online security

How Google Password Checkup Can Protect Your Data

March 28, 2019

Jason Cooley is Support Services Manager for Tech Experts.

While the terminology between a data breach and data leak may not seem very important, being prepared to react to compromised data is. Let’s start with knowing the difference between a breach and a leak.

A data breach is an unauthorized intrusion into any private system to access any sensitive data. Data breaches are typically the work of hackers.

A data leak may result in the same end game scenario, but differs greatly in that a leak is data left exposed or accessible, often accidentally.

While the hope is that you are protected and that your passwords are all secure, this realistically isn’t the case. You can have the strongest password possible, but depending on what information may be sold or accessible, the security can be entirely out of your hands.

Worse, a breach or leak won’t always make national news or show signs of unauthorized access.

If you see an out of state charge on your debit card, you’ll have a good idea that you didn’t make the purchase and suspect that you’ve been compromised. In the case of seeing unauthorized charges, the issue is clear.

However, say your email is compromised. It isn’t so obvious.

Perhaps the person with your credentials will monitor for a time in order to find valuable information on you or others.

There are so many ways to be compromised and so many types of information that someone with access to your account may be looking for.
In the past, I have used a few different websites to periodically check. This is obviously problematic, as reputable sources for compiling breached information are not overly abundant.

Being an IT professional, I felt comfortable looking for these sources. I do not recommend the same for just anyone.

Luckily, you no longer have to search to find any potentially compromised accounts. Google’s new extension “Password Checkup” is here to help.

Google Password Checkup is a browser extension that alerts you to any potentially compromised accounts.

While the browser extension is installed and enabled, it checks any account you log into using Google Chrome.

Now, this is not a foolproof protection blanket. While this is a great tool, it only checks against any data breaches that Google is aware of.

These are the same type of searches I mentioned earlier. While I would have to search before, Google Chrome can handle the work here.

If there is potential that your account is compromised, you should ensure you take steps to recover the account and change the passwords.

While there is no surefire way to remain safe, stay diligent. Remember to make sure your computer isn’t compromised by regularly running your anti-virus software.

Much like you lock your door at home, make sure you are taking care of your personal information.

Using Google’s Password Checkup is a great start, but it’s only a start. Change your passwords regularly and keep them unique.

A passphrase is a great way to have a password that is easy to remember but difficult to guess.

What Are The Top Cybersecurity Trends For 2019?

March 18, 2019

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Several events in 2018 brought cybersecurity to the forefront of public consciousness, as major sectors– from financial institutions to Facebook– were affected by cybercrime.

According to Forbes, 34 percent of US consumers had their personal information compromised in 2018. Security experts and business leaders are constantly looking for ways to keep two steps ahead of hackers.

Cybersecurity trends for 2019 are a popular topic. Here is what’s anticipated this year in the cybersecurity realm.

Tougher regulations
As digital capabilities are rapidly gaining a worldwide foothold, data is becoming our most highly-valued commodity. [Read more…] about What Are The Top Cybersecurity Trends For 2019?

Can Anyone Really Track Your Phone’s Precise Location?

March 18, 2019

It’s 2019 and everyone willingly carries a tracking device in their pockets. People can have their precise locations tracked in real time by law enforcement, the government, and advertising companies. It may sound like dystopian fiction, but it’s a reality.

How law enforcement can track your location
AT&T, Sprint, and T-Mobile all sell data — including geographic locations associated with customer phone numbers — to a variety of sketchy third-party companies. This data, for instance, can be used by the bail bond industry to track people down, sometimes as accurate as a few hundred feet of their location. There’s not much oversight and rogue bounty hunters have access to the data. And this isn’t even a new problem.

Back in May 2018, The New York Times reported that this could happen. After the story broke, cellular carriers promised to do better. AT&T, Sprint, and T-Mobile have all promised to stop selling this data to aggregators. And it appears that Verizon already stopped before the New York Times story.

How the government can track your location
It’s worth emphasizing that the government itself can still get access to your location data from your cellular company. They just need to get a warrant, then serve that to your cellular service provider.

If the technology exists, the government can get access to it with a warrant. It is quite a change from decades ago when the government had no way to track people’s real-time locations with a device that’s nearly always on their person.

The government doesn’t even need to get your cellular company involved. There are other tricks they can use to pinpoint your location with even better accuracy, such as by deploying “stingray devices” near you. These devices impersonate nearby cellular towers, forcing your phone to connect to them.

