4 Signs You’ve Been Hacked

are-you-hacked-social

Being hacked is a huge fear of most computer users.  Many believe the first sign of strange behavior or errors on their PC is a sign hackers have taken control.  But are hackers really inside your machine, stealing your information? Or should you be on the lookout for more subtle signs?  What does being hacked really look like?

There is an important distinction to make between being hacked by a person and being infected with a virus or malware. Virus software and malware are automated processes designed to damage your system, steal your data, or both.  There are of course ways that you can defeat these processes, but what if you are instead hacked by an individual?

Logins not working

One of the first steps a hacker might take would be to change the computers passwords.  By doing so, not only do they ensure future access to the account, they prevent you from accessing the system to stop them. For the hacker, this is a crucial step that keeps them in control.  With this in mind, you always want to make sure to keep on top of our own login details and how often you change them.

Security Emails or Texts from online services

Many services track which device and location you logged into your account from last.  If your account is accessed from a new device or a different country it might trigger an automated email or text message to ask if this new login is your own.

If you have logged in using a new computer, tablet, or phone; an email that asks “hey, is this you?” need not be cause for alarm.  If you haven’t, it may be time to investigate further. This service is an important part of information security. It may be a key first step to identify someone else gaining access to your account.

Bank accounts missing money or strange transactions

Most commonly today, hackers commit crimes to steal money. The end goal for hackers is typically to profit from their crimes by taking money from people online.

It always pays to keep a regular eye on your financial transactions to make sure you know what money is coming and going from your account.

You may see a large sum missing where hackers have attempted to take as much as they can in a single transaction.

Alternatively small, hard to notice transactions may appear.  These often account for small purchases where attackers have tested the details they have to make sure they work.

Sudden loss of cellular connectivity

Network interruption is a symptom that few people expect but occurs commonly when hackers attack. Many banks and online services use a security feature known as Two-factor authentication.  To do this they send a short code to your phone or app when you log in.  Two-factor authentication is ideal in most cases and a great boost to security.

Hackers can try to work around this by calling your mobile service provider to report your phone as lost or stolen.  During this call, they will request your phone number be transferred to a new sim card that they control. When your bank sends its regular two-factor authentication code to the number registered, it goes instead to the hacker who may be able to log in.  From your perspective phone service will simply stop working.

Keeping vigilant and maintaining security

These are only some of the modern techniques that hackers can try to use to gain access to your accounts.  It pays to pay close attention to the signs and signals that indicate you may have been hacked.

If you suspect that you might have been hacked, or would like help to prevent hackers in future, give me a call at (828) 290-8237.

Can Private Browsing Protect You Online?

private-browsing-protect-online-social

1. Get a virtual private network (VPN)
VPNs aren’t just for business and downloaders now, they’ve gone mainstream. Once set up, it creates an encrypted connection from your computer to the VPN providers computer. The other computer could be in another city or another country. When you visit a website, it can only see the VPN computer – not yours. You essentially run around the internet pretending to be another computer, in another location. Since your connection is encrypted, even your ISP can’t see what you’re doing online, making your usage anonymous.

The downsides: Because your internet usage has to route through another computer first, your browsing and download speed could be affected. They can be tricky to set up and not all VPNs offer the same privacy levels (the better ones tend to be more expensive). Some websites may even block visits from people using VPNs, so you may end up switching it on/off as required.

2. Go incognito
Most browsers have a private browsing mode, each called something different. For example, Google Chrome calls it ‘incognito’, Microsoft calls it ‘InPrivate’. Before you take the name at face value, it’s a good idea to talk about how they define ‘private’. Unlike a VPN where you can dance around the internet anonymously, private browsing simply means it won’t show up in your browser history, or what you entered into forms. This feature is free, so you always have the option to use it, and it’s actually more helpful than you might think. Common uses include price shopping to reset sale timers and access local-only pricing and overriding usage limits on certain sites. Some sites use cookies to control your free trials and private browsing can help you get around that. For example, some news sites limit you to 5 free articles a month unless you pay. Private browsing can extend that trial quite easily!

