Category Archives: Security

Security

5 safety steps to online shopping

Security_July22_CHave you ever bought something online? There is something compelling about browsing an online store, filling a virtual cart, checking-out and having it arrive on your doorstep a few days later. E-commerce is quickly becoming one of the most popular forms of shopping, but like everything else on the Internet, there are security issues you could run into.

Below are five ways to ensure that e-commerce transactions remain secure:

1. Watch what you share
Many security experts continually want about this for social media usage, but it is also relevant to e-commerce. Often, when you make an online purchase you will be asked to provide some personal information. This might include your shipping and billing address, birthday, etc. Did you know that many sites will often ask for more information than they really need to complete the order?

The reason companies ask for this additional information is often so they can get to know you better, and provide more relatable, targeted product recommendations. Some dubious sites may ask you for this information and later sell it to a third party. When purchasing online, you should be aware of what information that is required – usually indicated by an asterisk – and what isn’t. In order to remain as secure as possible, only share information that is absolutely necessary.

Beyond that, if you are planning to link a digital wallet to your mobile phone, you should be careful who you share or lend your phone to. These services are set to take off in a big way, and there has already been instances of people with digital wallets being duped by strangers asking to borrow their phones in order to find their wallet. It is a good idea to restrict wallet access and not store any valuable information on your phone’s hard drive. Instead, store it on a password protected cloud storage site.

2. Watch how you connect
People are using their phones, tablets and laptops for online shopping in an ever increasing number. This is largely because the devices are convenient and portable – you can shop from wherever you may be. But, what many people fail to realize is that they are connecting to public Wi-Fi if they are on the go. Sure, it is cool to be able to buy your groceries on Amazon from the coffee shop at lunch, but if you have connected to public Wi-Fi, your information is likely wide-open – anyone with the right tools can access it.

You need to be careful when you shop. Don’t enter any valuable or important information like passwords and credit card numbers while connected to public Wi-Fi. If your mobile device has a data plan, switch to that instead. Or, wait until you are connected to a secure network.

3. Verify all sites
When you are shopping online you should verify that the site is in fact legitimate. The easiest way to do this is to take a look at your browser’s URL bar, and more specifically the website’s address. You are looking for it to start with, https://. What this indicates is that the website has been authenticated as being legitimate. Most websites like Amazon, Google, Apple, Facebook, etc. all have https protocols. If you don’t see this in the address, you may be looking at a fake website.

If you are unsure, try entering https:// before the Web address and hitting Enter. You should also take note of this URL when you are checking-out, because if there is no https://, the site may be sending unsecure information and if that information is your credit card number then you really don’t want that to be the case.

If you are shopping from a new website, you should take time to look through the extra information like the About Us and Contact pages. Take note of the address and company names, then search for the company on say Wikipedia or Google, taking care to see if the address is the same. Another trick is to search the various social media services like Facebook and Twitter for accounts related to the website.

4. Don’t pay with your bank account
One of the benefits of e-commerce is that it is easy. Because of this, the number of users buying stuff online is growing exponentially. Banks are aware of this trend and have launched services that allow you to pay for transactions with your debit card. The problem with this is these cards are directly linked to your bank account, often with higher limits than credit cards. It can be incredibly tough to get money back if something happens, largely because as soon as you account has been debited, the money is gone.

Many people who shop online use a credit card. The main reason for this is because most banks and card issuers offer online shopping protection, which makes it easier to get money back should anything untoward happen. The best solution could be to sign up for a credit card that is only used for online purchases, and even linked to a separate bank account. This could minimize your losses should something happen. A debit card for an account that has a limited amount of funds in it at any one time can also be a way to protect your main money pot.

5. Don’t link accounts
For convenience, many online retailers like Amazon, Apple, etc. offer to store your credit card number. It is highly recommended that you don’t allow these sites to store your credit card numbers, especially if you use the same account name or email address as other accounts.

