Tag Archive for: security

Chrome: From HTTP to HTTPS

, ,

Within the last year, Chrome has helped users understand that HTTP sites are not secure. More websites use HTTPS, a safer protocol, than ever before. So, how can you benefit from this transition? Find out here.

For several years, Google has moved toward a more secure web by strongly advocating that sites adopt the Secure HyperText Transfer Protocol (HTTPS) encryption. And last year, Google began marking some HyperText Transfer Protocol (HTTP) pages as “not secure” to help users comprehend risks of unencrypted websites. Beginning in July 2018 with the release of a Chrome update, Google’s browser will mark all HTTP sites as “not secure.”

Chrome’s move was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and the majority of Chrome traffic is already encrypted.

Here’s how the transition to security has progressed, so far:

  • Over 68% of Chrome traffic on both Android and Windows is now protected
  • Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
  • 81 of the top 100 sites on the web use HTTPS by default

HTTPS: The benefits and difference

What’s the difference between HTTP and HTTPS? With HTTP, information you type into a website is transmitted to the site’s owner with almost zero protection along the journey. Essentially, HTTP can establish basic web connections, but not much else.

When security is a must, HTTPS sends and receives encrypted internet data. This means that it uses a mathematical algorithm to make data unreadable to unauthorized parties.

#1 HTTPS protects a site’s integrity

HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one can tamper with the traffic or spy on what you’re doing.

Without encryption, someone with access to your router or internet service provider (ISP) could intercept (or hack) information sent to websites or inject malware into otherwise legitimate pages.

#2 HTTPS protects the privacy of your users

HTTPS prevents intruders from eavesdropping on communications between websites and their visitors. One common misconception about HTTPS is that only websites that handle sensitive communications need it. In reality, every unprotected HTTP request can reveal information about the behaviors and identities of users.

#3 HTTPS is the future of the web

HTTPS has become much easier to implement thanks to services that automate the conversion process, such as Let’s Encrypt and Google’s Lighthouse program. These tools make it easier for website owners to adopt HTTPS.

Chrome’s new notifications will help users understand that HTTP sites are less secure, and move the web toward a secure HTTPS web by default. HTTPS is easier to adopt than ever before, and it unlocks both performance improvements and powerful new features that aren’t possible with HTTP.

How can small-business owners implement and take advantage of this new interface? Call today for a quick chat with one of our experts to get started.

Published with permission from TechAdvisory.org. Source.

/by

How Cloud Backup Helps Your Business

New threats to businesses’ precious employee and customer data emerge every day, so the only surefire way to protect your files from viruses, theft, and other unforeseeable disasters is to partner with a leading cloud backup provider. With a basic understanding of how cloud backups work, you can set up a plan that is economical and customized to the needs of your business.

How should you go about choosing a cloud backup provider? Let’s take a look:

Learn more about their storage capacity

Before partnering with a cloud backup provider, ask them where they store their data. Many providers use cloud servers over which they have little control, which could be hazardous as it makes it harder to monitor activity and respond to anomalies. To avoid this fate, choose a backup service that operates their own cloud-based servers.

Next, you will have to determine whether your business assets can be backed up, since some cloud storage providers do not have the capacity to save bigger files like videos or other multimedia files. By asking these questions, you can find a cloud backup service that fits your business needs, and more importantly, can take care of all your files.

Get details on their security

It will be important for the cloud backup provider to explain in no uncertain terms how they will store your files. They should be encrypted and stored on multiple servers because redundant storage ensures your data has multiple copies saved online and can be retrieved at will. Even if an uncontrollable disaster befalls your company or the backup provider’s system, you’ll still be safe.

Compare your budget and backup costs

Before considering any cloud backup provider, you need to know how much the service is worth to you. How much money would you lose if your server crashed and all the data it stored was irretrievable? Compare that amount with the cost of a provider’s service, which could be charged by storage tiers, per gigabyte, or on a flat-fee unlimited plan.

