Carrollton Dermatology Associates
Dr. Thomas H. Lamb, MD.
Brighter Image, Inc.
RA-Lin and Associates
North Georgia Turf, Inc.
We all know that it’s important to maintain high security vigilance across whole spectrum of your IT, from changing your email password regularly to locking your work computer when you are away from your desk. But there are few areas where it couldn’t be easier to score an own goal and make life easy for fraudsters than in the realm of financial services. From your online banking system to mobile payment platforms, these are accounts where it’s absolutely vital to be on your guard against possible intruders. Peer-to-peer payment provider Venmo just made it a little easier to do that.
The Venmo platform is known for its convenience and ease of use, and is commonly used to split the cost of drinks, dinner, taxis and the like. The app is now adding a raft of new security-focused features, in response to criticism of its record for ensuring the security of its customers and their financial transactions.
Back in February, a Venmo user discovered his account had been hacked and used to withdraw almost $3,000 from his credit card. The intruder had also thought to change the email address associated with the Venmo account and to disable notifications of payments, but Venmo did not tell the genuine user about the changes that had been made. Venmo was decried for letting basic lapses in security exist in its trendsetting platform.
Now the service is doing what it can to pick up the pieces and up the ante on the security front. The most obvious change is to incorporate automatic email notifications when changes are made to the basic personal details associated with a Venmo account - a feature which many believe should have been built in from the word go. But the app will also add multi-factor authentication, another name for the two-step verification that can be enabled within Google Apps and other services. This feature makes it more difficult for would-be intruders to gain access to your account, even if they manage to get hold of your password.
Multi-factor authentication works by requiring not only your password for login, but also a second piece of information such as a one-time code - often generated on-the-spot and sent by SMS to the user’s cell phone - or the answer to a pre-set security question. Insisting on two phases to the sign-in process allows another opportunity to stop potential fraudsters in their tracks. The changes being implemented by Venmo also reflect the growing awareness on the part of technology companies for the need to get serious about security and protect the integrity of their systems and their users’ data.
You can put multi-factor authentication to use in your IT systems to keep your business protected. Get in touch with us and we’ll show you how.
Most of us know we should make our passwords more difficult (sorry, folks, “1234” or "qwerty" just doesn’t cut it) and use an up-to-date version of antivirus software. But all too often, we opt for an easy life - use familiar passwords and put upgrades on the back burner. But security can be simpler than you think so here are a few not-so obvious tips that will make your online experience a whole lot safer. Here are three to keep in mind.
Nowadays, many sites such as Facebook, Dropbox and Twitter also give you the option to use two-factor authentication each time you log in. So if you’re looking for an easy way to up your security, it can give you that extra protection without slowing you down too much.
Yes, installing an update might take 15 minutes of your time. But it can pay dividends in preventing a security breach that could cost you or your business thousands.
You’re probably thinking, adding that last “s” to http (or even typing in http in general) is a complete pain in the rear. So to make this easier you can actually install a program like “HTTPS Everywhere” that’ll automatically switch an http into an https for you. Currently “HTTPS Everywhere” is available for Firefox, Chrome and Opera.
Looking for more tips to boost your internet security? Get in touch to find out how we can help.
Whether we use them for business or pleasure, we all want the confidence that the online services we use to store files, post life updates or check our email are given adequate security protection to safeguard our information. But since high-profile breaches such as the celebrity photo leaks of 2014, the security of Apple platforms has been in the limelight. So it is a welcome move that Apple has extended its two-step authentication feature to the popular FaceTime and iMessage applications.
After the fall-out from the celebrity photo leaks, Apple extended the two-step authentication process (also known as two-step verification) to iCloud, the online storage platform at the center of the scandal. The feature was initially introduced only to the user IDs for access to Apple accounts; the motivation for the launch of that extra security measure was the hacking of a journalist’s data back in 2013. But what is two-step authentication and how does it work to protect your data?
The premise behind two-step authentication, which experts recommend all businesses implement as part of their security strategy, is actually pretty simple. Usernames and passwords are all too easily stolen by malicious parties, whether by phishing emails or a more sophisticated hacking attack. So, rather than typing just your username and password to access your account, the password is teamed up with a four-digit verification code which is newly and uniquely generated each time you attempt to access your account.
