Tag Archives: cyber security

3 Internet Habits To Keep Kids Smart and Safe

Posted on by
Reply

How can you make the internet a safer place for your children? It is a common concern for all parents as they want their kids to be protected and happy whenever they go online. It’s relatively easy to supervise and monitor the very young ones but the risks increase greatly as the kids get older and more independent.

You have probably heard the term ‘cyber safety’ before, but safe internet usage goes beyond reminding children to not to talk to strangers. With the evolution of the internet and the way it is now woven seamlessly into all aspects of our lives, the focus needs to be on ingrained habits. This means ensuring that your children have the tools and predefined responses to online events so that no matter what happens, they are not placing themselves (or your family) at risk. Setting up these habits is straight forward and begins with three basic understandings:

Downloads are a no-go

Most kids can not tell the difference between a legitimate download and a scam or malicious link. It is not their fault, the online world is full of things that even trick the most savvy adult. The difference is that children tend not to take that extra moment to check exactly where that link is pointing, question whether it’s too good to be true, or even read what they’re agreeing to. They just want to get back to what they were doing, and if something pops up, their first instinct is to click ‘yes’ – so it goes away. Unfortunately, that single click may have just opened the doors to malware and viruses that will ruin their computer and your network. Start a family rule that everyone needs to ask permission for all downloads (and an adult will check it first), and to never ever click on a popup. When you are called over to give download permission or check a popup, talk through with them exactly what and why you are checking. As your child matures, get them involved in this process so their safe habits can extend outside the home.

Critical thinking is a must

Most youngsters think the internet is a must have and can not imagine life without it. With that thinking, comes unwavering trust that the internet would never lie, trick or hurt them. While we adults know better, it’s only because we already view the internet with a certain level of distrust. The best way to keep kids safe is to teach them to approach every aspect of the internet with critical thinking. That includes teaching them to question the motives of other people online. Is that person really a kid? What do they really want? Unfortunately, all kids do need to be aware that predators use the internet to target and lure children. Ensure your children tell you immediately if a stranger makes contact. Along with this stranger danger, teach them to identify what marks something as suspicious, and what they should avoid. If they come across anything inappropriate, they should shut down the computer and immediately come and see you.

The internet is forever

Kids don’t think twice about recording a video, jumping into a chat room or onto social media. The internet really is their playground! But what they don’t understand is that anything they upload, write or say, stays on the internet forever. Even if they delete it or use a platform where content self-erases, someone can still screenshot, send it right back out or save it for some future occasion. Many cyber-bullying cases are based around this exact type of event. Once your kids know that everything they post is permanent, they’ll be more likely to pause and think.

If you need further help – give us a call at 08 8326 4634.

Office 365 & Email Security

Posted on by
Reply

Spam email

As an IT Expert, I get client calls and emails asking me about various emails they receive and whether that particular email is fake or real – almost all time the emails are fake.

To help my clients and others in a similar situation I’ve put together a video that goes through some security tips on how to protect your self from hackers and phishing attempts. The video goes through:

  • First alerts of being attacked.
  • How scammers and hackers try to fool you.
  • How to tell if an email is fake or not.
  • The Do’s and Don’ts.
  • How to tell if you’ve been hacked.
  • What to look for after you have been hacked.
  • How to prevent and protect from hackers.
  • What is 2-step and MFA?
  • What to do after you’ve been hacked.
  • Screenshot examples of phishing emails.

Check out the video below and leave any comments in the fields below.

Protecting Your Ecommerce Platform from Hackers in 2018

Posted on by
Reply

Security

 

2017 saw an increase in cybercrimes in Australia. Back in May, News.com.au reported on the massive ransomware attack across the world, mentioning that at least three private businesses in Australia were hit. While Australia didn’t experience any major attacks, other countries suffered losses. In total, the incident affected around 200,000 people in 150 countries. Countless computer systems were examined in relation to the extortion plot where users would get kicked out unless they sent payment.

