Wi-Fi has become ubiquitous, it’s hard to go somewhere and not be able to connect or detect a network. With the large number devices that can both broadcast and receive Wi-Fi, many with no or basic level security, security of your data and device can be an issue when you’re out of the office and connecting to these networks.

Here are some ways you can protect yourself while connecting to, or using, Wi-Fi devices when you’re out of the office.

Be aware of the purpose of Wi-Fi It’s important to remember the main idea of Wi-Fi. Many people think that Wi-Fi is a secure way to access the Internet. While 99% of the time, it’s secure enough, the underlying concept of Wi-Fi is that it’s meant to be convenient before anything else. Because of this, security often isn’t as important to device manufacturers.

Unsecure at your own risk It’s a high probability that you’ve connected to an unsecure or open Wi-Fi network - no password needed to connect - before. It may be tempting to connect to open networks but you should be aware that data transmitted over the network can be stolen relatively easy. A sophisticated hacker can easily see connected devices and access them.

Think of it this way: many small businesses encourage their employees to put documents or files into a shared folder on a computer that anyone connected to the network can access. If some of these files are on a laptop you take out of the office, and no file sharing restrictions have been set, they will be shared with users of any network you connect to. If that network is unsecure, your files are fair game whether you like it or not.

It’s a good idea to connect to public networks that require passwords when possible, as they tend to be more secure. Many public networks have a legal disclaimer stating network use and security. It pays to read these before connecting.

Turn Wi-Fi off We don’t mean you should turn your Wi-Fi off permanently, rather, when you’re not using your device, or are connected to another network, e.g., mobile data, turn your Wi-Fi connection off. If you have Wi-Fi on while connected to another network, your device can and will actively search for networks to connect to and often connect to an unsecure network, unintentionally exposing your information.

Use HTTPS when possible HTTPS stands for Hypertext Transfer Protocol with Secure Sockets Layer (SSL). In layman's terms this is a website that has been built with security of user’s data in mind. Many popular websites have a HTTPS version that can be accessed by typing in https://www.sitename.com. Using HTTPS makes websites a lot harder to hack, and it’s a good idea to get into the habit of using them when on a public network or connected to Wi-Fi outside of the office.

Use data not public hotspots Hotspots are public Wi-Fi connections usually provided by a company e.g., many coffee shops have Wi-Fi, this is a hotspot. These can be unsafe, so it’s much better to invest in a data connection for your device, or a mobile Internet stick, which are considerably safer as the data is encrypted before it’s transferred from the cell tower to your device.

Use a VPN A Virtual Private Network - VPN - connects multiple computers in different locations to the same network via the Internet. Many companies use this to connect and share data with satellite offices, as the data is encrypted and secure. The main benefit to VPNs is that you can connect to a public Wi-Fi network, and transfer data securely using the network’s bandwidth. Many businesses use some form of VPN, which makes it easy for you to keep your business data secure while out of the office.

There are also VPNs that allow you to securely access the Internet via a public Wi-Fi connection, while encrypting all data sent and making your computer anonymous. It’s recommended that if you’re out of the office a lot, to look into a VPN and follow these other tips. If you’re interested, we may have a solution for you, so please contact us.

In recent months data breaches have again become a major issue to small business owners, and they’re finding it harder and harder to tell if their data is actually safe. Beyond that, there are so many different types of security out there, it’s difficult to pick a security measure that’s good for your company. One of the best ways to make your data more secure is through two factor authentication.

Two factor authentication is a method of accessing something through the use of two different “factors.” There are actually three different factors a user can use for authentication, but you only need to use two. The three factors are:

1. Something the user knows. This is the most commonly used factor in all authentication, and can be something like a password or a PIN. This also includes the security question asked when you forget your password.
2. Something the user has. This is the most common second factor of authentication and is typically a device or physical object the user has. Objects can include key fobs where you press a button to get a randomly generated code to enter, a credit/ATM card or an ID card.
3. Something the user is. This is a less common form of authentication, especially for small businesses, as it relies on a physical attribute of the user like a fingerprint.

When a company uses two of these factors to authenticate users, they are using two factor authentication. Chances are high, you already use this with your bank or another organization.

Should small businesses implement two factor authentication? In a recent report published by Verizon Business, businesses with 11-100 employees were by far the most targeted groups with 57% of data breaches. Businesses with 101-1,000 employees were the next most targeted with slightly under 10% of data breaches. The report goes on to suggest that the main reason small businesses are being targeted is because of generally lax security.

Before you rush out and implement a two factor authentication system, you need to be aware that it will not prevent all attacks, two factor authentication can still be hacked. It just takes more time and effort than most hackers are willing to invest to hack into systems that use this form of security. Before you implement any new security measures be sure to talk with your IT support provider or an expert like us, we may have a solution that fits your business.

One of the first things Internet users do when they sign up for a new service, or become a member of a website, is register a password they believe to be unique. This password is often the main form of visible security users have, and they trust websites with them. If a hacker gets hold of a password, it’s a big problem. This recently happened to LinkedIn users.

LinkedIn is a popular social media site that caters to professionals and helps them to network and find jobs. In the past few days, news stories have emerged about how members’ passwords were leaked online.

How passwords work The password you enter to access a website like LinkedIn acts as a handshake to confirm that the user trying to access the account is who they say they are. Remember the last time you signed up for a new account, and had to enter the password you’re going to use? The owner of the website stores that password in a, normally encrypted, file and tells the Web page to reference this file when you log in. If the passwords match, you’re allowed in. If not, you get the password error page.

What happened? A hacker discovered a way to exploit the calendar feature in the LinkedIn mobile app. Basically, when the calendar in LinkedIn was updated, the information, including your password is encrypted and sent to LinkedIn’s servers, which then update your profile with the information. The hacker developed a way to grab the encrypted password data for around 6.4 million users.

The hacker then published the encrypted passwords online for other people to decrypt. LinkedIn has released an update to the mobile apps to plug this leak, but the passwords are still online.

What does this mean for me? The chances of your account’s password being among the ones leaked is pretty small. However, if your password was posted, someone with programming and encryption knowledge could decipher it, and gain access to your account. If this happens, this poses a security risk as they will be able to access any and all data you have stored on that account. Beyond that, if you use the password for other accounts, they could gain access to them also.

How do I know if my password was compromised? LinkedIn knows of the leak and has taken steps to minimize the damage.

1. When you next try to log in to your LinkedIn account, you’ll get a message telling you the password no longer works.
2. LinkedIn has emailed users whose passwords have been leaked informing them to change their password. This email has no links in it, so if you get an email supposedly from LinkedIn with links to change your password, DON’T click on the link. There have been reports of such emails (with links) being sent out. These emails are phishing schemes which aim to steal your password.
3. LinkedIn will send you a follow-up email explaining more about what happened and why you were asked to change your password.

Alternatively, you can go to lastpass.com and test your password.

If you haven’t received an email, your password probably wasn’t leaked. We do suggest that, for security reasons, you change your LinkedIn password as soon as you can. You can do this by:

1. Going to LinkedIn’s website and logging in.
2. Hovering your mouse over your name in the top right corner of the window and selecting Settings from the drop down menu.
3. Clicking on Account located in the pane underneath your profile picture. If you don’t see Account click on the grey shield icon.
4. Selecting Change password and following the instructions.

If you feel that your accounts are unsecured, or would like to enhance your current security, please contact us. We may have a solution for you.

As technology and programs become more sophisticated, so do the viruses and malware that affect them. Traditional malware is transmitted as a program that users have to download onto their system. A new malware program has been developed to transmit over Facebook, and instead of infecting a system, it infects a browser, making it nearly undetectable to virus scanners.

The malware software is called LillyJade, and is available for download at underground websites. When a hacker downloads the program, they can modify it to meet their needs. They then release it as a browser plug-in (software that adds functions, e.g., the ability to automatically translate a website), to your browser. It transmits itself by sending messages to an infected user’s Facebook friends with a link encouraging them to download the plug-in.

At this time, the purpose of the malware appears to be to conduct “click fraud.” It shows fake ads on sites like Facebook, Yahoo and MSN. These ads are usually pay-per-click, which means that any time an infected user clicks on one of these fake ads, the hacker gets paid.

There are two interesting things about this program. The first is that it infects browsers, not systems. This makes it nearly undetectable to virus scanners, which scan for infected files on your computer’s hard drive. The second is that the program can be modified to run on nearly any browser regardless of the operating system.

Tips to avoid being infected Here are four tips on how to minimize the chance of being infected by malware like this.

1. Keep your browser(s) up-to-date.
2. Don’t click on suspicious links.
3. If a friend messages you with a link, encouraging you to click on it, verify with them that they sent the link.
4. Don’t install browser plug-ins, unless you’re sure they’re from a vetted source.

As with any malware threat, proper preventative measures will normally be enough to ensure that your system is safe. If you’re unsure if your system is secure, or would like to implement more robust security measures, please contact us. We have a solution for you.

July 9. That’s the date the US FBI plans to shut down the Internet, for some users at least. In January, the FBI and Estonian authorities managed to shut down one of the largest malware infections seen to date. The major feature of this malware, called DNS Changer, is that it blocked users from conducting security scans. To circumvent this, the FBI established servers that allowed infected users to run scans to remove it from their computers.

While the source of DNSChanger has been removed, essentially killing it. There are still infected users out there who may have their Internet cut off in July if they don’t deal with it by then.

What is DNSChanger? DNSChanger is a Trojan that hijacks a user's Internet, at the most basic level, the DNS. If a user enters a web address, DNSChanger will return a similar looking page, but with ads that are owned by hackers. Thus allowing them to manipulate online advertising to make money, around USD 14 million by the time they were shut down.

Aside from that, it also prevents users from visiting security websites, like mcafee.com, and downloading program and OS updates. As many as four million computers, including some Fortune 500 and government computers, have been infected worldwide.

What’s a DNS? A DNS - Domain Name System - is a cruical service that converts domain names like www.google.com into code that computers can understand. The DNS essentially makes it easier for computers to talk with one another. Without it, any program or action that uses the Internet wouldn’t work.

What did the FBI do? Because the malware affects the DNS, the FBI couldn’t just shut down the servers that the infected users’ computers talk to, as they wouldn’t be able to access any Web pages. So, they replaced the DNS servers that the hackers used with new ones. These servers will go offline in July, at which time, any user still connecting to the DNS servers, or who is still infected irregardless of their location, could be affected.

What should I do? If you’re infected by this malware, and don’t remove it by July 9, your Internet access could be shut down. To prevent this, it’s important to contact your IT service provider and work with them to ensure your systems are clean, and security’s up to date.

Update

Google plans to warn users they are infected by DNSChanger. When a user accesses one of Google's functions, like search, Google will show a message informing the users they may be infected and give some tips on how to get rid of it.

If you think your systems or network aren’t secure enough, please contact us, we are ready to help.