When asking about the price of cloud backups, make sure to clarify any service limitations or restrictions. For example, how quickly can your storage capacity be upgraded? Is it possible to run out of storage? These are not things you want to discover in the middle of hurricane season.

Clarify data recovery timelines

Although storage availability is important, how quickly backups can be created and restored is also an essential factor. Ask providers how often backups will be created (e.g., hourly, daily, weekly), and how long it will take to restore them (e.g., hours, days, etc.). If those timelines are too long, it may be time to look for a better provider.

The most important thing is to know your needs before meeting with a potential provider. Let them know your business needs, budget, and recovery timelines. Our solutions and pricing are flexible and customized to your needs so you’re not stuck in a cookie-cutter plan.

Give us a call to find out more about cloud backup service and other dynamic ways to protect your data.

Published with permission from TechAdvisory.org. Source.

/by

What are watering hole attacks?

When talking about cyberattacks, the first one that usually comes to mind is phishing, a scam that uses email to spread malware or steal personal information. But hackers have a new method to infiltrate your systems, and it’s surprisingly effective. Here’s what you need to know about watering hole attacks.

What are watering hole attacks?
Much like phishing, a watering hole attack is used to distribute malware onto victims’ computers. Cybercriminals infect popular websites with malware. If anyone visits the site, their computers will automatically be loaded with malware.

The malware used in these attacks usually collects the target’s personal information and sends it back to the hacker’s server. Sometimes the malware can even give hackers full access to their victims’ computers.

But how does a hacker choose which websites to hack? With internet tracking tools, hackers find out which websites companies and individual users visit the most. They then attempt to find vulnerabilities in those websites and embed them with malicious software.

Any website can fall victim to a watering hole attack. In fact, even high-profile websites like Twitter, Microsoft, Facebook, and Apple were compromised in 2013.

You can protect yourself by following these tips.

Update your software
Watering hole attacks often exploit bugs and vulnerabilities to infiltrate your computer, so by updating your software and browsers regularly, you can significantly reduce the risk of an attack. Make it a habit to check the software developer’s website for any security patches. Or better yet, hire a managed IT services provider to keep your system up to date.

Watch your network closely
To detect watering hole attacks, you must use network security tools. For example, intrusion prevention systems allow you to detect suspicious and malicious network activities. Meanwhile, bandwidth management software will enable you to observe user behavior and detect abnormalities that could indicate an attack, such as large transfers of information or a high number of downloads.

Hide your online activities
Cybercriminals can create more effective watering hole attacks if they compromise websites only you and your employees frequent. As such, you should hide your online activities with a VPN and your browser’s private browsing feature.

At the end of the day, the best protection is staying informed. As cyberthreats continue to evolve, you must always be vigilant and aware of the newest threats. Tune in to our blog to find out about the latest developments in security and to get more tips on how to keep your business safe.

Published with permission from TechAdvisory.org. Source.

/by

Non-financial blockchain solutions

Despite internet connections that deliver information to the other side of the globe in milliseconds, countless industries still rely on slow and inefficient middlemen to complete transactions. From supply chain management to hi-tech contracts, blockchain isn’t just about money, it’s about an entirely new way to do business. Just look at our examples.

What is blockchain?

Blockchain, like the cloud, is more of a concept than a specific piece of software or hardware. It’s the idea that if you store a spreadsheet or ledger on a hundred different computers — each of which receive automatic and encrypted updates — it’s nearly impossible to create a fraudulent entry. If someone adds a line of false information to one spreadsheet, 99 others can confirm it is not in their copy and is therefore inaccurate.

In the Bitcoin ledger, each line represents the transfer of funds from one account to another. So if John wants to transfer money to Jane, he sends a request to Bitcoin’s blockchain and thousands of computers confirm his account information is correct and he has sufficient funds. The money is transferred, both account balances are updated, and the whole process takes less than an hour with almost no human interaction. Much faster than the 5-7 business days of most banks.

