7 Security Tips to Keep Your Passwords Secure

Security, ,
04
Oct 2016

password-security

Passwords can easily be hacked and this seems to be happening more and more often, so understanding how to secure your passwords is vital.

Although passwords have come in for a lot of criticism recently, they still have a place in the security arsenal of all businesses. This is why it’s crucial that you don’t underestimate their potential for letting a hacker in the back door.

Aside from using a password manager, it’s actually surprisingly simple to keep your passwords secure, but you’d be surprised by just how many people fail to protect them. And, when this happens, you get hacked!

Let’s take a look at 7 security tips to help keep your passwords secure.

1. Don’t Advertise It!

Yes, that’s right, you have to keep your password secret or it defeats the point of a password! Don’t tell work colleagues what it is and don’t write it down on a post-it note!

2. Different Passwords for Different Accounts

It may seem simpler to use one password across multiple accounts, but this actually puts you at a huge risk of losing all your data. If, for example, a hacker gains access to your email password, their next step will be to try that password in every piece of software you log into.

However, by using different passwords across different accounts, you minimize just how catastrophic the theft of a password can be.

3. Combination Passwords

You should always make sure that you use a combination of letters, numbers and symbols to create your passwords. By using a mixture of these characters you’re ensuring that standard words from dictionary lists will be useless when trying to hack a password by brute force e.g. antarctica will be in a dictionary list, but antarctica247! most definitely will not be!

4. Don’t Make it Personal

It’s very common for people to use their personal details as the basis for their password e.g. name, date of birth, hometown information. However, although this is personal to you, it’s also very easy for hackers to research. And that’s why you need to give the hackers something harder to think about.

5. Longer Passwords are Better

4bf6f12437012926be9455d8b7fdd116

Hackers are able to employ software which uses brute force to check around 2 billion password combinations in one second. And, when you consider that a 6 letter password has just over 3 billion possible combinations, you can see that longer passwords offer more protection e.g using 8 letters produces a possible 208 billion combinations!

6. Regularly Update Passwords

Complacency is the biggest threat to your password’s security. Sure, you may have a password with no personal links and it’s 23 characters long, but give a hacker enough time and they’ll crack it. That’s why you need to regularly change your passwords to make sure that you keep resetting the progress of potential hackers.

7. Enter your Password Discreetly

Always make sure that no one is watching your fingers fly across the keyboard as you enter your password. Okay, no one wants to accuse their co-workers of any bad intentions, but insider threats to data security are a real thing, so always make sure enter your password safely.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

4 Tips to Secure Your Business IT Network

Security,
27
Sep 2016

Hand pushing virtual security button on digital background

The number of threats to your business IT network seem to increase on a daily basis, so it’s important that you know how to keep your network secure.

Although it’s difficult to maintain security – just ask Hilary Clinton – there are a wide range of preventative steps you can take to help put up the barricades against cyber attacks.

And, in order to help you stay as secure as possible, I’m going to share 4 tips to secure your business IT network.

1. Conceal Your SSID

Wireless networks are an essential for most businesses, but they also act as an attractive opportunity for hackers to gain access to all your data. And, if a hacker is targeting your business in particular, you don’t want to give them a head start.

That’s why you need to change your service set identified (SSID). An SSID is the name given to your router to identify it e.g. a company called Bob’s Paperhouse may rename their router to Bob’s Paperhouse to single it out from multiple wireless networks in the same location.

However, it also publicly advertises exactly whose network this is and presents a security risk. Instead, I would always recommend a less obvious SSID such as ‘wireless123’ and only disclose this information to individuals who need to access the network.

2. Control Install Privileges

The average employee knows very little about the intricacies of network security, so their judgment, in this respect, can present many potential security risks.

In particular, they may not be able to identify what represents an unsafe link and what doesn’t. And the end result of this can see employees installing what appears to be an essential software update, but is actually a piece of malware disguised as a legitimate update.

Although it may seem as though you don’t trust your employees, you need to employ a policy which restricts install privileges to a few individuals who can evaluate the risks safely. This helps to eliminate the risk of poor judgment from your employees.

3. Set up a Virtual Private Network

Enable-VPN-on-Kali-Linux-blackMORE-Ops-0

A virtual private network (VPN) should be a priority for any business which has external employees accessing the company network.

Sure, these employees can take advantage of free wifi hotspots when they’re out and about, but these networks are notoriously unsecure. With a VPN, however, you can start to take back control of your security.

