Data security isn’t a matter to be taken lightly, as too many businesses have found out the hard way. Unfortunately, there are far too many simple ways to correct common security issues - enough that it’s foolish not to do so. We’ll review a few ways to fix security issues, after discussing one of, if not the, most egregious security failings in modern history.
Despite what detractors say, regulations are in place for good reason. They typically protect individuals from organizational malfeasance. Many of these regulations are actual laws passed by a governing body and cover the entire spectrum of the issue, not just the data involved. The ones that have data protection regulations written into them mostly deal with the handling and protection of sensitive information. For organizations that work in industries covered by these regulations there are very visible costs that go into compliance. Today, we look at the costs incurred by these organizations as a result of these regulations, and how to ascertain how they affect your business.
If we told you that automated teller machines, or ATMs, were susceptible to hacking attacks, would you believe us? You should; there are a plethora of ways for hackers to infiltrate and steal money from ATMs, with the latest being so dangerous that even the Secret Service has issued warnings about it.
ATMs in Connecticut and Pennsylvania have recently become complicit in identity theft schemes issued by hackers. The machines themselves have been found to be equipped with periscope skimmer devices attached inside, particularly in machines which have openable lids that provide easy access to their inner workings. The device is installed so that it can probe the magnetic strip on the card as the machine reads it. Users might only need to withdraw $20, but they have so much more to lose.
It’s estimated that the device’s battery can last for up to 14 days per charge and that it has enough storage capacity to steal 32,000 card numbers. The one good thing about this device is that it doesn’t seem to collect PIN numbers. Instead, this scam may be part of a preparation for a real heist.
There may not be a PIN collection device on this version of the skimmers, but it’s still a good habit to cover the PIN pad with your free hand while you plug in your code. You never know who could be watching. Scammers are crafty and may have hidden cameras on the device to steal information, or they have hacked into the native camera remotely to spy on you while you input your credentials. Even if you don’t suspect that you’re being watched, it’s always better to err on the side of caution.
What’s worse is that those chip cards that your bank replaced your old cards with probably won’t be of much use, as most ATMs still need magnetic strips in order to accept and process the card as legitimate.
These skimmers can’t usually be identified by sight, as they’re often installed internally to avoid the prying eyes of cautious users. The most practical advice for avoiding ATM scams is to consider the thought process of a criminal who may try to exploit one of these machines. Consider its location--if the ATM is surrounded by people at all times, like those that are found in supermarkets or public places, chances are that it won’t become a target. Now, if it were located in a secluded rural gas station tucked away in the back hallway, it’s more likely that someone would tamper with it. Consider if it’s top-accessible, allowing cybercriminals access to its innards. These are all variables that you should be on the lookout for.
Therefore, it’s recommended that you use only ATMs that are placed in high-traffic areas where there are plenty of witnesses who might notice if someone tampered with the machine. It’s also important to avoid ATMs that are easily accessible; rather, just use one which is embedded into the wall, like the one in your bank’s drive-thru. These are great for multiple reasons: 1) They’re well-lit, 2) They are high-surveillance zones, and 3) Hackers have a hard time getting into them.
If you’re dealing with your business’s finances, it’s probably best that you handle your financial services through the tellers that aren’t automated. Another option is to go about your business online, shielded by the safeguards that Info Advantage can prepare for your organization. To learn more about our cybersecurity services, reach out to us at (585) 254-8710.
Just a few years ago, we’d only see fingerprint locks on the movie screens as action stars tried to deftly trick the high-security sensors. But these days, biometric authentication processes can be found on a variety of different devices, including mobile phones, tablets, and laptops. But soon we may be seeing them in our browsers, according to announcements front Google, Microsoft, And Mozilla.
According to a report on WC3 browsers such as Chrome, Microsoft Edge, and Firefox will soon support biometric authentication, including fingerprint scanners, voice and facial recognition without the need of any additional hardware. Here’s a little more about how biometric authentication will work with these popular browsers.
Sign-In Using a Mobile Device
Operating systems such as Windows, and MacOS, Chrome OS and Android are in the process of creating new features to allow users to securely log in using biometric identification. Authentication will be verified using USB, Bluetooth, and NFC devices connected to their mobile devices. This two-step verification method helps keep sign-ins secure.
