The Danger of Lax Mobile Phone Security for Your Company

All CEOs are responsible for protecting customer data and most companies now employ holistic IT security protocols for all of their computing systems. Often forgotten, however, are handheld devices such as tablets and mobile phones, increasingly vulnerable to cybercrime and rarely given the protection they warrant. If your staff are accessing their work emails or other documents on their mobile phones, it is the job of the CEO to ensure your customers continue to be protected. Don’t leave yourself vulnerable to cyber attacks by overlooking all the devices used by your staff.

The first task for any CEO is to make their staff aware of this area of risk. Workers cannot be expected to protect themselves against something they are unaware of but once you have conducted meetings and workshops pertaining to this new element of your IT security, they will be obliged to follow the new procedures. They themselves should be willing to work with the company to secure their phone because it will keep their personal data safe as well. Workshops will equip staff members with the knowledge and understanding necessary to keep themselves and their mobile phones safe from cyber attacks. They should also be taught what to do in the event of a breach or if their phone, tablet or laptop is stolen or lost. Fast action in the face of cybercrime can significantly limit the damage done. 

Every company should have a detailed IT security policy. CEOs should be updating these regularly to keep up with the ever expanding world of cybercrime. Make sure this policy includes mobile phones and tablets. Whether these are company issued or the private property of employees, if they are used for work functions at all, strict security practices should be applied. These include the following: 

  • Using two-factor authentication 
  • Setting strong passwords and regularly changing them 
  • Only installing apps from reputable stores 
  • Backing up data 
  • Not connecting to unsecured Wi-Fi networks 
  • Being careful about who has access to your phone  

There are two kinds of cyber attacks on mobile phones. One which is targeted at someone who is known or believed to have access to valuable information. The other is completely random and involves hackers simply attacking numerous mobiles in the hope of coming across something of value. Of course, the former is the more concerning one to fall victim to because it implies the cyber criminals are well-informed and after something specific. Some people in companies, such as the CEO themselves, may be more at risk than other members of staff but everyone should employ stringent IT security policies when it comes to their mobiles just in case. 

If you think your staff are high-risk targets for cyber attacks, consider requesting them to install a security application specifically designed to protect company data. Although this is a relatively new form of mobile threat defence, companies such as FireEye, Better Mobile and Lookout all have applications available now. The spread of cybercrime from traditional computers to our handheld devices is well and truly underway and every day new developments occur on both sides of the IT security war. The only thing you as a CEO can do is keep up with them and make sure your employees are all working alongside you to secure your company’s valuable data and keep the private information of your customers safe.  

_96012299_gettyimages-507473994
IT security

Tech-Savvy Employees Can Be Dangerous

Most job advertisements these days cite the importance of computer literacy. From Microsoft Office packages to social media management to coding to graphic design, there is always use for technological skills in business. Although every employer wants a tech-savvy team behind them, there are some cyber crime risks to filling your company with these people. While these skills can be used to boost your business, they can also be used to exploit it, taking advantage of weakened internal IT security and launching cyber attacks from inside.

Here’s a horror story for bosses around the world. A former security officer, Yovan Garcia, has been found guilty of bypassing IT security, hacking his former employer’s systems and conducting a number of cyber crime activities. Firstly, Garcia changed his timesheets to show he worked significantly longer than he did, entitling himself to additional overtime pay. His cyber attacks went further than simple financial rewards, however, and he stole records and details when enabled him to set up a competing business. Garcia was found guilty and ordered to pay back $318,611.70 to his former employer, with additional legal costs potentially added in the future.

It is often far easier to launch these kinds of cyber attacks internally. Garcia managed to get hold of login credentials which enabled him to gain access to the systems. He had not been authorised to do so. However, speculation suggests another employee may have handed them over, intentionally or otherwise. People are automatically more likely to trust their colleagues and not suspect them of being an IT security risk. With the company’s guard down, this environment can be rich pickings for black hat hackers who want to use their skills for cyber crime.

