Cybersecurity

An Update on the latest Updates! (Critical Software Updates, that is...) | Fraser Valley IT Support

Photo by  Émile Perron  on  Unsplash

Have you got your machine running updates automatically? If the answer is yes, you can breathe a sigh of relief and carry on with your day. If not, stop what you are doing, and get on to it straight away! Updates are way more than being about adding cool new functions and tools. Their primary purpose is to protect you against the ever-changing malware landscape and its constant onslaught of attacks. Brand new attacks are being developed daily, so software developers have to be equally proactive with patches to block them.

It is patching time at Microsoft, and the latest release contain advisories and updates to take care of 94 vulnerabilities for Windows and various other products, like Explorer, Edge, Visual Studio, Active Directory and Microsoft Dynamics. 26 of these updates are being rated as critical.

2 of these are to protect against 2 new ‘wormable’, critical, Remote Desktop Protocol (RDP) vulnerabilities and affect all versions of Windows, including 10 and Windows Server. If left unfixed, cybercriminals could use the vulnerabilities to remotely access an unprotected computer and install malware… so this one is a bit of a get-it-patched-now kind of job!

To follow suit, Adobe has also released a group of patch updates. Theirs will take care of 119 vulnerabilities, including patches in Creative Cloud, and the very popular Acrobat and Reader. The most critical of which should block up the chance of data leakage from an arbitrary code execution.

If you have a business in Chillwack, Abbotsford, Langley, Hope or surrounding areas, and are not sure if your software is updating like it should be, our team of friendly, local I.T. experts are happy to help. Give us a call on 778-771-0184 or email help@wildfrogsystems.com.

Two Factor Authentication – What Is It and Do You Need It? | Fraser Valley Technology Consultants

beverage-blog-blogger-1799342.jpg

The world of digital security is a minefield, these days. It is now almost a daily occurrence to see companies either fall victim to (or be fined for) major data breaches. (The list of companies hit makes for some impressive reading!) In fact, there have been over 14 billion data breaches since 2013, and that number is fast increasing, with 75 data records are being stolen every second!

Not all breaches are caused by nefarious hackers. Believe it or not, they only amount for just over 40% of breaches. Other causes making up the remainder include technical glitches or employee error.

We’ve said it before. Passwords should be complicated and changed often. But can you do more? Yes, you can!

What is 2FA?

One snazzy concept that was introduced to thwart login hackers is two factor authentication (2FA). This is where, after you have entered your password, you add a 2nd way to tell the site that you are definitely you! (Like the way, in the movies, that the scientists entering the super-secret spy lab have to use a swipe card and then a retinal scanner to gain entry.) Since you need both to access the account, this extra layer of security seriously increases the protection of sensitive data from these cases of a password database being stolen or hacked.

Blank Diagram (3).png

This second layer can be biometric, like with face detection or fingerprint scanning software, or it can involve sending a one-time-use number code to another device you own, via a text or special app. The latter is probably the most commonly seen and used, at the moment .

Should I use it?

Yes! So many companies are now offering it as an option – Apple, Square, Intuit, Amazon, Google, Facebook, Microsoft, Dropbox, PayPal, GoDaddy…and so on. If a site gives you the option, take it! (Especially anywhere that will have any valuable ID info, financial records or payment details.) You can see who has it and who doesn’t at twofactorauth.org. If you are not sure how to turn on 2FA at those sites, Telesign have set up a website, with tutorials, to show you how!

What is Spear Phishing and How To Avoid It | Fraser Valley IT Consultants

anonymous-4165613_1920.jpg

You have probably already heard of phishing – after all, it is everywhere, these days - from the good old-fashioned Nigerian prince email all the way through to the CRA phone scam (also known as voice-phishing or vishing). The scammers cast a huge, wide, net as far as they can, and wait to see if anyone bites. However, there is another, more-complex level of phishing, that you may not have heard of, called Spear Phishing.

media-998990_1920.jpg

Spear phishing is different in that they target a specific person – usually someone in a large company with access to valuable data or finances. Before they are contacted, the scammer will take the time to do some research on their intended victim, mostly online through social media accounts etc.

Using the personal information that they have gathered, they will then contact this intended victim, making their email as personal and legit looking as they can. It may be as an application to a job that they know they are recruiting for, or a faked email from a friend claiming to have a link to a new menu from a favourite restaurant. Of course, this link or document will contain a malware-infected link or document.  Once clicked, the hacker either gains access to company data, or can plant a crypto-locker virus for ransoming.

silhouettes-81830_1920.jpg

Most spear phishing is aimed at mid-tier employees. However, there are a few brave spear-phishers who will sometimes target someone at the top of the company tree, like a CEO, CFO or senior manager. When this happens, it is called whaling.

So, how can you prevent this kind of phishing?

  • Education is a key one here. Making employees aware that this can happen will go a long way! Advise them to keep their social media content as private as possible (after all, that is as much for their own personal benefit as yours!).

