Online Security

CryptoWall 2.0: Ransomware Is Alive And Well

February 12, 2015

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

CryptoWall is the latest strain of ransomware to rise to prominence, extorting more than $1 million from victims and wreaking havoc on thousands of police departments, businesses, and individuals across the globe.

On the surface, CryptoWall is similar to its better-known predecessor Cryptolocker, another strain of crypto-ransomware. But there are many differences.

Victims are typically infected with CryptoWall by opening a malicious email attachment, though drive-by-downloads on websites are also possible. The email attachments are often zip files that contain executables disguised as PDFs.

Once infected, CryptoWall scans all mapped drives and encrypts important files. That’s an important distinction: CryptoWall will scan your local drives, but also any server mapped drives, such as an S: or N: drive. [Read more…] about CryptoWall 2.0: Ransomware Is Alive And Well

Security Tips For Your Smart Phone

November 30, 2014

Today it is fairly easy to carry out business tasks using smart phones. Emailing, browsing the Internet and even creating or editing documents is now a breeze.

So technically, smart phones are now carrying a large amount of sensitive data that needs to be protected. Not only are Smart phones subject to the same threats as PCs, but they are also quite easy to misplace and lose.

Here are a few tips that will help you mitigate some of these security risks:

Screen lock the phone
Whenever you leave your phone unattended, lock your smart phone to require a password or PIN code or set it to lock after few minutes. This will prevent unwanted access and will protect your data in case the phone is lost or stolen.

Enable remote device wipe
Check if your phone allows the memory-wipe function in case it is lost or stolen. Some phones have this feature embedded, but most others will require that you download an app and potentially pay for the service that goes with it.

Apply system updates
From time to time, smart phone vendors, mobile carriers, or hardware manufacturers update the operating systems on their phones. These updates usually include useful and necessary security-related improvements.

Turn off Bluetooth discovery mode
Many people leave their smart phones on Bluetooth-discovery mode around the clock. On some phones, this feature is set by default; however, check your phone and make sure it is disabled when you are not using it. Failing to do so, your phone will constantly be discoverable to others and allow people to connect to your device without prior authorization.

Install mobile anti-virus
Malware purveyors are increasingly targeting smart phones. It is now important to use anti-virus software for your phone just like you would do for your PC.

This is particularly important for Android devices as they are built on an open platform susceptible to malware.

Tips To Protect Your Business PC From Malware

October 31, 2014

Michael Menor is Vice President of Support Services for Tech Experts.

In today’s online world, technology users are essentially in a state of near-constant attack. Almost every day, there’s a new data breach in the news involving a well-known company and, quite often, fresh rules for protecting personal information are circulated.

Because of malware in email, phishing messages, and malicious websites with URLs that are one letter different from popular sites, employees need to maintain a high level of awareness and diligence to protect themselves and their organizations.

Phishing activities are especially pervasive, including attempts to steal users’ credentials or get them to install malicious software on their system. The astonishing success rate of phishing attacks makes them a favorite.

Why? More than 70% of people will follow the link to a phony website and, of those that followed the link, 30%-50% will routinely give up their usernames and passwords.

Many like to think of the network perimeter with all its firewalls and other fancy technologies as the front line in the cyber war, but the truth is there’s a whole other front.

Every single member of a company’s staff who uses email or the Internet is also on the front line and these people are generally considered a softer target than hardware or software. It’s simple: if the bad guys can get an employee to give up his or her user credentials or download some malware, they can likely waltz right past the technological controls, basically appearing as if they belong there.

When using a computer for personal functions, a user generally has to have the ability to install software and modify the system configurations. Typically, such administrative functions are not available to all users in a corporate environment.

As a result, even if an organization has made an effort to improve a system’s security, a user doing work on a personal computer has the ability to disable and circumvent protections and has the privileges to allow for the installation of malware.

As companies migrate toward a world of bring-your-own-device policies, some companies are developing strategies to help address these risks. But, as a rule, using a work computer for personal reasons or doing work on a personal computer (or tablet or smartphone) can significantly increase the threat level that an employer has to protect itself against.

To help their organization protect systems and data, employees need to implement some smart web browsing habits. Smart web browsing means engaging in the following activities:

Beware of downloads
Malware can be hidden, not just in applications or installation programs, but in what appear to be image and video files also. To limit the likelihood of downloading content that contains malware, only download from reputable sites. With sites that are not a household name, take the time to do a little research and see if other people have had issues.

Additionally, be sure that antivirus software is set up to automatically scan downloads. Or scan downloads manually, even when receiving them from name-brand sites, as it is not unheard of for infected files to make their way onto otherwise legitimate web sites.

