Don’t Become a Victim of Social Engineering

Social EngineeringYou can have the best in computer and network security but if you or one of your staff members inadvertently give out some information all the security can come to nought.

Social engineering is the art of manipulating other people to take certain actions or divulge private information. Some hackers use social engineers techniques and skip the hassle of writing code and go straight for the weakest link in your security defenses – you and your employees. A seemingly innocent phone call or email may be all it takes to gain access to your computer systems, despite having solid software and hardware protections in place.

Here are a few ways on how social engineers work:

Email: Pretending to be a co-worker, supplier or customer who needs a simple piece of information. It could be a money transfer, contact person or some sort of personal details that they pretend they already know, but simply don’t have in front of them. The hacker may also create a sense of urgency or indicate fear that they’ll get in trouble without this information. Your employee is naturally inclined to help and quickly responds with a reply.

Phone: Posing as IT support, government official or even a customer, the hacker can manipulate your employee into changing a password or giving out information. These attacks are hard to identify and the hacker can be very persuasive, even using background sound effects like a crying baby or call-center noise to trigger empathy or trust.

In person: A person in uniform or a repairman can easily get past most people without question. The social engineer can then quickly move into sensitive areas of your business. Once inside, they become invisible and are free to install network listening devices, read a Post-it note listing passwords or gain information and tamper with your business in other ways.

It’s impossible to predict when and where (or how) a social engineer will strike. The above attacks aren’t particularly sophisticated but can be extremely effective. Your staff have been trained to be helpful, but this can also be a weakness.

So what can you do to protect your business? First, recognize that not all of your employees have the same level of interaction with people, the front desk person taking calls and welcoming visitors is at higher risk than the back office or factory worker. We recommend cyber-security training for each level of risk identified and focus on responding to the types of scenarios like those listed above. Social engineering is too dangerous to take lightly.

Talk to us about your cyber security options today. Call us at 08 8326 4364 or at support@dpcomputing.com.au

How to Search Safely With Google

Search Safely With GoogleWe all love Google, quickly finding everything we need on the Internet. It’s replaced dictionaries, encyclopedias, instruction manuals, newspapers and in many cases, even doctors. However, sometimes your search results aren’t the real thing and can be downright malicious. Here’s how to search safely:

Pay attention to the URL in Google

Below every result title there’s a URL in green. No matter what the title says, this URL is where your click will take you. Unfortunately, cyber-criminals will often list their site with a familiar and trusted title but link you to their scam/malware pages.

For example, the title could be your bank name (eg, Example Bank), which seems legitimate, but the URL could be www.baabpjhg.com which is obviously not your bank. Sometimes they’ll attempt to trick you by putting the real site into the link too, eg www.baabpjhg.com/examplebank.com which makes it even more likely to catch you when skimming through results quickly. When you visit the page, it might look exactly like your bank’s site and ask for your login details, which are then harvested for attack. While jibberish in the link is pretty easy to spot, sometimes they’ll take advantage of a small typo that you can easily miss. For example, www.exampebank.com (missing the letter L).

Notice Google search results vs paid ads

Google does a pretty good job at making sure the most relevant and legitimate sites are at the top of the list. However paid ads will usually appear above them. Most of the time, these paid ads are also legitimate (and you can quickly check the URL to verify), but occasionally cybercriminals are able to promote their malicious site to the top and catch thousands of victims before being removed.

Believe Google’s malicious site alerts

Sometimes Google knows when something is wrong with a site. It could be a legitimate site that was recently hacked, a security setting that’s malfunctioned, or the site was reported to them as compromised. When this happens, Google stops you clicking through with a message saying “this website may be harmful” or “this site may harm your computer”. Stop immediately, and trust that Google has detected something you don’t want in your house.

Turn on safe search

You can filter out explicit results by turning on Google Safe Search. While not strictly a cyber-security issue, it can still provide a safer Google experience. Safe Search is normally suggested as a way to protect browsing children, but it also helps adults who aren’t interested in having their search results cluttered with inappropriate links, many of which lead to high-risk sites. Switch Safe Search on/off by clicking Settings > Safe Search.

Need some help securing your system? Give us a call at 08 8326 4364.

Get Back A Brand New Computer With A System Refresh

Computer Refresh

Remember how well your computer ran when you first brought your computer? It was booting fast and files were whizzing around at light speed no matter how many tabs you had open. Then after a period of time it become slower and started taking forever to do anything. All that zip and speed you loved so much was gone

The good news is you may NOT need a new computer, you simply need what we call a “format and reload”. This will

Clear the clutter: Over time as you install applications you collect associated files and options everywhere. This gets worse when you uninstall and upgrade the programs as not all the unnecessary files and settings get automatically removed. All that uninvited clutter is slowing your system down and making it hard for you to find the things you need. Simply put, it’s a mess. Our technicians can clean your system back to pristine in no time.

Beat viral overload: Is the virus really gone? Sometimes a virus has multiple layers and can bury itself so deep that anti-virus programs don’t see it. Despite getting the all-clear from your anti-virus, you might also still be seeing the issue reoccuring. Perhaps the virus made a mess of your internal file structure, left pieces of code all over the place, or deleted files essential for smooth running. When an infection has been cleared but the system is still running slow, we recommend dropping it into our store asap for a check-up and refresh.

Assess incompatible software: Installing a new piece of software can sometimes produce unexpected results. While your system met the hardware and operating system requirements it may not play nice with your other applications. They can be fighting over the same resources, system files, or clashing with one of your hardware components. Clearly, something isn’t quite right, but you’re not sure what. Our team loves to play detective and get your system back to normal.

