Blog

May 17th, 2016

2016May17_Security_AImageMagick, one of the internet’s most widely used image processing services, is susceptible to attacks that may put your site at a huge risk of exploitation, according to recent reports. The discovery of this vulnerability means attackers could potentially steal your site’s data, or corrupt it entirely. Let’s take a look at what your SMB should be doing to protect itself from this security flaw.

What is ImageMagick?

ImageMagick is a tool that allows sites to easily crop, resize, and store images uploaded by third parties. Vendors continue to improve user interfaces and experiences by consolidating functions into all-in-one packages, which means administrators are becoming increasingly unaware of what specific services they are actually utilizing. ImageMagick is deeply integrated into countless web services and many webmasters may not even be aware they are using this unsafe software.

How can an image make my site vulnerable?

Recently, it was discovered that images can be uploaded that force ImageMagick into executing commands and permitting attackers to remotely insert harmful code into vulnerable sites. Images are actually made up of complex code that is translated into photos, icons, etc. Different file extensions use what are called “Magic Numbers” to define their file types. Manipulating these numbers allows attackers to exploit a flaw in ImageMagick. The service scans the uploaded file, and attempts to decode the source information whenever it detects the file is not what it claims to be. Scanning that code and attempting to rectify the file misappropriation can then trigger whatever was hidden inside the image and result in remote command of your site.

How should I protect my site?

ImageMagick has admitted knowledge of the security flaw and promised to release a patch very soon. Until then, experts advise implementing multiple workarounds to keep your systems safe. However, if you're not well acquainted with your web server and its code, then it's wise to consult an expert instead of attempting these changes on your own.

For those who are familiar, follow these steps. The first is to temporarily incorporate lines of code that preemptively block attackers from exploiting these holes. Those lines of code, and where to insert them, can be found here.

The next step is double checking that any image files utilizing the ImageMagick service aren’t hiding any harmful information. This can be accomplished by opening an image file with a text editor, and checking for a specific set of letters and numbers at the beginning of the text that define what type it is. The list of these “Magic Numbers” can be found here, and will reveal if an image is hiding its true purpose.

Ideally, administrators will halt all image processing via ImageMagick until a patch is released from the developers.

Data security is one of the most crucial aspects of any SMB, however, keeping up with the constant flow of security exploits and patches can be overwhelming for administrators of any ability level. Why not contact us to learn more about keeping your network secure and protected from exploits like this one?

Published with permission from TechAdvisory.org. Source.

Topic Security
April 28th, 2016

2016Apr28_Security_AKnow thy enemy. When it comes to hackers, most business owners get hung up on the technical and mechanical details of a cyber attack forgetting another important aspect: motive. Why are they attacking people and organizations in the first place? And who are they targeting? By answering these questions you’ll have a better understanding of what resources need the most protection in your business.

Script Kiddies

When it comes to skill level, Script Kiddies are at the bottom of the totem pole and often use scripts or other automated tools they did not write themselves - hence the name. With only an elementary level of technical knowhow, Script Kiddies usually don’t cause much damage...usually. The Script Kiddy virus known as the Love Bug which sent out an email with the subject-line “I LOVE YOU” fooled millions of people, including some in the Pentagon, in the early 2000’s. The virus reportedly caused around 10 billion in lost productivity and digital damage.

So who is a Script Kiddie? Most of the time they’re simply bored youth looking for a thrill or notoriety. Many never evolve into a full-time hacker, and instead just use their skills as a hobby. Oddly enough, many Script Kiddies find a career later on working in the security industry.

Hacktivist

If you’ve heard of Anonymous, LulzSec or AntiSec, then you’re familiar with Hacktivists. These groups are made up of members of varying skill levels, all the way from Script Kiddies to some of the most talented hackers in the world. Their mission is largely politically motivated as they aim to embarrass their targets or disrupt their operations, whether that be a business or government body. Two of the most common ways they attack their target are by stealing sensitive information and exposing it or denial of service (DDoS) where a server is overloaded till it finally crashes.

As a small or medium-sized business owner you are not necessarily immune to Hacktivist disruption. If your business or a company you’re associated/partnered with participates or provides services that can be seen as unethical, such as Ashley Madison (who fell victim of a major Hacktivist attack last year), then you too may be targeted by Hacktivists.

