Cyber Security Defense Strategy: 7 Steps to Effective Network Segmentation

Many of today's networks have a flat structure that sets up no barriers between disparate systems. Organizations may wall off SCADA systems from the rest of the network, but they fail to limit unnecessary communication paths between other network nodes. Too often, systems like CCTV, manufacturing control, alarms and building access control live on the perimeter of a network with no limits on internal access. For example, attackers can compromise the workstation that maintains access control functions. They can then disable door keypads, compromise building security, steal data and manipulate power distribution.
In a world that has seen exponential growth in cyber security threats, network segmentation limits an attacker’s movements, protects proprietary information and prevents unauthorized access to sensitive data. The process brings together logical groups of users, applications and assets. It then ensures that these groups don't interact unnecessarily with one another. The key is to balance segmentation for cyber security with the organization's need for agility and rapid workflow. It's a long-term process, and the implementation timetable will differ depending on the size and complexity of the organization.

1. Take an Inventory of Machines

Few organizations know exactly how many machines they own. They also may not know who's using those machines, and they may not even know where to find what they have. For this reason, taking an exhaustive inventory of every machine is crucial to starting the network segmentation process. These machines may fall into these categories and more:

• Windows and UNIX servers
• Development servers
• Financial servers and workstations
• HR servers
• Security devices
• Other network infrastructure

In particular, pay attention to equipment that’s controlled by system administrators. One compromised system administrator laptop can give an attacker access to a wide range of functions and employee credentials.

2. Decide How to Protect Each Machine

A Windows server in one location may not need the same level of protection as a Windows server in another location. Therefore, after taking a machine inventory, categorize the machines according to the type of protection that each machine requires. Once you know what you have and what it does, then you can make decisions regarding how to protect each asset.

3. Take an Inventory of Personnel Including Which Machines They Can Access

Make a list of every person in the company and which machines they can access including workstations, notebooks and mobile devices. Then, ask yourself whether these people actually need every machine they have. In the previous step, you decided how to protect each machine according to its characteristics and functions. Now, make more decisions about protection by factoring in whether the receptionist or the CEO is using the machine.

4. Create an Initial VLAN to Isolate a Low-Maintenance Group

Instead of trying to tackle a company-wide segmentation, start by creating a virtual LAN (VLAN) for a low-maintenance group of workers. Good choices include the legal department, accounting and human resources. Start by monitoring the group and monitoring all traffic in and out of the servers so you can understand what the group accesses and how workflows actually happen. As you learn to understand your initial group, you can expand your segmentation efforts to other groups.

5. Create a Default Deny Ingress Rule for Each Group

Starting with your pilot group, develop a default deny ingress rule so that other users, machines and applications can't interact with that segment of the network. Every time you implement a new default deny ingress rule, prepare for some problems. For instance, if the CEO can no longer access a desired financial report, prepare to apologize profusely and to quickly fix the problem.

6. Prepare for New Equipment Needs and Personnel Training

Old equipment may not be able to handle your segmentation. For example, you might have to purchase a new router if the old one can't implement your new access control list. Also, you'll have to train personnel to navigate through your segmented network. They should understand why they no longer have access to certain areas.

7. Refine Your Groups Over Time

No matter how much time you spend trying to understand business drivers and workflows, you're going to make mistakes that people will find disruptive. Refine your group structure and protection strategies as you learn, and give yourself a generous timeline to implement a full network segmentation strategy

Continue Reading

5 Common Hacks & Advice on How to Defend Against Them

You may think that hackers are excessively clever people who are coming up with improbable hacks around elaborate security systems, and some are, but most rely on a few old tricks that have been around for years.

I am going to look at 5 common hacks that are used so that you can become aware of them, as knowledge is the first line of defense. I will then give you some actionable advice on what you can do to defend against these common hacking techniques.

Common hacks 1: Bait and switch

There have been countless ‘bait and switch’ scams over the years. I’m talking “years” as in over the last century. Things haven’t changed much in the computer age as bait and switch style hacks are still used.

Commonly, they’ll buy legitimate advertising space on websites. The hacker will switch the link contained within the ad from the approved one to a malicious one, or they’ll code the legitimate website to take the user to a malicious site. Clever hackers will give away something free, like a website counter, and allow thousands of websites to use it - and then switch it out for something like a nice fat JavaScript redirect.

How to defend: Given the large variety of bait and switch hacks out there, it’s difficult to give advice on them. The first point is to make sure that you understand that anything you don’t control can be manipulated. If it isn’t your web counter, someone can exploit it. If you didn’t find the website yourself, the ad can direct you somewhere you don’t want to be. These can be defended against by simply going to trusted resources for your web counters, or doing your own search for the content within the ad.

Common hacks 2: Cookie theft

Cookie theft, also known as session hijacking, enables people to assume your online identity on popular websites. This allows them to log into your accounts, taking over your social media accounts, as well as making purchases in your name.

To make matters even worse, there’s even a program called Firesheep that allows people to do this with a few clicks while using another trick we’ll talk about next, the fake wireless access point. All it takes is a few clicks, and they’ll take over your identity.

How to Defend: Try to always use websites that have secure development techniques and the latest cryptography. A tool that can help you do this while using Google Chrome is called KB SSL Enforcer.

The KB SSL Enforcer plug-in forces your browser to go to the most secure version of websites. This will be the one that starts with HTTPS, with the ‘s’ being ‘secure’ and referring to TSL cryptography. It is not 100% protection, but it does make things more difficult. If hacking you is a challenge, hackers are more likely to move on to someone who hasn’t read this list!

Common hacks 3: Fake Wireless Access Points

Everyone loves free wifi, including hackers. How this hack works is a hacker will set themselves up in a public location, a coffee shop, restaurant, airport, or public library as examples. They’ll establish a fake wireless access point (WAP) of their own and name it something that makes it sound official: “McDonalds Free WiFi” or “Laguardia Free Connection.”