If you get hacked, and the hacker finds that you have say an Amazon account with the same username and password, they will likely go on a shopping spree, which could cost you time and money.

Taking precautions while shopping online is a good idea, and could help mitigate the risk of having your identity or money stolen. If you are looking for more information on how to be safe online, or how to ensure that your company’s online store is secure, please contact us today.

Published with permission from TechAdvisory.org. Source.

Android security flaw uncovered

Security_July08_CThe security of devices used in the office should be a top priority for business owners and managers. It is easy to think that a fully functioning device like a mobile phone is secure, and most of the time it is. The thing to be aware of however, is that there are always hackers looking for security flaws in these products. The latest flaw highlighted happens to be on the Android system.

In early July, mobile security company Bluebox announced that they had discovered a large security flaw in the Android system. The threat centers around a trojan application that can gain access to application data including email addresses, SMS messages, etc, and can get service and account passwords. In other words, it can take over your whole phone.

The way this so-called trojan infects mobile devices is through an app. Hackers have figured out how to tinker with the application’s code, and implement the malware without changing the cryptographic features that are used by Google Play and other online stores to validate and identify apps.

What this means is that the changed app looks legitimate to Google, developers, our phones and us, but it really has malicious code embedded in it, code that could give a hacker full access to your phone. The good news about this is that it can be easily fixed with an update. The bad news about this is that it is up to device manufacturers to actually release the fix. This is because most Android device manufacturers basically own their own version of Android and need to push the update to owners – Google can’t do this. Beyond that, it is up to the device owner to actually update their phone when the fix is released.

If this sounds a little worrying, it should be, especially since this affects every device except for the recently released Samsung S4 Touchwiz. There are things you can do however to minimize the chances of your device being infected by this bug.

  1. Don’t allow your device to install apps from unknown sources - Think of Android apps as coming from two systems: Google Play and not Google Play. Any app that comes from not Google Play (e.g., Amazon app store or various stores not owned by Google) can technically be installed onto your device, as long as you have allowed apps from unknown sources. If you haven’t enabled this on your device, you should be safe. If you have, you should disable this immediately by going to your device’s Settings followed by Security and ensuring Unknown sources is NOT ticked.
  2. Only download apps from the Google Play store - Unlike other mobile platforms, you can download and install apps from almost any location on Android phones. While this may seem like a good idea, many of these external marketplaces don’t validate apps, so this is where you will find most of the apps with malware. Google Play does validate apps and will remove malicious ones if found, so play it safe and only download apps from the store.
  3. Always verify the publisher - Malware does still make it onto Google Play, so you should also look at the publisher of the app. When looking at an individual app, scroll down to the Developer section. There you will usually see a webpage, email address and security/privacy policy. Pay close attention to the name, email address and do a Google search for the developer. If you notice that they use a different email address on the site, or a spelling mistake, you should probably avoid the app.
  4. Look at the app download statistics - Finally, if you are still unsure, you should look for the app on your browser. Just navigate to the Google Play website and search for the app. When you find it, click on it and look at the right-side of the window. You should see ABOUT THIS APP with lots of information below. Pay close attention to the Installs graph. If it is an app from a big-name developer e.g., Google, there should be a high number of installs. If it is say a Google App and the number of installs is low (under 1,000) it would be a good idea to avoid it.
  5. Keep your device updated - If you get a notification to update your device, you should do so immediately, this will ensure that you have the latest bug fixes and could also introduce new, useful features.

If you are careful about what apps you install and take steps to ensure that you only install apps from the Play store, your device should be relatively safe. Google has announced that they have patched their cryptographic features on Google Play, so any new apps going onto Play should be safe from this particular exploit. There is a good chance that they will also correct this issue in a future update to the Android OS (likely 4.3), but older devices may be left out of the loop. So, as we have already told you a few times: Don’t install apps from outside of Google Play, and be sure to follow the tips we talked about above.

Should you require more information about Android in the workplace, please contact us today.

Published with permission from TechAdvisory.org. Source.