This is especially true for file-sharing sites where the site owner cannot control every piece of content a user may place there.

Be wary of deceitful sites
Those running sites already breaking the law by illegally distributing copyrighted materials — like pirated music, movies or software — probably have no qualms about including malicious content in their downloads or stealing information.

Many popular web browsers today have built-in functionality that provides an alert when visiting a website that is known to be dangerous.

And if the browser doesn’t give a notice, the antivirus software may provide that function. Heed the alerts!

Employees need to protect their devices from online and in-person threats. Start by keeping the company’s system patched. Configure it to automatically apply updates or issue notifications when there are updates and then apply them as soon as possible. This doesn’t just apply to the operating system.

Keep all installed applications updated; sometimes this takes a little extra work.

Remember, the challenge of security is that the bad guy needs to find only one hole in a security system to get past it, so fix them all. Think of it as putting dead bolts on doors, but leaving the basement window wide open.

To that end, security professionals like to debate the usefulness of today’s antivirus software. And it’s true that malware continues to become more sophisticated and harder to detect. But it always amazes me how old some of the malware running around is. As a result, use antivirus software and keep it up-to-date.

Also, use a software firewall, either the Windows firewall or one provided in an antivirus package. This is especially true for laptops connected to public wireless access points at hotels or coffee shops, but it also applies to home systems. It just provides that extra layer of defense.

And finally, please, don’t ever give passwords to anyone. Be vigilant and question anything new, especially emails and forms in the web browser that request work credentials, no matter how nicely the request is made.

(Image Source: iCLIPART)

Online Banking: Safety And Security Precautions

January 17, 2014

by Jeremy Miller, Technician
There are many avenues of attack when banking online safely. Many people simply use a computer that is attached to the Internet with little to no precautions at all. Some bank online even if they know there are issues with their computer or virus infections on their computer.

I will cover three levels of precaution that you can take to ensure your online banking information stays secure: simple, advanced, and paranoid. As the level of precaution increases, it will be more time consuming and difficult but worth it if you want to keep your online banking experience safe and secure.

Simple Precautions
To keep your information secure you must make sure that your computer is fully up-to-date with all Windows Updates and other software patches. Software vendors like Microsoft release security patches regularly to close exposed security holes in their software. Without patching hackers can use known-vulnerabilities to attack your computer.

Next you must make sure that you have anti-virus software installed and it is up-to-date with the latest virus definitions. You must also have your anti-virus run scans regularly to make sure the computer is clean of any known infections.

You should always look in the Uniform Resource Locator (URL) bar to make sure the web address you are accessing is the correct one. Also make sure that the first five characters are HTTPS.

This will ensure that your traffic is encrypted, which will make your entire web traffic look like gibberish. If your first characters are only HTTP and not HTTPS then hackers would be able to read your password in plain text.

Lastly, you must only do online banking from trusted-networks like your home network or in some cases your work network. Anyone else attached to your network has the possibility to access your bank information if they have the know-how.

To be sure you are on a secure network, you should not use online banking from public or free networks that anyone can access. When you do this you ensure that only you and your Internet Service Provider (ISP) can view your online traffic.

This will also protect you from man-in-the-middle attacks (MITM).These attacks are when a hacker is in between you and your target destination usually a router. Hackers using MITM attacks will be able to see all unencrypted traffic.

Advanced Precautions
You must ensure you are implementing all simple precautions, including a few more steps you can take to up your protection level.

Run a full virus scan before accessing your online bank account each time. Your system will be clear of known infections, plus it gives you significantly less risk of an infection since your last scan. A full scan looks at every file on your computer and checks it against a known virus database.

You can also configure Windows Firewall to prompt you before allowing traffic in or out of the computer, or you can install a software-firewall to scan your active Internet traffic.

The firewall will prompt you with pop-ups to ask if specific connections are allowed. This will allow you to approve or deny all traffic on your computer. Usually firewalls have different settings to allow you to choose the level of security this firewall will provide.

Paranoid Precautions
This is the most secure of the three and implements the previous precautions. It would be best to boot to a new operating system every time you need to access your online bank account. You need to know how to change your computers boot order and how to create a bootable USB drive or disk.

There are a number of free operating systems that you can load onto a disk or USB drive. WinPE will allow you to boot into a portable version of Windows. This will be a clean installation with no additional software installed.

You can also use the more widely available bootable Linux distributions as a clean bootable operating system to access your bank information. Ensure you are getting your distribution from a reputable vendor.

Most Linux distributions are free. Downloading a reputable vendor will ensure that there isn’t malicious software pre-loaded into the operating system.

