The Latest on Krack

On October 16, 2017, security researcher Mathy Vanhoef publicly disclosed a serious vulnerability in the WPA2 encryption protocol. This  Wi-Fi vulnerability affects millions of routers, smartphones, PCs, and other devices, including Apple’s Macs, iPhones, and iPads. By using a  key reinstallation attack, dubbed Krack, an attacker can exploit the weaknesses and gain access to sensitive information such as: credit card numbers, personal information, passwords, usernames, photos, and business data that is accessed via the Wi-Fi in question.

 

While this latest attack has many computer and mobile users concerned, it is not really the time to push the panic button quite yet. There are still steps that you can take to protect your information. In fact, only six weeks after the event most operating systems have a patch and workaround planned that will eliminate this weakness. Apple has announced that it already has an antidote to the vulnerability affecting Wi-Fi routers across the board. The only catch is that the solution is currently only available as part of the latest beta version for iOS, 11.1 Developer beta 3. Google was also reported to release a patch in early November to secure Wi-Fi connections on Android devices. In the meantime, here are a few suggestions for users to exercise caution and prevent the Krack attack from impacting you and your sensitive information.

 

Protect Yourself from Krack

 

  • Avoid using public Wi-Fi, but if you must, stay away from any personal or business activities such as banking, business software, CRM, patient management software, or Medical EMR applications.
  • Consider using a VPN or Virtual Private Network, which means that all your network traffic (not just your web browsing) is encrypted, from your laptop or mobile device to your home or work network, even if it travels over an unencrypted connection along the way
  • Companies that deal with sensitive client data and material should stay away from accessing any sites that contain PII or PHI as it could be at risk unless using a secure VPN.
  • Be sure to install patches that are available from Apple and Microsoft and listen to what your IT department tells you to do regarding safeguarding business data.

 

Check back with M&H Consulting as we stay on top of recent breaches and will keep you up-to-date. Call M&H Consulting at 1-(866)-964-8324 or visit our website at http://www.mhconsults.com

You’ve Been Hacked! Now What?

Millions of Americans have had their personal information exposed over the past ten years with thousands of small- and large-scale hacks responsible for most. Maybe you opened an email you shouldn’t have or maybe a company that you do business with was vulnerable to cyber attacks. Either way, now you need to figure out what the next steps are and how to protect yourself moving forward.

 

If it is your personal computer that is compromised, then there are several steps you should take to rectify the situation.

 

  • Isolate the computer so it can not interact with other networks. This will prevent the hacker from continuing to be able to obtain files and other information.
  • Shutdown and remove the hard drive to stop it from damaging other files. If you don’t feel comfortable removing a hard drive yourself or you don’t have a spare computer then you may want to take your computer to a reputable professional who can help you.
  • Scan for Problems – Using antivirus, anti spyware and anti malware, scan for problems once your drive has been placed in a secondary computer. Remove all problems from the hard drive.
  • Back up important files if you have not already done so. Copy to a clean drive.
  • Decide on what to do with the old drive. Talk to a professional about scanning, cleaning and replacing the old hard drive back into your computer once it has been dealt with and can be reused safely and without threat to your system.
  • Reload the operating system and all security measures. Update software wherever possible to have the most recent security protocols available.

 

If you are a business owner and you have been hacked it is best to call in the professionals for a thorough investigation, notification to clients and solution to getting your system up and running again. If you have hacking issues or want to avoid them call M&H Consulting today at 1-(866)-964-8324 or visit our website M&H Consults

Lessons from the Equifax Breach

Protecting your clients’ personal information is extremely serious business. There are examples all around us on a weekly, (and sometimes daily) basis about companies that have been subject to hackers or malware that allowed cyber criminals to access client information. The Equifax Breach is just one more recent example of the importance of maintaining and updating your security protocols, especially if your company has access to client or consumer information, such as social security numbers, credit card information, and/or financial statements.

 

Equifax is one of the nation’s three major credit reporting agencies. The breach lasted over three months from May-July 2017 and may have exposed sensitive information for more than 143 million Americans. Information such as social security numbers, birth dates, addresses, credit card numbers, and driver’s license numbers was potentially accessed. If you have a credit report, there is a good chance that you could be one of the people impacted by this breach.

 

From a business perspective, there are lessons that can be gleaned from this event as with many of the other recent hacking incidents. Here are a few things your company should consider going forward in regard to security for your system and network.

 

  • Review your Password Strategy – As a small- or medium-sized business, you may not have the time to think about changing your passwords often, but make the time! Not only should you change passwords regularly, but you should also use different passwords for each account and have a password manager create and manage the information.
  • Update Regularly – IT professionals will tell you that if your software is not up-to-date then you are not utilizing the most recent security updates as well. In this digital age, hackers are one step ahead and need to be held at bay with the latest security techniques.
  • Add a Second Layer of Defense – By enabling Two-Factor Authentication, your company is adding a second layer of defense. Two-factor authentication is highly recommended for all your online activity, such as your webmail, online banking, cloud accounts, and so on.
  • Use the Best Antivirus and Anti-Malware – Keep your company secure with the newest versions of all antivirus and anti-malware. Reputable anti-malware on all your devices – laptops, desktops, tablets, and smartphones can identify, quarantine, delete, and report any suspicious activity.
  • Back Ups – As with any digital information, always perform regular backups so that in the case of a hack, your data can be restored and accessed quickly.

 

Do you have questions about your IT security and need help tightening up your SMB? Call M&H Consulting today at 1-(866)-964-8324 or visit our website M&H Consults

Protecting your Business

Are you doing everything you can (and should) to protect the computers, technology, and data related to your business? Do you even know what security risks exist? Here is a quick checklist of things you can do at your company to increase security.

