Yesterday, Yahoo confirmed claims that 500 million user accounts were stolen as of a 2014. The data that was compromised includes names, emails, passwords, telephone numbers, and the answers to account security questions. If your account is one Yahoo suspects was compromised, you’ll be prompted to enter a new password as soon as you log on. If you use the same password on other accounts, you should change those, too.
How to Minimize Risk
While there is nothing you can do to prevent these breaches, there are a number of best practices that you can use to prevent exposure from these kinds of attacks:
Pick better passwords: When information gets stolen, the time it takes the hacker to decipher your password is directly proportionate to how common and complex of a password you are using. Avoid common passwords and patterns such as “12345”, “qwerty” or “password” and if you use any actual words in your password, pair them with a few random letters and numbers as well.
Change Passwords Often: Often times these attacks don’t become clear until well after the data is stolen, but if you change your password often, the stolen information will likely be outdated by the time the hacker tries to exploit it.
Never Reuse Passwords: Just like changing your password can prevent stolen info from being used against you, reusing old passwords can re-open you to risk from old breaches.
Update Security Questions: Just like passwords, these can be stolen and used against you as well.
TWO-FACTOR AUTHENTICATION: Adding a second type of authentication, like a one-time code sent over text message, can greatly secure your online accounts making them hard to get into even if your information gets stolen.
Contact us today to find out more about how to secure your company’s online accounts.
With the increase in frequency of Malware and Ransomware attacks over the past few months, we felt the need to make our clients aware of this threat and offer a best practices summary to assist our clients in defending their networks.
What does it look like and how does it work?
There are different types of ransomware. However, all of them will prevent you from using your PC normally, and they will all ask you to do something before you can use your PC.
Prevent you from accessing Windows.
Encrypt files so you can’t use them.
Stop certain apps from running (like your web browser).
They will demand that you do something to get access to your PC or files. We have seen them:
Demand that you pay money.
Make you complete surveys.
Often, the ransomware will claim you have done something illegal with your PC, and that you are being fined by a police force or government agency. These claims are false. It is a scare tactic designed to make you pay the money without telling anyone who might be able to restore your PC. There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.
Crowti (also known as Cryptowall), and FakeBsod are currently the two most prevalent ransomware versions. These two families were detected on more than 850,000 PCs running Microsoft security software between June and November 2015.
Please remember once your files are encrypted, you cannot recover them but must restore a fully tested backup and also have removed the threat from your entire system and server.
What can I do to protect myself and my company?
Always verify who the email sender is: If the email is coming from a bank, verify with your bank if the message is legitimate. If from a personal contact, confirm that they actually sent the message. Do not rely solely on trust by virtue of relationship, as your friend or family member may be a victim of a virus or spam campaign.
Double-check the content of the message. There are usually errors or discrepancies that you can spot such as a claim from a bank or a friend that they have received something from you? Try to go to your recently sent items to double-check their claim. Such spammed messages can also contain an executable (.EXE) or ZIP file attachments. Never open .EXE, PHP, HTML or script file attachments within an email. Always confirm with the sender that any ZIP attachments are also legitimate.
Refrain from clicking links in email. In general, clicking on links in email should be avoided. It is safer to visit any site mentioned in email directly.
Refrain from clicking pop up ads on websites offering software upgrades. In general, clicking on popups should be avoided. You can contact the software vendor’s website or CNC to obtain an updates necessary for your software.
Use a reputable Antivirus security suite. It is always a good idea to have both anti-malware software and a software firewall to help you identify threats or suspicious behavior. Malware authors frequently send out new variants, to try to avoid detection, so this is why it is important to have both layers of protection. Most malware relies upon remote instructions to carry out their misdeeds. If you run across a ransomware variant that is so new that it gets past anti-malware software, it may still be caught by a firewall when it attempts to connect with its Command and Control server to receive instructions for encrypting your files.
Backup important data. Unfortunately, there is no known tool to decrypt the files encrypted by ransomware. One safe computing practice is to ensure you have accurate back-ups of your files. You will also need to ensure all data is being saved properly and guarantee your backups validity. Please contact CNC for your data backup options right away.
CNC advises that you do not pay the ransom
Paying the criminals may never get your data back. There have been plenty of cases where the decryption key never arrived or where it failed to properly decrypt the files. Plus, it encourages criminal behaviour.
We want to discuss the importance of having server images and solid backups of all data. This is the single most important part of your defence. CNC would like to review and verify the type of data backups you are currently using and then discuss our findings in detail. CNC will be reaching out to schedule an appointment and we would be glad to provide you with updated options for your system.
Microsoft has been getting more and more aggressive with their upgrade to Windows 10, but it is important to make sure that all of your important programs are compliant with Windows 10 before going through with the upgrade. This is very important since there are a number of mainstream and proprietary business applications that have known compliance issues with this new OS.
Since Microsoft began offering free upgrades last year, reverting Windows 10 upgrades have become one of our most common tech support calls. In many cases these were the unintentional result of Microsoft’s automatically scheduled upgrades. There are several reasons why people have chosen not to go to Windows 10 just yet, but from a business perspective, the process of updating and then reverting Win 10 can cause a lot of down time.
If you have decided that your company would not benefit from upgrading, we have a couple of solutions that can disable Windows 10 upgrades on your machines until YOU are ready to make the switch. The ideal solution, if you are running Windows Pro, is a server level patch that will disable the upgrade dialogues across your network. Our remote technicians can also log into individual machines to prevent updates, we just need a list of those employees and a means of contact.
Love it or hate it, Windows 10 is eventually going to phase out 7 & 8, but this migration process should be done on your terms after your company has had the opportunity to prepare and test for the upgrade. Not because Microsoft decided to arbitrarily pick your name out of a hat.