Cyber Criminals

Often talked about in the media and well-known by most SMBs, cyber criminals are after one thing: money. Their targets run the gamut, including everyone from individuals to small businesses to large enterprises and banks. But what do these targets usually have in common? They either have a very valuable resource to steal or their security is easy to exploit...or a combination of both of these. Cyber criminals can attack in a number of ways including using social engineering to trick users into providing sensitive information, infecting an organization/individual with ransomware or another form or malware, or exploiting weaknesses in a network.

Insiders

Perhaps the scariest type of hackers are the ones that lurk within your own organization. Insiders are made up of disgruntled employees, whistleblowers or contractors. Oftentimes their mission is payback; they want to right a wrong they believe a company has perpetrated toward them, so they’ll steal sensitive documents or try to disrupt the organization somehow. Edward Snowden is a prime example of an insider who hacked his own organization - the US government.

Now that you know what motivates your enemy, you’ll hopefully have a bit of an idea as to whether or not you’re a target. To learn more about how to secure your business from these types of hackers, get in touch with our experts today.

Published with permission from TechAdvisory.org. Source.

Topic Security
April 13th, 2016

2016Apr13_Security_ABring your own device (BYOD) strategy is when an employee uses their personal mobile device to work with your company from anywhere. This strategy can bring about many advantages to your business such as increased efficiency and convenience. However, this can also bring a number of security risks for your IT infrastructure and data. If you’re thinking of incorporating BYOD in your office, consider some of the risks involved before making a decision.

Data leakage

The biggest reason why businesses are weary of implementing a BYOD strategy is because it can potentially leave the company’s system vulnerable to data breaches. Personal devices are not part of your business’s IT infrastructure, which means that these devices are not protected by company firewalls and systems. There is also a chance that an employee will take work with them, where they are not using the same encrypted servers that your company is using, leaving your system vulnerable to inherent security risks.

Lost devices

Another risk your company has to deal with, is the possibility of your employees losing their personal devices. When devices with sensitive business information are lost, there is a chance that this could end up falling into the wrong hands. Additionally, if an employee forgets to use a four digit PIN code to lock their smartphone or tablet, anyone can gain unauthorized access to valuable company data stored on that particular device. Therefore, your company should consider countermeasures for lost devices like completely wiping the device of information as soon as an employee reports a missing or stolen phone.

Hackers can infiltrate your system

Personal devices tend to lack adequate data encryption to keep people from snooping. This along with the fact that your employees might not have updated their devices can allow hackers to infiltrate your IT infrastructure.

Connecting to open Wifi spots makes your company more susceptible to hackers. Open wireless points in public places can put device owners at risk because there is a chance that hackers may have created that hotspot to trick people into connecting. Once the device owner has connected, attackers can simply surveil web activity and gain access to your company’s accounts.

Vulnerable to malware

Viruses are also a big problem when implementing BYOD strategies into your business. Using personal devices means your employees can access whatever sites or download any mobile apps that your business would normally restrict to protect your system.

Jailbreaking or rooting a device also puts your systems at risk because it removes limitations imposed by the manufacturer to keep the mobile software updated and protected against external threats. It’s best to understand that as your employees have the freedom to choose whatever device they want to work with, the process of keeping track of vulnerabilities and updates is considerably harder. So if you’re thinking about implementing BYOD strategies to your business, prepare your IT department for an array of potential malware attacks on different devices.

So you might be thinking that it would probably be best to just avoid implementing a BYOD strategy in the first place. However, BYOD will help your business grow and adapt to the modern workplace, and should not be dismissed as a legitimate IT solution. It’s just important to educate your company about these risks so that problems won’t occur for your business down the line.

If you need some help implementing IT security solutions for your company, or if you have any concerns regarding IT, give us a call.

Published with permission from TechAdvisory.org. Source.

Topic Security
March 29th, 2016

2016Mar29_Security_AYour computer has been acting up a lot lately. It keeps crashing, it’s slow and, to top it off, you keep getting pop-ups you don’t want to see. If these problems keep occurring then your computer may have a virus. So is there a way to prevent things like this from happening again? While there are various antivirus solutions you can take, it’s best to know how malware affects your computer first so you can quickly recognize and deal with the problem. These are a few ways to find out if your computer has a virus before it’s too late.

