Internet Safety

Top 5 Risks When You Stay with Windows 7 this 2020

Top 5 Risks When You Stay with Windows 7 this 2020 1920 1280 Greenlight Managed IT Support Services | Sydney | Melbourne

Windows 7 End of Life

Microsoft will no longer be supporting Windows 7 after a ten-year stint—as announced last December 16, 2019.

The purpose of this direction is for the tech giant to pour its ample resources into more lucrative, newer technologies. Essentially, Microsoft has squeezed as much juice as it can out of Windows 7. It doesn’t make sense for them to continue providing technical assistance and software updates that protect PCs using the outdated program.

The Impact on Your Businesses

First and foremost, Windows 7 is still being used on 39% of all PCs.

And a year from now in January 2021, Windows 7 will be used on 18.7% of all PCs, which accounts for around 281 million machines.

What does that mean, exactly? That even at under 20% of total usage on PCs, there are still over 280 million systems with Windows 7 in place. At such a vast number, it’s fair to guess that small to medium businesses make up enough of those totals. Especially since many owners might wish to sidestep the costly nature of upgrades.

Though, with the removal of all support for the system, keeping Windows 7 installed will end up being more costly than merely paying for the upgrade to Windows 10.

So, as a business owner or stakeholder who may still be using Windows 7, you’re likely interested in knowing what might happen after neglecting to upgrade.

Let’s examine some of the most significant risks involved in continuing to use Windows 7 on your PC and how it can affect your workplace:

The Top 5 Risks of Staying with Windows 7

Risk # 1.      No More Technical Support

Last year, Microsoft patched 29 Windows 7 vulnerabilities in April alone.

Of those vulnerabilities, 6 were rated critical with the other 23 being deemed important.

Think about it, that’s one month alone—and the only reason those changes were made was due to an extended support phase focused on fixing flaws. Those snafus on Windows 7, since it’s an older system, have continually surged over the years. Now, without support, these issues will be seemingly never-ending.   

Risk # 2.      Heightened Cybersecurity Risk

Studies from 2018 about cybersecurity in small-and-medium-sized businesses reported that 67% of survey respondents experienced some form of cyber-attack. On top of that, another 58% went through a data breach with employee or customer information.

These stats prove that businesses are already susceptible to these attacks. With Windows 7 now lacking the infrastructure to deal with these issues, if you don’t upgrade, the consequences could be disastrous.

Risk # 3.      Additional Costs

On a per-system basis, it’ll be possible to receive extended security support. However, there’s an additional fee paid to Microsoft per computer to obtain the appropriate security updates. Furthermore, the dollar amount owed to Microsoft will double every year and caps out at a maximum of three years.

The price begins at $50 per machine—meaning by 3 years it’ll be $150 per device. If you have around 10 machines, that can prove quite costly.

Risk # 4.      Falling Behind the Competition

As Windows 7 becomes more obsolete, more businesses will be using Windows 10. 

As technologies keep improving, functionality enhances. If you’re on an outdated system, the slower it’ll run, and it’ll be less equipped to handle the state-of-the-art tools that’ll keep you ahead of your competitors.

Risk # 5. Frustrating Your Team

When your employees end up with inferior technology, their morale tends to suffer. For many staff members, it can be a bad look when you fail to equip them with systems, programs, and software that isn’t – at the very least – up to date.

If you don’t update to Windows 10 soon, your team might get the idea that you aren’t invested fully in their success. From there, frustration brews, work tends to be negatively impacted, and you’ll have an office full of employees at their wit’s end.

The Very Real Problem of Malware in the Workplace

As technology keeps reaching new heights, so does its propensity to be malicious and dangerous. Businesses far and wide must be eternally vigilant in the face of these threats that can damage both their reputation and bottom line.

For instance, recently, Landry’s, Inc., an American, privately owned, multi-brand dining, hospitality, entertainment, and gaming corporation, identified malware on its payment processing system.

The malware was designed to access payment card data from cards used in person. Interestingly, the card data wasn’t readable due to the end-to-end encryption technology used at points-of-sale. So, the malware was prevented from accessing payment card data.