There are countless applications for decentralized, real-time record keeping beyond financial transactions, though. And very soon, blockchain won’t be synonymous with Bitcoin.

Blockchain’s potential

Although this technology has been around since the ’90s, it lacked the popularity and computing power necessary to become a mainstream solution…until now. With the rise of cryptocurrencies in 2017, blockchain started seeping into other industries, such as:

  • Law – “Smart contracts” create agreements that automatically execute when their terms are met. For example, an attorney could agree to pay a courier $100 after the delivery of documents to the defendant in a case. The contract and the payment sit in the blockchain until the courier uploads a GPS-tagged photo of services rendered, at which point the money is transferred and the contract archived.
  • Agriculture – Supply chain blockchains can track every ingredient throughout the production process. If several people get sick from the same food item, ingredients could be traced back to their source and products that share the same ingredients could be recalled preemptively.
  • Real estate – Blockchain is being used to automate escrow account transactions, property title transfers, and insurance claims, so they aren’t reliant on slow and error-prone humans. Buying a home could eventually be as easy as finding the one you want, signing a contract, transferring your down payment, and receiving the title — no middleman necessary.

Most blockchain-based solutions are too new to trust with sensitive information. But you can do a few things to get out in front of your competitors. You can work with us to invest in business intelligence software that helps you collect more data, and start experimenting with risk-free blockchain solutions.

As long as you have certified technicians like ours at your disposal, you’ll be sure to see gains in no time — give us a call today!

Published with permission from TechAdvisory.org. Source.

/by

Protect your Facebook data with these 3 steps

Facebook users woke up to a nightmare when they heard that the social media giant and associated app developers were selling their sensitive data to companies, like Cambridge Analytica, without their consent. So if you’re concerned about being one of the 50 million users whose data have already been sold, you should check out the following 3 tips.

Download your Facebook data

The thought of a complete stranger going through your account is pretty disturbing. Yet, you’re probably curious about the amount of information you uploaded to your social media sites over the years. Fortunately, Facebook allows you to download a copy of all your data. You simply have to log in to its web version and…

  • On the site’s main navigation, click on the down button right next to the Quick Help icon
  • A menu will pop up and you’ll find Settings right above the Log Out option
  • Click on Settings and you’ll automatically be redirected to General
  • Within the General page, press Download a copy of your Facebook Data
  • It will redirect you to a different page where you’ll need to press Start My Archive button to proceed with the download process

Once that’s done, you’ll be able to see an archive of all your Facebook activity, such as the statuses you’ve posted, messages you’ve sent, and ads you’ve clicked on.

Change your privacy settings

After going through all your data, you might realize that everything you shared is harmless. But, that doesn’t mean it won’t end up in the hands of cybercriminals who can use it against you.

We suggest going back to the Settings page and clicking on Privacy. That’s where you can modify whether you want your posts to be seen by the public or only by your friends. You can even control who’s allowed to send you friend requests, view your friends list, and most importantly, decide whether search engines are allowed to link to your profile.

Check or delete apps

You know those personality quizzes that you and your friends always had a ball answering? Apparently, Cambridge Analytica gathered all the responses from one of those app developers. Luckily, you can stop them from further accessing your profile. In Settings, click on Apps to see all the apps linked to your profile. Beside each one, you can choose Edit Settings to review its authorizations or click Remove to completely get rid of it.

Your recent love-hate relationship with Facebook has you second-guessing. If you want to take data security up a notch, we can always provide more tips and tools, and even assess your current level of security. Just give us a call and we’ll take care of your privacy so you don’t wind up breaking up with your favorite social media site.

Published with permission from TechAdvisory.org. Source.

/by

Gearing up for phishing scams in tax season

Paying and filing taxes is already annoying without the threat of refund fraud or identity theft. But phishing schemes, especially during tax season, have become so widespread that you’ve probably already received spoofed emails or calls during the last few years. To maintain the security of your business, you and your employees need to be extra cautious with the emails you receive at tax time.

