Mid-May of 2017 saw one of the largest global cyber-attacks ever. Ransomware has become all too common and computer hackers took advantage of a vulnerability in Microsoft Windows in what is being called the WannaCry attack. The hackers managed to affect computers worldwide. Thus far, the impact has been felt on over 230,000 computers in over 150 countries. The ongoing cyber-attack of the WannaCry ransomware computer worm targets the Microsoft Windows operating systems and seems to originate from an anonymous source but first was seen in April, 2016 by the hacking group Shadow Brokers.
The damage of WannaCry seems to be fairly widespread and has hit companies that use Telefonica, a Spanish broadband and telecommunications provider with operations in Europe, Asia, and North, Central, and South America. The attack has come down especially hard on hospitals and medical facilities in the United Kingdom and throughout Europe. While anyone who hasn’t updated their Windows PC recently is vulnerable, the good news is that attempts to contain the attack’s spread have paid off. The number of infected computers did not increase the week following the attack as many had expected.
If you are looking for ways to avoid being a victim of this attack take the advice of your IT Department or IT Consulting company. According to security company Bitdefender, follow these five steps:
- Disable your computer’s Server Message Block service.
- Install Microsoft’s patch.
- Backup your data on an offline hard drive.
- Install all Windows updates.
- Use a reputable security software to prevent attacks in the future.
Stay tuned for more updates on this attack and follow our biweekly blog at M&H Consulting.
Computer hacking can occur at the worst of times and when we least expect it. The worse of it being that once the hacking has occurred, you can never undo the damage that’s been done. However, you can take steps to prevent it. Follow along to find out how you can prevent a malicious cyber-attack.
- SSL – Secure Socket Lockets are the next best thing when it comes to online security. Using an encrypted SSl protocol helps to prevent information being read in transit or gain access without the proper authority. For example, it can help safely transfer users’ personal information between a website and your database, without anyone else seeing it.
- Updates – Updates are made because it is necessary to maintain the softwares functioning properly, and maintain all its security protocols. If an update is made for a phone, for example, it could be because of a security vulnerability. Delaying this will only expose you to attacks, which is what hackers are looking for.
- Tighten network security – Doing simple and basic things such as changing passwords frequently, ensuring passwords are strong, as well as making sure all plugged into the network are scanned for malware each time they are attached can make a great difference. This can also apply to installing a web application firewall. A WAF can be software or hardware based, and its purpose is to fit between a website server and the data connection and read every data passing through it.
- Remove autofill – Leaving autofill enabled on websites, can leave you vulnerable to attacks from any user’s phone or computer that has been stolen. With your information already plugged in and accessible, it is easy for hackers to steal it.
- Back-up frequently – It is vital to ensure that everything is backed up. Whether it is weekly, daily, or 10 times a day in total, back everything up. From saving files, sharing docs, everything should be backed up. If the worst case scenario were to happen, it is important to backup in case one hard drive fails, etc.
With these helpful tips, you’ll be taking the right precautions to limit your chance of a cyberattack.
Wi-Fi is needed and used everywhere: cafes, bookstores, retail or department stores, museums, and local pizzerias. Anywhere public you can think of may have wi-fi. Once logging on, you are immediately part of the internet through your phone or computer. However, with public wi-fi also comes with the danger of hackers and intruders gaining your private information faster.
Here are a few best tips to maintain your security at all times:
- Strong passwords – The use of strong passwords can come in handy when it is most needed. Having a sufficiently strong password limits the chance of anyone cracking through password or getting through your information. When using a weak password, it simply increases your chances of your system being compromised, especially when working on public Wi-Fi.
- Wireless encryption – Encryption has become more and more common from WhatsApp to Google encryption. WPA is a current and common encryption standard that works great.
- Turn off sharing – When using your phone, it is important to know what settings and apps can keep you secure. For example at home, sharing files to other computers on a network is safe and easy. However, on public Wi-Fi, it’s safer to turn off sharing. Simply go to your control panel on Windows or system preferences on OS X > sharing and then make sure that all boxes are off. This should also include your wireless network interface. It should be turned off by default, and only turn it on when in need to connect to a wireless network. Having it open allows attacks for malicious security crackers to use as a target.
- Consider your mobile device – If you need to access websites that require input of sensitive information, it could be safe to do it from your mobile phone network, instead of a public Wi-Fi connection. This includes social media sites, online shopping and online banking as well.
By now, we all hopefully know that having the password “123456” or “password” may be super convenient but also easy to crack by hackers. For many of us in the business world, we have so many passwords that we have trouble keeping track of them. There are the personal passwords for home and family use, the passwords for financial applications, work access passwords and the list could go on and on ad infinitum. Thankfully, we don’t need to rely on a yellow sticky note any more or the strength of our long term memory. There are password management systems that can keep all this information safe a secure until you need to use it again.