Better Alternative for Passwords
Passwords can be tricky. Make a password too easy, you’re subject to a hack. Make a password too difficult, and you might have trouble remembering it. Biometric authentication methods make it more difficult for a hacker to break in, while also making it easier for you to sign in.
Spend Money Online Securely
With traditional forms of verification, there’s only one thing keeping a cyber-criminal from stealing your information; your password. With biometric verification, there’s an added layer of security keeping your account from getting broken into. Biometric verification authentication will soon be found on websites where you can purchase goods or services, stream videos, access the cloud, and more.
With technology constantly advancing, it can be easy to be left behind. Missing even just one update could be the difference between a secured network and a vulnerable one. Info Advantage can help you keep up to date on your security updates and ensure your business is safe and running efficiently. Call us today at (585) 254-8710 for more information.
You’ve heard it said that it’s a best security practice to routinely change your passwords. The idea here is that, if a password were stolen, then it would lose its value when the user goes to change it. While this sounds like solid logic, new research shows that it may actually be better NOT to change your passwords.
This may be a hard pill to swallow for IT administrators who have always required users to change their passwords every few months or so. However, seeing as this practice could make accounts less secure, it’s worth considering.
The idea behind this theory is that, whenever a user goes to change their password, they’re often rushed or annoyed and end up creating a new password that’s less secure. The Washington Post puts it like this: “Forcing people to keep changing their passwords can result in workers coming up with, well, bad passwords.”
Think about it, how often have you changed your password, only to change it from a complex password to one that’s easier to remember? Or, have you ever kept the same password and just added a number at the end of your new password? This covert move will do little to deter a hacker. Carnegie Mellon University researched this topic and found that users who felt annoyed by having to change their password created new passwords that were 46 percent less secure.
Plus, let’s consider the hypothetical situation of a hacker actually stealing your password. Truth be told, once they’ve gotten a hold of your login credentials, they’ll try to exploit the password as soon as they can. If they’re successful, they’ll pose as you and change the account’s password, thus locking you out of it. In an all-too-common situation like this, the fact that you’re scheduled to change your password at the end of the month won’t change anything.
Additionally, ZDNet points out yet another way that regularly changing passwords can make matters worse: “Regularly changed passwords are more likely to be written down or forgotten.” Basically, having a password written down on a scrap piece of paper is a bad security move because it adds another way for the credentials to be lost or stolen.
Whether you do or don’t ask employees to change their passwords is your prerogative. However, moving forward it would be in everybody’s best interest to focus on additional ways to secure your network, instead of relying solely on passwords. This can be done by implementing multi-factor authentication, which can include SMS messaging, phone calls, emails, and even biometrics with passwords. With additional security measures like these in place, it won’t matter much if a hacker stole your password because they would need additional forms of identification to make it work.
To maximize your company’s network security efforts, contact Info Advantage at (585) 254-8710.
Email is (and has been) a prime method of communication for businesses of all sizes. With email comes a whole slew of issues that are essentially synonymous with the technology; spam, information overload, phishing, and information privacy. Even Rochester small businesses that only do business locally are at risk of these issues. Personal email accounts are equally at risk. Employing proper precautions and practices whenever communicating via email is very important to prevent the risk of security compromises, monetary loss, and even legality issues.
If you've been using email for a while either professionally or personally you have almost certainly gotten email from people you don't know. Most of these emails are blatantly unwanted while others can look 'almost' legit, as if a real person is trying to contact you. Often (and unfortunately) spammers can get your email address when you put it online or use it to register for accounts on sites on the internet. The good news is standard spam protection is getting better these days, and more advanced spam protection is cost effective for businesses that need the extra layer of protection. Spam can cause a lot of harm for a business network if it isn't kept under control - spam can bog down email servers and eat up network bandwidth and plus it drastically slows down employee productivity because they need to sift through it all just to find their real email. If you and your staff are getting more than a few spam emails a day, contact us at (585) 254-8710 and ask about our anti-spam solutions.
This has been a golden rule for general email usage for a very long time. If you received an email from a stranger and there is an attachment, don't touch it. If you receive an email from a contact and there is an attachment, but anything is suspicious, don't touch it. This goes the same for links - if the email was unexpected and just seems fishy, it is possible your contact's email may have been compromised. Use your judgment on this, but remember it isn't your contact trying to trick you, they are merely the victim of a similar hoax from one of their contacts. If you have any doubt, simply reply or pick up the phone and ask them about it before continuing.
