opendns_umbrella

OpenDNS not only blocks malware, botnets and phishing but also detects and contains advanced attacks before they can cause damage. But how does it work?

How does OpenDNS Umbrella work?

OpenDNS is a cloud-delivered network security service that proactively protects users from advanced malware, botnets and phishing attacks. Unlike reactive signature-based tools, OpenDNS leverages big data analytics and real-time algorithmic learning machines processing over one million events per second. This 2% cross section of the world’s Internet activity enables OpenDNS to predict and prevent attacks. It protects users on- and off-network, across any port, protocol, or app. And because Umbrella is delivered via the cloud, it is lightning-fast and easily scalable.

howitworks

Predictive intelligence to proactively protect your employees: OpenDNS is powered bypredictive intelligence, which means that we identify malicious places on the Internetand prevent your employees from visiting them, so that they don’t get infected withmalware.
Maintain acceptable use & compliance: filter up to 60 content categories and domain-specific whitelists & blacklists, so you can manage where any corporate-owned assetgoes whether on- or off-network.

For more ways to secure your business networks, contact your local IT professionals.

Read More


password-security

Passwords can easily be hacked and this seems to be happening more and more often, so understanding how to secure your passwords is vital.

Although passwords have come in for a lot of criticism recently, they still have a place in the security arsenal of all businesses. This is why it’s crucial that you don’t underestimate their potential for letting a hacker in the back door.

Aside from using a password manager, it’s actually surprisingly simple to keep your passwords secure, but you’d be surprised by just how many people fail to protect them. And, when this happens, you get hacked!

Let’s take a look at 7 security tips to help keep your passwords secure.

1. Don’t Advertise It!

Yes, that’s right, you have to keep your password secret or it defeats the point of a password! Don’t tell work colleagues what it is and don’t write it down on a post-it note!

2. Different Passwords for Different Accounts

It may seem simpler to use one password across multiple accounts, but this actually puts you at a huge risk of losing all your data. If, for example, a hacker gains access to your email password, their next step will be to try that password in every piece of software you log into.

However, by using different passwords across different accounts, you minimize just how catastrophic the theft of a password can be.

3. Combination Passwords

You should always make sure that you use a combination of letters, numbers and symbols to create your passwords. By using a mixture of these characters you’re ensuring that standard words from dictionary lists will be useless when trying to hack a password by brute force e.g. antarctica will be in a dictionary list, but antarctica247! most definitely will not be!

4. Don’t Make it Personal

It’s very common for people to use their personal details as the basis for their password e.g. name, date of birth, hometown information. However, although this is personal to you, it’s also very easy for hackers to research. And that’s why you need to give the hackers something harder to think about.

5. Longer Passwords are Better

4bf6f12437012926be9455d8b7fdd116

Hackers are able to employ software which uses brute force to check around 2 billion password combinations in one second. And, when you consider that a 6 letter password has just over 3 billion possible combinations, you can see that longer passwords offer more protection e.g using 8 letters produces a possible 208 billion combinations!

6. Regularly Update Passwords

Complacency is the biggest threat to your password’s security. Sure, you may have a password with no personal links and it’s 23 characters long, but give a hacker enough time and they’ll crack it. That’s why you need to regularly change your passwords to make sure that you keep resetting the progress of potential hackers.

7. Enter your Password Discreetly

Always make sure that no one is watching your fingers fly across the keyboard as you enter your password. Okay, no one wants to accuse their co-workers of any bad intentions, but insider threats to data security are a real thing, so always make sure enter your password safely.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Hand pushing virtual security button on digital background

The number of threats to your business IT network seem to increase on a daily basis, so it’s important that you know how to keep your network secure.

Although it’s difficult to maintain security – just ask Hilary Clinton – there are a wide range of preventative steps you can take to help put up the barricades against cyber attacks.

And, in order to help you stay as secure as possible, I’m going to share 4 tips to secure your business IT network.

1. Conceal Your SSID

Wireless networks are an essential for most businesses, but they also act as an attractive opportunity for hackers to gain access to all your data. And, if a hacker is targeting your business in particular, you don’t want to give them a head start.

That’s why you need to change your service set identified (SSID). An SSID is the name given to your router to identify it e.g. a company called Bob’s Paperhouse may rename their router to Bob’s Paperhouse to single it out from multiple wireless networks in the same location.

However, it also publicly advertises exactly whose network this is and presents a security risk. Instead, I would always recommend a less obvious SSID such as ‘wireless123’ and only disclose this information to individuals who need to access the network.

2. Control Install Privileges

The average employee knows very little about the intricacies of network security, so their judgment, in this respect, can present many potential security risks.

In particular, they may not be able to identify what represents an unsafe link and what doesn’t. And the end result of this can see employees installing what appears to be an essential software update, but is actually a piece of malware disguised as a legitimate update.

Although it may seem as though you don’t trust your employees, you need to employ a policy which restricts install privileges to a few individuals who can evaluate the risks safely. This helps to eliminate the risk of poor judgment from your employees.

3. Set up a Virtual Private Network

Enable-VPN-on-Kali-Linux-blackMORE-Ops-0

A virtual private network (VPN) should be a priority for any business which has external employees accessing the company network.

Sure, these employees can take advantage of free wifi hotspots when they’re out and about, but these networks are notoriously unsecure. With a VPN, however, you can start to take back control of your security.

A VPN helps to create an encrypted connection between external devices such as laptops using a public wifi connection and your business network. This protects not only your device, but also reduces any back door access into your business network.

4. Install a Firewall

firewall_man

It may seem simple, but a firewall remains a strong contender for being the best method of protecting your company network. After all, what’s a hacker going to be more interested in hacking – a network with no firewall or a network with a firewall? You don’t need me to tell you the answer to this!

