security

Two Factor Authentication – What Is It and Do You Need It? | Fraser Valley Technology Consultants

beverage-blog-blogger-1799342.jpg

The world of digital security is a minefield, these days. It is now almost a daily occurrence to see companies either fall victim to (or be fined for) major data breaches. (The list of companies hit makes for some impressive reading!) In fact, there have been over 14 billion data breaches since 2013, and that number is fast increasing, with 75 data records are being stolen every second!

Not all breaches are caused by nefarious hackers. Believe it or not, they only amount for just over 40% of breaches. Other causes making up the remainder include technical glitches or employee error.

We’ve said it before. Passwords should be complicated and changed often. But can you do more? Yes, you can!

What is 2FA?

One snazzy concept that was introduced to thwart login hackers is two factor authentication (2FA). This is where, after you have entered your password, you add a 2nd way to tell the site that you are definitely you! (Like the way, in the movies, that the scientists entering the super-secret spy lab have to use a swipe card and then a retinal scanner to gain entry.) Since you need both to access the account, this extra layer of security seriously increases the protection of sensitive data from these cases of a password database being stolen or hacked.

Blank Diagram (3).png

This second layer can be biometric, like with face detection or fingerprint scanning software, or it can involve sending a one-time-use number code to another device you own, via a text or special app. The latter is probably the most commonly seen and used, at the moment .

Should I use it?

Yes! So many companies are now offering it as an option – Apple, Square, Intuit, Amazon, Google, Facebook, Microsoft, Dropbox, PayPal, GoDaddy…and so on. If a site gives you the option, take it! (Especially anywhere that will have any valuable ID info, financial records or payment details.) You can see who has it and who doesn’t at twofactorauth.org. If you are not sure how to turn on 2FA at those sites, Telesign have set up a website, with tutorials, to show you how!

Our Top Tips to Avoid Device Theft When Travelling | Fraser Valley Tech Consultants

Many of the people we work with spend a fair amount of time out of the traditional office setting and on the road. Since summer is now fully with us and, probably, the most popular season for travelling, we thought it was a good time to give a few reminders and tips on how to avoid your tech (or data) being stolen while you are on the road!

Image by Austin Distel on Unsplash

Image by Austin Distel on Unsplash

The temporary coffee shop office

This should be a no-brainer, but you would be shocked how many times we have been at a coffee shop and watched someone leave an untethered laptop or bag, while they disappear to the bathroom. You can be complacent and say “oh, it’s a quiet, local spot… we’re in a safe part of town”, but it takes seconds for an opportunist thief to swoop by. Not only are you vulnerable to theft, though, you are also vulnerable to prying eyes!

If you are working remotely at somewhere at a coffee shop, you should be taking the following precautions:

1.      Use a laptop tether to secure your device to the table.

2.      If you need the bathroom, and you are alone, take your bag with you!!!

3.      Be aware of who/what is behind you, especially if you have sensitive info on the screen. (Ideally locate yourself so only a solid wall is behind you.)

4.      Try to avoid using the “free WiFi”, but if you really must, only use websites that use HTTPS, make sure you are definitely on the coffee shop owner’s WiFi and use a VPN before logging into any accounts or view sensitive data. (A recent survey found 70% of hacks actually took place through unsecured public Wifi!)

Photo by   Oleg Magni   from   Pexels

Photo by Oleg Magni from Pexels

Security at your destination

No matter where you go in the world, there will always be plenty of light-fingered friends to relieve you of your prized tech. Beaches are a goldmine for pickpockets and petty thieves. Once again, it can only take a few seconds for someone to scoop your bag (and valuable tech devices) while you quickly cool off in the waves.

1.      The best defense is to simply not take your mobile devices to the beach!

2.      Make use of the hotel safes.

3.      If you must take your device, and want to swim, (and it’s not waterproof) look at purchasing a waterproof case so you can keep it with you.

4.      If you must take your device and want to take a nap on the beach, keep the device discretely tucked away and preferably anchored/hidden under your body!

5.      Be vigilant of unexpected distractions. Thieves can use these as a diversion, and when your gaze wanders, your stuff becomes theirs!

6.      Keep close to lifeguard towers. Of course, these guys are there for safety and not to watch your stuff… but thieves will avoid those areas because of the higher risk of getting caught.