Although this hasn’t occurred on a Windows 7, these attacks come from everywhere when sensitive information or money is involved. As proven by Landry’s, with state-of-the-art systems in place, these cyber breaches situations can be nipped in the bud.

So how do you mitigate these risks?

The short answer is to move to Windows 10 to receive the full support from Microsoft. This can be done by upgrading your operating system on your existing PC’s, assuming your hardware is capable of handling the demands of a modern operating system. If you PC is more than 3 or 4 years old, it is probably more cost effective to simply replace the PC.

Why it is Important to Secure Your Remote Desktop Server

Why it is Important to Secure Your Remote Desktop Server 1280 720 Greenlight Managed IT Support Services | Sydney | Melbourne

With a rise in employees working from home in recent years, there has also been an influx of cyber attacks on the very system that makes that possible.

Perhaps you’ve used Remote Desktop Protocol (RDP) for work or have had to resort to it when dealing with customer support. If either is the case, the first time you ever used it might have been something of a worry. Allowing a stranger full control of your computer via a desktop interface? Sure, that doesn’t sound sketchy at all.

However, it actually isn’t sketchy. Microsoft designed RDP to facilitate secure data transfer from one computer to another. In both theory and practice, RDP has shown itself to be one of the most integral technological inventions of the last couple of decades. This is most notably the case within the healthcare industry, whose existence relies on patient confidentiality.

Although where hackers are concerned, the turn of phrase, “This is why we can’t have nice things” also comes to mind. The FBI reported recently that, since 2016, RDP attacks have been becoming more and more frequent. These brute force attacks aim to collect data such as names, dates of birth, insurance numbers, which the hackers then sell on to the dark market.

But with more and more companies understandably turning to RDP to cover their workloads, this is a threat that has to be dealt with before it’s too late. That said, the solutions to securing our remote desktop servers, are also in our hands.

The Many Uses of RDP

There are plenty of reasons why companies and individuals resort to RDP. For one, the ability to connect to and control one computer from another means that not every worker should have to go into the office. In the same vein, business travelers can stand to use it for that very same reason.

If you’re traveling for work or want to work while on vacation and work for a company, you’ll need access to your files. Particularly so if those files are confidential. This is where RDP really stands out. Not only can you access your work computer from anywhere in the world, but you can do so from home, too.

Administrators also benefit heavily from RDP. Many large-scale technology companies use it to aid their customers with any problems they might be facing. Additionally, if you’re out of the office for one reason or another and the software or hardware fails, you can fix it from your own computer.

RDP is a helpful and convenient tool for businesses the world-over.

So then where do the hackers come into it?

How Attackers Compromise RDP

Ransomware such as CrySIS, CryptON, and SamSam among others have been utilized and spread through RDP. Most of these attackers use what is known as the brute force method.

The problem with brute force is that attackers don’t necessarily have to be professional at what they do. On the contrary, brute force attacks are literally just trial-and-error.

Brute-force is also, however, time and resource consuming. Its success relies on patience, perseverance, and volume rather than some magic algorithm. What this means for us is that we can take measures such as complex passwords to protect against them.

Securing Your Remote Desktop Server Against Brute Force

Brute force attacks usually begin with the attacker scanning a list of IP and TCP port ranges to find a port that’s open. This is the time-consuming part. Once the attacker has gained access, however they’ve done it, they can start to unleash malware chaos on your server.

That said, brute force attacks really do depend on the measures you have or haven’t taken in securing your desktop. By rectifying your mistakes, you can successfully keep attackers out.

Solutions

Whitelist Your IP Address

Whitelisting an IP is a simple way of preventing RDS attacks. However, it’s also simple enough that it won’t block every attacker who is trying to get in, such as the case with roaming users. Whitelisting your IP address restricts outsiders from gaining access. In order to do this, you need to set up inbound rules on your firewall, and/or your RDP server.  For example:

  1. Connect to your RDP server
  2. Open Windows Firewall with Advanced Security
  3. Click Inbound Rules
  4. Find and right-click the RDP Rule
  5. Go to Properties > Scope

Inside of the Scope tab is where you’ll create your IP restrictions.