NSA data collection exposed

Security_June26_CHong Kong is one of the busiest and freest cities on Earth. It also recently played host to one of the biggest whistleblowers in history – Edward Snowden. In early June, Snowden, an ex NSA (National Security Agency) consultant, exposed their data collection program, causing unparalleled uproar and controversy. For many business operators it also created confusion.

Here is an overview of the story about the US surveillance whistleblowing story of Edward Snowden, with some tips businesses can follow to tighten up cyber security.

The NSA leak
From his hotel in Hong Kong, Edward Snowden sat down with journalists from the Washington Post and The Guardian to disclose that the National Security Agency (NSA) and the FBI have unprecedented access to personal information and data on the Internet. This program, called PRISM, supposedly monitors all foreign communication that passes through US servers.

The reports in the Post and Guardian noted that Microsoft; Yahoo; Google; Facebook; PalTalk; AOL; Skype; YouTube; and Apple, are all participants in this program and had provided the NSA with direct access to their data. After the articles broke, the nine tech companies denied ever willingly giving information to the NSA, but noted they likely would, or had, handed over information if ordered by the courts.

You may wonder why this is such a big deal, especially when the NSA has said they only target foreign traffic. Well, the answer is muddy, at best, but the vast majority of the traffic on the Internet passes through the US. What was most unsettling was the revelation about what data the NSA collects. According to the Washington Post, this includes, “audio and video chats, photographs, e-mails, documents, and connection logs… [Skype] can be monitored for audio when one end of the call is a conventional telephone, and for any combination of audio, video, chat, and file transfers, when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries and live surveillance of search terms.”

Netizens, and many news agencies, were understandably furious because this covers pretty much everything. A report published by the Associated Press confirmed that: “The NSA copies Internet traffic as it enters and leaves the United States, then routes it to the NSA for analysis.” Traffic from within the US, on the other hand, is largely left alone, but it may be connected if the NSA can prove, (with 51% surety), that one of the recipients of the traffic is foreign (not based in the US).

If you are interested in learning more this article in Business Insider covers the highlights of what is going on, or what we know to date.

What about small businesses?
So what can we deduce from this? The NSA primarily targets information flowing through the major tech companies. If you do business with companies outside of the USA, you might assume that the NSA has seen some correspondence, especially if it has contained keywords they have identified and are looking for.

Regardless of this, you should still take steps to ensure that your systems are secure, as you can bet that a number of enterprising criminals will try to cash in on this issue with scams, hacks or other malicious intent.

Here are three things you can do to shore up your cyber security:

  1. Create a security policy - As a business owner or manager, you should take steps to educate yourself about current cyber crime, while having a policy in place that covers how employees access data, what access they have, and what will happen if data is stolen. If you are unsure how to go about this, try contacting your IT Partner, like us. We will be able to help you develop a sound security plan and policy.
  2. Use strong passwords - We’ve said it before, and we will say it again: Stronger passwords help deter hackers. Most experts recommend a password that is at least eight characters long, with a minimum of one number and special character. Also, it is a smart idea to not use the same password for every account.
  3. Use data encryption - If you are protective about your data, it is a good idea to encrypt it both while it’s being stored and when it’s being sent over the Internet. Encryption systems convert data and files into an unreadable format that takes time to hack. Many hackers will simply leave strongly encrypted files alone. There are numerous services out there, so be sure to talk with us, as we may have the best option for you.

This headline making leak is definitely huge and has many people worried as to what could possibly happen to private data. Be sure to stay tuned to the newspapers and blogs as the leak to keep updated as the fallout from this could be huge. If you would like to talk about the security of your systems, please contact us today.

Published with permission from TechAdvisory.org. Source.

Five low cost security tips

Security_June12_CA common misconception among many business owners and managers is that managing the security of their systems and computers is a time-consuming and costly endeavor. While it certainly can be expensive, how much you spend really depends on the type of security you want and need. In fact, there are security steps you can take that won’t cost you much in the way of time or money.

