Home » Blog » security

Tag: security

Https now

It’s Official: Your Business NEEDS to Use HTTPS

You may have noticed many business websites now have a green padlock in the address bar next to the letters ‘https’. Until recently, you’d only see that on shopping or banking sites, but it’s now become the expected norm for all business websites – even if you don’t ask people to log in or enter credit cards. Simply put, the ‘s’ in https stands for secure and means any data sent/received by the visitor is encrypted.

Clearly, it’s an essential feature for e-commerce sites, but why have all the info-only websites started using https too?

The New Google Rule

As of July 2018, Google will mark your page as insecure unless you’re using https. It’s a movement they started a few years ago to make the internet a more secure place by default. Since Google pretty much rule the internet search and increasing security is always a good idea, businesses have been gradually switching over. Without https protection, someone with access to your internet connection, whether from digital eavesdropping or hacking, could intercept the information. They could also place malware onto otherwise legitimate sites and infect innocent visitors. That’s why eighty-one of the top 100 sites online have already switched to https and a strong majority of the web is following suit.

The Browser Bar Says It All

In the same way a green padlock in the browser bar indicates a trustworthy site, you can expect non-https sites to be marked with a “not secure” warning. Previously, users had to click an information symbol to actively investigate non-secure sites. The shift to plain sight markers will be most noticeable on Chrome, however it’s expected that other browser developers will follow suit. Visitors may then be alarmed by landing on your site and seeing that the connection isn’t secure.

The fact that you may not be asking them to log in, enter personal details or payment is irrelevant. You may not be asking them to enter anything at all, but perceptions matter. Eventually that warning will be changed to an alarming red as Google declares war on unsecure sites. As the common understanding is that a warning = bad, you may get more visitors bouncing away within seconds or even contacting you to report that your site has a problem.

Boosts for Secure Sites

Google is taking its commitment to safe web browsing further by favoring https. That means the search algorithm is taking your site security into account, preferring to display results that it knows will protect users from hackers. Since https status gets the nod, you may find yourself climbing in the ranking while other businesses scramble to catch up. It really is a win-win situation.

What to Do Next

In an ideal world, your site would have a secret switch on the back-end you could flick over and suddenly be https, but it’s a little more complicated than that. In fact, you may have already noticed some sites experiencing trouble with the migration. When the setup goes wrong, users don’t see your website with a little warning in the corner, they’re blocked by a full page error and offered a return to ‘safety’ (away from your site).

The easiest way to make the move to https is to contact your IT technician or web developer, as they’ll be able to make sure you’re keeping Google happy and rolling in the green.

We can migrate your site to https – call us today at 570-779-4018

Getting tech new business

How to Get the Right Tech for Your New Business

Congratulations on your new business! Start-up costs can easily escalate, and tech is often one of the bigger expenses. It’s not that everything is high priced, but the sheer number of technologies available can overwhelm smart decision making. The latest tech is dangled in front of you with amazing features you didn’t know you needed, and suddenly your budget has gone boom!

Here’s how to get the tech right for your business, without the headache and drama.

1. Check if you actually need it

In a lot of cases, using a cloud application means you can skip the big server purchase, along with the on-site technician to manage it. Many of your business programs will have a cloud option that allows you to get all the benefits without the big expense. Before you make the tech purchase, work out which applications you’ll be running and whether a local installation or cloud access is preferred. As part of this stage, think about how you’d like to use the applications – perhaps remote access is a priority, or perhaps collaboration will underpin your business culture. This level of clarity is often overlooked and the number 1 reason why tech expenses spiral.

2. Get expert advice

It’s easy to ask friends and family what to buy, but there are many more factors to consider than just their personal preference. You trust their opinion, of course, but they may be speaking from a consumer perspective or basing their recommendation on brand loyalty. Every business is different and pairing the correct technology with the business will save you a lot of money in the long run.

3. Buy business grade

Unfortunately, the computers and laptops you see in department stores aren’t up to business standard. They’re designed for home users to perform quick tasks, not run a full 8 hour (or more) workload. Business grade systems have additional features that your business needs, plus longer warranties and better support. Even the attached devices like networking or printers are built to a higher standard, to last longer and perform better. Considering the cyber climate we live in, taking a special interest in the security offered by the business grade technology is a wise decision.

