The Internet is still really in its infancy, but it is seeing a dramatic increase in the number of users. Unfortunately, this growth has also meant an increase in the number of cyber criminals and attacks against websites. The latest major attack was perpetrated against LivingSocial. If you have an account with this website, you may want to pay attention.

LivingSocial is a daily deals website that focuses on bringing bargains and original deals to users based on their geographical location. In late April, news broke that the website had suffered a massive cyber attack with 50 million accounts being compromised.

From the reports we have seen, the attack targeted accounts world-wide with only account holders in Thailand, Indonesia, South Korea and the Philippines being unaffected. An email sent out shortly after the incident by Tim O’Shaughnessy, LivingSocial’s CEO, said “We recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue.”

The company assured users that their credit card data had not been compromised, as they are kept in another database. Account passwords were also encrypted, which means they are harder to crack but not impossible.

So what should you do?

If you have a LivingSocial account, we recommend that you login and change your password immediately. This can be done by:

1. Going to LivingSocial’s “forgot your password” page.
2. Entering the email address you used to sign up for the account.
3. Pressing Reset Password.
4. Checking your email for an email from LivingSocial and following the instructions in the email.

It is advisable to pick a new password that is as different as possible from your old password and, as always, the longer, the better.

How can I protect my company from attacks?

If you are a business owner who has websites that encourage customers to sign up for updates, accounts, etc. you may be wondering how you can keep your user’s information secure from cyber attacks.

In truth, you can’t keep your important information 100% secure. If a hacker is committed to cracking into your site, they will eventually be able to get the information they need or wreak whatever havoc they wish. But what you can do is to make it as hard as possible for cybercriminals to get your information. This could be as simple as using multiple databases to store different bits of information, or as complex as using the latest encryption methods and systems.

Each business is unique, and the best way to ensure your valuable data is secure is to work with an IT partner who takes the time to get to know your security needs and develop a solution that is as near to 100% secure as possible.

If you are worried about the security of your systems, contact us today. We may have the perfect solution that will meet your needs and budget.

The most often heard computer myths usually involve malware, and more specifically the computer virus. Many of us are familiar with the concept but have a tough time distinguishing between what is true and what isn’t.

Here are five common myths about viruses and the truths associated with them. But before we delve deeper we first need to define just what a virus is, and what it isn’t.

A virus is a computer program that infects a computer and can generally replicate itself in order to infect more computers. Most viruses aim to create havoc by either deleting important files or rendering a computer inoperable. Most viruses require that the user take some action in order to be installed, and thus are usually disguised as programs, browser plugins, or some other executable file.

You may hear the term malware used interchangeably with virus. Malware is short for malicious software and is more of an umbrella term that covers any software that aims to cause harm. So then a virus can be said to be simply a type of malware.

Myth 1: Error messages = virus
Many users think that when their computer shows an error message, or when it crashes, they must have a virus. In truth, these errors are more commonly caused by bugs in the software, a faulty hard drive, bad computer memory, or even issues with your virus scanner software. Even so, when you do see error messages, or your computer crashes while trying to run a program or open a file, it is a good idea to scan for viruses just to rule them out.

Myth 2: Computers can infect themselves
It’s not uncommon to have clients bring in their computers exclaiming that a virus has magically appeared on the system all by itself. Despite what some may believe, viruses cannot infect computers by themselves. Users have to physically open an infected program, or visit a site that hosts the virus and download it.

To minimize the chance of being infected you should steer clear of any adult oriented sites or torrent (i.e. file sharing) sites – they are often loaded with viruses. A good rule of thumb is if the site has illegal or adult content, it likely has viruses that can and will infect your system if it is visited, or if you open files downloaded from it.

Myth 3: Only PCs can get viruses
If you read the news, you likely know that many of the big viruses and malware mostly infect systems running Windows. This has led users to believe that other operating systems like Apple’s OS X are virus free.

The truth of the matter is that all systems could be infected by a virus. It is true that the vast majority of viruses are written to target Windows machines, simply because most computers run Windows. That being said, there is an increasing number of threats to OS X and Linux, as these systems are becoming more popular. If this trend keeps up, we will see an exponential rise in the number of viruses infecting these systems.