  • Make sure all employees know what to look for in fake emails (such as poor spelling and grammar, or checking link addresses before clicking them by hovering the mouse pointer to see a pop-up box of the address. If you get a link claiming to be from a certain bank or company, open a browser window and go to the bank/company website directly and compare their actual address to the one you see on the email.

  • Limit data to the people who need it. If you keep data on shared drives, make sure sensitive data is housed on separate drives (eg a drive for Accounting only, a drive for customer lists only etc) and only give people access to the areas/drives they need to work.

  • Keep all software, anti-virus programs and firewalls up-to-date.

  • Back-up, back-up, back-up!! Back-up your data well and back-up often!!

If you are worried about your company’s potential vulnerabilities, give our team a call at 778-771-0184 or email info@wildfrogsystems.com, and talk to us about scheduling a Tech Health Check-Up.

Massive New Data Breach Found! | Chilliwack IT Support Professionals

Troy Hunt, the man behind the popular data breach website, Have I Been Pwned, has recently reported a huge new collection of user data has been found on one of the hacking forums. Now, when I say huge, I mean massive… enormous… gigantic… colossus… well, I think you are probably getting the picture. So, exactly how big was it? This data breach contained 2.7 BILLION records, from over 770 MILLION compromised accounts!

IMG_0625-300x197.jpg

The breach is the largest single one ever to have been loaded onto the Have I Been Pwned website and contains a staggering 21+ million unique stolen passwords. The exact origins of where the data was taken from is a little harder to pinpoint, but experts believe that most are from a collection of older websites and breaches. So, if you are the smart sort of person, who regularly updates their passwords and uses lots of different ones, you shouldn’t be too concerned. However, it will still be a good idea to head to the Have I Been Pwned website and enter your email address. If it tells you that your address has been found in any data breach, it will list them for you. (So, you can then go to these sites, if you do still use them, and change your details.) This huge breach, mentioned above, will be named Collection #1.

Of course, as long as there are hackers, data breaches will continue to happen. The best way to protect yourself is follow these tips:

random-password-generator-300x230.png
  1. Use unobvious complicated passwords. The best ones are the ones made by random password generators. (Even some browsers like Chrome have these built in). Make them at least 8-12 characters, with a mix of letters, numbers and symbols.

  2. Use a different password for every place you need one! Sounds scary for anyone who can’t remember what they had for breakfast… but tip #3 will come to your rescue on this one.

  3. Keep your passwords somewhere safe like a digital password manager (LastPass, Sticky Password, Dashlane, 1Password etc). If you are “old school”, even a notebook works! (Hey, if your house or office ever gets broken, chances are that they will be skipping out with your TV or laptop and won’t give a scrappy notebook a second glance!)

  4. Update your passwords regularly. They say passwords are like underwear… keep them out of sight and change them often!

How to Make Sure Your Mobile Tech is Safe

rawpixel-651368-unsplash-300x200.jpg

The era of smartphones has certainly changed the world we live in and do business. It is estimated that by 2020, there will be 6 billion smartphone users in the world, and with the ability to do practically everything (from checking emails and googling directions, to taking payments and online banking… and even pre-paying and ordering your next coffee at Starbucks!) they are replacing more and more PCs at home and in the workplace.

However, having complete access to your life in your pocket can also have some major security concerns – particularly if you do use your mobile device to do business. Up to now, mobile malware has been fairly uncommon (taking up only 8% of the total infection pie) … however, this malware is now increasing at an alarming rate. There was already a 27% increase in new mobile malware at the end of last year, and that figure is climbing.

Android devices are seemingly the main target for malware, which is understandable when you consider that 85% of the world’s smartphone users are on that platform. That being said, that does not mean that other devices are completely safe!

stats on mobile banking trojans

Threats come in a few different forms:

  • Banking trojans. These pretend to be legitimate banking apps which lure users into downloading them and then steal their credentials.

  • SMS malware. These use the phone to send premium rate texts without the user knowing.

  • Mobile spyware. Like it’s PC counterpart, it will secretly monitor your activity.

  • Rooting malware. Uses root access to do all sorts of damage, from stealing passwords to purchasing and installing apps.

  • Device theft! Something this small and this valuable is easy prey to the opportunist thief.

So, what can you do to protect yourself and your company?

Here are a few things to help:

  1. Beware of what apps you load onto your device. Only download apps from trusted sources and be wary of any app that asks for more info than it needs to do its job.

  2. Be careful of using public Wi-Fi sources (eg at airports & coffee shops). If you are using your device for business, look into having company policies on public Wi-Fi use, and provide VPN technology to your employees if needed.

  3. Keep your OS up-to-date, as well as your apps.

  4. Do not allow employees to use jailbroken or rooted devices for work purposes.

  5. Encrypt devices. Strong passwords are a must!

  6. Encourage employees to install anti-malware (Android).

  7. Educate employees on the dangers of mobile malware.

If you need help with setting up your mobile technology to be safer, or what company policies to bring in for protection, our team is here to help! Send an email to info@wildfrogsystems.com or call 778-771-0184.

