The aim of most hackers is to be discreet, but there’s almost always a tell-tale sign they’re at work. You just have to know what you’re looking for.

Damage limitation is an essential part of cyber-security and, accordingly, the sooner you realize you’ve been hacked, the sooner you can get to work on rectifying the issue. Establishing that you’ve been hacked, however, isn’t always straightforward. Hackers are well known for their stealthy attack strategies, and, in many cases, you’re unlikely to realize that you’ve been hacked. You may, instead, simply think that your network is experiencing technical problems, and that’s why you can’t access your files, or why your PCs performance has ground to a halt. But you also need to consider that you may have been hacked.

How Do You Know You’ve Been Hacked?

There are several clear giveaways that your organization’s digital defenses have been breached, and here are five of the most sure-fire ways to know you’ve been hacked:

  1. Your Files are Encrypted: your day-to-day IT activity will likely center around the regular usage of files e.g. Word documents and Excel spreadsheets. But what happens when you can’t access these? Firstly, your organization’s productivity will plummet and, secondly, it could indicate that you’ve been the victim of ransomware. If your files are encrypted and a message is received demanding a ransom fee to decrypt them, then you’ve been hacked.
  2. Unusual Network Activity: regular traffic patterns should be easily identifiable on your network logs, but anything unusual should be closely scrutinized. Modern hacking methods often find malware communicating with remote locations to transmit information or download further malware. Therefore, any unknown locations that are delivering or receiving data from your organization need to be investigated.
  3. Persistent Pop-Ups: there’s nothing more irritating than a pop-up window when you’re trying to work on something. But when these are regularly popping up, when they shouldn’t be, there’s a good chance you’ve been hacked. Often, these pop-ups will try to convince you to perform an action, such as downloading an anti-malware app due to an infection on your PC. These, of course, are fake and are simply a devious strategy to get you to download further malware on to your PC.
  4. People Ask You If You’ve Been Hacked: one of the most obvious signs that you’ve been hacked is when people start asking you if you’ve been hacked. And this is because malware often hijacks email accounts to help spread spam. As a result, people you know – who are listed in your email address book – will be receiving spam messages direct from your email account. Naturally, these unusual messages will ring alarm bells with the recipients, and they are likely to check in with you to confirm if your email account has been hacked.
  5. Your Credentials are Available Online: hackers like to make money by harvesting valuable login credentials, these can then be sold to other hackers who want to breach security measures and gain quick, unauthorized access to private networks. Thankfully, applications such as Google’s Password Manager can warn you when these credentials turn up in password dumps, this is a good sign to immediately change all your passwords.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Cloud storage and infrastructure is the way forwards for organizations due to the massive range of benefits it offers, but how secure is your cloud?

Security is the single most important factor when it comes to an organization’s IT operations, so it’s essential that it’s treated with the utmost attention. However, cloud networks are a relatively new platform and, as a result, the level of security knowledge behind these platforms is lacking compared to more traditional networks. Hackers, of course, are keen to this fact and invest substantial time and effort in uncovering security vulnerabilities that they can exploit. Combating this threat, therefore, is paramount to your organization’s security.

As I’ve already stated, cloud networks are a new phenomenon and the wider community generally isn’t as clued up on them as they perhaps should be. And this leads to common mistakes that can cost dearly. However, by taking a look at the biggest cloud security mistakes you can make, you can hopefully avoid them.

Multi-factor Authentication is Vital

Administrative accounts on cloud networks have significantly more privileges than your standard employee’s privileges. Mostly, this is down to the amount of IT knowledge required to carry out these system admin tasks. A non-IT employee simply doesn’t need these privileges. Accordingly, an administrative account is much more attractive to a hacker, so security needs to be tightened. Any cloud platform that understands security risks should have an option for multi-factor authentication, so make sure this is rigorously enforced for all administrative accounts.