Myth 4: If I reinstall Windows and copy all my old files over, I’ll be ok
Some believe that if their system has been infected, they can simply copy their files onto a hard drive, or other backup solution, reinstall Windows and then copy their files back and the virus will be gone.

Generally speaking, wiping your hard drive and reinstalling Windows will normally get rid of any viruses. However, if the virus “container” is in the files you backed up, your computer will be re-infected when you move the files back and open them. The key here is that if your system is infected, you need to scan the files and remove the virus before you put them back onto your system.

Myth 5: Firewalls protect networks from viruses
Windows comes with a firewall built into the OS, and many users have been somewhat misled as to what it actually does, assuming that firewalls can protect from viruses. That’s a half truth. Firewalls are actually for network traffic. Their main job is to keep your network and the computers connected to the network secure. They don’t actually scan for viruses.

Where firewalls can help is if a virus is sending data to a computer outside of your network. In theory, a firewall will pick up this traffic and alert you to it, or stop the flow of data outright. Some of the more complex viruses actually turn off the firewall, rendering your whole network open to malware attacks.

What can I do?
There are many things you can do to minimize the chances of infection. The most important is to install a virus scanner on all of your systems, keep it up to date, and run scans regularly. But this defensive strategy isn’t enough. You need to be proactive by:

• Not installing programs from sources you don’t know or trust
• Being weary of any program that asks you for your password
• Not installing any browser add-ons or plugins suggested by websites. Instead, download them from the browser’s app store, or the developer’s website.

If you are worried about the security of your systems and network, call us today. Our security experts can work with you to craft a plan that will meet your needs.

The Internet has seeped into nearly every aspect of our daily lives. It’s hard not to be connected these days. Think about the number of websites you have accounts with, and the services that they all provide. In return, all of these sites now have some form of personal information of yours. The question is, what exactly do these sites do with your information? The answer lies in the Terms of Service documents, which are always evolving and hard to keep track of. Luckily, a new website makes it a lot easier to monitor all of these changes.

Terms of Service for websites change on a fairly regular basis, and many of us simply have no way of knowing if and when such changes have been made, and what exactly has been changed. That’s why a group of lawyers and professionals started Docracy. According to the website, “Docracy is a home for contracts and other legal documents, socially curated by the communities that use them.” The company aims to make legal documents freely available.

Part of this site is the Terms of Service section which is a database of over 1,000 popular websites’ Terms of Service and Privacy policies. It tracks them and notes when changes are made, and highlights these changes so they are easily found.

If you visit the site, you can see a list of changes that companies have recently made, and clicking on one option should give you basic change information. Clicking on See Full Changes will bring up the full doc with the recent changes highlighted.

Selecting See Full Directory will bring up every policy that the website tracks, and allow you to read them.

Is this useful for my business?
Online law is very complicated, and many companies that run websites on which you may have accounts don’t often make it easy for you to find legal contracts or policies. A good example of where Docracy can be helpful is if you want to know who exactly owns the content you have stored on a popular cloud service. You can go to Docracy’s database and quickly find the related Terms of Service. From there you can download the document and look through it, or view it on the site.

This site can help you get a clearer picture on the various contracts you sign with websites, and how these websites plan to use your data. For many business owners, knowing exactly what other companies are going to do with your data can help you find a more secure solution, if needed. After all, being prepared with the correct knowledge is half the battle.

If you would like to learn more about Docracy, or how a change to a Terms of Service could affect your business please contact us today.

The Internet has become ingrained in nearly everything we do, and with social media sites growing in popularity, most users seem to be more than willing to share their personal and private information online. While sharing “too much information” online can do damage to your personal reputation, it can also open the door to identity theft and other risks, which highlight the need to secure your online information.

Here are three things you can do to help secure the personal data you share online.