A VPN helps to create an encrypted connection between external devices such as laptops using a public wifi connection and your business network. This protects not only your device, but also reduces any back door access into your business network.

4. Install a Firewall

firewall_man

It may seem simple, but a firewall remains a strong contender for being the best method of protecting your company network. After all, what’s a hacker going to be more interested in hacking – a network with no firewall or a network with a firewall? You don’t need me to tell you the answer to this!

Firewalls act as a keen set of eyes to identify all traffic accessing or trying to access your network, so they’re a crucial first line of defense against any rogue visitors. They can also identify suspicious files which are placed in quarantine where they can be reviewed, so this multi-targeted approach can really pay dividends for your network security.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Case Study: Hackers Steal 10 Million Customer’s Details

Internet, ,
06
Sep 2016

AAEAAQAAAAAAAAgvAAAAJDhjMDZlMWZjLTg0ZjMtNDFiMi04MTNhLWQ0NTQyNDRlMjdhMA
North Korea is ramping up its hacking activity with a recent hack on South Korea stealing the personal data of around 10 million customers.

Yes, this latest attack by North Korean hackers has created widespread fear for a huge number of individuals who felt that their sensitive data was protected. Unfortunately, in this day and age, it’s a brave company that can attest to their data being protected 100% securely.

It’s the kind of attack which should really make your ears prick up and take data security seriously, so it’s time to investigate the story!

Hacking Interpark
20160726001213_0

The hacked company at the centre of this attack is Interpark, an online shopping mall located in South Korea. Founded in 1996, Interpark has risen to such a lofty position in their market that they can boast transactions which are measured in hundreds of millions of dollars, so it’s no surprise that Interpark was such an attractive target.

But how exactly does a company as large as Interpark fall down in the security stakes and get hacked?

Well, unfortunately, it was through the simple execution of a malware attack through email. A careless employee fell for a deceptive email and effectively left the back door unlocked for North Korea to gain entry.

Now, we seem to be discussing malware on here on a regular basis, but this attack is something else in terms of its ambitions. Not only have the hackers compromised sensitive customer details such as email addresses, telephone numbers and other personal data, but they’re demanding that Interpark pay a ransom of nearly $3 billion in Bitcoin to prevent the data being leaked.

What’s particularly embarrassing for Interpark is that the initial hack took place in May, but was only brought to Interpark’s attention on July 11 when the ransom message was delivered. This highlights the sophistication with which the hackers have been able to cover their tracks through a simple email attack, but also underlines how lax Interpark have been with their monitoring.

After all, if there has been movement of 10 million customers’ details on your network, it really should be detected…

Combatting Malware

virus-web-malware-shield-internet

North Korea has been the center of hack controversies for a few years now, with their alleged involvement in the Sony Pictures hack perhaps the most famous example. And, it’s unlikely that Interpark will be their last target either, so you need to understand how to protect yourself from malware.

As ever, ensure that you and your employees are taking the following steps:

  • Always install all the latest software updates to prevent easy access for hackers who have identified vulnerabilities in specific software.

 

  • Display awareness when opening emails and being presented with links and attachments. Although they may look harmless, this is often part of the clever deception at play and it’s always best to double check.

 

  • Be careful when using removable hardware such as disk drives and USB sticks as these can easily be tampered with to contain automatic software which will download malware silently and quickly.

 

  • Keep a close eye on network activity on your servers. An increase in activity could indicate that something unusual is happening such as wholesale removal of personal data.

 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

6 Tips to Protect Yourself From Ransomware

Security,
30
Aug 2016

ransomware-expert-tips-featured Ransomware is a fairly new security risk, but one which is on the rise and it’s vital that you know how to protect your data from ransomware attacks.

I’ve covered ransomware attacks on this blog on a number of occasions and detailed the damage it can do to businesses. It’s a particularly nasty evolution for hacking and one which often leaves you no option but to pay the ransom to decrypt your data.

Obviously, no business wants to find itself in the position where it has to give in to the hackers’ demands, so prevention is the key. And to help you get your defenses more secure, I’m going to share 6 tips to protect yourself from ransomware.

Backup Your Data

backup_banner_resized

If your data becomes the victim of a ransomware attack then it may seem as though you have no option but to pay the attackers to release your data. However, the simplest way to reduce the damage in this instance is to ensure that your most crucial data is backed up offline. This can be as simple as backing up data to portable storage devices.