The airport security scam

If a flight is on your travelling agenda, watch out for the dreaded X-ray scanner scam! Here is how it works…

At the airport security check, the first scammer will go through the line quickly & efficiently. A second scammer will wait until the people just behind them have loaded up their tech devices (cellphones, laptops etc) to the x-ray machine conveyor belt, and then proceed to hold these people up (something innocently-looking like struggling to get keys or change out of a pocket).  The first scammer then scoops up those devices as they emerge from the x-ray at the other end and walks away!

Be vigilant and only put your devices on the belt when it is your turn to go through, keeping an eye on them as they pass by! If you see someone taking an unhealthy interest in your devices, alert security personnel immediately.

Safe travels!

Top 6 Tips to Protect Your Business Technology & Data From Theft | Chilliwack & Abbotsford IT Consultants

thief-1562699_1920.jpg

We have talked a fair bit, before, about protecting your business against online threats – with all sorts of scammers constantly trying to steal passwords, identities, data or money. But what about the good old-fashioned real-world threats of theft? No matter how safe you think your location is, break-ins and property theft are also still a concern that you should take into consideration for your business.

Here are our top 6 tips to help you protect your data, and keep the impact to a minimum, if your business is broken into…

1. Anchor or tether equipment to immovable objects

25856676-9F12-44B6-BC4D-6D6B8A2A7ADD.JPEG

A laptop is stolen every 53 seconds (according to tech research firm, Gartner). Stats suggest that the vast majority of these are actually stolen from public places, but they are still a quick payday from an office-interloper too. Did you know there is a way that you can lock up your laptop to protect it from light-fingered visitors? Almost all laptops, for quite a while now, have a small opening on them where you can attach a locking cable. (Like this one , available at Staples) So, you can use this to lock your laptop to an immovable object! You can also do something similar with desktop units in the office.

2. Lock computer cases to prevent removal of hard disks.

For the smart thief, yanking out hard drives makes a quicker & lighter getaway. To thwart them, locking a computer case completely shuts them out – and adding that to a machine already tethered, your data is far safer!

3. Back-up data to online storage

Our favourite phrase does seem to be back-up, back-up, back-up… but we just can’t stress this one enough! Back-ups can save so much time and money in cases of data loss, whether it is from a theft or natural disaster. Using online server storage will also protect precious data in the event of a hardware theft, since that precious data was never on the machine to begin with!

4. Encrypt your hard disk

If you do have to keep important data or files on your PC/laptop, then encrypting your hard disk is a great way of keeping non-authorized eyes away from the goods! (Particularly if you are on the road a lot and not always able to tether your machine). If you are using Windows 7, 8 or 10, then this is actually a really easy thing to do yourself. You can see how, by checking out our quick tip video…

5. Keep servers & network storage devices locked away.

If you do use physical storage devices in your business, make sure they are kept in a locked room or cabinet. Key/combination holders should be kept to a minimum, with access given to only those people who really need it.

6. Install tracking software

If you are the kind of business that is on the move a lot, you may want to consider installing tracking software or services to your mobile devices. Sadly, the chances of retrieving a stolen device are slim, but this could give you a fighting chance… and many will, at least, give you the opportunity to wipe the data from the wandering device! Prey and LockItTight are 2 such services who can help you to track your devices and secure or delete data, or even see what the thief is up to.

If you are an Apple consumer, you have the Find My Mac or iPhone options in the iCloud settings, which also allow you to lock or wipe the devices. Make sure the setting is on.

If you are in Chilliwack, Abbotsford, Langley or the surrounding areas of the BC Fraser Valley, and would like more advice on how you can protect your business technology both online and in the real world, our team will be happy to help! Call us to book a consultation at 778-771-0184 or email help@wildfrogsystems.com.

What is Spear Phishing and How To Avoid It | Fraser Valley IT Consultants

anonymous-4165613_1920.jpg

You have probably already heard of phishing – after all, it is everywhere, these days - from the good old-fashioned Nigerian prince email all the way through to the CRA phone scam (also known as voice-phishing or vishing). The scammers cast a huge, wide, net as far as they can, and wait to see if anyone bites. However, there is another, more-complex level of phishing, that you may not have heard of, called Spear Phishing.

media-998990_1920.jpg

Spear phishing is different in that they target a specific person – usually someone in a large company with access to valuable data or finances. Before they are contacted, the scammer will take the time to do some research on their intended victim, mostly online through social media accounts etc.

Using the personal information that they have gathered, they will then contact this intended victim, making their email as personal and legit looking as they can. It may be as an application to a job that they know they are recruiting for, or a faked email from a friend claiming to have a link to a new menu from a favourite restaurant. Of course, this link or document will contain a malware-infected link or document.  Once clicked, the hacker either gains access to company data, or can plant a crypto-locker virus for ransoming.

silhouettes-81830_1920.jpg

Most spear phishing is aimed at mid-tier employees. However, there are a few brave spear-phishers who will sometimes target someone at the top of the company tree, like a CEO, CFO or senior manager. When this happens, it is called whaling.

