Cybersecurity Advice
Our cybersecurity advice section provides comprehensive information about the latest online security threats – not only the threats from unfiltered spam emails, but also the risks present on the Internet from malvertising and vulnerable websites onto which malware exploit kits may have been loaded by cybercriminals.
We also provide advice on the precautions that can be taken to heighten cybersecurity defenses and mitigate the risk of inadvertently downloading an infection. The message throughout all of our cybersecurity advice is to protect your network and WiFi systems with an email spam filter and web content control solution.
by G Hunt |
January 7, 2015 |
Cybersecurity Advice
To put it mildly, 2014 was bad year for many IT security professionals. The number of threats to network security increased significantly, more computer systems were breached than in previous years, and more confidential records exposed than in the previous 12 months. The threat landscape is constantly changing, but 2014 saw incredible volumes of new malware released and a considerable number of zero day exploits succeed. Many IT security professional will be glad to see the back of 2014. Unfortunately, 2015 doesn’t look like it will be any better. Many predict it will even be worse. 2014 started badly with the discovery of a number of cyberattacks. Hackers had gained access to computer systems in 2013, or even earlier in many cases, but 2014 was when the attacks were discovered and a large volume of brown substance hit the fan. The discoveries were shocking. Incomprehensible amounts of data had been compromised and listed for sale. The country was still reeling from the cyberattack on Target, and then came the announcement of mega data breaches at Neiman Marcus and Home Depot. P.F. Chang’s had customer credit card details exposed from 33 of its restaurants, JP Morgan was affected by a major data breach, as was Michael’s. The healthcare industry was also badly hit. Community Health Systems suffered a major data breach exposing 4.5 million records and even the U.S. Postal service was targeted. 800,000 employee records were exposed in that attack. Then there was the attack on Sony. That data breach caused an incredible amount of damage, with the hacking group responsible not apparently looking for money. The attack was carried out by a group called “Guardians of the Peace,” supposedly located in North Korea and backed by Kim Jong-Un. As a result of the breach, Sony Pictures even stopped the Christmas release of the “The Interview” movie. The film parodied the North Korean leader and even depicted his death. The leader of the Democratic People’s Republic of Korea was reportedly none too happy about the film and the content of the movie was allegedly a motive behind the attack. Now that “The Year of the Data Breach” (as it has been dubbed) has finally come...
by G Hunt |
December 15, 2013 |
Cybersecurity Advice
Without anti-phishing controls in place, your organization is likely to face a high risk of end users falling for scams. How good do you think your employees are at spotting phishing emails? How good are you at spotting phishing emails? Are you a Grammar-Nazi who can spot a misplaced semi-colon from 50 paces? Are you a former Spelling Bee champion or an amateur super-sleuth? Sometimes phishing emails are so obviously fake they are laughable. You would think that a scammer who goes to the trouble of sending out millions of emails claiming to be from a reputable company would actually check the spelling of the company name. Many don’t. Error-ridden phishing emails are common, and they are easy to identify. However, don’t believe for one second that all phishing campaigns are that easy to identify. I write about Internet security and I have nearly fallen for one in the past. Admittedly, it was a very convincing one and in the early days I was a little naïve! I tell you this as even the security conscious can fall for phishing campaigns from time to time. Sometimes scams and phishing emails are virtually impossible to distinguish from legitimate emails. Unless a software security solution is used, it is all too easy to inadvertently become a victim. It used to be a rarity to be emailed a phishing email that was convincing, free from errors, and looked like it had been sent by a legitimate company. Today, scammers are much wiser. They know that a little time spent preparing a campaign properly will result in far more clicks and even more victims. When you consider the money that can potentially be made from targeting business users, investing some time into creating highly convincing campaigns is well worth the investment. Spending a few hours or even a couple of days on a campaign could make the difference between getting no clicks and netting millions of dollars. Unsurprisingly, email spammers have realized this. Spear phishing emails are becoming increasingly common IT security professionals will be well aware that their end-users will be sent phishing emails that can be identified with one eye closed. These emails are sent out randomly in the millions. Fake...