Create Strong Passwords

To cut hackers off early on in their ransomware attacks, it’s crucial that you ensure your systems are protected by strong passwords. Whilst you might think that no one is going to predict that you’ve used your mother’s maiden name, it’s relatively easy to hack this through brute force. To make this harder, you should add numbers and symbols to prevent the password being cracked.

Identify Suspicious Email Attachments

Shackleton-Phishing

The most common route for ransomware to infiltrate your systems is through seemingly harmless email attachments. And it’s important that your staff know what makes for a suspicious attachment.

In particular, emails which contain attachments from senders you don’t recognize should always be double checked. However, you need to be aware that people in your contacts list could be hacked and then used to distribute the ransomware, so vigilance is always important.

Disable Macros

Many ransomware attacks involve Microsoft Office documents which are loaded with malicious macros which allow backdoor access into networks. Thankfully, Office documents will always give you the option to enable or disable macros; if you suspect that anything about the Office document doesn’t seem right then disable the macros or, more simply, just close the document.

Install Patches ASAP!

Ransomware loves finding vulnerabilities in software and this underlines the importance of installing updates released by software publishers. It may seem a little time consuming – particularly when you need to shut down your system – but it’s essential that you install all patches immediately to provide you with maximum protection.

Shut Down Your Network

Once a piece of ransomware has breached part of your network it can spread very quickly. Therefore, the best course of action may be to simply disconnect your network. This may cause a huge disturbance to your businesses activities, but it may be less painful than compromising your data. With the spread halted, you can then investigate your options for decrypting any affected data.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Microsoft Rushes Patch for Printers on Windows

Office IT, ,
23
Aug 2016

c04386354 Even in this so called ‘paperless’ age, almost every business still uses a printer on a daily basis, but did you know that even these can get hacked?

Yes, printers are vulnerable pieces of hardware which can allow hackers to gain access to your systems. And this recent scare was all down to a vulnerability identified in the Windows Print Spooler server. Luckily, this susceptibility was identified and Microsoft quickly released a patch to nip this matter in the bud.

However, it’s a troubling scenario given that we’re not used to our printers being used as a back door for hackers to take control of our networks, so I’ve decided to dig a little deeper into the story.

Hacking a Printer

doom_printer_hack

When a new printer is installed, the files required will be downloaded from the Windows Print Spooler server to get the printer up and running. Usually, the correct files will be downloaded and everything will go smoothly. However, Microsoft discovered a critical flaw which meant that Windows would not handle the installation correctly and this would lead to users not connecting securely to their printer.

This would leave a gap in security which would allow hackers to gain unauthorized system privileges and install their own malware files on users’ systems causing all kinds of security issues. There would also be the opportunity to carry out what’s known as a Man-in-the-Middle Attack which would allow the hackers to take control of information being transmitted by the infected PC and alter it.

Perhaps the most damaging effect of an attack like this is that printers tend to be behind firewalls, so any malicious activity would go unnoticed. What’s particularly worrying about this is that large numbers of PCs are usually connected to a printer, so the potential for infecting other PCs becomes greatly magnified.

Is Windows Secure?

Windows-10-Security

This vulnerability in Windows is particularly embarrassing for Microsoft given their high profile security hiccups recently such as a lack of WiFi security, so this latest threat doesn’t instill confidence in Microsoft’s approach to security. To make matters worse, this recently discovered flaw is an issue which affects operating systems going back to Vista which was released 10 years ago, so a huge number of PCs are at risk.

And it’s not the first time that Windows Print Spooler service has been exploited, so it raises some important questions about how Microsoft continue to monitor security vulnerabilities once they appear to have been solved.

Make Sure You’re Safe

The most important step you can take in combating security flaws such as this is to install all updates as soon as possible. It only takes a few seconds for a hacker to gain access to your systems, so it’s vital you don’t leave that install until the morning.

With vulnerabilities which are built into operating systems, of course, you can’t really put any blame on the end users, but it’s crucial that users look out for the following activity:

  • In this particular case, the ability for the hackers to set up a rogue printer on the network presented itself, so any unusual printer activity could indicate a security issue
  • Systems shutting down of their own accord and any ‘File Installation’ progress bars suddenly appearing could be evidence of malicious code being installed

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 33 34 35 36 37 49