How to Keep Your Remote Workers Secure

Network, Ophtek, remote workers, Security, Security Threats, , , ,
25
Feb 2020

Advances in technology have created an environment where clocking in at the office is no longer required. But remote working is not without security risks.

Remote working is on the rise with many organizations offering this option to their employees. The benefits of remote working are numerous and apply to both employers and employees. But, away from the relative security of the office, remote working poses a number of security risks. Therefore, it’s crucial that your business finds a healthy balance. You need to develop a remote working environment which not only provides flexibility, but is also secure.

Achieving this combination is relatively easy. You just need to know how. And, thankfully, we’re going to show you how.

Keeping Remote Workers Safe

Remote workers are, to a certain degree, a law unto themselves. After all, working from a remote location means that immediate monitoring is next to impossible. So, you need to invest a certain level of trust. But we’re living in an age where cyber-attacks are reaching record highs. And this is why you need to help protect your employees in the following ways:

  • Security Training: Your employees are your main defense against security attacks, so they need the correct training to remain safe. And this applies to remote workers more than any other employee. Regular training on security protocols and updates on contemporary threats need to be put in place. 
  • Use Two-Factor Authentication: One of the surest ways to secure your remote workers is by putting two-factor authentication in place. This is a security procedure by which users have to provide additional information alongside a username and password. This can take the form of a PIN number sent to a mobile device or a secret question. It only takes seconds to pass two-factor authentication, but the enhanced security it provides is priceless. 
  • Monitor Devices Closely: It’s important to keep a regular eye on any company issued devices that are used remotely. For one thing, you need to make sure that your employees are working as they should be. But, when it comes to security, you should make sure you are analyzing their usage e.g. visiting malicious websites and connecting external devices such as USB drives. 
  • Implement a VPN: A virtual private network (VPN) is essential for remote workers. It’s difficult to guarantee that remote connections are fully secure, but a VPN solves this problem. Using multiple layers of encryption, a VPN protects any data being transmitted or received by remote workers. Therefore, data such as financial records and customer details will be secured from any external forces. 
  • Use Strong Passwords: This may sound simple, but a weak password is easier to crack than a complex one. However, this advice is ignored more often than you would think. So, you need to remind your employees of the importance of password security. And you need to prompt them to regularly change their passwords. Thankfully, creating strong and unique passwords is easy once you learn the basics. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Coronavirus Malware Spreads Round the World

Ophtek, Phishing, Phishing Email, Security, Security Threats, , ,
18
Feb 2020

The coronavirus is the latest health scare to be spreading across the globe. Hackers, as clever as ever, are using this fear to spread malware.

Hackers are innovative criminals and are constantly on the lookout for exploits. Sometimes these are software vulnerabilities that leave back door opens. But these exploits can also take the form of social engineering. And this is how hackers are taking advantage of the panic caused by the coronavirus.

It’s always important to safeguard your defenses with the best security software, but this isn’t enough. Threats such as social engineering require a concerted effort to be made by individuals. So that’s why we’re going to take a look at the threat posed by the coronavirus malware.

What is the Coronavirus Malware?

The entire planet is preparing and educating themselves for the fight against the coronavirus. Naturally, this means that millions of people are heading online to learn more about the disease. Now, although the internet poses no threat to your physical health, the same cannot be said for your digital security. And this is because cyber criminals are disguising malware as educational documents on the coronavirus.

These documents, which have been detected as docx, pdf and mp4 variants, promise to be helpful. But, rather than containing useful information on the coronavirus, these documents actually contain a wide range of malware threats. So far, Kaspersky, have identified 10 file variants that include various Trojans and worms. However, given the on-going threat of the coronavirus, it’s likely that the number of malware threats will increase.

The most common method to spread this malware is through phishing emails. And, as with all social engineering, the bait is very convincing. The emails claim to be distributed by the Centers for Disease Control and Prevention, but this is a false claim. If you look a little closer you will discover that the domain these are sent from is incorrect. The official domain for the CDC is cdc.gov but these malicious emails actually originate from cdc-gov.org. These emails contain a link which, rather than taking you to an advice page, takes you to a fake web page that aims to steal your credentials.