Be sure to keep antivirus definitions up to date, and run scans regularly. Running adware and spyware removal software at regular intervals is important too. Be sure your Windows Updates are up to date as well. For businesses, you'll want to invest in network protection to keep external threats from leaking in. Even for small Rochester businesses, security and threat management is important to keep operations running smoothly and to prevent expensive downtime and data theft.
Everyone has done this at least once; you are working on a report or document on one computer and you email it to yourself in order to pull it up on another computer. That's fine as long as you mind your inbox capacity, but you shouldn't rely on email for storing files, not even as a reliable backup. Imagine having to painstakingly pick through all of your email to restore your most important files. It doesn't sound like a good idea now, does it? On top of that, email isn't any less prone to data corruption or loss than any typical storage solution, and unless the server hosting your email is backed up with a reliable solution, it could be here today and gone the next.
If you send sensitive data to other recipients, you will want to consider email encryption. Some industries require this. Email encryption simply scrambles the message while it is being sent, and depending on what type of encryption, will descramble itself or allow your recipient to log in to a secure location to view the data. Although email encryption services vary, most of them are very cost effected especially when put beside the risks of sensitive data getting leaked and stolen. Give us a call at (585) 254-8710 to learn more about email encryption and what solution is right for your business needs.
You’ve heard it said that it’s a best security practice to routinely change your passwords. The idea here is that, if a password were stolen, then it would lose its value when the user goes to change it. While this sounds like solid logic, new research shows that it may actually be better NOT to change your passwords.
This may be a hard pill to swallow for IT administrators who have always required users to change their passwords every few months or so. However, seeing as this practice could make accounts less secure, it’s worth considering.
The idea behind this theory is that, whenever a user goes to change their password, they’re often rushed or annoyed and end up creating a new password that’s less secure. The Washington Post puts it like this: “Forcing people to keep changing their passwords can result in workers coming up with, well, bad passwords.”
Think about it, how often have you changed your password, only to change it from a complex password to one that’s easier to remember? Or, have you ever kept the same password and just added a number at the end of your new password? This covert move will do little to deter a hacker. Carnegie Mellon University researched this topic and found that users who felt annoyed by having to change their password created new passwords that were 46 percent less secure.
Plus, let’s consider the hypothetical situation of a hacker actually stealing your password. Truth be told, once they’ve gotten a hold of your login credentials, they’ll try to exploit the password as soon as they can. If they’re successful, they’ll pose as you and change the account’s password, thus locking you out of it. In an all-too-common situation like this, the fact that you’re scheduled to change your password at the end of the month won’t change anything.
Additionally, ZDNet points out yet another way that regularly changing passwords can make matters worse: “Regularly changed passwords are more likely to be written down or forgotten.” Basically, having a password written down on a scrap piece of paper is a bad security move because it adds another way for the credentials to be lost or stolen.
Whether you do or don’t ask employees to change their passwords is your prerogative. However, moving forward it would be in everybody’s best interest to focus on additional ways to secure your network, instead of relying solely on passwords. This can be done by implementing multi-factor authentication, which can include SMS messaging, phone calls, emails, and even biometrics with passwords. With additional security measures like these in place, it won’t matter much if a hacker stole your password because they would need additional forms of identification to make it work.
To maximize your company’s network security efforts, contact Info Advantage at (585) 254-8710.
Details for a security vulnerability thought to affect almost every Intel processor made in the last decade have recently been released, and the outlook is not good. While there are updates on the way to fix the flaws, experts believe that a patch may slow down computers by up to 30%.
According to The Register, where the information was first publically released, the Intel vulnerability allows hackers to access areas of the computer that shouldn’t be reachable. The flaws, known as Meltdown and Spectre, directly affects the kernel memory of the Intel chip.
Meltdown breaks the isolation between applications and the OS, allowing hackers to access the memory of programs and the OS itself. Spectre breaks the isolation between different applications down, allowing a hacker to trick error-free programs to leaking information.
These flaws allow apps to detect and read the operating system codes, look into other app’s memory banks, or even leak personal information such as passwords, login information, files, and more.