by G Hunt |
March 3, 2013 |
Cybersecurity Advice
Many people are willing to use the Internet to commit fraud. Identity thieves try to get website surfers to reveal their personal information, hackers break through defenses to steal credit card numbers and bank account information, and scammers head online in the tens of thousands. Saboteurs spread viruses and criminal gangs are using spear phishing campaigns to get the information they need to empty corporate bank accounts. The Internet can be a very dangerous place indeed. There were more than 1 million victims of online identity fraud in 2012 A recent study conducted by market research firm Javelin Strategy and Research, indicates more than 1 million victims of identity fraud were created in 2012 than the previous year. That means one in three Americans have now become victims of online fraud. An incredible 12.6 million people have been affected by online fraud in the United States alone. In fact, a new victim of identity fraud is created every three seconds. Cybercrime is extremely profitable. In 2012 alone, more than $21 billion was lost to cybercrime. People are engaging in high risk activities online One of the main reasons why we have experienced such a dramatic upturn in cases of identity fraud is a lack of security awareness. When connecting to the Internet, many individuals fail to realize they are entering a potentially dangerous place. Because of ignorance of the risks, many people fail to take precautions and do not protect themselves. Would you walk down a street in New York City waving a big bundle of cash in front of you? Would you leave your credit card in a phone booth? Of course not. Yet people do equally risky things online. They provide their bank account details to criminals and enter their credit card details into online forms without checking whether the website is legitimate. They even store all of their intimate information on their laptops, Smartphones and tablets, and then leave those devices in cafes, unlocked automobiles, on trains and on buses. These things can and do happen, but when it comes to online fraud, the biggest threat to security comes from social media websites. Social media websites carry a major risk of identity...
by G Hunt |
January 3, 2013 |
Cybersecurity Advice
It will probably come as no surprise to discover the use of personal devices at work carries significant network security risks. Chances are your company may even have a BYOD policy in place that permits the use of personal devices in the workplace. In an effort to quantify the level of risk posed by the use of these devices, a survey was conducted by Virgin Business Media. Respondents were asked questions about BYOD and the potential pitfalls. Network security was one of the main worries, and alarmingly, 51% of respondents revealed they had already suffered a security breach as a result of personal devices being used to access corporate networks. The number of devices connecting to the network has an impact on the level of risk faced. The more devices that are allowed to connect, the greater the risk of one of those devices being used by a hacker to launch an attack on the network. Small to medium sized businesses tended to suffer fewer breaches as a result. The survey suggests 25% fewer. These figures should not be taken to mean that small businesses are unlikely to suffer a cyberattack or experience a security breach. The risk from mobile devices will be reduced, but cybercriminals are now attacking small businesses with increasing regularity. Small to medium sized businesses may not store such large volumes of data, and they may not be as valuable to criminals, but the security defenses used to protect networks are much easier to circumvent. SMEs also tend not to employ as highly skilled IT security staff as the likes of IBM, Facebook and Google. Take a Proactive Approach to Internet and Email Security Many small to medium sized enterprises only implement robust security controls after they have suffered a major security breach. Many CEOs believe that they will not be targeted by criminals and do not require particularly sophisticated defenses. Unfortunately, many attacks are random, so SMEs actually face the same threats as larger corporations. They may not be targeted by teams of foreign government-backed hackers, but they are at risk of attack by other hackers and Internet criminals. The FBI and National White Collar Crime Center formed the Internet...
by G Hunt |
December 9, 2012 |
Cybersecurity Advice
The festive period is almost upon us and, aside from having to deal with the wave of Christmas and New Year cybersecurity threats, it is a time to relax, reflect on the major security events of the year, and plan for 2013. Lessons have been learned in 2012 and it is up to IT security professionals to ensure that the same mistakes are not made next year. 2013 is likely to see a wave of attacks, a great deal more threats, and many companies’ security defenses breached. Prepare adequately and your company is likely to avoid becoming another security breach statistic. Online Security Threats from 2012 2012 was an exciting year, certainly as far as data mobility was concerned. Many companies have enjoyed the benefits that come from being able to access data from any location; on any device. Unfortunately, so have cybercriminals. Widespread adoption of Bring Your Own Device (BYOD) schemes have made workforces much more productive, efficient, and happy. Unfortunately, mobile devices are being attacked with increasing regularity. Personal Smartphones, laptops, and tablets may represent the future of business, but they often lack the necessary security controls to ensure corporate networks remain protected. Cloud computing has also been adopted by many organizations, but not all have made sure their cloud applications are appropriately secured. There has been an explosion in the number of social media websites. Use of the sites are more popular than ever before, and so are the threats from using the sites. As user numbers have increased, so have the types of malware being developed to exploit users of Facebook, Twitter, Pinterest and the myriad of other sites that have enjoyed an increase in popularity. Up and coming platforms are being targeted as user numbers increase and established platforms such as Facebook and Twitter are honeypots for cybercriminals. Social media channels and mobile devices are likely to remain problematic for IT professionals charged with keeping their corporate networks secure. Unfortunately, IT security professionals have little control over personal devices, and it is very difficult to stop end users from using their social media accounts at...