How to Protect Yourself Against the Coronavirus Malware

Hackers are using a variety of methods to exploit the coronavirus to cause digital chaos. Infected documents threaten the security of your PC systems and phishing emails have the potential to steal personal information. Therefore, you need to protect yourself by following these best practices:

  • Only Open Trusted Files: The only files that you should ever open on a PC are ones that come from a trusted source. If there’s even the smallest doubt over the legitimacy of a file you shouldn’t download it. Always check with an IT professional before going any further. 
  • Always Hover Over Links: Emails, and websites, can easily display a web link which disguises its true destination. A link that, for example, claims it will send you to an official government website can easily send you somewhere else. However, if you hover your mouse cursor over a link, this will prompt a popup which displays exactly where it will take you. 
  • Install Security Software: A sure fire way to avoid the wrath of malicious websites is by working with security software. These applications are regularly updated with details of malicious websites and will put an instant block on visiting them.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Snatch Malware Proves That Safe Mode Isn’t so Safe

malware, Network, Ophtek, Ransomware, Security, Security Threats, , , ,
14
Jan 2020

We’ve all had to boot into safe mode on our PCs at some point and you would assume it’s a safe environment. But the Snatch malware is proving otherwise.

Safe mode is a configuration mode that you can request your PC to boot into at startup. In safe mode, your PC will only execute essential applications. The functions of your PC will be limited, but it’s the perfect environment for fixing problems and removing various forms of malware. But it appears that Snatch is a brand of malware which can thrive in safe mode.

Snatch is a multi-factor threat which can cause real damage to your business, so it’s a slice of malware that you need to be protecting yourself against. To give you a head start, we’ve put together a quick lowdown on Snatch.

What is Snatch?

Snatch is a newly discovered malware variant which contains two key threats: a ransomware function and the ability to log and steal user data. It’s not the first piece of malware to come loaded with these threats, but its infection strategies are unique. Using brute force attacks, Snatch is targeting the PCs of various organizations. So far, this sounds far from unusual as brute force attacks are a fairly conventional form of hacking. But Snatch has a unique strategy.

Following the initial infection, Snatch forces the PC to reboot. And it’s at this point that Snatch informs the PC to boot into safe mode. It’s believed that this unusual, yet clever, step is initiated in order to avoid anti-virus software which is often disabled in safe mode. From here it can execute its malicious payload. Snatch will then begin encrypting files and demanding ransoms that have been as high as $35,000. There is also evidence that surveillance threats are present in Snatch, so data harvesting is likely to start once the infection is unleashed.

Protecting Yourself from Snatch

The Snatch malware has the capability to cause extensive damage to your organization in terms of both finances and credibility. It’s also disturbingly efficient as it deletes any volume shadow copies of the files it encrypts. By deleting these volume shadow copies, Snatch is ensuring that it’s impossible to restore the encrypted files. Therefore, it’s crucial that you protect your PCs from Snatch by:

  • Practice Good IT Security: The backbone of any secure network is based upon the actions of those using it. And this is why it’s important that all your users understand the basics of IT security. By embracing these practices it’s possible to keep your PCs protected from the majority of majority of malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Making Your Passwords Stronger with Password Checkup

Hacking, Ophtek, Password Security, Security Threats, ,
07
Jan 2020

Passwords are the single most important safety tool at your disposal. But passwords need to be strong. And creating strong passwords is far from easy.

Thankfully, Google has solved this problem for us. All you need to do is get on board with their new service: Password Checkup. Not sure what Password Checkup is? Well, as luck would have it, we’ve put together a quick guide for you.

The Problems with Passwords

There are certain passwords which are used time and time again. And not just by individuals. We’re talking millions of people all over the world using similar passwords. These includes all the old favorites such as Password123, abc123 and Passw0rd. Sure, these are easy to remember. But their ubiquity means that they represent a major security risk.

Modern security techniques, of course, have negated the impact of weak passwords, but only marginally. Two-factor authentication, for example, puts an extra barrier behind passwords. But this is not there to be treated as a security option to fall back on. That’s why you need to start with a strong password and work from there.