The downsides: It can’t pre-fill saved passwords and it won’t help you type in the website name even if you’ve been there before.

3.  Think about who’s watching
While you might be naturally careful when using a public computer have you thought about who’s watching what you do on your work computer? Some workplaces have employee monitoring software that tracks all sorts of data, including taking screenshots of your desktop. It helps them create rules about computer usage but it may also provide them with evidence you’ve been breaking those rules. Stepping out to the internet cafe can be even more risky, as people can install keyloggers that record every keystroke, including your credit card numbers and logins. You’ll never know your activities are being recorded, even if you use private browsing.

The downsides: None. Awareness of the risks and the possibility of being watched ensures you’re more likely to use the internet safely.

While private browsing can help keep your internet usage under wraps, it’s not a magic bullet to cover all possibilities. Many people believe they’re invisible AND invulnerable while private browsing, a mistake they end up paying for. You’ll still need solid anti-virus and password habits to protect against threat, and to be a smart internet user who avoids suspect websites. Consider the options above as privacy-enhancing measures, not one-stop solutions.

Need help with your online privacy? Give me a call at  (828) 290-8237

How to Securely Dispose of Old Computers

dispose-old-computers-social

Getting new computers for your business is exciting, but what happens to the old ones? Depending on the age, some people sell them, others throw them out. That’s the easy part. The problem is the sensitive data on them. There are passwords, account numbers, license keys, customer details, medical information, tax returns, browser history…. the works! Each computer, whether laptop, tablet or desktop, contains a treasure trove of sensitive information that cyber criminals would love to get their hands on.

Unfortunately, hitting delete on your files doesn’t actually make them disappear. These mistakes have cost businesses millions of dollars over the years.

Most businesses are unaware that specialized data cleanup is necessary, others think calling someone to collect the computers will cover all the bases. A 2016 experiment proved just how dangerous the situation can be when they bought 200 used hard drives and found 67% held unwiped, unencrypted sensitive data, including sales projection spreadsheets, CRM records, and product inventories. Frighteningly, they didn’t need any special hacking skills to get this data, it was all right there and helpfully labelled. It’s also not surprising that with simple data recovery tools, people have also been able to access British NHS medical records and missile data, all waiting patiently on a discarded hard drive.

Why hitting delete doesn’t help

Data on a hard drive works like a book with an index page. Every time data is written, it pops a quick entry into the index so when you need it again, it knows where to look. The index is used for files you create as well as system files you can’t even see. Sensible, right? Except if you delete a file it’s more like changing the index to say nothing is on page 10 and you can write something else there when you’re ready. But if you manually flip to page 10, you’ll find the information is still there – the file still exists until it’s been written over – it’s the index reference that got deleted.

Wiping data before disposal

There are software tools you can get to do it yourself, as well as dedicated security firms, but your best option is to choose an IT business you know and trust. With that in mind, a methodical approach is required to ensure not a single drive is left untreated. You don’t want to leave data behind, or even clues that a motivated person could extrapolate any private information from. The approach might include using checklists to maintain security, or dedicated processes to guide each step in decommissioning. Careful records should also be kept, including who signs off on completion of the retirement, and where the computers are sent afterwards. A proper inventory and auditing process may slow the rollout of the new computers slightly, but it’s always better than having your old data come back to haunt you.

I can migrate any needed data, backup the information to your server or external drive, then wipe or destroy the hard drives for you.

Upgrading your business computers should be a happy time for you and your employees, so with a little forward planning, you’ll be able to keep everyone smiling and all your data secure.

Need help with your old hardware? Call me today at (828) 290-8237!

3 Internet Habits To Keep Kids Smart and Safe

habits-social

How can you make the internet a safer place for your children? It’s a common concern as all parents want their kids to be protected and happy whenever they go online. It’s relatively easy to supervise and monitor the very young ones as they stare delightedly at the Disney Jr site, but the risks increase greatly as kids get older and more independent.