If you are interested in enjoying a safer browser experience you can contact us and we can answer any questions or concerns as well as help you implement any of these precautions.

(Image Source: iCLIPART)

Better Passwords: Keep Your Information Secure!

June 17, 2013

tlfheadshot_web — Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

It could be your email, your pictures, or your company documents and files – whatever you have on your computer needs to protected from hackers, identity thieves, nosy employees and other cyber troublemakers.

Imagine if all of your private, personal and company information were available on the public Internet. And then, take a few minutes to follow the steps below and help make your systems more secure.

Use a different password for each important service
Make sure you have a different password for every important account you have. Hackers will steal your username and password from one site, and then use them to try to log into lots of other sites where you might have an account.

Even large, reputable sites sometimes have their password databases stolen. If you use the same password across many different sites, there’s a greater chance it might end up on a list of stolen passwords. And the more accounts you have that use that password, the more data you might lose if that password is stolen.

Giving an account its own, strong password helps protect you and your information in that account.

Make your password hard to guess
“password.” “123456.” “My name is Inigo Montoya. You killed my father. Prepare to die!” These examples are terrible passwords because everyone knows them – including potential attackers.

Making your passwords longer or more complicated makes them harder to guess for both bad guys and people who know you.

Complex and lengthy passwords can be a pain – the average password is shorter than eight characters, and many just contain letters. Analysis shows that only 54 percent of passwords include numbers, and only 3.7 percent have special characters like & or $.

One way to build a strong password is to think of a phrase or sentence that other people wouldn’t know and then use that to build your password.

For example, for your email you could think of a personal message like “I want to get better at responding to emails quickly and concisely” and then build your password from numbers, symbols, and the first letters of each word—“iw2gb@r2eq&c”.

Don’t use popular phrases or lyrics to build your password—research suggests that people gravitate to the same phrases, and you want your password to be something only you know.

Keep your password somewhere safe
Research shows that worrying about remembering too many passwords is the chief reason people reuse certain passwords across multiple services.

But don’t worry – if you’ve created so many passwords that it’s hard to remember them, it’s OK to make a list and write them down. Just make sure you keep your list in a safe place, where you won’t lose it and others won’t be able to find it.

If you’d prefer to manage your passwords digitally, a trusted password manager might be a good option. Many web browsers have free password managers built into them, and there are many independent options as well.

Steps To Secure Your Social Media Strategy

February 12, 2013

Keeping your internal network secure is one of the top jobs of IT consultants like Tech Experts. You don’t want confidential company or client data to show up on the web.

But what happens when you start marketing your company on social media sites? How do you keep your company secure?

In general, cyber criminals aren’t stupid. They troll sites like Facebook and Twitter, looking to take advantage of useful information employees naively post.

A policy that educates your employees on the “Do’s and dont’s” of social media posting can save your company an enourmous amount of aggravation.

Here are a few steps to include in a social media policy to ensure social media is conducted in a secure manner. It’s important to have a solid policy if you want to ensure that your network and data remain safe from potential social media threats.

Watch where you click
Almost all social media postings contain links to other content. This is the sweet spot hackers are targeting. They place innocuous links to virus and spyware programs, or even worse, hijacked accounts of your friends and business associates.

You should tell employees involved in your social media efforts not to click on any suspicious links. If they receive links from friends that seem uncharacteristic, it’s a good idea to not click on them.

Update privacy settings
Social media sites constantly update and change security settings on their networks, leading to unexpected exposure of information you might not want indexed on the web. It’s a good idea to ensure that all of your profile information is private, and that you regularly review your privacy settings.

Don’t share personal information
This might seem obvious to you, but there are still unsuspecting users out there who share too much of their personal information on social sites. Remember, social media is all about being social. Pretty much everything you share can be viewed by others. The last thing you want is an identity thief accessing your contact information and other personal data.

Log in using HTTPS
HTTPS is a web protocol that ensures the data sent between your computer and a web site is secure and encrypted. Many social sites like Facebook, Twitter, and Google Plus support HTTPS, and you should ensure that you use it.

To use HTTPS, you simply put an S at the end of the usual http address in the URL bar of your browser. I.e., https://facebook.com will open a more secure version of Facebook. By using HTTPS you can eliminate Man-in-the-Middle attacks and other similar types of phishing.

They key thing to remember: If you don’t know them, they aren’t your friend. You’ll be miles ahead if you treat social media interactions like you do real life interactions. You wouldn’t offer a stranger your cell phone number or home address until you knew them well. The same precautions apply to your social media accounts.

