Jan 21, 2019

Protect Your Data With These Password Tips

As cyber attacks seem to become increasingly more prevalent, far-reaching and long-lasting in their damage, it's more important than ever that you and your employees do everything possible to protect your company's data. One often overlooked way to keep sensitive information safe is paying extra attention to password security.

Passwords are valued currency in the Digital Age, and using strong passwords to prevent unauthorized access is a necessity," says Stacy King, executive director of the Federal Bar Association. "The ability to transfer customer data, client files, medical records, employee files, financial records and other valuable and sensitive information has presented a new world of legal risks."

So, are you doing what you can to protect yourself and your business?

Password should be unique and interesting.

The tendency to simplify your passwords and repeat them makes them prone to attack. If you're going to have a security system, you want it to work, right? Effective passwords are sufficiently long (8 or more characters) and combine upper and lowercase letters along with numbers and symbols.

Use Lengthy Passwords

Length can exponentially increase the security of your password. A strong password should be at least eight characters, with 12 to 14 being a recommended standard. Be sure to use a mix of alphanumeric characters and symbols, along with capitalization.

Do not repeat your Password.

Do not use the same password for more than one site. If you do, when one password is stolen it can be used to compromise more than one account. Think of a system that makes sense to you, but is not easily guessed by others, to vary your passwords.

Protect your password.

If you must write down your password, don't save it electronically. If your computer is hacked, then you've just given the criminal access to all your accounts when he stumbles on your "my passwords" document. Store any written passwords in a secure location, like a safe.

Employ two-factor or multi-factor authentication.

Adding an extra step to your log-in credentials bolsters your protection. It might be a fingerprint, a pin sent to your phone, or a security question you need to answer. Stolen credentials may become useless to a thief if you have this extra layer of protection. Check your account settings and add MFA if it's available.

Avoid the Automatic Login Feature.

It might save you time and frustration, but automatic, saved login information, including passwords, may make it more likely that your company could be hacked, says Michael Bruemmer, vice president of identity protection at Experian. (So, you may want to avoid using the "remember password" feature.)

Watch what you share online.

Giving the world insight into your personal life on social media or elsewhere can make passwords and answers to security questions easier to guess. It also gives cybercriminals information to launch effective spear phishing attacks. Oversharing equals more exposure to cybercrime.

Change your password.

The thinking on the value of regular changes to passwords has evolved. You should change your password if you are going to strengthen it, but changing it too often may result in weaker passwords or repeat passwords if your creativity and patience runs short. Of course, if there's an event that suggests your password may have been compromised, by all means, change it.

Jan 15, 2019

None of my Feedburner automatic Twitter post links have been working since March!

I was in for a rude awakening today. Something I wish I would have realized sooner, but just figured it was working so I didn't bother checking on it... until today. That is that the "Socialize" feature in Feedburner no longer works!



I take that back, it still posts to Twitter just fine, but because it still uses goo.gl link shortening, the links don't work!

I noticed today when clicking on one of the links on Twitter that I was redirected to this nonsense:

Dynamic Link not found
If you are the developer of this app, ensure that your Dynamic Links domain is correctly configured and that the path component of this URL is valid.

A quick search on Google brings up this Google Developers Blog post about it:
Starting April 13, 2018, anonymous users and users who have never created short links before today will not be able to create new short links via the goo.gl console. If you are looking to create new short links, we recommend you check out popular services like Bitly and Ow.ly as an alternative. 
If you have existing goo.gl short links, you can continue to use all features of goo.gl console for a period of one year, until March 30, 2019, when we will discontinue the console. You can manage all your short links and their analytics through the goo.gl console during this period. 
After March 30, 2019, all links will continue to redirect to the intended destination. Your existing short links will not be migrated to the Firebase console, however, you will be able to export your link information from the goo.gl console.
Well, gee thanks Google. Considering that Feedburner is one of many Google's properties, one would think that they would have updated that platform to either use their new Firebase console, or to allow users to use another shortening service. Apparently that is too much to ask though.

Now I'm forced to pay money to dlvr.it to autopost my blogs to my various social media accounts. At $10 a month, it's very reasonable. I prefer free, but if I'm forced to, I suppose I can fork over the dough for something that works.

Did this happen to you too? What are you using to auto-post to social media? Let us know in the comments.

Jan 14, 2019

If You Use LastPass, You Should Change All Your Passwords

I've been getting bombarded with a lot of spoofed messages from alleged hackers lately claiming they have stolen my password by inserting a Trojan from some porn site that I had supposedly visited, and they have hacked my webcam and if I don't pay them in bitcoin they will release whatever... blah blah blah. Here you can read an example below:
Hello!

As you may have noticed, I sent you an email from your account.
This means that I have full access to your account: On moment of hack your account has password: [SOME PASSWORD]

You say: this is the old password!
Or: I will change my password at any time!