So, how can you prevent this kind of phishing?

  • Education is a key one here. Making employees aware that this can happen will go a long way! Advise them to keep their social media content as private as possible (after all, that is as much for their own personal benefit as yours!).

  • Make sure all employees know what to look for in fake emails (such as poor spelling and grammar, or checking link addresses before clicking them by hovering the mouse pointer to see a pop-up box of the address. If you get a link claiming to be from a certain bank or company, open a browser window and go to the bank/company website directly and compare their actual address to the one you see on the email.

  • Limit data to the people who need it. If you keep data on shared drives, make sure sensitive data is housed on separate drives (eg a drive for Accounting only, a drive for customer lists only etc) and only give people access to the areas/drives they need to work.

  • Keep all software, anti-virus programs and firewalls up-to-date.

  • Back-up, back-up, back-up!! Back-up your data well and back-up often!!

If you are worried about your company’s potential vulnerabilities, give our team a call at 778-771-0184 or email info@wildfrogsystems.com, and talk to us about scheduling a Tech Health Check-Up.

Top 5 Reasons Why You Need a Disaster Recovery Plan | Fraser Valley Business IT Consultants

Running a business is already a lot of work on a day-to-day basis, so it’s not surprising when we come across businesses who have not had chance to put together a disaster plan. Most have probably thought about it at some point, but the hustle and bustle of getting things going, or keeping the money rolling in, has taken precious time from turning those thoughts into an actual plan.

So, how important is a disaster plan? The answer is VITAL! If your business does not have a plan for these top 5 scenarios, stop now and start getting one sorted before it is too late and very costly.

blaze-bonfire-burn-672636.jpg

1. Natural disaster

We may not be directly on an earthquake Fault-line, (we are kinda close, though) or in the shadow of an active Hawaiian volcano, but there are still plenty of potential natural disasters that could cripple a business either short or long term. It can range from temporary power failure from a wind/ice storm, all the way through to permanent loss from fire. (A particular concern, locally, with our summers yielding increasingly-worse forest fire seasons.) So, from an I.T. perspective, things to consider here definitely include off-site back-ups, as well as power and office-space alternatives.

2. Virus/Crypto-attacks

You hear about them all the time – and you probably see a heap of Spam attempts in your inbox everyday. The internet is a disease-infested stew of malicious pirates on a mission to plunder your ship of its spoils. Attacks are daily (in fact, businesses are targeted approximately every 14 seconds, resulting in a new ransomware victim every 40 seconds!) and is estimated to cost companies somewhere in the region of $11 billion, this year alone. If any of your technology is somehow connected to the world outside your office, you need protection AND data back-ups!

3. Malicious Employees

So, you may work hard to protect against those external attacks, but what about internal ones? It just takes one disgruntled (probably soon-to-be-ex) employee to do all sorts of damage. That damage can be anything, from simply downloading software for personal use (and compromising your legal license agreements) to a full-on data breach with intent to sell to a competitor. Do you have the steps in place to protect your company finances and data? It may be time to look at access policies and your exit procedures for leaving employees.

aroma-black-coffee-caffeine-327120.jpg

4. Accidental Employee Damage

As much as a person may really love their job, and really work hard, they are still human. Humans make mistakes. It could be a spilled coffee, a cleaner unplugging a server, or an innocent click on an emailed resume (coincidentally sent during a recruitment drive) that turned out to actually be a ransomware Trojan virus. The magic words here are back-up, back-up, back-up… oh and good education!

5. Equipment Failure

No matter how good your I.T. crew is, there will come a time when a piece of equipment dies. It can be a tiny little component that wasn’t quite fitted right during the manufacturing process, or something as common and simple as an old-age issue. Regular maintenance and monitoring will help, but back-ups are key, as well as understanding the expected lifespan of your equipment and budgeting for replacements before you reach those dates.

Hopefully, you will never need your disaster plan. But, like home insurance, it is very wise to have it, just in case. If you do not have a good (up-to-date!) IT Disaster Plan in place and would like help, you can give our team of tech experts a call at 778-771-0184 or email help@wildfrogsystems.com. We will happily send one of our knowledgeable tech support consultants to give your business a disaster health check-up, and advise you on the best options to have a water-tight plan in place.

