Multifactor Authentication and Why You Need It

Security,
26
Apr 2016

19_MultifactorAuthentication_b2_l_v3

Many businesses are struggling to combat the increasing sophistication of hackers. However, the key to data security may lie in multifactor authentication.

When firms such as Apple are struggling to reduce the threat of hacks which spell disaster for their employees, it underlines the ease in which hackers can gain access to sensitive data. One way that you can put obstacles in the way of potential hackers is to implement multifactor authentication (MFA) into your business.

You may be wondering what MFA is, so let’s take a look!

The Basics of Multifactor Authentication

Whilst MFA may sound both a bit of a mouthful and incredibly technical, the truth is that it’s a simple concept. Whereas you may currently require your employees to log on to your system with a password, MFA takes it a little bit further.

What MFA demands is that at least two user credentials need to be combined to provide access. The credentials employed in MFA tend to center around the following categories:

  • Password – Yes, that’s right, the good old fashioned login/password combination still has a place in the 21st century!
  • Authentication Token – A small device which users carry such as a swipe card. Using this device will allow users to access your system.
  • Biometric Authentication – This is where things start to get really futuristic as it relates to forms of genetic verification e.g. retina scans and fingerprint recognition.

What’s Wrong with Just Passwords?

2015-12-29-1451425693-272677-Steal_password

Passwords have been in use with computers for as long as we can remember; we suspect that they will also continue to be here for some time. However, on their own, they represent a security risk.

The main problem with a reliance on passwords is that they have to be stored somewhere on a database. Immediately, this presents the threat of all your passwords being compromised if a hacker manages to access the database. And, as mentioned at the start of this article hackers are becoming very sophisticated.

It’s relatively simple for hackers to run software which attempts 1 billion passwords per second, so this demonstrates just how feeble a password on its own is. Therefore, integrating MFA is crucial for establishing a strong set of defenses against potential security attacks.

Benefits of Multifactor Authentication

multifactor

Let’s take a look through the benefits that MFA can bring to your business:

  • Physical credentials can’t be compromised by social engineering. Sure, it’s possible to get a password to someone’s bank account over the phone with a bit of trickery, but how are you going to talk someone out of their swipe card?
  • Hackers are instantly repelled by MFA as their time is better spent on less complex systems to break into.
  • MFA can be very cost effective if all it requires is for an employee to be sent an SMS message with a code.
  • There’s an increase in awareness of security breaches e.g. if an employee receives an SMS message advising that a login attempt has been made, but they haven’t tried to login, then they can alert your IT department.

Considering Multifactor Authentication?

If you’re trying to make your mind up on MFA then let us confirm the answer for you: it’s essential for your most important data and emails! Anything which creates a headache for hackers is an excellent deterrent and MFA achieves this effectively.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Email Phishing Scam Steals Snapchat Employees Data

Security, ,
19
Apr 2016

SNapchat620px

Phishing scams are well known within technology circles, but this doesn’t mean those in the tech industry are immune as Snapchat discovered in February.

Snapchat, for those of you who are not aware, is a social media app which allows users to send each other photos and videos with a limited viewing time. Once that time is up then the media disappears forever. It’s proved to be phenomenally successful and the company is estimated to be worth $20 billion.

However, even with the funds available to invest in state of the art cyber security, they still found themselves falling foul of a good old fashioned phishing scam. We are going to show you what happened in order to equip you with the knowledge needed to avoid a similar occurrence.

How Was Snapchat Hacked?

6357613873537576411298140331_snapchat-app_500-100224643-large.imgopt1000x70

The hack at Snapchat used a relatively simple phishing scam to gain access to sensitive employee data. The payroll department at Snapchat received an email which claimed to be from the company’s CEO requesting payroll information on employees. Unfortunately for the payroll department, this email was not genuine. It was a scam.

Not realizing the fraudulent nature of the email, an employee duly forwarded the required information to the hacker. The nature of the data disclosed has not been confirmed by Snapchat, but it’s suspected that it would include the following:

  • Bank details
  • Social security numbers
  • Salary information
  • Personal ID and addresses

Why Do People Still Fall for Phishing Scams?

Computer-Hacker

It may seem strange that such a master of modern technology can fall victim to such a simple phishing scam, but it’s by no means unthinkable. These scams have evolved over time to become more sophisticated and it’s often their simplicity which makes them so deceptive.

