Securing yourself from cyber threats 

Privacy takes a very important place amongst network users today, and with the number of cyber-attacks mounting, you cannot blame them from looking for precautions. The best solution is using a Virtual Private Network or VPN. 

VPNs explained 

A collection of servers, to which you connect to over your network is a VPN where once connected it appears as if you have localized with the servers, thus it looks like you have shifted from your actual location. A great feature is that all the information moving in and out through the VPN is encrypted, making it inaccessible to another party. 

Even when you are using a public Wi-Fi network such as at a restaurant, sensitive information such as account login information and credit/debit card details can be protected using VPNs. This gives you a great level of security in the case when you need to work while on the move or out in the field. 

In the case when you have government-imposed restrictions on visiting certain sites, using a VPN enables you to gain access to these sites safely.

Selecting a VPN 

Some VPNs are free to use and while some require payments. The free ones may have their own risks, as some keep track of your network activity and may misuse them. Also, free VPNs might not be ad-free and you might find annoying ads popping up from time to time. 

In comparison, paid VPNs offer a better service through better security, as they do not log your activity and come with much better features to ensure safer use. Also, you won’t see any annoying ads, prompting you to visit their sites. 

When accessing a geo-restricted site, the VPN service provider needs to have servers in the region or country where the site is blocked. Also, you need to find out how much browsing data you are allocated and whether it is enough. Check the compatibility of the VPN service with different devices such as smartphones, laptops, and tablets as you might want to work through these devices, depending on the situation. 

After selecting a suitable VPN service, do this final security check. Enter the VPN’s free trial and check if your IP address is being leaked through https://ipleak.net/. If your physical location is discovered, the VPN is not reliable, and you need to find another VPN service. 

 VPNs play a vital role in protecting businesses from cyber-attacks and if you need any help regarding how to keep your business safe, feel free to contact us.  

Optimizing your investments on cyber-security

 Present day businesses have increased their spending on cybersecurity. This may seem to indicate an increased awareness of the possible risks of cyber-attacks. However, the real question is how much of this money spent actually goes towards keeping you safe. Here is how you can spend wisely. 

Assess where you stand 

Periodically assess the current security status and find out where you stand. Rate potential threats detected depending on how lethal it is to your business. Take measures to cull the most lethal issues. Of course, there are no fix-them-all solutions for these threats and depending on the nature and scale of business, you might have to address them accordingly. 

Target the bigger risks 

As mentioned before, attention must be first paid to issues with higher risk. Your resource allocation (spending) too must be done accordingly and not in an overall manner. 

Evaluate your current products 

Products previously purchased to secure your systems may need to be modified or may no longer be needed. Evaluate their effectiveness in the current situation and scrap the ones no longer helpful and update those which need updates. This way you can further minimize unnecessary expenditure while keeping your security systems sharp. 

Knowing where you stand will help you know how to bridge gaps in your cybersecurity systems, and for this, you need to periodically assess your systems. To get assistance on how to do an evaluation, contact us today.  

How safe are your software

Cybersecurity is a major concern when it comes to businesses and it’s important to identify possible threats that may arise before making an investment in security-related software. Here is why. 

Asses the current security status 

Run frequent checks on cybersecurity of your business. Identify potential risks and hazards and categorize them according to its lethality and frequency of occurrence. With the nature and the scale of the business, the risk assessment techniques vary and through an appropriate method, identify and categorize the threats so the more potent threats can be addressed first.     

Targeting the investments 

Sectors with higher risk need higher investments in terms of time and money. This targeted approach will help you eliminate these threats faster and with better efficiency. 

Evaluate your previous product investments 

Evaluating your previous investments in security will let you know what needs to be upgraded and what is not needed anymore. This way you can cut unnecessary costs. 

Knowing where you stand in cybersecurity helps you optimize the security precautions you need to take and will be easy for future investments. For help concerning cybersecurity, feel free to contact us today.     

Cyberattack risk alert on Remote Desktop Protocol by FBI

The warnings issued by the FBI concerns the sales of Remote Desktop Protocol (RDP) connection credentials by hacker forums. By purchasing such a connection, anyone can control the server to which the credentials correspond to. As credentials of critical facilities such as those of airports might be available, it poses a great risk to the public.     

The most popular method of RDP attacks occurs through ransomware, where the user is denied access from the system or data. Access is only allowed upon making a “ransom” payment.  

The reason why the availability of such credentials (and at cheap prices) is so risky is that it allows the buyer to access the device remotely and take complete control over it. The device owners may be threatened to be blackmailed or their sensitive documents may be exposed if a sum is not paid. Also, once in control, the crooks have the ability to install harmful viruses which will destroy the system data. 

Here is how you can protect yourself from RDP attacks 

Try to avoid public, insecure networks. Even with credentials in possession of the hacker, frequent logins can be avoided. A firewall, which prevents illegal logins must be used in devices which use RDP for security.   

• Using strong passwords for your logins. Breaching weak passwords might only be a matter of time, where malicious robots on the network can crack your password.
• Use 2-step login methods, where logging in does not depend only on the password. Here a verification code will be sent to another device such as your mobile phone. You can choose whether or not to keep a 2-step verification in a particular computer and if you do not need it in that computer you will still be safe as 2-step verification will be prompted for if an attempt to log in from another computer is made. 
• Set the login lockout settings to lockout a hacker, who attempts multiple failed logins. This will block the IP of the would-be hacker attempting to bust your account. This will further enhance the security of your RDP protocol.
• Avoid using the 3389 port which is the default. Shifting to another makes it difficult for a hacker to get to your device.
• Update your device regularly as the new updates will contain solutions for the latest risks and threats. This includes updating your RDP protocol.