Yes! You're right!
But the fact is that when you change the password, my trojan always saves a new one!

I've been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this, transfer the amount of $523 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”).

My bitcoin address (BTC Wallet) is: 1EGap2ZeR8pf9hfJ2KrSAQ1eYCPBcxJrqo

After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

Best wishes!
These messages are clearly spoofed based on the header and IP information. They obviously didn't hack my email. Anyway, pretty funny right?

Krebs On Security wrote a post about a similar scam, and this is what they surmised:
It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.
Oh, just a site that was hacked 10 years ago? No big deal right? I disagree. I think the passwords these script kiddies are using came from a LastPass breach.



If you don't remember, back in 2015 LastPass reported a major data breach. At that time PC World reported:
The good news is it appears hackers didn’t get away with anyone’s encrypted password vaults. Still, it certainly sounds like a bad breach, but the consensus among security experts is that it could’ve been a lot worse.
I'm beginning to think that was either a lie, or LastPass didn't realize how deep their breach really was. Why do I think that? For three reasons:

  1. The number of spam emails I've received from these guys
  2. Many of them show different passwords. If it was just one or two sites that were breached I'd see a pattern of the same passwords.
  3. Many of the passwords these guys show (although not the actual passwords, but are close enough that I can tell that they have my actual password info somewhere) are randomly generated. I only use such randomly generated passwords with LastPass.
So what did I do about it? First, I reset my LastPass master password again, all of my financial account passwords, all of my social media passwords, online store account passwords, etc. I also went through LastPass's security challenge tool to update old passwords, or any passwords I had previously re-used in multiple sites inadvertently.

I had changed my LastPass credentials shortly after the breach in 2015 as directed by LastPass, but at the time believed the reports that none of the vault password information was touched. I'm starting to think that may not be accurate. If you agree with me, then it's time to change all of your passwords too.

Have you received any of these emails? What are you doing about it? Let us know in the comments!

Jan 7, 2019

Cloud Computing: What's Holding You Back?

The fastest growing SMBs have embraced the Cloud as a method to address four main IT Challenges:

  • High capital costs;
  • Skill shortage;
  • Scalability as the business grows, and;
  • Innovation as the business matures.

Results are positive. Surveys indicate that:

  • 53% of SMB's using cloud technologies are more likely to experience a rise in revenue.
  • 85% of businesses believe the cloud-enabled their business to scale and grow faster.

Organizations are finding that Cloud computing provides immediate access to the tools needed to digitally transform their business and improve customer experience.

Many businesses are still reluctant to make the move to the Cloud despite these advantages. The reluctance to migrate is particularly evident in Western Canada, where we've seen cloud adoption be approximately 25% less than the rest of Canada. So, what's holding you back?

Security Exposure

Security is cited as the number one objection to Cloud for 49% of organizations (IDC 2017). Should you be concerned? The security investments made by the major Cloud providers is significant and has created cloud platforms in which security breaches, due to vendor error are rare. In fact, the Cloud has proven to be more secure than most non-cloud environments.

Network Response

A key detractor to cloud for customers in Western Canada is the worry that network connectivity will be insufficient to provide the type of response time and security that end users are accustomed to. With the major public Cloud providers located in Eastern Canada, it is understandable that network connectivity options should be well understood before proceeding. Several networking options exist to address the need for high bandwidth, security and connectivity to Cloud, including solutions based in Saskatchewan.

Service Availability

Service availability, including response time and user downtime, is a concern due to the perceived loss of control over the computing environment. To mitigate this concern, public Cloud vendors provide service levels for all their products with financial credits provided if they are not achieved. The robust engineering of the Cloud environment is such that high availability is consistently achieved. In a worst-case scenario, organizations can further protect critical applications by configuring them to automatically failover to alternate data centres should a Cloud data centre go offline.

Cloud Costs

There is a general perception that services in the Cloud are more expensive than in the non-Cloud environment. This is often raised when the comparison between Cloud and non-Cloud platforms does not accurately reflect all the costs that make up the non-Cloud infrastructure.

With all the non-Cloud costs in the table above considered, there's an almost 50% reduction in support and maintenance costs when the Cloud is chosen. When doing a financial comparison or Cloud ROI, it's also important to take into account the increased revenue that will take place as you drive your digital transformation results using Cloud services.

Getting Started

It can seem daunting when trying to decide how to get started. The best place to start often with consulting a trusted partner with experience in Cloud migrations. Cloud migration requires skill and experience; often organizations who tackle this transition by themselves find it difficult and time-consuming.

If you want to know how to get started but aren't sure where to begin, reach out and let's grab a coffee. We can discuss your particular needs and help define a path forward for your organization to embrace all that the Cloud has to offer.