4. Prioritize flexibility

Businesses evolve rapidly during their first few years and the last thing you want to do is go out and buy new tech, playing catch-up with your vision and smushing together an assorted mismatch of devices. Your new technology should be as scalable as your business, which means making purchase decisions based on strategy, not price. Perhaps this means instead of workstations for employees, you only need tablets. Rather than having a fixed point of sale system, you might choose mobile checkout devices so your staff can assist customers on the go. These examples highlight how easy it is to commit to certain tech because it’s ‘what you do’ but later discover you’re locked into a certain way of doing business. Trying to change your processes down the line impacts productivity, efficiency and culture in a big way, so we recommend buying with your future success in mind.

5. Choose an IT partner

During your set up and moving ahead through growth, you’ll need an IT partner who can not only help with your purchase strategy but support you through any tech problems as they arise. That’s the difference between a partner and a supplier, they’re committed to driving long-term business success.

You’ll be able to call on your partner and know they’re immediately up to speed with your business, they know how IT can help leverage your competitive advantage and which critical systems they should focus on. Getting good tech in place shouldn’t be seen as just an expense. It improves productivity and allows you to serve your customers better while enjoying consistent growth.

If you need an IT partner to help your business grow, give us a call at 570-779-4018.

Unified Threat managment

Why Your Business Needs Unified Threat Management

Sounds scary doesn’t it? Almost like a swat team dressed in black is going to swing in and start yelling orders. While just as effective at disabling the bad guys, Unified Threat Management (UTM) is a special kind of IT solution focused on proactive protection. Consider it more like a team of virtual bodyguards that stand at the door between your business and the internet, keeping trouble out while your legitimate traffic can come and go normally.

With the increasing number of connected devices in your business network and the different ways your employees now connect, it’s more important than ever to set up dedicated security systems that give integrated protection. UTM is a series of solutions that work together, simultaneously layering your protection across the board. We’ll cover the four main inclusions here, and exactly what they can do for your business.

Robust Firewall

Put simply, a firewall keeps an eye on all the data coming in and out, looking for anything abnormal. While every home PC comes with a software firewall built in, those ones pale in comparison to what a UTM firewall can do. Remember the team of virtual bodyguards? Imagine the home firewall asking nicely if the data should be doing that, while the UTM slams the data to the ground and demands credentials. It exists to make sure the data entering your network is safe, that it’s not part of a cyber-attack, and that in the rare event your network becomes infected, your servers aren’t being used to attack another business.

Anti-virus Where it Matters

With so much new malware being released daily, it’s easy to fall behind in updates and discover you’ve been infected. Your employees are likely doing their best, but manually scanning each file can be exhausting and time-consuming. Your UTM anti-virus is built into the firewall, ensuring known or suspicious malware is stopped at the door. It doesn’t even make it through to your employees, so the risk is removed. Clearly that’s the best outcome possible and will allow your employees to work at maximum efficiency, while you can run your business with confidence.

Spam Blocking

Most cyber-attacks come via email these days, with either an attachment or a link. Once clicked, the malware is released into the network to wreak havoc. Obviously, your employees are smart enough not to open random attachments/links, so hackers use phishing emails. These are emails that look legitimate and may refer to vendors you use, financial services you have accounts with, or even seem to be from other employees. Your UTM isn’t falling for any of those disguises, it strips down each email and checks it against high-tech legitimacy markers. If it sees anything suspicious, the email is marked as spam and either held for review or bounced away.

Your employees never see the attack, so they can’t accidentally fall for it. While the UTM is monitoring for phishing/fake emails, it’s also culling out the general spam that clogs up inboxes. Employees will no longer have to spend precious minutes each day wading through the junk, and the likelihood of missing an important customer email has greatly dropped.

Content Filtering

In a perfect world, your employees would only access work-related sites and do work-related things online. Content filtering can help you limit the risk they’re bringing into your business via these websites. Your UTM can be set to restrict sites that infect computers, such as adult content, gambling or illegal downloads. It can also be used to restrict access to productivity vampires like Facebook or Pinterest, either during work hours or completely. It’s up to your policies how much you’d like to filter and whether to add any flexibility. Some businesses allow social media during lunch breaks or have special reward hours each week. Simple tweaks like this can increase productivity overnight and give you the security you’re looking for.

You can see how a layered security solution like UTM provides a space for your business to thrive, where systems are secure, employees are able to maintain efficiency, and cyber problems stay outside the doors. The way the layers work together is more effective than a patchwork of separate systems, and a UTM is much easier to configure and maintain.

We can find the right UTM solution for your business. Call us today at 570-779-4018!

