How the Bad Guys Get Your Passwords

Password thiefPasswords are an essential part to your businesses cybersafety. If, like the rest of us, you have dozens of passwords to remember, you might take shortcuts. Taking advantage of this type of attitude is one way bad guys access your passwords. Continue reading

Facebook is for Sharing, Not For Long Term Storage

When was the last time you held an actual photo album or actual prints of photographs in your hands? Maybe you look back at older photographs only when Facebook reminds you of a pic from a few years back. If so, you may be risking your visual history. Continue reading

Why Multi-Factor Authentication is Important

2FA and MFAYou hear about hacks all the time in the news. Major websites have had data leaks and lost their users personal information. Computers get infected and malware saves your login details for bank accounts and credit cards. In the worst cases, identity theft occurs because it is an easy crime to commit and has a high reward.

In the past, passwords could be used to keep the bad guys out of your accounts but a single form of authentication is not enough anymore. Cyber hackers have a variety of methods including phishing, pharming and keylogging to steal your password. Also togdays computers have the power to test billions of password combinations.

To make things worse the majority of people use the same password for several websites. That means anybody who has figured out that password has access to multiple accounts that you own. In a time when it is extremely easy to look up what a persons pet is called or their maiden name is, security questions aren’t much help.

Consider how a bank operates. They don’t simply keep their valuables locked away with one key. There are alarms ready to be triggered, motion detectors and even bars on the windows. Your data is valuable and you need more than one line of defense to protect it.

In the computer world, your second line of defense (after your username and password combination) is called “2-factor authentication” (2FA). Sometimes it is referred to as multiple-step or multi-factor verification (MFA). 2-factor authentication is a way to double check a person’s identity. This can be enabled every time a person logs in or just under certain circumstances. For example, signing in from a new device or different country might trigger 2-factor authentication.

Many of the services you may already use, such as Facebook, Gmail, Office365, Xero Accounting, and more, have 2-factor authentication options. If your bank has ever sent you a special code through text or email to enter before logging in, you have already used a type of 2-factor authentication. They can also be in the form of a app on your phone or a small electronic dongle.

MFA is absolutely crucial for online banking, email, and online shopping such as Amazon or PayPal. It’s also a must-have for cloud storage accounts (like Dropbox or Sync), password managers, communications apps, and productivity apps. This is especially true if you frequently use the same passwords for different websites and apps.

Some may consider MFA unnecessary for social networks accounts, but these are actually very important to keep safe. For ease, a lot of websites and apps allow you to sign up through your Facebook or Twitter account. You need to keep these networks safe so that somebody with your password can not suddenly get into every account you have linked.

The point of using MFA is to make hackers’ lives harder and prevent them from easily getting into your accounts. If they have captured your login username and password, they still need a second method to get in, especially when the computer or phone they are using has never logged into your account before. This makes it much harder for anybody to breach your account.

Plus, if you receive a notification with a special code to enter for logging in (and you weren’t trying to log into that account), you have a good signal that somebody else was trying to get in. That means it’s time to change that password and be grateful you had MFA configured.

It is unfortunate that there is currently an abundance of skilled hackers ready to take advantage of those unprepared. Luckily, you can still stop them – even if they have your login information at hand. MFA is one of the easiest methods to keep your accounts safe.

Give us a call at (08) 8326 4364 or via email on support@dpcomputing.com.au to help secure your business and accounts.

Do You Have a Bad Case of Password Exhaustion?

Passwords

You’re not alone! Most people use the same password everywhere – home, work, Twitter, Facebook, email and even for banking. Considering how many passwords we use everyday and are expected to remember them, password exhaustion is a real thing. It is no wonder that when yet another prompt for a password appears, users enter very easily guessed combinations like ‘abcd’ or ‘password’.

Trouble is, even if your password conforms to strict password rules, hackers are taking regular strolls around the internet and collecting logins and passwords, from either leaked details or sites with security flaws.

Then, they will try their luck with that login/password combination on other sites. They know more than half the users only have only one password and email combination, so the chance of gaining access into another one of your accounts is quite high.

As the same password is used elsewhere, one site breach follows another and another until hackers have nothing more to gain. The only way to break this chain reaction is to use a different password for each site.

How to Create Easily Remembered Passwords

Have a system or template for creating your own unique passwords, that you’ll be able to remember, but is not obvious to hackers. For example:

<character><word><something about the site><numbers><character>

Becomes:

 !K1ttyFB75!

At first it might seem complicated, but the above is really just based around the words ‘kitty’ (with an upper case K and a number 1 for the i) and ‘FB’ for Facebook. For other sites change the FB to something else.

What to Do If Your Password Has Been Hacked

You can check to see if any of your accounts have been compromised by entering your email into a site like:

www.haveibeenpwned.com

If it alerts a breach, you will need to change your passwords immediately – all of them. Use the example system above to create a new set. If you’re struggling to remember your set of passwords, consider using a secure password tracker such as LastPass. (http://www.lastpass.com) or Keepass (https://keepass.info)

If you assistance changing your passwords or setting up a secure password system, let us know on (08) 8326 4364 and we will be more than happy to help you out.