Of course, this is a highly pessimistic view of society and the vast majority of people are not going to set out to maliciously exploit their employers through cyber attacks. However, the fact remains that an increasing number of people have, in theory, the capacity to commit cyber crime. Once you know your way around a computer, you can use your skills in any way your moral compass tells you to. So the question you should ask yourself when you’re hiring new tech-savvy employees is: are they white hat hackers or black hat hackers?

The best way to protect your own company is to heighten every aspect of your IT security. If your software is up-to-date and you have strong firewalls, your weak-points are your employees. Firstly, you need to conduct regular training sessions to ensure every one of them understands the importance of constant vigilance when it comes to cyber crime. Secondly, you need to employ people you trust. High staff turnovers leave your vulnerable. When you must hire new employees, references from previous jobs are essential. Don’t let your guard down and be sure to scrupulously uphold your IT security protocol to ensure you too don’t fall victim to an internal cyber attack.

For more support and advice on this topic, contact Ctrl IT and speak to one of our experts.

_96012299_gettyimages-507473994
IT Security

No More Passwords?

Everyone is sick of remembering passwords. Even with a password manager it’s still a hassle. And when you do follow the rules and change your passwords every few months and use a generator to deliver complex strings of numbers at letters, you could still be hacked. Passwords are the Achilles heel of online security and the weak point cyber criminals just love to target. Now, however, we could be on the verge of waving goodbye to passwords forever as a new form of IT security comes to the foreground: two-step authentication.

Apple has been using ‘Trusted Device’ since iOS9, a comprehensive two-factor authentication system whereby you will be asked via one of your other devices to verify new logins. This works very well for those loyal Apple users who do indeed have something that resembles an orchard clustered on their desks. Google also offers its users the chance to verify account sign-ins by tapping a prompt sent to your phone. You can also set these devices as ‘trusted’ and negate the need to repeatedly accept the prompts. Now, just a little behind, Microsoft have joined in with this new form of IT security.

Microsoft Authentication is an app now available for Android and Apple. Windows Phone users will have to wait as Microsoft aren’t willing to sink money into a development for only 5% of the world’s population of smartphone owners. However, if the app is successful on Android and iOS devices, a Windows app will be developed. Microsoft Authentication allows users to verify logins via their phone in a two-factor authentication style, one of the best types of online security. The app notifies the phone holder of a login attempt and you simply need to enter an eight-digit numerical code which is presented on the app. Each code is only valid for 30 seconds, increasing the IT security offered by this app. It operates in much the same way as Apple’s Trusted Device, to be honest, and is a step forward from the initial Microsoft Authentication released in summer 2016 which only allowed for wearers of the Apple Watch or the Samsung Gear to use their fingerprints to unlock their online accounts. The limits have now been lifted!

Of course, there’s one problem with all of these two-step authentication processes. If you lose your smartphone/laptop/device or it falls into the hands of a cyber criminal (because they are tangible beings, don’t forget), then your accounts can all be accessed because the cyber criminals can grant it themselves. If we continue using two-step authentication through mobile devices, then our individual awareness of who has access to our devices must come to the forefront of online security. And don’t let your basic security slack and always use a passcode or have fingerprint recognition enabled.

It is undeniable that online security is becoming a bigger issue and one which these technology giants are developing new techniques for. As more and more data is stored in cloud systems and every aspect of our lives become digitised, IT security needs to step up their game because cyber criminals are stepping up theirs as the potential rewards get greater. Two-step authentication is a move in the right direction and, surely, more will follow.

dreamstime_m_36206735
IT Security

Protect Yourself Against Cyber Theft

Have you ever wondered how someone could steal from your company over the Internet? Cyber theft is an ever more prevalent problem faced by small businesses just like yours. Here we explain what cyber theft is, how the computer hackers come to gain access and, most importantly, how you can improve your IT security to keep you, your company, your customers and your assets safe.