How advertisers can track your location
It’s not just your cellular carrier. Even if your cellular carrier perfectly safeguarded your data, it’d probably be very easy to track you thanks to the location access you’ve given to apps installed on your smartphone.

As innocuous as they may seem, Weather apps are particularly bad. You install a weather app and give it access to your location to show you the local weather. But that weather app may also be selling your data to the highest bidder. You likely didn’t pay money for your weather app, so the developers will need to make money somehow to keep the lights and servers on.

The city of Los Angeles is currently suing the Weather Channel, saying that its app intrusively mines and sells its users’ location data. Back in 2017, AccuWeather was caught sending its users’ location data to third-party advertisers — even after updating the app to remove that feature.

It’s best to avoid giving third-party apps access to your location. Stop using third-party weather apps and use your phone’s built-in weather app instead.

How your family can track your location
Your phone is capable of determining its location and sharing it in the background, even if the screen is off.

You don’t need to have an app open. You can see this for yourself if you use a service like Apple’s “Find My Friends,” which is included on iPhones. Find My Friends can be used to share your precise real-time locations with family and friends. After you give someone access, they can open the app, and Apple’s servers will ping your phone, get your location, and show it to them. Of course, this is only with your permission, but it just shows how pervasive this technology is.

Inside The United States Of Cybersecurity

February 22, 2019

Last year, Alabama and South Dakota passed laws mandating data breach notification for its residents.

The passage meant all 50 states, the District of Columbia and several U.S. territories now have legal frameworks that require businesses and other entities to notify consumers about compromised data.

All 50 states also have statutes addressing hacking, unauthorized access, computer trespass, viruses or malware, according to the National Conference of State Legislatures (NCSL). Every state has laws that allow consumers to freeze credit reporting, too.

While those milestones are notable, there are broader issues when it comes to legislative approaches to cybersecurity across the United States. There are vast discrepancies and differences among states when it comes to cybersecurity protection. [Read more…] about Inside The United States Of Cybersecurity

Top 5 Cybersecurity Predictions For 2019

February 4, 2019

Cyber threats are a genuine danger for businesses, no matter their size or industry. Companies that face data breaches are likely to fail within months after the attack, according to the National Cyber Security Alliance. Security issues can ruin your reputation and cause expensive damage to your company.

In 2019, we are already predicting increased cyber crimes to steal more data and resources. The FBI reported that over $1.4 billion in losses were experienced by companies and individuals in 2017.

These expenses come from increasing security, losing information, losing physical resources, ransomware payouts, scams and more. The most significant sources of cybercrime included: [Read more…] about Top 5 Cybersecurity Predictions For 2019

HTTPS And Why The Internet Still Isn’t Secure

February 4, 2019

Frank DeLuca is a field technician for Tech Experts.

HTTPS stands for “Hyper Text Transfer Protocol Secure” and it is the secure version of HTTP, the protocol over which data is sent between your browser and the website you’re connected to.

Most web traffic online is now sent over an HTTPS connection, making it “secure.” In fact, Google now warns that unencrypted HTTP sites are “Not Secure.”

So why is there still so much malware, phishing, and other dangerous activity online?

“Secure” Sites Have a Secure Connection

In previous iterations of Chrome, it used to display the word “Secure” along with a green padlock in the address bar when you were visiting a website using HTTPS. Modern versions of Chrome simply have a little gray padlock icon next to the navigation bar, without the word “Secure.”

That’s partly because HTTPS is now considered the new baseline standard. Everything should be secure by default, so Chrome only warns you that a connection is “Not Secure” when you’re accessing a site over an HTTP connection.

The reason for the removal from displaying the word “Secure” is that it may have been a little misleading. It may have easily been misconstrued to appear like Chrome was vouching for the contents of the site as if everything on the page is “secure.” But that’s not true at all. A “secure” HTTPS site could be filled with malware or phishing attempts.

HTTPS Does Not Mean A Site is “Secure”

HTTPS is a solid protocol and all websites should use it. However, all it means is the website operator has purchased a certificate and set up encryption to secure the connection.

For example, a dangerous website full of malicious downloads might be delivered via HTTPS. The website and the files you download are sent over a secure connection, but they might not be secure themselves.