Why Your Business Needs a Firewall With Unified Threat Management

Unified Threat Management - FirewallUnified Threat Management (UTM) is a special kind of firewall solution focused on proactive protection. Consider it like a team of virtual bodyguards that stand at the door between your business and the internet, keeping trouble out while your legitimate traffic can come and go normally.

With the increasing number of connected devices in your business network and the different ways your employees can now connect, it is more important than ever to set up dedicated security systems that give integrated protection. UTM is a series of solutions that work together, simultaneously layering your protection across the board. We’ll cover the four main inclusions here and show exactly what they can do for your business.

Robust Firewall

Put simply, a firewall keeps an eye on all the data coming in and out of your network and looks for anything abnormal. While every home PC comes with a software firewall built in, those ones pale in comparison to what a UTM firewall can do. Remember the team of virtual bodyguards? Imagine the home firewall asking nicely if the data should be doing that, while the UTM slams the data to the ground and demands answers. Its job it to make sure the data entering your network is safe, that it is not part of a cyber-attack, and that in the rare event your network becomes infected, your servers aren’t being used to attack another business.

Anti-virus Where it Matters

With so much new malware being released daily, it’s easy to fall behind in updates and discover you’ve been infected. Your employees are likely doing their best, but manually scanning each file can be exhausting and time-consuming. Your UTM anti-virus is built into the firewall, ensuring known or suspicious malware is stopped at the door removing any risk. Clearly that is the best outcome possible and will allow your employees to work at maximum efficiency, while you can run your business with confidence.

Spam Blocking

Most cyber-attacks come via email these days, with either an attachment or a link. Once clicked, the malware wreaks havoc in your network. Obviously, your employees are smart enough not to open random attachments/links, so hackers use phishing emails. These are emails that look legitimate and may refer to vendors you use, financial services you have accounts with or even seem to be from other employees. Your UTM strips down each email and checks it against high-tech legitimacy markers. If it sees anything suspicious, the email is marked as spam and either held for review or bounced away.

As the phoney emails are blocked, your employees never see the emails so they can’t accidentally open up the network for attack. While the UTM is monitoring for phishing/fake emails, it’s also culling out the general spam that clogs up inboxes. Employees will no longer have to spend precious minutes each day wading through the junk, and the likelihood of missing an important customer email has greatly dropped.

Content Filtering

In a perfect world, your employees would only access work-related sites and do work-related things online. Content filtering can help you limit the risk they’re bringing into your business via their Internet browsing. Your UTM can be set to restrict sites that infect computers, such as adult content, gambling or illegal downloads. It can also be used to restrict access to social media sites like Facebook, Twitter or Pinterest, either during work hours or completely. It’s up to your policies how much you’d like to filter and whether to add any flexibility. Some businesses allow social media during lunch breaks or have special reward hours each week. Simple tweaks like this can increase productivity overnight and give you the security you’re looking for.

You can see how a layered security solution like UTM provides a space for your business to thrive, where systems are secure, employees are able to maintain efficiency, and cyber problems stay outside the doors. The way the layers work together is more effective than a patchwork of separate systems, and a UTM is much easier to configure and maintain.

We can find the right UTM solution for your business. Call us today at 08 8326 4364 or support@dpcomputing.com.au!

Why you should have a SSL Certificate for your Website

Secure SSL URLWeb browsers are starting to come out which detect whether a website is secured by a SSL certificate or not. On websites which don’t have a SSL certificate, browsers will start to label them ‘Not Secure’. But what is a SSL certificate and how will it benefit my website?

SSL stands for Secure Sockets Layer. Basically, SSL establishes an encrypted link between your web server and your visitor’s web browser. This ensures that all data passed between the two remains private and secure. We turn to the internet for everything from information to buying and selling and much more. With this trend, security has become an important factor.

Google tries to protect its users and is always trying to make us feel secure whilst on the internet. Not only does having a SSL Certificate improve your Google rankings but any sites with logins and contact forms are now displayed as non secure on some leading browsers. With Google’s push on this it is now becoming industry standard to have these Certificates.

This means if your website has an SSL certificate, it will display ‘Secure’ otherwise it may display ‘Not Secure’ in the URL bar on some browsers.

SSL URL

Encrypting your site entails purchasing an SSL Certificate and then configuring your website to run the certificate. This can be done by your website designer or if you would like us to assist or have any questions regarding this give our partner Brad a call from Company Hub on 8387 5559, 0477 779 978 or visit their website at http://www.companyhub.com.au

Office 365 & Email Security

Spam email

As an IT Expert, I get client calls and emails asking me about various emails they receive and whether that particular email is fake or real – almost all time the emails are fake.

To help my clients and others in a similar situation I’ve put together a video that goes through some security tips on how to protect your self from hackers and phishing attempts. The video goes through:

  • First alerts of being attacked.
  • How scammers and hackers try to fool you.
  • How to tell if an email is fake or not.
  • The Do’s and Don’ts.
  • How to tell if you’ve been hacked.
  • What to look for after you have been hacked.
  • How to prevent and protect from hackers.
  • What is 2-step and MFA?
  • What to do after you’ve been hacked.
  • Screenshot examples of phishing emails.

