Why Multi-Factor Authentication is Important

2FA and MFAYou hear about hacks all the time in the news. Major websites have had data leaks and lost their users personal information. Computers get infected and malware saves your login details for bank accounts and credit cards. In the worst cases, identity theft occurs because it is an easy crime to commit and has a high reward.

In the past, passwords could be used to keep the bad guys out of your accounts but a single form of authentication is not enough anymore. Cyber hackers have a variety of methods including phishing, pharming and keylogging to steal your password. Also togdays computers have the power to test billions of password combinations.

To make things worse the majority of people use the same password for several websites. That means anybody who has figured out that password has access to multiple accounts that you own. In a time when it is extremely easy to look up what a persons pet is called or their maiden name is, security questions aren’t much help.

Consider how a bank operates. They don’t simply keep their valuables locked away with one key. There are alarms ready to be triggered, motion detectors and even bars on the windows. Your data is valuable and you need more than one line of defense to protect it.

In the computer world, your second line of defense (after your username and password combination) is called “2-factor authentication” (2FA). Sometimes it is referred to as multiple-step or multi-factor verification (MFA). 2-factor authentication is a way to double check a person’s identity. This can be enabled every time a person logs in or just under certain circumstances. For example, signing in from a new device or different country might trigger 2-factor authentication.

Many of the services you may already use, such as Facebook, Gmail, Office365, Xero Accounting, and more, have 2-factor authentication options. If your bank has ever sent you a special code through text or email to enter before logging in, you have already used a type of 2-factor authentication. They can also be in the form of a app on your phone or a small electronic dongle.

MFA is absolutely crucial for online banking, email, and online shopping such as Amazon or PayPal. It’s also a must-have for cloud storage accounts (like Dropbox or Sync), password managers, communications apps, and productivity apps. This is especially true if you frequently use the same passwords for different websites and apps.

Some may consider MFA unnecessary for social networks accounts, but these are actually very important to keep safe. For ease, a lot of websites and apps allow you to sign up through your Facebook or Twitter account. You need to keep these networks safe so that somebody with your password can not suddenly get into every account you have linked.

The point of using MFA is to make hackers’ lives harder and prevent them from easily getting into your accounts. If they have captured your login username and password, they still need a second method to get in, especially when the computer or phone they are using has never logged into your account before. This makes it much harder for anybody to breach your account.

Plus, if you receive a notification with a special code to enter for logging in (and you weren’t trying to log into that account), you have a good signal that somebody else was trying to get in. That means it’s time to change that password and be grateful you had MFA configured.

It is unfortunate that there is currently an abundance of skilled hackers ready to take advantage of those unprepared. Luckily, you can still stop them – even if they have your login information at hand. MFA is one of the easiest methods to keep your accounts safe.

Give us a call at (08) 8326 4364 or via email on support@dpcomputing.com.au to help secure your business and accounts.

Do You Have a Bad Case of Password Exhaustion?

Passwords

You’re not alone! Most people use the same password everywhere – home, work, Twitter, Facebook, email and even for banking. Considering how many passwords we use everyday and are expected to remember them, password exhaustion is a real thing. It is no wonder that when yet another prompt for a password appears, users enter very easily guessed combinations like ‘abcd’ or ‘password’.

Trouble is, even if your password conforms to strict password rules, hackers are taking regular strolls around the internet and collecting logins and passwords, from either leaked details or sites with security flaws.

Then, they will try their luck with that login/password combination on other sites. They know more than half the users only have only one password and email combination, so the chance of gaining access into another one of your accounts is quite high.

As the same password is used elsewhere, one site breach follows another and another until hackers have nothing more to gain. The only way to break this chain reaction is to use a different password for each site.

How to Create Easily Remembered Passwords

Have a system or template for creating your own unique passwords, that you’ll be able to remember, but is not obvious to hackers. For example:

<character><word><something about the site><numbers><character>

Becomes:

 !K1ttyFB75!

