Is my business secure?

data security

Cyber Crime is on the rise. Every day businesses both large and small are being hacked and having data leaked to public sites, costing businesses billions of dollars a year.

Unfortunately local businesses are an international target for hackers for two simple reasons:

  1. We are considered to be a very rich nation by global standards and so make for an attractive victim of cyber crime.
  2. Many of our small businesses are comparatively relaxed about IT security and data protection.

Now more than ever we need to make sure that all of our devices are secure when we are connecting them to the internet. We need to think less about whether the Cloud is secure and more about whether our devices are secure.

What can you do?

Here are some precautions you can take to improve your security:

  • Set-up next-generation firewalls on your office network. The modem/router that your ISP provides is typically just to get you connected it will not offer the level of filtering and protection that a firewall can. A next-generation firewall is one that offers features such as anti-virus, anti-spam and intrusion prevention.
  • Encrypt the data on your devices as it travels on the internet and when stored in the cloud. Intel and other vendors offer hard drive encryption solutions especially for tablet and mobile devices so your data can only be viewed with a password.
  • Use strong passwords for accessing your devices so they cannot be cracked if lost. ‘password’ is not a strong password but ‘Pa$$w0rd#’ is a very strong password and relatively easy to remember. The mix of upper and lowercase numerals and symbols changes the simple word to a very complex one.
  • Use spam filters to reduce attacks by removing phishing emails and any malicious code in attachments to email messages.
  • Anti-virus software is more important than ever as different forms of attacks increase. Every server, PC and device should now be protected. There is no safe ground because even the less popular products have millions of users and the size of the target is attracting more malicious attacks.
  • Solid backup to ensure that when the worst happens (e.g. the latest Cryptolocker virus) there is a path to restoring systems and data quickly with minimal loss of time and data.

If you manage all these security and protection aspects then your business is safe enough to be on the web. Leave any one of these gaps open and you place your business data at tremendous risk. If you are not sure or you need some advice please email us at info@sn.com.au .

Don’t be held to ransom!

Ransomware

Hopefully as you read this you have not been a victim of Ransomware. The number of articles published and news clips seen on TV have been numerous yet every day infections occur around the globe.

What is Ransomware?

The current common threat is a Ransomware virus called Cryptolocker which encrypts all user files on the local computer and network drives and then prompts the users for payment before the files are released. The virus propagates through HTML links within emails, clicking on this link will download the virus which is set to start automatically. As the more sophisticated versions of Cryptolocker don’t have an attachment, it is increasingly difficult to block with standard methods. Additionally, the source code is freely available so anyone can make their own version and distribute. The email hyperlinks usually come from seemingly official sources such as the Australian Federal Police, ATO, RTA, and Australia Post. They typically are written in such a way that cause an emotional response (such as receiving a speeding ticket) in the hope that you will click the link without thinking. It is important that if an email seems suspicious to verify who the email is from.

How does the attack occur?

These attacks all involve infiltration of your IT system by a rogue computer program. Firstly, your computer becomes infected, and then you receive a notification in relation to what the cyber-criminals want from you

The malicious code can compromise your network if you unknowingly surf an infected website, open an infected email attachment or unwittingly click on a link in an email or attachment. The code encrypts files on your machine, and if on a network, infects the files on the network drives. A pop-up may appear asking for payment to reverse the damage or an email appears in your inbox carrying the same disturbing message.

How do I protect myself against Ransomware?

  • Regularly update your PCs, servers and mobile devices with software patches for Java, Adobe Flash, Acrobat Reader, Windows and Internet browsers.
  • Educate users to be security savvy and to avoid opening attachments such as ZIP files and clicking on links in emails and attachments such as PDF unless they absolutely trust the source.
  • Install and maintain comprehensive, constantly updated security software at every possible entry point into your network (PCs, notebooks, mobile devices, servers and Internet gateways).
  • Have next-generation firewalls in place with advanced security features and policies to strip attachments such as .exe, .js and .vbs.
  • Have watertight backup procedures in place with back-ups kept both on-site and off-site and stored securely. You also need a best-in-class system recovery solution with the ability to restore files quickly.