by G Hunt |
December 3, 2012 |
Cybersecurity Advice
Small to Midsize Businesses (SMBs) have a lot to gain from joining the social media revolution, and even by allowing employees some personal Facetime at work. There are a number of drawbacks though, and some can be very serious. Many SMBs are well aware of the potential risks as evidenced by a recent survey conducted by Forrester. Businesses were sent surveys as part of the security study and were asked about social media risk. It was named as one of the biggest security concerns. If social media accounts are accessed at work, they pose a considerable risk to network security. There is a major risk of suffering a malware infection from social media websites. Accounts can be hijacked and there are issues with staff accessing inappropriate content or posting sensitive information about the company. Data leakage is a concern, and highly regulated industries face greater risks. Healthcare professionals could all too easily violate HIPAA rules. With all of these serious risks, why would any business permit members of staff to access personal social media accounts at work? Why not just implement a zero tolerance policy, and take action against any employee found to be using social media sites at work? Better still, social media sites could be blocked entirely to prevent all employees from having a sneaky peek at their Facebook accounts! There are benefits to be gained from allowing social media access in the workplace Social media access by employees is not all bad news. There are many positive benefits to be gained from allowing staff a little time to access their Facebook, Twitter and LinkedIn accounts at work. Even some YouTube time can be very beneficial. Here are four reasons why a total ban on social media use at work is not necessarily the best option for employers. A little social media access can improve the productivity of staff! Employees may be seen to “waste” a little time each day accessing Facebook or other social media websites at work, but the time is not necessarily totally wasted. In fact, some downtime can improve the productivity of employees. How productive would you be if you worked 8 hours straight each day without taking a break? You may be...
by G Hunt |
November 13, 2012 |
Cybersecurity Advice
If you want to access the Internet, you will need a web browser. Unfortunately, the very program you use to gain access to the Net, access your email, and logon to social media sites and online bank accounts could be your downfall. A vulnerability in Firefox, Safari, Chrome or IE could be placing your data straight into the hands of hackers. Cyber criminals can – and do – take advantage of out of date web browsers to steal data and gain access to computers, mobiles, laptops, and tablets. It is therefore essential to ensure that your browser is kept up to date. Fail to install updates as soon as they are released and you could become the next data breach statistic. Insecure web browsers could leave you exposed to a cyberattack When you purchase a new device, chances are it will come with a browser preinstalled. You should bear in mind that when purchasing a new device, it is unlikely to come with the browser correctly configured, and you will most likely need to install the latest version. Updates are now being issued on a regular basis. Fail to keep your browser up to date and tweak the security settings is a recipe for disaster. Out of date or insecure browsers can result in malware, spyware, ransomware, and viruses being installed on your device without your knowledge. Even your anti-virus software program may not pick up the infection. Kaspersky Labs, one of the world’s leading providers of anti-virus software, has recently investigated browser security and has discovered almost a quarter of browsers are out of date. The company assessed the browsers of close to 10 million Internet users from all over the world in 2012, with the data drawn from the Cloud-based Kaspersky Security Network. Over 700 million browser launches were logged by Kaspersky during the period of study. Kaspersky Labs browser study produces worrying results Kaspersky Labs analyzed five different web browsers as part of the study and discovered 36 different versions in use. Only five versions were up to date and installed with the latest security patches. Users of Kaspersky Anti-virus solutions were reasonably well protected, with 77% using the latest version of their chosen browser....