Phishing baits to watch out for

Phishing attacks often consist of fabricated or compromised emails sent to finance/payroll or human resources employees that are made to look like they’re from an executive in your company. The message might contain a request to forward employee records, including their W-2 forms, but that’s not all…

Another common scheme, which doesn’t only happen during tax season, involves getting a call from a person declaring to be an IRS employee. And no, caller IDs won’t save you because they can forge that, too. The phisher will inform you that you owe them cash from back taxes and they will threaten legal action if you don’t pay via credit card at that instant.

Always remember, the IRS will never contact you on the phone to let you know that you owe them money. And they certainly won’t threaten you or demand payment over the phone. If they really need to notify you of such matters, they’ll use the postal service and will give you a chance to discuss payment terms.

Standard protection protocols

Don’t worry, the usual security measures against these phishing scams are pretty easy to integrate into your business. Begin by developing a policy that bans the request of private details through email. If an employee ever requires such info, they should get in touch with the person directly, follow your established protocols for the transfer of sensitive information, and minimize the number of people involved in the transaction.

Taking security a step further

Data loss prevention (DLP) systems are also valuable weapons against these types of phishing attacks. They evaluate traffic going in and out of your company, such as web usage, emails and instant messages, and virtually anything sent on your network. DLP systems can filter out private details, including Social Security numbers, and stop them from being sent out.

But beware, DLP systems come with a minor drawback, as they can also block legitimate traffic, like when your accounting department sends tax info to your CPA. Fortunately, an MSP like us can properly segregate the good and the bad traffic to avoid confusing and/or frustrating your employees.

Phishing schemes may be a normal occurrence during tax season, but that doesn’t mean you can’t do anything about it. Don’t let the vulnerabilities in your business, particularly the human element, fall prey to cybercriminals. Send us a message right away and we’ll conduct an assessment of the security of your business, as well as design a risk management plan to help counter future complications.

Published with permission from TechAdvisory.org. Source.

/by

Quick recoveries with external IT support

Small-business owners with limited financial resources have to manage their office IT on their own. Although this might work for a while, it can grow into a massive problem when the business starts expanding. At that point, you’ll want to focus on that expansion, not repairing tech problems. This is where external IT support comes into play.

Access to new technologies and industry experts

Managed Services Providers (MSPs) are equipped with resources most small businesses can’t afford. They employ teams of experts in fields ranging from cybersecurity to data management to networking — all available for you on an outsourced basis. For example, an MSP provides advanced security software and applications that can help your business avoid the risks of cyberthreat.

They also work with industry tech leaders who provide insights into upcoming hardware and software products in the market. This ensures you receive updated recommendations on the latest technologies so you can use them in your business, and they often come with deals and discounts that you wouldn’t normally have access to.

Knowledge from past breaches

External IT support providers have been helping businesses recover from all kinds of tech disasters since the dawn of hackers. They now have enough knowledge to prepare Data Backup and Disaster Recovery plans for you. This way, you and your team would still be up and running after suffering from an IT emergency without disrupting much of your business operations.

External support providers’ experience with data protection will ensure your systems are monitored around the clock so your security systems are always functioning properly to keep cybercriminals at bay.

Run your business with ease

You don’t specialize in technology, so you don’t have the skill or the experience in dealing with digital felons. You also know how vulnerable your business is online and won’t dare do anything to jeopardize it. That’s why external support is such a great asset — you’ll be able to manage your business without any worries because your external IT provider will keep it protected.

In the end, you also have to be cautious in your search for an external support provider. Conduct your research thoroughly, read through all their testimonial pages, and verify whether their business objectives coincide with yours. To put your mind at ease and to make sure that your business’s technology is in good hands, you can always send us a message and we’ll provide you all the references you need.

Published with permission from TechAdvisory.org. Source.

/by

Equifax finds more users hit by major breach

Everyone thought the worst was over when credit-reporting agency Equifax revealed that the credentials of 145.5 million people in the US were leaked. However, the company recently discovered that there are more victims from the major breach. Here’s everything you need to know.

