Multifactor Authentication and Why You Need It

Security,
26
Apr 2016

19_MultifactorAuthentication_b2_l_v3

Many businesses are struggling to combat the increasing sophistication of hackers. However, the key to data security may lie in multifactor authentication.

When firms such as Apple are struggling to reduce the threat of hacks which spell disaster for their employees, it underlines the ease in which hackers can gain access to sensitive data. One way that you can put obstacles in the way of potential hackers is to implement multifactor authentication (MFA) into your business.

You may be wondering what MFA is, so let’s take a look!

The Basics of Multifactor Authentication

Whilst MFA may sound both a bit of a mouthful and incredibly technical, the truth is that it’s a simple concept. Whereas you may currently require your employees to log on to your system with a password, MFA takes it a little bit further.

What MFA demands is that at least two user credentials need to be combined to provide access. The credentials employed in MFA tend to center around the following categories:

  • Password – Yes, that’s right, the good old fashioned login/password combination still has a place in the 21st century!
  • Authentication Token – A small device which users carry such as a swipe card. Using this device will allow users to access your system.
  • Biometric Authentication – This is where things start to get really futuristic as it relates to forms of genetic verification e.g. retina scans and fingerprint recognition.

What’s Wrong with Just Passwords?

2015-12-29-1451425693-272677-Steal_password

Passwords have been in use with computers for as long as we can remember; we suspect that they will also continue to be here for some time. However, on their own, they represent a security risk.

The main problem with a reliance on passwords is that they have to be stored somewhere on a database. Immediately, this presents the threat of all your passwords being compromised if a hacker manages to access the database. And, as mentioned at the start of this article hackers are becoming very sophisticated.

It’s relatively simple for hackers to run software which attempts 1 billion passwords per second, so this demonstrates just how feeble a password on its own is. Therefore, integrating MFA is crucial for establishing a strong set of defenses against potential security attacks.

Benefits of Multifactor Authentication

multifactor

Let’s take a look through the benefits that MFA can bring to your business:

  • Physical credentials can’t be compromised by social engineering. Sure, it’s possible to get a password to someone’s bank account over the phone with a bit of trickery, but how are you going to talk someone out of their swipe card?
  • Hackers are instantly repelled by MFA as their time is better spent on less complex systems to break into.
  • MFA can be very cost effective if all it requires is for an employee to be sent an SMS message with a code.
  • There’s an increase in awareness of security breaches e.g. if an employee receives an SMS message advising that a login attempt has been made, but they haven’t tried to login, then they can alert your IT department.

Considering Multifactor Authentication?

If you’re trying to make your mind up on MFA then let us confirm the answer for you: it’s essential for your most important data and emails! Anything which creates a headache for hackers is an excellent deterrent and MFA achieves this effectively.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Email Phishing Scam Steals Snapchat Employees Data

Security, ,
19
Apr 2016

SNapchat620px

Phishing scams are well known within technology circles, but this doesn’t mean those in the tech industry are immune as Snapchat discovered in February.

Snapchat, for those of you who are not aware, is a social media app which allows users to send each other photos and videos with a limited viewing time. Once that time is up then the media disappears forever. It’s proved to be phenomenally successful and the company is estimated to be worth $20 billion.

However, even with the funds available to invest in state of the art cyber security, they still found themselves falling foul of a good old fashioned phishing scam. We are going to show you what happened in order to equip you with the knowledge needed to avoid a similar occurrence.

How Was Snapchat Hacked?

6357613873537576411298140331_snapchat-app_500-100224643-large.imgopt1000x70

The hack at Snapchat used a relatively simple phishing scam to gain access to sensitive employee data. The payroll department at Snapchat received an email which claimed to be from the company’s CEO requesting payroll information on employees. Unfortunately for the payroll department, this email was not genuine. It was a scam.

Not realizing the fraudulent nature of the email, an employee duly forwarded the required information to the hacker. The nature of the data disclosed has not been confirmed by Snapchat, but it’s suspected that it would include the following:

  • Bank details
  • Social security numbers
  • Salary information
  • Personal ID and addresses

Why Do People Still Fall for Phishing Scams?

Computer-Hacker

It may seem strange that such a master of modern technology can fall victim to such a simple phishing scam, but it’s by no means unthinkable. These scams have evolved over time to become more sophisticated and it’s often their simplicity which makes them so deceptive.

In the case of the email sent to Snapchat purporting to be from their CEO, it’s more than likely that it genuinely appeared to have been sent by the CEO. With even the most basic software, it’s possible to fake outgoing email addresses and, if I wanted, it wouldn’t be difficult for me to send an email apparently from bill.gates@microsoft.com

And although this particular Snapchat employee was left thinking “I should have known better”, they most likely thought they were being a helpful employee and were keen to impress their CEO. However, it’s this type of tempting payoff which makes phishing scams so hard to resist.

The Aftermath of the Scam

To Snapchat’s credit, they responded fairly quickly and within four hours they had managed to confirm this was an isolated attack. A report was filed with the FBI and employees affected by the scam were offered two years’ worth of identity theft insurance and monitoring. More importantly, Snapchat underlined their determination to increase the intensity of their security training within the next few weeks.

Snapchat’s case highlights just how vulnerable even multibillion dollar corporations can be when confronted with even the simplest hacks. The importance of good quality security training which focuses on even the most intricate details of phishing scams is paramount to ensure yours and your customer’s data.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Samsung Deliver a Huge 16TB Solid State Drive

hardware,
12
Apr 2016

Samsung-PM1633A

You can never have enough storage on your PCs, so that’s why Samsung has now released a 16TB solid state drive (SSD) which is being called the biggest ever.

