10 Security Best Practices for Businesses

Security,
24
Oct 2015

banner-05

It’s essential for businesses to protect their data assets from any potential security threat. Here are tips to help your business achieve this.

The world of IT security, however, can be an intimidating landscape and many business owners struggle to put a plan of action together. And this leaves them vulnerable to security attacks.

Thankfully, though, we’ve learned a thing or ten about protecting data from rogue elements and will be sharing these security best practices with you.

  1. Segment Your Networks
    ibwf_diagram_3

One of the best strategies to minimize data loss is by segmenting your networks. The use of firewalls between each network segment will prevent attackers gaining access to all of your data at once. It’s likely that this frustration will lead to attackers giving up and heading elsewhere.

  1. Visualize What You’re Securing

Data, in its purest form as binary code, isn’t something you can physically see. And it’s this lack of physical mass which means it’s difficult to assess the knock on effect of implementing new security policies. To prevent leaving your business open for attacks, keep detailed visibility records of your networks and their configurations. This allows you to make future changes which won’t compromise your security.

  1. Don’t Give Everyone Admin Rights
    1311_WindowsPromote2

There needs to be a level of control when it comes to your network, so you can’t issue everyone admin rights. Sure, it may save users a little time in sorting out network issues such as installing new hardware, but it also sets your network up for an attack by making admin rights less privileged.

  1. Keep Tabs

It’s vital that you create a ‘security knowledge’ database to help keep everyone on the same page as to who has specific access to which security features. This allows a hierarchy to be observed and easy to understand processes to be carried out when dealing with applications or even decommissioning them.

  1. Carry out Security Training

Everyone in your organization will need to undergo some form of security training. This allows your business, as a whole, to be more secure from attacks. And it doesn’t need to be intense training either, it may be as simple as going through the company IT policy with new starters or regular email updates about current viruses and malware.

  1. Regularly Patch your Systems
    3

The easiest security attack is one that targets a known vulnerability e.g. an opportunity to get into your system via a ‘back door’ in a piece of software. Therefore, always make sure you install every patch you’re offered as it could make a huge difference to your chances of staying secure.

  1. Analyze your Security Stats

The only way to confirm that your security efforts are working is to analyze their performance every month. This is why you will want to measure metrics such as number of attacks, user errors etc. to monitor exactly which direction your security is heading in.

  1. Communicate with Other Teams
    cross functional team

Communication needs to be clear and defined between your security team and other in-house teams to guarantee high levels of security. Any changes that are made in-house need to be communicated between security and the corresponding team to allow security provisions to be updated/implemented. Likewise, your security team has to inform all other teams of any upcoming security changes to keep everyone aware.

  1. Reduce Outbound Access

Many data thefts occur from within businesses, so it’s good practice to limit the amount of outbound access available. So, if, for example, your business has no need to use Google Docs then put a block on it and prevent any data leaking out via this avenue. Don’t forget: insider data theft can not only be disastrous, but also highly embarrassing.

  1. Automate Certain Security Tasks

It’s a tough job to monitor every single aspect of your data security, so why not automate some of the more basic tasks e.g. monitoring unauthorized attempts at bypassing firewalls. This gives your security team more time to concentrate on more complex security issues.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Google Chrome Helps Block Flash Ads

Internet, , ,
05
Aug 2015

frame_ext

Wouldn’t it be great if you could block Flash ads which drain your PC’s resources? New features in Google Chrome disable flash ads automatically.

The Problem with Flash Ads

There is nothing more irritating than loading up a webpage and beginning to devour the content on offer when, out of the blue, a noisy Flash advert pops up and takes over your speakers.

It jars your concentration and means you lose focus on that amazing article about Malware you were enjoying.

Yep, we’ve all been there and we’ve all rolled our eyes and tutted aloud!

Unfortunately, for users of Chrome, the only choice they’ve had in these situations is to take a heavy handed approach to Flash plugins (tiny pieces of software embedded in a webpage). The choice has been to either allow all Flash plugins or disable all Flash plugins.

Now, with the dynamic nature of the web these days it’s impossible to disable all Flash plugins or you’ll find that you miss out on key information e.g. some older website still use flash to deliver the content you want.

Taking on the Ads

adobe-and-google-logos

Google, as we all know, are pretty much the guardians of the internet these days. They protect us from dangerous websites, offer us incredibly personalised search results and even find us the best price for a pair of jeans.

It’s this dedication to customer service which has inspired them to go that little bit further and make our web experience smoother than ever.

This is why Google has teamed up with Adobe (creators of Flash) to tackle this advertising nightmare through the Google Chrome browser.

Hitting the Pause Button

By utilising intelligent software, Google and Adobe have managed to program the latest beta version of Chrome to give context to content on a web page.

Say, for example, you’re on a website which features IT tutorials and you want to view their video on how to setup printers. If there’s a series of Flash adverts trying to sell you holidays to Brazil then Chrome will be able to determine which one to silence.