Here are five low-cost things you can do to ensure that your business is secure.

1. Communication is key
Many companies take adequate steps to ensure that their systems are adequately protected. The thing is, many security breaches come from within the company. If your employees keep passwords written on pieces of paper that they leave lying around their desks, this is a security issue. It is a good idea to agree with employees where to keep important information and ensure they follow these rules.

Beyond that, if you implement security changes or new systems e.g., new virus scanning software, it is important that you talk to your staff to ensure they know how the system works and how they can use it. You would be surprised at how much effective communication can help to minimize security issues, and best of all? It’s free!

2. Educate your staff
One of the more common security issues comes from spam and malware found in emails. It is a good idea to educate your staff on how to spot these different types of emails and other malicious websites, as well as how to avoid them.

It is worthwhile ensuring that your employees know their roles when it comes to security too. If you have a secretary who you believe is responsible for ensuring the office is locked at the end of the night, take steps to ensure that this person understands their responsibilities. The same goes for computers your staff use: If they are responsible for conducting security scans let them know this. While this may take some time, the cost is low to free.

3. Keep track of your keys
To ensure the security of your IT systems and your physical office, you should keep control of your keys. That is, both the physical keys and those associated with your software (the codes you enter to verify software and unlock full versions).

Keep track of which staff members have a key to the office and if possible number them. The goal here is to know where your keys are at any given time, and if a staff member changes employers make sure you ask for them back.

Many software keys or licenses are single use only. If you invest in software and an employees steals this along with the key, you will likely have to purchase the software again. A good tip is to keep software keys secure and separate from the software itself. The best part about this step is that the cost of doing this is minimal.

4. Keep your software updated
Hackers can be a lazy bunch. They will often target those with out of date software, because it’s usually easier to hack. To reduce the chance of being hacked, you should take steps to ensure that your software is up-to-date. This includes your virus and malware scanners, as well as browsers and even software you don’t use.

Get your staff to perform a ‘software audit’ on their computers on a regular basis. This means going through their computer and properly uninstalling software that they don’t use, while also taking time to ensure their system is completely updated. This step is easy to implement and will cost you next to nothing.

5. Keep important systems off site
Many small to medium businesses keep their servers on site. While this is convenient as your systems are right there and easily accessible, this could also create a security issue. One way to minimize this is to work with an IT partner who can host your systems or servers off site or in the cloud. While this involves some cost, working with an IT partner could save you profits and productivity in the long run, as good providers will ensure that your systems are secure and working properly.

If you are looking to make your systems more secure, please contact us today. We may have a solution that will work for your business.

Published with permission from TechAdvisory.org. Source.

Four password management systems

Security_May29_CThe password is the main way we identify ourselves online. We need these to access nearly every account and service we use. Hackers know this and often target this area. One way to minimize the chance of your accounts being hacked is by using different passwords for every account. However, the issue is that remembering them all isn’t always easy. A password management system can help, but what type of system is the best?

Below is a brief overview of the four types of password management system you can use.

1. Cloud or Internet-based
These systems are usually cloud based and accessed through an app or browser plugin. Apps ordinarily store your passwords, or generate one to use, and will automatically apply this when you visit a site that requires a password. These systems are great for breaking the one password habit, However, because they store all of your passwords in one place, they could become a target for hackers.

2. Cloud or Internet-based with two-factor authentication
The next step up from the cloud-based password management system is one that supports two-factor authentication. Your passwords are still stored in the cloud, but you will need to provide another piece of information before you can access sites.

The interesting thing is that many of the cloud based password systems actually offer this in their premium offerings. So, not only do you get better password protection, but it’s with the same system meaning you likely won’t have to switch.

The cloud based systems are a good idea if you use more than one system on a regular basis and if you work from outside of the office.