Slow computer

The most common symptom of a malware infection is a slow running computer. Are your operating systems and programs taking a while to start up? Is your data bandwidth suspiciously slow? If so, your computer may potentially have a virus.

However, before you immediately assume your computer has a virus, you should check if there are other causes to your computer slowing down. Check if you’re running out of RAM. For Windows, open task manager (Ctrl + Shift + Esc) and go to the Performance tab and check how many gigabytes of RAM you are using under the Memory section. For Mac OS users, you can open the Activity Monitor app and under System Memory you should be able to find out your RAM usage.

Other causes of a slow system include a lack of space on your hard drive and damaged hardware. Once you’ve ruled out the other potential causes, then a virus may have infected your device.

Blue screen of death (BSOD)

If your PC crashes regularly, it’s usually either a technical problem with your system or a malware infection. You might not have installed the latest drivers for your device or the programs you’re running could possibly be incompatible with your hardware. If none of these problems are apparent in your PC then the virus could be conflicting with other programs causing your crashes. To check what caused your last BSOD go to Control Panel> System and Security> Administrative Tools> Event Viewer and select Windows Logs. Those marked with an “error” are your recorded crashes. For troubleshooting solutions, consult forums or your IT department to figure out what to do next.

Programs opening and closing automatically

Malware can also be present when your programs are opening and closing automatically. However, do check if some programs are meant to behave this way or if they are simply incompatible to run with your hardware first before coming to the conclusion that your computer has a virus.

Lack of storage space

There are several types of malware that can manipulate the files saved on your computer. Most tend to fill up your hard drive with suspicious files. If you find any unknown programs that you have never installed before, don’t open the application, search up the program’s name over the Internet and use antivirus protections once you’re certain that it’s malware.

Suspicious modem and hard drive activity

Combined with the other warning signs, if your hard disk is working excessively while no programs are currently running or if you notice that your external modem is always lit then you should scan your computer for viruses.

Pop-ups, websites, toolbars and other unwanted programs

These are irritating signs that your computer has a virus. Pop-ups come from clicking on suspicious pages, answering survey questions to access a website’s service or installing free applications. Don’t click on ads where Jane says she earned $8000 a month staying at home. When you get pop-ups appearing out of the blue, refrain from clicking anywhere on the pop-up page and just close out of the window and use your anti-malware tool immediately.

Equally, free applications allow you to download their service for free but the installation process can be riddled with malware. When you’re installing a program from the Internet it’s easy to just skim over the terms and conditions page and repeatedly press next. This is where they get you. In the process of skipping over certain installation steps, you might have agreed to accepting a new default browser, opening unwanted websites and other programs filled with viruses. Just be cautious the next time you download something for free. It’s best to try avoiding any of these practices when you can in order to protect your computer.

You’re sending out spam

If your friends are telling you that you’ve been offering them suspicious messages and links over social media or email, you might be a victim of spyware. These may be caused from setting weak passwords to your accounts or forgetting to logout of them.

In the end, it’s best to know how malicious software affects your computer so you can take steps to rectify the situation as soon as possible. Regardless of whether or not your system has experienced these symptoms, it’s always smart to perform regular malware scans to ensure your business is safe. To find out more about malware and IT security, contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
March 15th, 2016

2016Mar15_Security_AWhether or not to monitor your employees' computers can be a tricky decision. While part of you may think it’s unethical, you also may question if your staff are spending too much time on non-work related activities, and taking advantage of you in the process. So, should you monitor? Here are some pros and cons of monitoring, and some tips to effectively do it if you decide it’s right for your business.