Secure Online Accounts Without Sacrificing Ease Of Use

November 20, 2012

by Jeremy Miller, Technician
The Internet allows us to do so much, such as: buy things, research information, and share just about anything. There is and will always be someone out there that is going to take advantage of Internet users in one way or another.

Keeping that in mind, most places on the Internet use password authentication, this is both good and bad. It is good because you are required to enter credentials that you originally provided to enter a protected area of a website.

This may keep your data safe from most people with malicious intent. However, most people are not perfect at remembering passwords, especially complex passwords, so most people end up using the same password for many websites. This is a bad choice.

If a hacker obtains your password, they may be able to access any site on which you use that password or a similar password. The best Internet practices are to use a different complex password for each website.

Complex passwords are passwords that contain upper and lower case letters, numbers, special characters, and they must not resemble any dictionary word.

An example of a bad password is: love, password, P@ssw0rd. A good example of a complex password would be: ”n$)M1@x{1_5” 65”.

Password cracking has come a long way from brute-force dictionary based attacks, which allow a hacker to guess your password using a computer and wordlists. The use of complex passwords has become a necessity for anyone wanting to keep their information secure.

The best way to solve this conundrum is to implement a password manager. I have tried many password managers and have found the best results to be with LassPass password manager.

It is a feature rich password manager that is very secure. LassPass does not store or even know what your password is.

You can add LassPass as a browser extension or an app on your computers or mobile devices. You will only have to remember your password to LassPass to access any password protected websites.

Once LassPass is installed you simply visit a website that requires a login, such as your webmail or Facebook. Once you enter your username and password LassPass will ask if you would like to remember it.

If you choose yes it will auto fill out the information required to automatically login to the website the next time you visit it.

LassPass can also store secure encrypted notes that work great for bank logins. Most banks have a multi-stage login which is where you enter your username and password on different pages.

You can store your usernames, passwords, account numbers, and card numbers in secure notes for ease of access. All of your passwords can be accessed from any platform and any device.

LassPass also provides users with many tools that make using the LassPass password manager better such as: password generators, automatic form filling with the ability to have multiple identities, easily backup the data to local storage, on-screen keyboard to prevent key loggers, ability to share information via email, and most importantly two-factor authentication.

A two–factor authentication device allows you to use a password and a device such as a USB flash drive, YubiKey©, or Google Authenticator App to authenticate.

This improves your security because you have to have the second credential. Since that is in your possession, a cyber criminal would have to actually steal your device to hack your passwords.

Once you start to use LassPass as a password manager you will not want to return to remembering passwords or creating weak password that are easy to remember.

Give us a call to talk about improved security for your online accounts. We can help you setup the password manager and teach you how to use it. This is another way to make sure that your identity does not get compromised.

The Best Ways To Protect Yourself From Malware

August 22, 2012

By Tech Experts Staff
Users who bring their computers in to repair malware infections invariably ask the same question: “Why didn’t my antivirus stop me from getting viruses?”

So, you’re probably wondering, “If having antivirus software on my computer won’t protect me from viruses, what will?”

The fact of the matter is that while computer users are told they have to have antivirus on their PCs or risk getting infection, a machine can still get a virus despite antivirus software being installed.

Antivirus not foolproof
Antivirus software is designed to help prevent your system from becoming infected, but it isn’t foolproof. Antivirus software is constantly updated, but can be out of date for hours or even a day or two when a new infection is discovered.

Virus definitions are used to detect viruses and prevent them from gaining access to your computer. Automatic updates in antivirus software like Vipre download the updated definitions to protect your computer.

It’s the time period between when a new virus or malware is released, and the software companies can update the definitions, that your system is vulnerable.

How to protect from malware
Although no antivirus software, even the most expensive versions, offers guaranteed virus protection, antivirus software is a must have. We’ve seen a number of infections where clients have said that they were on legitimate sites at the time the infection hit their computer.

Even legitimate websites have the chance of malware being coded into them by hackers, causing that website to send the malware onto your computer.

So, the absolute best thing you can do is to have antivirus software installed.

The next best step is to be cautious about what you are looking for on the Internet. Many times, users looking for “free” items on the Internet don’t suspect that they might as well be searching for free viruses.

Hackers are crafty – targeting people looking for free downloads is an easy way to spread an infection.

Some of the most common risky items to search for are “screensavers,” “free games,” “work from home,” and “taxes.”

With the search terms shown here, it’s easy to see how computer users could easily be tricked into downloading a file or application that was laced with a virus.

Cautious browsing
The second step to preventing infections on your computer is a combination of common sense and caution.