3. Computer-based
Computer-based password management systems are similar to the cloud versions, only the passwords are stored on your computer, and accessed using a master password. Because many hackers usually don’t go after individual hard drives – they have to get through your network and then find the program and try to break the password – the chances of your passwords being exposed are minimized.

The only problem with systems like these is that you normally have to log in for the service to work. If you forget to log out and someone walks by, they will be able to access everything. However, for the manager who wants a secure system, this is a better option than the cloud based versions.

4. USB-based
There are a number of USB devices that have a smart card in them that can store passwords. When you plug in the USB to your computer, the software on the USB can input the stored passwords when needed. These devices are typically more expensive, with some costing as much as USD$100, but they offer the highest amount of security as your passwords are kept with you.

The main downside to these devices is that they aren’t the biggest and are usually about the size of a standard USB stick. This means that they are easier to lose, making getting your passwords back even tougher.

If you are looking for a better way to keep track of your passwords, please contact us today to see how we can help.

Published with permission from TechAdvisory.org. Source.

LivingSocial: 50 million accounts hacked

Security_May15_CThe Internet, still in its early phases, is seeing a dramatic increase in the number of users. Unfortunately, this growth has also seen an increase in the number of cyber criminals and attacks against websites. The latest major attack was perpetrated against LivingSocial. If you have an account with this website, you may want to pay attention.

LivingSocial is a daily deals website that focuses on bringing bargains and original deals to users based on their geographical location. In late April, news broke that the website had suffered a massive cyber attack with 50 million accounts being compromised.

From the reports we have seen, the attack targeted accounts world-wide with only account holders in Thailand, Indonesia, South Korea and the Philippines being unaffected. An email sent out by Tim O’Shaughnessy, LivingSocial’s CEO shortly after the incident said, “We recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue.”

The company assured users that their credit card data had not been compromised, as they are kept in another database. Account passwords were also encrypted, which means they are harder to crack but not impossible.

What should you do?
If you have a LivingSocial account, we recommend that you go and change your password immediately. This can be done by:

  1. Going to LivingSocial’s forgot your password page.
  2. Entering the email address you used to sign up for the account with.
  3. Pressing Reset Password.
  4. Checking your email for an email from LivingSocial and following the instructions in the email.

It is advisable to pick a new password, one that is as different as possible from your old password and, as always, the longer, the better.

Is there anything I can to do protect my company?
If you are a business owner who has websites that encourage customers to sign up for updates, accounts, etc. you may be wondering how you can keep your user’s information secure from cyber attack.
In truth, you can’t keep your important information 100% secure, if a hacker is committed enough, they will be able to get the information they need or wreak the havoc they want to. But what you can do is to make it as hard as possible for cybercriminals to get your information. This could be as simple as using multiple databases to store different bits of information, or as complex as using the latest encryption methods and systems.

Each business is unique, and the best way to ensure your valuable data is secure is to work with an IT partner who takes the time to get to know your security needs and develop a solution that is as near to 100% secure as possible.

If you are worried about the security of your systems, contact us today. We may have the perfect solution that will meet your needs and budget.

Published with permission from TechAdvisory.org. Source.

Five password don’ts

Security_May02_CSecurity is an important issue for many business owners and managers. Many work with their IT department or an IT partner to ensure their network and systems are secure from threats. But what about your email, social media and bank accounts? The weakest link of these online accounts is your password, hackers know this and that’s what they target. Do you take steps to ensure that you have a strong password?

If you want to minimize the chances of your password being hacked, here are five things you should NOT do.

1. Don’t pick short passwords

While short passwords are easier to remember, they are also easier and quicker to hack. The most common way to hack passwords is by using brute force: Developing a list of every possible password, then trying this list with a username.

Using a mid-range computer like the one many have on their desk, with a normal Internet connection, you can develop a list of all potential passwords astonishingly quickly. For example it would take 11.9 seconds to generate a list of all possible passwords using five lowercase characters (a,b,c,d,etc.) only. It will take about 2.15 hours to develop a list of all possible passwords using five of any computer character. Once a hacker has the list, they just have to try every potential password with your user name.

