|The interests and cyber security needs of our customers are at the heart of everything we do. This is particularly important during these unprecedented and challenging times.
Millions of people the world over have made a sudden shift to working from home due to the current global circumstances. With our customers in mind we are developing material to help you stay safe and secure when you are online.
Protect those around you by staying connected, private and by sharing valid information.
Unfortunately, as you may be aware, cyber criminals are taking advantage of the anxieties and concerns around the coronavirus, Covid-19.
This has led to a flood of phishing mails that either attempt to steal log-in details belonging to remote workers or install malware on to a victim’s computer. Other infection methods are also being used such as websites that harbour malicious code and apps that are actually fronts for ransomware among other things.
To Protect yourself here are a few useful tips……
Lock or close your laptop when you’re taking a break, this will ensure that others in your home don’t accidently click on malware links or otherwise mess up your work.
With these tips in mind, please take an extra moment to review incoming emails, and the websites you visit to avoid becoming a victim of these attacks. Be extra careful around your online banking and financial investments and don’t be fooled by easy money. If it’s too good to be true, it usually is.
We express our gratitude to those of you who are working on the frontline to combat this virus and offer our sympathies and best wishes to those who have been impacted.
We’re in this together! Stay safe both online and offline! If you need any help with anything mentioned in this blog please get in touch.
With Kind Regards
The MPMIT Team, offering local IT support in byte sized chunks to Micro businesses and Sole Traders in the Ipswich, Bury St Edmunds, Stowmarket and the surrounding areas.
It’s The Season of the Hacker
We first published this blog post back in June of last year to warn you about hackers. However, considering the number of clients we’ve been trying to rescue from scams recently, it’s about time we posted it again.
Regardless of whether you get a phone call purporting to be from your phone company or a software giant, hang up. Just today we were called by ‘BT’ telling us that someone had hacked our router and could see all our internet searches and purchases. All we had to do was go to Google and open a site…we put the phone down at that point. And that’s what you should be doing.
Now and then the scam phone calls start.
They come out of the blue to catch you unawares.
As you go about your business, someone informs you there’s a problem with your computer – what do you do?
Before I answer that take a look at these questions:
- Would you give a total stranger the keys to your house?
- Would you give a total stranger the keys to your car?
- Would you tell a total stranger how to access your financial banking system?
I’m guessing you answered no to all of those. So how come people give a total stranger (i.e. a hacker) access to their computer?
On the strength of one unsolicited call, people allow remote access to their computers – and that means their files, photos and everything else they hold dear.
Yes, the caller is probably very polite, they will even try to make you believe they are doing you a favour and have called just in the nick of time.
But answer me this – how do they know what’s on your computer? There is no way they can tell what software you’re running, programmes or anything else for that matter, so there is no way they’ll know whether you have a virus on your machine or not.
No one from a multinational billion dollar turnover company (i.e. Microsoft) is going to phone a residential customer to resolve an issue on their PC or laptop.
When you get one of these bogus calls – and you will – do yourself a favour and hang up on them. If you want, call a trusted local company, like MPM IT and get them to check over your PC for you for your peace of mind.
When that long awaited upgrade finally comes round (or you simply must have Apple’s latest offering), you can pretty much guarantee the kids in your household will be screaming for your old iPhone or iPad.
However, it’s important that before you hand it over you do a bit of kid-proofing.
Thank you to macworld.com for the following five ways to prepare your old tech for your kids.
1. Wipe your old data
First of all, backup your old iPhone or iPad so save any data you want to keep.
Once that’s done you’re all clear to do a factory reset, which wipes your device’s storage and returns it to the original factory settings:
- Settings > General > Reset > Erase All Content and Settings
2. Create a child’s iCloud account
Even if your child is younger than 13 years old, he or she can still have their iCloud account and Apple ID. All you need to do is create the account under iOS’s “Family Sharing” umbrella. With her
Just create the account under iOS’s “Family Sharing” umbrella. Keep in mind that just because she/he has an iCloud account, they won’t be able to start web surfing, tweeting, or posting selfies on Instagram without your say-so. To set up:
- Settings > Your iCloud username > Family Sharing > Add Family Member > Create an Apple ID for a child
Then choose a payment method for App Store purchases (which you can control and block), then choose an Apple ID username and password. By default, they won’t be able to make App Store purchases without your consent. To double-check the “Ask to Buy” setting, tap Settings, tap your iCloud account name, then tap Family Sharing and your kid’s name.