  1. Under Remote IP address, check These IP addresses
  2. Click Add…
  3. Type your IP address in the top field
  4. Hit OK

Note: If you want to add an IP range instead, click This IP address range and input said range.

Deploy an RD Gateway

Remote Desktop Gateway servers give RDP users a more secure and encrypted connection. Having an RDG lets you share your network connection with other programs, enabling an ISP connection that steers off unwanted outsiders.

To do this, you first need to go to your service manager within your RDP.

  1. Go to Server Manager > Remote Desktop Services > Overview
  2. Under Deployment Overview, click on the green RD Gateway icon to install it
  3. Choose the server on which you want to install the role
  4. Enter your external FQDN (fully qualified domain name) in the SSL certificate name box
  5. Hit Next >

Once your RD Gateway is installed, you can configure certificates and properties. In properties, you can set up rules such as maximum simultaneous connections and further SSL bridging. This should leave your RDP network to your RDP team.

Multi-Factor Authentication

It’s likely you’ve heard of two-factor authentication already, even if you’re not a software professional. Companies like Apple, Google, and Amazon are all quickly adhering to this forward-thinking way of ensuring the security of their users.

Multi-factor authentication can also be used in conjunction with the two methods above, tripling down on your high-security RDP forcefield for better protection. In short, MFA allows you to login to your RDP and then authenticate that login by other means such as SMS, automated phone call, email or an app on your phone.

Once authenticated by your second device, you and only you can partake in that session.

Use a VPN

Installing a VPN helps administrators to limit unauthenticated users. With software like FortiClient.  SSL and IPSec VPNs are used to provide a secure and reliable solution to attempted RDP attacks without the user needing to know the nitty-gritty on security and protection.

Once your remote desktop server is secure, you can continue to work from home or from the beach, if you want to.

It’s always better and cheaper to protect yourself and your company in advance.  To learn more about IT Security, please contact us.

Notice of data breach laws

What Australia’s New Mandatory Data Breach Notification Laws Mean For Your Business (And What You Can Do About It!)

What Australia’s New Mandatory Data Breach Notification Laws Mean For Your Business (And What You Can Do About It!) 715 509 Greenlight Managed IT Support Services | Sydney | Melbourne

On February 22nd , 2018, Australia’s new Mandatory Data Breach Notification Laws come into effect, mandating a legal requirement to disclose information on any serious data breach, both to the affected individuals as well as to the Privacy Commissioner. The current penalties for non-compliance under this regulation range from $360K for an individual to $1.8M for a corporation, but it has been proposed to raise these amounts to $420K and $2.1M respectively, effective July 1, 2017.

Who Does the Data Breach Law Apply To?

Businesses that must comply include any organizations that are governed by the Privacy Act, including:

  • Government agencies
  • Not-for- profits with an annual revenue of more than $3M
  • Businesses with an annual revenue of more than $3M

And additionally, it applies to specific types of businesses with a turnover of less than $3M, which include:

  • Private sector healthcare and related businesses (including weight loss clinics, fitness centres, chiropractors and other alternative medical practices)Private schools and private education institutions
  • Private schools and private education institutions
  • Child care centres
  • Credit reporting agencies
  • Any business that buys or sells personal information

Individuals who handle personal information in their course of doing business (including insurance brokers, bankers, accountants, attorneys, health insurance providers)

How Will This Change the Way I Do Business?

After the laws come into effect, you will be required to report any relevant data breaches to the Australian Privacy and Information Commissioner. You must also notify any individual whose private information may have been compromised.

Not all data breaches, however, will require notification. There must be a reasonable expectation on your part that the data in question has been lost, accessed, or disclosed unlawfully and without authorization, and that this would potentially result in harm to the individual or individuals in question.

Harm, in this sense, can mean a variety of things. It could be psychological or emotional in nature, in the sense that personal information is exposed that reveals something the person did not want to be known, such as a serious disease, or other personal health details. The harm caused could be financial or professional in nature, such as the disclosure of previous criminal records or activity, political information, personnel files from a previous employer, or anything that may harm the person’s ability to conduct business or obtain a job. If any harm is perceived as being the outcome of the breach, it may be considered an offence.