In a perfect world we could just remember our long list of passwords or use the same password for everything, but in today’s world of cyber crimes making the nightly news on a regular basis, it has become more important than ever to have secure passwords for each login. According to PC Magazine, a typical password manager can handle these logins and passwords by installing a browser plugin to handle password capture and replay. When you log in to a secure site, it offers to save your credentials. When you return to that site, it offers to automatically fill in those credentials. And if you’ve saved multiple logins for the same site, the password manager offers you multiple account login options. Most also offer a browser toolbar menu of saved logins, so you can go straight to a saved site and log in automatically. In order to avoid duplicating a password or coming up with weak ones, most password manager products include a built-in password generator. In addition, almost all top password managers can sync across all of devices so there is no need to worry about remembering your password on your mobile or laptop.
To see a list of the top ranked password managers follow these:
PC Magazine Top Ranked 2017 Password Managers
Wired Free Password Managers
As Americans, we love our mobile devices because they are so portable and easy-to-use. Unfortunately, smartphones, tablets, laptops, e-readers and iwatches are just as vulnerable to cyber attacks as desktop machines. With the expansion of capabilities and wider range of uses of mobile devices, there have also been an introduction of new security risks. Let’s look at a few steps you can take to be cyber aware while on your beloved mobile device.
- Security – Keep your mobile device locked with encryption features such as a pin, password, complex swipe, or other security option should it be lost or stolen.
- Monitor Apps – It is always advisable to stick with official marketplaces when installing an app in order to avoid spyware, malicious software or other viruses. Some apps ask for access to a camera or messages. Evaluate whether you really need those. In addition, remove apps that you no longer use.
- Consider Anti-Virus Software – An anti-virus package may be your best bet at defending against cyber crimes. You wouldn’t operate your desktop without appropriate protection so don’t do it with your mobile. In addition, make sure your system is regularly updated with the latest security features.
- Jailbreaking – This activity, while it may help you gain access to specific apps also strips away some of your mobile security.
- Bluetooth and WiFi – Disable both of these features when you are not using them because cyber criminals can track your movements when you are in range.
- Hotspots – Sure, doing work at a coffeeshop may sound cozy but it can give criminals access to your device and key accounts such as your email, and financial information. Consider using a VPN (Virtual Private Network) if you need a secure connection on-the-go.
- Getting a New Device – Consider wiping the data on your mobile device before disposing of it. Keep in mind if you have used rooting or jailbreaking, your device may not respond to the wiping.
Call M&H Consultants for more information on training your employees on how to be “Cyber Aware While Mobile”.
A firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. This can either be hardware or software based (ideally both) and creates parameters of whether to allow or block specific traffic based on those rules. In short, a firewall acts as a barrier between a trusted network and an untrusted network.
The term “firewall” may sound familiar to you as it has been used in fire prevention for years, and originally referred to a wall intended to confine a fire or potential fire within a building. Now the term means a high-tech wall to protect your system from outside influences that could harm your business data or system in general. Firewalls have been a first line of defense in network security for over 25 years.
With the explosion of the internet and the resulting connectivity between users and the rest of the world, firewalls have become a critical part of security for businesses. Firewalls have gone through their own form of evolution and have attempted to keep up with the rapid pace of technology. Here is a quick breakdown from Cisco Systems of the generations of firewalls including next generation firewalls.
- Proxy Firewalls – The earliest version of a firewall served as the gateway from one network to another for a specific application. Proxy servers can provide additional functionality such as content caching and security by preventing direct connections from outside the network.
- Stateful Inspection Firewall – Now thought of as a “traditional” firewall, a stateful inspection firewall allows or blocks traffic based on state, port, and protocol. It monitors all activity from the opening of a connection until it is closed.
- Unified threat management (UTM) Firewall – UTM device typically combines, in a loosely coupled way, the functions of a stateful inspection firewall with intrusion prevention and antivirus. It may also include additional services and often cloud management. UTMs focus on simplicity and ease of use.
- Next-generation firewall (NGFW) – A newer class of firewalls, next generation firewall – NGFW, filters network and Internet traffic based upon the applications or traffic types using specific ports. Next Generation Firewalls (NGFWs) blend the features of a standard firewall with quality of service (QoS) functionalities in order to provide smarter and deeper inspection.
As a way to protect your site and your users, Google’s recent decision to add SSL on website is a huge deal that can cause other big networks to follow suit.
What is HTTPS? HTTPS (Hypertext Transfer Protocol Secure) is used for internet communication protocol that protects the confidentiality of data between the site and the user’s computer. When using the internet, many users expect to have a secure and private experience online, however, this isn’t always the case. In order to have a more secure experience online, Google is encouraging users to adopt HTTPS to better protect your users connection to websites.
There are three key layers of protection:
- Data Integrity – This is when data can’t be modified or corrupted during a transfer, whether it’s intentionally or not, without being detected.
- Encryption – You’ve probably heard of encryption before. Sites and apps such as What’sApp are known for its great use of encryption between users. Encryption is the exchanged data to keep it secure from eavesdroppers. While a user is using a website or the WhatsApp app, no one can “listen” to their conversations, track their activities or steal their information.