3. Add restrictions
Now it’s up to you to decide what iOS features your child can use and which ones will be off-limits.
- Settings > General > Restrictions > Enable Restrictions > Create a restrictions password
Then, scroll down and disable all the iOS features you’d rather your child didn’t mess with. In the ‘Allowed Content’ section, be sure to disable in-app purchases as well as block music with explicit music and grown-up movies, TV shows and books.
In the Privacy section, you can control which apps can access location services, contacts, the microphone etc. Plus, at the bottom of the Restrictions screen, you can also disable access to multiplayer games, friend adding and screen recording for any Game Centre-ready games.
4. Hide settings, mail and other Apple apps
You can hide all those various Apple apps in a “Hidden” folder in the very last iOS home screen.
To create a home screen folder, drag one app icon on top of another, name the folder, then start dragging other app icons into the newly created folder.
5. Turn on Airplane Mode
This cuts off internet access althogether.
If your old iPhone or iPad is running iOS 6 or later, you may also want to disable home-screen and in-app access to Control Center:
- Settings > Control Center, then switch off the Access on Lock Screen and Access Within Apps settings
Although it won’t completely disable Control Centre, it will make it a bit harder to find.
Hopefully, these five tips will make sure your littles one can enjoy your old tech safely.
Ransomware and the such like is not something Mac users have had to worry about too much. Seen as a ‘safer’ option than Windows machines, the Mac user has been happily using their devices, relatively trouble free, for quite some time.
But that’s changing.
According to Computerworld:
“A new file-encrypting ransomware program for Mac OS is being distributed through bit torrent websites, and users who fall victim to it won’t be able to recover their files – even if they pay. Crypto ransomware programs for Mac OS are rare. This is the second such threat found in the wild so far, and it’s a poorly designed one.”
The offending ransomware, dubbed OSX/Filecoder.E, was spotted by security firm ESET and was developed in Apple’s Swift programming language.
It works by pretending to be a cracking tool for commercial software such as Adobe Premiere Pro CC and Mircosoft Office for Mac. However, because of programming errors, and the lack of a developer certificate from Apple, it is often blocked by newer versions of Mac OS.
The biggest problem with this malware, according to Computerworld, is:
“It generates a single encryption key for all files and then stores the files in encrypted ZIP archives. However, the malware doesn’t appear to have any ability to communicate with an external server, so the encryption key is never sent to the attacker before being destroyed.”
Sadly, malware is never going to go away, and more and more cunning scams will be developed. The best advice we can offer is to remain vigilant and never click on or download anything that you’re unsure about.
We’re grateful to Computerworld and Spiceworks for this update so we can pass it on to you to help you and your data stay safe.
Security isn’t always the first thing you think of when you get your first computer.
The excitement of getting it out of the box and working your way through the setup procedure is much more fun.
You can’t wait to get on the internet and besides, all that security stuff is just hype to get you to spend more money, right?
Online security threats are real, and if you don’t take it seriously, you could end up losing your data and watch your beloved computer slowly curl up and die.
Here are our top 10 tips for new computer owners. None of them are complicated, but they’re all important.
- Your computer is a sturdy piece of kit, but it’s not indestructible. It does like to be cleaned (see your computer’s guide), and it doesn’t like liquid or food
- Even though you write a document on your computer, it doesn’t mean it’s there forever, even if you save it – back everything up
- The best policy is not to trust anything that comes from the internet until it’s proven safe
- Saving is not automatic. If in doubt save it again
- The internet is a public entity. Only post things you’re happy for everyone in the world to know
- Don’t attempt any DIY fixes. If in doubt don’t touch your machine and get someone who knows what they’re doing (it will be cheaper in the long run)
- If you get a call from “Microsoft” hang up, it’s not them
- Get paid antivirus
- Set a strong admin password and use a non-admin account for everyday use
- Above all, if it sounds too good to be true, it probably is
If you follow those tips as you start to get to know your computer, you won’t go too far wrong.
Above all, take care of it, and it will take care of you.
Two-factor authentication is a way of adding a second layer of protection to the standard password method of identification.
It’s free and easy to use but isn’t infallible. Critics are quick to point out that because you normally have to use your phone number, it’s just one more bit of information you’re handing over to a third party. However, it is a good step towards protecting your online accounts.
How to use two-factor authentication
To help you boost your online security, here are details of how to use two-factor authentication on your favourite sites.
- Log in to your account on the website. Click on your profile icon then Profile and then settings
- On the left side of the page, click My Settings and scroll to the bottom of the page
- Find Security Key and click on Get Started to the right. You’ll have to enter your password again before continuing
- Your Security Key page will have a message that says there are no keys currently activated
- Click on the Get Security Key link at the bottom of the page and follow the prompts
- You’ll then need to enter a phone number. A confirmation code is then sent to the phone number you specify via text
- The security key page will then list your phone number, and every time you access your account you will need to enter your password and then phone number
- Sign in to your Facebook account. Click the drop-down arrow in the top-right corner and choose Settings
- Select Security in the left pane, then click Edit to the right of Login Approvals
- Next, check ‘Require a security code to access my account from unknown browsers’
- A window opens explaining how log-in approvals work
- Follow the prompts, which include adding a phone number to your account and entering a confirmation code that will be sent to your number
- You can also take advantage of the code generator feature within Facebook’s mobile applications
- The code generator is found within the app by sliding out the More menu and scrolling down to the Settings section
- There you will find a Code Generator option, which will display a six-digit code when launched
- Yahoo’s two-step verification can be setup by visiting your account settings page
- Click on Account Security on the left side of the page
- At the bottom of the list will be a switch to enable two-step verification. Sliding it to the On position will bring up a prompt asking you for your phone number
- Enter your number, then click either Send SMS or Call Me to receive a confirmation code
- Enter the code when you receive it, and you’re done
- Log in to your Dropbox account from a Web browser, then open the menu in the top-right corner and head to Settings and then Security
- Click Enable next to the Status for Two-step verification. After entering your password, you’ll be prompted to pick a method of receiving authentication codes in the future
- You’ll need to choose between receiving codes via SMS or using an authenticator app. SMS only requires a phone number, and you’re set
If you plan to use an authenticator app, follow these steps:
- Scan the barcode with your authenticator app of choice
- Enter the six-digit code from SMS or the authenticator app into box on the website
- Dropbox will show you a 16-digit code to be used in case you lose your device. Keep this emergency backup code in a safe place
- Click Enable and you’re all set
- Open the top-right menu and click on Manage next to Privacy & Settings
- On the tabs along the bottom-left-hand side, click Account > Manage security settings (bottom of the left column)
- Under Two-step verification for sign-in, click Turn On. Enter a reliable cell phone number and then click Send Code
- Enter the code you receive via SMS to log back into the LinkedIn website
- Setting up Twitter’s two-factor authentication requires you to use a computer and visit your security settings page
- Tick the box next to ‘Send login verification requests to (my number)
- If you don’t already have a phone number attached to your account, follow the prompts to add one
- With the box is ticked you’ll receive a series of prompts letting you know that the service is about to be enabled and that you need to connect your mobile phone number to your Twitter account
No security system is completely infallible, but by using the two-factor authenticator system, you’re at least taking the right steps to keep your data safe from prying eyes.
Botnets are everywhere, or at least that’s how it appears.
Barely a month goes by without news of yet another malware attack.
In this post, we want to look at one in particular – the Mirai malware.