The patch will make the affected kernel completely invisible, but this comes at a price. According to The Register, making the kernel invisible would add a new process that will increase its overhead, slowing down the computer.
Since the problem is with the hardware itself, nothing short of an OS-level fix will be required for the affected operation systems, including Windows, Linus, and Mac. So far Windows has released an emergency patch for Windows 10, with patches for Windows 7 and Windows 8 to come next week. However, there seem to be some issues caused by some anti-virus softwares that can result in bluescreen errors.
Apple says they have also addressed the majority of their flaws with their last OS update, and they are currently testing new tweaks for their next update. Linux developers have also created a set of patches.
In addition to operating systems, many cloud services companies will need to release updates in order to keep themselves protected against the vulnerability. Microsoft Azure, Amazon AWS, and Google Cloud Platform have all reported that they are working on implementing new updates to bulk up security against Meltdown and Spectre. However, they have all stated that the impact of proposed update and have found that they have very little affect on performance in their benchmark tests.
If you want to know more about how these vulnerabilities may affect you and your business, call us at (585) 254-8710 to learn more about how you can strengthen your technology security.
The public internet is vast, with over one billion websites already established, and more and more created every day. While being connected to the internet has its undeniable benefits, there is also a constant threat that puts our sensitive information at risk: hackers. These cyber criminals will do anything they can to try and steal your personal information, and once they have it, it can be difficult to recover. Luckily, there are a few simple methods every internet user can utilize to keep themselves safe from a hack attack.
Enable Two-Factor Authentication Where Available
Many popular sites such as Facebook, Twitter, and Ebay are now embracing an extra layer of login security with their two-factor authentication methods. This process is activated when you try to login to your account using a device that isn’t recognized by the site. In order to confirm your identity, the user will get sent an authentication code through a verified contact point such as email or text message. This ensures that no un-recognized source can access your information unless they also had access to your second form of contact.
Secure a Site Using HTTPs
These days we don’t often type out the full website address we are looking for, as most browsers will automatically fill in the correct address or send you to a search engine to point you in the right direction. However, there is a hidden benefit to typing out an address, and it can be as easy as adding a single letter. When adding a ‘s’ to the end of http (hypertext transfer protocol,) the browser will encrypt any and all information sent between the server and the user. While many modern browsers add the ‘s’ to a site’s address on their own, you can ensure that you’ll always have a secure connection by downloading apps or programs that will automatically make the switch for you.
Keep Browsers and Devices Updated
Typically, updates are direct responses to issues or vulnerabilities that have been discovered on your program or device. Therefore, it is critically important that you always run trusted updates as quickly as possible. Outdated versions of browsers or mobile operating systems are often an easy entry-point for hackers, allowing them to exploit the known security holes. If you’re not sure whether or not you’re completely updated, many browsers and operating systems have a service that will automatically update as soon as new versions are released.
Worried about the safety of your sensitive data being sent over the public internet? Contact Info Advantage today at (585) 254-8710 to speak to a security professional about how you can strengthen your network security!
The WannaCry ransomware attack was created by hacking amatures who copied from a famous hacker group known as the shadow brokers. While WannaCry is no longer a threat with the latest security update, a recent announcment shows that the hacker group is going to continue to release dangerous security exploits for anyone to use, at the right price.
There are a few theories about who makes up the membership of the ShadowBrokers group. These theories range from official National Security Agency employees to Russian spies. However, all these theories are based on unreliable information, so not much is actually known about the group. The only thing known for certain is that the ShadowBrokers use social media to sell cybersecurity secrets to amatures.
The ShadowBrokers’ first started to auction off security secrets in August of 2016. They promised the highest bidder would receive cycbersecurity vulnerabilities that work just as well as government cyber weapons. Over the next year, the ShadowBrokers used a variety of different means to sell their secrets: auctions, crowdfunding, and direct sales. In April of 2017, their fifth release of information went public, which included the ETERNALBLUE Windows vulnerability that allowed WannaCry to infect over 300,000 computers in a single day.