5 Ways to Help Your Business Be More Cyber-safe! | Chilliwack & Abbotsford IT Support

October is Cyber Security Awareness Month, and the need for awareness has never been higher! The stats are alarming...

stats about cyber security threats

For businesses, the situation is just as scary.

50% of small businesses don't think that they will be targets of cyber crime.

BUT 40% of all cyber attacks in 2011 were on small to medium sized businesses.

The cost of cybercrime is about to reach $6 TRILLION, with no signs of slowing down!!

Put simply, EVERYONE is a target for cyber crime - the bad guys are not picky about size of business or the industry. As with so many things in life, prevention is much better than cure... but in the business world, cyber crime prevention can save hassle, time AND a LOT of money.

This month, we are sharing tips and advice here and on our Facebook Page ... but to start, here are 5 ways you can help make your business a #cybersafebusiness !

app-browser-coffee-6335-300x200.jpg

1. Secure personal devices. Personal devices allow us to do business "on the road", but limit how much you use them, avoid public wifi for work use when you can, and make sure employees follow a security policy.

2. Train employees on the threats. If your staff are online at your business, include training on the latest threats, such as email scams, viruses, phishing and malware.

3. Teach smart clicking. Make yourself, and your staff, familiar with what a suspicious link and email looks like. Things to look out for include hyphens, numbers, spelling mistakes and symbols replacing regular characters. (We have a blog post illustrating some ways to safely spot bad links.)

cmdr-shane-610506-unsplash-300x196.jpg

4. Use strong passwords. Make your passwords obscure, long and a good mix of uppercase, lowercase, numbers and symbols. Use different passwords for different places and do not write them on scraps of paper where they can be taken or copied.

5. A have a good plan in place for when employees leave. When an employee leaves, make sure their account passwords are changed immediately, and documents are secure.

To celebrate Cyber Security Awareness Month, and to help give local businesses a leg-up on getting #cybersafe, we are offering 30% off our Tech Health Check-ups!  These check-ups do cover way more than just your security vulnerabilities. We look at all of your technology and the way you use it, to see where you can avoid future problems, and find out how you can work smarter while saving money.

Is Tech Fraud Getting Worse? | Abbotsford & Chilliwack Tech Security Consultants

email fraud stats

Tech Fraud IS on the rise and no-one is safe! A quarterly report was recently released that looked at who tech scams are targeting… and the results were both interesting and a little scary.

Overall, the summer saw a 25% rise in the number of email fraud attacks on targeted companies, but what is scarier is that also meant a whopping rise of 85% on the same quarter last year!

DANGEROUS EMAILS ON THE RISE

The amount of malicious emails, appearing in inboxes rose by 36% on the previous quarter. Among all that nasty stuff, 11% were ransomware emails.

WHAT IS RANSOMWARE?

It is a particularly devious scheme where you will be sent an innocent looking email containing a link or file. That file, when clicked, releases a virus that locks you out of all your data. You then receive an email demanding payment for your data’s release – often in bitcoin or other electronic funds. The ransom amount can vary, but typically costs a company thousands of dollars.

fake tech support stats

TECH SUPPORT FRAUD IS GROWING FAST

One of the most famous forms of tech fraud, is (surprisingly) now also the biggest growing one – the good ‘ole Technical Support Fraud! (The one where you receive a call from a thick-accented individual in a noisy call-centre, claiming to be something like Microsoft Windows). Given the amount of publicity and public education that this form of fraud has attracted (not to mention a slew of YouTube videos with people winding up these scammers), it is surprising to see it is still growing, but it is. This quarter’s attacks jumped by 36%... which gives an astounding 400% increase on the same period a year ago!!

social media fraud security stats

SOCIAL MEDIA IS NOT SAFE

The report also showed that attacks are now coming from more directions than just email and your phone. Social media is gaining its fair share, with the most popular being from “angler phishing”. This is where fraudsters create fake accounts that mimic famous brands. Then when someone has a legitimate customer service requests, they swoop in and pretend to be that brand in order to gather the customer’s information.

Overall, all types of fraud were on the increase, with no discrimination in who they targeted (all career levels) or where they targeted (all industries and all company sizes, with retail and government hit hardest).

HOW CAN WE PROTECT OURSELVES AGAINST TECH FRAUD?

The burning question is how can you protect both yourself and your staff? Preparation is your biggest weapon! Here are a few things to help to get you started…

  • TRAINING - Knowing what to look for and educating all of your staff on what to spot, is the best plan. You can check out one of previous blog posts to see what the telltale signs of a scam email are.

  • BLOCKERS – up-to-date spam filters and virus software can help filter out most of the threats before ever reaching your inboxes.

  • BACK-UPS – a regular back-up of all your data means far less downtime (if any) and huge cost savings in the case of a ransomware attack. You don’t have to buy back that information if you already have another copy somewhere else!

You can see the rest of the report, including more stats on the different targeted departments and industries, here. If you would like more information on how to protect your company’s systems, whether it is a good virus software and back-up solutions or staff awareness training, you can contact us at Wild Frog Systems, and we will be happy to help! Email info@wildfrogsystems.com or call 778-771-0184.