The Best Security Settings for a Business Router

business router, Ophtek, Password Security, Security, Security Threats, , , ,
19
Nov 2019

A business router can help support your entire workforce and customer base, so keeping it secure is crucial. But how do you make sure it’s extra safe?

Small to medium businesses need computer networks to stay connected. They can be used to share resources, engage with customers and store valuable data. And a business router represents one of the simplest and most effective ways to achieve this. But the benefits associated with routers are also highly attractive to hackers. Therefore, keeping ahead of these hackers and securing your router should be a paramount concern.

The good news is that protecting your router isn’t rocket science. And, to help you get started, we’re going to show you the best security settings for a business router.

The Best Settings for Staying Secure

There are many ways to secure your router with some being simple and some being considerably more complex. Thankfully, to protect you from any technical headaches, we’re going to look at the simplest, but most effective settings:

  • Use Unique Passwords: Most routers come with a default password and this poses a major security risk to your router. If an external party discovers the model of router your organization is using then they are one step closer to cracking your password. But it doesn’t have to be this dangerous. Instead, you can set a unique password which is close to impossible to crack. 
  • Change Your Network Name: It’s common for routers to use a default network name such as NetgearWiFi and, while this may seem of little significance, it’s yet another way in which hackers can gather details about your router. So, for example, if a vulnerability emerges that affects Netgear routers then a hacker would know how to strike your router. To reduce this risk you should change your network name to something that contains no identifying data. 
  • Analyze Event Logs: By switching on the ‘event logging’ feature within your router you can start analyzing any changes that are made to your router. Logs are routinely saved which will highlight any unusual configuration changes or activity going through your router. And, with this data to hand, you can get a clearer idea of whether any unauthorized access to your router has taken place. 
  • Limit Access: There are going to be very few people who need to access your business router. After all, the majority of your staff will be able to complete their daily IT tasks without needing access. And the less people that have access the better. The only people who need direct access should be your in-house IT team, so make sure that your router is correctly configured to facilitate this.

Final Thoughts

There are a number of ways that you can protect your business router and, as you can see, they are simple, but effective techniques. Even the smallest level of protection is enough to deter hackers, so if you can implement these methods then you should find that your router is safer than ever.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Best Ways to Create a Unique Password

Ophtek, Password Security, Security, Security Threats, ,
12
Nov 2019

We use passwords for so many different services and websites that we often resort to using the same password. But this approach is very dangerous.

Think about it for a second. If your one and only password is compromised then every account you use is at risk. This includes your business email, social media accounts and any in-house software your organization uses. And this constitutes a lot of sensitive data. Therefore, the one-password-fits-all approach is a tightrope we don’t recommend traversing.

But creating a password is tough. And remembering it is even more difficult. Especially, as discussed, when you need to remember so many on a daily basis. Sure, you could write them all down, but this in itself is a major security risk. And what if you lose the piece of paper? So, you need a number of password strategies that help you create a unique password every time.

Creating Unique Passwords You Can Remember

For a password to stand out it needs to be memorable. And, for it to remain secure, it needs to be hard to crack. That’s why using your name and date of birth, such as johndoe110275, makes for such a poor password. It may be memorable to you, but it also contains details that are easy to obtain. Instead, you need to get a little more creative.

Acronyms are one of the simplest ways to get creative with your passwords. For example, if you want a unique password for your business emails then you could come up with a phrase such as “I need my business emails on a day to day basis at all times” which, in turn, could form the acronym ‘Inmbeoad2db@at”. It’s a password which is difficult to crack, but also one that’s easy to remember for the creator.

An alternative to acronyms, and equally successful, is the use of passwords which appear similar, but are customized depending on where they are used. So, for example, you could start with a basic template of ‘Alway$_SITENAME_f0rme’ that you adapt for each different account you need to log into e.g. ‘Alway$_Linkedin_f0rme’ or ‘Alway$_Outlook_f0rme’.  This method allows you to memorize a fairly simple foundation for your passwords and then complete the blank with ease each time you need to access that website or app.

