Passwords are an essential part to your businesses cybersafety. If, like the rest of us, you have dozens of passwords to remember, you might take shortcuts. Taking advantage of this type of attitude is one way bad guys access your passwords. Continue reading
Every Internet user should already know that the internet has many people looking to exploit the Web for ill intent. These people congregate on the Dark Web and small businesses need to understand what it is and what the risks are. Continue reading
Hackers today have many ways in which to attack small businesses and business owners. Many hackers attempt to gain information or attack businesses with malware, viruses or phishing attacks. One or more of these techniques can be combined with gaining physical access in an attempt to steal information and data from vulnerable firms.
This articles will help you identifying precisely how criminals target businesses to help protect you from the most devastating attacks out there.
Being hacked is the single biggest fear for most computer users. Many people believe the first sign of strange behavior or errors on their PC is a sign of being hacked. But are hackers really inside your machine, roaming around madly and stealing your information? Or should we be on the lookout for other more subtle signs? What does being hacked really look like and what can I do to help prevent it happening?
There is an important distinction to make between being attacked by a hacker and being infected with a virus or malware. Virus software and malware are automated processes designed to damage your system and / or steal your data. There are of course ways that we can defeat these processes, but what if we are instead being hacked and what are some of the signs?
Passwords not working
One of the first steps a hacker might take is to change your computers login passwords. By doing so, not only do they ensure future access to the machine, they prevent you from accessing the system to stop them. For the hacker, this is a crucial step that keeps them in control. With this in mind, we always want to make sure to keep on top of our own login details and how often we change them.
Security notifications from online services
A lot of online services track which device and location you logged into your account from last. If your account is accessed from a new device or a different country it might trigger an automated email or SMS asking if this new login is from you.
If you have just logged into a service from a new computer, tablet, or phone; receiving an email that asks “hey, is this you?” need not be cause for alarm. If you haven’t, it may be time to investigate further. This feature is a very important part of information security and may be a key first step to identify someone else gaining access to your account.
Bank accounts missing money or strange transactions
The end goal for the majority of today’s hackers is typically to profit from their crimes by taking money from people online. As such, it pays to keep a regular eye on your financial transactions to make sure you know what money is coming and going from your account.
You may see a large sum missing where hackers have attempted to take as much as they can in a single transaction. On the other hand unknown or unusual small transactions may be attackers testing the login details they have, to confirm that they work.
Loss of mobile phone or land line connectivity
Phone interruption is a symptom that few people expect but can occur when hackers attack. Many banks and online services use a security feature known as two-factor or multi factor authentication (2FA or MFA). They do this by sending a code to your phone or app when you log in, you then have to enter this code to confirm who you are.
Hackers can try to work around this by calling your phone provider to report your phone as lost or stolen. During this call, they will request your phone number be transferred to a new sim card or redirected to another number that they control. When your bank sends its regular two-factor authentication code to the number registered, it goes instead to the hacker who then can log in. From your perspective the phone service will simply stop working, so if this happens contact your provider ASAP.
Another technique that may not even include a technical method is called social engineering. Social engineering is when hackers try to obtain confidential information by manipulating people to freely give them this information. This can be done in many different ways. Some examples are:
- A strangers phones your office and may pretend to be a customer or supplier but asks for personal or confidential information.
- A person claiming to be a supplier contacts you and asks you to change the bank account you send payments to.
- Some one attends your premises for some reason but you have no prior knowledge of who they are or why they are they are requesting access.
- Some one phones and claims to be from the technical department of your ISP or maybe even Microsoft and requests remote access to your computer.
- You receive an email claiming to be from the boss or management asking you to do something which doesn’t seem right – like purchasing iTunes vouchers or asking to authorize payment to a new supplier.
Keeping vigilant and maintaining security
These are only some of the techniques that hackers can try to use to gain access to your systems and accounts. It pays to be extra vigilant and pay close attention to the signs and signals that indicate you may have been hacked. It may als
If you suspect that you might have been hacked, or would like help to prevent hackers in future and are located in South Australia, give us at 08 8326 4364 and we will improve your security.