Those who are looking to make a quick connection, for free, will then establish a connection to these WAPs. There are two ways that a hacker can steal information. The first is that they can set it up so that you have to enter a username and password to connect. Most people use a common username and password for these quick “set it up and forget it” accounts. Hackers will then take that information and use it to try to log into your Twitter, Facebook, Amazon, iTunes and other popular accounts. This is one example of online identity theft.

The other way that a fake WAP will work is by the hackers just sifting through the information that is going through the connection and taking whatever isn’t protected or encrypted.

How to defend: First, ask the proprietors of the establishment what the correct name is for their WiFi. That’s the easy one. Next, be sure to always use a unique password and login for public WiFi. It may be a pain, but it’s your best form of online protection.

To protect against those who sift through and steal information that isn’t encrypted, use a personal VPN to encrypt all of your communication. You can read more about top VPN services over on the blog I work for.

Common hacks 4: False file names

This work by tricking people into clicking on files that look enticing, like BeyonceNipSlip.avi, but are actually files full of malicious code when opened.

One of the most famous examples of this right now is one known as the Unicode character switch. It fools computers into displaying a file that is actually BeyonceNipSlip.exe (an executable file that can tell your computer to do things) as the less harmful looking BeyonceNipSlip.avi (.avi being a video file).

You then open it thinking you’re going to see a video of a small slice of heaven (sorry, clearly Beyonce biased), and instead get a computer full of something bad.

How to defend: This is one of those instances where you have to do your homework. If someone is sending you a file, be sure that you know what the full name is with the extension. If you don’t know who is sending you the file...don’t open it! If you have a virus scanner which allows you to scan individual files before opening them, put it to work.

Common hacks 5: Wateringhole attacks

Watering hole attacks can be related to point 3, but with more focus and malice. Hackers will scope out a common place where employees of their target company hang out for drinks, dinner, or even online social platforms - a ‘watering hole.’

These employees are often more relaxed about their security, but since they’re with co-workers they’re still prone to discussing business matters. The hackers will then either install fake WAPs in the physical location that they gather to get company credentials, or they’ll install harmful JavaScript redirects into the online places that these people visit.

The hackers will then use the login details or compromised workstations to gain access to the inner workings of a company. Notable wateringhole attacks have happened to Apple, Microsoft, and Facebook.

How to defend: Making it known to your employees is the first step. They can not use their same credentials on their workstation and on these types of sites, or in these locations. Like it or not, in today’s digital world, your employees have to act as if they’re always at work.

Continue Reading

Security Tip: Pocket Protection

Are you concerned about security on your mobile device? It's no secret that mobile users have been hacked in the past and had their personal information stolen. But is mobile security getting any better? Here are a few things you need to know about the current state of mobile security.

Apps Can Protect You Or Hurt You

Many app developers understand the risks that occur by having a mobile device and using it to access different networks, files, and applications. That's why several trusted app developers have released security apps designed to warn you of dangers and to keep your data safe. For instance, the 360 Security - Antivirus&Boost app for Android is designed to protect your device from malware and viruses. Others like Find My iPhone will help you locate a lost or stolen device and even lock your phone so that thieves can't access your private data.


The downside to smartphone applications is that even though there are apps that can protect you, others can hurt you. For instance, you might think you're downloading a seemingly safe application when in reality there's a virus piggybacking on the download. Furthermore, top-rated apps may become prime targets for hackers, meaning that even the best apps aren't always completely safe.

There are various smartphones to choose from, with many falling out of the limelight due to the hype of Android’s Galaxy and Apple’s iPhone. Take, for example, the Sony Xperia Z3, with several of the same capabilities as the aforementioned smartphones. Its unique capabilities provide the same functionality at a more reasonable price. The unique techie-centered Sony Xperia Z3 from an affordable carrier like T-Mobile shouldn’t be overlooked.

The good news is that an increasing number of app developers are using encrypted data to keep your information further from the reach of hackers. For instance, the cloud storage service Spideroak encrypts data at every stage of the process, making it a bit safer than options, like Dropbox, that don't.

The good news is that an increasing number of app developers are using encrypted data to keep your information further from the reach of hackers. For instance, the cloud storage service Spideroak encrypts data at every stage of the process, making it a bit safer than options like Dropbox that don't.

It's In the Fine Print

Before you download an app, be sure you're checking what the app has permission to access on your device. An application may not be damaging in the way that it installs malware and viruses without your consent. In fact, you may simply be giving the app permission to access your files. If an app does compromise your privacy, it could be because you've allowed it access to do so, though.


The good news is that in app stores like Google Play, you'll see a list of what the app is asking permission to access. You'll want to read through the full list before accepting the terms, so that you're not surprised later by how the app gains access to and uses your information.

File Sharing Raises Concerns

Mobile devices and their complementary cloud-based storage apps raise many concerns, particularly for businesses. The security threat here is that people are concerned that sharing files could lead other users to forward sensitive information. The further this information is distributed, the more vulnerable it is.


According to 2013 research into the state of mobile security, the second top concern with BYOD aka Bring Your Own Device was that users would be able to forward company data onto cloud-based storage services. This grave concern fell behind only that of lost or stolen devices.


It's clear how this may raise concerns for businesses allowing individuals to bring their own devices to work. As an individual, however, this should also be a concern. That's because even if you delete sensitive data on your device, such as photos, contact information, etc., it still survives on cloud storage services and on devices of anyone to whom you've forwarded the file. Even if you're the only one with the file, that digital data is never gone. Today, it's still a huge worry for many people about where the copies of their files are and how susceptible the information is to being breached.

The Bottom Line

While there are still a lot of concerns surrounding mobile security and the protection of your device -- including even physically protecting your phone from damage and water -- there have been improvements. For instance, more applications are taking security measures to encrypt their data and create constant updates to stay out of reach from hackers. In addition, operating systems like Google's Android 5.0 Lollipop OS are becoming more secure.