2018 brings a clean slate of opportunities for online businesses to strengthen their security systems. Ecommerce platforms are the most at risk, since they involve payments and valuable information. In determining how strong your website’s defense is against hacker threats, consider some of these factors:

Customer data

Identity thefts will not occur if there is nothing to steal. Therefore, you should refrain from saving any customer data that isn’t important to your business. Storing payment card details is against PCI (Payment Card Industry) standards anyway. These details are usually handled by the payment provider. What you can do is use an encrypted checkout tunnel so that your servers won’t save any payment data.

Firewall

For your ecommerce business to have decent security, it should at least be able to withstand common attacks. Business2Community suggests to begin with a firewall, because it weeds out the untrusted networks and controls the website traffic. Firewalls serve as a great first line of defence against the usual hacking threats.

DoS and DDoS Protection

Once in a while, your server may be attacked by malicious queries that intend to keep your website from functioning properly. These Denial of Service or Distributed Denial of Service attacks can keep you out of business for a long time, which is why security measures should be taken to prevent them. DoS and DDoS raids can come from different sources, like applications and traffic flooding.

The best defence is to invest in more bandwidth, since a large amount of space will render it difficult for attackers to flood your site. The downside is that this is also the most expensive solution. However, it’s in your best interests to spend on security. DP Computing previously explained the importance of not being cheap when it comes to security technology, as it serves your business in the long run.

HTTPS

Another DP Computing article advised to pay close attention to the URLs on Google, because hackers would sometimes use phishing scams to acquire sensitive information from customers. These involve links that if accessed, will install malware on your PC that can steal information.

When checking URLs, be wary if the website uses only HTTP. It is more appropriate for ecommerce platforms to use HTTPS, especially on pages where data is created. Unlike in HTTPS, information entered on HTTP is not encrypted. The data is only sent as plain text, making it an easy target for hackers to intercept. Although, remember that not all website pages need to be in HTTPS, or else your website speed will suffer.

Pay attention as well to how your website appears on Google search results, especially if your business is using paid search ads. Ayima noted that Google has improved its algorithm on paid search ads, stating that emphasis is placed on close variants. This means that advertisers will have an easier time of building lists to match user queries. Since paid ads are becoming more rampant now, hackers have taken the opportunity to promote their malicious sites in order to fool thousands of victims. If by any chance, your website’s ad appears shady or seems similar to a malicious ad, take it as a sign to rethink your campaign.

In today’s digital landscape where hackers are getting more creative with their attacks, the importance of cyber security cannot be stressed further. For ecommerce businesses, security investment should be one of the top priorities. Left unchecked, your website could close down at any time, resulting in huge losses in revenue.

 

Keep Your Systems Up to Date

Posted on by
Reply

Computer Updates

Updating your computer systems and associated business software is one of your best protections against cyber-attack, but actually running the updates is a task that businesses often overlook. Either they take too long, they pop up at inconvenient times, don’t know when an update is available or simply don’t know what to do. Do you have a plan in place to ensure all your tech is up-to-date or are you flying by the seat of your pants?

Emergency updates are a killer

Most businesses update their software only when the computer technician comes to fix a different problem. The tech runs the update before they leave but as time goes on the systems sit there with ever-widening security gaps… until another breach happens and the techs are called back for another band-aid solution. Emergency only updates in a break/fix model are a great little earner for those techs but not so good for your uptime and system security.

Finding time for maintenance

To keep your business up and running securely, you need someone who lives and breathes IT. They need to know when and how to apply all the patches and how to make sure all your other tech is playing nice (and may be even do it all after-hours to save you downtime). Businesses that have an in-house IT specialist should be set – and they should already have an update plan. But if you don’t have a qualified IT team, outsourcing to an IT specialist is the perfect solution. You get highly skilled technicians remotely applying your network updates at a time that suits you.

What else needs to be checked?

Beyond running security patches, it’s important to keep your business moving forward. Here are a few areas our techs look at as part of our regular service plans:

Hardware health: The last thing you want is days of downtime after a piece of hardware dies. By not staying on top of your hardware health, you are opening yourself up to lost productivity, lost income and unknown delays. Our services can assess and replace components before they break.