The ShadowBrokers have recently announced a subscription service that would include access to bi-monthly security exploit releases in early September 2017. The first package they sold included an NSA exploit titled UNITEDRAKE, which allows hackers to remotely monitor or control a computer running any Microsoft OS between Windows XP and Windows 8.The exploit can also discreetly record audio from your microphone, video from your webcam and anything that is typed on the keyboard. It can also remotely remove itself from the target computer, leaving no signs of a breach.
Luckily, all the security exploits that the ShadowBrokers have released targeted older, outdated versions of software.The best way to protect your computers is make sure your operating system is properly upgraded and patched. Advanced network monitoring can detect suspicious activity, but that requires a significant amount of time and IT knowledge, making it difficult for small- to medium-sized businesses who usually don’t have the resources to handle around-the-clock maintenance. This is where Info Advantage can help.
If you are worried about the ShadowBrokers releases, or have any other cyber security concerns, contact Info Advantage today at (585) 254-8710 today to learn more about how we can help keep your network safe.
How safe is your company’s data? According to a new survey released by tech giant Dell, there’s a large chance that it’s not very secure at all. The statistics revealed by the survey are dismaying, with the survey’s key finding was that 35 percent of employees report that it’s common practice to take proprietary company information when leaving their firm.
As bad as that is, the rest of the statistics in Dell’s survey were even worse. About 36 percent of employees regularly open emails from unknown, untrusted sources, making them extremely susceptible to threats such as phishing attacks.
Forty-five percent of employees admit to engaging in behaviors they know to be unsafe from a cybersecurity standpoint, including; using personal email accounts for work, misplacing company-issued devices and connecting to public WiFi to access confidential or proprietary information.
In addition, 72 percent of employees reported being willing to share proprietary, sensitive or confidential information under certain circumstances.
All of this paints a stark picture of a problem with no easy solution. The old saying is true; your employees are your greatest asset, and also your company’s biggest threat.
It’s easy, for example, to say that better employee education is the answer. While the exact scope and scale of the problem may not have been known before, it’s certainly no secret that phishing attacks aimed at rank and file employees have been a longstanding problem. To this point, few companies have bothered to attempt to better educate their employees.
Worse, the few that have haven’t seen much of an improvement.
In a similar vein, it would be easy to make the blanket statement that having a robust data policy in place would go a long way toward alleviating the problem. However, talking about it and actually developing and implementing such a policy has, at least to this point, proven to be a daunting undertaking.
Since the 1950s, the term 'hacker' has been vaguely defined as someone who explores the limits of technology by testing them in as many different ways they can. But by the 1980s, the term ‘hacker’ became associated with users who were caught breaking into government and other private computer systems, leaving the word with a negative reputation. Today, several pioneering ‘hackers’ run multimillion-dollar cyber security consulting businesses aimed to help protect the average technology user from attacks. So what should you call someone who uses their knowledge for good?
“White hat” hackers
Also known as ‘ethical hackers’, or ‘network security specialists’, these hackers are the heroes of the hacker name. Whether it’s selling what they find to hardware and software vendors in “bug bounty” programs, or working as full-time technicians, white hat hackers are just interested in testing technology and protecting users. Linus Torvalds is a great example of a white hat hacker. After years of experimenting with the operating system on his computer, he finally released Linux, a secure open-source operating system.
“Black hat” hackers
Closer to the definition that most people outside the IT world know, black hat hackers aim to create software and other technology campaigns with the purpose of causing damage. These attacks have a variety of different goals; such as financial harm in the form of ransomware to digital vandalism. Albert Gonzalez is one of the most infamous black hat hackers. In 2005, he organized a group of individuals to compromise poorly secured wireless networks and steal information. He is most known for stealing over 90 million credit and debit card numbers from TJ Maxx over the course of two years.
“Gray hat” hackers
A sort of ‘in-between’ of the other categories, a ‘gray hat’ hacker does the majority of their work on the internet. This anonymity affords them opportunities to try their hand at both white hat and black hat hacking. Today, there are quite a few headlines making the rounds describing Marcus Hutchins as a gray hat hacker. Hutchins became an overnight superstar earlier this year when he poked and prodded the WannaCry ransomware until he found a way to stop it. During the day, Hutchins works for the Kryptos Logic cybersecurity firm, but the US government believes he spent his free time creating the Kronos banking malware. He has recently been arrested and was branded as a ‘gray hat’ hacker.