The verification code is delivered by text message (meaning that to use the two-step verification feature, you’ll need to have a cellphone to receive the SMS on). As a result, even if a hacker manages to get hold of your password, unless they also have your phone by their side then they won’t be getting into your account. This authentication method is already used by organizations around the world including banks, mobile service providers and other companies who recognize the added layer of security that it brings. And now you can give yourself the same level of protection to ensure that only you can FaceTime your family and send iMessages to your friends.
Fear not, there’s a backup plan to ensure that you can still access your accounts if you happen to forget your password or if something happens to your phone so you can longer receive authentication codes. Apple also provides you with a 14-character recovery key that will get you back in if all else fails. To enable two-step authentication for your FaceTime and iMessage applications, login to your Apple ID account, select Password and Security and then click Get Started under Two-Step Verification.
To find out more about using two-step verification and other security measures to protect your business, contact us today.
As far as viruses, worms and other security infections go, there are probably none quite as frustrating as Poweliks. While most threats can wreak havoc on your computer system and cause untold damage to your business as day-to-day processes are interrupted by unstable IT, information leaks and data losses, the majority at least leave a trace of their work that enables them to be detected and ultimately removed. Not so with Poweliks - this nightmare of a malware completely hides away in your system and is pretty much invisible. Here’s what you need to be aware of and how you can protect yourself against Poweliks.
First discovered back in August 2014, Poweliks has therefore created something of a headache for firms behind conventional security solutions like anti-virus software. Symantec and others have admittedly managed a number of updates to their protection in response to the threat posed by Poweliks. But although very minor records of the presence of the trojan are left behind by way, for instance, of registry logs, the signs of its destructive presence are much lower key than the computer world is used to, meaning Poweliks is unlikely to show up on most system scans.
Poweliks has links to Kazakhstan, the home of two servers the malware connects to once it is up and running from within your computer. The servers in Kazakhstan then send commands to the bug to tell it what to do next. In theory, this then makes way for the tool to be used to download other undesirable programs that could infect your system without your knowledge. It could equally be used to steal and disseminate data from your network.
General awareness around web sites you choose to visit is also recommendable in particular, since others have also reported the bug making its way onto their systems thanks to so-called ‘drive-by download attacks’ - whereby simply visiting a malicious web site is enough to trigger the infection, and actively downloading a file isn’t even necessary. As a result, organizations may wish to consider more comprehensive filtering of internet access, or at the very least reactive blocking of known malicious sites, in order to prevent employees from inadvertently infecting a company network.
To find out more about IT security solutions and protecting your technology from attack, contact us today.
The scale of the recent security breaches at Sony, which led to the cancellation of The Interview’s theatrical release, can make the company’s problems seem beyond the realm of the average small business. But the security mishaps that created the circumstances for the hack are as applicable to modest local and regional companies as they are to multimillion dollar corporations. These three tips will take you back to security basics and help avert your own big-screen drama.
Instill a disciplined, security-conscious mentality in your organization, and keep the messages simple so that staff remember and follow them. Focus on regularly changing passwords and keeping them secret, being vigilant about avoiding unexpected links in email messages, and limiting network access for the likes of external contractors to that which is absolutely necessary.
One of the ways hackers made their way into the Sony network was by tricking administrators into thinking they had a legitimate need for access: teach your staff to be careful, and praise cautiousness even if it turns out access is warranted. Encourage staff to flag up potential security lapses, and make sure they know that reports will be followed up and loopholes closed.
All of this uses staff and resources that your small business might not have - which is where outsourced managed services come in. Using a managed service provider as an add-on to your own IT team can give you extra flexibility and the ability to keep abreast of industry security developments, even when you lack the time to do so yourself.
Equally, know when it is time to ditch data - think of emerging social networks like Snapchat, which set messages to self-destruct after a set time, as your cue to make your data retention policy less permanent, particularly in relation to email. If you no longer have a business need or a regulatory requirement to retain information, then delete it - in the process you can limit the possible damage even if the worst should occur and you fall victim to an external attack.