1. Realize your online actions are risky
Read any tech related blog, or even syndicated news articles, and it’s not hard to see that identity theft and cybercrime in general is not only serious, but on the rise. Sharing your information online is risky. As with any plan, the first step is realizing that there is a problem that needs to be fixed. The first step is to educate yourself about online security, and what steps you can take.

For example, here’s a recent article about how different age groups react to Facebook changes, and if they take steps to minimize who can view their personal data. It’s kind of interesting to see that the younger generations take more steps to secure their profiles than their parents, yet you still see people with reputation-damaging pictures that can be viewed by anyone.

2. Take matters into your own hands
There are further actions you can take to minimize any dangers:

1. Don’t rely on websites to keep you secure - Websites like Facebook are companies. They exist to make money. How do they do it? Often by selling personal information you have given them. That’s not saying site owners don’t look out for their customers’ best interests – many do. But users need to dig deeply in their profile and privacy settings on these sites and ensure their information is satisfactorily secure.
2. Provide the least amount of information possible - Think about the last time you joined a social network, or mailing list. You likely were asked to provide your name, address, birthday, etc. Did you know that you don’t have to provide all the information requested? Most sites only require your name and birthday, the rest is optional – usually used to provide better service or targeted ads. Many sites will put an asterisk beside required information to let you know which items you absolutely have to share.
3. Think twice before signing up – It’s a good idea when signing up for a new account to think twice. Do you really need this account? Or can you get by without it?
4. Use separate email accounts and passwords - Setting up different email accounts is a good idea. One should be for personal use, so the address is given only to people you know. Another could be for all of your online accounts, with a final one strictly for password recovery. It would be best to make the addresses are as different as possible. Beyond that you should have separate passwords for each account and every service. This will limit hackers from being able to gain access to multiple accounts.
5. Secure your browsing – Almost every website that asks users to sign up for accounts offers a secure version of the site. Enter https://www. before the site address, e.g., https://www.facebook.com. https is a secure communications protocol that ensures one is communicating directly with the website – you’re actually looking at Facebook, not a phishing site designed to steal passwords.

3. Encourage others to think
It’s not enough to just take action yourself. Encourage colleagues, friends and family to take steps to protect their online information and identities. There are many great ways to help spread the word about safety, including the National Cyber Security website, which has information on Internet related security. Check it out, and share it!

If you would like to learn about how we can help you keep your information and data safe online, please contact us today for a comprehensive solution!

The number of tech gadgets the average person owns keeps growing, as has the number of criminals targeting high value goods like laptops and smartphones. If one of your devices does go missing it can mean losing or exposing important data, both personal and business. To help increase the chances of finding a lost device you can install a program that tracks it.

Prey is an Open Source – i.e. free – program that you can install on your computer or mobile device and use to track it down if it comes up missing or stolen.

How it works
First you have to download the software onto your computer (Windows, Mac and Linux are supported), and sign up for an account. You have a couple of options here. You can either sign up for an account with Prey and access a control panel through the website, or install it as a standalone, an option which is recommended for advanced users as it requires some server configuration.

If you chose to go with the Web option, sign up for an account and install the software, then register your computer, along with any Android or iOS devices. Once you have downloaded Prey and linked them together, you are ready.

If your device becomes lost, log into the Web Control Panel on Prey’s site and report it as missing. You can also turn on different actions which allow you to track the device’s location, network status and hardware usage. There are also other options like the ability to snap a picture using the webcam (if the device was enabled with one), or even sound an alarm. You can even lock the system or phone, ensuring people can’t access it.

For mobiles, you can send a text (from the Web Control Panel) which will initiate the established options you have pre-set for when your phone goes missing.

How Prey finds your device’s location depends on the device. For laptops, it can turn-on your Wi-Fi connection and try to connect to the nearest access points. It can take the IP address of each Wi-Fi access point and from there get an approximate location – in some areas as close as 200 feet. On your phone, it turns on the GPS (if available) and tries to connect to Wi-Fi networks in range. These two combined can generate a fairly accurate location.

All this tracking information is sent to your inbox in the form of a report, which can be tailored to meet your needs.