You’ve probably heard the term ‘cyber safety’ before, but safe internet usage goes beyond reminding them not to talk to strangers. With the evolution of the internet and the way it’s now woven seamlessly into our lives, the focus needs to be on ingrained habits. That means ensuring your children have the tools and predefined responses to online events so that no matter what happens, they’re not placing themselves (or your family) at risk.

Setting up these habits is easy, and begins with three basic understandings:

Downloads are a no-go

Most kids can’t tell the difference between a legitimate download and a scam/malicious link. It’s not their fault, the online world is full of things that will trick even the most savvy adult. The difference is that kids tend not to take that extra moment to check exactly where that link is pointing, question whether it’s too good to be true, or even read what they’re agreeing to. They want to get back to what they were doing, and if something pops up, their first instinct is to click ‘yes’ – purely so it goes away. Unfortunately, that single ‘yes’ may have just opened the doors to malware and viruses that will ruin their computer. Set a family rule that they need to ask permission for all downloads (and an adult will check it first), and to never click a popup. When you’re called over to give download permission or check a popup, talk through exactly what you’re checking and why. As your child matures, get them involved in this process so their safe habits extend outside the home.

Critical thinking is a must

Most youngsters think the internet is a magical place and can’t imagine their life without it. To them, the internet is on the same level as oxygen! With that acceptance though, comes unwavering trust that the internet would never lie to them, never trick them and never hurt them. While we adults know better, it’s only because we already view the internet with a certain level of distrust. The best way to keep kids safe is to teach them to approach every aspect of the internet with critical thinking. That includes teaching them to question the motives of other people online. Is that person really a kid? What do they really want? Unfortunately, all kids do need to be aware that predators use the internet to target and lure children. Ensure your children tell you immediately if a stranger makes contact. Along with this stranger danger, teach them to identify what marks something as suspicious, and what they should avoid. If they come across anything inappropriate, they should shut down the computer and come straight to you.

The internet is forever

Kids have an overwhelming drive to contribute to the internet, they don’t think twice about recording a video, jumping in a chat room or onto social media. The world really is their playground! But what they don’t understand until they’ve been burned, is that anything they upload, write or say is on the internet forever.  Even if they delete it or use a platform where content self-erases, someone can still screenshot and send it right back out. Many cyber-bullying cases are based around this exact type of blow-back. Once your kids know that everything they post is permanent, they’ll be more likely to pause and think.

If you need help to secure your computer and help keep your family safe – give me a call at (828) 290-8237.

How to Stay Safe from Scams and Malware on Facebook

fb-scam-social

At last count, Facebook has clocked up over 2.7 billion users, which makes the platform more attractive than ever for scammers and hackers. While you may be logging in to share your latest family photos or catch up with friends, the chances of accidentally triggering a scam or malware are increasing daily. Here’s how to stay safe on Facebook and stop the spread.

Look out for freebies and surveys

Everybody loves a freebie and for the most part the competition posts on Facebook are legitimate. On the flip side though, when you see a giveaway for vouchers from a mega-store, alarm bells should ring. ‘Do this quick survey and we’ll send you a $50 Amazon Voucher!’ – it’s too good to be true. Even one click can take you on a messy journey through the underbelly of the web, picking up trackers and malware at every stop and at the end, you’re asked to share the post so your friends can get a voucher too…except nobody ever gets the reward.

Check your permissions with games and quizzes

Whenever you access a new game or quiz, you’ll need to give permissions for it to access your Facebook profile. Most people click the okay button without any thought, but if you review the permissions you’re giving, you’ll often find they’re asking for a massive amount of personal data; public profile, friend list, email address, birthday and newsfeed. Do they really need ALL this information? Sometimes the shakedown is from necessity, but sometimes the apps are preparing to launch attacks against you both on and off Facebook. For example, when you call your bank they ask certain questions like your full name, birthday and maybe which high school you went to. All that information is in your Facebook profile and now shared with your permission.

