Make Sure Your Software is Updated and Secure

Ophtek, Security, Security Threats, Software, Software Security Patches, Updates, , , ,
14
Apr 2020

It’s vital, if you want your PC to remain safe and secure, to install all software updates and patches. The alternative is, of course, that you get hacked.

Now, no one wants their PC to get hacked. The fallout from such a scenario can only spell disaster for a business. We’re talking stolen data, disrupted IT operations, financial damage and a major drop in productivity. And no one wants that. Certainly not a business and certainly not their customers. But hacking is a major threat in today’s digital workplace. In the first half of 2019 alone, a total of 4.1 billion records were compromised. It’s a figure which is clearly huge, but it’s also one that could be significantly reduced if organizations updated their software regularly.

So, to help you keep your software updated, we’re going to run through the basics of updating and securing your software.

What are Software Updates?

It’s difficult to create a flawless piece of software. The complexity of coding means that, even when developers feel their application is finished, it’s likely that minor problems will remain. And, in most cases, the only impact of these errors will be felt in the application’s functionality. However, on occasion, these minor flaws can represent major security issues. Hackers, if they are to be commended on anything, are highly persistent. And, if they can find a vulnerability in a piece of software, you can rest assured that they will exploit it.

This is why software updates and patches are crucial. The most common update that most PC users will encounter is an operating system update. These are regularly released by developers in order to counter security issues which have been discovered. These updates, in their simplest terms, patch the software. Following the patch process, your operating system will be considered more secure and functional. Unfortunately, many organizations are either too busy to worry about updates or they fail to understand their importance. And that’s why you need to know the best ways to keep your software updated.

How Do You Update Your Software?

Updating software on a PC is straightforward and simple, but only if you know how. Therefore, it’s important that you practice the following:

  • Allow Automatic Updates: The sheer number of updates that are required for multiple applications is mind-boggling. And the time taken to action these updates is significant. But, with this in mind, most pieces of software allow you to select an automatic update option. This takes the pain out of authorizing and conducting every new update and patch. The setting is most commonly found in the updates section of an application’s control panel. 
  • Visit Developer’s Websites: It’s good practice to regularly visit the websites of developers to make sure you’re working with the latest updates. Adobe Flash Player and JavaPress, for example, can both be verified by visiting their respective websites. The relevant software is quickly analyzed to determine which version it is. And, if any updates are outstanding, the user will be prompted to install these or upgrade to a new version. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Government Websites Compromised in Armenia

anti malware, Cyber Attack, Cyber Security, Hackers, malicious websites, Plugins, Security Threats, , , ,
07
Apr 2020

You would like to think that governments know a thing or two about cyber security. But a recent hack in Armenia has proved otherwise.

European security experts ESET have confirmed that numerous websites belonging to the Armenian government have been targeted and compromised by hackers.   The compromised websites have been infected with malware and pose a nasty security risk to visitors. It’s suspected that the hackers behind this attack are Turla, a Russian hacking group.

We’ve discussed malicious websites before, but this latest attack is a little different. Therefore, it’s crucial that you understand the unique methods behind the infection.

What’s the Story?

The suspected hackers have targeted several websites that come under the control of the Armenian government, but the same fingerprints have also been found on a few non-government websites. Regardless of which website is infected, the methods employed are the same. However, where this attack differs from normal is its selective nature. Rather than attacking every visitor that accesses the infected websites, the malware only targets high-ranking visitors. So, for example, a civilian visitor is likely to remain uninfected, but a government official will not be so lucky.

It’s intriguing that the malware is only interested in high-ranking officials and indicates that there could be a political angle to the attack. Speculation aside, what is known for certain is how the attack unfolds. Once a visitor has been established as ‘high-value’ a command-and-control server generates a malicious JavaScript code. This code is used to deliver a popup window prompting the user to download a Flash update. But while this does, in fact, install a genuine version of Flash, it also contains PyFlash. And this backdoor application allows hackers to gain full access to the infected PC.

How Do You Protect Yourself?