by G Hunt |
September 18, 2012 |
Cybersecurity Advice
Unsurprisingly, the launch of the iPhone 5s has had seen people queuing outside Apple stores for hours upon end in the hope they will be one of the first to get a new Apple device. Apple aficionados do get excited about the launch of a new device, and the Apple iPhone 5s is no exception. The company has reportedly sold 2 million units, and that was in the first 24 hours after the release. Interest in the devices has been so high that buying a new iPhone 5s means a long wait is required. Many early purchasers will have to wait a number of weeks before their new phone is delivered. Apple couldn’t make enough available for the launch. Unfortunately, cybercriminals are taking advantage and have launched a number of iPhone 5 phishing scams. Many iPhone 5 phishing scams have now been launched Cybercriminals also love Apple devices. In particular, the launch of a new Apple device. They take advantage of the hysteria and send huge volumes of spam and phishing emails to would-be purchasers, advising of special offers and discounts, must read information about the new device, and news of fake competitions. In the run up to the launch we have seen many new email scams aimed at Apple fans. Scammers have used the media hype surrounding the iPhone 5 launch to their advantage. Apple knows how to launch a new product. Few companies do it better in fact. In the run up to the launch, only a limited amount of information on the device was issued. Just enough to get Apple fans salivating. As the launch date drew closer, more information was released. They built interest in their product, anticipation was high, and when the launch date arrived, the product sold by the million. Scammers take advantage of the anticipation, supply shortages, and long wait times. Spam email campaigns have accompanied the launch of this year’s hottest new product, with a number of spam and phishing emails already captured by SpamTitan’s spam and web filtering software. Some of the iPhone 5 phishing scams include: Fake delivery notifications Phishing websites set up to coincide with the iPhone launch Fake special offers and discounts on the new iPhone 5s Bogus competitions to win a new iPhone We are...
by G Hunt |
July 19, 2012 |
Cybersecurity Advice
New research indicates the threat from phishing is growing at an alarming rate, with thousands of new malicious websites being created every week. Detection rates of new phishing sites are also increasing, thanks to new software introduced by the Anti-Phishing Working Group (APWG). APWG is a pan-industrial not-for-profit organization dedicated to improving Internet security. The organization works alongside law enforcement to reduce identity theft and make it harder for online criminals to operate. One of the ways it achieves its aims is by finding new websites set up by cybercriminals to obtain login names, passwords and other sensitive information from Internet surfers. A recent report issued by APWG shows an alarming rise in the number of new phishing websites, indicating cybercriminals are concentrating on this attack vector to obtain the data necessary to commit fraud and steal identities. In the month of February alone, 56,859 new phishing websites were detected. This rate of detection has not been achieved since August 2009. February’s count of new phishing websites was 1% higher than the organization’s August 2009 figures. While this suggests there has been a major increase in cybercriminal activity, the company’s new detection software may account for the rise in detection. That said, the threat from phishing is certainly growing. What does a phishing website look like? The reason that phishing websites are so dangerous is they look exactly the same as legitimate websites. Criminals are investing a considerable amount of time and money into creating spoof sites that are highly convincing. Big brand name websites are now being spoofed, with Amazon and E-bay just two of the major retail sites that have had fake versions created to fool users. It is not only the retail industry that is being affected. Criminals have created phishing websites that look the same as those of major banks and financial institutions. If users can be fooled for long enough to attempt to login to the websites, criminals will obtain their credentials and be able to make bank transfers. Huge sums of money can be transferred and withdrawn by criminals before the victims even...