Samsung has decided that it’s time to solve all your storage issues with an integral SSD rather than investing in finicky cloud storage systems. The SSD – entitled PM1633a – has the business sector in its sights and is an impressive sign of intent by Samsung.

The PM1633a has such high density storage that it’s currently unparalleled in the PC market. It’s an exciting opportunity for businesses to get involved with premium storage, so it’s time you found out a little more.

What is the PM1633a?

SSDs are a relatively new form of storage system which has evolved from the traditional hard disk drive (HDD). The main benefit of SSDs over their HDD counterparts is the all important factor of speed. Whereas a HDD relies of mechanical parts to operate (hence all the whirring sounds), an SSD operates via flash memory, so is much faster and quieter.

Despite this edge in terms of speed, SSDs have traditionally been unable to match the huge amounts of storage real estate that HDDs have been capable of. However, Samsung’s PM1633a potentially signals the beginning of an era of dominance for SSDs by racing past HDDs.

The All Important Specs

ssd_hdd

The largest SSD storage capabilities currently available are around 8 – 10TB in size, but, in order to make a huge statement, Samsung has gone for 16TB with the PM1633a. This is close to double anything else currently available in the SSD market, but how has Samsung managed this?

In order to achieve such high storage, Samsung has really had to re-design the wheel. In the case of the PM1633a, Samsung has integrated their new 256GB V-NAND flash which has been stacked up in 48 layers. For comparison, Samsung’s previous foray into high storage SSDs was comprised of only 36 layers.

These figures are very impressive, but what exactly does it mean in terms of performance?

What Will The PM1633a Do For You?

DSC_1048

Samsung’s new SSD will, rather obviously, provide huge amounts of storage for your business, but its magnificent benefits do not stop there. It will also provide the following:

  • A staggering 2 million input/output operations per second (IOPS). This is in stark contrast to the current average of 90,000 IOPS in SSDs. The higher the IOPS, the quicker you can save and access large files without your system grinding to a halt.
  • There is a high level of data protection on offer with the added bonus of a data restoration tool to protect against temporary blackouts and power issues.
  • The ability to write a total of 15.36TB of data every single day, so this is very attractive to businesses which process large amounts of data.

Is Samsung onto a Winner?

Samsung has predicted that there will be a huge demand for ultra-high storage and, when you take a look at the PM1633a’s specs, it’s difficult to argue against this.

The crucial difference with the PM1633a is not that it’s merely a behemoth of storage, it also promises to enhance your business operations by making PCs more productive. The smart money, therefore, is currently on Samsung to deliver a market leader in SSDs.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Ransomware Locky Holds Your Data Hostage

Security,
05
Apr 2016

Computer virus.

Reports of a rise in ransomware trojans have seen further evidence in the form of ‘Locky’ which encrypts user data and demands payment to decrypt it.

Gathering data content, be it blog articles or customer databases, is a time consuming affair, so there’s a real sense of relief when it’s finally collated and finished. However, can you imagine how frustrating it would be to have this data suddenly encrypted by a third party? And how annoyed would you be if this third party then started demanding payment to release it?

You’d be VERY frustrated and VERY annoyed!

Locky – which is being distributed by infected MS Word files – is causing all manner of trouble to businesses at present, so it’s time you learned a little more about it to avoid getting a ransom note demanding $10,000!

What is Locky?

Ransomware does exactly what is says on the tin, it’s software which demands a ransom. Locky is a relatively new form of ransomware which, when activated, converts a long list of file extensions to a seemingly locked extension type named .locky e.g. a .jpeg extension will be converted to a .locky extension.

The problem is that the only way you can decrypt these .locky files is by purchasing a ‘decryption key’ online from the perpetrators. Now, you may be thinking that an online payment surely leaves a trail to the cyber criminals behind the ransom. Unfortunately, these hackers only accept payment through bitcoin – an untraceable online currency.

Ransoms as high as $17,000 are reported to have been paid to restore access to data, so it’s crucial you know what the warning signs of Locky are.

How Do You Get Infected By Locky?

virus-infected-word-file

Hackers are taking advantage of the ubiquity of Microsoft Office in our working lives to target victims with Locky. Emails are sent containing an MS Word attachment titled “Troj/DocDL-BCF” and the chaos it releases unfolds thusly:

  • Users open the file to discover it’s full of nonsensical text and symbols
  • A prompt encourages users to enable macros if “data encoding is incorrect” which, when presented with garbled text and symbols, would seem the right thing to do
  • If macros are enabled then this runs software which saves a file to the hard drive and then executes it
  • This file then downloads a final piece of software – Locky
  • Once Locky is downloaded to the system it starts scrambling files to the .locky extension
  • Locky then changes your desktop wallpaper to one of a ransom note detailing how to pay the decryption ransom

How to Protect Yourself From Locky

 virus-protection-services-melbourne-transit-data-about-us

Naturally, the best way to avoid getting infected with ransomware like Locky is to avoid all dubious email attachments.  However, there are a couple of other tips to help protect yourself:

  • Try installing Microsoft Office viewers which allow users to view documents without actually opening them in Office applications and prevents viruses from executing
  • Always install the latest updates for Microsoft Office to ensure any back doors are patched to keep your system protected

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More