If you are interested in blocking Windows 10 upgrades, give us a call at 504-224-9475 and we can do the rest.
The legal requirement of websites to be handicap accessible has been a point of hot debate since the 90’s, but in August of 2016(This decision has been deferred until 2018), that debate is finally expected to take a major turn in favor of our handicap community by requiring most websites to adopt the same handicap accessibility requirements as federally funded websites.
Understanding the new Section 508 Compliance Standard
In 1990, the Americans with Disabilities Act (ADA) changed the face of this country by legally requiring that places of public access be handicap accessible. Now we see wheelchair access and handicap parking available for every restaurant, doctors’ office, entertainment establishment, and government agency. At the time, however, the internet was so new that most people did not consider these companies’ websites as a necessary point of access for handicap individuals.
In 1998, congress released a list of legally required compliance standards that apply to all federal and federally funded websites that ensured that people with color-blindness, poor vision, total blindness, deafness, slow reading, paralysis, and seizure disorders could access these sites. These standards came to be known as Section-508 Compliance, or more simply “508”. The new 508 standard is not going to be a new law. Instead, it is a decision expected to be made by the Department of Justice to consider websites as a “place of public access” since so many public services are now only available online. Read more about this here.
What about International Compliance Standards?
While the United States was the first country to establish guidelines for handicap access, many other nations have chosen to adopt the more clearly defined international standard of accessibility known as WCAG 2.0. If you do business internationally, please check this list of nations and territoriesto see if your website is required to meet accessibility standards under the laws of other countries.
If you are unsure if your website meets your legal obligation for Accessibility, or if you have other accessibility questions, please contact our Web Development department today!
*article updated on 11-22-16 to reflect the postponed date of this ruling.
Since Apple officially pulled support for Windows QuickTime earlier this year, two major vulnerabilities have been discovered that significantly compromise the security of any Windows machine that currently uses QuickTime player. While the discovery of such vulnerabilities is not uncommon in the IT industry, in most cases the publishing company will quickly release updates to fix these problems. However, for discontinued products such as this, there is not going to be a solution.
Rather than waiting for these exploits to become more widely used, we are asking that all CNC clients remove QuickTime player from their Windows machines. Since we expect QuickTime compatibility to quickly wain as a result of these developments, we also suggest converting your existing .MOV videos into alternate formats such as .WMV or .MP4 as soon as reasonably possible.
Does this affect you?
If you have QuickTime on your Windows computer, it affects you. There are also many common places that your company may be using .MOV videos right now that could be effected by this issue:
Videos on your website will no longer play in browsers.
Training, Demo, and Product videos may no longer work after you remove the player, or may be playable by perspective clients.
Personal videos saved at home may also become unplayable after removing the player.
If you believe this issue might affect you or your business, Let us Know.
If you’ve ever been fishing, then you know that it is a peaceful experience. But if you’ve ever been “Phished” then you can attest that is not a pleasant situation to be in. Phishing is the act of an assailant accessing the personal information of others with the intention of committing fraud.
Here at CNC, we have compiled a list of 10 ways to not get hooked by a Phisher.
Invest in Email, Spam and Anti-Malware Tools.
Communicate only via phone or trusted websites.
Don’t click on suspicious links in emails from unknown senders.
Don’t open attachments in emails from unknown senders.
Never email personal or financial information.
Never enter personal information in a pop-up window.
Use a reputable anti-virus software.
Identify fake phone calls.
Never download files from unreliable sources.
Utilize Google Chrome’s safety tool called Password Alert which notifies you if your google password has been compromised.
Cryptolocker is what is known as a ransomware trojan virus that targets Windows machines. It is a highly sophisticated computer virus that encrypts files and then holds the files for ransom by requesting payments through Bitcoin or pre-paid cash payments.
Although the original virus has been identified and contained, there are new variants that claim to be the Cryptolocker virus and thus perform the same actions. Regardless, the best way to secure your files from any computer virus is to use a reputable anti-virus program and make sure it is updated daily. In addition, you should have multiple backups of your data either daily or weekly.
This will insure that if you are infected, you can safely restore the data from a previous backup.
The world is going to end on April 8, 2014! The XP world, that is. It’s now time to update to the latest version of Windows. Sure, you can still use Windows XP, but do you want to risk it? Microsoft support will end for XP, the security updates will end for XP and then your PC will be exposed to risks such as: security and compliance, resulting in control failure and suspension of certifications. The risk of keeping XP will not allow you to add new software – as many program manufacturers will not support Windows XP. Do you have Antivirus software? Will it be able to continue the secure protection you have been afforded in the past? No, and your PC will still be exposed even if you run an up to date malware solution.
Perhaps you should determine how old that PC is and whether now is the time to buy a new one with a modern operating system. (just saying)
If you run a Windows XP machine, you need to update now. While your computer will still run, your antivirus will be completely ineffective. Give CNC a call so that we can set up an appointment at your office to upgrade your system.
Let encryption transform information on your computer as unreadable to everyone except those with the code or key. Think of it as a secret spy code. Using algorithms, the information is transformed into an unreadable scramble of letters and then decoded to those who have the key into readable words and information.
Encryption is mandatory for keeping information secure and more sensitive data is being stored in computers, sent over the internet in emails or on the internet while using account numbers. What allows us to bank securely over the internet is encryption.
More businesses are also moving towards bring your own device (BYOD) or are using mobile devices in general and this means those devices are storing corporate information. Since people often use their computers or devices to perform a number of secure tasks, they risk security breaches with those items. If that device is lost or stolen it adds an even higher risk. Should encryption be part of your company’s security?