Don’t friend people you don’t know

Having lots of friends is always nice, but that friend accept could end up costing you. It might be someone pretending to know you, or a picture of a pretty girl to entice men (and vice versa). Once you friend them, they get access to everything your friends can see. In this case, it’s more than the risk of someone knowing your personal data, you’ve just given them intimate access to your life. It’s exactly how romance scams start, and there are even cases where the victim finds photos of their children circulating the internet.

If it’s weird, forget it

It doesn’t happen very often, but hackers find ways to take advantage of flaws in Facebook. A common hack that keeps popping up in various forms is to embed malware in a link. The virus then infects your machine and contacts all your friends with an enticing message, like asking whether a picture is of them. When they click to view the picture, the virus catches them and their friend list, and so on. Facebook is pretty good at staying on top of these flaws, but they need time to fix it. Just like if you got a weird email with an attachment from a friend, use that same level of scrutiny in your Facebook and don’t open messages or links that seem out of place.

Need help securing your privacy? Call me at (828) 290-8237.

Travel with Your Tech: What You Need to Know

travel-tips

Taking a business trip can be stressful at the best of times.  Whether you’re off for an overnight conference, a week’s partnership or a longer project, you essentially pick up your entire business and take it on the road. Besides showing up in the appropriate clothing (which you absolutely packed, right?), keeping your tech up and running becomes your number 1 priority. Take a look at my tech tips for business travelers:

Be careful with free WiFi
Most hotels have free WiFi, as do libraries, cafes, and bookstores. It’s now easy for any business to open their WiFi to the public, with or without a catchy password. Unfortunately, that convenience can come at a huge cost. The wireless network you use to check your email while relaxing with a latte could allow someone to easily capture your information as it travels through the air. Using a VPN can help, as will making sure you connect only to wireless networks that require a password. Once connected, make sure the sites you visit have the little HTTPS lock.

Connect via your cell phone
Hotel WiFi is notorious for being slow or insanely expensive. You may find that your mobile phone allows you to tether or hotspot a connection. That means you connect your laptop to your phone via WiFi or cable and piggy back on its mobile internet connection. Many carriers and phones allow this, but not all. Importantly, if you’re in a foreign country it can also be worthwhile getting a local sim card rather than pay expensive roaming charges.

Don’t forget power adapters
You’ve seen it before…people scrounging around for a charger or cable, huddling around in groups until their device has enough juice to get them through a few more hours. Be sure to pack your correct power adapters and cables, along with any plug/voltage converters required to match your destination. It’s worth carrying your USB charging cables on your person, as many planes and airport shops now offer a place for you to plug in for a quick boost.

Have plans for being offline
Sometimes you simply can’t get online, which will do you no good when you’re checking into a hotel and your booking details are tucked safely away in your cloud email. You can print out essential travel and business details on paper, but if you have a lot or don’t want to carry them, you can also save them to a document.  Emails can be copied and pasted into a Word document, or you can print to PDF by pressing Print > Save to PDF (or similar). Many apps also have an offline mode that allows you to store the information on your computer, including Evernote and Netflix.

Need a tech checkup before you go? Call me today at (828) 290-8237.

How to Stop Your Business Becoming a Victim of Social Engineering

social-engineering-email

You can have top-notch security in place but there is still one danger: social engineering. It’s the old kid on the block, but most of us have never heard of it.  Perhaps the more familiar term is ‘con’:  the art of manipulating people to take certain actions or divulge private information.

Social engineers are a special type of hacker who skip the hassle of writing code and go straight for the weakest link in your security defenses – your employees.  A phone call, a cheap disguise or casual email may be all it takes to gain access, despite having solid tech protections in place.