The True and Unexpected Costs of Being Hacked

There are the normal costs everyone associates with a breach, like getting your own server and computers fixed up, with maybe a little downtime. But really, most businesses view the possibility of getting hacked as more of an inconvenience than a bottom-line cost. For those who’ve come out the other side though, it’s a very different story. They know the hidden and ongoing costs of a data breach can be crippling, and that IT security exists to protect your business on multiple levels. All those surprise costs that spiral out of control are why most businesses close after a cyber-attack. Here are a few of the hard, but common realities of life after a hack.

Raiding the budget to reduce downtime

From the moment a cyber-attack gets into your system, things get expensive, and the longer the attack goes, the more it costs. Latest stats reveal most breaches aren’t identified for around 191 days, then it can take on average another 66 days to contain the damage. During this time you’re cleaning PCs, mobile devices, laptops, servers and even entire networks. Add to this the fee for experts to fix everything up, all the new tools and software they insist you have, and all the hours/days/weeks when your business is struggling with downtime, you’ll exhaust your emergency funds very quickly.

The long arm of the law

Depending on what data was stolen and how you handled the situation, you could be liable for fines into the millions. Having any medical data or legal files leak is a particularly messy scenario with fines coming from multiple sources. In any case, new privacy laws mean businesses are liable for massive fines if they don’t disclose a data breach, even if only email addresses were stolen. Where this gets even trickier is that the burden is on your business to know exactly what data has been stolen/illegally accessed, so you can report it before the fines stack up. This means that even if you were able to fix up the systems yourself, you still need to hire an expert who can identify exactly what the hackers took, from where and when.

Customer retention measures

In a double-down crush to your bottom line, not only does your business have to bear the cost of the hack, your future income takes a hit as customers lose trust and leave. To offset this, many businesses need to engage PR experts, spend more on advertising, and go all out to ensure they survive to fight another day. Even so, your breach disclosure will still come up in search results for many years. The more negative publicity your breach attracts, the more you’ll need to spend on customer retention.

All your secrets exposed

While you may not have Pentagon level secrets to protect, your business does have information that you’d like to keep to yourself. Hackers love going after those juicy tidbits, and the more closely you guard them, the more attractive they are. Think Coca Cola recipe, Big Mac Secret Sauce or 11 Herbs & Spices…While those corporations would be big enough to keep their competitive edge after the breach, your business success relies on at least some information staying secret. It may not be a secret recipe, but your proprietary methods and databases have a black-market value all of their own.

But simply avoiding a breach doesn’t cost much at all…

The thing is, it’s not expensive to stay on top of it all and keep your business protected. For a low monthly fee, we can reverse the entire scenario and secure your systems against the unknown. That means no need to raid other department budgets in a panic, pay crippling fines, make embarrassing public announcements, or fight to retain your competitive edge.

We can help with making sure your systems have the latest security patches and your anti-virus knows the latest tricks to watch for. Our technicians can build a virtual fortress around your business that keeps the bad guys out while letting you thrive, and even monitor security with early warning systems. Whatever your needs are, both now and moving ahead, we’re here to help keep you safe while keeping your IT costs low.

Ready to secure your business against breaches? Give us a call today on 570-779-4018.

Fake Invoice

Fake Invoice Attacks Are on the Rise – Here’s How to Spot (and Beat) Them

Businesses around the world are being struck with a cyber-attack that sends victims a fake invoice that looks real enough to fool to most employees. It’s an old scam that used to see bills faxed or mailed in, but it’s made its way into the digital world and instances are on the rise.

Chances are you’ve already seen some of the less effective attempts, like an email advising your domain is expiring, except it’s not from your host and your domain is nowhere near expiration. These new attacks are more advanced, in that they look completely legitimate and are often from contractors/suppliers you actually use. Logos are correct, spelling and grammar are spot on, and they might even refer to actual work or invoice numbers. The sender name may also be the normal contact you’d associate with that business, or even a co-worker, as cybercriminals are able to effectively ‘spoof’ real accounts and real people. While it’s worrying that they know enough about your business to wear that disguise so well, a successful attack relies on you not knowing what to look for, or even that fakes are a possibility. With that in mind, here are two types of invoice attacks you might receive:

The Payment Redirect

This style of fake invoice either explicitly states payment should be made to a certain account, perhaps with a friendly note about the new details, or includes a payment link direct to the new account. Your accounts payable person believes they’re doing the right thing by resolving the invoice and unwittingly sends company money offshore. The problem usually isn’t discovered until the real invoice from the real supplier comes in or the transaction is flagged in an audit. Due to the nature of international cybercrime, it’s unlikely you’ll be able to recover the funds even if you catch it quickly.