On the other hand, a list of all 8 character passwords with at least one special character (!,@,%,etc.) and one capital letter would take this computer 2.14 centuries to develop. In other words, the longer the password, the harder it will be to hack. That being said, longer passwords aren’t impossible to hack, they just take more time. So, most hackers will usually go after the shorter passwords first.

2. Don’t use the same password

The way most hackers work is that they assume users have the same password for different accounts. If they can get one password, it’s as simple as looking through that account’s information for any related accounts and trying the original password with the other accounts. If one of these happens to be your email where you have kept bank information, you will likely see your bank account drained.

It’s therefore important to use a different password for every online account. They key here is to try and use a password that’s as different as possible. Don’t just add a number or character onto the end of a word. If you have trouble remembering all of your passwords, try using a password manager like LastPass.

3. Don’t use words from the dictionary or all numbers

This article published last year on ZDnet highlights the 25 most popular passwords. Notice that more than 15 contain words from the dictionary, and most of the rest are strings of common numbers. To have a secure password, most security experts agree that you should not use words from the dictionary or number combinations that are beside each other (e.g., 1234).

4. Don’t use standard number substitutions

Some users have passwords where they replace letters with a number that looks similar, for example: h31lo (hello). Most new password hacking tools actually have combinations like this built in and will try a normal word, followed by replacing letters with similar numbers. It’s best to avoid this.

5. Don’t use available information as a password

What we mean by this is using information that can be easily found on the Internet. For example, doing a quick search for your name will likely return your email address and social media profiles. If you have pictures of your kids, spouse, pets, family, their dates of birth, etc. on your Facebook profile and have put their names in captions, it’s possible for a hacker to see this (assuming the pictures are shared with the public).

You can bet that they will try these names as your password. You would be surprised with the amount of personal information on the web. We suggest searching for yourself using your email address(s), social media profile names, etc. and seeing what information can be found. If your passwords are close to what you find, it would be a good idea to change them immediately.

There are numerous things you can do to minimize the chance that your passwords are stolen and accounts hacked.

 

Published with permission from TechAdvisory.org. Source.

5 tips to spot email fraud

Security_April18_CWhile being one of the most useful business tools ever invented, email can also be a hinderance. Because of its generally open nature, when anyone can get an email address, criminals have taken their operations online in the form of email frauds or scams. This can be a big issue for business owners, and knowing how to determine if an email is legitimate or not is important.

Here’s five tips to help you spot email frauds or scams.

Look at the email address
One of the easiest ways to spot a fraudulent email or scam is by looking at the email address of the sender. Many credit card application scams use third party email services like Gmail or Yahoo. Some scammers go so far as to set up accounts in the name of the company e.g., AMEX_121@gmail.com.

Sophisticated scammers will actually try to copy the legitimate company’s email account – a practice called spoofing. They will usually have a few changes like a missing letter from the address, or an extra . added.

The easiest thing you can do is look for the sender’s site on the Internet. For example: You get an email from AMEX OPEN (American Express’s small business credit card) and notice that the sender’s email address just doesn’t look right. Go to Google and search for amex fraud. You’ll likely find the fraud page which tells you exactly how the company sends emails. If the sender is a smaller company, most of these will have email contact addresses right on the site, take a look and compare the two. If they are different, the email is likely a scam.

Look at the sender’s website
If you think an email is fraudulent, try looking up the website associated with the sender. Should you be unable to find the site, it’s likely a scam.

If you find a website, click through some pages to see if there is anything that looks out of place. For example a website selling a new financial service has pages with Coming Soon or you get errors when you try to load the page. If it looks fishy, it likely is – delete the email.

It would also be a good idea to go to archive.org’s Wayback Machine, copy and paste the website’s URL into the The Wayback Machine Search bar and hit Take me back. This will bring up previous versions of the website. If you see that the site in question was something completely different a few months to a year ago (e.g., it is a financial services page now, but six months ago it was a page selling prescription drugs), chances are high it’s a fraud.