There are the normal costs everyone associates with a computer breach, like employee downtime and the costs associated with getting your network and computers fixed. But really, most businesses that haven’t been hit with a security incident view it as more of an inconvenience than a bottom-line cost. For those businesses who have come out the other side though, it’s a very different story. They know from firsthand experience that the hidden and ongoing costs of a data breach can be crippling and that IT security exists to protect your business on multiple levels. All those surprise costs that spiral out of control are why most businesses close down after a cyber-attack. Here are a few of the hard, but common cold hard realities of life after a hack.
Raiding the budget to reduce downtime
From the moment a cyber-attack compromises your system, things can get expensive, and the longer the attack goes, the more it costs. Latest statistics reveal most breaches aren’t identified for around 191 days and then it can take on average another 66 days to fix and contain the damage – during this time you are cleaning PCs, mobile devices, laptops, servers and even entire networks. Add to this the fees for IT professionals to fix everything up, the costs for new hardware and software to help prevent future incidents and all the hours/days/weeks when your business is struggling with downtime, businesses will quickly exhaust any emergency funds they have.
The long arm of the law
Depending on what data was stolen and how you handled the situation, you could be liable for fines into the millions. If medical data or legal files are leaked a particularly messy scenario may occur with fines coming from multiple sources.
New privacy laws also mean businesses are liable for large fines if they don’t disclose a data breach. Where this gets trickier is that the burden is on your business to know exactly what data has been stolen or illegally accessed, so that you can report it before the fines stack up. This means that even if you were able to fix up the systems yourself, you will still need to hire an expert who can identify exactly data what the hackers took or accessed.
Customer retention measures
In a double crush to your bottom line, not only does your business bear the cost of fixing the hack and your future income takes a hit as customers lose trust and leave. To offset this, many businesses need to spend more on advertising and public relations just to ensure they survive to fight another day.
The data breach disclosure may still come up in search results for many years to come. The more negative publicity your breach attracts, the more you’ll need to spend on customer retention.
All your secrets exposed
While you may not have high level secrets to protect, your business does have data that you would like to keep to yourself. Hackers love going after those juicy tidbits, and the more closely you guard them, the more attractive they are. While large corporations would be big enough to keep their competitive edge after the breach, your business success relies on at least some information staying secret (databases, client info, financial records etc).
But simply avoiding a breach doesn’t cost much at all…
The thing is, it’s not expensive to stay on top of it all and keep your business protected. For a low monthly fee, we can reverse the entire scenario and secure your systems against the unknown. That means no need to raid other department budgets in a panic, pay crippling fines and make embarrassing public announcements.
DP Computing can help with making sure your systems have the latest security patches and your anti-virus knows the latest tricks to watch for. Our technicians implemented a firewall or UTM device to build a virtual fortress around your business that keeps the bad guys out while letting you thrive. Whatever your needs are, both now and moving ahead, we’re here to help keep you safe.
Ready to secure your business against breaches? Give us a call on 08 8326 4364 or via email at firstname.lastname@example.org.
Businesses around the world are being targeted with a cyber-attack that sends victims a fake invoice that looks real enough to fool to most people. It is based on an old scam that used to see invoices faxed or mailed to the victims and now it has made its way into the digital world and instances are on the rise.
You may have already seen some of the less effective attempts – an email advising your domain is expiring (except it’s not from your host and your domain is nowhere near expiration) or others that describe a product or service you would never have purchased.
The new attacks though are much more advanced as they look completely legitimate and are often from contractors and suppliers you actually use. The logos are correct, spelling and grammar are spot on and they might even refer to actual work or products you regularly use. The senders name may also be the normal contact you deal with at that business as cyber criminals are able to ‘spoof’ real accounts and real people. While it is worrying that they know enough about your business to wear that disguise so well, a successful attack relies on you not knowing what to look for.
Here are two types of invoice attacks you may receive:
1) The Payment Redirect
This style of fake invoice either explicitly states that the payment should be made to a certain account (perhaps with a friendly note listing the new details) or includes a payment link direct to a new account. Your accounts payable person believes they are doing the right thing by resolving the invoice without bothering you and unwittingly sends money to a third party. The problem may not be discovered until an invoice from the real supplier comes in or the transaction is flagged in an audit. Due to the nature of international cyber crime, it’s unlikely you’ll be able to recover the funds even if you catch it quickly.
