be reported to the FBI. What’s worse is that you could pay the ransom demanded, and you’re not even guaranteed to get your data back, or device freed.

poison-computer

This type of malware is big business, and has mostly been limited to computers (laptops or desktops.) With today’s technology of more mobile devices such as tablets and smart phones we can expect that this will become the newest trending market for being targeted by the writers of the Malware. Companies such as Avast have reported in increase of blocked attacks, and they see the trend rising.

All hope is not lost however. There are steps that you can take that can help you to
avoid this type of personal attack. First you should always be wary of links. Never
click on an unknown link, especially from emails. If an associate or friend has
emailed you something that contains a link make sure that you verify that it actually
came from them before clicking on it. Attackers have ways of making emails seem to come from people you know and wouldn’t suspect. Second, you should only use approved methods of downloading applications onto your smart phone or tablet. This includes Google Play and the Apple Store. This is not always a guarantee of safe programs, but they are less likely to be harmful if coming from them. Third, make sure that you have some sort of program to block these types of attacks. This means virus/
malware protection. Make sure that you use a reputable vendor, and purchase the protection. There are many free versions out there, but when it comes to your devices and data it is better to be safe than sorry. You know the adage, you get what you pay for.

If you do become the victim of one of these ransomware attacks make sure that you first contact your local authorities, especially if the ransomware has downloaded illegal items onto your device. After that you can contact us any time at 866-9MH-TECH or email us at support@mhconsults.com and we will be glad to assist you.