Firstly, cyber theft is defined as the act of stealing personal and/or financial information from computers to be used illegally. This can include your bank details themselves as well as your passwords, security answers and other information which can then be use to hack into your account. The people who breach your IT security systems to gain access to this information are called computer hackers and most sell on this data to third parties who can further exploit this information. Large scale examples of cyber theft include Target (70 million customers’ card details), Ebay (145 million users’ login details), Yahoo (1 billion users’ data including passwords and security information) and Anthem (80 million records hacked into at the USA’s biggest health care insurers).

Computer hackers gain access to confidential records and sensitive data in a variety of ways. Most can penetrate your systems remotely but sometimes a physical act is used to hack a computer. Leaving your computer unattended in a public space offers a computer hacker the opportunity to plug in an infected USB stick and embed malicious software (malware) on the machine. Old school, malicious and opportunistic but effective. Alternatively, an infected email as part of a phishing scam could contain a link to a malicious website or begin a download with malware embedded within it. And then there’s the good old fashioned hacking whereby simple passwords can be guessed, leaving your accounts open to tampering and exploitation.

As a business, you have a responsibility to keep the information of customers safe which is why you need to be vigilant when it comes to IT security. Make sure you run regular training sessions with all of your employees to ensure they are aware of the risks and dangers which come with working online. As well as using more complex passwords, be sure to regularly change them (once every month or two is recommended) so computer hackers can’t repeatedly abuse your systems. It is also worth investing in cloud data protection. This ensures all of your files and data are backed up in a far more impenetrable system than a physical hard drive. Finally, install anti-virus software and, most importantly, keep it up to date. Regularly released updates are not there to annoy you. They are there to patch weaknesses and vulnerabilities in the existing version. Computer hackers like easy targets and computers running an old version of software is something they specifically search for.

It’s a dangerous world out there and IT security should be a top priority for any small business. While multinational corporations such as Yahoo and Google have suffered breaches in the past, day to day computer hackers typically target smaller companies because their IT security systems are weaker and easier to bypass but they often have healthy bank balances and large reams of customer data which really deserve better protection. Don’t make yourself a target for cyber threat and invest in your IT security to protect not only your own finances but those customers who entrusted their private details to you.

dreamstime_m_33462521
IT Security

IT Security Is Essential To Guard Against Malicious Threats

Unfortunately there seems to be no end in sight with the continual onslaught of malicious ransomware threats. CrytoWall 4.0 has recently been attacking computer systems across the globe. It’s evolved from the CryptoLocker virus last year which crippled networks and extorted over $3 million from victims. To help guard against this type of ransomware threat ensure your  system is fully protected and checked over by IT Security experts.

Besides evolving to be more evasive and out manoeuvring outdated antivirus protection, the prevenance of ransomware occurs as many computer users are unaware of what it is exactly and just how easily their system can be compromised. Ransom ware can easily compromise a computer when someone opens an email with an infected attachment.

These emails may be disguised as  government letters from organisations such as the taxation office, Medicare or Australia post. Once open,  the ransomware attachment  encrypts files and demands a payment to restore the computer or else the user will have it wiped completely by the deadline! In many cases, even if the ransom is paid the users files are left corrupted and worthless.

To ensure your protection against this type of malicious ransomware activity it essential to have your system checked for any weaknesses by a professional IT Support technician. They can check to see if your backup system is running effectively. Also to ensure your system is running the latest updates and security patches. Your antivirus and firewalls will also be checked to make sure your system is fully protected.

Besides professional IT support its important to remember to never open any spam mail or attachments from a sender you don’t recognise. Its mind bogging the amount of people who do so not realising the destructive consequences of their action. It’s important to educate your family and friends about these type of malicious treats online as they may well open the cryptowall 4.0 without realising their mistake.

It you unfortunately fall victim to this scam, call your trusted IT Security technician ASAP for assistance. The last thing you want to do is pay the cyber criminals, especially is if isn’t guaranteed they will restore your computer. If your backup was running smoothly, your computer technician will be able to restore your information, up until the most recent back up and format the system. Vigilance is the key, stay protected and don’t open suspicious mail!

dreamstime_m_10241053

IT Security Can Check Your Defence With a Penetration Test

As a business owner it’s important to know that your computer systems are secure from malicious threats. Any breech within your security can cause chaos, from sensitive information being copied, such as customers banking details, to lost revenue from your business being offline. It’s important to have a penetration test performed by you trusted IT security Melbourne professional to see where your businesses vulnerabilities lie.

