Home » Blog » password

Tag: password

mac malware

Apple devices and Macs get malware!!

I don’t like picking on Macs… Oh, wait. That is a lie. I do like picking on Macs because I am tired of hearing “Apple’s don’t get viruses or malware.” This absolutely not true!

There hasn’t been a serious ransomware outbreak on Mac but that doesn’t mean isn’t coming. There are a few ransomware programs in the wild and there has been increased activity in the mac security sector just like there has been in the PC world. Other malware and scam software are out there and on the rise.  “Our tracking of Mac malware has seen a more than 220 percent increase in malware so far in 2017 over 2016,” said Malwarebytes. The main reason that Mac desktops and laptops seem to not be affected is that they only are about 7% of computer users. They are a much small target so there are less malicious programs out there. That doesn’t mean they don’t exist. They will still steal your data if they can. WIth RaaS (Ransomware as a Service) and cross-platform malware, it is becoming easier for the bad guys to target whatever they want. They don’t even have to be proficient at programming anymore. And with an attitude like “we don’t get malware,” you might be easy pickings.

Beyond that, you are also just as likely to lose your online data as a PC user! Just because you are browsing the internet from your Mac doesn’t mean things like the Yahoo and Equifax data breaches will not affect you. You still need to be vigilant in the cloud and protect your personal information.

Protect you and your Mac

  • Backup your data – Onsite, Offsite and Cloud
  • Keep your software and OS up to date
  • Don’t use unapproved software
  • Use an extra anti-malware solution
  • Be wary of unknown websites and unsolicited email
  • Use strong password and 2fa (Two-factor authentication) wherever you can
  • Use a standard account over an admin account for everyday use
  • If you have a laptop, consider full disk encryption

We offer backup, monitoring, and antimalware solutions if you use Apple products in your business. Let us know how we can help!

4 Simple Tips to Keep Your Internet Banking Safe

Online banking has boomed in the past few years to become the new norm. Branches are out and apps are in. Half the time when you visit a branch, you’re steered towards a computer for a DIY transaction – with optional assistance. But is internet banking really safe? You’re always told to keep your financial details private, but now also to jump on board the online banking train – talk about a push/pull scenario! The good news is you CAN bank safely online with a few simple precautions.

Always type in the website address

Many attackers will attempt to trick you into clicking a fake link to your bank website. Usually sent as a ‘phishing email’, they’ll claim there’s a problem and ask you to click through to your bank and correct it ASAP. The link points to a fake website that looks almost exactly like your real bank site and is recording your private account info. You can avoid scams like this simply by accessing your bank by manually typing in the website or using a bookmark.

Avoid public computers and networks

Jumping onto a PC at the library or mall might seem like a quick and easy way to check your account, but public computers are often targeted by scammers. In just a few moments, they can install keyloggers to record usernames, passwords and other private data, then sit back as all future user details are emailed to them. The same problem applies with free, unsecured Wi-Fi. You’re better off using an ATM or a data-enabled smartphone.

Use a strong password with 2- factor authentication

Create a unique password for your online banking, something you’ve never used anywhere else. Mix up words, numbers and symbols to create a complex password that can’t be guessed easily. Avoid giving attackers a head start with data they can find on Facebook, like kids names, pet names, birthdates, etc and really think outside the box. And of course, never write it down anywhere near your wallet, phone or computer. If remembering is likely to be an issue, you might like to consider a secure password manager app. Many banks will also help boost your security with two-factor authentication, sending random codes to your phone (or a special LCD device they provide) to verify any activity.

Check page security before entering data

Finally, take a micro-second to spot the small padlock icon before you enter any data. You’re looking for a padlock appearing as part of the browser itself, not just an image on the webpage. It will be either in the bottom corner or next to the URL. The address will also start with httpS:// instead of http://. If you don’t see these things, the page is NOT secure and you shouldn’t log in.

Everything You Need to Know About Facebook Privacy

Finding the balance between Facebook privacy and Facebook fun can be challenging. It’s a double-edged sword that allows us to connect with friends no matter where they live, but it also publicly shares information that just a few years ago, weíd never dream of putting online. You can search for people based on where they went to school, town they live in, clubs they belong to, who theyíre related to but when is it too much?