Firewalls act as a keen set of eyes to identify all traffic accessing or trying to access your network, so they’re a crucial first line of defense against any rogue visitors. They can also identify suspicious files which are placed in quarantine where they can be reviewed, so this multi-targeted approach can really pay dividends for your network security.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


phishingPhishing emails represent a huge risk to your business’ data security, so it’s crucial that you can identify the unmistakable signs of a phishing email.

Data released by the Anti-Phishing Working Group has revealed a huge spike in phishing websites of 250% in Q1 2016. This represents a concerted effort by hackers to target unsuspecting computer users through a relatively old method of cyber-crime.

However, you don’t have to fall foul of the hackers’ attempts to extract sensitive data out of you. And if you follow my 5 ways to spot a phishing email you should be safer than ever!

1. Asks for Personal Information

xphishing-example-6.png.pagespeed.ic.HAQkjzgBUe

A legitimate email will never ask you to disclose personal information, but a phishing email will, literally, be fishing for this information. For example, your bank will never email you and request your online banking details for ‘verification’ purposes.

Your bank wouldn’t need to verify this as they would already have the definitive details on their database, but you would be surprised by how many people fall for this scam.

2. Spelling Mistakes

Big brands take their marketing very seriously, so any emails released by them will have been crafted by people who know how to write. And, more importantly, they’ll know how to spell!

Hackers, on the other hand, aren’t well known for their dedication to spelling and grammar. That’s why their phishing emails are littered with spelling mistakes. If you pick up on at least one spelling mistake, then that’s enough to start treading carefully.

3. Mismatched Links

Amazon-Customers-Tricked-with-Ticket-Verification-Number-Phishing-Email-473445-2

In order to drive you towards phishing websites (which can install malware and steal data from you), hackers need to trick you into clicking their links. Now, a quirk of web design is that your link can say something like bankofamerica.com but the coding behind this link will actually send you somewhere else.

And the best way to test a link is to simply hover your mouse cursor over the link, a small preview window of the actual link will then appear and you can judge whether this is genuine or not.

4. Misleading Display Names

nigerian-prince

Phishing emails attempt to gain your trust by spoofing the sender’s display name, so you need to be vigilant that you don’t take this at face value. Many pieces of email software will, by default, only show the sender’s display name in your inbox.

And this display name can be changed to anything the hacker wants. For example, if you receive an email which has a display name of ‘Microsoft Security Team’ it doesn’t mean the email has actually been sent by the Microsoft Security Team!

When you look a little closer at the email, you’ll discover that the email address it has been sent from isn’t a genuine Microsoft one, so it’s time to delete that email!

5. Threatening Content

Many hackers hope to intimidate email recipients in order to deceive them into clicking their links or downloading their attachments. It may be that they claim they’re from a government agency such as the FBI and that they’re accusing you of illegal activity.

With this fear in mind, many users feel as though they have to comply with the email’s demands, especially when it’s accompanied by official logos and signatures. However, no matter what you think of the government, they are not going to send you threatening emails which demand money, so please feel confident in deleting these!

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


_90722534_gettyimages-482017518

In order to avoid being detected and cause maximum damage, hackers are constantly enhancing their tools and the Project Sauron malware sets a new high.

An enigmatic piece of software, no one has been able to identify who designed Project Sauron and this underlines its sophistication. However, it’s such a complex piece of coding that researchers believe it must have originated from the hands of a top level organization.

The malware has been discovered on computers in locations such as Iran, Russia and China, so there are murmurings of the US government having an involvement and this wouldn’t be the first time. At present, however, the true creator is unknown.

Malware is ever evolving, though, and there’s no saying that Project Sauron won’t have its targets realigned at the US in the future, so let’s take a look at exactly what it does.

What is Project Sauron?

internet-explorer-zero-day

Referred to, in the trade, as an Advanced Persistent Threat, Project Sauron is an intricate piece of malware with a keen emphasis on espionage. And Project Sauron is so clever at disguising itself as an array of standard Microsoft files that it has gone undetected for up to five years.

Project Sauron is particularly sophisticated and effective as it utilizes the following features:

  • Targets PC’s memory without infecting the hard drive to aid its concealment
  • Unknown operating system functions help to facilitate persistent attack techniques
  • Project Sauron can spread through networks by exploiting legitimate software distribution channels

It’s these novel approaches to hacking that has allowed Project Sauron to infiltrate multiple government organizations around the world, but what exactly does it do?

Project Sauron’s Hidden Threat

022315-detect-malware-1-100569113-gallery.idge

Project Sauron is packed full of technical threats and carries these out on a maximum stealth setting. In particular, the malware focuses on the following areas:

  • Through the use of a back door exploit, Project Sauron allows the hackers to spy on password filter systems to harvest network passwords and gain widespread access
  • Once the infection has taken hold, Project Sauron can steal files and transmit them back to the source of the malware
  • Project Sauron can steal encryption keys to help ensure that a network is compromised to its maximum level
  • In extreme cases, Project Sauron can infect USB drives to help facilitate the infection of ‘air-gapped’ computers which are not connected to the network

Due to its ambitious nature and complex build, Project Sauron has been able to stealthily operate in the background for several years; it’s this long term nature of the attack which is particularly troubling as it means that huge swathes of data have been compromised in this time.

Final Thoughts

 Project Sauron sure is an advanced threat and one that even the experts are struggling to deal with. As ever, though, the best way to protect your business from malware attacks such as Project Sauron is to practice caution when dealing with data coming into your network.

However, when you consider the possible perpetrators behind Project Sauron, you do begin to wonder just how secure your data can be. By paying attention to the basics of good cyber security, though, you’re providing yourself with the best level of defense to protect your business.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More