Call them
Many scammers will put phone numbers into emails to make them look more legitimate. If you are unsure about whether this email is legitimate or not, why not try calling the number? Many scammers run more than one fraud operating at the same time and may answer the phone with another name, or not at all.

Similarly, if you call a local number of a supposedly small business and get routed directly to voicemail, it’s likely fraud.

Look carefully at the body of the message
The body of the email can also be a great way to suss out email scammers and potential fraud. Because many fraudulent emails originate outside of the major English speaking countries, there will often be language that just sounds different from the way people write in your area. One great example of this would be a line like ‘We wish to sell you a great product.’

You should also look for spelling errors, grammar mistakes or inconsistencies. While some fraudulent emails will have minor spelling inconsistencies, others will spell common words wrong. If you see mistakes like ‘our product are a great deals’, this should raise a warning flag.

Spelling and grammar errors are a part of business communication, so don’t expect a perfect email from all companies, especially if you see that the company is located overseas. It’s the emails with mistakes supposedly coming from companies in your area that should really raise alarm.

The sender asks for money or passwords
It’s kind of an unwritten rule that when sending out emails you never ask for a person’s credit card number or account passwords. Banks, large companies and many social networks will never ask you for passwords or account information, credit card numbers, pin codes, etc of any kind over email. If you notice that an email selling something asks for you to reply with a credit card details so you can make a purchase, it’s best to delete the email as it’s likely a fraud.

Email fraud is a big deal, and unfortunately it will likely become even more common in the near future. This means you should be able to spot potentially fraudulent emails. If you think an email is a scam, it’s best to just delete it immediately. Don’t respond or forward it to colleagues or employees. If you need to let people know, write another email that describes the suspected email but has no links. You can also forward a screenshot to your colleagues or friends to illustrate the scam.

Looking for more ways you can protect your company? Contact us today. We can work with you to develop a security system that will meet your needs.

Published with permission from TechAdvisory.org. Source.

Confused about computer viruses?

Security_April03_CMyths have always been a part of human culture, and can be found in nearly every aspect of life, including the computer. One of the larger computer-based myths revolves around malware, more specifically the virus. Many users are familiar with the concept but have a tough time distinguishing between what is true and what isn’t. Are you one of them?

Here are five common myths about viruses that confuse people, and the truths associated with them. Before we delve deeper it would be a good idea to explain what a virus is.

A virus is a computer program that infects a computer and can generally copy itself and infect other computers. Most viruses aim to cause havoc by either deleting important files or rendering a computer inoperable. Most viruses have to be installed by the user, and usually come hidden as programs, browser plugins, etc.

You may hear the term malware used interchangeably with virus. Malware is short for malicious software and is more of an umbrella term that covers any software that aims to cause harm. A virus is simply a type of malware.

Myth 1: Error messages = virus
A common thought many have when their computer shows an error message is that they must have a virus. In truth, bugs in the software, a faulty hard drive, memory or even issues with your virus scanner are more likely the cause. The same goes with if your computer crashes, it likely could be because of something other than a virus.

When you do see error messages, or your computer crashes while trying to run a program or open a file, you should scan for viruses, just to rule it out.

Myth 2: Computers can infect themselves
It’s not uncommon to have clients bring their computers to a techie exclaiming that a virus has magically appeared on the system all by itself. Despite what some may believe, viruses cannot infect computers by themselves. Users have to physically open an infected program, or visit a site that hosts the virus and download it.

To minimize the chance of being infected you should steer clear of any adult oriented sites – they are often loaded with viruses, torrent sites, etc. A good rule of thumb is: If the site has illegal or ‘adult’ content, it likely has viruses that can and will infect your system if visited, or files downloaded from there.

Myth 3: Only PCs can get viruses
If you read the news, you likely know that many of the big viruses and malware infect mostly systems running Windows. This has led users to believe that other systems like Apple’s OS X are virus free.