What happened?
On March 1, Equifax reported that the names and driver’s license numbers of approximately 2.4 million Americans were stolen. According to the company, sensitive information like home addresses, home states, or the license issue and expiration dates were not leaked. Equifax said these breaches were discovered only recently because their forensic investigations primarily focused on stolen Social Security numbers.

In response, the company said that anyone affected would be notified directly. They’re also now offering a security program designed to prevent identity theft and credit tampering. However, given the company’s poor track record, not many are willing to enroll.

When the company first announced the breach in September last year, the tool used to check whether an account had been hacked didn’t work and came up with false positives. Fortunately, there are other things you can do to protect yourself.

Monitor your credit
Consider looking through your credit reports for any suspicious spending. If you spot any new accounts, loans, and other payments you don’t recognize, contact your credit card company to report fraudulent transactions.

Check the dark web
Compromised data is often sold to the highest bidder on the dark web, so most Equifax data can probably be found there. To see whether your personal information has indeed been compromised, sign up for dark web monitoring services. Then consult with a security professional to discuss your options.

Place a credit freeze
One way you can prevent hackers from opening credit cards and making payments in your name is to freeze your credit. When you implement this, anyone masquerading as you will be required to provide a PIN to unfreeze your account. Contact the credit bureaus (Equifax, Experian, TransUnion) to activate this service.

Set fraud alerts
When you set a fraud alert, credit card companies and businesses must verify your identity before opening an account or making any payments. Together with a credit freeze, alerts will make it extremely difficult for hackers to steal your identity.

Learn to identify phishing scams
Because Equifax is notifying data breach victims directly through email, hackers could take this opportunity to send fake messages that direct users to dangerous websites. As such, knowing how to identify phishing scams (suspicious URL links, attachments, and spelling errors) is vital.

Dealing with data breaches is a long and frustrating process, especially for businesses that just want to focus on growing their operations. So if you have any security concerns, call us today. We have the cybersecurity expertise to protect you.

Published with permission from TechAdvisory.org. Source.

/by

Chrome users panic as new scam spreads

During the previous quarter, fake Chrome notifications urging users to dial a tech support number have grown dramatically. Research reveals that this tech support scam could possibly use an Application Programming Interface (API) to freeze the browser, convincing the user to get in touch with the support line and share their credit card details.

The End Game

The scam works by displaying an error message indicating a bogus security breach incident that renders a browser unusable. These scammers capitalize on the fact that a serious crash can’t be solved by simply closing the site, thereby sending the users into a panic. This encourages them to dial the number listed on the warning message.

On the other end of the line, the scammers would pose as Microsoft or Apple representatives to convince users into surrendering their credit card details to repair a non-existing security issue. The scams are generally carried out through legitimate sites or malicious ads that have been hacked.

The Ingenious Process

This new scam operates against Chrome by corrupting the window.navigator.msSaveOrOpenBlob programming interface, which basically uses it as a form of distraction. The hackers manipulate the browser and forces it to save a random document on a disk repeatedly at super fast intervals that are impossible to notice. After five to 10 seconds, Chrome will be completely unresponsive.

The Easy Fix

To recover, Windows users simply have to open Windows Task Manager (press ctrl + shift + esc keys) and stop the process there. On the other hand, macOS users just need to wait until a system message prompts them to close the unresponsive Chrome tab. Typically, the latter is a more appealing option since users would have the freedom to close only the corrupted page. Manually closing the whole browser means possibly losing unsaved files in any open Windows.

When faced with IT-related issues, you need to determine how you can approach them calmly. The threats in the digital world may be terrifying and intimidating, but causing a panic in your workplace isn’t the answer. Call us as soon as any problems arise, and we’ll help you as soon as we can. We can even hook you up with other security measures to beef up your network security.

Published with permission from TechAdvisory.org. Source.

/by