Similarly, a criminal could buy a domain like “www.bankofamerica.com,” get an SSL encryption certificate for it, and imitate Bank of America’s real website. This would be a phishing site with the “secure” padlock, but again, it only refers to the connection itself.

HTTPS Stops Snooping and Tampering

Despite that, HTTPS is great. This encryption prevents people from snooping on your data in transit, and it stops man-in-the-middle attacks that can modify the website as it’s sent to you. For example, no one can snoop on payment details you send to the website.

In short, HTTPS ensures the connection between you and that particular website is secure. No one can eavesdrop or tamper with the data in-between.

HTTPS Is An Improvement

Websites switching to HTTPS helps solve some problems, but it doesn’t end the scourge of malware, phishing, spam, attacks on vulnerable sites, or various other scams online.

However, the shift toward HTTPS is still great for the Internet. According to Google’s statistics, 80% of web pages loaded in Chrome on Windows are loaded over HTTPS. Plus, Chrome users on Windows spend 88% of their browsing time on HTTPS sites.

This transition does make it harder for criminals to eavesdrop on personal data, especially on public Wi-Fi or other public networks. It also greatly minimizes the odds that you’ll encounter a man-in-the-middle attack on public Wi-Fi or another network.

It’s still no silver bullet. You still need to use basic online safety practices to protect yourself from malware, spot phishing sites, and avoid other online problems.

October Is National Cybersecurity Awareness Month

October 11, 2018

Online security is something that should get everyone’s attention. Threats exist all around us: ransomware, viruses, spyware, social engineering attacks and more. There’s so much you need to know to keep your personal and business information safe.

But where do you start?

As trusted cybersecurity professionals, we want to help you get educated and stay informed.

That’s why during National Cybersecurity Awareness Month our goal is to give you all the information you need to stay secure.

How can we help? We’ll be sharing valuable and timely information on cybersecurity in blogs, in our newsletter, and on all of your favorite social media sites. [Read more…] about October Is National Cybersecurity Awareness Month

The Ransomware Threat Is Growing – Here’s Why

July 26, 2018

One of the biggest problems facing businesses today is ransomware. In 2017, a ransomware attack was launched every 40 seconds and that number has grown exponentially in 2018. What are the main reasons for this type of escalation and why can’t law enforcement or IT experts stop the growing number of cyber-attacks?

Ransomware Trends
One of the reasons involves the latest trends. The art of ransomware is evolving. Hackers are finding new ways to initiate and pull off the cyber-attack successfully.

Hackers rarely get caught. So, you have a crime that pays off financially and no punishment for the crime. The methods of attack expand almost daily. Attack vectors increase with each new breach. If cyber thieves can get just one employee to click on a malicious link, they can take over and control all the data for an entire company. [Read more…] about The Ransomware Threat Is Growing – Here’s Why

Attackers Embed Malware In Microsoft Office Documents To Bypass Browser Security

July 26, 2018

Chris Myers is a field service technician for Tech Experts.

Cyber attacks continue to increase at a rapid rate. In 2016, there were 6,447 software security vulnerabilities found or reported to authorities. In 2017, that number rose to 14,714, more than double the previous year. Halfway through 2018, we are at 8,177 with no signs of slowing.

One of the biggest avenues of attacks is Adobe Flash Player, which has been a leading source of vulnerabilities for over 20 years.

Modern browsers have been phasing out Adobe Flash over the past 5 years. In December 2016, Google Chrome completely disabled Flash Player by default.

Mozilla Firefox started to block the most vulnerable parts of Flash Player by default in 2016 and 2017.

The latest Flash Player vulnerability, designated CVE-2018-5002 by Adobe, aims to circumvent those browser changes by hiding the attack in a Microsoft Excel file, which is then distributed by targeted emails disguised as legitimate bulletins from hiring websites.

To hide this from anti-virus software, the hackers went another step further by not including the malicious code directly in the Excel file. Instead, they just embed a small snippet that tells the file to load a Flash module from somewhere else on the Internet. Due to this, the file appears to be a normal Excel document with Flash controls to anti-virus applications.

CVE-2018-5002 is what’s known as a Zero Day vulnerability, which means it was used by attackers before it was discovered and patched.

This particular vulnerability appears to have been used in the Middle East already.

In one instance, businesses in Qatar received an email that mimicked “bayt.com,” a Middle Eastern job search website. The attackers sent the email from “dohabayt.com.”