In the case of the email sent to Snapchat purporting to be from their CEO, it’s more than likely that it genuinely appeared to have been sent by the CEO. With even the most basic software, it’s possible to fake outgoing email addresses and, if I wanted, it wouldn’t be difficult for me to send an email apparently from bill.gates@microsoft.com

And although this particular Snapchat employee was left thinking “I should have known better”, they most likely thought they were being a helpful employee and were keen to impress their CEO. However, it’s this type of tempting payoff which makes phishing scams so hard to resist.

The Aftermath of the Scam

To Snapchat’s credit, they responded fairly quickly and within four hours they had managed to confirm this was an isolated attack. A report was filed with the FBI and employees affected by the scam were offered two years’ worth of identity theft insurance and monitoring. More importantly, Snapchat underlined their determination to increase the intensity of their security training within the next few weeks.

Snapchat’s case highlights just how vulnerable even multibillion dollar corporations can be when confronted with even the simplest hacks. The importance of good quality security training which focuses on even the most intricate details of phishing scams is paramount to ensure yours and your customer’s data.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Ransomware Locky Holds Your Data Hostage

Security,
05
Apr 2016

Computer virus.

Reports of a rise in ransomware trojans have seen further evidence in the form of ‘Locky’ which encrypts user data and demands payment to decrypt it.

Gathering data content, be it blog articles or customer databases, is a time consuming affair, so there’s a real sense of relief when it’s finally collated and finished. However, can you imagine how frustrating it would be to have this data suddenly encrypted by a third party? And how annoyed would you be if this third party then started demanding payment to release it?

You’d be VERY frustrated and VERY annoyed!

Locky – which is being distributed by infected MS Word files – is causing all manner of trouble to businesses at present, so it’s time you learned a little more about it to avoid getting a ransom note demanding $10,000!

What is Locky?

Ransomware does exactly what is says on the tin, it’s software which demands a ransom. Locky is a relatively new form of ransomware which, when activated, converts a long list of file extensions to a seemingly locked extension type named .locky e.g. a .jpeg extension will be converted to a .locky extension.

The problem is that the only way you can decrypt these .locky files is by purchasing a ‘decryption key’ online from the perpetrators. Now, you may be thinking that an online payment surely leaves a trail to the cyber criminals behind the ransom. Unfortunately, these hackers only accept payment through bitcoin – an untraceable online currency.

Ransoms as high as $17,000 are reported to have been paid to restore access to data, so it’s crucial you know what the warning signs of Locky are.

How Do You Get Infected By Locky?

virus-infected-word-file

Hackers are taking advantage of the ubiquity of Microsoft Office in our working lives to target victims with Locky. Emails are sent containing an MS Word attachment titled “Troj/DocDL-BCF” and the chaos it releases unfolds thusly:

  • Users open the file to discover it’s full of nonsensical text and symbols
  • A prompt encourages users to enable macros if “data encoding is incorrect” which, when presented with garbled text and symbols, would seem the right thing to do
  • If macros are enabled then this runs software which saves a file to the hard drive and then executes it
  • This file then downloads a final piece of software – Locky
  • Once Locky is downloaded to the system it starts scrambling files to the .locky extension
  • Locky then changes your desktop wallpaper to one of a ransom note detailing how to pay the decryption ransom

How to Protect Yourself From Locky

 virus-protection-services-melbourne-transit-data-about-us

Naturally, the best way to avoid getting infected with ransomware like Locky is to avoid all dubious email attachments.  However, there are a couple of other tips to help protect yourself:

  • Try installing Microsoft Office viewers which allow users to view documents without actually opening them in Office applications and prevents viruses from executing
  • Always install the latest updates for Microsoft Office to ensure any back doors are patched to keep your system protected

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Are Apple Computers Immune to Viruses?

Security, ,
29
Mar 2016

fva-630-skull-and-crossbones-computer-virus-hacking-credit-shutterstock-630w Compared to Windows PCs, Apple’s Mac computers have always been relatively virus free. However, a recent security attack has proved this is no longer true.

March 2016 saw a significant attack on Mac users which involved hijacking the Transmission BitTorrent app in order to deliver ransomware to its victims. It sounds like your stereotypical Windows attack, but why is it now happening to Macs? After all, the general consensus has been that they’re immune from viruses.

Seeing as Macs are very important to a huge number of businesses, I’m going to investigate this latest attack to analyze how it occurred and what it means for Mac users.