Limit the Use of your Admin Account

The root account is the first account you create when you sign up with a cloud provider. It’s a highly privileged account as it contains access to every aspect of your cloud network. If this account is compromised then your entire cloud network is at the mercy of hackers. And this is why you need to limit usage on this account to only the most necessary tasks e.g. do not use the root account for general day to day tasks that put you more at risk of being infected by malware etc.

Check the Encryption Methods

Security moves at a rapid pace and the level of encryption that is now available on cloud networks such as TLS-based encryption is fantastic. Unfortunately, there are also plenty of cloud networks that still operate with less security encryption methods such as the SSL protocol. To minimize the risk of your cloud account becoming compromised, you need to investigate the encryption method used on your network. If it’s even slightly outdated, then it’s time to upgrade.

Restrict the Availability of Sensitive Information

The beauty of cloud storage is that it can be accessed from anywhere, so this opens up your data to a much larger audience if you grant them access to it. While this allows you to collaborate with other organizations and remote employees much more easily than ever before, it also puts your data at risk. Your organization needs to bear this in mind and access controls need to be thoroughly thought through to prevent sensitive data being accessed outside of your organization. Ensure that your employees are aware of the open nature of cloud networks when saving data to such public drives.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


2018 has been a year where malware, ransomware and data breaches have barely been out of the headlines, but what’s in store for cyber-security in 2019?

As long as there’s a digital landscape, hackers will continue to launch an array of attacks that take in numerous different techniques. And, most importantly, they will continue to evolve their methods to avoid detection and cause more damage to networks and the PCs on them. With this in mind, it’s perhaps the best time to take a look at the security trends which will be most important for your organizations defenses next year.

To help you get prepared for next year, we’re going take a look at some of the major security trends to look out for in 2019.

Backups will continue to be Crucial

With ransomware still remaining a prevalent and major threat to secure and essential data, backing up your data regularly and rigorously will be a vital task for all organizations. Backups may seem a costly affair in terms of budget and time, but it only takes one employee to fall victim to a ransomware scam for your entire network’s data to be compromised. And with new ransomware scams such as Zenis deleting backups, it’s essential that offsite and non-network backups are also held.

Coinminer Malware Remains a Threat

Cryptocurrency is still a lucrative business and mining for cryptocurrency continues to generate large amounts of cash. However, whilst this is perfectly legal and above board, the use of coinminer malware is far from legal or ethical. Due to the amount of processing power involved in mining for cryptocurrency, hackers are using malware to enslave PCs remotely and using their processor power to mine for cryptocurrencies. This form of malware has become harder to detect and more sophisticated throughout 2018, so expect it to evolve further in 2019.

The Hacking of IoT Devices will Increase

Close to 27 billion IoT devices will be connected in 2019 – an increase of nearly 3 billion compared to 2018 – so you can bet your bottom dollar that the number of attacks in this arena will increase accordingly. Unfortunately, many owners of IoT devices are still neglecting to change the default password to access these devices and this is giving hackers free rein to take control of them. Not only does the default password debacle remain an issue, but hackers are now designing malware to take advantage of vulnerabilities in IoT devices.

Security Training

Due to the threats already presented, security training will become paramount in 2019. As hackers evolve their methods of attack at a rapid pace, keeping your organization’s staff aware of these threats is one of the best forms of defense you can employ. Awareness training hammers home the basics of good security practices and you’ll find that these can also be used to combat the new threats which will no doubt go head to head with your security defenses.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Data backups are crucial when it comes to protecting your data; it’s even more important to ensure that your backups are kept secure and available.

For many people, having data backed up is enough. However, what they fail to understand is that a backup is not infallible. In fact, there are a whole range of issues that could affect the stability of a backup. And, if your organization is in the midst of a data disaster, the one factor above all else that you should be concentrating on is security. Your backup, after all, is your lifeline to resuming productivity, so it should be as secure as possible.