Finally, one of the easiest and quickest methods for creating unique passwords is by investing in a password manager. But what is a password manager? Well, rather than assigning the role of password manager to yourself you delegate it to an app. The password manager can not only create randomized passwords that are difficult to crack, but they also act as a digital storage safe. As a result, the pain of both creating and remembering your password for each and every service is significantly reduced.

Final Thoughts

By using proven methods and tapping in to your natural creativity it’s possible to create a unique password for every account you use. Remembering all of these passwords is also a lot easier than you think. But, even if you do struggle to remember them, help is at hand in the form of password managers. So, there really is no excuse for compromising your accounts by recycling the same old password across every account.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How to Identify Fake and Scam Websites

fake websites, Hacking, malicious code, malicious websites, malware, Ophtek, scam websites, , , , ,
05
Nov 2019

We use the internet on a daily basis and visit countless websites along the way. But they’re not always the real deal. And sometimes they can be malicious.

The internet is a wonderful place and the websites that make it up can make a real difference to your business. Sadly, this opportunity is often subverted by criminals and hackers to be much more dangerous.  And, with each new step the internet takes, there are even more chances for these criminals to take advantage of. For example, online payment sites such as PayPal have allowed businesses to work closely with their customers to deliver hassle free payment methods. But, with a financial element at play, these sites have been heavily targeted.

Hackers have developed sophisticated techniques for setting up fake and scam websites, so it’s difficult to identify these fraudulent sites. However, by learning a little more about these techniques you can learn how to identify fake and scam websites.

What Do You Need to Look Out For?

There are a number of tell-tale signs adopted by fake and scam websites, so make sure you take note of the following when browsing online:

  • Always Check the URL: The address bar of your browser is one of the most important tools at your disposal when trying to identifying a fake website. The URL listed in the address bar may look genuine, but it’s crucial that you always look a little closer. A URL may read, for example, bankofamerica.com.authorization-process.com and look genuine due to the first part of the URL. But, on this occasion, bankofamerica.com is only acting as the sub-domain. The domain that you have actually visited is authorization-process.com. 
  • Secure Connections: You should only ever visit websites that have secure connections. This security is indicated by either a HTTPS prefix on a URL or the presence of a padlock image next to the URL. Without these indicators then the connection will be unsecured and your data can easily be viewed. Naturally, a genuine website will always deliver these security indicators, so if these are not present then leave the website immediately. 
  • Search Out Trust Seals: Websites that are secure pride themselves on this achievement. And this hard work is rewarded in the form of trust seals which can take the form of Google Trusted Store, Norton Secured and GeoTrust logos. A website with these, and similar, logos is trustworthy. But it’s very easy for a hacker to copy one of these logos on to any website they want. Thankfully, most trust seals can be clicked on to display verified certificate information. If this does not appear then assume that the trust seals are faked. 
  • Check the Grammar: A genuine website will have been written and proofread by professionals. But a fake website will often be designed in a rush and by people whose first language is not English. And the result is a website full of spelling mistakes. So, if you believe you’re on PayPal, but see it mistakenly spelled as PayPal then you can rest assured you’re not on the genuine site. 
  • Too Many Ads: Online ads are part and parcel of life now. But sometimes it may seem as though there are too many on a website. And this is the calling card of a fake or scam website. The excess adverts popping up are often malicious in themselves, so if you experience more than two when loading up a new page you should tread carefully and begin analyzing the web page further.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Healthcare Data Leak: The Cloud is still Not Secure

Cloud, Cloud Backup, Cloud Storage, Ophtek, Password Security, Security, Security Threats, , , , ,
29
Oct 2019

Is the Cloud Secure?

Cloud computing is seen as the future of IT, but concerns regarding its security remain. A case in point is the Freedom Healthcare Staffing leak.