The Nature of the Mac Ransomware

computer-viruses

The unknown attackers used ransomware in their attack against Apple users and it’s a type of cyber-attack which is becoming increasingly popular. In this instance, the hackers were able to gain access to users’ systems through the Transmission BitTorrent app. This allowed the hackers to download malicious software onto the Macs. This software literally held the Mac users to ransom by encrypting their files and demanding $400 to release them.

How Did Apple’s Guard Drop?

For a very long time, Apple users were confident that Macs were safe from cyber-attacks. And for a long time this was generally true. This, however, wasn’t down to cutting edge security technology.

The truth is that hackers didn’t have much interest in targeting an Apple Mac. The reason for this is that Apple has a much smaller share of the market than Windows PCs. Why would a hacker want to spend their time writing software which could only target a small number of users?

This fact perhaps led to a sense of complacency on Apple’s part, so they weren’t expecting vulnerabilities in their operating system to be exploited so easily. Unfortunately, Apple’s Gatekeeper security software has, itself, been shown to contain numerous back doors through which hackers can cause chaos.

One of the main routes into Apple’s system is by tricking it to accept pre-approved developer certificates which have been faked. This allows users to download software which isn’t produced by who it says it is and, therefore, can’t be trusted. And this is exactly what happened with the Transmission BitTorrent app.

The Future for Apple Security

mac-shield

This recent attack is not the first security scandal to hit Apple. In 2014, there were around  10,000  – 70,000 attacks on Mac computers per month, but this rose dramatically in 2015 and is set to multiply significantly in 2016.

These figures are very startling for Apple, so it’s crucial that they take a look at Microsoft’s approach to internet security. Due to their dominance of the computer market, Microsoft has had to ensure their PCs are resistant to attacks. Steps taken have included:

  • Working with hackers to understand how they have attacked Windows
  • Offering cash rewards to anyone who finds new security flaws in Windows

It’s essential that Apple take a long hard look at their Gatekeeper software and evaluate how it can be improved. If they don’t they stand to alienate their customers if ransomware attacks continue.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

No More Passwords: Could Passwords Become Extinct?

Security,
23
Feb 2016

No more passwords

We’re all used to creating and remember passwords when working with sensitive data, but could Google make the password a thing of the past?

Passwords are essential when it comes to working with PCs due to the amount of confidential data that they may contain and process. When it comes to business usage, it’s likely that you’re going to need several different passwords to access all your software and hardware needs.

Google, keen as ever to re-invent the digital wheel, has decided that perhaps it’s time to approach data security in a different manner. That’s why they’re trying to implement smartphones as the key factor in accessing data.

Let’s take a look at why Google are doing this and how they plan to achieve it.

The Problems with Passwords

Facebook-Password-Sniper-v1.2-Hack

You’re probably well aware that passwords are inconvenient. After all, the number of passwords you need to use on your PC at work can become disorientating, so it’s no surprise when you forget them. As a result you’ll tap in a couple of guesses and find yourself locked out. It’s then down to your IT team to manually reset your password.

Aside from this inconvenience, though, there are a number of reasons why passwords are not the best way of securing data:

  • Many users use the same password for all their accounts to avoid having to remember numerous passwords. It’s a nice, quick solution but if their password is hijacked then it compromises all their accounts
  • Hackers are able to use spyware and keystroke loggers to easily steal users passwords without them knowing
  • Password reset questions are often very easy to guess, so this offers an easy route into your systems for hackers

There are obviously problems with relying on the humble password, so how are Google going to take security to a new level?

No More Passwords

gmail-password-forgot

Google plans to eliminate the need for passwords to access your Google account by tapping into the modern obsession with smartphones.

Here’s how it’s going to work:

  1. You’ll head over to the Google sign in page and enter your email address as per normal.
  2. At this point your smartphone will receive a notification message asking you to confirm your login.
  3. Once you authorize this – with one tap of the “YES” button – your device (be it PC, tablet or smartphone) will be given access to your Google account.

And don’t worry if your smartphone has run out of battery or you’ve lost it. You’ll still have the option to use your password to login to your Google account.

What Does This Mean for Your Business?

Google’s vision paints an interesting future for your business and the way in which you protect your computer systems. It also highlights the lack of security behind passwords and how you need to ensure that your business is well protected from the threat of hackers.

If Google’s trial is successful then it’s likely that we’ll see this new approach to security filtering into the business world fairly quickly. And not only will it protect your data’s security, it will also reduce the amount of man hours spent resetting passwords.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 37 38 39 40 41 50