And, believe me, you won’t be hearing about holidays to Rio de Janeiro for long!

No piece of software, of course, is 100% fool proof so, yes, there’s a chance that Chrome could accidentally pause your video tutorial on printers. But the key word here is “pause”. No content will ever be blocked and it will all be readily available at the click of a button.

Thumbs up for Chrome

Google is cooking up something special with this latest advancement in browser software and we can only applaud them for it. We wouldn’t stand for an advert popping up unannounced in the middle of a TV show, so why would we tolerate it online?

The feature is currently only available in the Chrome desktop Beta version, but all the signs are pointing to it becoming a permanent Chrome feature in the near future, so keep your eyes peeled.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

3 new security features for Windows 10

Security,
21
Jul 2015

Win10-security

With the release of Windows 10 just around the corner, learn about three new security features in Windows 10 being introduced in the operating system.

Microsoft has been branding Windows 10 as a system that will include security upgrades like biometric authentication and app-vetting.

Learning from past mistakes, Microsoft took note from the after the disappearance of the start menu in Windows 8. In fact, many users found it a challenge to navigate through Windows 8 because of the heavy tile-like set up. Windows 10 will bring the start menu back along with Cortana – a personal assistant and new browser called Edge. It is said that Microsoft is trying to emulate the Smartphone experience for a PC or a laptop with Windows 10.

Here are three interesting security features coming to Windows 10:

Device Guard

Device guard is a feature that will automatically block applications that lack an authentic vendor signature. Lenovo, Acer, HP are teaming up with Microsoft to utilize device guard on all their devices using Windows based services.

This feature will protect users from malware. When a user executes an app, Windows will run a credential check and notify the user about whether or not to trust the app. Device guard is unique because it can make these analytical decisions outside of window’s OS – which is known to be susceptible to hackers and malware.

Device guard is different from antivirus software as it is immune (for now) to stealth attacks and tampering. However it will guide your antivirus by flagging questionable apps. It will be functional even if Windows Kernel is not.

Windows Hello

windows-hello

Imagine your fingerprints, iris or your face being the key to access to your computer. Biometrics makes it all possible without the need to worry about passwords. Windows Hello attempts to make users immune to password hacking attacks as it lets them carry out their every-day online activities without having to key in a password or store one on your device or a network server. Your device will need a sensor to register such biometric information. So unless you are planning to buy a new device capable of Windows Hello, you won’t be able to experience it.

Passport

Windows-Passport

Microsoft is streamlining passwords by introducing Passport. Passport will allow you to access apps and services online without entering a password. This will be done by using a ‘pin’ or Microsoft hello. Before authenticating, Microsoft will be able to verify if you are in possession of your device. Passport will use Microsoft’s Azure Active Directory Services to accomplish this task.

For more ways to stay informed with new technologies, contact your local IT professionals.

Read More

Customer Accounts Drained Through Starbucks App

Security, ,
16
Jul 2015

coffee_on_computer_key

A recent security loophole has affected Starbuck’s customers thanks their mobile app. Read more on this story to learn how it happened and how to avoid it.

For some unlucky coffee lovers, it was not a great morning when they found that hackers were draining their bank accounts through Starbucks mobile app. Starbucks were not the prime target as many would think. The sneaky attack was aimed at users who were directly impacted by the latest Starbucks hacking incident.

Point of entry

It seems that the attacker had spotted vulnerability in Starbucks’ app that permits multiple attempts to guess the correct password.starbucks-tb

Not only did user’s passwords become compromised, the attack exposed some users with the same ID and password for logging into other existing accounts. In theory, this could give an attacker the keys to access and “drain” your online banking accounts and other significant accounts where shopping transactions are permitted.

Considering that 18% of Starbucks’ total transactions are made via their app, its imperative for Starbucks to take corrective measures to handle this issue.

The dirty deed

It’s estimated that $2 billion dollars were made in transactions via mobile payments alone in 2014. Yet, it was incredibly easy for the hackers to carry out this hacking attack.

  • The attackers managed to acquire stolen passwords and ID’s from “black-hat” sources.
  • The attackers used a program to test out combinations of stolen ID and password on the Starbucks app until they successfully gain access into an account.
  • These programs are believed to be sophisticated and efficient enough to process thousands of ID and password combinations every second.
  • Once the attackers were able to access an account, they’d add a gift card to it.
  • After adding the gift card, hackers would then typically transfer all the money from the user’s main account on the app to the gift card itself.
  • The gift card is then managed entirely by the hackers who pocket all the funds.

The real danger lies on what other accounts the hacker may have access to once they’ve compromised an account through the Starbucks App. PayPal account or Credit Card details are also at risk as these can be linked to Starbucks accounts. All this can lead to unimaginable financial damage in both the short and long run.