At first it might seem complicated, but the above is really just based around the words ‘kitty’ (with an upper case K and a number 1 for the i) and ‘FB’ for Facebook. For other sites change the FB to something else.

What to Do If Your Password Has Been Hacked

You can check to see if any of your accounts have been compromised by entering your email into a site like:

www.haveibeenpwned.com

If it alerts a breach, you will need to change your passwords immediately – all of them. Use the example system above to create a new set. If you’re struggling to remember your set of passwords, consider using a secure password tracker such as LastPass. (http://www.lastpass.com) or Keepass (https://keepass.info)

If you assistance changing your passwords or setting up a secure password system, let us know on (08) 8326 4364 and we will be more than happy to help you out.

Why Your Business Needs a Firewall With Unified Threat Management

Unified Threat Management - FirewallUnified Threat Management (UTM) is a special kind of firewall solution focused on proactive protection. Consider it like a team of virtual bodyguards that stand at the door between your business and the internet, keeping trouble out while your legitimate traffic can come and go normally.

With the increasing number of connected devices in your business network and the different ways your employees can now connect, it is more important than ever to set up dedicated security systems that give integrated protection. UTM is a series of solutions that work together, simultaneously layering your protection across the board. We’ll cover the four main inclusions here and show exactly what they can do for your business.

Robust Firewall

Put simply, a firewall keeps an eye on all the data coming in and out of your network and looks for anything abnormal. While every home PC comes with a software firewall built in, those ones pale in comparison to what a UTM firewall can do. Remember the team of virtual bodyguards? Imagine the home firewall asking nicely if the data should be doing that, while the UTM slams the data to the ground and demands answers. Its job it to make sure the data entering your network is safe, that it is not part of a cyber-attack, and that in the rare event your network becomes infected, your servers aren’t being used to attack another business.

Anti-virus Where it Matters

With so much new malware being released daily, it’s easy to fall behind in updates and discover you’ve been infected. Your employees are likely doing their best, but manually scanning each file can be exhausting and time-consuming. Your UTM anti-virus is built into the firewall, ensuring known or suspicious malware is stopped at the door removing any risk. Clearly that is the best outcome possible and will allow your employees to work at maximum efficiency, while you can run your business with confidence.

Spam Blocking

Most cyber-attacks come via email these days, with either an attachment or a link. Once clicked, the malware wreaks havoc in your network. Obviously, your employees are smart enough not to open random attachments/links, so hackers use phishing emails. These are emails that look legitimate and may refer to vendors you use, financial services you have accounts with or even seem to be from other employees. Your UTM strips down each email and checks it against high-tech legitimacy markers. If it sees anything suspicious, the email is marked as spam and either held for review or bounced away.

As the phoney emails are blocked, your employees never see the emails so they can’t accidentally open up the network for attack. While the UTM is monitoring for phishing/fake emails, it’s also culling out the general spam that clogs up inboxes. Employees will no longer have to spend precious minutes each day wading through the junk, and the likelihood of missing an important customer email has greatly dropped.

Content Filtering

In a perfect world, your employees would only access work-related sites and do work-related things online. Content filtering can help you limit the risk they’re bringing into your business via their Internet browsing. Your UTM can be set to restrict sites that infect computers, such as adult content, gambling or illegal downloads. It can also be used to restrict access to social media sites like Facebook, Twitter or Pinterest, either during work hours or completely. It’s up to your policies how much you’d like to filter and whether to add any flexibility. Some businesses allow social media during lunch breaks or have special reward hours each week. Simple tweaks like this can increase productivity overnight and give you the security you’re looking for.

You can see how a layered security solution like UTM provides a space for your business to thrive, where systems are secure, employees are able to maintain efficiency, and cyber problems stay outside the doors. The way the layers work together is more effective than a patchwork of separate systems, and a UTM is much easier to configure and maintain.

We can find the right UTM solution for your business. Call us today at 08 8326 4364 or support@dpcomputing.com.au!