Naturally, the security risk of compromised government PCs is considered high. And, while it is unlikely to affect smaller organizations at present, the selective nature of the attack is troubling. Therefore, it’s important that you safeguard your business against similar attacks. This can be achieved by following these best practices:

  • Use Website Filters: One of the best ways to protect your organization from infected websites is by integrating website filters into your IT setup. These filters are backed up by huge databases, which are regularly updated, and will prevent your users from accessing websites considered a security risk. 
  • Prevent Software Installation: The majority of applications that your employees will want to install are likely to be genuine and safe. But, as with fake Flash updates, this is not always the case. And this is why it makes sense to enforce a complete blanket ban on unauthorized installs. Accordingly, any install requests should be submitted to an IT professional who can evaluate the risk of each proposition.
  • Block Popup Adverts: It’s rare that any PC user welcomes the appearance of a popup advert. And, with the risk of malicious popups so prevalent, it’s the last thing that an IT professional wants to see as well. Therefore, it makes sense to minimize this risk by installing a popup blocker. Not only will this reduce the risk of malware being installed, but it will also provide your PC users with an enhanced experience.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

5 Ways to Improve Your IT Efficiency

communication, IT Efficiency, Office IT, Ophtek, , , , ,
17
Mar 2020

Using the power of IT is one of the surest ways to enhance your productivity. But there’s a good chance that there’s still room for improvement.

It’s likely that IT already has a major presence in your organization. You may even feel as though you’re already operating at a high level. And, no doubt, you are. But technology advances at a rapid pace. And it’s plentiful. Therefore, it’s very easy to miss a new product or a new tip. However, it’s these missed opportunities which could give you a competitive edge. And that’s what every business strives for.

How to Improve Your IT Efficiency

It’s important to have a strategy in every aspect of your organization. And IT is no different. In fact, the demands of modern business make it a priority. So, to help you maximize your IT operations, we’re going to share 5 ways to improve your IT efficiency:

  1. Employee Training: As we’ve already touched upon, technology advances quickly. And it’s this progressive nature which can leave employees trailing behind. As a result, your productivity can take a major knock. But it doesn’t have to be like this. Your employees are your most valuable asset, so you need to respect this. And the best way to achieve this is with regular IT training. Work with them to identify any relevant gaps in knowledge and then arrange group training. 
  1. Improve Communication: Time is money in the world of business, so it’s critical that you make savings where possible. And IT is the master of time-saving solutions, particularly when it comes to communication. One of the simplest ways to improve IT efficiency is by adopting an internal communication platform. These platforms, which include Skype and Google Hangouts, allow employees to chat, share documents and collaborate. And all without leaving their desks. 
  1. Enhance Your Security: It’s always important to value security in the world of IT, but not enough organizations take it seriously. And this puts them at risk of significant threats such as ransomware and data breaches. This is why it’s crucial that you enhance your security. Simple steps such as increasing the strength of passwords and securing your hardware can improve your security no end. 
  1. Embrace Remote Working: The rise of remote working has been swift and has redefined the workplace. Employees who are not based in the office, such as salesman, can now connect with your IT systems from anywhere in the world. It’s one of the simplest ways to maximize your IT productivity. All your workers need is an internet connection. So, make sure that you establish a remote working policy which fits in with your existing IT systems.
  1. Keep Up to Date: Not every development in the world of IT will be of interest to your organization. But it’s important that you keep up to date with the many changes taking place. It’s possible that even a slight development in a specific area, such as data storage, could make a difference to your IT operations. Thankfully, it’s not difficult to achieve this. Just make sure that you bookmark several IT news sites and regularly check the headlines.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

SMS Authentication Isn’t as Secure as You Thought

Ophtek, Security Threats, SMS Authentication, Two Factor Authentication, , ,
10
Mar 2020

SMS is one of the most popular ways to confirm two-factor authorization. Accordingly, it’s been adopted by countless organizations. But is it secure?

Two-factor authorization is one of the simplest ways to maximize security. Instead of, for example, simply entering a username and password, two-factor authorization requires a little more. So, once the correct login details have been processed, a further level of confirmation is requested. One of the most popular ways to achieve this is through SMS. Users are sent a unique code which must then be entered into the system they wish to access. It’s one of the surest ways to confirm a genuine login.

However, the discovery of a vulnerability in SIM security has left security experts questioning the safety of SMS authentication.