But the sheer number of sites and applications we log in to in the 21st century is mind-boggling. Memorizing all of these passwords requires some serious memory skills. The quickest solution to this problem is to write them all down. But, that’s right, you’ve guessed it. Writing down passwords is yet another security threat.

Password Checkup is the Solution

Google, the great innovator of technology, has decided to simplify and improve the password process. And the result is Password Checkup.

Google Chrome and individual Google accounts have long had a built in password manager. This has allowed users to not only generate passwords, but also store them securely. Users, therefore, have been able to browse online securely and access all their services with ease. But this isn’t enough for Google. They want to push the concept a little further.

And this is where the Password Checkup extension comes in. Available from the Chrome web store, all it takes is a simple install process to activate Password Checkup for Chrome. But what does it do? Well, its main objectives are:

  • Identifying whether your username/password combination has been exposed. Breaches of third-party databases are rife. But, thanks to the data at its disposal, Password Checkup can advise you of this and prompt a change of password.
  • To analyze your existing passwords and recommend strengthening them if required. Your passwords may be securely stored in Chrome, but this doesn’t mean they can’t benefit from strengthening further.

The Password Checkup extension isn’t the only method in which you can use the service. You can also log on at passwords.google.com to manage and analyze your stored passwords.

Stay Safe with Password Checkup

All it takes is for one password to be breached to cause untold damage. But Password Checkup helps to nullify this threat. Thanks to its clever technology, Password Checkup keeps you on top of weak and exposed passwords. This knowledge allows you to act quickly and effectively to secure your passwords. And, with Password Checkup soon to be an integral feature of Chrome, the future looks bright and secure.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

WordPress Sites are Quietly Downloading Malware

Hacking, Ophtek, Security, Security Threats, WordPress, , , ,
10
Dec 2019

WordPress is a popular platform for building websites, but this popularity has made it a target for hackers. And it’s now being used to launch hacks.

It’s estimated that around 75 million websites use WordPress as the backbone for their content. But not even the largest and most profitable tech companies are immune from hacking. Vulnerabilities are present in almost every piece of software ever designed. And when these vulnerabilities are discovered they will be exploited almost instantly by hackers. WordPress has fallen foul of this all too common scenario and, as a result, 100,000 web users have felt the attentions of these hackers.

Due to the ubiquity of WordPress websites it’s likely that your organization engages with them on a daily basis. It may even be that your organization’s website is hosted through WordPress. Either way, the threat presented is one you want to avoid, so let’s take a look at it.

How were the WordPress Sites Compromised?

Security experts Zscaler were the first people to identify that WordPress sites had been compromised. The nature of the hack is sophisticated, but relatively simple to pull off. After discovering a vulnerability in the ‘theme’ plugin, which is included in WordPress sites, the hackers were able to infect the sites with malicious scripts. These scripts were a form of code which redirected visitors to a Flash Player update alert. However, this urgent update was fake and all that would be downloaded was a malicious file.

The file in question was a Remote Access Trojan (RAT) which allowed remote access to the infected PC. And, with unrestrained access, the hackers were granted the opportunity to download and distribute malware as well as the chance to compromise data. But this isn’t the only way in which the malware infects PCs. Those using the Chrome browser faced an additional threat. Upon visiting the infected WordPress sites, Chrome users were prompted to download an update for the ‘PT Sans’ font. Again, this is a deceptive request and downloads the RAT.

Protecting Against the WordPress Hack

If you own a website which is built on the foundations of WordPress then it’s crucial that you update the associated content management system. This will instantly prevent your website from cultivating the hack and protect your visitors.

Unfortunately, it’s not always possible to tell when a website is using the WordPress system, so you should make sure you practice the following:

  • Scrutinize all Popups: The sheer range of dangerous popups means that they should always be scrutinized. Fake updates tend to stress an extreme urgency which is designed to tempt users into clicking them without checking. Instead, users need to take a second and consult with an IT professional to verify the update is genuine. 
  • Install Anti-Virus Software: It’s vital that your organization uses anti-virus software. Not only can it identify threats such as the WordPress hack, but they are regularly updated. This ensures that your organization is protected from all the latest threats. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 13 14 15 16 17 50