Why you should have a SSL Certificate for your Website

Secure SSL URLWeb browsers are starting to come out which detect whether a website is secured by a SSL certificate or not. On websites which don’t have a SSL certificate, browsers will start to label them ‘Not Secure’. But what is a SSL certificate and how will it benefit my website?

SSL stands for Secure Sockets Layer. Basically, SSL establishes an encrypted link between your web server and your visitor’s web browser. This ensures that all data passed between the two remains private and secure. We turn to the internet for everything from information to buying and selling and much more. With this trend, security has become an important factor.

Google tries to protect its users and is always trying to make us feel secure whilst on the internet. Not only does having a SSL Certificate improve your Google rankings but any sites with logins and contact forms are now displayed as non secure on some leading browsers. With Google’s push on this it is now becoming industry standard to have these Certificates.

This means if your website has an SSL certificate, it will display ‘Secure’ otherwise it may display ‘Not Secure’ in the URL bar on some browsers.

SSL URL

Encrypting your site entails purchasing an SSL Certificate and then configuring your website to run the certificate. This can be done by your website designer or if you would like us to assist or have any questions regarding this give our partner Brad a call from Company Hub on 8387 5559, 0477 779 978 or visit their website at http://www.companyhub.com.au

Office 365 & Email Security

Spam email

As an IT Expert, I get client calls and emails asking me about various emails they receive and whether that particular email is fake or real – almost all time the emails are fake.

To help my clients and others in a similar situation I’ve put together a video that goes through some security tips on how to protect your self from hackers and phishing attempts. The video goes through:

  • First alerts of being attacked.
  • How scammers and hackers try to fool you.
  • How to tell if an email is fake or not.
  • The Do’s and Don’ts.
  • How to tell if you’ve been hacked.
  • What to look for after you have been hacked.
  • How to prevent and protect from hackers.
  • What is 2-step and MFA?
  • What to do after you’ve been hacked.
  • Screenshot examples of phishing emails.

Check out the video below and leave any comments in the fields below.

How To Stay Safe From Scams & Malware On Facebook

Facebook ScamsAt last count, Facebook has clocked up over 2.7 billion users, this makes the platform more attractive than ever for scammers and hackers. While you may be logging in to share your latest family photos or catch up with friends, the chances of accidentally triggering a scam or malware are increasing every day. Here are some tips on how to stay safe on Facebook and stop the spread of scams.

Look out for freebies and surveys

Everybody loves a freebie but when you see a giveaway for vouchers from a mega-store, alarm bells should ring. ‘Complete this survey and we’ll send you a $50 Amazon Voucher!’ – is too good to be true. Even one click can take you on a messy journey through the underbelly of the web, picking up trackers and malware at every step and then you are asked to share the post so your friends can get a voucher too…except nobody ever receives the reward. So stop it at the start and never click on these scam offers.

Check your permissions with games and quizzes

Whenever you access a new game or quiz, you’ll need to give it permissions to access your Facebook profile. Most people click the okay button without any thought, but if you review the permissions you are giving, you will often find they are asking for a massive amount of unneeded personal data; this data can include your public profile, friend list, email address, birthday and newsfeed. Do they really need access to ALL this information? Sometimes the shakedown is from necessity, but sometimes the apps are preparing to launch attacks against you both on and off Facebook. For example, when you call your financial institution bank they ask certain questions like your full name, birthday and maybe which high school you went to. All that information is in your Facebook profile and now shared with your permission to an unknown entity.

Don’t friend people you don’t know

Having lots of friends is always nice, but that friend accept may end up costing you. It might be someone pretending to know you, or a picture of a pretty girl to entice men (and vice versa). Once you friend them, they will get access to everything your friends can see. In this case, it’s more than the risk of someone knowing your personal data, you’ve just given them access to intimate details of your life. It’s exactly how romance scams start, and there are even cases where the victim finds photos of their children circulating the internet.