The case for monitoring

There are a number of reasons why monitoring your employees is a good idea. Doing so can help you:
  • Protect your organization from data theft or harm - because some disgruntled employees may try to steal from you or corrupt your data.
  • Ensure you have a harassment free workplace - because cyber harassment (sexual or otherwise) happens among employees.
  • Ensure staff are complying with policies - not downloading illegal programs or spending time on websites with illegal or hostile content.
  • Provide evidence in case of a lawsuit - heaven forbid this happens, but if an employee participates in illegal activities on your business’s computers, monitoring can provide evidence of it.
The sad fact of the matter is that many businesses who monitor end up discovering that employees are doing things they’re not happy about. Research by Nancy Flynn, the executive director of the ePolicy Institute in Columbus, Ohio, revealed that two thirds of companies monitor their employees, and half of them have fired employees due to their behavior on email and the web.

Cons

Of course there are some potential downsides to monitoring that you should be aware of as well. These include:
  • Productivity loss - monitoring can kill employee morale, and therefore you may see a hit in their productivity if they feel you distrust them.
  • TMI and lawsuits - you’ll likely learn about the personal lives of your employees that you would’ve never known about had you not monitored. You may discover their political or religious views, sexual orientation or medical problems. This could potentially open up your business to privacy or discrimination issues if you or your management team act negatively on this information.

Monitoring guidelines to follow

If you decide to monitor your employees, here are a few tips you should follow.

1. Create written policies

When you decide to monitor, ask yourself, are you doing it for security purposes? Is it to ensure your employees are not wasting large amounts of time on Social media? Whatever the reasons, it’s smart to balance your policies with the expectations of your employees. If you’re too strict with your monitoring, you could create that atmosphere of distrust we mentioned above. So set guidelines for acceptable use of email, social media, web surfing, instant messaging, and downloading software and apps. Also, in your policy, include how monitoring will be carried out and how data will be secured or destroyed.

2. Tell your employees

It’s important to inform your employees about your monitoring. If they find out you’re doing it without their knowledge, you could create resentment among them or even face legal issues. And just by letting staff know, you may actually see a boost in productivity as it could deter them from wasting time on the web.

When you tell your employees, explain why you’re doing it and the risks your business faces from misuse of digital assets. Reassure them you’re not doing it to spy on their personal life, but only attempting to create a compliant and law abiding workplace. Because their activities will now be less private, encourage your staff to keep their personal communication to their smartphones. Also, provide a copy of your written policy to employees to read over and sign.

3. Get the right technology tools

While there are many technology tools to monitor your employees, bear in mind, you don’t need to follow their every move. In fact, you shouldn’t as it will not only waste your time, but also cause you to find out more information than necessary. So look for technology that will alert you to potential problems, so you can focus on more important things. Lastly, you may also want to consider technology that can block certain content, like porn or hate websites, as employee access to this content could create larger problems.

Whether or not to monitor your employees can be a tricky decision but, if implemented correctly, could benefit your business in making it more secure and even more productive. For more information about security and other IT support tools, get in touch. We’ll make our best effort to help however we can.

Published with permission from TechAdvisory.org. Source.

Topic Security
February 29th, 2016

2015Feb29_Security_AThe financial services industry has long been a heavily targeted sector by cyber criminals. The number of attacks that involved extortion, social-engineering and credential-stealing malware surged in 2015. This means that these institutions should strive to familiarize themselves with the threats and the agents behind them. Here are 7 new threats and tactics, techniques and procedures (TTP’s) that security professionals should know about.

Extortion

The cyber criminal Armada Collective gained notoriety for being the first to utilize distributed denial-of-service (DDoS) attacks. This occurs when multiple systems flood a targeted system to temporarily or completely disrupt service. They evolved the idea further and started to extort Bitcoins from victims who were initially notified of their vulnerability. If they didn’t comply with the ransom demands of the criminals, they would flood their systems until the victim's network would shut down completely.

Social media attacks

This involved criminals using fake profiles to gather information for social engineering purposes. Fortunately, both Facebook and Twitter began to proactively monitoring for suspicious activity and started notifying users if they had been targeted by the end of 2015. However, you should still have your guard up when someone you don’t know, or even a friend or colleague, starts asking you suspicious questions.

Spear phishing

Phishers thrive off familiarity. They send out emails that seem to come from a business or someone that you know asking for credit card/bank account numbers. In 2015, phishers went to the next level and began whaling. This normally involved spoofing executives’ emails (often CEO’s) to dupe the finance departments to transfer large sums of money to fraudulent accounts.

