Data Breach

Massive New Data Breach Found! | Chilliwack IT Support Professionals

Troy Hunt, the man behind the popular data breach website, Have I Been Pwned, has recently reported a huge new collection of user data has been found on one of the hacking forums. Now, when I say huge, I mean massive… enormous… gigantic… colossus… well, I think you are probably getting the picture. So, exactly how big was it? This data breach contained 2.7 BILLION records, from over 770 MILLION compromised accounts!

IMG_0625-300x197.jpg

The breach is the largest single one ever to have been loaded onto the Have I Been Pwned website and contains a staggering 21+ million unique stolen passwords. The exact origins of where the data was taken from is a little harder to pinpoint, but experts believe that most are from a collection of older websites and breaches. So, if you are the smart sort of person, who regularly updates their passwords and uses lots of different ones, you shouldn’t be too concerned. However, it will still be a good idea to head to the Have I Been Pwned website and enter your email address. If it tells you that your address has been found in any data breach, it will list them for you. (So, you can then go to these sites, if you do still use them, and change your details.) This huge breach, mentioned above, will be named Collection #1.

Of course, as long as there are hackers, data breaches will continue to happen. The best way to protect yourself is follow these tips:

random-password-generator-300x230.png
  1. Use unobvious complicated passwords. The best ones are the ones made by random password generators. (Even some browsers like Chrome have these built in). Make them at least 8-12 characters, with a mix of letters, numbers and symbols.

  2. Use a different password for every place you need one! Sounds scary for anyone who can’t remember what they had for breakfast… but tip #3 will come to your rescue on this one.

  3. Keep your passwords somewhere safe like a digital password manager (LastPass, Sticky Password, Dashlane, 1Password etc). If you are “old school”, even a notebook works! (Hey, if your house or office ever gets broken, chances are that they will be skipping out with your TV or laptop and won’t give a scrappy notebook a second glance!)

  4. Update your passwords regularly. They say passwords are like underwear… keep them out of sight and change them often!

5 Ways to Help Your Business Be More Cyber-safe! | Chilliwack & Abbotsford IT Support

October is Cyber Security Awareness Month, and the need for awareness has never been higher! The stats are alarming...

stats about cyber security threats

For businesses, the situation is just as scary.

50% of small businesses don't think that they will be targets of cyber crime.

BUT 40% of all cyber attacks in 2011 were on small to medium sized businesses.

The cost of cybercrime is about to reach $6 TRILLION, with no signs of slowing down!!

Put simply, EVERYONE is a target for cyber crime - the bad guys are not picky about size of business or the industry. As with so many things in life, prevention is much better than cure... but in the business world, cyber crime prevention can save hassle, time AND a LOT of money.

This month, we are sharing tips and advice here and on our Facebook Page ... but to start, here are 5 ways you can help make your business a #cybersafebusiness !

app-browser-coffee-6335-300x200.jpg

1. Secure personal devices. Personal devices allow us to do business "on the road", but limit how much you use them, avoid public wifi for work use when you can, and make sure employees follow a security policy.

2. Train employees on the threats. If your staff are online at your business, include training on the latest threats, such as email scams, viruses, phishing and malware.

3. Teach smart clicking. Make yourself, and your staff, familiar with what a suspicious link and email looks like. Things to look out for include hyphens, numbers, spelling mistakes and symbols replacing regular characters. (We have a blog post illustrating some ways to safely spot bad links.)

cmdr-shane-610506-unsplash-300x196.jpg

4. Use strong passwords. Make your passwords obscure, long and a good mix of uppercase, lowercase, numbers and symbols. Use different passwords for different places and do not write them on scraps of paper where they can be taken or copied.

5. A have a good plan in place for when employees leave. When an employee leaves, make sure their account passwords are changed immediately, and documents are secure.

To celebrate Cyber Security Awareness Month, and to help give local businesses a leg-up on getting #cybersafe, we are offering 30% off our Tech Health Check-ups!  These check-ups do cover way more than just your security vulnerabilities. We look at all of your technology and the way you use it, to see where you can avoid future problems, and find out how you can work smarter while saving money.

ECommerce Sites Beware - TLS Upgrade Deadline is Almost Here! |Chilliwack Business Tech Support

dai-ke-32162-unsplash-300x200.jpg

If you have an eCommerce website, or do a lot of online shopping, you may have heard rumblings about an important TLS upgrade. The reason for this chatter is because the deadline is now almost here for eCommerce websites to update their SSL or earlier versions of their TLS protocols to TLS 1.2 or 1.3.