The Problems with SIM Cards

The ease and simplicity of SMS authentication has made it a popular choice with IT experts and PC users. But a study by Princeton University has shone new light on the dangers of SMS authentication. It’s all down to a form of hacking known as a SIM-swap attack. A strain of social engineering, SIM-swap attacks involve deceiving phone carriers into swapping existing phone numbers over to new SIM cards.

With a new SIM card in their possession, the perpetrator is in the perfect position to hijack accounts and sail through two-factor authorization with ease. One of the most worrying aspects of the study was that some major phone carriers were involved. AT&T, Verizon, US Mobile, Tracfone and T-Mobile all failed to prevent SIM-swap attacks taking place. But how did this happen?

After a year-long study, the Princeton researchers were able to determine that deceiving a call center operator was relatively simple. To activate the SIM-swap process, all the researchers had to do was pass a single security challenge. Perversely, to reach this stage, the researchers had to deliberately submit an incorrect PIN. Once asked to confirm personal information, the researchers would plead ignorance to these requests. The next step, by the phone carriers, would be to request details about the last two calls made by that number.

You may think that his information is difficult to obtain, but it’s a lot easier than you would imagine. Social engineering can be used to trick victims into making phone calls quite easily, particularly when financial matters are mentioned. And it was with this information that the researchers were able to initiate the SIM-swap process.

How Can You Secure Two-Factor Authorization?

The results of the Princeton study are worrying and highlight a lack of security on the part of phone carriers. T-Mobile has since confirmed that they have eliminated call logs from their authorization process. But the fact remains that SIM cards have been highlighted as a weak link. And it’s recommended that your organization drops SMS authorization. The preferred method of two-factor authorization is with an authentication app. These apps generate unique two-factor codes on a phone, but remain inaccessible by the SIM card.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How to Keep Your Remote Workers Secure

Network, Ophtek, remote workers, Security, Security Threats, , , ,
25
Feb 2020

Advances in technology have created an environment where clocking in at the office is no longer required. But remote working is not without security risks.

Remote working is on the rise with many organizations offering this option to their employees. The benefits of remote working are numerous and apply to both employers and employees. But, away from the relative security of the office, remote working poses a number of security risks. Therefore, it’s crucial that your business finds a healthy balance. You need to develop a remote working environment which not only provides flexibility, but is also secure.

Achieving this combination is relatively easy. You just need to know how. And, thankfully, we’re going to show you how.

Keeping Remote Workers Safe

Remote workers are, to a certain degree, a law unto themselves. After all, working from a remote location means that immediate monitoring is next to impossible. So, you need to invest a certain level of trust. But we’re living in an age where cyber-attacks are reaching record highs. And this is why you need to help protect your employees in the following ways:

  • Security Training: Your employees are your main defense against security attacks, so they need the correct training to remain safe. And this applies to remote workers more than any other employee. Regular training on security protocols and updates on contemporary threats need to be put in place. 
  • Use Two-Factor Authentication: One of the surest ways to secure your remote workers is by putting two-factor authentication in place. This is a security procedure by which users have to provide additional information alongside a username and password. This can take the form of a PIN number sent to a mobile device or a secret question. It only takes seconds to pass two-factor authentication, but the enhanced security it provides is priceless. 
  • Monitor Devices Closely: It’s important to keep a regular eye on any company issued devices that are used remotely. For one thing, you need to make sure that your employees are working as they should be. But, when it comes to security, you should make sure you are analyzing their usage e.g. visiting malicious websites and connecting external devices such as USB drives. 
  • Implement a VPN: A virtual private network (VPN) is essential for remote workers. It’s difficult to guarantee that remote connections are fully secure, but a VPN solves this problem. Using multiple layers of encryption, a VPN protects any data being transmitted or received by remote workers. Therefore, data such as financial records and customer details will be secured from any external forces. 
  • Use Strong Passwords: This may sound simple, but a weak password is easier to crack than a complex one. However, this advice is ignored more often than you would think. So, you need to remind your employees of the importance of password security. And you need to prompt them to regularly change their passwords. Thankfully, creating strong and unique passwords is easy once you learn the basics. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 11 12 13 14 15 48