Point-of-sale malware

POS malware is written to steal customer payment (especially credit card) data from retail checkout systems. They are a type of memory scraper that operates by instantly detecting unencrypted type 2 credit card data and is then sent to the attacker’s computer to be sold on underground sites.

ATM malware

GreenDispenser is an ATM-specific malware that infects ATM’s and allows criminals to extract large sums of money while avoiding detection. Recently reverse ATM attacks have also emerged, this is when compromised POS terminals and money mules to reverse transactions after money being withdrawn or sent to another bank account.

Credential theft

Dridex, a well known credential-stealing software, is a multifunctional malware package that leverages obfuscated macros in Microsoft Office and extensible markup language files to infect systems. The goal is to infect computers, steal credentials, and obtain money from victims’ bank accounts. It operates primarily as a banking Trojan where it is generally distributed through phishing email messages.

Other sophisticated threats

Various TTP’s can be combined to extracted data on a bigger scale. Targeting multiple geographies and sectors at once, this method normally involves an organized crime syndicate or someone with a highly sophisticated setup. For example, the group Carbanak primarily targeted financial institutions by infiltrating internal networks and installing software that would drain ATM’s of cash.

The creation of defensive measures requires extensive knowledge of the lurking threats and our team of experts is up-to-date on the latest security information. If you have any questions, feel free to contact us to find out more about TTP’s and other weapons in the hacker’s toolbox.

Published with permission from TechAdvisory.org. Source.

Topic Security
October 26th, 2015

164_A_SecWhile small businesses lack the big budgets of their enterprise counterparts, that doesn’t make security any less of an issue for SMBs. In fact, small and medium businesses are more and more often the target of cyber criminals precisely because they generally have fewer security measures in place. So to ensure your business has enough security to stay protected, here are a number of rules every SMB should follow to keep themselves secure.

Recognize where your most critical data lies

Is it in the cloud? Hard drives? Backup disks? Mobile devices? Whether or not you have the budget and resources to adequately secure all of your data, the critical data that your business relies on must be sufficiently secure. If you’re unsure of what that is, ask yourself which data you would need to access within 24 hours of your business suffering a major disaster, in order to ensure your operations remained up and running. Once you’ve answered this question, talk with your IT managers to determine the security measures that need to be implemented to protect your most vital data.

Learn the basics

After you’ve bulletproofed your critical data, it’s time to arm your network with the basics. If you haven’t already done so, ensure that you have anti-malware protection on servers and endpoints, and firewalls for both wireless and wired access points.

If you have the budget, it’s worth seeking outside counsel from an IT expert fluent in today’s security best practices. They’ll ensure your business is protected from the latest cyber threats. However, if you don’t have the budget, then it’s time to take matters into your own hands. Read up on security trends, join technology networking groups, and ask your fellow business owners about their own IT security policies.

Cash a reality check

Bad things happen to nice people. Tornadoes, fires, thieves, and faulty technology couldn’t care less about how your business donates to local charities and supports your community’s youth sports clubs. What’s more, hundreds of small businesses across the country suffer severe data loss each year. Ignorance and turning a blind eye will not protect you, so make a wise decision and automate your data to be backed up daily. This allows your business to remain in operation if you’re hit by a security breach.

Dispose of old technology properly

Whether it’s a computer, server or tablet, any device that stores data on it must be properly disposed of when it conks out. Specifically, the hard disk must be destroyed completely. And remember, proper data disposal is not only limited to technology, as critical information is also revealed on paper files. So if you’re migrating the content of physical documents to the cloud, make sure to shred the paper versions too.

Mind your mobiles

The mobile age is here, and along with it come employees who may access your business’s critical information via their smartphones, tablets and other mobile devices. Recognize that many of these devices have different operating systems that require varying security measures. You and your IT manager should be aware of this, which leads to our last point...

Think policy

Have a policy for all your company’s devices. If you don’t inform your employees they shouldn’t access company information via their phones or tablets, then they’ll likely assume it’s okay to do so. But thinking policy doesn’t pertain only to mobiles. You should also determine acceptable online behavior for your employees, as well as how data should be shared and restricted. Put this in writing, and then have your employees read and sign it.