With Doha being the capitol of Qatar, it was easy to assume that dohabayt was simply an extension of the main website.

However, a true branch of bayt.com, known as a subdomain, would be separated by a period like so: doha.bayt.com. Once the target was tricked into opening the email, they were directed to download and open the attached Microsoft Excel file named “Salaries.”

This was a normal-looking table of average Middle Eastern job salaries, but in the background, the attack was already going to work.

How To Avoid Being Infected
The fake email scenario described above is known as phishing. Phishing is the attempt to disguise something as legitimate to gain sensitive information or compromise their computer.

The word phishing is a homophone of fishing, coined for the similarity of using bait in an attempt to catch a victim.

The attack described above was a type of phishing known as spear phishing, where the attacker tailored their methods specifically to the intended victim.

They disguised the email as a local site used for job or employee hiring, and the file as a desirable database of salary information.

Phishing emails are most easily identified by checking the sender’s email address. Look at the unbroken text just before the “.com”.

If this is not a website known to you or if it contains gibberish such as a random string of numbers and letters, then the email is almost always fake.

While the attack above was sophisticated, most phishing emails simply try to trick the user by saying things like “Your emails have been blocked, click here to unblock them” or “Click here to view your recent order” when you did not actually order anything.

Always be vigilant. When in doubt, forward the email to your IT department or provider for them to check the email for viruses or other threats.

How Can You Improve Your Online Privacy?

July 26, 2018

Jason Cooley — Frank DeLuca is a field technician for Tech Experts.

You have probably heard about the myriad of security blunders that have plagued the business and IT worlds. We’ve seen considerable security and privacy miscues from some of the world’s biggest businesses, organizations, and government agencies.

This includes data breaches, attacks from hackers, privacy concerns, and theft where massive amounts of private user data were lost and/or misplaced. If major institutions can fall victim to these privacy and security lapses, then so can individuals and society at large.

The Internet can certainly be a scary, confusing place, especially for the uninitiated, but there are many ways in which you can protect yourself, mitigate risk, and increase your privacy while having an online presence.

Use Strong Passwords For Your Sensitive Accounts
Using strong, unique passwords (symbols, long phrases, capitalization, punctuation) can help you avoid that gut-wrenching feeling that you get when you realize that someone has hacked your account and has access to your personal information. Not knowing what’s going to happen to your work or your memories is something no one wants to experience.

Creating strong and unique passwords for each of your online accounts is a smart practice. The reason is quite simple: if one of your online accounts is hacked, then the others will soon follow. Consider a password manager like LastPass or Keeper to create, store, and manage your passwords.

Don’t Allow Or Accept Cookies From Third Parties
The purpose of the computer cookie is to help websites keep track of your visits and activity for convenience. Under normal circumstances, cookies cannot transfer viruses or malware to your computer.

However, some viruses and malware may try to disguise themselves as cookies, replicating after deletion or making it easier for parties you can’t identify to watch where you are going and what you are doing online.

Because cookies are stored in your web browser, the first step is to open your browser. Each browser manages cookies in a different location. For example, in Internet Explorer, you can find them by clicking “Tools” and then “Internet Options.” From there, select “General” and “Browsing history” and “Settings.”

In Chrome, choose “Preferences” from the Chrome menu in the navigation bar, which will display your settings. Then expand the “Advanced” option to display “Privacy and security.” From there, open “Content settings” and “Cookies.”

Use A VPN Or VPN Provider
A virtual private network, or VPN, can help you secure your web traffic and protect your anonymity online from snoops, spies, and anyone else who wants to steal or monetize your data.

A VPN creates a virtual encrypted tunnel between you and a remote server operated by a VPN service. All external Internet traffic is routed through this tunnel, so your data is secure from prying eyes. Best of all, your computer appears to have the IP address of the VPN server, masking your identity.

To understand the value of a VPN, it helps to think of some specific scenarios in which a VPN might be used. Consider the public Wi-Fi network, perhaps at a coffee shop or airport.

Normally, you might connect without a second thought. But do you know who might be watching the traffic on that network? If you connect to that same public Wi-Fi network using a VPN, you can rest assured that no one on that network will be able to intercept your data.

Additional tips: keep your Windows operating system and your applications such as Microsoft Office up to date at all times, don’t post private information on your social media accounts, and use browser ad/tracking blockers.

« Previous Page