Operating system expiry: Keeping an operating system after the manufacturer ceases support can leave your business wide open for attack. It is simply not a good combination and can cause compliance issues in certain industries. Our managed service technicians will advise you of any changes coming up for your OS and suggest the best upgrade for your needs.

Legacy programs: Updates to your software have the potential to disrupt older program that can result n errors, slow performance or even downtime. With technology advancing so fast, we often find additional requirements are required before updates can be installed. Our technicians always make sure to check for compatibility as a whole before running an update.

Staying on top of your maintenance and upgrades can be a huge challenge for small business. Outsourcing to our regular service plans can help more than your budget – call us today at 08 8326 4364 .

How The ‘KRACK’ Wi-Fi Security Issue Affects Us All

Posted on by
Reply

WPA2 KrackedThe invention of Wi-Fi or wireless networking has been a dream come true. We can use our laptops and tablets anywhere in the office and our phones are using the main internet connection instead of sucking down data on the 3G / 4G network. It is essentially the backbone of the smart tech boom for home and business alike. Most Wi-Fi networks are password-protected with an encryption called “WPA2” and up until now this has been safe and secure.

Recently, a security flaw called KRACK (The Key Reinstallation AttaCK) was discovered. KRACK allows hackers to break into Wi-Fi networks – even the secured ones and your wireless networks are possibly vulnerable as a result.

How KRACK works?

KRACK doesn’t work via a problem with your device or how it was set up as it is an actual issue with the Wi-Fi technology itself. The attack gets between your device (eg computer, tablet or mobile phone) and the wireless access point (eg modem / router) to reset the encryption key so hackers can view all network traffic in plain text. Since just about everyone relies on Wi-Fi so much, this might mean hackers have a front row seat to your credit card numbers, passwords, confidential files, emails and more.

NOTE: The hacker needs to be in physical range of your Wi-Fi network to exploit this flaw and it doesn’t work remotely like other attacks we’ve seen recently. Given that most Wi-Fi networks extend well past your own home/business walls, this is small comfort, but important to know.

How to protect yourself

Run your updates: Software updates are being released which fix the flaw. Microsoft has already released them for Windows and Apple has one coming in a few weeks. So please take a few minutes to make sure you’re up to date with all your patches on any device that uses Wi-Fi (your smartphones, laptops, tablets, PCs, game consoles, etc). Unfortunately, some devices may be slow to get an update (eg Android phones), or if they’re older, may not get an update to fix the issue at all. If possible, consider using a cabled connection on those older devices or upgrade to one with support. With smart phones consider using data on the 3G / 4G network instead of Wi-Fi.

Be very careful with public Wi-Fi: While your local business center, library or school campus should have expert IT professionals keeping guard over security, it is a very different matter at your local coffee shop. It is unlikely small locations such as this will be on top of security patches. Remember, a hacker exploiting this flaw only needs to be in the same Wi-Fi area as you, so be careful you don’t give them an opportunity to grab your precious data.

Check your browser security: Before sending anything private over the internet, check that you are using a secure HTTPS site. You’ll know these by the little padlock you see next to the URL, and the address specifically begins with HTTPS. Major sites like Facebook, Gmail and financial institutions already use HTTPS.

If you need help updating your devices, or want us to check if you’re safe, give us a call on 08 8326 4364 or via email at support@dpcomputing.com.au.

What You Need to Know About Facebook Privacy

Posted on by
Reply

Facebook PrivacyA lot of people use Facebook but finding the balance between privacy and Facebook fun can be challenging. It allows us to connect with friends near and far but also it publicly shares information that just a few years ago, we’d never dream of putting online. With a Facebook search you can look for people based on where they went to school, town they live in, clubs they belong to, who they’re related to… but when is it too much information?