Many people can confuse a penetration test with a security assessment or a compliance audit. The main different with the penetration test that sets it apart from audits is that instead of just identifying vulnerabilities in a business’s system, it goes further to exploit these weaknesses to prove or disprove the effectiveness of your defence. This may take the form of multiple attacks from different sources at the same time.

Although you may think your system is up to date in regards to security it’s important to bear in mind that new vulnerabilities such a harmful viruses are uncovered everyday! These attacks are continually increasing, and their evolving complexity and ability to infiltrate systems is very alarming. By performing a “real world” security breach on your system you can see how well it stands up to online threats.

It’s vital for the security of your business to have a penetration test carried out by your trusted IT support Melbourne expert on a regular basis. They would also advise you to have a test every time you install or upgrade network infrastructure, move office locations and equipment and when security patches are applied.

The benefits of conducting regular penetration tests include:

  • Your businesses security weakness are identified and the impact is measured, allowing appropriate action to be taken to remedy the most critical vulnerabilities.
  • Protect your businesses image and reputation by ensuring your customers details are secure.
  • Reduce costly business downtime due to network failures as a result of security breaches.
  • Meet the compliance requirements of governing bodies to avoid fines, such as Payment Card Industry and  Data Security Standards (PCI DSS).

By ensuring your trusted IT security Melbourne expert conducts penetration tests when required you can feel safe knowing your businesses defences are secure and working effectively.

How to Secure Your Online Surfing

Securing your online connectivity has to be one of the top priorities while surfing the internet.  Although tools such as anti-virus, tracker-disabling extensions, ad blockers and VPNs, are helpful, receiving the best IT support and security from your ISP should be top priority as well.  ISP and networking solution providers take the first major step in securing their user’s online access by employing such techniques as online encryption, filtering of harmful suspicious content before it reaches you and using several other technologies at hand.  Always seek the best IT support Melbourne networking and IT company to be 100% safe from online pirates and hackers, along with following these important tips below:

Avoid Similar Passwords Everywhere On The Web
This goes especially for the heavy social media users who have a tendency to create similar passwords on every social site they use.  Avoid this habit as using similar passwords makes your social profiles prone to getting hacked in the event a hacker strikes the big names.  There are many cases in the past in which thousands of social media profiles were compromised in social media hacking cases.  Most of the users who got their personal data stolen were those who used similar passwords on their social media profiles.

Avoid Becoming Click-Baits On Unknown Links
As we dig through our email inboxes and numerous highly attractive ads on websites, we often become click-baited to those spam links which turns into an install of malicious Trojan infections, viruses or adware on our device.  Along with avoiding these spam links you can also ensure your protection by installing extensions for online security in your browser.  Plus, you can obtain services from the best IT support firms in Melbourne who can protect your identity and data online by putting effective IT technologies in place to guard you against web-based unethical programs.

Be Cautious When Online Shopping
One of the most dangerous and risky things to do on the web is online purchasing, which most of us have now become accustomed to due to its comfort and ease.  Most people do not bother to check the authenticity or reviews of a particular online store before buying from it.  The result is that you could leave your credit card details exposed.  Just this year, a hacking case was reported in Korea where more than 10 million customers’ confidential financial info was hacked by an individual.  The investigation is still underway to get the culprit.

So to avoid such a situation, only use the best networking protection technologies provided by IT support firms, as well as avoiding making purchases from any site without first doing your research.  CtrlIT, one of the most renowned IT Support firms in Melbourne, provides their customers with state-of-the-art security services to make their online shopping activity safer and worry-free.

If you follow these steps you can enjoy the limitless capabilities of the internet without getting worried about the hackers.

dreamstime_m_46672712