To determine whether a breach is eligible under the Act, refer to Part IIIC of the Act, which outlines the various breaches as well as the notification process. This section of the law will help you to pinpoint whether the breach is likely to result in serious harm under the terms of the law and whether it is necessary to report it. Things like personal medical and credit card information should rank high on your radar, as there is no question that a breach of this type of information could potentially cause significant harm.

If a breach occurs, you have 30 days to make a full assessment of the potential for harm. Following that, and if it is found that a breach has occurred, you must submit your report to the commissioner and to each individual in question as expeditiously as possible.

In your report, you must disclose what happened (a detailed description of the breach), the type of information that was compromised, accessed or lost, and what the individual in question can do to respond to the incident, which might include prompting them to change passwords on their accounts or backing up information stored on the server.

Fines will be levied for breaches considered to be serious or to repeat offenders by the Federal Circuit Court of Australia following a recommendation by the Privacy Commissioner.

Greenlight-ITC: helping you navigate the new Data Breach Notification Laws

If you have any concerns about your company’s IT security policies and would like to update your data protection protocols, or if you have questions about whether Australia’s Mandatory Data Breach Notification Laws apply to your business, call Greenlight-ITC today. We are Melbourne and Sydney’s business IT headquarters, helping your company stay secure and compliant every step of the way.

How opening a MS Word Doc can hijack every file on your system!

How opening a MS Word Doc can hijack every file on your system! 1000 450 Greenlight Managed IT Support Services | Sydney | Melbourne

If you receive a mail masquerading as a company’s invoice and containing a Microsoft Word file, think twice before clicking on it.
Doing so could cripple your system and could lead to a catastrophic destruction.

Hackers are believed to be carrying out social engineering hoaxes by adopting eye-catching subjects in the spam emails and compromised websites to lure the victims into installing a deadly ransomware, dubbed “Locky,” into their systems.

So if you find .locky extension files on your network shares,
Congratulations! You are infected and left with just two solutions: Rebuild your PC from scratch or Pay the ransom.
Locky ransomware is spreading at the rate of 4000 new infections per hour, which means approximately 100,000 new infections per day.

Source & Credit : http://thehackernews.com/2016/02/locky-ransomware-decrypt.html

Disaster Recovery – Planning for the worst is only the tip of the iceberg

Disaster Recovery – Planning for the worst is only the tip of the iceberg 1000 450 Greenlight Managed IT Support Services | Sydney | Melbourne

Like many small or medium businesses you’ve probably paid some thought to that rare data-loss catastrophe but chances are that when it came to budgeting for that unforeseen scenario the “what are the odds?” attitude ultimately prevailed inevitably resulting in a largely inadequate disaster recovery solution or in some cases, nothing at all.

Whilst these disaster scenarios are indeed relatively infrequent it is extremely important to understand the reality of the threat and the unpredictable nature of their occurrence. One could successfully argue that within Australia the risk to business is noticeably higher than the global average due to our country being particularly prone to weather extremes and associated natural disasters whether they be fires, floods or tropical cyclones. Now planning for that major disaster is one thing, but it is easy to overlook and hence not consider the detrimental effect of many smaller incidents that can have just as large an impact on your business. This is where RTOs and RPOs come in.

When it comes to planning for a disaster every business needs to be able to determine both an acceptable period of production downtime and the limit of acceptable data loss. The Recovery Time Objective (RTO) specifies the maximum duration of loss of or disruption to production systems beyond which the consequences to business are unacceptable. Similarly, the Recovery Point Objective (RPO) specifies the maximum period of time that is considered acceptable for lost data as the result of a disaster.

rto

What is considered acceptable for both data loss and production downtime will vary depending on the type of business and nature of the circumstances however the necessity for considering and planning for the consequences of both major and minor incidents remains the same. What one business considers an event of major disruption to workflow may not be as significant an impact for another but the need to ascertain exactly what is acceptable and what consequences a particular incident will have on your business applies to all.