Compromised data is always associated with various dangers and problems, but these are always magnified when the data at risk is personal. And the employees of Freedom Healthcare Staffing (FHS) now know what this feels like. Around 957,000 private records were found to be readily available to anyone with an internet connection. These records included drug test records, recruitment details and in-house communications among more technical networking details. Not only were these records available, but the opportunity to edit and delete this data was also an option.

As more and more organizations are moving towards cloud computing, it’s important to understand where FHS went wrong. Let’s see what we can find out.

What Happened with FHS?

The unsecured data at FHS was compromised for one reason and one reason only: negligence. The folder, which contained close to a million records, was on a publicly available drive and had no password protection. Therefore any web browser, such as Chrome or Firefox, could access the data without providing any administration credentials. To make matters worse, the technical data that was visible in this folder provided an opportunity for hackers to delve even deeper into the FHS network. After a security researcher from Security Discovery analyzed this compromised database they informed FHS and all records were quickly secured.

 

Why is Cloud Security So Lax?

Cloud storage is a relatively recent development in IT, so it should come as no surprise that there are teething problems with the technology. But this doesn’t mean data should be left unsecured. Unfortunately, many consumers feel as though the responsibility of their data security should lie purely with the cloud provider. This approach, as FHS discovered, can be highly dangerous. You only have to take a look at the attacks taking place on cloud based data to understand why.

Organizations need to adopt a shared responsibility mindset in order to protect their cloud. And this should incorporate the following:

Enhanced knowledge will, with time, allow us to understand the limitations of cloud security, but as FHS discovered it’s important to take a proactive approach immediately.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Reductor Malware Brings a New Threat to Data Security

Data Security, Internet, malware, Ophtek, Security, , , ,
22
Oct 2019

Each time that malware evolves it becomes more dangerous. And our data becomes less secure. A case in point is the Reductor malware.

We’re used to malware being used to download malicious files and open up remote access to infected PCs, but Reductor is different. It’s new and it does things differently. And it’s this unfamiliarity which makes it all the more dangerous. Focusing its target on web traffic, Reductor brings a new threat to data security. Combating it is crucial, but to do this you need to understand how Reductor works.

It’s not easy to understand how a new piece of malware operates, so let’s drill down into its core and see what we can discover.

The Basics behind Reductor

Reductor, which has only recently been uncovered by Kaspersky, is a sophisticated piece of malware. Its main objective is to compromise encrypted web traffic. But what does this mean? And how does Reductor achieve this? Well, when a website is secure it will use Hypertext Transfer Protocol Secure (HTTPS) to securely transmit data. And this allows sensitive data such as login and credit card details to be encrypted into nonsensical code. Anyone attempting to view this encrypted data will be unable to make use of it.

But Reductor allows hackers to view all of this sensitive data before it’s encrypted. It does this by compromising the Transport Layer Security (TLS) and manipulating the associated security certificates. Reductor also patches the pseudo random number generator (PRNG) to establish how the corresponding data will be encrypted. It’s then possible to decrypt any resulting data with ease. And, despite all this activity taking place, the web traffic does not exhibit any signs of having been altered. Therefore, Reductor is unlikely to arouse the suspicious of any infected users.

Staying Safe from Reductor

Web traffic contains such an immense amount of data that concealing it from prying eyes is crucial. Reductor aims to remove these barriers and exploit as much data as it can. But you can protect yourself by taking note of the following:

  • Run any downloaded files through anti-malware software to limit the risk of executing carefully concealed malware.

Thankfully, following the discovery of Reductor, the majority of anti-malware manufacturers now offer protection against Reductor and the ability to block it.

Final Thoughts

Privacy concerns have become a major issue over the last decade with malware being at the forefront of this rise. And Reductor is only going to fan these flames further. It’s likely that malware will evolve into something even more sophisticated over the next couple of years, so it’s important to take note of any developments in malware. As ever, proceed with caution online and, most importantly, if something looks suspicious do not click it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2 3 4 11