The Latest on Krack

On October 16, 2017, security researcher Mathy Vanhoef publicly disclosed a serious vulnerability in the WPA2 encryption protocol. This  Wi-Fi vulnerability affects millions of routers, smartphones, PCs, and other devices, including Apple’s Macs, iPhones, and iPads. By using a  key reinstallation attack, dubbed Krack, an attacker can exploit the weaknesses and gain access to sensitive information such as: credit card numbers, personal information, passwords, usernames, photos, and business data that is accessed via the Wi-Fi in question.

 

While this latest attack has many computer and mobile users concerned, it is not really the time to push the panic button quite yet. There are still steps that you can take to protect your information. In fact, only six weeks after the event most operating systems have a patch and workaround planned that will eliminate this weakness. Apple has announced that it already has an antidote to the vulnerability affecting Wi-Fi routers across the board. The only catch is that the solution is currently only available as part of the latest beta version for iOS, 11.1 Developer beta 3. Google was also reported to release a patch in early November to secure Wi-Fi connections on Android devices. In the meantime, here are a few suggestions for users to exercise caution and prevent the Krack attack from impacting you and your sensitive information.

 

Protect Yourself from Krack

 

  • Avoid using public Wi-Fi, but if you must, stay away from any personal or business activities such as banking, business software, CRM, patient management software, or Medical EMR applications.
  • Consider using a VPN or Virtual Private Network, which means that all your network traffic (not just your web browsing) is encrypted, from your laptop or mobile device to your home or work network, even if it travels over an unencrypted connection along the way
  • Companies that deal with sensitive client data and material should stay away from accessing any sites that contain PII or PHI as it could be at risk unless using a secure VPN.
  • Be sure to install patches that are available from Apple and Microsoft and listen to what your IT department tells you to do regarding safeguarding business data.

 

Check back with M&H Consulting as we stay on top of recent breaches and will keep you up-to-date. Call M&H Consulting at 1-(866)-964-8324 or visit our website at http://www.mhconsults.com

Lessons from the Equifax Breach

Protecting your clients’ personal information is extremely serious business. There are examples all around us on a weekly, (and sometimes daily) basis about companies that have been subject to hackers or malware that allowed cyber criminals to access client information. The Equifax Breach is just one more recent example of the importance of maintaining and updating your security protocols, especially if your company has access to client or consumer information, such as social security numbers, credit card information, and/or financial statements.

 

Equifax is one of the nation’s three major credit reporting agencies. The breach lasted over three months from May-July 2017 and may have exposed sensitive information for more than 143 million Americans. Information such as social security numbers, birth dates, addresses, credit card numbers, and driver’s license numbers was potentially accessed. If you have a credit report, there is a good chance that you could be one of the people impacted by this breach.

 

From a business perspective, there are lessons that can be gleaned from this event as with many of the other recent hacking incidents. Here are a few things your company should consider going forward in regard to security for your system and network.

 

  • Review your Password Strategy – As a small- or medium-sized business, you may not have the time to think about changing your passwords often, but make the time! Not only should you change passwords regularly, but you should also use different passwords for each account and have a password manager create and manage the information.
  • Update Regularly – IT professionals will tell you that if your software is not up-to-date then you are not utilizing the most recent security updates as well. In this digital age, hackers are one step ahead and need to be held at bay with the latest security techniques.
  • Add a Second Layer of Defense – By enabling Two-Factor Authentication, your company is adding a second layer of defense. Two-factor authentication is highly recommended for all your online activity, such as your webmail, online banking, cloud accounts, and so on.
  • Use the Best Antivirus and Anti-Malware – Keep your company secure with the newest versions of all antivirus and anti-malware. Reputable anti-malware on all your devices – laptops, desktops, tablets, and smartphones can identify, quarantine, delete, and report any suspicious activity.
  • Back Ups – As with any digital information, always perform regular backups so that in the case of a hack, your data can be restored and accessed quickly.

 

Do you have questions about your IT security and need help tightening up your SMB? Call M&H Consulting today at 1-(866)-964-8324 or visit our website M&H Consults

Protecting your Business

Are you doing everything you can (and should) to protect the computers, technology, and data related to your business? Do you even know what security risks exist? Here is a quick checklist of things you can do at your company to increase security.