The Malware Click – Rather than go for the immediate cash grab, this style of attack asks your employee to click a link to download the invoice. The email may even look like the ones normally generated by popular accounting tools like Quickbooks or Xero, making the click seem safe. Once your employee has clicked the link, malware is downloaded that can trigger ransomware or data breaches. While an up-to-date anti-virus should block the attack at that stage, it’s not always guaranteed, especially with new and undiscovered malware. If it does get through, the malware quickly embeds itself deep into your systems, often silently lurking until detected or activated.

How to Stay Safe

Awareness is key to ensuring these types of attacks have no impact on your business. As always, keep your anti-virus and spam filters up to date to minimize the risk of the emails getting through in the first place. Then, consider implementing a simple set of procedures regarding payments. These could include verifying account changes with a phone call (to the number you have on record, not the one in the email), double checking invoices against work orders, appointing a single administrator to restrict access to accounts, or even two-factor authorization for payments. Simple pre-emptive checks like hovering the mouse over any links before clicking and quickly making sure it looks right can also help. Like your own business, your contractors and suppliers are extra careful with their invoicing, so if anything looks off – even in the slightest – hold back on payment/clicking until it’s been reviewed. Fake invoices attacks may be increasing, but that doesn’t mean your business will become a statistic, especially now that you know what’s going on and how you can stop them.

We can help increase your security, talk to us today. Call us at 570-779-4018

backup right way

Are You Backing Up the Right Way?

The 31st of March is World Backup day and it’s a great time to put a backup in place. Businesses are losing huge amounts of data every day, purely because ‘backing up’ is stuck at the bottom of their to-do list. So this is your reminder, that even if you only do this once a year when the calendar tells you to, it’s time to flip that to-do list and make it happen! But how? What’s the easiest, most effective way for your business to backup?

You’ve probably heard of file backup by a number of names: Cloud Sync, Cloud Backup or Cloud Storage. They’re all similar enough to be confusing and meaningless enough to be anything. Here’s what they mean and which one you need today.

Cloud Sync

Google Drive, Dropbox, iCloud, etc are services that sync up with a single folder on your computer. They mirror it. When a file changes in one, the sync service rushes to change it on your computer too, so they are always the same. Cloud Sync services are hugely flexible for remote employees, or even those squeezing in a few quick tasks while riding the train to work. They’re ridiculously easy to use, require no training, and the free tiers are enough for most individuals. This all sounds amazing, right? Except…when things go wrong, they go wrong big time. Accidentally deleting a file means it disappears from the Cloud Sync drive – almost immediately. Overwriting a file does the same thing, and if an employee makes edits to the wrong file, then those edits are there to stay. If disaster strikes and your local copy becomes corrupted (or ransomed), well you guessed it, the corruption is uploaded too. While some Cloud Sync services now offer a 30 day backup option, you may not notice the file was missing within this time.

Cloud Sync services are fantastic for productivity and accessing files on the go, but they simply can’t be relied on as your backup tech.

Cloud Storage

Amazon S3, Microsoft Azure, etc are massive buildings full of storage drives that work just like your local hard drive, except you access them securely via the internet. In fact, when you use a cloud sync app like Dropbox, they’re actually sending your data to one of these locations. While the sync services have a constant back and forth connection between the storage center and your folder, and as explained above aren’t good for backup, you have another option. You can access cloud storage on a per/GB basis yourself and upload your entire backup as desired. It won’t update with changes on your local network, but it will be safe from disaster. When you need to retrieve a file, you simply login and download it.

Your backed up data is secure, protected against disaster, and always available to you. However, because it relies on you/your employee to handle the backup plan and manually take care of the uploads, this is a high-risk solution. Unless your employee is scouring your network each day/week/month for changes to files and uploading them with fervent dedication, chances are this plan won’t work. We recommend an automated or outsourced solution so you can get on with business AND be protected.

Cloud Backup

Carbonite, Backblaze backup, Crashplan, etc might not be names you’ve heard before, but they work in the background to monitor changes to files on your computer or network and make sure you’re backed up. You can roll back individual files or whole drives, and even select from earlier backups, not just one. Like sync services, they use cloud storage centers with extra-high security and redundancy so that your data is always there when you need it. Even better, neither you nor your employees need to worry about when it was last done.