How do you feel about your device and its security?

Continue Reading

Advance Database Security

Databases are often the targets of security attacks by cyber criminals. Databases that hold all the security related information, passwords and financial details of users are what these attackers are looking to profit off. That is why database security is an incredibly complex topic that can be covered in elaborate detail. Get in touch with your remote DBA now.

However here are a few of the best practices in database security that will help businesses.

   1. Keep the database and the web servers separate.

Usually when the entire web related software is been installed, the database is automatically made. For the sake of convenience the database is made on the same server where the software has been loaded which is the web server. However this opens the doors for a security breach because then hackers will only need a single point of entry. If they are able to make their way past the security for the web server then all the data stored will be at their mercy.

This is why the database should be stored separately on server that is further protected by a firewall and not with the web server. It is a more intricate but well needed procedure. To know more visit - http://www.remotedba.com/


   2. File encryption

Just storing the database on a separate server is not enough to ward off persistent attacks. Encrypt all the files that are being stored. The stored files of the web software have the information that will enable it to connect to the databases. If you store the data in plain text files like a lot of people then they will provide the data that the hacker needs to get to the sensitive information.

It is not just the files that need to be encrypted. Encrypt the backup files too incase there is an internal attack.


   3. WAF

Use WAFs or web application firewalls. It isn’t true that the web server protection is completely separate or irrelevant to the database. A proper WAF will protect your website from cross site script vulnerabilities, vandalism and also potential SQL injection attacks. If SQL queries can be prevented from being injected by a criminal then the firewall will be successful in keeping all the sensitive information which is stored in a database away from unwanted attention and attacks.


   4. Current patches

This is one thing that a lot of web administrators like remote DBA fall short. Web sites which have a lot of third party apps, elements, widgets, plug-ins and other add-ones become easy targets to something that could have been patched on time.


   5. Less third party apps

Try and reduce the number of third party applications being used. While it is understandable to use user-interactive widgets and other content that makes websites attractive, any app that accesses the database is always a weak point which can be exploited. Unless it is required don’t use third party apps. Remember that these are made by programmers who then stop support after a while.


   6. No shared servers

If your database has highly sensitive information then don’t use a shared server if you can avoid it. It will be cheaper and easier. However remember that you are putting all your important data at the hands of someone else. In case you can’t avoid it, do a keen review of all their security protocol.


   7. Security controls

Put in security controls on your database. Check your controls and ensure that they have been enabled even though it is automatically enabled by most databases these days.

Continue Reading

Best Android Tutorials – Choose Any One From The List

The rapidly accentuating Android user base and the groovy features of the platform encourages the novice as well as expert developers to choose the Android development as their career. With the rising demand of this niftiest platform, a great craze for learning the Android development can also be observed.

This is why, there are numerous proficient sources available on the Internet itself that facilitate convenient and efficient learning. But since, too many options can also confuse you (especially when you are a beginner and lots of tutorials and study material is available out there), here I have compiled a list of some of the best Android tutorials for the newbies who are interested in learning and understanding the platform.

There are many sources to get you developed app and best is to avail Android App Developer for Hire. However, if you are willing to get into this profession, the let's have a glimpse into the best of the Android tutorials for newbies available on the Internet.

1. Building Your First App:
This genuine tutorial is offered by Google who maintains the Android platform. It provides an insight into creating a very simple Android application. You can go through the complete information with ease as everything is available on the same page. The tutorial is ideal for the developers who have some prior developing knowledge and wants to learn Android development.

2. Android Programming for Beginners Part1:
The tutorial indeed offers the brilliant guidelines for creating a basic Android app that runs a simple 30 seconds countdown and represents a number on the screen.

3. Android Development – Tutorial:
From this tutorial, you can efficiently learn the Android development as it offers an insight into the platform in a comprehended fashion. It precisely explains everything via theoretical as well as practical explanation.

4. An Android Book:
What I believe is that a book often provides a complete insight into the topic. It epitomizes everything in a well-organized and logical fashion. Therefore, a book-type tutorial is often a better option. You can choose a business level book like this one, and learn all, a simple to an advanced level Android development efficiently.

5. Learning to Parse XML Data in Your Android App:
Since, internal data is not always sufficient, you might require external data and XML facilitates a great way to handle all the external data in the most effective and efficient fashion. This resourceful tutorial will comprehend the best way to parse the XML data in an Android application.

6. Localizing Android Apps:
Android is a popular platform that exhibits a whopping number of fans across the globe, who understands and uses different languages. Thus, in order to meet the huge audience base of the platform, localization is must. And this is why, the most of the Android developers want to embrace localization in their application. You can refer this tutorial, as it offers and inside out about the topic and explains every single thing in an optimized fashion. Use this and learn the best way to localize your Android application.

7. Android 101 for iOS Developers:
Android being an open-source and popular mobile platform, whose captivating features can even attract the developers from other platforms including iOS developers. So, if an iOS developer who has prior knowledge of mobile app development, want to enter the Android domain, he can refer to a special tutorial like this one. In the Android 101 for iOS Developers tutorial, you will get a helpful difference between the development environments possessed by both the platforms (iOS App Development and Android App Development). This will make your transformation seamless and convenient.


Following an elaborated and comprehended tutorial can lend you a precise image of the topic. Whether you are an amateur developer or an advanced app developer, but have expertise in a different platform, there are tutorials and study materials available out there for almost everyone. You may search on the Internet or use the aforementioned tutorials that I have shortlisted while considering their usefulness. Follow the appropriate tutorial and reap the benefits of this rapidly flourishing platform. Step on the Android paddle and follow the pro tips and expert's advice, you will definitely be able to deliver a superlative and lucrative product.

Continue Reading

Cloud: How Safe Are Cloud Solutions from Hackers?

 

How Safe Are Cloud Solutions from Hackers?

 Cloud computing and cloud storage are some of the most recent big developments in the technology sector, with millions of users tapping into the service and making the most of offsite solutions for either themselves or their company. That being said, you are trusting your data and/or computing to be done off-site where it is relatively out of your control. This leads to the question of “Just how secure are cloud solutions from those who want to get at my data?” To answer that, we’d need to look at it from both the server end and the user end, and ask a few other questions.

User-End Security

A lot of how much you can depend on the security of cloud storage depends on you. If a hacker gets into your user data and uses it to log into some of your accounts, even the safest measures by a company looking to keep you safe won’t be of any help.
Your biggest risk is if a hacker manages through one method or another get ahold of your password and username and then uses that to directly log into your account and create all sorts of problems for you, possible even trying to steal your account outright. If this should happen your financial data is also likely at risk due to the method you likely paid for the cloud service, so you need to change your password to a strong one and change it often.
Also you should keep an eye out on who you share your files with, otherwise a hacker might take advantage of someone else and use that connection to get at you in some manner over the cloud. Try not to give permission where it is not needed and you should be relatively safe, but not completely immune to hackers.

Server-End Security

Most information technology companies take the security of their customers very seriously, knowing that if there were ever even a minor data breach that were to get publicized enough, they would lose costumers or users by at least the hundreds of thousands. In addition, many of the companies that offer cloud computing are the safe ones that have their own security departments and will have the best minds in the field constantly figuring out ways to think ahead of hackers.
However, hackers will often work together to crack a server with a large enough reward, and as we have learned from the recent celebrity leaks, cloud storage is not invulnerable. Also, a single employee can easily create a major breach whether it is through malice or negligence. That is not a risk to take lightly, and hackers will take advantage of every last thing they can find (or make new breaches when there are none readily apparent).
That all being said, hackers are not the only thing you should think about, and you need to focus for at least a little while on how much you trust the company you are having store your data. Do you think they are going to use it themselves for research purposes? How do you think they would react if they found out if they got hacked? Would they warn their customers?

Public Networks

You should also note that, if you use a cloud solution, that means you are going to need a constant internet connection. If you are using a laptop or smartphone on the go this likely means that you will be using a public network. Public networks are dangerous, especially with the amount of data that cloud solutions send and receive all of the time.
On unprotected public networks hackers in the vicinity with extremely simple setups can read all of the data is sent over the network, and this can include passwords, usernames, financial information, and many of the things that are sent over cloud computing and storage. This makes using cloud computing unprotected very risky in public places.
If you really want to use it, though, and there are certainly benefits (laptops often don’t have much storage space compared to other computers), then you will like want to use a solid Virtual Private Network. With it your computer will establish a safe connection with a secure outside server that no one else will be able to access. Over this connection you will be able to send your cloud computing data and you will be able to safely do whatever you need to while out in public.

What Will You Use It For?

A lot of how much you should rely on the security of cloud solutions depends on what you use them for. Most hackers are not really interested in your music collection or your family photos from that trip to Venice last year. They will however be interested in documents relating to your place of business, any financial or personal data that you might have, or anything incriminating that they can use against someone in a desperate situation. If you have extremely sensitive data, you’re better off using a flash drive and a safe.
Therefore try to write down a list of different processes you’d use cloud computing for and what types of data you’d store on external servers. If there is nothing worrying, then you’re probably safe. If not, then take a closer look at other options because hackers might use it should the worst happen.
 
Conclusion

So, to answer the title question in short:  Not particularly, although you can take some decent precautions so it is fine for basic use. Thank you for reading and I hope that this article helps you make a more informed decision about which services you buy for your computer.

Continue Reading

Important Tech info: Four Things To Look For In A Business Software Company

These days, more and more corporate leaders are realizing that accessing high quality business software can help their companies function more smoothly. If you're interested in ensuring that you can attain the excellent, expedient business software that you want for your company, be sure to look for the following four things in the organization:


1. Great Leadership.

One of the first things you should look for in a business software company is great leadership. Leaders set the tone and moral fabric for a company, and this is why critically examining who is in charge of a business is a great idea. When you start to look for the ideal business software company, be sure to keep a great organization like Infor in mind. Infor offers great clients like you a wide range of helpful products and services that will empower them to run their companies with precision and purpose. Moreover, Infor is headed by a great Leader: Charles Phillips. As you can learn from Charles Phillips twitter account, the CEO of Infor is a former Marine Captain and Wall Streeter. He is also successfully running a software company that employs 13,000 people.

2. Diverse Offerings.
Yet another thing that you should look for in a business software company is diverse offerings. Over time, companies change, and this means that the type of business products they will be in need of can change as well. For this reason, it's a good idea to work with a business software company that offers a wide range of products. You may want business software products that assist you in some or all of the following areas: customer and marketing management, enterprise asset management, enterprise resource planning, human capital management, product lifecycle management, service management, supply chain management, and enterprise performance management.

3. A Solid Warranty.

When you start looking for the ideal business software company, a solid warranty is definitely something that you should want. Even in the event that you purchase great products from an absolutely amazing company, there's an at least small chance that your goods will malfunction in a significant way that requires maintenance or repair work. In the event that you don't have a warranty on your product, there's no guarantee that the company or manufacturer will provide you with this service. For this reason, ensuring that you're purchasing your software products from a company that offers an excellent warranty is important.

4. A Good Reputation.
One final thing that you should take into consideration when you're looking for a great business software company is a good reputation. This means that the organization is known for offering great customers like you excellent customer service while also operating in a high level of excellence and integrity. You can determine what type of reputation a business software company has in several ways. One strategy you can use is to go online and see what type of Better Business Bureau (BBB) rating the company has. You can also look into any online reviews that have been left about the organization to get a general feel for what the public thinks about the company.

Conclusion

When it's time for you to find a business software company, you deserve to get the best products and services available. Make it happen by looking for the aforementioned characteristics in the company.

Continue Reading

Step On How To Secure PDF Files

Step On How To Secure PDF Files

There are certain benefits of using PDF files and perhaps the most important one of them all is security. PDF files are more secure than other file formats as they allow for more sophisticated encryption. As such, as a PDF user, you can securely transmit or share your data through email or removable storage.

• PDF security features allow you to dictate user access levels.
• By using of watermarks, you can classify certain documents as secret or confidential in order to limit their circulation.
• Application of digital signature on PDF files is an added security feature that serves to confirm the validity of a document.
• You can set passwords.
  

Due to such security features and the fact that most PDF files are not editable (editor's note: you can edit PDFs by converting them to Word format), the chances of malware attacks or file corruption are limited.
The most commonly used form of PDF protection is password protection. You can add password protection in the following ways:

1. While in Adobe, open the file you want to protect by clicking on file and choosing open, then double clicking on the targeted file.

2. Click on the icon that looks like a padlock (this is the security icon) and select ‘show security properties’.

3. Click on the drop-down arrow next to the option labeled ‘security method’ and choose the type of security you want to apply. In this case, select ‘password security’. A dialog box will open. The next steps outline tasks you will perform within that dialog box

4. Compatibility: set compatibility to Acrobat 7.0 and later

Establish from your network of users if there is any one among them who is using versions lower that Adobe 7.0 so that you adjust your compatibility setting.
However, security settings for earlier versions may be lower, it is therefore better to ask other users to upgrade to current levels.

5. Set open Password
You will notice that the words ‘document open password’ is greyed out. Select the ‘require password’ option and type in your password. Only disclose the password to anyone you intend to open and read the document. Pay attention to lower and upper case letters.

6. Set Permissions password

Permissions allow you to exercise certain controls. Set a second password under permissions to control who can perform tasks such as editing. Provide a different password from the open password.

7. In the ‘printing allowed’ dropdown menu, you should select ‘none’ if you want to limit the printing of the document.

8. In the ‘changes allowed’ drop down menu, select one of the options that are to your preference. If you are sharing an ongoing project or you are sharing some views on your file and you want people to comment, you should select an option that allows readers to comment.

9. Click ok and then Click ‘ok’ a second time to leave document properties

10. Save the file and close

Important to note
If you want to recheck and confirm that the security settings work, enter the ‘open password’ and the ‘permissions passwords’.
If in the future you want to see the restrictions you have applied to the files, you can click on details to confirm.
With the above 10 steps, your PDF files will be safe to send out.

Continue Reading

Internet Protection You Can Count On: Five Password Tips To Keep You Safe

 

Heartbleed, Gotofail, Sony’s expansive Playstation Network, even the NSA—every few weeks a new story seems to be circulating in the media about the next big security breach. With so much of your life making its home in your devices, it’s really hard to feel safe. The truth is, these breaches do happen. Period. But that doesn’t mean they’re unavoidable. And one of the best ways to keep yourself protected lies right at your fingertips.

Our passwords are perhaps the easiest way to ensure our safety online and yet, many of us (myself included—at least in the past), have taken them for granted. We go simple, we go easy to remember, and it’s making us incredibly vulnerable to cyber attacks.

By following a few simple tips and tricks, you can avoid a data breach in your own life and ensure that your most precious data stays just that—yours.

Update Your Browser and Other Devices

It seems really simple but keeping your browser up to date is actually one of the best ways to keep you and your data protected. Old browsers are less stable and are highly vulnerable to spyware, viruses, malware and many other security issues. Updates are capable of patching newly discovered security problems and keeping your password out of the wrong hands.

Make Use of Two-Factor Authentication

Two-factor authentication is a sure-fire way to ensure your online safety. With it, in addition to your typical password protection, users have to provide a one-time code at the time of login. This code is usually sent to your mobile phone in the form of a text message. Once you have entered your password, the login service will prompt you to enter the one time authentication code. This process adds a second, secure layer of protection to the standard username and password login process and is truly a practical approach to doubling up your Internet safety.

Use HTTPS

When looking for the most protected version, hypertext transfer protocol or HTTPS is the best is the business. This appears as the series of letters before the ‘www.’ in the web address. Webpages with https in the URL tend to be more secure so try to use it whenever possible as it works to bi-directionally encrypt details sent between you and the server of a website. Most importantly, encryption with https is more apt to offer benefits such as webpage integrity and confidentiality. By using this, your information is better safeguarded against any prying eyes as only the server and your browser alone can decrypt the traffic.

Use a Password Manager

Fairly new technologies, Password Managers are a great way to protect yourself against security breaches while doing only half the work. While you should make use of strong passwords, rotate your passwords periodically, and always use different passwords for different accounts, none of these techniques safeguard against human fallibility. With so many different accounts and all of the passwords that come with them, it is very easy to forget what goes where. A Password Manager works to keep your passwords in a secure place, hidden behind the most secure password you can think of—preferably something that contains a selection of random letters, numbers, and symbols. By using a Password Manger, you cut down the passwords you need to remember to one, while still ensuring that each account you use has a unique password.

Which brings us to…?

Create Unique Passwords

Every account, every time—you always need a different password. Password reuse is your number one enemy. So, remember to create a distinct and unique password for each site you visit and use. Ditch all those standard words you’re used to using and never use any key dates, names, or characteristics about yourself. For instance, ilikedogs69 probably isn’t going to cut it. If you must use a common word (and hey, we get it—sometimes there’s just no other way to remember), try skipping letters—haveheart1212 could become havheart1212. By skipping letters, you instantly reduce the ease of guesswork for your assailant. Write backwards, vary between upper and lowercase letters, and always include several numbers and characters. Remember—the longer, the better.

So, there you have it—five easy steps to securing your password.

It’s your safety, right at your fingertips.

Continue Reading

Cyber Attack: Common Mistakes that may invite Cyber/Web Security Risks

 Most organizations today, howsoever small or large are conversant with cyber security and the risks it addresses. Both the frequency and cost of breaches have continued to grow across technologies, security processes, employee training and customer data. According to Symantec threat report, more than 552 million identities were exposed through security breaches in 2013. The increased use of mobile devices for internet has also sparked a rising threat with 38% of users encountering some kind of vulnerability.

Hackers have continued to grow with technology. However, it doesn’t take much to make your data secure and confidential. Here are some of the top reasons why many businesses, comprising of both banks and ecommerce platforms have been exposed to an unwarranted third party.

1. Weak and common passwords

Inspite of the repeated threats, users both individuals and businesses have continued to used passwords that can be easily exposed. Four out of every five incident occurs on the basis of hunch. 20% of users would have their birth date, their pet’s name or even their girlfriend’s name as a password! Personal information is easily guessable and if you are using it as a password to your email address or bank account, you can already guess the risk. Google also suggested that strong passwords must be a combination of characters, numbers and special characters (#, *, etc) and nothing close to something that could be guessed. Below are top 10 passwords which reportedly most used password sin 2014 by users.

1	123456
2	password
3	12345
4	12345678
5	qwerty
6	123456789
7	1234
8	baseball
9	dragon
10	football

Report: Splashdata

Another thing to note here would be that 12 percent of users have stored or shared their passwords through text massages, written it down on paper, on the desk, etc. This can encourage a breach.

2. Not using SSL certificates

SSL certificates are applicable to websites. SSL or Secured Socket Layer acts as a cipher code that can only be recognized by the users at both ends – the customer and the seller. Even if the information is hacked by a third party, the data is rendered incomprehensible. Using SSL certificates not only secures the information passed online but also helps build the customer’s trust.

SSL Certificates are most important factor for every business including eCommerce because it prevents cyber threats and secure online transaction details with high encryption feature. ClickSSL is leading SSL Certificates provider in the business which provides major types of SSL Certificates from trusted brands and allows businesses to secure their website from cyber threats.

3. Using untrustworthy plugins and software

The evolution of open-source era has really made web and app development easier. However, you never know the real motive. Hidden in the script could be some lines of codes that can give access to critical information once you have installed it in your system. Whenever you are downloading a third party software or plugin, ensure that it comes from a trusted developer and vendor.

4. Not hiring Cyber Security Specialist

The complicacy of cyber crime has matched shoulders with technological innovation. Consequently, only a professional has the key and knowledge to identify bottlenecks and curb a threat before they start to work to the advantage of the hacker(s). A cyber security professional doesn’t just ensure that you have a secure website but also gives you precisely tailored advice and tools to make your platform invulnerable. Consequently, most big businesses and brands have started investing in cyber security that ever before.

5. Missing device protection

Mobile devices can be easily stolen. Without necessary access protection installed into the device itself, it can be a wealth of information for a cyber criminal. Again, more than 86% of users use free Wi-Fi without checking for a secure connection. Any transaction made while using this connection makes your information vulnerable. Expert’s advice to always logout after a session has ended; using secure connections and always password protect access devices.

6. Clicking every advertisement randomly

Most pop up ads and redirected web search are for malicious purposes. Use internet wisely and never click of anything without knowing where it will lead to just because it made you curious. In recent article on ComputerWorld says that malicious ads on major sites helping attackers to compromise many computers.

7. Missing backups

Syncing information is vital as it serves a way to retrieve lost information after a cyber attack and wipe-up. You never know when there could be a breach and you land up in emergency.

Cyber crime is always well organized and done by some of the smartest minds. They are aware of every bottleneck and loopholes and it is your job to ensure complete protection.

Continue Reading

Security Tips to Secure Your Android Phone from Getting Hacked

 

 

Security Tips to Secure Your Android Phone from Getting Hacked

     Your mobile devices or even mine for that matter, house every sort of data imaginable. Think of all those selfies and the videos, synced bank accounts, Social Media as well as email accounts or contacts with their full details. It goes without saying that by storing all the information on a single (or multiple) device, we all face potential threats from hackers, who stealthily gain access to your smartphone or tablet and steal valuable information without your knowledge. The situation is worse in the case of Android phones.

One of the biggest weaknesses of the Android platform lies in the way in which the apps on a device communicate crucial information with servers. As is obvious, most of this communication is unencrypted and paves the way for hackers to exploit this vulnerability. Other than the issue with encryption, third-party advertising software can also leave your Android smartphone exposed to hackers. This is just the tip of the iceberg.

The scenario is scary because a hacker can not only access crucial/sensitive data, but also use your identity on various Social Media accounts and act as an imposter, carry out financial transactions from your bank accounts, hold your device hostage and most importantly, spy on your day to day activities and leak out sensitive information about you. Sounds scary right? What if I also tell you that these hackers can put your smartphone in a Botnet and carry out an array of illegal and fraudulent activities? Yes. Therein is the actual threat.

How to detect whether or not your Android device has been hacked?

Now there are no steadfast rules, but some telltale signs that will surely help you detect whether or not your Android device has been hacked. Take a look at the pointers that I have compiled to know which are these signs.

• You get a long mobile bill that you have no clue about and it includes calls that you never made and SMSes that you never sent. The same holds true with bank transactions, which you never carried out. Both are signs of your mobile data being compromised at some or the other point of time.
• Your mobile acts weird, even when the device is new. For example, certain apps might open and close on their own or send out texts without you doing as much as tapping the screen for approval is a sign of your device being hacked.
• Your mobile battery is draining faster than ever. Of course, there are many other factors that can lead to this such as apps that consume a lot of battery power when they run in the background. But we can’t rule this point out.
• Your phone runs extremely slow and keeps on getting hanged or restarts several times in a day. This can be caused by a malware or a hacker trying to modify some data in your device.

These situations can easily be done away with, if you know some top tips that are listed below to secure your Android phone.