If it is weird, forget it

It doesn’t happen very often, but hackers find ways to take advantage of flaws in Facebook. A common hack that keeps popping up in various forms is to embed malware in a link. The virus then infects your machine and contacts all your friends with an enticing message, like asking whether a picture is of them. When they click to view the picture, the virus catches them and their friend list, and keeps on spreading. Facebook is pretty good at staying on top of these flaws, but they need time to fix it. Just like if you got a weird email with an attachment from a friend, use that same level of scrutiny in your Facebook and don’t open messages or links that seem out of place.

Need help securing your privacy? Talk to us. Call us at 08 8326 4364 or via email at support@dpcomputing.com.au

10 Internet Rules For Kids (and Adults Too!)

With school starting back next week I thought it was a good time to talk about Internet safety and how to stay safe online. Yes the Internet is a great tool but it comes with risks which can cause problems for not just children but adults too.

I have talked about online safety previously but here is a infographic with some great rules which we all should follow.

10 Internet Commandments for Kids Going Online

10 Internet Commandments for Kids Going Online [Infographic] by the team at Pumpic.

Don’t Become a Victim of Social Engineering

Social EngineeringYou can have the best in computer and network security but if you or one of your staff members inadvertently give out some information all the security can come to nought.

Social engineering is the art of manipulating other people to take certain actions or divulge private information. Some hackers use social engineers techniques and skip the hassle of writing code and go straight for the weakest link in your security defenses – you and your employees. A seemingly innocent phone call or email may be all it takes to gain access to your computer systems, despite having solid software and hardware protections in place.

Here are a few ways on how social engineers work:

Email: Pretending to be a co-worker, supplier or customer who needs a simple piece of information. It could be a money transfer, contact person or some sort of personal details that they pretend they already know, but simply don’t have in front of them. The hacker may also create a sense of urgency or indicate fear that they’ll get in trouble without this information. Your employee is naturally inclined to help and quickly responds with a reply.

Phone: Posing as IT support, government official or even a customer, the hacker can manipulate your employee into changing a password or giving out information. These attacks are hard to identify and the hacker can be very persuasive, even using background sound effects like a crying baby or call-center noise to trigger empathy or trust.

In person: A person in uniform or a repairman can easily get past most people without question. The social engineer can then quickly move into sensitive areas of your business. Once inside, they become invisible and are free to install network listening devices, read a Post-it note listing passwords or gain information and tamper with your business in other ways.

It’s impossible to predict when and where (or how) a social engineer will strike. The above attacks aren’t particularly sophisticated but can be extremely effective. Your staff have been trained to be helpful, but this can also be a weakness.

So what can you do to protect your business? First, recognize that not all of your employees have the same level of interaction with people, the front desk person taking calls and welcoming visitors is at higher risk than the back office or factory worker. We recommend cyber-security training for each level of risk identified and focus on responding to the types of scenarios like those listed above. Social engineering is too dangerous to take lightly.

Talk to us about your cyber security options today. Call us at 08 8326 4364 or at support@dpcomputing.com.au

How to Tell if Your Computer Has a Virus?

How to tell if your computer has a virus?Sometimes computers do crazy things that ring alarm bells and make users think it is a virus. Next thing you know the boss is telling everyone to run scans and demanding people come clean about their browsing habits. Fortunately, not all weird occurrences are viruses related – sometimes your computer is simply overloaded, overheating or in desperate need of a reboot.

Here are some of the tell-tale signs that your computer maybe infected with malware:

Strange Error Messages

Does your computer have messages popping up from nowhere that make no sense, are poorly worded or just plain gibberish. Take note of anti-virus and security warnings too, check that the warning is from YOUR anti-virus software and looks like it should occur. If a message pops up that isn’t quite right then don’t click it – not even to clear or cancel the message. Close the browser or shut down the computer, then run a full virus scan.

Suddenly Deactivated Anti-virus / Malware Protection

The best way past a security guard is to sneak it when they are not around. Certain malware infections are programmed to disable the security systems first, leaving your computer open to infection. If you reboot and your protections are not enabled you may be under attack. Attempt to start the anti-virus manually and if that doesn’t work, backup your data and try and reinstall your security software.