Of course, it’s not always wise to be overly restrictive. Rather the point is to have policies in place and make everyone in your organization aware of them because if you don’t each staff member will make up their own rules.

Are you concerned your business’s security isn’t up to par? Need the guidance of a seasoned IT provider who specializes in security? Talk to us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
October 7th, 2015

Security_Oct2_AVulnerabilities in the web-based version of popular instant messaging app WhatsApp recently left up to 200 million users exposed to hackers and malware. The bug was picked up by an Israeli IT security firm, and WhatsApp put a fix in place before news of the potential threat spread. Nevertheless, it highlights the need to remain vigilant when using apps like WhatsApp, whether for business reasons or in a personal setting. Here’s what you need to know about the security incident and how to protect yourself going forward.

The web-based version of the WhatsApp app was only launched a few months back, initially for WhatsApp accounts on Android and Windows Phone devices and later for those on iPhones, but has already grown in popularity. The recent security vulnerability related to vCards, electronic business cards shared by WhatsApp users, and effectively amounted to a kind of phishing.

An error in the WhatsApp web client meant that less-than-innocuous vCard business cards created by hackers were not properly filtered out by the app. As a result, these phishing-style cards made it through to users who, if they clicked them, were at risk of the cards converting themselves to more harmful executable scripts once downloaded - and potentially accessing and playing foul with users’ personal data. There are even reports of a ransomware approach being taken by hackers in this case, with attempts being made to extort cash from WhatsApp users in exchange for restored access to their infected devices and hijacked data.

WhatsApp put a fix in place, by releasing an updated version of the app, prior to making public news of the security vulnerability. It’s worth making sure you have the latest version of WhatsApp installed on your phone, if you haven’t checked recently - WhatsApp’s phone and web versions are linked to one another, so ensuring you are up-to-date on your phone is the way to ensure you’re safe when using the web client too. The patch is also available directly through the web client, though this won’t update your phone’s version of the app at the same time.

The whole affair also serves as a timely reminder that it pays to be vigilant when it comes to using WhatsApp and other instant messaging platforms - including email. Avoid opening links or downloading files that you’re not expecting to receive, and proceed with caution even if you were anticipating them. It’s better to double check with the sender that they’re consciously passing a file to you, and that they’re fully aware of its contents, than to wait until your device has been infected and damage has potentially been inflicted on your vital data.

Want to learn how to keep your devices safe from phishing attempts and other potential security vulnerabilities? Give us a call and let us equip you with tamperproof solutions.

Published with permission from TechAdvisory.org. Source.

Topic Security
August 31st, 2015

You’re probably all too aware of the Ashley Madison hack by now. Maybe you are closely following the names and people involved, perhaps you don’t care or most likely you are somewhere in the middle. No matter where you find yourself standing on this issue, it should be used as a valuable learning tool for your company’s security. Here are three lessons your business can take away from the scandal.

1. Make sure your company’s security data is actually secure

You probably tell clients their information is secure, but just about every company makes that claim. One of the biggest mistakes made by Ashley Madison was the failure to know if its data was truly secure. The company publically lauded its security, but it now seems like those claims were rather hollow. In fact, it appears as if no one at Ashley Madison knew a whole lot about its security practices until it was too late.

Don’t simply pass off your business’s security to the IT department. Being involved will allow you to see how it works. You don’t need to be a tech expert to understand how your data is being secured. Your security provider, whether it be in-house or via a managed services provider, should be able to explain security practices in layman’s terms. This will allow you to ask questions and be proactive because chances are if you see a weakness, others will notice it as well.

2. Beware of your employees and their email and Internet activities

Another takeaway from this scandal was the fact many employees, both from private companies and government offices, were using business email accounts to sign-up for Ashley Madison and office Internet connections to access the site. Putting the ethical questions aside for a moment, public sentiment is undoubtedly negative and companies with employees who used Ashley Madison at work have been exposed to the scandal’s backlash.

By placing the appropriate email and Internet security solutions in place at your business, you can reduce the amount of risk your company is exposed to by employees. No one really wants to put restrictions on their employees’ Internet and email access, but it is important to be smart. Being connected to scandals like this can bring unwanted publicity to your business. Worst of all, your employees might not even realize they are putting your company in harm’s way when they access this type of content at work.