1. Always keep the software of your device updated: One of the key loopholes that malicious software look forward to is the outdated software of mobile operating systems. Therefore, when you update the software on your smartphone, you automatically reduce the risks of falling prey to hackers and malware. So, the next time an update notification pops up on your screen, remember to tap it and approve.
2. Avoid third-party app stores: Always make it a point to download and install apps on your Android device from Google Play Store instead of a third-party app store or even some random websites. These are unreliable sources and you never know which of the apps will be infested with potential malware that will do you immense harm. Additionally, set up a separate PIN to make all the purchases on Google Play to stop unauthorized purchases.
3. Use data encryption settings: Use encryption settings on your device to protect the data. This includes your Google accounts, application data and download information and you can enable it by going to the Security tab in Settings and checking Enable Encryption.
4. Let go of the auto-complete feature: Make it a point to turn off the auto-complete feature on your smartphone. Even if you do feel lazy and irked to type the data every time, you can be sure that your personal data will not be up for grabs to the hackers. Similarly, avoid using the ‘show password’ feature that are available for a number of apps and websites.
5. Don’t store your passwords in an app: Some people use apps that let them store all their passwords such as that of different apps, email accounts, Social Media accounts and even credit card or mobile/net-banking, in one place. This is a strict no-no. Even though the app is high quality and comes with several security features and functionalities, it is software at the end of the day that can be tampered with.
6. Avoid charging your phones in public charging points: The constant use of mobile phones drains out battery, leading us to rush and charge our devices at the kiosks, especially when we are on the go. There are also fake charging points, which are the size of a shoe-box with power supply cords attached to them. These are placed by Juice Jackers to gain access to your phones. Here is how you can outsmart them.
7. Don’t use public/Free Wi-Fi: Free Wi-Fi is definitely one of the perks that technology has bestowed upon us all. But wait. Before you use the unlimited Wi-Fi connection that comes free of cost and that too in a public network, think twice. Sending personal data over unsecured Wi-Fi makes your Android phone more vulnerable to hackers than you can ever imagine.
8. Turn off your Bluetooth: Turn off your phone’s Bluetooth when not in use. Hackers can use unprotected Bluetooth networks to gain access to your device. If you do want to pair it with another device, use passcode. Do not allow any device to automatically pair with yours as this can lead to data theft and transfer of malicious code.
9. Browse safely: I know, this is a basic step and you all are aware of the fact that browsing safe is the thumb-rule of ensuring security on the internet. But sometimes, when we are in a hurry, we hastily click on some links without a second thought. This can lead to the download of malware on your device without your knowledge.
10. Delete browsing history on a regular basis: It is also important to delete your browsing history including cookies, cache and stored passwords, if any. Removing your virtual footprints will help your private information stay private and away from a hacker. Also, remove any temporary files stored in your phone on a regular basis.

To Conclude

In an era where practically everything is dependent on our mobile devices, taking precautionary measures to secure them does come in quite handy. Use these simple but effective tips and you will not lost sleep over your Android phone’s security!

Continue Reading

Security Tip: Top 10 Worst Internet Security Mistakes

 
The internet is getting increasingly popular for people to use (and use it to solve more of their problems), and thus it is getting increasingly popular for crime to happen over the internet as well. Hackers are not going to go away, and with identity theft being one of the most common crimes in the United States, your internet security is something you should be taking extremely seriously.

1) “password”

When you are choosing your passwords, what do you normally do? Do you optimize your passwords to the best security you can manage, or do you just type in “password” all of the time and let it be?
You should never pick a simple password, anyone wanting to get at your data will probably try out this list of commonly used passwords before resorting to anything more time-consuming. Even if you use the same password everywhere (which you shouldn’t), you need a strong password to protect your data. Change it now if you need to.


2) Using Public Networks without Protection.

While public networks such as those found in cafés, libraries, and airports might be incredibly convenient for you and help you stay in contact with people better while saving you money on your data plan, they can be incredibly dangerous to your online security and anyone with the right equipment (which isn’t expensive or hard to use) can take a look at what you are uploading or downloading (this includes financial data) if you are not prepared.

To be prepared, you will likely want to use a VPN, which will create a barrier of sorts around your connection and safely connect you to an outside server which will do your browsing for you and send you the data you need over that secure connection. This way no one will able to steal your data or know what you are doing.

3) Using Questionable Websites

This one doesn’t need much explanation. If a website is offering something that looks too good to be true, it is likely too good to be true. Also, make sure the website is as secure as possible, and don’t give your information to anything you aren’t 100% comfortable with.


4) Downloading Unknown Files

Whenever you download any file whatsoever, you should make sure exactly what you are getting. If you allow a file to be downloaded and activate on your computer then you are giving permission for that program to wreak havoc inside of your computer before you can possibly fix it. If you aren’t sure what it is, I can promise you that you don’t need it (or at least from that website).


5) Not Using an Internet Security Suite
This should go without saying, but you need internet security programs on your computer for it to function as a machine that connects to the internet for more than two months. A lot of people still don’t use them, and it usually leads to their ruin.


6) Not Checking and Clearing Cookies

Cookies and small programs or bits of information that are usually saved in your browser when you check a website or do something on it you want saved. Most of the time cookies are a good and useful thing that will save you time re-navigating pages you use often.
That all being said, sometimes cookies can be malicious and they might track your computer or take in data that you don’t want going anywhere. Every once in a while you should go into your browser’s options or settings (depends on the browser) and delete any cookies you don’t feel comfortable having on your computer.


7) Giving Out Too Much Personal Information

Maybe you need a strong public internet presence for one reason or another, but a lot of people don’t need to have everything out there for people to find when they are just using the internet for E-mail and Facebook. Try to figure out your own footprint on the internet and what people can find out about you if they look. Try to get rid of whatever you don’t want.