It must be understood that planning a solution to maintain business continuity, adhere to the defined recovery time and point objectives and mitigate the impact of a disaster is not a trivial matter and more than likely is beyond the capability of a business’s existing internal resources. There are many products and strategies available when it comes to disaster planning but determining which will suit your business’s needs is another matter. Consulting with a service provider that understands your requirements and specialises in backups and disaster recovery is crucial to ensuring a robust and reliable solution.

One of the most significant factors in recent years that has dramatically increased the need and urgency of businesses to implement a disaster recovery solution has been the prevalence of ransomware. Most people would have heard of this type of malicious software by its most common variety – CryptoLocker. For those that are not aware of what makes this type of malware so damaging it is its ability to silently access and encrypt not only the most common types of documents and files on your computer, but also any network shared folders you may also have attached to your computer. The result will be all of your most important business data being in an unreadable state at which point it will prompt you to pay a hefty ransom within 24-72 hours to obtain the decryption key without which your data is useless.

Since 2013 the sophistication and variance of this type of malware has increased massively as has the range of file extensions and genuine-looking emails that are used in attempt to get you to run the malware on your computer. Chances are you know someone that has experienced this either at work or at home or you may have been unfortunate enough to already have had your data held hostage and have had to pay the ransom to regain your important files and documents.

One of the best pieces of advice against encountering this nightmare is as old as email itself. Don’t open attachments from someone you don’t know. If it looks suspicious it probably is. Even if it claims to be from a government department, courier/postal service or a reputable bank or institution, tread cautiously as this is one of the most common guises currently in use all in order to get you to open and run that attachment.

Having said that, not everyone within your company will always be as mindful of such threats whether they be from obvious but rare natural disasters, hardware failure, data theft or ransomware and there will almost certainly come a time when recovery is needed. The best defence will always be to have a comprehensive and well-planned backup and disaster recovery solution in place before the day comes when you regret not having one. The inherent human mindset typically dictates that we don’t act or plan for a scenario until the first time it happens. There can by any number of reasons for this whether it be simply from a lack of consideration or budgetary constraints but regardless the question that needs to be asked is can you afford not to?

Top 10 Tips to keep your Passwords Safe and Secure

Top 10 Tips to keep your Passwords Safe and Secure 1000 450 Greenlight Managed IT Support Services | Sydney | Melbourne

As IT professionals, we are fighting a never ending battle to keep our customers networks secure.  Here are our top 10 tips that end-users can undertake to help keep your systems secure.

1. Don’t give your password out to anyone

Be very mindful when a colleague or IT professional asks you for your password. Wherever possible type your password for them, or get them to use their own.  The IT security industry uses the term Social Engineering  to describe a process where bad guys pose as an IT professional to get regular users divulge passwords or other security related information.

2. And Watch out for web “phishing” attacks

Phising   is when you get an email that pretends to be from a bank or other reputable institution, that leads you to a false website that prompts you to enter your account information.  Banks will never send you such an email, and if you do think it is legitimate, give them a call to confirm.  A commercial anti-spam filter will block a lot of these emails, but you still need to be vigilant.

3. Use different password for each account

We all do it.  We all have one, or even a number of favourite passwords that we use (or rotate) on different systems. If even one of these passwords gets compromised, it leaves the door open to a multitude of systems.  Once you are aware of a breach, you have to go and reset your passwords everywhere you can think of.  Better to keep the passwords different from the start.  Password management software can help track these passwords, and even generate unique passwords for you.

4. Change passwords regularly

Some systems and websites, such as banks, require you to change your password on a regular basis.  For any system that has potentially sensitive information, it’s best practice to take a pro-active approach and initiate the change yourself.

5. Put a password on your mobile and tablet

If you use your mobile or table for work emails, or file sharing through dropbox or one drive then it goes without saying that you should have a password or pin to access your mobile device.  Losing your mobile is bad enough.  Allowing thieves enough information to gain access to your bank accounts would be disastrous.