What if you get attacked?

If you get infected by Ransomware then the general consensus in the IT security industry is not to “pay up”. If you try to pay the ransom they may increase the amount payable before releasing the encryption key (or not release it at all!). The best way to protect yourself is to ensure that you have a good backup each and every day since the only way to get your data back (apart from paying the ransom and getting the encryption key) is to restore from backup. For more information click here.

Need help?
If you need assistance with your network security and back-up systems please email info@sn.com.au .

How strong is your password?

password

For all the money and effort we spend on securing our computer systems, users continue to compromise security with passwords that are easy to remember—and easy for outsiders to guess.

It’s understandable: most users struggle to remember different passwords for the half-dozen or more systems they need to do their work. Each new cloud application complicates matters further; it’s little wonder that the sticky note remains a popular way of remembering passwords.

Analysis after embarrassing analysis confirms the risk these practices pose. A 2012 University of Cambridge study, for example, analysed 70 million Yahoo passwords and found surprisingly little security: 75 percent of users had never changed their password, and by testing accounts against dictionaries full of common English passwords, researchers were able to guess 80 out of every 1,000 passwords. Other studies have reported hit rates well into double-digit percentages.

How good is your memory, really?

Some people have turned to password managers such as 1Password, LastPass, and Dashlane—all of which store passwords in secure digital lockers that automatically sync between your devices. Visit a secure website, and these tools will automatically enter your credentials and log you in. They’ll even generate long, complex passwords and store them for you.

As greater Internet usage forces us to use more passwords on a daily basis, password managers are a step in the right direction. But with most of us still relying on our memories to access the systems we need, we—and our employers—remain exposed.

It’s hardly a new problem: a 2000 University of Cambridge study found many of the same issues. Even making passwords more complex—which stretches the memories of most of us to their breaking point—doesn’t always fix the problem. A recent Carnegie Mellon University research project found that even long, complex passwords combining numbers, letters, and symbols can be guessed using a mathematical understanding of how human behaviour affects our password choices.

Lax policies can compromise the effectiveness of passwords—13 percent of respondents to a recent Liebermann Software survey said they can still access systems at their previous workplaces. Technological weaknesses can also affect password effectiveness. The ‘Heartbleed’ vulnerability, for example, opened a security hole through which outsiders could snoop on passwords travelling to and from websites. Worse still, the bug affected an encryption routine used to secure a significant portion of the world’s websites.

Designing the new identity

Largely driven by the ubiquity of sensor-filled smartphones and tablet devices, security is now focusing on helping users prove their identity through an aggregation of factors that complement passwords. For example, websites using two-factor authentication (2FA) will SMS you a unique, time-limited code that you must enter into the system along with your normal credentials.

Biometrics are another popular advancement that are being leveraged to complement or replace conventional passwords. For example, fingerprint scanners are now built into many mobile devices to provide additional protection. Researchers are looking into other biometric identifiers that can be easily measured using phones and their cameras—including the shape of your hand, the features of your face, the shape of your ear, and voice matching.

The focus on mobile device sensors is driving research into new biometrics that involve careful analysis of behavioural traits such as your gait (which can be measured using a phone’s built-in gyros), your typing style (based on your interactions with the device), or even your heartbeat rhythms (based on readings from wearable fitness trackers).

New network security systems even watch you while you work on-line, establishing baseline activity patterns that can be used to detect anomalies the next time someone logs on with your password. Some people are even looking into implantable microchips that let you prove your identity by waving your hand over a sensor.

It may be a long time before we do away with passwords entirely, but new identity verification processes can reduce or eliminate the chances that someone else can access our systems by pretending to be us. Given the world’s growing interconnectedness, this assurance will be crucial moving forward.