An Insight to cybersecurity buzzwords and terminology

In order to survive in today’s fast-moving world, we must stay updated in the sectors we are engaged in. Cybersecurity is no different and with the rapidly evolving technology and the threats it is exposed to, it will be to our advantage as to how much we know about it.  

Malware 

A software designed for creating havoc in a system is called a malware. We are familiar with this “trouble-maker” as a virus, which technically speaking actually refers to a type of malware attack, where the software self-replicates. Malware enters our systems and networks, disrupting functions and corrupting files unless proper precautions are taken. 

Anti-virus

 

A common misconception regarding anti-virus is that they protect our systems from malware, though actually, these can only scan the drives they are installed in to detect traces of malware. 

Ransomware

 

This type of malware steals files or personal data and holds it encrypted, out of reach of its owner until a “ransom” is paid to release them. 

Social Engineering 

 

In this case, it is not the computer or any associated system that betrays itself but the user or the human factor involved. Here the user may be tricked into revealing sensitive information, for example, username and password, and this information used for malicious activities. This system referred to as “Social Engineering” does not need complex malware to extract information, it just needs cunning thinking. 

Phishing

 

This is a more technically backed form of Social Engineering where a criminal may impersonate an authorized agent for a reputed company, will attempt to make contact with the would-be victim, hoping to extract personal information. If on any occasion such prompting is done, do not release any sensitive information without verifying the legitimacy of the agent first. 

Zero-day attacks 

 

A malware released and yet to be discovered by cybersecurity companies pose a great threat to systems as there will be no defense against them. Cybersecurity companies release updates as a response to newer threats which come up, and if a newly released malware exploits such a security gap, its termed a Zero-day attack. 

Patch 

 

Patch is a file update to a software, released by programmers in case they detect a security gap in the software. This gap is “patched” using this update and will keep the software safe from malware. 

Intrusion Protection System (IPS) 

These IPSs offer a great level of protection against malware, where it monitors the activity of this destructive software from within the system firewall itself and puts a dead-stop to any malicious software trying to sneak in.    

Redundant data 

Back up your data in an offline, offsite facility, where it will be safe from malware should anti-virus, Intrusion Protection or patches fail.  

Hope this helped you gain some knowledge regarding cybersecurity. For more information regarding cybersecurity and its developments, feel free to contact us. 

5 Ways to keep your router connection secure

As a rule of thumb, we make sure to keep our smartphones, laptops, and tablets up to date by updating the software. We know this will keep us secure from the latest threats lurking about in the cyber world. However, a much-overlooked device is the router, which is the actual essential component in keeping us connected. By doing some simple adjustments to the settings in the router, network security can be improved drastically. Here is what you need to know. 

In order to manage router settings, you need to enter the router admin console. Though it may look confusing at first, sticking to these simple steps will help you configure your router easily without a hitch. However, it is recommended you save the current settings first just in case you need to revert. 

To access the console, connect to your router and type in the router IP address into the web browser search bar. Your router may have one of the following IP addresses – 192.168.1.1, 192.168.0.1 or 192.168.2.1. IP address will be mentioned in your router’s manual (If you no longer possess your manual check online in either ManualsOnline or ManualsLib). If a login is prompted, log in and change the default username and password to one of your choices. 

Now that you are logged in, here are 5 setting changes you need to do.

1. Proper encryption 

Without proper encryption, your devices may be vulnerable to hackers who might steal your information or use your network to break the law. Having a password protection to enter Wi-Fi gives you a certain level of protection. There exist different kinds of encryption which offers different levels of protection, the most widely used being WPA2. The newest version of security, an update from the age-old WPA2, is the WPA3, which will be supported by routers due to be released into the market soon. You will find encryption settings under the Wireless menu or Security menu. 

If you are using a WPA2 security standard router, the best encryption option available would be “WPA2-PSK AES”. Always make sure never to keep your router in the “no security” or “Open” state. If you are currently using WEP, switch to WPA. Some routers may only support WEP or WPA, and it probably needs a firmware update. If this doesn’t get you sorted out, it is probably time to get a brand-new router. 

2. Strengthen the security of your network 

A VPN or Virtual Private Network is a popular and effective method to improve privacy and security while you are online. With VPNs your IP address is hidden and your identity will be unknown. Encryption makes the data you handle inaccessible for any third party. Though VPNs are usually used through software in your device (such as laptop or smartphone), modern routers have the capability to support VPNs. This way all devices connected such a router will be protected through encryption and by maintaining user/device anonymity. These routers can be used with open source software, where VPN services like OpenVPN can be used. 

3. Parental control 

If you are a parent and your kids have access to the internet, you might worry them coming across age-inappropriate content. With various new features being included in modern routers, parents can adjust settings which will filter out inappropriate content. Some even sport time limiting features where only a set duration of browsing can be done through the network. These adjustments can be done through the router’s admin page or “Access control”. Here limitations to certain sites, and when these limitations need to take place can be customized. Also, the devices which face these restrictions can be selected through the settings. This can be done by adjusting Multimedia Access Control (MAC) filtering, where the MAC address corresponding to a specific device can be set as to when it can access the network. 

4. Have more than one network 

Having an auxiliary network for your personal devices like smartphones and laptops allows you to protect your major devices, such as those you intend to use for business applications, secure from prying cybercriminals. This can be done by creating a guest network in your existing router or even simply by using a separate router. If you opt to use a guest network, use a different network name (and a strong password) to avoid mistaking the two. 

Using a separate network allows you to keep your devices secure from cyber-attacks while you play safe as it isolates the sets of devices you work with. 

5. Hacker proofing 

Use a firewall to protect yourself from hackers. Even if they possess your IP address, hackers cannot access your network or its associated systems. Most new routers consist of firewall facilities and by configuring your router settings, you can protect your information and resources from any lurking hacker.