To get you started, we’re going to look at the five best ways to secure your backups:

  1. Password Protect Your Backups

At the very least, you have to make sure that your backups are password protected. While, yes, it’s possible for a password to be cracked, it still acts as a deterrent and guarantees some level of security. The stronger the password, of course, the more protection you provide to your backup, so make sure that it’s unique and contains a mixture of uppercase, lowercase characters and numbers.

  1. Restrict Backup Access Rights

The more people that have access to your backups, the more risk there is that they could be compromised or damaged. Therefore, you should only ever assign access rights to the backup software to those members of staff who genuinely need it. Nominating those with access in advance will help to not only protect your backups, but also ensure that restores are completed quickly if the need arises.

  1. Integrate Encryption

There’s every chance that your entire backup could be snatched in the case of a data disaster, so it’s vital that it’s protected. After all, your backup is likely to contain data pertaining to your customers/staff and this could be highly sensitive. However, by encrypting the data contained within your backup, you’re rendering it next to useless in the hands of external parties.  Along with password protection, it’s a simple yet highly effective layer of defense.

  1. Store Physical Backups in a Safe

Although we live in an age where cloud backups are grabbing all the headlines, it’s still important that physical backups are also maintained. These can include: DVDs, optical disks and data tapes. Naturally, due to the data contained on them, these storage methods represent a high security risk and can’t just be stored on a shelf. The best solution is to invest in a safe, but make sure it’s fireproof as high levels of heat can easily distort and damage physical storage devices.

  1. Log all Backups

Most backup software will log details of the backups carried out, but when it comes to working with physical backups it’s a little different. As your physical backups will be stored somewhere, there needs to be a logging process of what is going where. It’s very easy for a single DVD to go missing, but, with a logging system in place, you should discover this sooner rather than later.

For more ways to secure and optimize your business technology, contact your local IT professionals.

 

Read More


encryption

We invest so much time on our devices that we forget they contain some of our most sensitive information.  Here are 3 data encryption options to consider.

Encryption is a method of transforming your data into something that is illegible to anyone without a key. The key, often a long series of letters and numbers, is what returns your data back to its original state so you may access it again.

There are a number of methods for you to protect your sensitive information on your device.

Whole Disk Encryption

This type of encryption encrypts your entire drive and everything on it. You can encrypt any number of volumes or drives that are connected to your computer. If your hard drives are physically stolen out of your computer, the thieves wont be able to access them without the right key. This is good practice for businesses that keep their data locally on a server. If you happen to have the Enterprise version of Windows on your device then you have the built in Bitlocker software bundled with your OS for free that can encrypt all your drives. There are also free open source options for you if you do not have the right version of Windows.

veracrypt

A great free option is VeraCrypt, the spiritual successor to the wildly popular but now defunct TrueCrypt.

File Encryption

A drawback of whole disk encryption is that your device may take a slight performance hit for being entirely encrypted. For some that is not worth it if they only have a few files or folders to encrypt. If you often have to share your computer with family members or friends this is a great solution. This option lets you encrypt files and folders with just a few clicks. It puts a password on the folder in before allowing access to it. In most cases all you have to do is right click on the file or folder and press the encrypt button. You are then shown steps to follow to complete the encrypting process.

axcrypt

AxCrypt is a great free utility that seamlessly integrates with Windows so encrypting your folders are just a few clicks away.

Compression Encryption

This is very similar to file and folder encryption. It’s possible that most users who have come by a .zip or .rar file already software to see the file contents. What you may not know is that these programs can compress your file size and encrypt that file at the same time. They also seamlessly connect to windows explorer making it just a few clicks effort to encrypt and compress files.

7-zip_encryption

Popular compression software which supports encryption includes 7-zip and WinRAR.

Encrypting your sensitive information is good practice for anyone with critical or sensitive information. Once the device has been stolen or the data accessed by a third party, it’s too late.

For more ways to protect your sensitive business data, contact your local IT professionals.

Read More