The world of cyber security is far more complicated than the stylized hacking often seen in Hollywood movies. Internet-based warfare is not as simple as good guys vs. bad guys, and it certainly doesn’t only aim for big money targets. If you need a team of experienced professionals to help you tackle the complexities of modern cyber security, call Info Advantage today at (585) 254 – 8710.
On Friday, May 12, a cyber-attack was launched that affected over 300,000 computers in roughly 150 countries. The attack, a ransomware worm known as WannaCry, affected nearly every major industry; including healthcare, government, and privately-owned businesses.
The attack began in Europe and continued to spread across the globe, reaching targets in China, Japan, and even reaching across seas to the Americas. Once hit with WannaCry, the worm encrypts all the files on an infected device, prompting the user to pay $300 in order to regain access to their files.
Since the attack spread, the hackers are thought to have gained about $80,000 in bitcoins from WannaCry victims. However, that number is not expected to rise much higher, as many technology companies have already implemented measures to block the attack. In fact, Microsoft had already had a vulnerability patch in place in March, months before WannaCry was released.
So how was WannaCry able to affect hundreds of thousands of devices while there were already measures available to block the attack? The answer lies within an affected company’s technology infrastructure. While the patch by Microsoft was originally released in March for Windows XP systems, many businesses completely overlooked the upgrade. This left them wide open for an attack, making them easy targets with well-known vulnerabilities.
However, we cannot be so quick to blame the IT departments of the affected businesses, particularly those with complex technology infrastructures. For example, many health care service providers in the UK were affected due to a reliance on older versions of operating systems. This is due in part to the variety of third-party medical equipment that health care providers rely on to do their jobs. This equipment can often be difficult to upgrade or patch, and can only be replaced if the budget allows for it. In many cases, companies will choose to spend their dollars on other IT necessities.
What can businesses do to protect themselves from WannaCry and other similar cyber-attacks? Security experts state that the best way to combat these attacks is to keep your technology updated and your employees aware of potential threats.
A good way to gauge your company’s vulnerability is to perform a threat and vulnerability tests. These tests will give a company insight into how many employees would fall for an attack by sending out a fake phishing scam. Once the data is collected, a company will have a better idea of what kind of vulnerabilities they have, and how they can train their employees to avoid them.
Experts also suggest that companies keep as up-to-date on their software as possible, and urge them to consistently check for updates or patches. While an update might not seem imperative, hackers are constantly on the lookout for newly discovered vulnerabilities to exploit. By creating a consistent update schedule, companies can be sure that they are protected from future attacks.
Don’t have the time to constantly check for software updates? Not sure if your company is up-to-date with the best possible cyber security plan? Contact our security experts at Info Advantage by calling (585) 254-8710 today to talk about how you can protect your business’ assets.
With the rise of the age of the Internet of Things (IoT), more and more everyday devices are becoming connected to the web as a means to make a more personalized product experiment. Today, we have IoT connected watches, televisions, and even kitchen appliances like refrigerators or coffee makers. As convenient as these devices can be, they can pose a serious threat to a user’s personal information if the security behind the device is lackluster. Such is the case with CloudPet, a IoT connected stuffed animal that lets children and their loved ones communicate with each other through an app, which exposed the personal data of thousands of accounts.
CloudPets are made by Spiral Toys, a company based in California that specializes in toys that connect to the internet. The concept behind the toy is that a child can communicate with their parents or loved ones who are far away. The toy is connected to an app, which allows the connected party to record voice messages to send to the child’s CloudPet. The CloudPet then allows the child to send a voice recording back, which can be played through the app.
On February 28, 2017, security researcher Troy Hunt posted a blog about how the data from CloudPets stuffed animals had been leaked and ransomed, potentially exposing these recordings. Hunt found that several parties had reached out to CloudPets and their parent company Spiral Toys about the breach, yet had received no response. With some help of members on his site, Have I Been Pwned?, Hunt was successfully able to access the user photos and voice recordings. While there were no recordings or photos on the exposed database, the leakage did contain sensitive data that could easily compromise an account.