Your birthday is the first piece of info collected by Facebook when you sign up and it is great getting birthday wishes from friends and family when it appears in their news feed. But while your friends are sending you balloons and funny memes, your birthday is now public knowledge. It may seem harmless, but when you call your bank or other institution, what’s the first question they ask to verify your identity? Your birthday! Some companies and organisations even ask questions like ‘which high school did you go to?’ assuming this is knowledge that only you would know. Except… a lot of people have publicly shared it on Facebook. Whoops!

Then there are the stories of people who have lost their jobs after less-than-wholesome pictures or comments have gone public. If you want to protect your reputation, you may not want pictures from last weekend’s private party showing up online. While you can’t control what others do with photos they take of you, you can control whether or not you are tagged in Facebook in them.

Fortunately, there are settings in Facebook that allow you to control who can see what information and what happens when you’re tagged in a photo. Despite what rumours you may have heard or seen floating around, you do have complete control over your Facebook privacy and it is easy to adjust.

How to Check and Adjust Your Facebook Privacy Settings

Here are some settings you can easily change within Facebook to help secure your privacy and see who can see what on your profile. These steps assume you are logged into Facebook via a browser (using an app on your phone or tablet may be different).

See what your account looks like to an outsider

To see what others can see of your profile follow these steps:

  1. From your Facebook homepage, click your name on the blue bar at the top of the page.
  2. Click the three dots next to ‘View Activity Log’.
  3. Now select ‘View as…’

Run a quick privacy checkup

To run a checkup click the question mark in the top right corner of Facebook and choose the ‘privacy checkup’. Facebook then guides you through a few steps showing what your main settings are.

From within this section think about what you really need to share. For example do people need to know the YEAR of your birth or just your birthday? You can hide the year and your friends will still get the notification.

Edit advanced privacy

While the above checkup covers the most obvious information you can delve much deeper via the privacy section. Click the V-shaped drop down to the right of the question mark and go to settings and select privacy.

Adjust timeline and tagging

In the privacy settings (mentioned above), you can control who can tag you, who can see or share the tagged content and what shows up in your news feed.

I hope that explains about privacy and allows you to go in  and change the settings to what you want and not what the Facebook defaults are.

Tightening your Facebook privacy only takes a few minutes, but it can save you a whole lot of trouble in the future. If you need help with this, just give us a call on 08 8326 4364 or via email at support@dpcomputing.com.au.

How Much Could A Ransomware Attack Cost Your Business?

Posted on by
Reply

How much is your data is worth? Information is probably the most valuable part of your business. Imagine if you lost your client database, accounting software, inventory management and any intellectual property you may own. How long will it take to recreate this data and how much money would you lose in lost productivity, staff wages and the time it takes to either recover or recreate the lost information?

Recently when the WannaCry ransomware spread through out the world, many businesses were suddenly forced to re-assess the value of their data: was it worth saving and what would be the ongoing costs of the attack?

If you don’t have a recent backup most ransomware attacks cost at least $US200 (if not a lot more) to get your files released and that is only IF the cyber criminals honor the payment and actually give you the decryption key (some even demand further payments). Meanwhile your business is still running and new client calls are still coming in and you may find yourself unable to operate with your systems down.

Paying the ransom may seem like a quick fix but:

  • There is still the downtime involved to restore your data resulting in lost productivity.
  • If word gets out that your data has been compromised you may find confidence in your business plummets and your existing clients head elsewhere.
  • The cyber criminals you pay, may now see you as an easy target and demand more money or target you for other scams and malware activity.
  • You may recover the data but is it compromised with other malware?
  • You may not get back all the data that has been lost.

So that $US200 ransom may end up costing many, many thousands of dollars!

How To Prevent Ransomware Attacks on your Business

Keep your systems up to date: Malware can take advantage of flaws in older versions of Windows and software – sometimes ones that have already been patched by Microsoft and third party vendors. To be protected businesses have to stay up to date with their patches & versions. To be up to date with Windows patches you need to be running a supported version of Windows. Delaying patches and updates puts your business at risk – we can help you keep you systems up to date.