 

  • Conduct a Security Audit – If you don’t know what parts of your business are vulnerable or what data you have that needs to be protected, you can’t properly secure it. Meet with professional IT consultants who can identify what needs protecting and how.
  • Train Personnel – Sometimes all it takes is one employee opening a corrupt email or attachment to cause a disaster. Be sure all employees are trained for red flags on emails and signs of hacking.
  • Beef Up Passwords and Encryption – Make sure you have passwords that are strong and are changed on a regular basis. Limit the number of employees that have access to certain data.
  • Back IT Up – Use systems to regularly backup your data and networks so in case there is a disaster you have the most recent information saved.
  • Protect Your Mobile – Lots of companies have great security but fail to provide the same level to their mobile devices. Be sure that mobile devices are as secure as possible and have limited access since they will be often used in public WiFi locations and remotely.
  • Have a Security Policy – Create a security policy that every level of the workforce knows, understands, and strictly follows.
  • Physical Security – With the focus on cyber crimes it is easy to forget how easily a thief can walk off with valuable technology, such as a tablet or laptop. Be sure you follow smart lock-up policies especially for those employees who travel.

 

If you need a security review, call M&H Consulting at 1-(866)-964-8324 for a free initial consultation.

Cautions to take in Computer Hacking

Computer hacking can occur at the worst of times and when we least expect it. The worse of it being that once the hacking has occurred, you can never undo the damage that’s been done. However, you can take steps to prevent it. Follow along to find out how you can prevent a malicious cyber-attack.

  • SSL – Secure Socket Lockets are the next best thing when it comes to online security. Using an encrypted SSl protocol helps to prevent information being read in transit or gain access without the proper authority. For example, it can help safely transfer users’ personal information between a website and your database, without anyone else seeing it.
  • Updates – Updates are made because it is necessary to maintain the softwares functioning properly, and maintain all its security protocols. If an update is made for a phone, for example, it could be because of a security vulnerability. Delaying this will only expose you to attacks, which is what hackers are looking for.
  • Tighten network security – Doing simple and basic things such as changing passwords frequently, ensuring passwords are strong, as well as making sure all plugged into the network are scanned for malware each time they are attached can make a great difference. This can also apply to installing a web application firewall. A WAF can be software or hardware based, and its purpose is to fit between a website server and the data connection and read every data passing through it.
  • Remove autofill – Leaving autofill enabled on websites, can leave you vulnerable to attacks from any user’s phone or computer that has been stolen. With your information already plugged in and accessible, it is easy for hackers to steal it.
  • Back-up frequently – It is vital to ensure that everything is backed up. Whether it is weekly, daily, or 10 times a day in total, back everything up. From saving files, sharing docs, everything should be backed up. If the worst case scenario were to happen, it is important to backup in case one hard drive fails, etc.

With these helpful tips, you’ll be taking the right precautions to limit your chance of a cyberattack.

 

How to Identify & Avoid Unwanted Programs

Unwanted programs are constantly being downloaded, many times, without your permission. This is usually because some programs can only be downloaded as a bundle with another program. Sometimes, even loading up a website can cause other programs to be downloaded as well. Although some unwanted programs might not cause any direct harm or be a malware carrier, they can fill up space in your tech’s system, eventually causing it to shut down. Determining which programs are harmful for your technology can be difficult, especially when there are so many disguised like legitimate ones. Follow along to learn how you can identify and avoid unwanted programs.

Potential unwanted programs (PUPs) can cause technical issues such as:

      Slow computer program

      Display of Pop Up ads

      Collect personal information

One way to avoid installing such programs is by going through custom installation instead of simply clicking on the recommended download method. PUPs can easily be installed when you choose the recommended method. Especially when they are piggy-backing a legitimate program. Many times, the end user licensing agreements (EULA) contain information on the other programs that will be downloaded. Makes sure you read through the EULA and don’t accept bundle programs.

According to The Windows Club, a trick to avoid PUPs is to click on “I Decline” whenever you are downloading a program and the “I Accept” or “I Decline” options come up. However, if “I Accept” happens to be the only option, you should unclick the option and simply click “Next.” Don’t worry; you’ll still be able to download the program.