- Authentication – Authentication proves that users the users is communication with the right intended website. By building users trust, it protects against man–in–the–middle attacks(attacker secretly alters the communication between two parties who believe they are connecting with one another).
In the latest Chrome browser version, Google will begin to warn users on websites not using SSL(https), and present a message in the address bar that will read as ‘not secure’ on the green lock, including the name of the company or organization. Within the info of the lock, it will explain the connection and permissions and the security of it.
Usually, Google would include https on sites that require credit card information or password. Instead, it will be labeling all websites. This means if your site is secure, but will show your users that is not, try looking into adding ssl for the better sense of security to your users.
As mentioned in our previous blog, the IT industry can be a competitive one, especially for those who are looking for an entry level job. Because of this, we have decided to share with you some marketable technological skills that could help you land an IT job in this New Year. If you find that you have many of these tech skills already, be sure to advertise them when attending job interviews.
Programming skills are a useful skill to have for software and application developments. Many companies that have applications or specific software also hire those with programming skills to help upkeep and maintain it.
Technical Support Skills:
By this we mean having the full knowledge of various software and hardware to be able to help other businesses and individuals with any technological complications. Being able to have such skill could help you sell yourself in many interviews since this type of job is the most in demand.
If you are analytics certified, market it! This is just almost as important of a skill as coding/programming in the IT industry. Being able to know and understand how to analyze certain information is important in helping businesses determine the advantages and weaknesses of each company.
Cloud Computing Skills:
Because many businesses are switching to cloud computing to better save and easily access their data, being able to observe, organize, and maintain cloud services is a significantly useful skill. Many businesses with unique cloud computing services need to have a well organized service in order to be able to do work efficiently and cloud architects can help ensure that it gets done without complications.
There are many other skills not mentioned here that can help you land an IT job. Simply be prepared to know which ones could be the most important for the job you are interviewing for in order to stand out.
We all like to be “ahead” in life – both personally and in the business world. The latter is especially true when it comes business leadership in small and medium size businesses. While following personal trends like the “in” fashion, seasonal colors and decorating can be fun, following the trends in business can save your business time and money. Being ahead of hackers, malware, spam, spyware, and viruses is just as important when following trends of 2017. Here are some trends in the security field to be aware of as we enter the new year.
- Increase in Ransomware – According to Telegraph Connect, ransomware (where hackers gain control of your data, encrypt it and demand payment to hand over the key) has now become the most profitable malware type in history. “It is time to harden security, by enabling visibility throughout the network – essentially, being able to see everything that connects to it.” If you are unsure if you are protected from ransomware call M&H Consultant today.
- Credential Threats – The trend of using malicious code to breach a company’s defenses has been on the rise over the past two years. More recently hackers do not need to write the code to gain entrance but rather steal the credentials of an employee to gain access instead. Plan for multiple layers of encryption and password protection.
- Smarter Viruses – According to the Insurance Journal, viruse designs are constantly improving and being modernized. So what you learned last year about viruses may well be outdated this year. Newer viruses are better at remaining undetected longer so they can infect more files and give the system owner little indication that the system has been compromised.
- An Increase in Cyber Security Spending – Worldwide spending on cybersecurity is predicted to top $1 trillion for the five-year period from 2017 to 2021, according to the Cybersecurity Market Report, published by Cybersecurity Ventures. Reports indicate an uptick in security spending some where in the vicinity of 12-15% increase. Review your budget to see where you land in this landscape.
- Human Expertise – Security experts are indicating that human expertise intermixed with technology-only solutions will be a trend for 2017. Instead of a software-only approach, the solution is to provide software and people.
You probably have heard of many people getting “catfished” or of people “catfishing” others. This is one form of identity theft that usually comes about through a social media network with photos and identity information taken from other strangers’ profiles. The act of being catfished may not sound as serious to some. After all, it is social media, where pictures are easily taken; that’s what you sign up for when you create an account, right? Wrong. There are many things that can go wrong: someone can ruin your reputation by using your image or, even worse, gather information to piece together and create financial fraud, or any other serious identity theft crimes. But, don’t panic or go off to delete all of your accounts! We have some tips to help you stay safe.
Set your account to private. Keep all strangers from getting information about you. While doing this, go through the entire privacy setting to make sure everything you want to keep private stays that way. If you come across a setting you don’t understand, keep them closed anyway; it’s better to be safe than sorry.
Don’t give strangers access to follow you online. If you don’t know who those people are, you don’t know what their intentions may be in following you or adding you as a friend. After all, all it takes to file a fraudulent tax returns is a name, birth date and social security.
Use a hidden name. This can be a middle name or a nickname that only your friends and family would know, so that they can still find you online or know who you are.
Be aware of the content you are sharing. Make sure you are not mindlessly revealing the answers to your security questions online. Also, try not to post images that show the layout of your home so that strangers can’t figure out where you live. Avoid sharing your location and birthday, if possible.
Avoid clicking on random links on social media. This includes those random social media quizzes. Many times, those links can carry malicious and invasive codes along with them that can infect your account or, even worse, your technology.