• 0

Security Hints & Tips

Category : security

Things to think about

  • Protect your computer against power surges and brief outages.
    Most modern Laptops and PCs are pretty resilient against the odd surge in power but if you live in a more remote area this can be a problem. Anti surge multi blocks can offer some protection against power surges and provide outlets to plug in your peripherals. Power strips (Multi-blocks) alone will not protect you from power outages- this protection comes with an uninterruptible power supply (UPS). During a lightning storm or construction work that increases the odds of power surges, consider shutting your computer down and unplugging it from all power sources. Also consider unplugging your network cable!
  • Back up all of your data.
    A backup is always a good idea especially when it comes to stuff you cherish or is important for your work / business. Automating the Backup of your computer is an important task so we have written a Hints and Tips especially for that. (Coming soon)
  • Use and maintain anti-virus software and a firewall.
    Protect yourself against viruses and
    malware that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software (eg Sophos) and a firewall. Make sure to keep your virus definitions up to date.
  • Regularly scan your computer for spyware.
    Spyware or adware hidden in software programs may affect the performance of your computer and give attackers access to your data. Use a legitimate anti-spyware program
    (eg Malwarebytes) to scan your computer and remove any of these files. Many anti-virus products have incorporated spyware detection.
  • Keep software up to date.
    Install software updates (also called patches) so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should turn it on.
  • Evaluate your software’s settings.
    This can get a bit technical. If it does, please feel free to contact us for help. The default settings of most software enable all available functionality, often not all needed. Unfortunately, attackers may be able to take advantage of this functionality to access your computer. It is especially important to check the settings for software that connects to the internet (browsers, email clients, etc.). Apply the highest level of security available that still gives you the functionality you need.
  • Avoid unused software programs.
    Do not clutter your computer with unnecessary software programs. If you have programs on your computer that you do not use, consider uninstalling them. In addition to consuming system resources, these programs may contain vulnerabilities that, if not fixed with the latest version, may allow an attacker to access your computer. Think before you download programs on a whim.
    Laptop makers and the Windows operating system are guilty of planting software that you don’t need on your computer to help their profits. Speak to us before you buy your laptop in order to avoid this.
  • Consider creating separate user accounts.
    Again this may seem a bit geeky. We are here to help if it does. If there are other people using your computer, you may be worried that someone else may accidentally access, modify, and/or delete your files. Most operating systems (including Windows, Mac OS X, and Linux) give you the option of creating a different user account for each user, and you can set the amount of access and privileges for each account. You may also choose to have separate accounts for your work and personal purposes. While this approach will not completely isolate each area, it does offer some additional protection. However, it will not protect your computer against vulnerabilities that give an attacker administrative privileges. Ideally, you will have separate computers for work and personal use; this will offer a different type of protection. It is not a good idea to give yourself Administrative Privileges.
  • Establish guidelines for computer use.
    If there are multiple people using your computer or computer network, make sure they understand the risks and how to use the computer and internet safely. Setting boundaries and guidelines will help to protect your data. Help your staff stay safe by giving them some basic training. We can help with this too.
  • Use passwords and encrypt sensitive files.
    Passwords and other security features add more layers of protection if used appropriately. By encrypting files, you ensure that unauthorized people can’t view data even if they can physically access it. You may also want to consider options for full disk encryption, which prevents a thief from even starting your laptop without a pass-phrase. (Note: When you use encryption, it is important to remember your passwords and pass-phrases; if you forget or lose them, you may lose your data.)
  • Follow corporate policies for handling and storing work-related information.
    If you use your computer for work-related purposes, be sure to follow any corporate policies for handling and storing information. These policies were likely established to protect proprietary information and customer data, as well as to protect you and the company from liability. Even if it is not explicitly stated in your corporate policy, you should avoid allowing other people, including family members, to use a computer that contains corporate data.
  • Dispose of sensitive information properly.
    Simply deleting a file does not completely erase it. To ensure that an attacker cannot access these files, make sure that you adequately erase sensitive files. US Dept. Of Defence Level 7 is recommended for important stuff.
  • Follow good security habits.
    Review our other security tips for ways to protect yourself and your data.
  • Follow good Business Continuity habits.
    Review our other business continuity tips for ways to ensure your data always stays safe.
  • Please feel free to distribute these notes.
  • GiaKonda IT Ltd can be contacted on 01792422616

  • 0

Ransomware

Category : security

Introduction

Businesses both large and small are under threat from increasingly aggressive and brutal ransomware attacks. Loss of access to critical files, followed by a demand for payment can cause massive disruption to an organization’s productivity.

But what does a typical attack look like? And what security solutions should be in place to give you the best possible defence?

This note examines commonly used techniques to deliver ransomware, looks at why attacks are succeeding and gives nine security recommendations to help you stay secure. It also highlights the critical security technologies that every IT setup should include.

Ransomware

Ransomware is one of the most widespread and damaging threats that internet users face. Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of file-encrypting ransomware variants delivered through spam messages and Exploit Kits, extorting money from home users and businesses alike.