Want to make sure you haven’t already downloaded PUPs? Here are a few steps on how to identify and get rid of them:

      Go to your browser

      Go to your options

      Manage your add-ons

      Turn off all add-ons you do not recognize

For more information on identifying a PUPs and preventing them, contact M&H online or by phone!

Should You Worry About Smartphone Viruses and Malware?

 

How much do you rely on your smartphone? Well, if you doubt for a second the amount you use it, think of those breath-catching moments when you have misplaced it or dropped it. Shocking how quickly we all panic about our phones, right? Those are the moments you realize that you would have trouble getting through the day without it. Should you then, worry about other risks to your smartphone – take for example viruses or malware?  

 

The answer is yes, smartphones need protection as well. Your smartphone is essentially a pocket-sized computer that holds your valuable personal data, important documents and other files. Most likely you do not want some viruses to lay waste to your data. Here are some quick tips that can help keep your smartphone protected.

 

  • Download a mobile security app to catch those pesky “phone viruses.” Your phone’s app store may offer free anti-virus software.
  • Be judicious about what apps you download. Download an app or document only if it comes from a trustworthy source, such as your phone’s app store. Downloading apps from third-party websites may put your phone at risk.
  • Be careful about where you download apps – are you in a secure area?
  • Put a PIN or password on your smartphone and keep it locked when it’s not in use. Your phone may also have a lock pattern feature, fingerprint password or facial-recognition lock.
  • Stay away from suspicious websites when browsing the Internet on your phone. Viruses can be installed on your phone through malicious websites. If you receive an unexpected email or text message with a link in it, don’t click on the link.
  • Avoid modifying your phone in ways that weren’t intended by the manufacturer. This modification, also called “jailbreaking,” makes it easier for viruses to slip into the device.
  • Encrypt the files and data stored on the phone. Some phones have built-in data encryption that protects your data from prying eyes. Encryption usually shields documents, contacts, calendars, media files and email attachments. It also works for data stored on the phone’s memory card.
  • Avoid connecting your phone to unsecured wireless networks.

Antivirus vs. Antimalware

There is a lot of confusion about what exactly are antivirus and antimalware, and what which one works best. Well in order to find out what their purposes are, we must clear out what viruses and malware actually are.

A virus is a code within a program that can copy itself over and can cause damage to a computer by corrupting the system and, even, destroying data.

Malware, on the other hand, is a general word for any malicious infection. This includes Trojans, Spyware, worms, adware, ransomware, and (you guessed it) viruses.

Now that this is cleared out, you are probably wondering why antivirus exists when antimalware can take care of it. Well, let’s get into the differences between these two security software.

Antivirus software was created during the uprising of computers and the Internet. Therefore, this security software was created to tackle older forms of infections, like Trojans, viruses and worms. They are programmed to protect computer users from any traditional malware that are predictable and, still, dangerous.  

Opposite to antivirus, antimalware was created more recently as newer threats began to rise. These malware tend to be much less predictable since new ones are constantly being created and released at high speeds. Antimalware seeks out for more dangerous threats than those that antivirus programs are used to handling.

With that said, if you are wondering which one should be used, the answer is both. You want to protect your computer from all malware, whether it is predicted or unpredicted.

If you need more advice on which antivirus and/or antimalware programs are best, contact M&H for help!

Why your PC is Infected, Again

You’ve probably just got through getting rid of a malware issue when, all of a sudden, a new infection has tampered with your computer again. There are many reasons why this happens but one of the main issues could be that you don’t have an efficient security system. There are many different types of malware that can infect your computer in different ways.

Viruses are codes that copy themselves over causing damages to the running system it has hooked onto.

Worms are also codes that copy themselves over but run in the background of your computer rather than hooking onto the system.

Trojans are software that usually gets downloaded because they appear to be one thing but end up turning into something malicious.

Drive-by Downloads is malware that recognizes the weaknesses in your browser and causes your system to become infected.

Adware is usually hooked onto software and uses an advertising delivery system. These are easy to get rid of by simply uninstalling the downloaded software it came with.