2) The Malware Link
Rather than an immediate cash grab, this style of attack asks your employee to click a link to download the invoice. The email may even look exactly like the ones normally generated by popular accounting tools like Quickbooks, Xero or MYOB. Once your employee has clicked the link, malware is downloaded to your systems that can trigger ransomware or data breaches. While an up-to-date anti-virus should block the attack at that stage, it’s not always guaranteed (especially with new and undiscovered malware). If it does get through, the malware quickly embeds itself deep into your systems and often remains silent until detected or activated.
How to Stay Safe
Awareness is key to ensuring these types of attacks have no impact on your business. As always, keep your anti-virus, firewalls and spam filters up to date to minimize the risk of the emails getting through in the first place.
Secondly, consider implementing a simple set of procedures regarding payments. These could include verifying account changes with a phone call (to the number you have on record, not the one in the email), double checking the invoices against purchase orders, appointing a single administrator to restrict access to accounts or even two-factor authorization for payments. Simple preemptive checks like hovering the mouse over any links before clicking and quickly making sure it looks correct can also help. If anything looks off, hold back on payment / clicking until it has been reviewed. Fake invoices attacks may be increasing, but that doesn’t mean your business will become a statistic, especially now that you know what’s going on and how you can stop them.
We can help increase your security, talk to us today. Call us at 08 8326 4364 or on email@example.com
2017 saw an increase in cybercrimes in Australia. Back in May, News.com.au reported on the massive ransomware attack across the world, mentioning that at least three private businesses in Australia were hit. While Australia didn’t experience any major attacks, other countries suffered losses. In total, the incident affected around 200,000 people in 150 countries. Countless computer systems were examined in relation to the extortion plot where users would get kicked out unless they sent payment.
2018 brings a clean slate of opportunities for online businesses to strengthen their security systems. Ecommerce platforms are the most at risk, since they involve payments and valuable information. In determining how strong your website’s defense is against hacker threats, consider some of these factors:
Identity thefts will not occur if there is nothing to steal. Therefore, you should refrain from saving any customer data that isn’t important to your business. Storing payment card details is against PCI (Payment Card Industry) standards anyway. These details are usually handled by the payment provider. What you can do is use an encrypted checkout tunnel so that your servers won’t save any payment data.
For your ecommerce business to have decent security, it should at least be able to withstand common attacks. Business2Community suggests to begin with a firewall, because it weeds out the untrusted networks and controls the website traffic. Firewalls serve as a great first line of defence against the usual hacking threats.
DoS and DDoS Protection
Once in a while, your server may be attacked by malicious queries that intend to keep your website from functioning properly. These Denial of Service or Distributed Denial of Service attacks can keep you out of business for a long time, which is why security measures should be taken to prevent them. DoS and DDoS raids can come from different sources, like applications and traffic flooding.
The best defence is to invest in more bandwidth, since a large amount of space will render it difficult for attackers to flood your site. The downside is that this is also the most expensive solution. However, it’s in your best interests to spend on security. DP Computing previously explained the importance of not being cheap when it comes to security technology, as it serves your business in the long run.
Another DP Computing article advised to pay close attention to the URLs on Google, because hackers would sometimes use phishing scams to acquire sensitive information from customers. These involve links that if accessed, will install malware on your PC that can steal information.
When checking URLs, be wary if the website uses only HTTP. It is more appropriate for ecommerce platforms to use HTTPS, especially on pages where data is created. Unlike in HTTPS, information entered on HTTP is not encrypted. The data is only sent as plain text, making it an easy target for hackers to intercept. Although, remember that not all website pages need to be in HTTPS, or else your website speed will suffer.
Pay attention as well to how your website appears on Google search results, especially if your business is using paid search ads. Ayima noted that Google has improved its algorithm on paid search ads, stating that emphasis is placed on close variants. This means that advertisers will have an easier time of building lists to match user queries. Since paid ads are becoming more rampant now, hackers have taken the opportunity to promote their malicious sites in order to fool thousands of victims. If by any chance, your website’s ad appears shady or seems similar to a malicious ad, take it as a sign to rethink your campaign.
In today’s digital landscape where hackers are getting more creative with their attacks, the importance of cyber security cannot be stressed further. For ecommerce businesses, security investment should be one of the top priorities. Left unchecked, your website could close down at any time, resulting in huge losses in revenue.