According to the CloudPet’s site, the breach was caused when CloudPet’s user data was temporarily moved to a new database software. In December of 2016, third party developers moved CloudPets data to a temporary database in order to make upgrades to the CloudPet’s app. During the time, the database software that was used had an exploit that hackers would use to hold data for ransom. While CloudPets claims that no voice recordings were accessed, they do admit to the leakage of email addresses, usernames, and encrypted passwords. However, there were no password strength rules before the breach, so a hacker could still easily access thousands of those compromised accounts.
Since the breach was made public on February 22, the CloudPets app required all users to reset their passwords, and created new password security requirements to ensure the new passwords are more secure. They also recommend that users create a unique password for every application or site, and advise them not to use “easily guessable” passwords.
Many hackers rely on their ability to trick users into giving up information or control of their technology. As technology advances, hackers continue to find new and updated ways to gain access to user accounts. One scam in particular, known as homographs, has seen an increase of popularity as of late.
What are they?
Homographs are a phishing strategy that is used to disguise a hyperlink to look like a legitimate, secure website. Scammers are able to use these attacks due to the way that many browsers interpret URLs with characters from another language. An example of this can be found with Russian Cyrillic letters, many of which look similar to English letters. To account for this, browsers utilize basic translation tools so a user can still access a legitimate website using non-English characters by translating the address into a series of English letters and numbers.
How do hackers use homographs?
Hackers are able to take advantage of homographs by using letters from another language that look identical to letters of the English language. They create a URL that looks identical to the legitimate site, but once clicked it will automatically take you to a compromised site where your data can be at risk. This attack works because users won’t be able to see that the URL is not legitimate until it is too late, as once they click the link they will most likely be infected by malware.
How can I protect myself?
While many browsers have created fail-safes to combat this issue, there are still many browsers that are left unprotected. Even those that do use the fail-safes can be easily tricked, so it’s up to the user to prevent the attack. Be conscious of every link you click, and never open up a URL that you cannot verify. This means any URL in an unknown email address, or a pop-up ad that claims to be a legitimate company. The best way to avoid homograph attacks is to always manually type in the web address.
Want to know more about how to prevent cyberattacks? Contact Info Advantage at (585) 857-2644 to talk to our security and technology professionals today.
If you’re an avid online shopper, you know the struggle of having to fill out your information each and every time you want to make a purchase. For many, autofill is a way to save time when shopping online. While this feature is convenient, it can also put your data directly into the hands of cybercriminals if a user isn’t careful.
How They Do It
Hackers are able to use autofill to their advantage by adding hidden fields in a sign-up form. These fake sign-up forms try to trick users into giving up more information than they think they are. The form may seem to only ask for a name or email address, but can secretly also take any other information that has been saved in a browser’s autofill. This could include information such as a billing address, phone number, credit card number, security codes, and other sensitive personal data. While this method of attack isn’t necessarily new, whitehat hackers have had trouble finding effective ways to counter the threat.
Prevent an Autofill Attack
Autofill attacks can happen to nearly any user on any browser that has autofill enabled. However, browsers such as Chrome and Safari are particularly prone to these types of attacks, as autofill comes pre-configured when the browser is first downloaded. To avoid these types of attacks, experts suggest using a browser without autofill, such as Firefox. If you want to stick with Chrome or Safari, you may want to consider disabling the autofill feature. If you enjoy the convenience of autofill, make sure you only utilize the feature on sites that have been marked as secure. Otherwise, it’s advised that you take the time to fill in each field by hand to avoid giving information you don’t want to give.
Worried that your sensitive data might be at risk of leaking? Call Info Advantage at (585) 254-8710 today to talk to a security expert about how you can keep your private data safe.
Congress recently voted to do away with Obama-era regulations that were intended to protect consumer data from being sold to advertisers without the user’s consent. As of April 4th, President Trump has officially signed the legislation that will dismantle the internet protection that had originally been approved in October 2016.
What Was Voted On?
Congress voted on whether or not to keep a set of Internet privacy rules approved back in October during the end of the Obama administration. The measure, which was passed by a 215-205 vote according to NBC News, blocks the FCC from being able to enforce new privacy rules that had been passed last year by the Obama administration last year before the election. The legislation, which was recently signed by the President, also bans the FCC from issuing any similar online protections in the future.
What Information Can Be Bought?