The One You Need

Let’s take a moment to talk planning. We recommend starting with the 3-2-1 strategy. This means having 3 copies in total, 2 of them locally such as on your computer and an external drive, and another offsite in the cloud. Using this strategy keeps your business operating when data disasters occur and is an investment in your uptime. We can help get you set up with the 3-2-1 method, including selecting the best cloud service for your needs. If you’re looking for a more scalable, cost-effective solution that gives the utmost peace of mind, ask about our managed backups service.

Need help with your backup? 3-2-1… Call us at 570-779-4018!

outsourcing your IT

Outsourcing your IT

Why outsource your IT?  As a Small – Medium Business (SMB), the question of outsourcing your Information Technology (IT) may have frequently crossed your mind, especially with the surging security breaches that the media outlets seem to broadcast weekly.  Whether your business does not already have a dedicated IT Department or if you are seeking complementary services to your already established IT infrastructure, outsourcing your IT technology can provide tremendous benefits to your business.  Using the 3 R’s (Reasons, Risks & Rewards) can provide a base to examine if outsourcing your IT may be beneficial and effective for your business.     

 

REASONS to outsource your Managed IT Services

  • Outsourcing is Budget Friendly – Cost Effective – Reduce & Control Operating Costs.
  • Would your business like to improve your and Your Employees’ Focus and Resources?
  • Would your business like to Reduce Labor Costs?  
  • Is your business finding it difficult to keep up to date with Routine Maintenance on Workstations and Servers?
  • Is your business finding it difficult to start or manage IT Projects?
  • Make capital available for other means in your business.
  • Reduce Security Risks.

 

RISKS involved with outsourcing Managed IT Services

Any time you hand over responsibilities for any aspect of your business you are inviting risk. Whether hiring a staff member or outsourced service, you may have lingering hesitations, such as, What are they supposed to do? Or Will they fit in with the company culture? Or Did I hire the right person?  

 

Some other risks that you may consider when outsourcing your Managed IT Services:

 

  • Loss of Control – Oversight
  • Confidentiality of DATA – entrusting someone to your company’s intimate practices may seem like a risk, but an Outsourced IT Service provider can also help protect your DATA from ending up in the wrong hands
  • Disaster Recovery – much like confidentiality, an Outsourced IT Service provider can mitigate and help to make a plan for Disaster Recovery
  • Some IT functions are not easily converted
  • Employee Morale
  • Your business may get locked into a contract

 

REWARDS of outsourcing your Managed IT Services

  • Acquire a Valuable Partner –  a committed Expert of Outsourced Managed IT that provides professional, objective and best practice advice along with keeping up with the most current technology trends.
  • Add to your In-House capabilities.
  • Little to no Human Resource (HR) Investment.  Hiring an employee hosts a staple of expenses from the hiring process, background checks and supplying a space to work to account for benefits, vacation, sick days, worker’s compensation, continued training, employee performance reviews, human resources, and of course, employee turnover.
  • Cost Savings.
  • Flexible to your Company’s changes in size, volume, and strategy.
  • Security – Keeping your Systems updated, leveraging Virus protection and proactively monitoring.
  • Predictable Monthly Budget.
  • Prevent Burnout of Yourself and Employees.

 

BONUS – Tips to Working with your Outsourced Managed IT

  • Clearly formulate and communicate goals and objectives of the business relationship
  • Have a Strategic Vision
  • Keep Open Communication

 

Managed IT Outsourcing companies have a lot of experience with different types of businesses and thus – a better understanding of a client’s expectations. This is the main reason why outsourced companies are able to be flexible with your requests and visions. They can even propose new ideas that can change your perspectives. Outsourcing companies see your existing infrastructure from a different vantage point and can customize a solution for your individual business needs.  

 

About Herstek & Associates, LLC

Herstek & Associates, LLC is a professional outsourced computer service company serving small to medium businesses in Luzerne and Lackawanna Counties in Northeast Pennsylvania (NEPA). Our specialties are network planning (network consulting), network projects, and ongoing network/computer maintenance. We pride ourselves in not only delivering the results you expect but also being knowledgeable, systematic, accountable, trustworthy and easy to work with. To speak with a Support Advisor about the the computer support provided by Herstek & Associates, LLC please call us at (570)779-4018 or contact us.

Outsourcing Updates

Keep Up to Date by Outsourcing

Updating your business software is one of your best protections against cyber-attack, but actually going through and running the updates is a task that often gets overlooked. Either they take too long, they pop up at inconvenient times, or you simply don’t know when an update is available. Do you have a plan in place to ensure all your tech is up-to-date, or are you flying by the seat of your pants?