 

  • Conduct a Security Audit – If you don’t know what parts of your business are vulnerable or what data you have that needs to be protected, you can’t properly secure it. Meet with professional IT consultants who can identify what needs protecting and how.
  • Train Personnel – Sometimes all it takes is one employee opening a corrupt email or attachment to cause a disaster. Be sure all employees are trained for red flags on emails and signs of hacking.
  • Beef Up Passwords and Encryption – Make sure you have passwords that are strong and are changed on a regular basis. Limit the number of employees that have access to certain data.
  • Back IT Up – Use systems to regularly backup your data and networks so in case there is a disaster you have the most recent information saved.
  • Protect Your Mobile – Lots of companies have great security but fail to provide the same level to their mobile devices. Be sure that mobile devices are as secure as possible and have limited access since they will be often used in public WiFi locations and remotely.
  • Have a Security Policy – Create a security policy that every level of the workforce knows, understands, and strictly follows.
  • Physical Security – With the focus on cyber crimes it is easy to forget how easily a thief can walk off with valuable technology, such as a tablet or laptop. Be sure you follow smart lock-up policies especially for those employees who travel.

 

If you need a security review, call M&H Consulting at 1-(866)-964-8324 for a free initial consultation.

Cautions to take in Computer Hacking

Computer hacking can occur at the worst of times and when we least expect it. The worse of it being that once the hacking has occurred, you can never undo the damage that’s been done. However, you can take steps to prevent it. Follow along to find out how you can prevent a malicious cyber-attack.

  • SSL – Secure Socket Lockets are the next best thing when it comes to online security. Using an encrypted SSl protocol helps to prevent information being read in transit or gain access without the proper authority. For example, it can help safely transfer users’ personal information between a website and your database, without anyone else seeing it.
  • Updates – Updates are made because it is necessary to maintain the softwares functioning properly, and maintain all its security protocols. If an update is made for a phone, for example, it could be because of a security vulnerability. Delaying this will only expose you to attacks, which is what hackers are looking for.
  • Tighten network security – Doing simple and basic things such as changing passwords frequently, ensuring passwords are strong, as well as making sure all plugged into the network are scanned for malware each time they are attached can make a great difference. This can also apply to installing a web application firewall. A WAF can be software or hardware based, and its purpose is to fit between a website server and the data connection and read every data passing through it.
  • Remove autofill – Leaving autofill enabled on websites, can leave you vulnerable to attacks from any user’s phone or computer that has been stolen. With your information already plugged in and accessible, it is easy for hackers to steal it.
  • Back-up frequently – It is vital to ensure that everything is backed up. Whether it is weekly, daily, or 10 times a day in total, back everything up. From saving files, sharing docs, everything should be backed up. If the worst case scenario were to happen, it is important to backup in case one hard drive fails, etc.

With these helpful tips, you’ll be taking the right precautions to limit your chance of a cyberattack.

 

How to Identify & Avoid Unwanted Programs

Unwanted programs are constantly being downloaded, many times, without your permission. This is usually because some programs can only be downloaded as a bundle with another program. Sometimes, even loading up a website can cause other programs to be downloaded as well. Although some unwanted programs might not cause any direct harm or be a malware carrier, they can fill up space in your tech’s system, eventually causing it to shut down. Determining which programs are harmful for your technology can be difficult, especially when there are so many disguised like legitimate ones. Follow along to learn how you can identify and avoid unwanted programs.

Potential unwanted programs (PUPs) can cause technical issues such as:

      Slow computer program

      Display of Pop Up ads

      Collect personal information

One way to avoid installing such programs is by going through custom installation instead of simply clicking on the recommended download method. PUPs can easily be installed when you choose the recommended method. Especially when they are piggy-backing a legitimate program. Many times, the end user licensing agreements (EULA) contain information on the other programs that will be downloaded. Makes sure you read through the EULA and don’t accept bundle programs.

According to The Windows Club, a trick to avoid PUPs is to click on “I Decline” whenever you are downloading a program and the “I Accept” or “I Decline” options come up. However, if “I Accept” happens to be the only option, you should unclick the option and simply click “Next.” Don’t worry; you’ll still be able to download the program.

Want to make sure you haven’t already downloaded PUPs? Here are a few steps on how to identify and get rid of them:

      Go to your browser

      Go to your options

      Manage your add-ons

      Turn off all add-ons you do not recognize

For more information on identifying a PUPs and preventing them, contact M&H online or by phone!

What is Antispyware?

In order to fully understand what anti-spyware is, you must understand what spyware is and does. As we have mentioned before, spyware is a type of malware that can monitor your computer by either tracking the web pages you visit or everything you could be navigating to in order to collect any information available. In order to fully protect your devices from such malware, you must download a security program, like anti-spyware.

Anti-Spyware works very similarly to an antivirus program. It detects any unwanted spyware program, deactivates it and then removes it. The way it does this is by analyzing the codes of the programs and files installed into your devices. It then compares the codes to the spyware definitions the programs already knows. Detection in anti-spyware can either be based on the rules or the actual definition of the active spyware.

Once the security program detects a match between the program’s, or file’s, code and that of which the antispyware knows, it will disable with program and send an alert. When alert is sent, it will ask whether or not you would like to remove the spyware program and, sometimes, even give you the details on the spyware, like the name of it and where it came from. Of course, fully removing the spyware is the best option.

There are many types of malware protection programs. When asked if simply downloading an antimalware program can take care of all system infestations, the answer is no. The reason why there are so many different protection programs (antivirus, antispyware, antimalware, etc.) is because there are so many infections that target your devices a single malware program can only focus on so many. There are new malware being created all the time, it’s best to protect your systems for all those that are predicted as well as the unpredicted ones.

If you are not sure which antispyware program is best for your system(s) contact M&H for guidance.