The “Gift” card

Ever wondered what happens to the money transferred to the gift cards?

Hackers or thieves, whichever way you look at it, will sell or resell these gift cards for their face value. They sometimes fetch less on the internet, churning real dollars out of Starbucks dollars. It may be worth holding on to your real wallet for a little longer!

635671531553796731-star

The whole Starbucks hacking ordeal was first reported by consumer journalist, Bob Sullivan. In fact CNN-Money was able to interview many who had experienced same scandals in the past. The interviews reveal Starbucks slacking on security procedures by not having enough secure authentication processes in place for transactions. For instance, transactions involving those who deposit money onto gift cards or initiate money transfers from bank accounts.

How to stay protected

If ever you’ve been a victim of such a scam, then we suggest you put in a complaint about it to Starbucks ASAP. They will most likely investigate the matter; however you may be prompted to take it up with you bank or PayPal.

Also be sure to update, cycle and change your passwords at your earliest convenience. If you suspect your account details were stolen, your old account credentials may have been sold under scheming “underground” trade sites that buy lists of user credentials.

Many customers have uninstalled the Starbuck’s app and have started to pay with cash or with credit/debit cards. We suggest you follow this advice too until tighter security measures are put in place.

For more ways to safeguard your personal data, contact your local IT professionals.

Read More

Summary of the NSA Malware Discovery

Security, ,
21
Jun 2015

nsa-malware-hard-drives-570

Security firm Kaspersky reveals malicious National Security Agency (NSA) malware hidden in drivers and firmware around the world. Read the summary here.

Kaspersky exposes NSA malware built into hard drives worldwide

Sitting on millions of hard drives across the globe lays a deep rooted NSA malware designed to spy on computer activity, which has also been noted to have done so for over a decade!  The NSA is responsible for gathering electronic intelligence on behalf of the U.S. government.

The majority of brands such as Seagate, Toshiba, Western Digital and many others, have had the tampered firmware built into their hard drives, according to the security software giant Kaspersky.

As many as 30 countries around the globe have the spyware infection implanted on their personal computers. Prime targets have been found to be military and government bodies, banks, energy companies, telecommunication firms and many others.

Most of the targets are from countries such as Afghanistan, Algeria, China, Mali, Mexico, Pakistan, Russia, Syria and Yemen; however it has been picked up in other western countries such as the UK, and parts of Europe.

The party behind all of this has been branded with the name “The equation Group”, who cleverly gained access to the various different firmware’s source code and cracked complex encryption algorithms. They’ve used their highly skilled ability to infect and access very specific targets.

Kaspersky has not named the firm responsible for all the spying operations. It’s believed to be strongly related to the Stuxnet attack which was led by the NSA. Stuxnet was a campaign designed to attack the uranium enrichment facility in Iran.

The Factors behind the Malware’s success

  • The malware, reported as a  dll file, is able to resist computer reformats and hard disk wipes in a ploy to reinfect the host.
  • Ironically, this has impressed Kaspersky Labs in the sense of a piece of hardware having the ability to cause re-infection to a pc. They described it as “ground-breaking technology”.
  • The malware was coded into the hard drive’s firmware, which is the software that allows it (the hardware) to run. For instance, when a computer is switched on it’ll access the firmware to talk to hard drives and other system hardware.
  • In the case of the dll file, a computer will end up getting re-infected as the firmware is needed to use the hard drives.
  • The spy program could work on any hard disk currently sold on the market.

How did it get there in the first place?

NSA-Listens-Shirtmock

It begs the question as to how such malware could have been embedded into the firmware of so many hard drives and to the majority of hard drive companies in the first place?
According to Kaspersky’s director, Costin Raiu, the makers of the spyware must have been able to have had access to the actual source code of each and every infected hard drive. The source code holds the structure, and when in the hands of a third party programmer, this can permit vulnerabilities to be identified and used to harbor malware within it and used for attack.

Raiu continued to add, that’s there’s little chance for the hard drive firmware to be rewritten by just anyone with the use of public information.

Most hard drive companies would not officially disclose whether or not they’ve allowed any such NSA agency officials to access the source code. However Western Digital, Seagate and Micron spokesmen have stated that they have not allowed their source code to be tampered with and take security very seriously.

Despite this, it is still possible for undercover NSA coders to have been employed by any given hard drive manufacturer over a decade ago or disguised as software developers to acquire the source code. It is also likely for hard disk code evaluations to have been requested on behalf of the Pentagon. All are theories of how social engineering could have been part of “the equation”.

This has now made many corporate giants, like Google and others in the US, rethink who could have attacked them back in 2009, which was originally pinned on China.

Evidence exists of hackers having reached the source code from various large American technology and defense corporations, according to reports from investigators.

For more ways to secure your data and systems, contact your local IT professionals.

Read More
1 38 39 40 41 42 49