Firewalls are a well-known security essential, and we are certainly big fans, but did you know a firewall alone is not enough to keep your business safe? It is like building a fence around your house to keep the burglars out: You feel safe, private and secure… but the reality is, anyone with a ladder, enough motivation or ninja skills poses a real threat. That is why despite every networked business having a firewall in place, security breaches are increasing at an alarming rate – further protections are still needed.
Without these additional protections, once the firewall is beaten or bypassed it’s like a fox in a hen house. The bad guys are free to view and download files, make changes, and even take over your systems completely. That’s why computer security works best when it’s multi-layered. When one protection fails, the next layer kicks in to keep your business safe. And then the next, and the next…but that doesn’t mean you need CIA level security that gets in your way.
A few strategic, well-planned measures can provide all the protection your business needs to keep operating without costly downtime. While it’s cool to imagine a system so secure you’ll be opening doors with retinal scanners the reality is infinitely more usable and affordable. In fact, we’ll help you choose the perfect measures that blend invisibly into your existing processes, boosting security without affecting productivity. Take a look at some of our offerings:
Proper firewall device
While not enough by itself, your firewall is still your first line of defence. However, there’s a huge difference between the generic firewall that comes standard with your broadband router and a dedicated hardware firewall appliance. Our technicians will work with you to identify which firewall is suitable for your business.
Corporate Grade Antivirus Software
A free antivirus program might be ok for home use but do you really want a free program with no backup or support protecting your confidential business data and financial information?
We’ll help you give employees access to only the files they need to do their job. It’s not a matter of trust, but rather one of security. If they were the one to accidentally let the attackers through the firewall, perhaps by clicking an email link, you’re then able to limit the damage. Without this added layer of protection, it’s relatively easy to access any and all files.
Encrypt confidential files
More secure than simply password locking a file, this uses a secret ‘key’ to scramble the files and their contents, so that when anyone else tries to view them all they see is incomprehensible nonsense. Our technicians can setup an encryption system for you so that approved users can use them normally while all files remain secure.
As nothing is totally 100% secure no matter what features you implement a backup is a necessity. Having your data backup on multiple removable devices (stored both locally and offsite) as well as a cloud based backup is a must.
DP Computing offers security services to make sure all our clients are protected and all their security products are operating at 100% efficiency. Threat analysis, prevention, management and response are all included so your focus can remain on growing your business and we’ll take care of the bad guys.
Give us a call at 08 8326 4364 or via email at firstname.lastname@example.org about multi-layered protections for your business.
You can have the best in computer and network security but if you or one of your staff members inadvertently give out some information all the security can come to nought.
Social engineering is the art of manipulating other people to take certain actions or divulge private information. Some hackers use social engineers techniques and skip the hassle of writing code and go straight for the weakest link in your security defenses – you and your employees. A seemingly innocent phone call or email may be all it takes to gain access to your computer systems, despite having solid software and hardware protections in place.
Here are a few ways on how social engineers work:
Email: Pretending to be a co-worker, supplier or customer who needs a simple piece of information. It could be a money transfer, contact person or some sort of personal details that they pretend they already know, but simply don’t have in front of them. The hacker may also create a sense of urgency or indicate fear that they’ll get in trouble without this information. Your employee is naturally inclined to help and quickly responds with a reply.
Phone: Posing as IT support, government official or even a customer, the hacker can manipulate your employee into changing a password or giving out information. These attacks are hard to identify and the hacker can be very persuasive, even using background sound effects like a crying baby or call-center noise to trigger empathy or trust.
In person: A person in uniform or a repairman can easily get past most people without question. The social engineer can then quickly move into sensitive areas of your business. Once inside, they become invisible and are free to install network listening devices, read a Post-it note listing passwords or gain information and tamper with your business in other ways.
It’s impossible to predict when and where (or how) a social engineer will strike. The above attacks aren’t particularly sophisticated but can be extremely effective. Your staff have been trained to be helpful, but this can also be a weakness.
So what can you do to protect your business? First, recognize that not all of your employees have the same level of interaction with people, the front desk person taking calls and welcoming visitors is at higher risk than the back office or factory worker. We recommend cyber-security training for each level of risk identified and focus on responding to the types of scenarios like those listed above. Social engineering is too dangerous to take lightly.
Talk to us about your cyber security options today. Call us at 08 8326 4364 or at email@example.com