As well as ensuring alternative means of communication remain open to your business in the aftermath of a possible attack, it is also vital to make sure that you retain access to the information most critical to your work. Regular, secured backups help ensure that, whatever happens, the show is able to go on and your firm’s productivity and revenue are not unduly hit. Engaging professionals to undertake your backups on a managed service basis also means this can happen routinely and without fail, while you stay focused on running your business.
Want to learn more about how to reduce your IT network’s vulnerability to attack? Get in touch with us today.
There are so many ways that hackers can gain access to your computers and systems it boggles the mind. One of the more popular tactics employed is the increasingly common spear phishing. In early December 2014, news broke of a new, super savvy, spear phishing campaign that had succeeded in scamming top Wall Street companies and could be a danger to small businesses as well.
More often than not, these links are to websites where you enter account information, passwords, and even bank account details, or any other personal information which can be used to break into computers and even steal your identity.
What we know is that they send highly savvy and targeted emails to people at a company, trying to harvest Microsoft Outlook account information. Once they have this crucial data they then target others inside, or connected to, the organization, with the same email, while also injecting the code into ongoing messages. This method can spread the attack quickly, leading to a potentially massive security breach.
In the email examples of this phishing threat, the attackers write mainly about mergers and other highly valuable information. They also include a link to a forum to discuss the issues raised further. These emails come from people the recipient already knows, and the link is to a site that asks them to enter their Outlook account and password before gaining access. When this information is entered, it is captured by the attacker and used to launch more attacks.
Because this is an email-based attack, you need to be extra vigilant when opening all emails. Be sure to look at the sender's address, and read the body of the email carefully. While hackers generally have good English skills, they aren't fully fluent, which means you will notice small mistakes. Also, keep in mind previous emails sent by the recipient. If the tone and style is off, then the email may be fake.
It is important to always look carefully at all links in email messages. If a link looks suspicious, then ask the recipient for more information or to tell you where the link goes. If you come across any site asking you to enter account information, be extra careful. Look at the URL address in your browser, if it doesn't sat HTTPS:// before the address, then it may be a good idea to avoid this.
If you have any questions on spear phishing and how you can prevent it, contact us today to see how we can protect your business.
Spend even a small amount of time looking at the various massive malware threats out there and you will find that security experts are usually able to figure out who developed it, the intended targets, and where it is most prevalent. In early November, news broke about a mystery security threat called Regin that has been around for years, but which experts seem to know comparatively little about. Many business owners are worried about Regin, but should they be?
What we do know is that Internet security firm Symantec is credited with first bringing Regin to public attention, and that it has been around since at least 2008. So far, the company has said it is similar to the Stuxnet virus that was supposedly developed in (or by) the US and used to attack and subvert the Iranian nuclear program.
Regin is known to infect Windows-based computers and at its core is a backdoor trojan style of infection. From detected infections it is looks like the purpose of the malware is not to steal information but to gather intelligence and facilitate other types of attacks.
What makes this malware so powerful and disturbing is that it is much more advanced than other infections. Using various encryption methods it can hide itself extremely well, making it difficult to detect. It can also communicate with the hacker who deployed it in a number of different ways, thus making it a challenge to block or stop. As a result, it is far from easy to actually figure out what exactly this malware is doing and why.
For now, however, it appears that Regin is only infecting larger government bodies and large companies outside of North America and much of Europe, so the chances of you being infected are relatively low. Although as with any threat, this can change at any moment.
What we recommend is that you ensure your antivirus and antimalware solutions are kept up to date and always switched on. You can rest assured that eventually experts will learn more and block this malware from infecting systems. Beyond this, working with an IT partner, like us, who can ensure that your valuable data and systems are secure, is also a good idea. The same goes with watching what you download and any emails you open. If you don't know or trust the source, don't download any program, open an attachment, or read an email connected to it.
Looking to learn more about the security of your systems? Contact us today.
In many western countries we are blessed with a free and open Internet, but in the US there is a battle currently raging over the idea of Net Neutrality. Chances are high that you will have heard this term thrown around by various experts and media outlets. In November, President Obama took a stance on this issue. Here is an overview of Net Neutrality, the stance from The White House, and what this could mean for your company.