Spyware is software that monitors your computer by either tracking the web pages you visit or everything you do with your mouse and keyboard in order to collect any information available.

Ransomware locks down your computer so that you can’t get regular access to certain programs unless a payment is made to unlock it.

Scareware is software that scares you into believing that your computer has been infected and that they have the solution to get rid of the infection if they are paid to do so.

As you can see, digital infestation is getting more and more sneaky and much more difficult to detect and prevent on your own. The best solution for this madness is to run valuable security systems in your computer. For more information on this and other ways to prevent malware from infecting your system, contact M&H by phone or email!

Protecting your Mobile Device

When you think of antivirus or security protection, your initial thought is probably laptops and computers, but truth is that smartphones and other mobile devices are no longer safe from malware and viruses. Mobile devices are susceptible to cyber attacks by malware and viruses created specifically to target them.

It’s important to begin taking the same precautions we do on computers,  on mobile devices especially when these malware are so easily contracted, difficult to detect, and almost impossible to remove. Malware can be embedded into your devices, without you even being aware of it, and gain complete access to your device. The worst part about it is that malware can be hiding in any free app.

Here are a few tips to protecting your mobile device from such malicious programs:

Update. This is something we cannot stress enough. Updates come with security solutions to any gaps the past operating system had been missing.

Get Protection. Malware and virus protections do exist for your mobile devices. A couple that we recommend is Malware Bytes and Sophos Antivirus. Malware Bytes offers real time protection and scanning to detect any malicious programs in your device. Sophos Antivirus takes it a few steps further by allowing you to encrypt your data. This helps protect your data in case it is lost or stolen. If that wasn’t enough to convince you already, this program also allows you to set up a remote wipe, which will allow you to wipe out all the data in your device if it were ever stolen.

Avoid Third-Party Sites. This is one of the easiest ways for malware to gain access to your device. They don’t need to go through many tough restrictions like they would if they were going through iTunes and Google Play.

If you are interested in getting full protection on your mobile devices, contact us for advice!

Common Myths About Technology: Part 1

With a world surrounded by technology, we are constantly hearing about the many ways to care for your devices and what the dos and don’ts are when handling them. A lot of the times we can’t help but come across some information that completely contradicts the one we may have just heard about.

We have searched some of the most common myths about technology and decided to share them with you in two parts to help clear some contradicting information for you. Here is part 1 of the common myths:

Macs Are Not Prone to Viruses

One of the most common myths is the one about macs not getting viruses. Perhaps this myth stems from Apple’s claim that their OS X software system is not susceptible to the common viruses targeted towards Windows. Although this is true, it does not mean that apple computers are not susceptible to those viruses created to target Macs.

In fact, the more common these computers become in homes and offices, the more vulnerable they become towards malware.

A Cell Phone’s Battery Should be Drained Before Charging

This is another very common misconception and the reason for this goes back to when NiCd batteries were common in many tech devices. The NiCd batteries suffer from “memory effect” which leads to the battery not being able to recharge up to 100 percent, causing the battery life to drain more quickly.

Since the early 2000s, NiCd batteries have been replaced with Lithium-Ion batteries, especially in all Apple products, which eliminate the “memory effect” issue. Although this is true, though, Apple does advice for the devices to be drained at least once a month in order to help maintain battery life.

More Bars Means Better Service

When we see our signal bars go down, we immediately start moving around to get more signal in order to have better service. Truth is, the bars only show the signal strength to the cell phone tower near you. The service is determined by the amount of tech devices connected to that same tower.

Files are Permanently Deleted Once Trash Bin is emptied

Maybe this is something you never thought of before, but the fact is that after the trash/recycling bin has been emptied in your computer, fragments of those deleted files can be left behind. This means that those fragments can be restored. The act of deleting a file is simply to make space for new ones.

In order to fully delete files on a Mac, you may want to follow up by clicking on “Secure Empty Trash.” If you are a PC owner, it is best to download a secure deleting program.

 

Private Browsing Means Anonymity

Private browsing does not keep anyone anonymous. Using this browsing mechanism simply keeps your computer from saving information about the websites visited and what typed or clicked on while being there. However, files downloaded from private browsing will remain in your device.