Dec 31, 2018

Brace Yourselves For The Upcoming Cybersecurity Trends of 2019

2018 is coming to an end, and as usual, the arena of cybersecurity is having some new trends coming up. As digital threats are also getting up to a new level, we need security experts to adopt and implement future solutions.

Now, the trends like AI, Biometrics, and IoT have been there as always, but these are evolving to a new level every year which is impacting the related sectors. Further, the zero-trust model and GDPR compliance related legislation are in a boom.

Upcoming Cybersecurity Trends for 2019

Identity management, application improvement, and creating efficient and intelligent threat-management solutions are some of the areas where AI is expanding the cybersecurity arena.

2018 has been a great year for the capital funding of cybersecurity projects. This October 2018 saw an investment of $3.3 billion. Investors are willing to splurge more into this technology as well as security is the crucial concern of every industry.

Let us discuss the emerging trends of cybersecurity for the year 2019 here.

The Zero Trust Cloud Security Model

There is a prediction that 2019 will witness the boom of zero trust security model in the enterprises. Several global enterprises are eager to adopt the zero trust cloud security solution.

So, what is the zero trust approach? Of course, as the title suggests, there should be no trust in any individual. Hence, this zero trust security model regularly checks the actions and behaviour so that it becomes easy to spot and eradicate the probable threats. The legitimate parameters are set to determine the validity of a user's actions and responses. These factors can help in calculating the risk score. The elements can include a user's IP address, physical location, permissions, etc.

So, the zero trust model will always be calculating the risks from various factors, and if that score surpasses the top level, then that user is going to be out of the network. That user can also be asked to go through a multi-aspect authentication procedure.

A Rise in the Use of Biometric Security Systems

The capital investment in the market of biometric systems is going to rise by 25% in 2019.

The concept of biometrics is a threatening one because you get physically connected to the digital world through your online accounts. But, mostly they are in the use of several organisations and have become a significant part of our daily lives like unlocking cell phones via fingerprints or face. These systems increase the efficiency of security functions. By 2023, the investments in the biometric security market are going to be $41.8 billion (as per MarketsandMarkets), but seeing the current demand of the systems, by the end of 2019, the numbers can go up to $20 billion approximately.

IoT Security Advancement

There is widening in the supply of IoT offerings and endpoints which is causing the quantity of IoT security products to boom. The IoT security incidents are going to double in 2019 than in 2018.

The humongous rise in the IoT endpoints/devices is not going to stop at any time. This has given a lift to the necessity of innovating our security service. Even if we have several 'smart' devices, but many of them are having quite big security loopholes. Several technologies and software are helping to protect businesses from attacks like DDoS, but not all the solutions solve the problems from its core. Security professionals will have to determine the underlying cause of insecure IoT endpoints. There is no balance between rising endpoints and security solutions. Therefore, the vulnerability will still exist, and attacks will grow.

GDPR Compliance as a Service

Yes, you read that correct! GDPR compliance as a Service is also capturing the markets through privacy and security services. The growth rate will be about 75% in this case for the year 2019.

The regulations from governments and international authorities have been strict, and hence there is such massive growth. The rise in the number of regulations is causing the businesses to pace up for being updated to keep their customers happy. But, adopting new GDPR and other such technologies related to compliances can help the businesses in a long-term, even though in the initial phases the management can take time. Finally, this will lead to the adoption of fully managed services, and this business will be in a boom.

Looking Ahead in 2019

The trends mentioned here are some of the emerging trends. However, it is believed that these are the most significant trends, considering the changes in the overall market. These are supposed to have the most significant potential impacts on the larger scale of companies as they are going to embrace the security-centric business on a worldwide level.

Dec 24, 2018

A beginner's guide to Bitcoin & Blockchain technology [Infographic]

Ever since it's peak price of over $20,000 per bitcoin in December of 2017, the idea of cryptocurrency and blockchain technology has had the media buzzing about its potential not just as an investment, but real world applications. Many people still don't quite understand the technology though, so we thought we'd share this inforgraphic for all you noobs out there! Enjoy!



[Via Bitcoinfy]

Dec 19, 2018

New Google Assistant Ad Revives Kevin McCallister from 'Home Alone'

Personally I'm not a fan of in-home electronic personal assistants like Google Home or Amazon Echo. Namely, I don't like these companies spying on every conversation I have in my house. Even more, I don't like the NSA using these devices to spy on my every conversation either.

That being said, I am a fan of the original Home Alone movie, which features a young Kevin McCallister protecting his home from the "Wet Bandits"! Well, Google just revived that character in their new ad for Google Assistant!

Check it out:



Just because I don't like these devices, doesn't mean they are not popular. Millions of people find these to be very handy.

Do you use one? Which one? Why do you like it? Let us know in the comments.



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam