Big companies like Yahoo, Target, and AOL are often at risk of data breaches because of the large volume of data they collect and store. And when a data breach occurs, individual users are the ones hardest hit. Luckily, there are a few things you can do to mitigate damage from disastrous data breaches.

Determine what was breached

Whether its names, addresses, email addresses, or social security numbers, it’s critical to know exactly what type of information was stolen before determining what steps to take. For example, if your email address were compromised, you’d take every precaution to strengthen your email security, which includes updating all your login credentials.

Change affected passwords immediately

Speaking of passwords, change yours immediately after any breach, even for seemingly safe accounts. Create a strong password comprised of alphanumeric and special characters, and make sure you never reuse passwords from your other accounts.

Once you’ve changed all your passwords, use a password manager to help you keep track of all your online account credentials.

If the website that breached your information offers two-factor authentication (2FA), enable it right away. 2FA requires two steps to verify security: usually a password and a verification code sent to a user’s registered mobile number.

Contact financial institutions

In cases where financial information was leaked, call your bank and credit card issuers to change your details, cancel your card, and notify them of a possible fraud risk. That way, banks can prevent fraud and monitor your account for suspicious activity.

Note that there are different rules for fraudulent transactions on debit cards and credit cards. Credit card transactions are a bit easier to dispute because they have longer grace periods. Debit card fraud, on the other hand, is more difficult to dispute, especially if the fraudulent transactions happened after you’ve notified the bank.

Place a fraud alert on your name

Hackers who have your personal information can easily commit identity fraud. To avoid becoming a victim, contact credit reporting bureaus like Equifax, Experian, or Innovis and request that a fraud alert (also called credit alert) be added to your name. This will block any attempt to open a credit account under your name and prevent unauthorized third parties from running a credit report on you.

Putting a credit freeze on your name might result in minor inconveniences, especially if you have an ongoing loan or credit card application. Still, doing so will greatly reduce your risks of getting defrauded.

These steps will ensure you don’t fall victim to identity theft in the event of a large-scale data breach. If you want to take a more proactive approach to protect your sensitive information against breaches, contact our cybersecurity experts today.

Published with permission from TechAdvisory.org. Source.

Earlier this year, news broke that a malware strain named VPNFilter was infecting hundreds of thousands of devices. If you didn’t act then, now’s the time. Security experts have updated their threat assessment and its much worse than they originally thought. Small businesses are especially at risk and need to take action.

VPNFilter recap

A team of security researchers from Cisco released a report that a strain of malware had been discovered on hundreds of thousands of routers and network devices. Originally, researchers believed it affected only Linksys, MikroTik, Netgear, and TP-Link devices.

Like many malware strains, VPNFilter infects devices that use default login credentials. But it’s worse than the average cyberattack because it can destroy router hardware and cannot be removed by resetting infected devices.

As if destroying 500,000 routers wasn’t bad enough, VPNFilter lets its creators spy on networks and intercept passwords, usernames, and financial information.

What’s new

Just two weeks after VPNFilter was discovered, security experts announced that it targets 200,000 additional routers manufactured by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. Worse yet, VPNFilter can alter data passing through infected routers. That means when you enter a username and password into a banking website, hackers could steal that information and show you an incorrect account balance to hide fraudulent deductions.

How to stop VPNFilter

Rebooting a router won’t remove the malware, you need to factory-reset the device. Usually, all this requires is holding down the Reset button on the back of the device for 10-30 seconds. If your router has no reset button or you’re unsure whether pressing it did the trick, contact a local IT provider immediately.

Cybersecurity threats have become so prevalent that even large enterprises struggle to keep their digital assets safe. Outsourcing IT support to a managed services provider like us will give you enough capacity to deal with issues like VPNFilter as soon as they arise. Call us today to learn more.

Published with permission from TechAdvisory.org. Source.

The Worldwide Developers Conference (WWDC) has developers meeting and joining discussions with more than a thousand engineers from Apple. What new products did the computer manufacturer have in store for consumers? Read on to find out!

A more personal, faster iOS 12

Apple has focused on improving the operating system’s performance so that iPads and iPhones become more responsive and work faster. The good news is that older devices that can still run iOS 11 will be compatible with iOS 12.

Developers tweaked the software to make apps launch quicker, especially the keyboard and camera. The latest version of iOS is designed to optimize its system when it is under load, so that Apple products run faster when the user demands higher performance.

Fresh features aimed at impressing consumers include the Memoji, an Animoji that users can customize to their preferences. Group Facetime supports video conferences of up to 32 individuals, and these fun tweaks can be used in both Facetime via the Effects camera and in Messages.

A smarter Siri

Apple’s signature digital assistant can now answer queries about motorsports, food, and famous people. There is a new Shortcuts feature integrated in the Workflow app, which allows users to automate various tasks in first- and third-party apps, to be triggered through Siri voice commands.

Both Shortcuts and suggestions by Siri appear on the Lock screen, and third-party Shortcuts integration will let Siri do more when the user pulls the Lock screen down to search. A dedicated Shortcuts app will be available later this year to give users a quick way to build Shortcuts from dozens of preset options.

An alternative to Google Photos

The iOS Photos app may be useful to Apple product users, but it may seem too basic for some. Once iOS 12 is released however, a clever Photos app will showcase most of the features that Google Photos has.

The Search feature has been improved – users can look for images based on general terms such as “park” or even business names, and multiple terms can be searched (such as images from Africa during a particular month). All pictures will be arranged by place and time in case the user wants to perform searches with those variables.

A new tab labeled “For you” will contain the auto-generated albums which Photos makes, and is sorted with any shared albums. Speaking of sharing, the enhanced Photos app will proactively advise users on what images to share according to who is in the pictures.

A refined WatchOS

Apple’s upcoming WatchOS 5 will introduce users to new ways of connecting to the world while staying active. It may not be a radical revision for the wearable device, but the apps and features it provides will be more helpful and fun for the user.

The highlight of WatchOS 5 is the Walkie-Talkie app, an innovative method of communicating by combining the natural flow of messaging with real-time voice discussions. Just like the conventional product that the app is based on, users simply press and hold down a virtual Talk button to converse with friends and family.

Hiking and Yoga have been added to the list of workout types, while users can keep track of their Outdoor Runs more effectively with support for cadence, the custom pace alert, and the rolling mile pace. Automatic workout detection will make sure that the Apple Watch will always stop or start recording user activity while exercising. This feature works with Open Water Swim, Pool Swim, Rower, Elliptical, Indoor Walk, Outdoor Walk, Indoor Run, and Outdoor Run.

To get users motivated to work up a sweat, WatchOS 5 has a Competition feature that allows friends and family to challenge each other in a contest to see who can get the most activity points within a week. The watches will post regular progress reports to let contestants know how they are doing, and the winner will get a special award.

These updates can change at any time, and will be released by Fall this year. If you need more information on making use of Apple devices and software, or if you have other computer-related concerns, feel free to contact us today!

Published with permission from TechAdvisory.org. Source.

What’s the worst thing that could happen to your Internet of Things (IoT) devices? If you guessed ‘getting infected with malware,’ you’re right. Many users think IoT gadgets don’t need the same protections required for PCs, laptops, and smartphones — but they do. There’s a new malware strain that attacks IoT-enabled devices, and you need to secure your IoT devices now more than ever.

What is the Hide And Seek malware?

The Hide and Seek (HNS) malware has created a “botnet” by quietly infecting thousands of devices using advanced communication methods. Without getting too technical, a botnet adds or “recruits” computers to their network to carry out malicious acts, such as overloading a network by telling every infected device in the botnet to try and connect at the same time.

The new HNS can’t be removed by resetting the infected device, which is the solution for most IoT malware strains. The new strain can also exploit a greater variety of devices and in less time than its predecessors. Experts believe it has already compromised more than 90,000 IPTC cameras and other devices.

IoT devices are easily hacked if they connect to the internet, which is home to opportunistic cybercriminals. And because businesses and consumers are expected to acquire and use more IoT devices (the market is expected to reach $1.7 trillion by 2020), it’s imperative to take cybersecurity precautions.

How can I protect my IoT devices?

Luckily, there are steps you can take to keep your devices — and ultimately your network and data — safe from HNS and other forms of malware.

  • Turn off your IoT devices when not in use to reduce their exposure to fast-spreading malware.
  • Take simple precautions to keep your WiFi networks safe, like changing your network’s default settings (including your network’s name), and using complex passwords that are changed from time to time.
  • For those who use a large number and variety of devices, install a threat management system that will block intruders and secure common threat entry points.

With HNS and other malware strains expected to increase in number and complexity, it’s more important than ever to take a multi-layered approach to security. Call us today to learn more about which cybersecurity solutions are right for your business.

Published with permission from TechAdvisory.org. Source.

Within the last year, Chrome has helped users understand that HTTP sites are not secure. More websites use HTTPS, a safer protocol, than ever before. So, how can you benefit from this transition? Find out here.

For several years, Google has moved toward a more secure web by strongly advocating that sites adopt the Secure HyperText Transfer Protocol (HTTPS) encryption. And last year, Google began marking some HyperText Transfer Protocol (HTTP) pages as “not secure” to help users comprehend risks of unencrypted websites. Beginning in July 2018 with the release of a Chrome update, Google’s browser will mark all HTTP sites as “not secure.”

Chrome’s move was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and the majority of Chrome traffic is already encrypted.

Here’s how the transition to security has progressed, so far:

  • Over 68% of Chrome traffic on both Android and Windows is now protected
  • Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
  • 81 of the top 100 sites on the web use HTTPS by default

HTTPS: The benefits and difference

What’s the difference between HTTP and HTTPS? With HTTP, information you type into a website is transmitted to the site’s owner with almost zero protection along the journey. Essentially, HTTP can establish basic web connections, but not much else.

When security is a must, HTTPS sends and receives encrypted internet data. This means that it uses a mathematical algorithm to make data unreadable to unauthorized parties.

#1 HTTPS protects a site’s integrity

HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one can tamper with the traffic or spy on what you’re doing.

Without encryption, someone with access to your router or internet service provider (ISP) could intercept (or hack) information sent to websites or inject malware into otherwise legitimate pages.

#2 HTTPS protects the privacy of your users

HTTPS prevents intruders from eavesdropping on communications between websites and their visitors. One common misconception about HTTPS is that only websites that handle sensitive communications need it. In reality, every unprotected HTTP request can reveal information about the behaviors and identities of users.

#3 HTTPS is the future of the web

HTTPS has become much easier to implement thanks to services that automate the conversion process, such as Let’s Encrypt and Google’s Lighthouse program. These tools make it easier for website owners to adopt HTTPS.

Chrome’s new notifications will help users understand that HTTP sites are less secure, and move the web toward a secure HTTPS web by default. HTTPS is easier to adopt than ever before, and it unlocks both performance improvements and powerful new features that aren’t possible with HTTP.

How can small-business owners implement and take advantage of this new interface? Call today for a quick chat with one of our experts to get started.

Published with permission from TechAdvisory.org. Source.

Businesses today rely on countless apps and software for day-to-day operations. However, too many of these programs can do more harm than good. App overload brings confusion among employees, and a recent study shows that this costs more than companies realize.

How app confusion occurs
A new study conducted by CITE Research shows that a surplus of apps is causing a great deal of confusion in the workplace. Among the 2,000 workers from the US, UK, and Australia surveyed, 69% wasted as much as 32 days a year navigating between apps — that’s an hour of productivity lost every single day.

The same research — entitled From Work Chaos to Zen: How Application Overload Redefines the Digital Workplace — reveals the biggest problem is with communication apps and channels. On average, a single worker juggles four communication apps every day, which is pretty much like holding four conversations at one time. It’s even worse for 20% of the respondents who said they use six or more.

Furthermore, the average worker flips between apps as frequently as 10 times per hour, which means more time wasted. 56% of respondents felt that searching for information stored across different apps was disruptive while 31% said it caused them to lose their line of reasoning. It’s tempting to see each individual app as a problem-solver, but when looking at the bigger picture, it could be causing problems.

Coming up with a solution
Clearly, app overload has an immense effect on productivity, and the gap between executive perception and employee perception doesn’t help. Before signing up for yet another app, give your workflow a second look and consider the impacts of disruptive activities and employee preferences.

In the CITE Research study, workers agree that having only one communication app would clear up all the confusion. Regardless of what the best solution is, it’s probably more affordable than most small business owners realize. A managed IT services provider like us can provide guidance that puts you on track for long-term success. Give us a call today for more info.

Published with permission from TechAdvisory.org. Source.

Facebook is no longer the most popular social media platform for US teens. According to a recent survey by Pew Research Center, only 51% of US teens aged 13 to 17 years are using Facebook. This is much lower than the shares for US teenage Snapchat users (69%), Instagram users (72%), and YouTube users (85%).

Reasons for user demographic shift

The same survey found that only 10% of US teens use Facebook most frequently, unlike other platforms like Instagram (15%), YouTube (32%), and Snapchat (35%). There are two main reasons why Facebook is no longer the first social media choice for US teenagers: visual content and control.

#1. Visual Content

The current youth demographic group favors visually appealing posts. As a result, teens prefer platforms like Instagram and Snapchat that allow them to beautify their photos and instantly share them with their friends. This is unlike Facebook where users can only upload, share, read, and like curated posts, which is deemed “uncool” by teenagers.

#2. Control

Youngsters are known to be highly expressive, but this is impossible to do if they’re friends with their mom, dad, or other adults on social media. Snapchat and Instagram solve this by allowing teens to control who’s able to see their posts. What’s more, Snapchat and Instagram stories allow users to send time-limited messages. Unlike regular Instagram posts, Instagram stories allow users to share images or videos on their app immediately. These images and videos will then be removed from the platform after 24 hours, similar to how Snapchat works.

These two features mean users can upload more “adult-oriented” posts without worrying that their parents will see them. Users can also get peace of mind knowing their uploaded photos or videos will be removed from the app after a period of time (usually 24 hours).

The next steps for SMB marketing

It’s crucial for small- and medium-sized businesses (SMBs) that have a limited marketing budget to understand which platforms reach which demographics. For example, SMBs targeting customers aged 13 to 17 years should rethink their marketing strategies if they’ve invested mainly in Facebook ads. They should consider reallocating their advertising funds to Snapchat, Instagram, or YouTube where their target customers are most active.

Is this the end for Facebook ads?

This doesn’t mean companies that have invested in Facebook marketing won’t see any more benefits. The survey discovered that 70% of US teens from lower-income households use Facebook, a much higher figure than those from middle income families or wealthy families.

But if you do decide to move your Facebook ad spending to other platforms, keep in mind the different preferences based on gender. More girls (42%) identified Snapchat as their go-to platform compared with boys (29%). On the other hand, more boys (39%) identified YouTube as the platform they used most frequently compared with girls (25%).

It is highly recommended that businesses of any size use more than one type of marketing channel to attract customers. Not only will your company’s search engine rankings increase naturally, but having more than one approach can also help you reach more of your target demographics and compete better with similar companies. We help SMBs make the best of their marketing funds by tailoring marketing strategies that reach the most teenagers, so if you’re interested in social media marketing, send us a message today.

Published with permission from TechAdvisory.org. Source.

Microsoft recently announced plans to eventually stop the activation of Silverlight, Shockwave, and Flash content in Office 365. This is not just the developers disabling bugs with an option to click a link or button to look at content. Within a few months’ time, Flash will be gone from Office 365 for good.

What media will be affected once this is implemented?

Microsoft Silverlight and Adobe Flash or Shockwave content that uses Microsoft’s OLE (Object Linking and Embedding) platform and the “Insert Object” feature will be blocked. However, media that uses the “Insert Online Video” control via an Internet Explorer browser frame will not be affected by this change.

The following timeline shows the various changes that will take full effect by January 2019:

  • Controls in the Office 365 Monthly Channel will be blocked beginning June 2018.
  • Controls in the Office 365 Semi-Annual Targeted (SAT) Channel will be blocked beginning September 2018.
  • Controls in the Office 365 Semi-Annual Channel will be blocked beginning January 2019.

Why did the developers choose to take out the embedded content?

Microsoft pointed out various reasons for making their decision. It cited that malware authors have been exploiting systems through Word, Excel, and PowerPoint files with embedded content, and that most Office 365 users did not use or rarely use the controls anyway.

Aside from this, the developers at Microsoft decided to take action after Adobe announced that Flash would reach its end-of-life cycle by 2020. Silverlight was discontinued in 2016, where enterprise customers would have support for the medium until 2021.

For businesses that still need to look at or embed Silverlight- or Flash-based content in an Office 365 document, Microsoft has provided a support page to guide users on re-activating the controls.

As more websites are transitioning away from Flash in favor of HTML5, Microsoft’s once-popular platform has experienced a steady decline over the years. According to Google, Chrome users who loaded a single web page per day that has Flash media had gone down from an estimated 80% during 2014 to below 8% in early 2018.

For more information about utilizing Office 365 features and other IT related concerns, feel free to get in touch with us today!

Published with permission from TechAdvisory.org. Source.

The healthcare industry is unique in that the biggest data security threat comes from insider breaches.The main reason for these unauthorized hacks is financial gain. So how can healthcare organizations protect themselves against insider threats? Read on.

#1 Educate – The workforce (meaning all healthcare employees) must be educated on allowable uses and disclosures of protected health information (PHI) and the risk associated with certain behaviors, patient privacy, and data security. For example, when a celebrity is admitted to hospital, employees may be tempted, just out of curiosity, to sneak a look at their medical records, so this must be emphasized as a definite no-no.

#2 Deter – Policies must be developed to reduce risk and those policies must be strictly enforced. The repercussions of HIPAA violations and privacy breaches should be clearly explained to employees. They can be penalized huge amounts of money and violations can also carry criminal charges that can result in jail time.

#3 Detect – Healthcare organizations should implement technology to identify breaches rapidly and user-access logs should be checked regularly. Organizations need to have a strong audit process and ensure that they are regularly monitoring and updating access controls so only authorized personnel are looking at sensitive patient data, and that attempts by unauthorized personnel don’t go unpunished.

#4 Investigate – When potential privacy and security breaches are detected, they must be investigated promptly to limit the damages. When the cause of the breach is identified, steps should be taken to prevent recurrence.

#5 Train – Healthcare employees must undergo regular comprehensive training so employers can eliminate insider threats. From a privacy standpoint, training and education often start with the employees themselves; they learn all about data privacy right off the bat, from the first day of orientation. Still, organizations must remain vigilant and ensure that they are properly prioritizing privacy and security as cybersecurity threats continue to evolve. Healthcare organizations’ IT departments should send out different tips covering a variety of topics regularly throughout the year. And to keep these tips top-of-mind among employees, IT departments should send them via a variety of media, including emails, printed newsletters, and even memos.

Is your healthcare data secure? What other steps can you take to ensure protection for your healthcare provider from insider threats? Call today for a quick chat with one of our experts for more information.

Published with permission from TechAdvisory.org. Source.

A destructive, new malware has surfaced in at least 500,000 home and business routers across 54 countries. Security researchers warned that the infected devices could “self-destruct” as the said malware named VPNFilter can maintain presence even after a successful reboot.

How VPNFilter Works

Talos cited the vulnerable devices as Linksys, MikroTik, Netgear, and TP-Link networking equipment, as well as network-attached storage (NAS). Upon infecting a small office home office (SOHO) router, VPNFilter deploys in three stages.

In stage 1, the malware imposes its presence by using multiple command-and-control (C2) infrastructure to capture the IP address of the existing stage 2 deployment server. This makes VPNFilter so robust that it can deal with any unpredictable changes in C2. This stage of the malware persists through a reboot, which makes preventing reinfection tough in stage 2.

Stage 2 involves deploying modules capable of command execution, and data collection and exfiltration. According to the United States Department of Justice (DOJ), this can be used for intelligence gathering, information theft, and destructive or disruptive attacks. Moreover, stage 2 malware has a “self-destruct” feature that once activated by the hackers will overwrite a critical area of the device’s firmware so it stops functioning. This can happen on almost every infected device.

In Stage 3, a module with packet-sniffing capabilities is added to enable monitoring of internet traffic and theft of website credentials. And yet another module is installed to deploy communication support for the Tor network, which can make communicating with the C2 infrastructure harder.

Taking Action

According to Talos, the likelihood of the attack being state-sponsored is high, something the DOJ later backed up. The DOJ attributed it to a group of actors called Sofacy (also known as APT28 and Fancy Bear), the Kremlin-linked threat group believed to be responsible for hacking the Democratic National Committee computer network two years ago.

On the night of May 23, the FBI announced that they have seized a domain which is part of VPNFilter’s C2 infrastructure used to escalate the malware’s effects. This forces attackers to utilize more labor-intensive ways of reinfecting devices following a reboot. With the seizure, the government has taken a crucial step in mitigating VPNFilter’s impact.

Stopping the Malware

Researchers agree that VPNfilter is hard to prevent. While vulnerability has been established, patching routers isn’t easy, something average users might not be able to do on their own. But as with any malware, the impact of VPNFilter can be mitigated, which is done by terminating the C2 infrastructure used.

To minimize exposure, the FBI recommends all SOHO routers be rebooted, which, according to a statement from the DOJ, will help the government remediate the infection worldwide. The justice department, along with the FBI and other agencies vowed to intensify efforts in disrupting the threat and expose the perpetrators.

For their part, Talos offers the following recommendations:

  • Users of SOHO routers and/or NAS devices must reset them to factory defaults and reboot them in order to remove the potentially destructive, non-persistent stage 2 and stage 3 malware.
  • Internet service providers that provide SOHO routers to their users should reboot the routers on their customers’ behalf.
  • If you have any of the devices known or suspected to be affected by this threat, it is extremely important that you work with the manufacturer to ensure that your device is up to date with the latest patch versions. If not, you should apply the updated patches immediately.
  • ISPs will work aggressively with their customers to ensure their devices are patched to the most recent firmware/software versions.

Combat the VPNFilter malware by rebooting affected devices. For more tips, contact our team.

Published with permission from TechAdvisory.org. Source.