Your birthday is the first piece of info collected when you sign up, and it’s great getting birthday wishes from friends and family when it appears in their newsfeed. But while Facebook is sending you balloons and funny memes, your birthday is now public knowledge. It seems harmless, but when you call your bank or other institution, what’s the first question they ask to verify your identity? Your birthday! Some password recovery systems even ask questions like “which high school did you go to?” assuming this is knowledge that only you would know. Except you’ve just publicly shared it on Facebook. Whoops!

We’ve all heard stories of people who’ve lost their jobs after less-than-wholesome pictures or statements have gone public. If you have a reputation to keep, you definitely don’t want pictures from last weekend’s private party showing up, especially if you really let your hair down. While you can’t control what others do with photos they take of you, you can control whether or not you’re tagged in them.

Fortunately, there are settings in Facebook that allow you to control who sees what information and what happens when you are tagged. Despite what you may have heard or seen floating around in a Facebook share hoax, you do have complete control over your Facebook privacy, and it’s easy to adjust.

How to Check and Adjust Your Facebook Privacy Settings

See what your account looks like to an outsider

From your Facebook homepage, click your name on the blue bar at the top of the page. Click the three dots next to “View Activity Log” and then select “View as”

Run a quick privacy checkup

Click the question mark in the top right corner and choose privacy checkup.

Think about what you really need to share and do people need to know the YEAR of your birth or just your birthday? Your friends will still get the notification, and you’ll still get the balloons.

Edit advanced privacy

While the checkup covers the most obvious info, you can go much deeper. Click the V-shaped dropdown to the right of the question mark. Go to settings and choose privacy.

Adjust timeline and tagging

In the privacy settings, you can explicitly control who can tag you, who can see or share the tagged content, and what shows up on your newsfeed.

Tightening your Facebook privacy only takes a few minutes, but it can save you a whole lot of trouble in the future.

If you need help with this, just give us a call!

Mobile Cyber Security

Cyber Security: 4 Ways to Travel Safe For Business

Working from anywhere is now as simple as accessing the internet on your device. Managers, owners, and employees are all embracing the flexibility of working while traveling, making it the new global norm. But while you were in the office, you were protected by professionally designed firewalls, security infrastructure, and robust software. As soon as you step away from the building, those protections disappear, leaving your device and the data inside at great risk.

Cyber attackers love to collect any data they can obtain, often preferring to hack first, assess value later. It doesn’t help that almost all data can be sold, including your personal details, those of your clients and suppliers, as well as your proprietary business data. These days, the information stored on your device is usually worth much more than the device itself.

Here are 3 ways a hacker will attack:

Flaunting Opportunity: Whether your employee left their laptop at a café or a thief stole the phone from their pocket, the outcome is the same – that device is gone. Hackers will take advantage of any opportunity to gain access to a device, including taking them from hotel rooms and even asking to ‘borrow’ them for a few minutes to install spyware, before handing it back.

Spoofing a Wi-Fi Hotspot: We’ve all come to expect free Wi-Fi networks wherever we go. Hackers will take advantage of this trust to create their own free, unsecure network, just waiting for a traveler to check a quick email.

Intercepting an Unsecure Network: Hackers don’t need to own the Wi-Fi network to steal content from it. Data traveling across an unsecure network is visible and available to anyone with the right software.

It’s okay, you don’t need to lock all employees inside the building or cancel all travel plans. Taking these four precautions will increase cyber safety and help protect your business data while on the go.

  1. Make a backup before you travel: In the event your device is lost or damaged, you’ll be able to replace the device with a new one and quickly restore all the data from a backup, all with minimal downtime.
  2. Don’t use public Wi-Fi: Wait until you have access to a secure network before going online – even just to check email.
  3. Use passwords and encryption: At a minimum, make sure you have a password on your device, or even better, have full drive encryption. That way, even if your data storage is removed from the device, the contents are inaccessible.
  4. Act fast after loss: If your device is lost or stolen, immediately notify the appropriate people. This might include your IT provider so they can change passwords, your bank so they can lock down accounts, and any staff who need to be aware of the breach so they aren’t tricked into allowing further breaches.

