These days the media is constantly reporting on new vulnerabilities and cyber attacks that devastate business. With the influx of cyber criminals with access to debilitating software, business owners are forced to take evasive security actions in order to protect their sensitive data. While a complete and comprehensive security system is ideal, it can often take time to create a fully secured system for your business. Luckily, there are a few non-technical steps any user can take to make sure their information can?t get into the wrong hands. Cover Up the Webcam Despite how it sounds, it might not be too crazy to think that someone can spy on you through your computer?s webcam. In fact, there have been actual reports of this happening on several different occasions. Hackers are able to take control of a user?s webcam, often as a way to gain access to personal information, check for signs of a location, and even spy on personal interactions. Luckily, all it takes to stop a hacker is to cover up the webcam when it is not in use. It can be as easy as covering it up with a piece of thick tape, though you can find cheap and effective webcam covers at technology or hardware stores. Use a Privacy Shield There are many professionals who work on-the-go, meaning they?ll have to find a way to take their work with them anywhere. However, using mobile devices while out in public leaves you vulnerable to prying eyes. If you have to work on sensitive data in public, it may be beneficial to invest in a privacy shield. These are similar to a screen protector, but with an added security feature. Privacy shields will limit the angle of viewable screen, making it so only the user can see the information. Privacy filters are recommended on work devices, but can also be used on personal devices to shield sensitive data. Switch to a Physical Authentication These days, many companies are advocating for a two-step authentication when logging into an account. However, there are still ways that hackers can get around these heightened security measures. For example, many two-step authentications use mobile phones to text specialized codes that will unlock an account. If a hacker had access to a user?s mobile phone, either physically or by hijacking it, they can easily get through to the user?s account. To combat this, users can get an authentication key, such as a USB or Bluetooth. These are physical keys that allow only the user to access the accounts. For more information on how to secure your information contact Info Advantage at (585) 254-8710 today.
Last week, Cisco released a high-importance alert for their customers who use its Adaptive Security Appliance (ASA) software urging them to patch a critical-level bug that could be easily exploited. This vulnerability affects the VPN feature of the software, and exploiting it could allow a hacker to force a reload of the system, or even remotely take control. ?An attacker could exploit this vulnerability by sending a crafted XML packet to a vulnerable interface on an affected system,? Cisco explains in their warning. ?An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, cause a reload of the affected device or stop processing of incoming VPN authentication requests.? If left unpatched, any devices configured with Cisco?s WebVPN software, including security applications and firewalls, could be easily bypassed by a malicious party. Due to the severity of the vulnerability Cisco has given the issue a Common Vulnerability Scoring System a Critical rating of 10 out of 10. The following are the vulnerable products identified by Cisco: 3000 Series Industrial Security Appliance (ISA) ASA 5500 Series Adaptive Security Appliances ASA 5500-X Series Next-Generation Firewalls ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers ASA 1000V Cloud Firewall Adaptive Security Virtual Appliance (ASAv) Firepower 2100 Series Security Appliance Firepower 4110 Security Appliance Firepower 4120 Security Appliance Firepower 4140 Security Appliance Firepower 4150 Security Appliance Firepower 9300 ASA Security Module Firepower Threat Defense Software (FTD) FTD Virtual Cisco notes that only those ASA devices that have the WebVPN feature enabled are vulnerable, but encourage all their users to patch their systems as soon as possible. As of now, Cisco says they are not aware of any attacks that have taken advantage of this vulnerability. Cedric Halbronn from the NCC group explained how he was able to exploit the flaw at last weekend?s Recon Brussels conference. He detailed their use of a fuzzer, a software testing technique that injects random, invalid data into a program to see how it withstands it. The fuzzer allowed Halbronn and his team to discover and exploit the bug. An initial patch was released at the same time as Cisco?s initial announcement of the vulnerability. A second, more complete version was released on February 5th. ?After further investigation, Cisco has identified additional attack vectors and features that are affected by this vulnerability. In addition, it was also found that the original fix was incomplete so new fixed code versions are now available.? To make sure all of your Cisco software are up-to-date, contact the Cisco Technical Assistance Center or call Info Advantage at (585) 254-8710 to talk to a specialist.