While it may not be common knowledge as to what is and is not safe to click on while on the Internet, really what it comes down to is using common sense. There’s no such thing as a free lunch, even on the Internet – if it seems to good to be true, it probably is. It’s very important while browsing the Internet that you do not click on anything that just catches your eye. Many times, people have a tendency to click on ads, and because of this, ads have a high risk of containing malware. Don’t click on ads!

The second part, be cautious refers to everything you are doing that involves the connection to the Internet.

If you are using email, make sure you were expecting an email from the person sending it. Opening forwarded emails is a bad habit.Many viruses attach themselves to email accounts and send a lot of spam and forwarded messages which unsuspecting users click on and mistakenly download a virus onto their machine.

So to sum everything up, you should always have antivirus software installed on your computer and keep it up to date.

Even if you think you are a computer pro, keyloggers and many other items can get into your computer and run in the background undetected sending away your private information.

Always use common sense and extreme caution as to what you click on. Nothing is free and you don’t ever know for sure who or what is on the other end of that email you just happened to get in your inbox.

If you think you may have a virus or malware on your computer, or just want it checked for safety’s sake, give us a call or bring your computer in and we can check it out.

It is all too common to see viruses on machines but not actually see anything different on the computer other than it “running a little slow.”

Why You Should Avoid Using A Debit Card When Shopping Online

April 9, 2012

If you shop online (and these days, who doesn’t?), you’ll want to make sure you use a credit card instead of a debit card to protect yourself from online scams and rip offs.

The biggest advantage credit cards offer is a buffer for payment. By law, your maximum loss if your credit card number is stolen is $50, and most credit card companies and banks will cover the entire cost.

When you use a debit card, the funds come directly out of your bank account, which means you might have trouble disputing the charge if you get scammed or if you are not happy with the product or service you purchased.

Here are some other tips to make shopping online safer:

Research your merchant before buying. The Federal Trade Commission maintains a web site (www.consumer.gov) that provides many buyer’s guides, lists of tips, and links to helpful resources.

Make sure you are on a secure web site before you give your name, address or credit card details. Look for a padlock or a key symbol in the bottom corner of your screen.

Never send your credit card number in an e-mail because it can easily be stolen.

Frequently check your credit card statements for suspicious entries. If you spot anything strange, contact your credit card company immediately to question the charge.

Call the company before placing an order. See if a real person answers the phone and how difficult it is to get someone live. Ask for their return policy for damaged or inadequate goods, expected delivery dates, shipping and handling fees, and after-purchase support.

Think before you buy. If the online advertisement or junk e-mail offer sounds too good to be true, it probably is!

If you have any reason to be suspicious, you are better to err on the side of NOT buying.

Watch for hidden extras added on at checkout such as postage and packing costs, and handling fees.

VAT and customs charges for goods from overseas can add greatly to the final cost, so double check your order before you hit the final submit button.

Read the company’s privacy policy carefully. Make sure you uncheck any boxes giving the vendor permission to sell or share your information with other vendors, especially your email address.

Security Risks Of Employee Owned Devices

February 13, 2012

Employees using their own mobile devices for work may seem like a good idea at first – it’s less expense for you, the employer, and they can also make employees more productive.

However, it also means that you are allowing potentially unsecure devices to access your company’s data. The solution? An effective IT security policy that balances personal freedom to use these devices and your need to secure important business information.

As technology continues to become more affordable and accessible to consumers, it’s an inevitable fact that employers will see more and more of their employees using their own personal devices such as laptops and mobile phones to access the company’s IT system.

This can be a dangerous thing. Since these devices aren’t company owned and regulated, you have limited access and control over how they are used. Employees could download all sorts of malware and viruses on their devices and pass the infection along to your IT system when they access it.

The solution: a comprehensive IT security policy. It’s important that you find a compromise between the freedom of the employee to use the device as desired and your need to keep your IT system safe from viruses and other threats to your data’s security.

Steps such as having employees run mobile device management (MDM) software on their devices is one of many actions you can take to lessen the risk of security breaches. You may also want to implement applications and software that check and screen for malware, both for laptops and mobile devices. And don’t forget that while Android seems to have a bigger problem with malicious software, Apple isn’t exactly virus-free, either.

Employees have a right to use their personal devices as they see fit, but not at the expense of important company information stored in your IT system. Running a tight ship in terms of security is an effective way to protect your business interests and your sensitive company data.

If you are interested in knowing more about developing a concrete and effective IT security policy for personal device use as well as general system access, please don’t hesitate to give us a call so we can sit down with you and discuss a custom security blueprint tailored for your company’s network.

« Previous Page