If this is all new to you, TLS stands for Transport Layer Security, and it is a layer of security that allows computers to safely and securely communicate for things like sending credit card details, or logging into financial websites. The earlier versions of TLS are suffering from of a number of weaknesses – the scary kind of weaknesses that would put customers’ data at risk of being altered or stolen.

Because of these weaknesses, the Payment Card Industry Security Standards Council (PCI) ruled that all sites, that transmit or process credit card data, need to update to version 1.2 by June 30, 2018. After June 30, older browsers or API clients that have not been updated, will no longer work for things like credit card payments. (And if they do still work, the site could face some serious fines for not being PCI compliant, in the case of a data breach.)

rawpixel-555905-unsplash-300x200.jpg

Thankfully, many card processing services (like Stripe, PayPal and Shopify), along with most web browsers, already support TLS 1.2, and have done for a few years. A number of older versions of browsers, however, do not.  You can see a complete list of compliant or at-risk browsers at https://www.ssllabs.com/ssltest/clients.html.

If you are an eCommerce-related business, and want to check your compliancy is up to date, contact our team, and we will be happy to put your mind at ease, or upgrade you where needed.

Our Top 5 Tips to Protect Your Passwords Online | Fraser Valley Tech Support

OK… time to be honest… exactly how careful are you with your passwords?Are you one of those people who uses the same one for a few accounts?

Do you change them often? Do you change them at all?!

If you are that person... the one that uses the same password for everything, and never changes it... then you are certainly not alone.

A report found that more than 80% of people, over the age of 18, used the same password for multiple accounts, and 50% had not changed then in 5 years. So… it is not surprising to learn that almost half of those surveyed people had also experienced a security problem at some point in the previous year, like having an account hacked or data stolen.

Data breaches happen all over the place… from the comfort of your living room in Chilliwack BC, all the way up to some of the biggest (and supposedly secure) companies in the world, including Instagram, LinkedIn, Snapchat, Twitter, Adobe, Yahoo, Uber, Ebay, Home Depot, Target, Sony, Equifax…. woah, I could go on for a while! (Incidentally, if you are curious and want to be completely freaked out by how unsecure the world is, you can see a LOT more of that list here! )

Passwords are like underwear - don't let people see them and change them often!

Put simply, passwords are a little bit like underwear – they really shouldn’t be shared (euww), and REALLY should be changed often!  So... here, from our team of  wonderful clean-underwear-clad IT professionals, are a list of our top 5 tips to help you protect your accounts online, at the front door...

#1  - USE A DIFFERENT PASSWORD FOR EACH ACCOUNT

Yup... that does mean you'll have to think of more than 1... and even worse, REMEMBER more than that 1! You can do it! Cast your mind back 20 years, when we used to actually remember everyone's phone numbers, before we had them all stored in our phones. OK...OK... if you REALLY really can't, don't panic...we have help for you further down...

#2 - THE LONGER THE PASSWORD, THE BETTER!

When it comes to passwords, size really does matter! Your password should ideally be more than 10 characters... but 16 or more is even better!

#3 - USE TWO FACTOR AUTHENTICATION

Two Factor Authentication (or 2FA) is an extra layer of security where you not only need your username and password, but you also need some get an additional piece of info away from the place you are logging into. For example, you login with the username and password on your computer, but then you also need to get a verification code from your cell phone.

#4 - DON'T SAVE PASSWORDS IN THE BROWSER

Now that you have started using a bazillion different passwords, like your friendly IT guy told you to, having them saved and auto-filled in your browser would make life SO much easier and faster, when zipping around the net. BUT it'd also make it a whole lot easier for the dodgy dude who just stole your laptop too!

I know... we are back to this "I can't remember them all!" thing again. Well, instead of using your flimsy browser's cookie jar, you can use a nifty "password wallet" like LastPass or Keepass. FAR safer!

dog-in-disguise-300x300.jpg

#5 - MAKE SURE THE URL IS THE ONE YOU WERE LOOKING FOR

This is particularly important if you are online gift shopping and about to part with your credit card details at the check-out! The site you are on may LOOK like the site you intended to visit... but is it a phishing site in disguise?? Check that the URL in the address bar above, actually is the link for that website, and you haven't been inadvertently misdirected to some dodgy copy! (This can happen a lot in emails... never follow the link from an unexpected email... always type the link of the real site instead!)

So... change those passwords, change them often... and use your common sense to stay safe out there!! (After all, you can't pepper spray your screen!)