The current wave of ransomware families can have their roots traced back to the early days of Fake AV, through “Locker” variants and finally to the file-encrypting variants that are prevalent today. Each distinct category of malware has shared a common goal to extort money from victims through social engineering and outright intimidation. The demands for money have grown more forceful with each iteration.

The financial consequences can be severe. The Hollywood Presbyterian Medical Center reportedly paid 40 Bitcoins ($17,000) to regain access to its files, while the Kansas Heart Hospital despite paying an undisclosed sum, was faced with a second ransom demand and not given access to all of its files.

Ransomware attacks start in two main ways. A booby-trapped email with a malicious attachment or via a compromised website; which then work their way down to your endpoints and servers.

To stop these attacks, it’s critical that you have advanced protection technology in place at each stage of the attack and combine this protection with good user security practices.

Nine best security practices to apply now

Good IT security practices, including regular training for employees, are essential components of every single security setup. Make sure you’re following these nine best practices:

1. Backup regularly and keep a recent backup copy off-line and off-site

Offline and off-site means ransomware can’t get to it. With recent backups data loss can be minimized.

2. Enable file extensions

Enabling extensions makes it much easier to spot file types that wouldn’t commonly be sent to you and your users, such as JavaScript.

3. Open JavaScript (.JS) files in Notepad

Opening a JavaScript file in Notepad blocks it from running any malicious scripts and allows you to examine the file contents.

4. Don’t enable macros in document attachments received via email

A lot of infections rely on persuading you to turn macros on, so don’t do it!

5. Be cautious about unsolicited attachments

If you aren’t sure don’t open it. Check with the sender if possible.

6. Don’t have more login power than you need

Admin rights could mean a local infection becomes a network disaster.

7. Consider installing the Microsoft Office viewers

These viewer applications let you see what documents look like without opening them in Word or Excel.

8. Always keep your software up to date

If possible make sure automatic security updates are enabled on your software. This reduces the risk of being exploited by ransomware.

9. Stay up-to-date with new security features in your business applications

For example Office 2016 now includes a control called “Block macros from running in Office files from the internet”

Please feel free to distribute these notes.

 


  • -

eFraud and how to prevent it

Category : security

Types of eFraud

Phishing

  • emails look like official communications from a bank, retailer or government department.
  •  they ask the victim to “confirm” some of their confidential data.
  •  often on the pretext of some sort of security measure being implemented or response to some possibly fraudulent use of the account
  • scam can be made to look real by use of images taken from the real organisation.

Spear Phishing

  • more complicated and effective attack
  •  involving online identity theft
  •  criminal has some prior knowledge of the company’s data or victim’s private data.
  •  so email bait can be personalized with information that appears truly genuine from the target individual
  • addition of a cleverly constructed use of social information makes these attacks so much more effective.

Advanced Fee Fraud

  • Represented in large part by Nigerian Scams
  •  typically take the form of emails purporting to be from someone having large funds available overseas that, if not moved out of country soon, would be lost.
  •  fraudster pleads with the victim for their help in moving these funds to the victim’s country, in return for which the fraudster generously gives a portion of the funds.
  •  once baited the victim’s interest, the victim needs to outlay some funds of his or her own in order to initiate the process.
  •  Similar scams exist for Lottery winners who need to send a fee in order to receive their winnings, and also emails pretending to be from friends abroad who “need money” urgently.

Identity Fraud

  • the process of stealing another person’s identity order to profit financially at the victims expense
  •  Usually done by first stealing their personal details
  • Any subsequent activity on the part of the attacker would be traced back to the victim. Disassociating themselves from the activities of their attacker is a long, tedious and not always successful task.

Credit card Fraud

  • Whether obtained via phishing or key-logging (malware that reads the keys on your computer as you type), credit card information is actively traded publicly
  • information is then used to buy goods or services, using techniques to make it difficult to trace the recipient.
  •  The transactions are done on sites (called ”cardable”) that do not restrict shipment of goods to the same address or region as the billing address of the card owner.

Some Security Measures to put in place

  • Be vigilant, keep your wits about you; be aware that not all sites on the Internet or emails you receive are the genuine article! The Golden Rule is if in doubt dump it.
  • Protect your computer with a firewall, spam filters, anti-virus and anti-spyware software. Ask us for our leaflet on the best low or no cost solutions to this.
  • Don’t type any confidential data into sites unless they display “https:” rather than “http:” in the address bar (the s stands for secure). Unfortunately not all sites use this level of security. The best do.
  • Do not click on links, download files or open attachments in emails from unknown senders. It is best to open attachments only when you are expecting them and know what they contain, even if you know the sender (you can always reply to their email to check it’s legitimate).
  • Never give out your passwords for any reason! Any company that asks you to disclose your password is unreliable.
  • Make sure you secure your social web sites and don’t make everything about you and what you do public. There are a lot of people out there looking to use your information from Facebook, Twitter etc. to set you and your employer up.
  • Keep who you are and where you are private.
  • Be very careful when disposing of old computers and hard disks. Recycled computers have been found to retain confidential information pertaining to personal information and Internet banking. If you are a private individual we will wipe your hard drive to US Department of Defence level 7 standard for £10. For Businesses we charge £50

For free software for private use we recommend you visit www.avast.com www.malwarebytes.com and www.zonealarm.com

For companies we recommend either Sophos Anti-Virus or Avast and of course we would like you to buy them from us!