Social Media Messages You Did Not Send

Are your friends replying to messages you never wrote? Your login details may have been hacked and your friends could be tricked into giving up personal information or money. Change your password immediately and advise your contacts of the hack.

Web Browser Acting Strange?

Perhaps your homepage has changed, it is using an odd search engine or opening/redirecting your to unwanted sites. If your browser has gone rogue it is definitely malware which could be trying to steal your personal or financial details. Skip the online banking and email until your scans come up clear and everything is working normally again. Once you are certain your machine is clean, change all your passwords.

Sluggish Performance

If your computer speed has slowed, boot up takes an eternity and even opening programs takes forever, it is a sign that something is wrong. It is not necessarily a virus though. Run your anti-virus scan and if that resolves it, great, if not, your computer may have a hardware issues or your computer needs a tune-up or service.

Constant Computer Activity

You are not using the computer but the hard drive is going nuts, the fans are whirring, and the network lights are flashing like a disco? It is almost like someone IS using the computer! Viruses and malware attacks use your computer resources, sometimes even more than you do. Take note of what is normal, and what is not and seek help if it looks like something is amiss.

If you have a virus that you can’t get rid of or need a service on your computer give us a call at 08 8326 4364 or at support@dpcomputing.com.au.

What You Need to Know About Facebook Privacy

Facebook PrivacyA lot of people use Facebook but finding the balance between privacy and Facebook fun can be challenging. It allows us to connect with friends near and far but also it publicly shares information that just a few years ago, we’d never dream of putting online. With a Facebook search you can look for people based on where they went to school, town they live in, clubs they belong to, who they’re related to… but when is it too much information?

Your birthday is the first piece of info collected by Facebook when you sign up and it is great getting birthday wishes from friends and family when it appears in their news feed. But while your friends are sending you balloons and funny memes, your birthday is now public knowledge. It may seem harmless, but when you call your bank or other institution, what’s the first question they ask to verify your identity? Your birthday! Some companies and organisations even ask questions like ‘which high school did you go to?’ assuming this is knowledge that only you would know. Except… a lot of people have publicly shared it on Facebook. Whoops!

Then there are the stories of people who have lost their jobs after less-than-wholesome pictures or comments have gone public. If you want to protect your reputation, you may not want pictures from last weekend’s private party showing up online. While you can’t control what others do with photos they take of you, you can control whether or not you are tagged in Facebook in them.

Fortunately, there are settings in Facebook that allow you to control who can see what information and what happens when you’re tagged in a photo. Despite what rumours you may have heard or seen floating around, you do have complete control over your Facebook privacy and it is easy to adjust.

How to Check and Adjust Your Facebook Privacy Settings

Here are some settings you can easily change within Facebook to help secure your privacy and see who can see what on your profile. These steps assume you are logged into Facebook via a browser (using an app on your phone or tablet may be different).

See what your account looks like to an outsider

To see what others can see of your profile follow these steps:

  1. From your Facebook homepage, click your name on the blue bar at the top of the page.
  2. Click the three dots next to ‘View Activity Log’.
  3. Now select ‘View as…’

Run a quick privacy checkup

To run a checkup click the question mark in the top right corner of Facebook and choose the ‘privacy checkup’. Facebook then guides you through a few steps showing what your main settings are.

From within this section think about what you really need to share. For example do people need to know the YEAR of your birth or just your birthday? You can hide the year and your friends will still get the notification.

Edit advanced privacy

While the above checkup covers the most obvious information you can delve much deeper via the privacy section. Click the V-shaped drop down to the right of the question mark and go to settings and select privacy.

Adjust timeline and tagging

In the privacy settings (mentioned above), you can control who can tag you, who can see or share the tagged content and what shows up in your news feed.

I hope that explains about privacy and allows you to go in  and change the settings to what you want and not what the Facebook defaults are.

Tightening your Facebook privacy only takes a few minutes, but it can save you a whole lot of trouble in the future. If you need help with this, just give us a call on 08 8326 4364 or via email at support@dpcomputing.com.au.