This little blighter is causing mayhem at the moment. It is so effective and prevalent; this malicious program is infecting a number of internet-connected devices that come under the IoT (Internet of Things) umbrella.
Mirai’s goal is simple: to collect and control enough IoT devices to perform DDoS (Distributed Denial of Service) attacks.
The problem is, defeating the Mirai malware is proving difficult.
It forces infected devices to disclose default Wi-Fi passwords and Service Set Identifier (SSID) codes. This means cyber criminals could both re-infect routers and devices and use an infected device’s SSID for targeted cyber attacks.
It highlights how default passwords are enabling cybercriminals to infect and recruit connected devices for illicit, and disruptive, means.
Most recently, a modified version of Mirai managed to infect about 100,000 TalkTalk customers in the UK, and 900,000 Deutsche Telekom customers in Germany. A BBC report said that many of these infected devices might have given up their default passwords to the attacker. Much of the success of Mirai comes down to its publicly available source code, allowing any cyber criminal to create their version of the malware.
This is just another example of why it’s so important to change default passwords on routers and other IoT devices.
Getting a new computer is exciting.
Come on, admit it. It doesn’t matter how many you’ve owned in the past; you always get a buzz when unpacking a new one.
You look forward to a long and happy life together. However, the only way you can make sure that happens is to protect it from all the cyber nasties that are out there just waiting for their chance to bring your online world crashing down.
Whether you’re an old hand at owning computers, or this is your first foray into the world of the internet, here are a few gentle reminders to help you stay safe:
- Your computer is sturdy but not indestructible
- It likes to be clean
- It doesn’t like liquids or food of any kind
- Nothing is forever; just because you save a document doesn’t mean it’s there for posterity
- Start off not trusting anything that comes from the internet until it’s proven safe
- Saving is NOT automatic. If in doubt, save it again
- The internet is public, and anything you put on it should be treated as though it were broadcast to the world
- If in doubt, HANDS OFF and call someone who understands computer stuff
- If “Microsoft” call you, hang up (it’s not them)
- Get paid antivirus
- Set a strong admin password (not ‘password’) and use a normal user (non-admin) account for everyday use
- If it sounds too good to be true, it is
- IF IN DOUBT ABOUT ANYTHING SPEAK TO SOMEONE BEFORE ACTING
What is the Password Management Paradox and are you in it?
Let’s find out.
- Does your company make you change your password every 30 to 60 days?
- Do you constantly forget your passwords?
If you answered yes to both of those, you’re in the Password Management Paradox.
The problem is you’re forced to change your password to increase security. However, the more passwords you have (and the more regularly you change them) actually decreases security and here’s why.
You will potentially ignore the constant requests to change your password, or you’ll spend most of your time on the phone to your IT section resetting your password because you can’t remember what you changed it to.
So how can you keep your work and personal data safe?
Here are our three top tips to help you:
- Never use the same password twice. Yes, it’s a pain, but if you use a password on multiple sites and one gets hacked, you’re opening yourself up to a whole lot of grief because your other online data (including potentially your banking details) will be in danger
- Use complicated phrases that are easy to remember. Another paradox? Nope – an example would be using the phrase “I love MPM Computer Consultancy” but using the initial letters as your password (i.e. ILMPMCC)
- Keep track of your passwords with a password manager program
If you want to keep your data safe, you have to think smart.
Cerber ransomware is the latest scam to watch out for.
This one is a spam campaign that uses fake credit card reports to trick unsuspecting users to infect themselves.
The email they send looks like this:
Yes, there are some tells that show you it’s probably not genuine, but imagine if it landed in your inbox on a particularly busy day – are you still convinced you’d pick on the signs?
The attack is executed by the user opening the Word document attachment and enabling macros. One step you can take to keep yourself safe, if feasible, is to make Office macros disabled by default.
If you can’t do that or worry that someone might enable them again, the best course of action you can take is to circulate the image above so everyone one in your organisation knows what to look out for.
According to Spiceworks, Cerber is currently doing the rounds so stay vigilant.