Here are just a few examples of how social engineers work:

Email: Pretending to be a co-worker or customer who ‘just quickly’ needs a certain piece of information. It could be a shipping address, login, contact or personal detail that they pretend they already know, but simply don’t have in front of them. The email may even tell you where to get the data from. The hacker may also create a sense of urgency or indicate fear that they’ll get in trouble without this information.  Your employee is naturally inclined to help and quickly sends a reply.

Phone:  Posing as IT support, government official or customer, the hacker quickly manipulates your employee into changing a password or giving out information. These attacks are harder to identify and the hacker can be very persuasive, even using background sound effects like a crying baby or call-center noise to trigger empathy or trust.

In person: A delivery man uniform gets past most people without question, as does a repairman. The social engineer can quickly then move into sensitive areas of your business. Once inside, they essentially become invisible, free to install network listening devices, read a Post-it note with a password on it, or tamper with your business in other ways.

It’s impossible to predict when and where (or how) a social engineer will strike. The above attacks aren’t particularly sophisticated, but they are extremely effective. Your staff have been trained to be helpful, but this can also be a weakness. So what can you do to protect your business?

First, recognize that not all of your employees have the same level of interaction with people, the front desk clerk taking calls all day would be at higher risk than the factory worker, for example.
I recommend cyber-security training for each level of risk identified, focusing on responding to the types of scenarios they might find themselves in. Social engineering is too dangerous to take lightly, and far too common for comfort.

Talk to us about your cyber security options today. Call me at (828) 290-8237.

6 Simple Tips to Protect Your Customer Data

protect-customer-data-email

As cyber-attacks continue to make headlines, hackers are exposing or selling customer data files in record numbers. But just like with any threat, there are actions you can take to minimize risk and ensure your business retains a positive reputation among customers.

1. Stop using the same password on repeat. Set a mandate for all staff that passwords must be unique for each user and for your workplace. That means it can’t be remotely like the one on their home PC, tablet or online banking. Passwords are hacked more than ever, so when you’re prompted for a password change, dig deep and really think about what goes into a hacker-proof password. If remembering them is a problem, consider one of the latest password management tools.

2. Go on a shredding spree. How much sensitive data is being dumped into the recycling bin? Valuable customer data is often taken from the bins of small businesses and quickly sold or published. Take 5 seconds to run documents through the shredder or book in the services of a secure shredding company.

3. Ditch the accounting spreadsheets. Still using an Excel doc for all your number-crunching? Besides making your accountant’s job harder (and more expensive), you’re opening your business to a massive range of vulnerabilities. Even with password-protection, spreadsheets aren’t designed to safeguard your financials or those of your clients. Upgrade to a proper accounting solution with built-in customer data protections and security guarantees.

4. Train staff explicitly. You can’t rely on common sense because what you think is a given might be news to someone else. It can be extremely beneficial to hold special data-safety training sessions once or twice a year as a reminder, as well as take the time to induct new staff into the way things are done.

5. Limit access to data. Just like the bank manager who guards the keys to the vault, you can limit who accesses your data. Revoke employee access as soon as they leave your business for good, and set rules around who can access what – and when. Do they need access to sensitive information while working from home? Should they be able to change the files, or only view them?

6. Keep your software updated. Possibly the most preventable hack, having outdated software can be an open invitation for cyber-criminals. They look for known weaknesses in business software and waltz right in. While the nagging pop-ups and reminders to update can feel like a selling ploy, they’re actually helping your business to stay in the safe zone. Updated software gives you protection against new viruses and hacking techniques, plus closes off those nasty weaknesses.

If you would like to make sure your business is secure from data breaches, give me a call at (828) 290-8237.

143 million Customers Exposed in Financial Data Breach

Equifax

Credit reporting company Equifax has just revealed that its databases were hacked in a large-scale breach affecting millions across the US, UK & Canada. While no hacking event is ever good news, some are easier to ignore than others – this isn’t one of them. The sensitive nature of the exposed data now requires immediate action for all those even possibly affected.