Check out the video below and leave any comments in the fields below.

How To Stay Safe From Scams & Malware On Facebook

Facebook ScamsAt last count, Facebook has clocked up over 2.7 billion users, this makes the platform more attractive than ever for scammers and hackers. While you may be logging in to share your latest family photos or catch up with friends, the chances of accidentally triggering a scam or malware are increasing every day. Here are some tips on how to stay safe on Facebook and stop the spread of scams.

Look out for freebies and surveys

Everybody loves a freebie but when you see a giveaway for vouchers from a mega-store, alarm bells should ring. ‘Complete this survey and we’ll send you a $50 Amazon Voucher!’ – is too good to be true. Even one click can take you on a messy journey through the underbelly of the web, picking up trackers and malware at every step and then you are asked to share the post so your friends can get a voucher too…except nobody ever receives the reward. So stop it at the start and never click on these scam offers.

Check your permissions with games and quizzes

Whenever you access a new game or quiz, you’ll need to give it permissions to access your Facebook profile. Most people click the okay button without any thought, but if you review the permissions you are giving, you will often find they are asking for a massive amount of unneeded personal data; this data can include your public profile, friend list, email address, birthday and newsfeed. Do they really need access to ALL this information? Sometimes the shakedown is from necessity, but sometimes the apps are preparing to launch attacks against you both on and off Facebook. For example, when you call your financial institution bank they ask certain questions like your full name, birthday and maybe which high school you went to. All that information is in your Facebook profile and now shared with your permission to an unknown entity.

Don’t friend people you don’t know

Having lots of friends is always nice, but that friend accept may end up costing you. It might be someone pretending to know you, or a picture of a pretty girl to entice men (and vice versa). Once you friend them, they will get access to everything your friends can see. In this case, it’s more than the risk of someone knowing your personal data, you’ve just given them access to intimate details of your life. It’s exactly how romance scams start, and there are even cases where the victim finds photos of their children circulating the internet.

If it is weird, forget it

It doesn’t happen very often, but hackers find ways to take advantage of flaws in Facebook. A common hack that keeps popping up in various forms is to embed malware in a link. The virus then infects your machine and contacts all your friends with an enticing message, like asking whether a picture is of them. When they click to view the picture, the virus catches them and their friend list, and keeps on spreading. Facebook is pretty good at staying on top of these flaws, but they need time to fix it. Just like if you got a weird email with an attachment from a friend, use that same level of scrutiny in your Facebook and don’t open messages or links that seem out of place.

Need help securing your privacy? Talk to us. Call us at 08 8326 4364 or via email at support@dpcomputing.com.au

10 Internet Rules For Kids (and Adults Too!)

With school starting back next week I thought it was a good time to talk about Internet safety and how to stay safe online. Yes the Internet is a great tool but it comes with risks which can cause problems for not just children but adults too.

I have talked about online safety previously but here is a infographic with some great rules which we all should follow.

10 Internet Commandments for Kids Going Online

10 Internet Commandments for Kids Going Online [Infographic] by the team at Pumpic.

Don’t Become a Victim of Social Engineering

Social EngineeringYou can have the best in computer and network security but if you or one of your staff members inadvertently give out some information all the security can come to nought.

Social engineering is the art of manipulating other people to take certain actions or divulge private information. Some hackers use social engineers techniques and skip the hassle of writing code and go straight for the weakest link in your security defenses – you and your employees. A seemingly innocent phone call or email may be all it takes to gain access to your computer systems, despite having solid software and hardware protections in place.

Here are a few ways on how social engineers work:

Email: Pretending to be a co-worker, supplier or customer who needs a simple piece of information. It could be a money transfer, contact person or some sort of personal details that they pretend they already know, but simply don’t have in front of them. The hacker may also create a sense of urgency or indicate fear that they’ll get in trouble without this information. Your employee is naturally inclined to help and quickly responds with a reply.

Phone: Posing as IT support, government official or even a customer, the hacker can manipulate your employee into changing a password or giving out information. These attacks are hard to identify and the hacker can be very persuasive, even using background sound effects like a crying baby or call-center noise to trigger empathy or trust.

In person: A person in uniform or a repairman can easily get past most people without question. The social engineer can then quickly move into sensitive areas of your business. Once inside, they become invisible and are free to install network listening devices, read a Post-it note listing passwords or gain information and tamper with your business in other ways.

It’s impossible to predict when and where (or how) a social engineer will strike. The above attacks aren’t particularly sophisticated but can be extremely effective. Your staff have been trained to be helpful, but this can also be a weakness.

So what can you do to protect your business? First, recognize that not all of your employees have the same level of interaction with people, the front desk person taking calls and welcoming visitors is at higher risk than the back office or factory worker. We recommend cyber-security training for each level of risk identified and focus on responding to the types of scenarios like those listed above. Social engineering is too dangerous to take lightly.

Talk to us about your cyber security options today. Call us at 08 8326 4364 or at support@dpcomputing.com.au