Need help with mobile cyber security? Call us at 570-779-4018

What to do if you think you have been hacked

What should you do if you think you have been hacked? Is there a new big site that has been hacked in the news? Not a surprise. What about those small sites that don’t even know they have been hacked that never make the news? Is something strange going on with one of your accounts?

First and foremost, change your passwords. If you use the same password for your e-mail as your hacked account, change it immediately before you doing anything else. You should use different passwords for different accounts. Especially your e-mail account!


How do you know?

Check your account activity. Does your account say you have done something or purchased something that you know you did not? Has your contact information or any other settings been altered in any way?

Check your inbox and deleted items.  Have you signed up for new services that you don’t remember signing up for?

Is your computer or device running slower than usual or behaving in odd ways? Use a malware scanner and virus scanner to check your devices thoroughly.

These could all be signs that you have been hacked. Even if these don’t appear in your accounts or computer, but you know you logged into one of those big sites in the news, reset your passwords anyway.


Reset your passwords

Make sure you use different complex passwords at each site.  Especially your e-mail account! Did I type that already?  Of course, I did! It is important. One of the easiest ways to keep track of and generate complex passwords is with a password manager.  Check our password manager article out here. Password managers like LastPass can be integrated into your workplace.  I still love LastPass and even use it on my phone now. If you used unique complex passwords at all your sites, you would only have to worry about the hacked one.

Not sure what password to use or what is a complex password?  Try these links:  Microsoft password checker, Password Generator

Use two-factor (2FA) authentication whenever possible. You should be thinking about your email here! Most of the big free email providers offer some level of 2FA. Also, consider using biometrics to ease the pain of entering passwords.

If it is too late and someone else changed your passwords, most of the major services have a system to recover your accounts. Rember that part about 2FA and using a different password for your e-mail? Well here is where it can really help since most of these services send a link to your email.


Let other people know

You should let your contacts know you think you have been hacked. One the way hackers attempt to use your hacked accounts is by sending messages or e-mails to people that trust you. They are more likely to follow a link or believe something you sent.


De-Authorize your apps

If you were hacked, there is a good chance the hacker logged into a device and authorized apps too.  This means even if you change your password, they will still have access.  You can usually find this feature under the security settings of the service you allowed access too.  Here are links to the big ones: Google, Facebook, and Twitter.

Password Security

Password security is extremely important these days. With all of the security breaches, there is a chance that your name, username, email and possibly password made it into the hands of people that mean to do harm. One of the best ways to defend yourself against these security breaches it to have unique strong passwords at each website. While in practice this a good idea, it is hard to follow this rule when you have a large number of usernames and passwords to track. A great tool to solve this problem is a password manager.

LastPass Password Security About six months ago I decided to follow my own advice and install the software LastPass. So far, I love it! LastPass is a password manager that I read about in a few reviews and liked the feel of the website so I thought I would give it a try. It also has the added benefit of being free. The free version works well for desktop use and there is a premium version which includes mobile device support. There is also an enterprise version which integrates with ActiveDirectory and allows for multifactor authentication.

A password manager really works well to keep track of multiple passwords for multiple websites. It is a great tool to help have a unique strong password for each website that you use. You do use different passwords for each website, right?? I now do a 2-step authentication and don’t have to enter another password until I walk away from the computer. Even if you set LastPass to remember your master password and not timeout (not recommended), it is one thousand times better than using the same password for every website. One of the great features is you can generate new passwords as you are making a new account on a new website. This makes it very easy to make strong unique passwords every time.

I was worried that the whole process would be cumbersome, but I have only run into minor inconveniences. The biggest inconvenience comes into play if you are somewhere that you don’t have your handy LastPass plugin to use. This problem is easily solved by logging into the LastPass website and retrieving your passwords via your password vault. The other issue has to do with commonly used logins like your Amazon or Apple ID. In this case, just use a password that you can remember and don’t use a complicated generated password. I would also recommend not using it to save your e-mail password so that you can reset your other passwords if you need to. Make sure these common website passwords are unique and use two-step authentication if possible.

All in all, any password manager is a great tool for password security. The inconveniences are insignificant compared to the benefits.