The short version: Equifax is one of the three main organizations in the US that manages & calculates credit scores. To do that effectively, they have access to almost every piece of financial data for adults in the country, plus pretty much anyone who’s lived/worked in the US. We’re talking social security, tax file numbers, drivers’ license, credit card numbers…the big stuff. On July 29, Equifax disclosed the breach, stating that hackers had repeatedly gotten in through a vulnerability in the web application from mid-May to July of this year.

If you’re an Equifax customer: As scary as all that sounds, what’s done is done. Equifax, cyber-security experts & law enforcement officials are on the case, working to minimize the long-term damage.
The best action now is to protect yourself against fallout:

1. Go to: http://www.equifaxsecurity2017.com and click on the button that says “Check Potential Impact” to see if your data may have been affected. There was some news that this site was delivering random results, but Equifax announced it has been corrected. At this stage, it’s safest to assume everyone with a credit history has been impacted, so unless that link gives a definite ‘no you’re safe’ response, continue with the following recommendations.

2. Claim the Equifax free year of credit monitoring & identity theft insurance (if you’re a US resident). If you’re not eligible, consider sourcing your own. As the hacked data will continue to circulate for some time, also consider extending your credit monitoring for a few more years.

3. Keep a close eye on your finances and accounts. Check for notifications of new credit applications, monitor your statements and bills, and immediately report any suspicious activity or sudden change in billing.

4. Change all your passwords to be strong, unique and long. Any of the stolen data may give hackers a free pass into the rest of your bank accounts, email and personal information.

5. Add two-factor authentication where possible. This is when an account demands a second layer of authentication before allowing access or changes – getting the password correct isn’t enough, the hacker would also need to get the special code sent by SMS.

6. Consider freezing your credit report. This makes it harder for identity thieves to open accounts under your name, as access is completely restricted until you choose to un-freeze.

Need help with your passwords? Give me a call at (828) 290-8237.

4 Simple Tips to Keep Your Internet Banking Safe

online-bankingOnline banking has boomed in the past few years to become the new norm. Branches are out and apps are in. Some banks now steer you towards a computer for a DIY transaction – with optional assistance.  But is internet banking really safe? You’re always told to keep your financial details private, but now also to jump on board the online banking train – talk about a push/pull scenario! The good news is you CAN bank safely online with a few simple precautions.

Always type in the website address

Many attackers will attempt to trick you into clicking a fake link to your bank website. Usually sent as a ‘phishing email’, they’ll claim there’s a problem and ask you to click through to your bank and correct it ASAP. The link points to a fake website that looks almost exactly like your real bank site and is recording your private account info. You can avoid scams like this simply by accessing your bank by manually typing in the website or using a bookmark.

Avoid public computers and networks

Jumping onto a PC at the library or mall might seem like a quick and easy way to check your account, but public computers are often targeted by scammers. In just a few moments, they can install keyloggers to record usernames, passwords and other private data, then sit back as all future user details are emailed to them. The same problem applies with free, unsecured Wi-Fi. You’re better off using an ATM or a data-enabled smartphone.

Use a strong password with 2- factor authentication

Create a unique password for your online banking, something you’ve never used anywhere else. Mix up words, numbers and symbols to create a complex password that can’t be guessed easily. Avoid giving attackers a head start with data they can find on Facebook, like kids names, pet names, birthdates, etc and really think outside the box. And never keep it in your wallet, on your phone or laptop computer. If remembering is likely to be an issue, you might like to consider a secure password manager app. Many banks will also help boost your security with two-factor authentication, sending random codes to your phone (or a special LCD device they provide) to verify any activity.

Check page security before entering data

Finally, take a micro-second to spot the small padlock icon before you enter any data. You’re looking for a padlock appearing as part of the browser itself, not just an image on the webpage. It will be either in the bottom corner or next to the URL. The address will also start with httpS:// instead of http://. If you don’t see these things, the page is NOT secure and you shouldn’t log in.

 

Need some help securing your system against scammers? I can help. Call me at (828) 290-8237.