8) Neglecting to Update Your Computer

As incredibly annoying as those Windows security updates can be, forcing your computer to restart, they are usually there for a reason. If you are not updating often enough, you are vulnerable to whatever breach or loophole in the security that was patched up in the update (and that everyone knows about now that there was an update about it). Try to update any security related programs you have on your computer as soon as an update is available.


9) Failing to Keep Up to Date on Current Events

While this doesn’t mean that you need to have your head in the virtual tech newspapers every morning, you should try to stay abreast about whether any major websites are currently under attack or if there are any reports about a security leak which you might need to respond to. A quick glance over the major news sites and checking your email frequently should be enough to keep you informed.


10) Not Having a Backup Plan

Despite most people’s best efforts, sometimes there will be nothing you can do to prevent a security problem that will require your active attention. For this you should have a plan of what you are going to do and how you are going to quarantine the problem and keep your important information safe.

This means that you should try to have some backup drives in use and perhaps use a safe cloud storage program so you can restore everything you need to. Time will be of the essence, and you will not want to waste your time backing up your possible compromised files.

I hope that these security tips help you to create a strong defense against hackers and malware that intend to make your day a nightmare. Thank you for reading.

Continue Reading

How to avoid a security disaster – Hard drive recovery

How to avoid a security disaster – Hard drive recovery

Issues of ethics and professional standards aside, your business has a vested interest in keeping data safe to avoid the costs associated with losing data. In the UK for instance, firms can be fined up to £500,000 for losing customers’ personal data and be ‘named and shamed’, creating massive reputational problems that further dent the company bank balance.

Your business should already have a backup plan in place that protects data against loss, and provides a way to recover information quickly in the event of a disaster. But what happens if your main system fails and the backup is found to be corrupt?

Laptop drive recovery – usually relatively easyFor a company laptop, data recovery should not be too big an issue. For starters most data should already be stored on the company servers, meaning that minimal file recovery is required (assuming your laptop user is adhering to corporate policy!). In most cases you should be able to get data back from a failed hard disk using a standard drive recovery tool like Kroll Ontrack EasyRecovery Professional.

Modern RAID arrays – a completely different beastRAID arrays, common in just about every modern server or storage device, are famously difficult to recover in the event of a catastrophic disk failure. The way that data is written across multiple disks in an array is ingenious, improving I/O speeds and reducing the risk of loss – but it’s also the biggest problem where the number of failed drives exceed the array’s tolerance. Or when the array is accidentally re-initialized by a well-meaning but inexperienced engineer.

Received wisdom has it that where failures breach those tolerances, data is irretrievably lost – and for non-experts, that is certainly true. However in the (highly likely) event that you don’t have a low level drive specialist on the team, the best practice is to call hard drive recovery specialists to avoid any data loss.

Let’s get physicalDrive recovery is a serious business, requiring clean rooms, block sector disk copying technology, patience and a whole lot of skill. You only get one shot at RAID array recovery, and a mistake really could render data unrecoverable.

Among the steps required to get data back is the physical dismantling of drives to access platters, copy sectors from the original platters to new drives followed by the process of painstakingly piecing data back together until you have a working set of duplicate disks that can be re-inserted into the server/storage array for rebuilding.

Time vs panic
Obviously data loss and hard drive failure are a recurrent nightmare for the CTO, and on the day an array does fail, panic is a perfectly natural response. However RAID recovery services provide a ‘get out of jail free’ card – even if the process takes a day or two. Far better to face the wrath of users upset about temporary problems accessing data, than the board for losing data permanently.

So aside from ensuring you are taking regular, accurate backups and checking that they can be restored, you may want to seek out a RAID recovery specialist before you actually need to call upon their services.

Continue Reading

SECURITY TIP: Making Sure Your Business Is Safe And Secure For Customers

It’s vital that you learn how to protect your business and keep it secure. This is not just to keep your investment safe but also your customer’s sensitive information. If you lose this, you could lose their trust, and that will cause you to suffer great losses in profit. That’s the bad news. The good news is that it’s relatively simple to protect your business from theft and hacking. We suggest you take these steps from day 1 to ensure you never have to worry about these issues in your company.

SECURITY TIP: Making Sure Your Business Is Safe And Secure For Customers

   1) Use Antivirus Software
Anti virus software should be seen as your first line of defense. You need to get the best protection for your computer network that you can buy. Once your antivirus software is installed, your business will be protected from Trojan software. But, you won’t be protected from hackers or a physical attack on your business. There are other steps to take.


   2) Simplify The Purchasing Experience

Although you want your business secure, you don’t want it to be hard for a consumer to make secure purchases. If it takes too long this, will affect your relationship with the customer and ultimately could result in you losing business. To ensure this does not happen, you can use one of the many mobile identity solutions. This software will check who is making a purchase quickly based on information already obtained. If the user has a password or an account with your business they can make purchases without inputting information. This keeps your business protected while ensuring purchases can be completed with ease.

  3) Passwords And Encryptions
Of course, if you have this type of service that means you are keeping the information customers provide you with. This could be bank card details as well as personal information. It’s vital that you keep this information protected. It needs to be behind passwords and encryptions. Also, do not make the mistake of using passwords that are made of personal information. The majority of crimes are committed by someone who knew the victim.
Remember, passwords and encryptions will not always stop a hacker. But it can slow them down long enough to get caught, particularly if you have additional security.

 4) IT Support

Modern IT support teams will monitor a network and check for any digital break-ins. Hackers often leave digital footprints when they enter a computer network. If you have time, you might notice them but a business owner does not usually have the time in the day to check for these signs. If an IT support team is monitoring your system, they will see the signs and take preventive action.

5) Physical Security

Finally, remember to invest in physical security measures as well. Remember that if someone does break into your offices, they will not be looking to steal physical information. Often they will be looking to steal computer files, and that’s easier if they can access the main computer system. You can prevent this by setting up your office to deter criminals from ever considering a break in.

Continue Reading