You?ve heard it said that it?s a best security practice to routinely change your passwords. The idea here is that, if a password were stolen, then it would lose its value when the user goes to change it. While this sounds like solid logic, new research shows that it may actually be better NOT to change your passwords. This may be a hard pill to swallow for IT administrators who have always required users to change their passwords every few months or so. However, seeing as this practice could make accounts less secure, it?s worth considering. The idea behind this theory is that, whenever a user goes to change their password, they?re often rushed or annoyed and end up creating a new password that?s less secure. The Washington Post puts it like this: ?Forcing people to keep changing their passwords can result in workers coming up with, well, bad passwords.? Think about it, how often have you changed your password, only to change it from a complex password to one that?s easier to remember? Or, have you ever kept the same password and just added a number at the end of your new password? This covert move will do little to deter a hacker. Carnegie Mellon University researched this topic and found that users who felt annoyed by having to change their password created new passwords that were 46 percent less secure. Plus, let?s consider the hypothetical situation of a hacker actually stealing your password. Truth be told, once they?ve gotten a hold of your login credentials, they?ll try to exploit the password as soon as they can. If they?re successful, they?ll pose as you and change the account?s password, thus locking you out of it. In an all-too-common situation like this, the fact that you?re scheduled to change your password at the end of the month won?t change anything. Additionally, ZDNet points out yet another way that regularly changing passwords can make matters worse: ?Regularly changed passwords are more likely to be written down or forgotten.? Basically, having a password written down on a scrap piece of paper is a bad security move because it adds another way for the credentials to be lost or stolen. Whether you do or don?t ask employees to change their passwords is your prerogative. However, moving forward it would be in everybody?s best interest to focus on additional ways to secure your network, instead of relying solely on passwords. This can be done by implementing multi-factor authentication, which can include SMS messaging, phone calls, emails, and even biometrics with passwords. With additional security measures like these in place, it won?t matter much if a hacker stole your password because they would need additional forms of identification to make it work. To maximize your company?s network security efforts, contact Info Advantage at (585) 254-8710.
It?s every business owner?s worst nightmare: one mistake, and all of their data is wiped out. This very situation happened recently to a hosting provider, and his story serves as a cautionary tale in regard to data storage best practices. Hosting provider Marco Marsala was brought under fire after he posted on a server forum seeking advice for dealing with a catastrophic error he made while trying to erase a few files. Stating that he had utilized the ?rm -rf? command with undefined variables, he had inadvertently destroyed all data on the computer. What?s worse, his backups were mounted to the computers and were wiped as well. This is actually a similar blunder that Pixar experienced, almost deleting Toy Story 2 prior to its release. As a result, everything Marsala had for his company was destroyed (including the websites he had created and hosted for his 1,535 customers) with no backups surviving to restore from. Needless to say, the responses from other users on the forum were decidedly negative – a few dismissed the possibility of his company surviving the error, and others questioned his abilities as a programmer. One poster recommended Marsala seek legal counsel rather than technical advice, as he predicted that Marsala was ?going out of business.? There was a consensus on the feed that the best chance for any data recovery was to recruit the help of a data recovery firm. Fortunately for Marsala, such a data recovery company was able to recover his files and his biggest hit was financial–both from the recovery company?s fees and from the reduced income due to the loss of business he suffered. By neglecting to follow best practices in regard to backups, Marsala essentially invited this disaster to strike. Following basic best practices would have mitigated much, if not all, of Marsala?s problem. What happened to his data is exactly the reason that all data backups should be kept offline, isolated from the original file on a separate system. Without such measures in place your data is subject to not only human error, as was the case here, but also other dangers. Fire, electrical surges, accidental equipment damage, theft, all of these events have the potential to jeopardize data that?s critical to your business. Are your data backups as secure as they should be? Do you even have a backup and disaster recovery solution put into place? Be certain by calling Info Advantage at (585) 254-8710. Our experts can advise you on what your business needs to survive the worst disasters, and assure that you and your clients? information are prepared for anything.
The pre-installed software that comes with an operation system go by a variety of different names; bloatware, third-party applications, junkware, trialware. Not only can these programs slow down your computer and take up space, but there may be other hidden risks to bloatware. Google?s Project Zero researcher Tavis Ormandy recently found that a common bloatware password management app known as Keeper had came pre-installed with some versions of Windows 10. When it became compromised, Keeper?s browser extension was allowing websites to veiw user login credentials. While this only affected users that activated the plugin during the initial setup process, or manually activated it in their browser, there was plenty of damage that could be done. In response to Ormandy?s report, the Keeper team released a new version that fixes the security vulnerability, therefore addressing the issue once the software is up to date. Although the issue was patched in a week, thousands of these third-party applications are added to laptops every day. This incident again highlights just how cautious individuals and businesses need to be in finding security vulnerabilities when purchasing computer hardware. Why unwanted bloatware needs to go Computer manufacturers make money installing third-party software along with Windows to laptops and PCs. Vendors pay to have their bloatware ? such as trial versions of antivirus programs, video games, and browser toolbars ? installed on new computers in hopes that people will purchase the full programs. In reality, bloatware slows down your computer, takes up disk space, and sometimes puts you at risk. Thankfully, Microsoft has included an easy way to get rid of bloatware in Windows 10. Click the start menu, then the gear icon in the bottom right In the settings window, select Update & Security On the left-hand side, click Recovery Select ?Learn how to start fresh with a clean installation of Windows? and follow the instructions. Bloatware not only clutters your PCs and laptops, but it can leave your business vulnerable to compromise as well. Don?t make this security mistake; learn more about protecting your computers from bloatware, and save yourself from tons of headaches down the line. Call our team of IT experts today!