The truth of the matter is: All systems could be infected by a virus, it’s just that the vast majority of them are written to target Windows machines. This is because most computers run Windows. That being said, there is an increasing number of threats to OS X and Linux, as these systems are becoming more popular. If this trend keeps up, we will see an exponential rise in the number of viruses infecting these systems.

Myth 4: If I reinstall Windows and copy all my old files over, I’ll be ok
Some believe that if their system has been infected, they can simply copy their files onto a hard drive, or backup solution, reinstall Windows and then copy their files back and the virus will be gone.

To be honest, wiping your hard drive and reinstalling Windows will normally get rid of any viruses. However, if the virus is in the files you backed up, your computer will be infected when you move the files back and open them. The key here is that if your system is infected, you need to scan the files and remove the virus before you put them back onto your system.

Myth 5: Firewalls protect networks from viruses
Windows comes with a firewall built into the OS, and many users have been somewhat misled as to what it actually does, and that firewalls can protect from viruses. That’s actually a half truth. Firewalls are actually for network traffic, their main job is to keep networks and computers connected to the network secure; they don’t scan for viruses.

Where they could help is if a virus is sending data to a computer outside of your network. In theory, a firewall will pick up this traffic and alert you to it, or stop the flow of data outright. Some of the bigger viruses actually turn off the firewall, rendering your whole network open to malware attacks.

What can I do?
There are many things you can do to minimize the chances of infection. The most important is to install a virus scanner on all of your systems, keep it up to date and run it regularly. But a defensive strategy like this isn’t enough, you need to be proactive by:

  • Not installing programs from sources you don’t know or trust
  • Being weary of any program that asks you for your password
  • Not installing any browser add-ons or plugins suggested by websites. Instead, download them from the browser’s app store, or the developer’s website.

If you are worried about the security of your systems and network, call us today. Our team of security experts can work with you to provide a plan that will meet your needs.

Published with permission from TechAdvisory.org. Source.

Docracy helps track Terms of Service

Security_March20_CThe Internet has seeped into nearly every aspect of our daily lives, it’s hard not to be connected these days. Think about the number of websites you have accounts with, and how all of these sites now have some form of personal information of yours. The question is, what exactly do these sites do with your information? The answer lies in the Terms of Service, which are always evolving and hard to keep track of. Luckily, a new website makes it a lot easier to monitor all of these changes.

Terms of Service for websites change on a fairly regular basis, and many of us simply have no way of knowing if and when such changes have been made, and what exactly has been changed. That’s why a group of lawyers and professionals started Docracy. According to the website, “Docracy is a home for contracts and other legal documents, socially curated by the communities that use them.” The company aims to make legal documents freely available.

Part of this site is the Terms of Service section which is a database of over 1,000 popular websites’ Terms of Service and Privacy policies. It tracks them and notes when changes are made, and highlights these changes so they are easily found.

If you visit the site here, you can see a list of changes that companies have recently made, and clicking on one should give you basic change information. Clicking on See Full Changes will bring up the full doc with the recent changes highlighted.

Selecting See Full Directory will bring up every policy that the website tracks, and allow you to read them.

Is this useful for my business?
Online law is very complicated, and many companies that run websites that you may have accounts with often don’t make it easy for you to find legal contracts or policies. A good example of where Docracy is helpful is if you want to know who exactly owns your content stored on a popular cloud service. You can go to Docracy’s database and quickly find the related Terms of Service. From there you can download the document and look through it, or view it on the site.

Basically this site can help you get a clearer picture on the various contracts you sign with websites, and how these websites plan to use your data. For many business owners, knowing exactly what other companies are going to do with your data can help you find a more secure solution. After all, being prepared with the correct knowledge is half the battle.

If you would like to learn more about Docracy, or how a change to a Terms of Service could affect your business please contact us today.

Published with permission from TechAdvisory.org. Source.