What makes this program different from other similar ones is that it can be installed across multiple platforms and managed from one account. It’s also free, which makes it even more attractive. There is a Pro version which allows you to track more devices, for a monthly fee of $5 for 3 devices, right on up to $399 a month for 500 devices.

Prey is just one of the many device tracking programs, and installing one may give you a greater chance of retrieval if your phone or computer is lost or stolen. Do you use one already? If so, which one?

If you would like to learn more about Prey and other device tracking programs please let us know, we may have a great solution for you.

Network and device security is an issue every business manager faces. There is a near constant stream of new threats emerging, the majority of which are targeted at software. A recent threat uses a new tactic. It is hardware based, and it puts millions of systems at risk.

At the end of January, numerous news and tech media services issued warnings about UPnP (Universal Plug and Play) enabled devices. This is a potentially big issue because of the widespread adoption of these devices and the fact that many of them have little to no security measures, which could open whole systems to attacks. So what is UPnP and how can it leave your business vulnerable?

UPnP defined
UPnP is a protocol or code that allows networked devices like laptops, computers, Wi-Fi routers, and many modern mobile devices to search for and discover other devices that are connected to, or want to connect to, the same network. UPnP protocol also allows these devices to connect to one-another and share information, their Internet connection, or media.

A good example of UPnP in use is your laptop. When you first connect your laptop to your router, you likely have to enter a password and maybe even the router’s network name. Without UPnP you would have to find the network and enter the password each time you want to connect to the Internet. With UPnP, your laptop can automatically connect whenever it’s in range.

Why is UPnP a security threat?
UPnP has been in use for the better part of seven years, and has since come to be found in nearly every device that connects to the Internet. While UPnP was written for devices such as Wi-Fi routers that are targeted at the home user market, many businesses also use these devices because home user hardware is often easier to set up and less costly than their enterprise counterparts.

Because of the sheer number of devices that use this protocol, and the fact that it’s engineered to respond to any request to connect to the device, it makes sense that this could be a security issue. A recent study tested the security of UPnP and revealed some interesting results.

Rapid7, the company that conducted the study, sent UPnP discovery requests to every routable IPv4 address. – IPv4 (Internet Protocol version 4) is a set of protocols for sending information from one computer to another on the Internet. A routable IPv4 address is one that can be contacted by anyone on the Internet. They found that over 80 million addresses used UPnP, and 17 million of these exposed the protocol that enables easy connection to the system or device. This can be easily exploited by hackers.

In other words, 17 million systems, many of which could be businesses, are open to attack through a UPnP device. This security threat opens networks to attacks such as “denial-of-service,” which make resources, including the Internet, unavailable to the target.

Can we do anything?
Most experts are recommending that you disable UPnP on your networked devices. The first thing you should do however is to conduct a scan for vulnerable UPnP devices on your network. Tools like ScanNow (for Windows) can help you search. For many, this is a daunting prospect, as the chance of creating more issues is just too great.

We recommend contacting an expert like Providence, who can conduct a security analysis and advise you on steps you can take to ensure you are secure. If you use UPnP devices, or aren’t sure whether or not they are present in your office, and are worried about the security of your systems, give us a call today. We may have a solution for you.

Internet technology is constantly evolving. Many programs that helped the early Internet to expand and become what it is today are still in use, and they stay relevant by issuing updates that often bring more functionality while meeting the evolving needs of Web developers and users. One program, however, has experienced a number of security issues in the past year that have prompted experts and government departments to recommend that users disable it.

That program is Java – a programming language and application that allows developers to create web applications, and users to view much of the visual content and animations on the Internet. The problem isn’t with the programming language per se, but with the application developed by Oracle Systems.

Oracle released an update to Java – Java 7, Update 10 – in December, that was found to have some serious security flaws. These issues were quickly spotted by hacker groups who released exploit kits – software making it easy to exploit Java 7′s security weaknesses – that gave hackers full security privileges. This exposed any computer running Java 7 to potential malware and attack. Because Java runs at the browser level, any OS could be targeted. To make matters worse, 30 security flaws were patched back in September, after nearly 1 billion computers were found to be at risk.

It’s this string of security red flags that had the US Department of Homeland Security issue a warning that users should disable Java on their browsers. In response to this, Oracle updated Java again, to Java 7, Update 11 on January 12, and noted that the security flaw had been fixed. Many experts, including those at the Department of Homeland Security, aren’t convinced and are still suggesting that users disable Java because new vulnerabilities will likely be discovered.

So, how do I disable Java?
Chrome users

1. Open Chrome and enter Chrome://plugins/ in a blank tab’s URL bar.
2. Find Java (TM).
3. Click Disable.
4. Restart Chrome.

Firefox users

1. Open Firefox and click Tools from the menu bar at the top of the screen.
2. Select Add-ons followed by Plugins.
3. Find the Java plug-in, it’s usually called Java Applet Plug-in (Mac) or Java(TM) (Windows) and click Disable.
4. Close and restart Firefox.

Safari users

1. Open Safari and click File followed by Preferences.
2. Click the Security tab.
3. Uncheck the box that says Enable Java.
4. Close and restart Safari.

Internet Explorer users
There is no way for you to disable Java in the browser, you will instead have to completely disable Java from your computer. This can be done by following the steps on the Java website.

If you do disable Java, some websites will no longer work. This can be a bit of an annoyance, but in all honesty, security of your systems is more important, not to mention avoiding the potential costs of dealing with a massive malware infection. Besides that, many websites no longer use Java, so you can probably get by without it. At the very least, we recommend you download the latest update from the Java website and apply it to all computers.

One issue that we need to be clear about is that these security flaws are part of the Java plug-in. You may see something on your machine called JavaScript. While the name sounds similar, they are different. JavaScript is largely used in HTML documents and is secure. If you do run across it, it’s best to leave the script alone.

If you would like to learn more about this update, you can visit an excellent FAQ here. Before you do update, or disable Java, we recommend you contact us. We can help advise you on what steps to take next if you use Java.

Social engineering – the act of manipulating people into giving up confidential information – has long been a threat to businesses. One of the more common social engineering tricks, in terms of IT, is scammers posing as Windows technicians who call Windows users and try to trick them into believing their computers have viruses, and that they need to pay to have the problem fixed.

These scams have long been a part of the Windows environment. Despite users being fully aware of these attacks, some people are still falling into the trap.

These deceptions generally follow the same formula. A person calls you pretending to be from a Windows technical team at Microsoft. The scammer tells you that they need to renew their software protection licenses to keep their computer running.

Most of the time, these scammers spread the conversation out over a number of phone calls and emails, the goal being to gain the trust of the user. Once trust is established, or the user seems interested enough, the scammer will offer a seeming sweet deal: They will offer a service that will make your computer run like new, usually for a seemingly reasonable price.

The scammer will then use remote PC support software to show you ‘problems’ your computer is having. They will usually show you the Windows Event Viewer – a part of the OS that shows errors, usually harmless, that your computer has generated. The scammer will then convince the user that these errors are harmful, and if you have paid, they will make it look like they are cleaning your computer.

If you give them your credit card number, you will likely see ridiculous charges, or even have people trying to access your accounts.

What’s being done?
Governments are aware of this increasingly common trend, and some organizations, like the FTC, have taken measures to shut down scammers. This article from ars technica gives a good overview of what exactly the FTC is doing, while another article provides a first-hand account of how the scammers operate.

What can we do?
While action is being taken, these scams continue. Here are five tips to keep in mind when you suspect a scam is at play:

1. Microsoft doesn’t call people.
2. Windows Event Manager is a log of errors for ALL programs.
3. Microsoft employees will never ask for your passwords.
4. Most of these scammers operate out of call centers in India, but bill your account from the US.
5. Microsoft employees won’t usually ask you to install software that’s not made by Microsoft.

If the person calling you provides you with a website, do a quick Google search to see if there have been any scam reports related to that URL. And as a general rule of thumb: If you get an unsolicited call about your computers and IT security, it’s likely not genuine.

Security of a company’s network and systems is big business. After all, you don’t want your sensitive important information shared or stolen. While you take steps to ensure your systems are secure, there is one area you can’t really control: social media. Hackers aren’t stupid, and they have taken to these services in droves, looking to take advantage of unwary employees. It’s important to develop a policy that educates your employees on ensuring that their use of social media at the office supports a secure organization.

Here are five things you should integrate in a social media policy to ensure social media is conducted in a secure manner.

• Log in using HTTPS - HTTPS is a type of transfer protocol that ensures the data is transferred in a more secure manner between networks. Many websites like Facebook, Google, etc. support HTTPS, and you should ensure that you use it. To use HTTPS, you simply put an S at the end of the usual http address in the URL bar of your browser. I.e., https://facebook.com will open a more secure version of Facebook. By using HTTPS you can eliminate Man-in-the-Middle attacks and other similar types of phishing.
• Don’t share personal information – This might seem like a no-brainer to some, but there are still users out there who love to share their personal information. It’s important to remember that social media is all about being social. Most information you share can be viewed by others. The last thing you want is a hacker getting a hold of all of your contact info, etc. It’s a good idea to limit your contact information and never give it out over social media.
• Update privacy settings - Social media sites, and the companies who run them, love to tinker with security settings on a fairly regular basis. This has led to a number of users being caught unaware of their security settings. It’s a good idea to ensure that all of your profile information is private.
• Watch what you click on - Take a look at any service and you’ll notice that the vast majority of content contains links. This is where hackers are starting to target, by placing malicious software connected to links, or hijacking accounts and sending links to users to get them to click on them. Tactics like these need to be highlighted, and you should tell your employees not to click on any suspicious links. If they receive links from friends that seem uncharacteristic, it’s a good idea to not click on them.
• If you don’t know them, they aren’t your friend - Yes, social media is about connecting with people. However, when it comes to personal accounts, you should encourage your employees to be judicious in who they connect with. In general, if they don’t know the person who has just tried to add them to their network then it’s advisable not to do so.

The five tips above are just a few things you should include in a social media use policy in the office. It’s important to have a solid policy if you want to ensure that your network and data remain safe from potential threats from social media. Looking to learn more about safety and security of your networks? Contact us, we may be able to help.

A common expectation of the younger generation entering the workforce is that the technology they use is unrestricted. They want to be able to access social networks and YouTube, and to personalize their systems by downloading favorite apps, backgrounds, etc. Many companies have obliged and give all users administrative access to their computers. However, a recent survey has highlighted that this could create real problems.

According to the survey, conducted by Viewfinity, 68% of the 600 IT professionals surveyed don’t know who has administrative access to computers in their office. While this survey looks at the numbers from the IT viewpoint, it’s highly likely that many business managers don’t know who has what level of access rights to which computers.

The survey also found that 20% of respondents noted that between 15% and 30% of users in their company had administrative rights. Is this a bad thing? Yes and no. Some users need to have full access to their systems, especially if they manage other systems, while others don’t.

Is this a big deal?
One of the biggest drawbacks of unnecessary access privileges is security. If users have more access than they need, the chance of a security breach is higher. For example, malware on a locked down system likely won’t spread to other systems in the network without direct transmission. Similarly, if a user can’t install programs because they lack the administration privileges, malware, for the most part, won’t be downloaded and installed.

If a user with full administrative privileges downloads and installs a piece of malware, it can be very easily transmitted to other systems on the netork. In fact, one of the main tactics hackers use to gain access to networks is through exploitation of administrative rights. They first look for an unsecured computer with administrative rights, hack it, and then follow the chain up to more vital network systems.

What can we do?
While the survey was largely centered around IT professionals, business owners can learn from these findings too. They should take steps to audit their network and figure out who has access to what. Then they need to validate the findings and ensure that all users have an appropriate level of access privileges. If some employees have no need to download and install programs, then they likely don’t need administrative access privileges.

If this sounds like a chore, we suggest you work with a service provider like Providence who can help determine not only the type of access each employee should have, but also determine the appropriate level of security and management that is needed to ensure a more secure organization. If you’re unsure of who has access to what, please contact us, we are here to help.