GiaKonda IT Ltd can be contacted on 01792422616 or visited at 3 Humphrey St, Swansea SA1 6BG


  • -

Security Hints & Tips

Category : security

Giakonda IT: Security Hints & Tips

  • Protect your computer against power surges and brief outages.
    Power strips alone will not protect you from power outages, but there are products that offer an uninterruptible power supply when there are power surges or outages. During a lightning storm or construction work that increases the odds of power surges, consider shutting your computer down and unplugging it from all power sources. Also be sure to unplug your network cable!

    • Back up all of your data.
      Regularly backing up your data on a CD/DVD or network reduces the stress and other negative consequences that result from losing important information. How often to back up your data is a personal decision. If you are constantly updating data, you may find weekly backups to be the best alternative; if your content rarely changes, you may decide that  backups do not need to be as frequent. You don’t need to back up software that you own on CD-ROM or DVD-ROM—you can reinstall the software from the original media if necessary.
    • Use and maintain anti-virus software and a firewall.
      Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall. Make sure to keep your virus definitions up to date.
    • Regularly scan your computer for spyware.
      Spyware or adware hidden in software programs may affect the performance of your computer and give attackers access to your data. Use a legitimate anti-spyware program to scan your computer and remove any of these files. Many anti-virus products have incorporated spyware detection.
    • Keep software up to date.
      Install software updates (also called patches) so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should turn it on.
    • Evaluate your software’s settings.
      It is especially important to check the settings for software that connects to the internet (browsers, email clients, etc.). Apply the highest level of security available that still gives you the functionality you need.
    • Avoid unused software programs.
      Do not clutter your computer with unnecessary software programs. In addition to consuming system resources, these programs may contain vulnerabilities that, if not fixed with the latest version, may allow an attacker to access your computer. Think before you download programs on a whim.
    • Consider creating separate user accounts.
      If there are other people using your computer, you may be worried that someone else may accidentally access, modify, and/or delete your files. Most operating systems (including Windows XP and Vista, Mac OS X, and Linux) give you the option of creating a different user account for each user, and you can set the amount of access and privileges for each account. You may also choose to have separate accounts for your work and personal purposes. Ideally, you will have separate computers for work and personal use; this will offer a different type of protection. It is not a good idea to give yourself Administrative Privileges.
    • Establish guidelines for computer use.
      If there are multiple people using your computer make sure they understand the risks and how to use the computer and internet safely. Setting boundaries and guidelines will help to protect your data.
    • Use passwords and encrypt sensitive files.
      Passwords and other security features add more layers of protection if used appropriately. By encrypting files, you ensure that unauthorized people can’t view data even if they can physically access it. You may also want to consider options for full disk encryption, which prevents a thief from even starting your laptop without a passphrase. (When you use encryption, it is important to remember your passwords and passphrases; if you forget or lose them, you may lose your data.)
    • Follow corporate policies for handling and storing work-related information.
      If you use your computer for work-related purposes, be sure to follow any corporate policies for handling and storing information. These policies were established to protect proprietary information and customer data, as well as to protect you and the company from liability. Even if it is not explicitly stated in your corporate policy, you should avoid allowing other people, including family members, to use a computer that contains corporate data.
    • Dispose of sensitive information properly.
      Simply deleting a file does not completely erase it. To ensure that an attacker cannot access these files, make sure that you adequately erase sensitive files. US Dept. Of Defence Level 7 is recommended for important stuff.
    • Follow good security habits.
      Review our other security tips for ways to protect yourself and your data.
    • GiaKonda IT Ltd can be contacted on 01792422616 or visited at
      3 Humphrey Street Swansea SA1 6BG. wendy@www.giakonda.com
    • Please feel free to distribute this information


  • -

Backing up data

Category : back up

Why back up?
1) Under the Data Protection Act, we are responsible for data we hold on other people. We should take care that personal information is only used for what we say it will be used for and that it is safe.
2) We don’t want disruption to our business caused by our IT system malfunctioning. Backing up our important data is part and parcel of our business continuity plan.

What to back up?
You only need to back up your data, not the operating system and programs. So the backup always takes up much less space than the rest. Once you have done your first backup, it should be possible to copy only the changes made between backups.

How?
It is always a good idea to keep as much as possible of your data together in one place to simplify the backup process. In our office all our data is in a folder on one computer.
When it comes to the backup process it is simply a question of copying that folder to another location.
One backup should ideally be off-site, in case there is a total disaster in the office.

To know a little bit more, contact us on 01792 422616


Call us

01792 422616

Read our Blog

Donate to Siavonga Project

Contact Us