The original policy would have banned Internet providers from collecting, storing, sharing and selling user information. They would be allowed to collect and sell information such as your web history and app usage, according to The Washington Post. The rules also required Internet providers to use stronger security safeguards to protect customer data against hackers. Now that the policies have been brought down, providers are able to monitor their customer’s online activity and use the data they’ve collected to create highly targeted ads. It also allows them to sell the information to advertisers, financial firms, and other for-profit companies.
How Can I Protect My Data?
As of now, there are no real changes being made to the Internet security policy, so not much is expected to change right away. However, experts suggest a few methods that users can use to keep their data to themselves. First, security experts suggest that you use a virtual private network, or VPN. VPNs will hide your location so they cannot verify your identity, and hides your Internet traffic so that no one will be able to see your browsing history. Security professionals also suggest that users make use of HTTPS sites, which ensure users that their data is secure and will not be shared.
Contact Info Advantage today at (585) 857-2644 to learn more ways you can protect your personal data from being shared or sold.
As more people gain access to their own smart devices, the environment is changing around the globe. The vast adaptation of the mobile device has allowed individuals to stay connected at any time, and the world is shifting to accommodate the newest wave of technology. For companies, this means the ability to do business anywhere at any time, especially when paired with cloud capabilities. Bring your own device (BYOD) allows businesses to stay connected to their work without having to physically be in the office, making it a popular option for modern businesses. However, with a BYOD policy comes some risk. Here are all the things you should be aware of when considering a BYOD policy.
Data Leaks
One of the major issues that many companies have with BYOD policies is the real possibility of data leaks. With a secured, physical workstation, it’s easy to closely monitor all activity going in and out of your network. However, most handheld devices don’t have anything near the amount of security found at a typical workplace. This means that the device won’t be connected to the company firewall and security programs the second they leave the office. This can leave your data vulnerable if they plan to do work in a public place.
Lost Devices
One of the issues that comes with the convenience of mobile devices is the ability to lose them, a problem that had previously not been an issue with the physical workstations. When a device is lost, there is a chance that it could end up into the hands of someone who will use the data to gain something, such as money through extortion or valuable information. You’ll want to make sure that any device that carries sensitive information can be remotely wiped, and that they all have some fort of PIN or password for protection.
Malicious Software and Hackers
Since mobile devices don’t have as much security as your typical workstation, many lack the proper data encryption to keep all the information secure. This can often result in issues with hackers, who may lurk at public Wi-Fi spots to root out sensitive information. This also leaves the open to viruses, which are a major issue with BYOD policies. If an employee wants to bring their own device, you’ll want to make sure they understand the risk not only for your company, but for their personal lives as well.
Want to implement BYOD but you aren’t sure what security measure you will need to keep your company data away from prying eyes? Contact our Info Advantage today at (585) 254-8710 to learn more about how you can get technology to work for you.
These days you can’t go anywhere on the Internet without hearing about some sort of data breach. With cyber-attacks on the rise, many companies are trying a new approach to data security; proactive security plans. These plans focus on preventing data breaches, rather than reacting to an attack as it happens.
Understand the Threats
Knowledge is one of the most important tools used to fight against data breaches. Before you’re able to work towards creating a system that prevents cyber-attacks, you need to make sure that everyone involved knows what threats they are dealing with. Companies should take the time to review the different attack types that are common in their particular industry, and should have a meeting with whoever handles their IT at least twice a year to make sure they are up-to-date on the newest threats.
Map Out Your Protection
After you create your list of major attack types you want to look out for, you will need to map out your company’s technology environment to see how these attacks could threaten each individual piece. This includes any device that connects to the Internet, what services are currently protecting those devices, and the type of data they have access to. This will give you a better picture of what areas need more attention.
Create a Security Baseline
Once you get a better understanding of the current threats and how they apply to your IT environment, it’s time to create a baseline for your company security. This can be done by creating a variety of different real-life scenarios, and testing them out on your current network. This will help you to discover the strengths and weaknesses of your network.
Once you have your system mapped out, it’s time to implement your security plan. These plans will allow you to focus on preventing things that cause data leaks or downtime, rather than reacting to issues as they come along. This will lead to an increase of productivity and efficiency.
If you’re looking to buff up your security, don’t wait any longer! Call Info Advantage at (585) 254-8710 to speak to a security professional about how you can prevent potential cyber-attacks.
Tag Cloud
Mobile? Grab this Article