Use corporate grade security software and firewall: Free software may be fine for low end home computers but if the worst happens you will get no support or help from a company providing free software. A firewall or UTM (unified threat management) device can also help block malware and ransomware infections. But whether it is a free or paid for solution the software (and any hardware devices) must be kept up to date.

Lock down employee computers: Very few staff will require full administrator access to your business network. With a higher level of permissions the more damage a person can do – either accidentally or by inadvertently installing malware. By locking down your computers you have a better chance of containing a malware attack to non-vital systems. Our expert computer technicians can design an access management plan that gives you best of both worlds – flexibility and security.

Educate your workplace: Most employees believe they are being cyber-safe but in reality it is quite different. Many malicious links and embedded malware have become harder to spot – and all it takes is a microsecond to click (and later regret it). We can work with your staff to establish procedures around checking links for authenticity before clicking, awareness around verifying the source of attachments and the importance of malware scanning and keeping systems up to date. We can help get the message through!

Have a solid backup plan: When ransomware hits, a connected backup = infected backup. Also a lot of cloud backup systems, such as Dropbox, immediately clone the infected files which also renders the cloud copy useless. The only safe backups will be the ones both physically and electronically disconnected. Our experts can set you up with a backup system that makes recovery simple.

Be proactive: The best way to avoid the costs of a ransomware attack is to prevent it from happening in the first place is with up to date antivirus software, regular systems updates and security audits. Remember, many businesses were able to watch WannaCry from the sidelines, completely unaffected and seized opportunities while their competitors were down.

Our regular maintenance plans can help protect your business against the next cyber-attack. Call us today on 08 8326 4364 or via email at support@dpcomputin g.com.au.

How To Stay Cyber Safe When Travelling

Posted on by
Reply

Mobile Cyber SecurityWith cloud computing people are embracing the flexibility of working away from the office (whether at home or travelling) and working by simply accessing the relevant data or applications via the internet..

When in the office, you are protected by professionally designed firewalls, security infrastructure, and robust software. As soon as you step away from that network those protections disappear and leave your device and the data inside at greater risk.

Cyber attackers love to collect any data they can obtain – business or personal doesn’t matter to them as it can all be sold. These days the information stored on your device can be worth much more than the actual device.

Here are 3 ways a hacker may attack:

Random Opportunity: If you have left your laptop at a café or a thief has stolen the phone from your pocket, the outcome is the same – that device is gone. Hackers take any opportunity they can to gain access to a device: including taking them from hotel rooms and even asking to ‘borrow’ them for a few minutes – if they don’t steal it the device is handed back laden with spyware.

Creating a fake Wi-Fi Hotspot: We’ve all come to expect free Wi-Fi networks wherever we go. Hackers though will take advantage of this to create their own free, unsecure network just waiting for someone to connect. Once a user is connected a hacker can  grab any unsecured passwords sent across the network.

Intercepting an Unsecure Network: Hackers don’t even need to own the Wi-Fi network to steal content from it. Data traveling across an unsecure network is visible and available to anyone with the right software.

Don’t let these issues stop you using the Internet when out side the office. Just take the following precautions to increase your cyber safety and help protect your valuable data:

  1. Regularly make backups: In the event your device is lost or damaged, you’ll be able to replace the device with a new one and quickly restore all the data from a backup, all with minimal downtime.
  2. Be careful when using public Wi-Fi: Don’t use passwords or email when on a public network. Use a VPN or a 4G connection (ie tether your computer to your phones data connection) when you are accessing sensitive data or logging in to secure sites.
  3. Use passwords and encryption: At a minimum, make sure your device is password protected and has full drive encryption. With a password and drive encryption even if your storage drive is removed from the device the contents are inaccessible.
  4. Act fast after loss: If your device is lost or stolen, immediately notify the appropriate companies and people. This might include your IT provider so they can change passwords, your bank and any other financial institutions so they can lock down accounts, and any staff who need to be aware of the breach so they aren’t tricked into allowing further breaches.

If you need further help with mobile cyber security contact us on (08) 8326 4364 or on support@dpcomputing.com.au.