Emergency updates are a killer

Just between us, most businesses update their software only when the repair techs come to fix a major breakage. The techs run the updates before they leave, then the systems sit there with ever-widening security gaps… until another breach happens and the techs are called back for another band-aid solution. Emergency only updates in a break/fix model are a great little earner for those techs, not so good for your uptime or budget.

Finding time for maintenance

To keep your business up and running securely, you need someone who lives and breathes updates. They’ll need to have top tech skills so they know when and how to apply all the patches, and how to make sure all your other tech is playing nice (and do it all after-hours). If you have an in-house IT specialist, you’re set – and they should already have an update plan. But if you don’t have a qualified IT team member, outsourcing to managed services is the perfect solution. You get highly skilled technicians remotely applying your network updates after hours. It’s also a great alternative when your in-house IT team is overloaded and has no time left for routine maintenance. We’re able to partner with your existing techs to take care of the small tasks, leaving them free to focus on bigger initiatives.

What else needs to be checked?

Beyond running security patches, it’s important to keep your business moving forward. Here are a few areas our techs look at as part of managed services:

Hardware health: The last thing you want is days of downtime after a piece of hardware dies a spectacular death, dragging other components down with it. By not staying on top of your hardware health, you’re opening yourself up to lost productivity, lost income and unknown delays. Our managed services can assess and replace components before they break. If suitable, we’ll also save you money by recommending (and helping) you move to a cloud solution, so you can access your data with inexpensive hardware like tablets.

Operating system expiry: While it’s great that you have a preferred OS, keeping it after the manufacturer ceases support can leave your business wide open for attack. It’s simply not a good combination. Our managed services technicians will advise you of any changes coming up for your OS, and suggest the best upgrade for your needs.

Legacy programs: Updates to your software have the potential to disrupt older programs, either resulting in errors, slow performance or even downtime. With technology advancing so fast, we often find additional requirements with an update, such as extra processing power, memory or graphics. Our technicians always make sure to check for compatibility as a whole before running an update.

Staying on top of your maintenance and upgrades can be a huge challenge for small business. Outsourcing to our managed services can help more than your budget – call us today at 570-779-4018.

New ‘KRACK’ Wi-Fi Security Issue: This Affects All of Us

The invention of Wi-Fi has been a science fiction dream come true. We can use our laptops anywhere in the house, our phones are using home internet instead of sucking down our cellular data, and our gadgets are all communicating. It’s essentially the backbone of the smart tech boom for home and business alike. Most networks are password-protected with an encryption called “WPA2” and this has been safe and secure, until now.

Recently, a security flaw called KRACK was discovered that allows hackers to break into Wi-Fi networks – even the secured ones. Your laptop, mobile phone, gaming console and even your smart fridge are possibly vulnerable as a result.

How KRACK works: The Key Reinstallation AttaCK isn’t a problem with your device or how it was set up. It’s a problem with the Wi-Fi technology itself. The attack gets between your device and the access point (eg router) to reset the encryption key so hackers can view all network traffic in plain text. Since we rely on Wi-Fi so much, this might mean hackers have a front row seat to your credit card numbers, passwords, chat messages, emails, photos and more.

NOTE: The hacker must be in physical range of your Wi-fi to exploit this flaw, it doesn’t work remotely like other attacks we’ve seen recently. Given most Wi-Fi ranges extend well past your own home/business, this is small comfort, but important to know.

How to protect yourself

Run your updates: Software updates are being released which fix the flaw. Microsoft has already released one for Windows, Apple has one coming in a few weeks. Take a few minutes to make sure you’re up to date with all your patches on any device that uses Wi-Fi (your smartphones, laptops, tablets, PCs, game consoles, etc). Unfortunately, some devices may be slow to get an update, or if they’re older, may not get an update to fix this issue at all. If possible, consider using a cabled connection on those older devices or upgrade to one with support.

Be very careful with public Wi-Fi: While your local business center, library or school campus has expert IT professionals keeping guard over your security, it’s a very different matter at your local coffee shop. It’s unlikely small locations such as this will be on top of security patches. Remember, a hacker exploiting this flaw only needs to be in the same Wi-Fi area as you, so be careful you don’t give them a dollop of private information with their coffee.

Check your browser security: Before sending anything secure over the internet, check you’re using a HTTPS site. You’ll know these by the little padlock you see next to the URL, and the address specifically begins with HTTPS. Major sites like Facebook, Gmail and financial institutions already use HTTPS.

If you need help updating your devices, or want us to check if you’re safe, give us a call at 570-779-4018.