3. Be prepared for data loss

As the Ashley Madison case has shown us, massive data theft or loss can be the end of your business. When clients trust your business with their data, they are confident in your ability to protect it. Of course, things do happen and if your data does go missing, it’s important to have a plan of action ready. While it’s unlikely your company’s data breach is unlikely to garner the attention of Ashley Madison, it means a whole lot more to you, your company and your employees. Just because your company isn’t big doesn’t mean it’s invincible.

A disaster recovery plan can help your company ensure it has backups and even backups of your backups. If you believe your data has been stolen by hackers, it is important to act immediately. You’ll need to quickly assess what information has been stolen and inform the appropriate parties so they can take the necessary steps to protect themselves. From there, you will want to re-secure your company closing any security loopholes that have been found. Finally, access your backups and make sure your business continues to operate as close to normal during the crisis.

Worried about your security? We can show you how to protect yourself. Contact us today for more information on how to keep your company safe.

Published with permission from TechAdvisory.org. Source.

Topic Security
July 22nd, 2015

164_Sec_AOver the decades of the internet’s existence, cyber threats have evolved at a rapid pace. When once there were only viruses and malware to watch out for, now you have to protect your business from worms, trojans, ransomware and dozens of other online threats. But what’s the difference between all of them? Let's take a look. Here are four of today’s most common cyber threats and the tips you need to protect your business from them.

Malware

Malware is the short version of the word malicious software. And this is a general term that encompasses many types of online threats including spyware, viruses, worms, trojans, adware, ransomware and more. Though you likely already know this, the purpose of malware is to specifically infect and harm your computer and potentially steal your information.

But how do the different types of malware differ from one another? How can you protect your business from them? Let’s take a look at four of the most common forms of malware below.

Virus - like a virus that can infect a person, a computer virus is a contagious piece of code that infects software and then spreads from file to file on a system. When infected software or files are shared between computers, the virus then spreads to the new host.

The best way to protect yourself from viruses is with a reliable antivirus program that is kept updated. Additionally, you should be wary of any executable files you receive because viruses often come packaged in this form. For example, if you’re sent a video file, be aware that if the name includes an “exe” extension like .mov.exe, you’re almost certainly dealing with a virus.

Spyware - just like a spy, a hacker uses spyware to track your internet activities and steal your information without you being aware of it. What kind of information is likely to be stolen by Spyware? Credit card numbers and passwords are two common targets.

And if stealing your information isn’t bad enough, Spyware is also known to cause PC slowdown, especially when there is more than one program running on your system - which is usually the case with a system that’s infected.

A common mistake many people make is they assume their antivirus software automatically protects them from Spyware. This is not always true as some antivirus isn’t designed to catch spyware. If you’re unsure if your antivirus prevents Spyware, get verification from your vendor. And for those that are already suffering from Spyware infestation, two programs that work wonders to clean it out are Malwarebytes and SuperAntiSpyware.

Worms - similar to viruses, worms also replicate themselves and spread when they infect a computer. The difference, however, between a worm and a virus is that a worm doesn’t require the help of a human or host program to spread. Instead, they self-replicate and spread across networks without the guidance of a hacker or a file/program to latch onto.

In addition to a reliable antivirus software, to prevent worms from infecting your system you should ensure your firewall is activated and working properly.

Trojan - like the trojan horse from ancient greek mythology, this type of malware is disguised as a safe program designed to fool users, so that they unwittingly install it on their own system, and later are sabotaged by it. Generally, the hacker uses a trojan to steal both financial and personal information. It can do this by creating a “backdoor” to your computer that allows the hacker to remotely control it.

Similar to the other malware mentioned above, antivirus software is a dependable way to protect yourself against trojans. For further safety, it’s wise to not open up suspicious attachments, and also ensure that your staff members aren't downloading any programs or applications illegally at the office - as this is a favorite place hackers like to hide trojans.

Curious to learn about other common malware that can cause trouble for business owners? Want to upgrade your existing network security system? Give us a call today, we’re sure we can help.

Published with permission from TechAdvisory.org. Source.

Topic Security