This free, open, and fair principle is what we call Net Neutrality. In practice, this idea prevents Internet providers, and even governments, from blocking legal sites with messages they disagree with, and restricting access to services and sites that don't meet their business needs.
There are laws currently in place, set by the FCC (Federal Communications Commission), that prohibit providers from collecting, analyzing, and manipulating user traffic. In other words, according to the FCC, the role of the Internet providers should be to simply ensure traffic and data gets from one end of the network to the other.
Last year, it was uncovered that US telecommunications giant, and Internet Service Provider, Comcast demanded that Netflix pay them millions of dollars or they would limit the Internet speed of Comcast users trying to access the streaming service. Netflix tried to negotiate but the result was that Comcast did indeed cut user speeds. Netflix paid to avoid this from happening again. This act is an obvious breach of the main tenet of Net Neutrality: Equal access for everyone.
Combine this with the January 2014 ruling that the FCC had overstepped its bounds in regards to this topic and the increased lobbying by telecommunications giants against Net Neutrality, and you can quickly come to realize that the Internet as we know it is under threat.
Beyond this, because so many businesses rely on websites and the hosting companies that enable us to access them, there is a very real risk that these hosts may have access speeds cut. This in turn could mean that it will take more time for some users to access your website and services. Think of how you react when you can't access a website, you probably just search for another similar site which loads easily - now imagine this happening to your site. In other words, you could see a decrease in overall traffic and therefore profits.
In short, this is a major issue that could see the end of the Internet as we know it. If you would like to learn more about Net Neutrality and how you can help ensure the Internet remains free and open, contact us today.
Is your business secure from the latest malware and security threats? The truth of the matter is that there is always a chance that your business and systems can be attacked and breached by a variety of security threats. One of the more common threats of last year was a nasty piece of ransomware called Cryptolocker. While the first version has largely been dealt with, there is news that a new version of this - called CryptoWall - which has surfaced.
When this malware surfaced last year, many users were understandably more than a little worried and took strong precautions to ensure they did not get infected. Despite these efforts, it really didn't go away until earlier this year, when security experts introduced a number of online portals that can un-encrypt files affected by Cryptolocker, essentially neutralizing the threat, until now that is. A recently updated version is threatening users once again.
With CryptoWall, the transmission and infection methods remain the same as they did with the first version: It is most commonly found in zipped folders and PDF files sent over email. Most emails with the malware are disguised as invoices, bills, complaints, and other business messages that we are likely to open.
The developers did however make some "improvements" to the malware that make it more difficult to deal with for most users. These changes include:
If you are looking to learn more about CryptoWall malware and how to boost your security and protect your data and systems, then we could you your first line of tech defence.
One of the biggest business technology trends of the past half decade or more is the increasing amount of business that is conducted online. These days, many businesses have integrated online solutions into daily operations and have reaped the benefits. The downside to this is the on-going threat to online security. With an ever-increasing number of online attacks, it is important that you take steps to ensure that you remain secure. Here are five tips on how to maintain security while working on, or browsing, the net.
By utilizing this safety feature, you can further increase the security of your accounts, largely because the chances of someone getting their hands on both the generated code and your password are slim.
Some sites don't use a code and instead ask a question that needs to be answered every time you log in. If this is the case, make the question something that is difficult for a hacker to guess. For example, use your address from 10 years ago instead of your current address.
It is a good idea to audit what information you have online. This includes looking at the contact and personal information you have on social media profiles, account information, etc. Ideally, if it is not necessary information, then it shouldn't be shared. As for social media profiles, make sure only the absolute basic personal information is online and limit who can see this information.
If you are going to share information online, be sure to limit the potentially sensitive information that you post, especially if the content is shared with the public.
Most experts recommend at least once every three months, but if there is a breach where your account information may have been leaked then naturally change your passwords straightaway.
To ensure maximum security, you should use a different password for each account, and keep these as separate as possible.
If you are looking to learn more about how we can help your business be secure online, contact us today.