Archive older files: Some of your files you definitely want to keep. Your financial records, client files etc are all important and need to be kept – but are they important to keep sitting on your desktop? They are not just slowing your computer down, you’re at risk of losing them in a crash. It’s much safer to archive them to an external drive or cloud storage, simply let us know what you’d like to keep and we cab arrange to archive them to a safe spot.

What exactly is a computer refresh? It’s like a car tune-up, but more flexible. Rather than tick the boxes saying we’ve changed the oil, cleaned the filters etc, we treat each computer as a unique case. Sometimes we can tune it up in a few minutes, and that’s all it needed. Sometimes it’s worth starting over like from day one.

We can reinstall Windows and migrate your data (docs, emails, financial records, bookmarks, etc), putting back only what you WANT to keep. The rest of the clutter that built up over time or piggy-backed on a virus gets flushed away. We can also set up your email and install any devices you need, like printers. It’s doing whatever is necessary to give you a fresh start with your computer, but keeping the essentials.

Ready to get back up to speed? Give us a call at 08 8326 4364 or email at support@dpcomputing.com.au.

Keep Your Systems Up to Date

Computer Updates

Updating your computer systems and associated business software is one of your best protections against cyber-attack, but actually running the updates is a task that businesses often overlook. Either they take too long, they pop up at inconvenient times, don’t know when an update is available or simply don’t know what to do. Do you have a plan in place to ensure all your tech is up-to-date or are you flying by the seat of your pants?

Emergency updates are a killer

Most businesses update their software only when the computer technician comes to fix a different problem. The tech runs the update before they leave but as time goes on the systems sit there with ever-widening security gaps… until another breach happens and the techs are called back for another band-aid solution. Emergency only updates in a break/fix model are a great little earner for those techs but not so good for your uptime and system security.

Finding time for maintenance

To keep your business up and running securely, you need someone who lives and breathes IT. They need to know when and how to apply all the patches and how to make sure all your other tech is playing nice (and may be even do it all after-hours to save you downtime). Businesses that have an in-house IT specialist should be set – and they should already have an update plan. But if you don’t have a qualified IT team, outsourcing to an IT specialist is the perfect solution. You get highly skilled technicians remotely applying your network updates at a time that suits you.

What else needs to be checked?

Beyond running security patches, it’s important to keep your business moving forward. Here are a few areas our techs look at as part of our regular service plans:

Hardware health: The last thing you want is days of downtime after a piece of hardware dies. By not staying on top of your hardware health, you are opening yourself up to lost productivity, lost income and unknown delays. Our services can assess and replace components before they break.

Operating system expiry: Keeping an operating system after the manufacturer ceases support can leave your business wide open for attack. It is simply not a good combination and can cause compliance issues in certain industries. Our managed service technicians will advise you of any changes coming up for your OS and suggest the best upgrade for your needs.

Legacy programs: Updates to your software have the potential to disrupt older program that can result n errors, slow performance or even downtime. With technology advancing so fast, we often find additional requirements are required before updates can be installed. Our technicians always make sure to check for compatibility as a whole before running an update.

Staying on top of your maintenance and upgrades can be a huge challenge for small business. Outsourcing to our regular service plans can help more than your budget – call us today at 08 8326 4364 .

How The ‘KRACK’ Wi-Fi Security Issue Affects Us All

WPA2 KrackedThe invention of Wi-Fi or wireless networking has been a dream come true. We can use our laptops and tablets anywhere in the office and our phones are using the main internet connection instead of sucking down data on the 3G / 4G network. It is essentially the backbone of the smart tech boom for home and business alike. Most Wi-Fi networks are password-protected with an encryption called “WPA2” and up until now this has been safe and secure.

Recently, a security flaw called KRACK (The Key Reinstallation AttaCK) was discovered. KRACK allows hackers to break into Wi-Fi networks – even the secured ones and your wireless networks are possibly vulnerable as a result.

How KRACK works?

KRACK doesn’t work via a problem with your device or how it was set up as it is an actual issue with the Wi-Fi technology itself. The attack gets between your device (eg computer, tablet or mobile phone) and the wireless access point (eg modem / router) to reset the encryption key so hackers can view all network traffic in plain text. Since just about everyone relies on Wi-Fi so much, this might mean hackers have a front row seat to your credit card numbers, passwords, confidential files, emails and more.

NOTE: The hacker needs to be in physical range of your Wi-Fi network to exploit this flaw and it doesn’t work remotely like other attacks we’ve seen recently. Given that most Wi-Fi networks extend well past your own home/business walls, this is small comfort, but important to know.

How to protect yourself

Run your updates: Software updates are being released which fix the flaw. Microsoft has already released them for Windows and Apple has one coming in a few weeks. So please take a few minutes to make sure you’re up to date with all your patches on any device that uses Wi-Fi (your smartphones, laptops, tablets, PCs, game consoles, etc). Unfortunately, some devices may be slow to get an update (eg Android phones), or if they’re older, may not get an update to fix the issue at all. If possible, consider using a cabled connection on those older devices or upgrade to one with support. With smart phones consider using data on the 3G / 4G network instead of Wi-Fi.

Be very careful with public Wi-Fi: While your local business center, library or school campus should have expert IT professionals keeping guard over security, it is a very different matter at your local coffee shop. It is unlikely small locations such as this will be on top of security patches. Remember, a hacker exploiting this flaw only needs to be in the same Wi-Fi area as you, so be careful you don’t give them an opportunity to grab your precious data.

Check your browser security: Before sending anything private over the internet, check that you are using a secure HTTPS site. You’ll know these by the little padlock you see next to the URL, and the address specifically begins with HTTPS. Major sites like Facebook, Gmail and financial institutions already use HTTPS.

If you need help updating your devices, or want us to check if you’re safe, give us a call on 08 8326 4364 or via email at support@dpcomputing.com.au.