What are Password Managers and Why You Need One! | Fraser Valley Tech Consultants

login screen mockup-3.JPG

Passwords, passwords, passwords. They are everywhere! With more and more software and platforms transferring to the ease and expanse of the cloud, the number of passwords we need on a daily basis has increased exponentially in the last few years.

Now, if you are following the golden rules of passwords (as you should be!), you should..

  • Never use the same password twice.

  • Use a password at least 8-12 characters long.

  • Use a mix of letters, numbers, uppercase/lowercase and symbols.

  • Do not store the password in your browsers or somewhere obvious like a sticky note.

This is where the average (busy!) human brain can run into some trouble. Bearing in mind that virtually everything we do requires a password – banking, office suite, social media, email, online shopping and so on - AND with the need for every single password to be unique, unpredictable and complicated, keeping track of them can be a bind for even the best memorising geniuses.

This is where having a password manager can be a lifesaver. Then you only need to remember 1 complicated password!

1 password to keep them all? That doesn’t sound safe!

Well, these programs are all about security, so they have to be! They employ techniques like multifactor authentication (meaning you need a password and a random code that it sends to a device of yours when logging in), and all data is encrypted at a local level.

So, what are your options?

There are a number of password managers out there, and you need to pick the one that best suits your needs and budget, but here are a few to get you going…

LASTPASS

LastPass is a great manager and has a number of package options for both business and personal clients, starting with a free version. It works on multiple devices, multiple browsers and has a variety of features such as strong password generators, digital file storage and auto form completing for online shopping.

KEEPER

Keeper is another leading password storage solution. Offers a wide variety of tailored package & feature options for personal (starting at $2.50/mo), family, business (starting at $2.50 per user/mo) or enterprise use. Again, works on multiple browsers and platforms.

DASHLANE

Dashlane also offers a free (but limited) version, as well as more feature-laden packages for business or personal use. This manager also comes with VPN protection and alerts you when a site’s security has been reported as compromised.

1PASSWORD

Popular manager, 1Password, has been protecting passwords for 13 years. No free version, but multiple options again, starting at $2.99/mo for personal or $3.99/mo for teams. Offers applications and extensions across a broad range of platforms and devices, with the usual menu of features on offer, plus a “watchtower” which keeps track of breaches and security issues.

Photo by  bruce mars  from  Pexels

Photo by bruce mars from Pexels

There are more password managers out there, but this is a list of the most popular to start you shopping around. With companies and websites reporting data breaches every single day, the important thing is to get your passwords protected as soon as you can, as best you can… and this step will take you a long way towards a better night’s sleep!

Massive New Data Breach Found! | Chilliwack IT Support Professionals

Troy Hunt, the man behind the popular data breach website, Have I Been Pwned, has recently reported a huge new collection of user data has been found on one of the hacking forums. Now, when I say huge, I mean massive… enormous… gigantic… colossus… well, I think you are probably getting the picture. So, exactly how big was it? This data breach contained 2.7 BILLION records, from over 770 MILLION compromised accounts!

IMG_0625-300x197.jpg

The breach is the largest single one ever to have been loaded onto the Have I Been Pwned website and contains a staggering 21+ million unique stolen passwords. The exact origins of where the data was taken from is a little harder to pinpoint, but experts believe that most are from a collection of older websites and breaches. So, if you are the smart sort of person, who regularly updates their passwords and uses lots of different ones, you shouldn’t be too concerned. However, it will still be a good idea to head to the Have I Been Pwned website and enter your email address. If it tells you that your address has been found in any data breach, it will list them for you. (So, you can then go to these sites, if you do still use them, and change your details.) This huge breach, mentioned above, will be named Collection #1.

Of course, as long as there are hackers, data breaches will continue to happen. The best way to protect yourself is follow these tips:

random-password-generator-300x230.png
  1. Use unobvious complicated passwords. The best ones are the ones made by random password generators. (Even some browsers like Chrome have these built in). Make them at least 8-12 characters, with a mix of letters, numbers and symbols.

  2. Use a different password for every place you need one! Sounds scary for anyone who can’t remember what they had for breakfast… but tip #3 will come to your rescue on this one.

  3. Keep your passwords somewhere safe like a digital password manager (LastPass, Sticky Password, Dashlane, 1Password etc). If you are “old school”, even a notebook works! (Hey, if your house or office ever gets broken, chances are that they will be skipping out with your TV or laptop and won’t give a scrappy notebook a second glance!)

  4. Update your passwords regularly. They say passwords are like underwear… keep them out of sight and change them often!