by G Hunt |
July 10, 2012 |
Cybersecurity Advice
Social networking websites are here to stay. They may have been created to give people an easy way to stay in touch with friends, family and meet new people, but there are considerable benefits for businesses. In fact, any business that has not yet embraced the social media revolution is likely to be losing customers to competitors. However, social media use at work does carry security risks and employees may spend a lot of their working day posting status updates, reading articles, and communicating with their contacts. A study was recently conducted by Proskauer Rose that set out to explore some of the problems businesses are having with social media website use by employees. It would appear that social media access is not being effectively managed by some businesses, and employees are spending too much time accessing the likes of Facebook, LinkedIn, Twitter and Pinterest. Key findings of the Proskauer Rose social media study Social media misuse was reported as being a problem for 43.4% of respondents 3% of companies have taken disciplinary action against employees for misusing social networks Surprisingly, 45% of companies do not have a social media or Internet policy covering usage at work There are benefits to be gained from allowing employees to have some time each day to access the websites, should they wish to do so. Unfortunately, the drawbacks can outweigh the advantages if care is not taken and usage is not effectively managed. In addition to time being spent on the websites instead of work being performed, there is a considerable risk to network security. Malware and phishing schemes are rife on social media networks. Then there is the issue of wasted bandwidth. On the plus side, employee productivity can be increased by allowing some time to access accounts each day, and businesses can harness the potential of social media and get closer to their customers. Provided use is managed, the benefits can outweigh the disadvantages. The solution is to implement policies to control usage in addition to software solutions to block access if necessary. Protecting networks from attack and controlling social media use at work Simply implementing a ban on...
by G Hunt |
June 5, 2012 |
Cybersecurity Advice
Someone posts a comment about you or your company that is slanderous, racist, or simply causes offense. It may be possible to sue them for their actions. This is nothing new of course. However, what about if that comment is posted anonymously? That does not necessarily mean you cannot file a lawsuit and sue the poster for damages. An Idaho politician is doing just that. Anonymity is no protection any more. The Idaho Spokesman Review hosts a blog just like many newspapers. Blogs attract comments and sometimes spark heated debates between people with very different opinions. They attract visitors and are great for publicity, plus they have much a bigger reach than a newspaper. Sometimes comments are posted that cause offense. One blog commenter recently posted comments that seriously offended politician Tina Jacobson, chair of the Kootenai County Republican Central Committee. The comments, which were posted anonymously, are now the subject of a lawsuit in which Jacobson seeks $10,000 in damages. Only a couple of comments were posted by the person who identified themselves as “Almost a Bystander,” but that was enough for legal action to be taken. Jacobson had posted an article on the website and on February 14, 2012, the comments were added. They allege Jacobson had been embezzling funds: Serious allegations. The owners of the website promptly deleted the comments, together with the entire post. Whatever happened to free speech? The newspaper maintains that readers should be allowed to post comments on articles, and that it should not be necessary for individuals to identify themselves. The paper also does not believe that commenters should have their identities revealed if they have chosen to post anonymously. If the newspaper continues to protect the identity of “Almost a Bystander,” it is probable that the paper will have to cover the cost and pay the damages. The case could well set a precedent, which could have a serious effect on other newspapers, blogs and websites that allow comments to be posted anonymously. If the company hosts a website that allows social interaction, they may have to reveal the identities of anonymous comment posters. But to do that...
by G Hunt |
March 13, 2012 |
Cybersecurity Advice
You can purchase the most sophisticated software, implement multi-layered security systems, conduct regular system scans and use a host of other security products to keep your network protected from cyberattacks. Unfortunately, all it takes is for one individual to accidentally install malware and all of your good work has been undone. That individual is likely to be one of your company’s employees, not a hacker. Common sense is one of the best defenses You may not be able to install defenses that offer 100% protection against intrusions, insider threats, and malicious software, but we are sure you do your best with the resources you have available. You should install software systems to protect your network, email system and web browsers, but it is all too easy to forget that one of the best ways of protecting a computer, or the network it is connected to, is to use common sense. Unfortunately, when it comes to internet and web security, many employees have very little. Consequently, they must be taught how to act appropriately. Some employees think they have a very secure password, but oftentimes is nowhere near as secure as they believe. It doesn’t contain any special characters, it lacks capital letters, and while it does contain numbers, only a 1234 has been added on the end. If you do not instruct employees how to create secure passwords, they will not. You must also inform them that they must not share passwords across platforms. Sure, it is a pain remembering lots of different passwords, but if one is compromised they all will be. A recent survey conducted by Trusteer, a provider of fraud protection systems, highlighted how common this practice is. Their survey revealed that 73% of computer users use the same password to access their online bank account as they do for other online services. You may have installed a spam filter to reduce the risk of employees falling for a phishing email. The spam filter catches virtually all spam and dangerous emails, and places them in a quarantine folder. The risk of a malware infection via email will be reduced to the minimal level. Then not just one, but a number of employees go into the quarantine folder, and open...