6. Create passwords that include Capital letters and special characters with numbers

And avoid common passwords and dictionary words.  A brute force attack is where an attacker uses software that goes through a list of common usernames and passwords to see if they get a “hit”. So don’t leave you password blank, or use “password” or “12345”

7. Don’t leave passwords on sticky notes

You never know who is looking around the office when you are not there, so keep you account details and passwords out of plain sight

8. Update your anti-virus and anti-malware software

A current subscription for anti-virus software may help detect and prevent some phishing and key logger attacks.  The software is cheap compared to costs of rebuilding a compromised PC, let alone the cost of lost data

9. Use password management software

There are a number of free and commercial password management solutions available that will store your passwords in a “vault” on your PC or in the cloud, depending on your preferences.  Talk to your local IT support  company if you need guidance on this.

10. Spread the word

Pass these tips onto your colleagues and staff.  A chain is only as strong as its weakest link.  Even if a low level users account is compromised, hackers often use this as a stepping stone to get access to an entire system.

Handy tips and tricks for identifying malware

Handy tips and tricks for identifying malware 1000 450 Greenlight Managed IT Support Services | Sydney | Melbourne

Handy tips and tricks for identifying malware
We live in a world that is dominated by computers. For many people, they are a necessity that is essential for daily life. We use them to watch videos, write term papers, do our taxes and so many other tasks. Computers truly are one of the greatest inventions in the history of mankind. However, there is a threat to your computer that is always lurking and waiting to cause problems when you least expect it. This threat goes by the name of malware.

If you own a computer long enough, you will eventually have to deal with this menace. Having your computer get infected by malware can be an annoying hassle that ruins your day and slows down the work you need to get done. However, if you know a few tips, you can get a resolution to these issues before they get out of hand. If you are able to identify the malware infection symptoms, you will be able to get your computer working perfectly. You will also be able to safe-guard it from being attacked by malware in the future. The five tips below will allow you to recognize that signs that your machine is contaminated with malware:

1. Browser offline

If you are not able to access the Internet, but you are certain that you are still connected to the network, a malware infection might be in progress. You will first need to go to Internet Options > LAN Settings to see if any foreign proxy is currently in use. There is malware that is able to configure your browser to allow it to enter through a proxy that is unsafe. If this is the case, eliminate these proxy settings.

2. Change of Google links and/or home page

If your home page changes by itself, this is a good indicator that malware is present. This is also the case if you click on a link provided by a search engine and you are taken to a different site. If these things are happening, there is an extremely strong possibility malware is the cause.

3. Your PC is slowing down

One of the most common problems created by malware is slowing down the computer it is infecting. The decrease in speed can be related to a specific application or the network performance as a whole. It is important to note that just because a computer is slow, it does not automatically mean malware is the cause. A small amount of memory or a fragmented system are also common causes of slow computers. Therefore, regularly schedule maintenance on your computer, such as disk cleanup, running a check-disk and defragmenting your hard-disks. If you perform all these tasks and your computer remains slow, malware may very well be the culprit.

4. Pop-ups

Every person on the Internet knows how annoying pop-ups can be. Persistent pop-ups are a prime indicator of a malware infection. To get rid of these pop-ups, you will need to use an anti-malware application.

5. Software

Using anti-malware software is the most common method of finding malware on a computer. This type of software is also able to detect adware and spyware.

Why keeping your anti-virus up to date is important

Why keeping your anti-virus up to date is important 1000 450 Greenlight Managed IT Support Services | Sydney | Melbourne

New viruses constantly emerge out of nowhere. Malicious hackers have a harder time getting to your computer than they used to, but we still need to protect our computers with anti-virus software. Some viruses have been around for a while, but they have avoided detection until recently. Viruses can steal your personal information, ruin your productivity at home or at work, and make it difficult for children to use the computer for educational purposes.

Hackers often send viruses called key loggers into your system to try to steal your information. When you type in your social security number, bank account number, pin numbers, and credit card numbers online, they are hidden from view to protect you. Some hackers send viruses that can remove these safe barriers and steal your information. With that information they can steal your identity, remove funds from your bank account, max out your credit cards, and more. Safety online should still be the number one priority, so you must keep your anti-virus software up to date to catch these malicious acts before they catch you.

The definitions within the anti-virus program are what keep your computer secure. Let’s say your definitions are three months old. Any new viruses created in the last three months can then freely attack your computer since your software doesn’t recognize them as threats. You must have the latest definitions since they are loaded with the correct detection abilities to remove threats before they cause damage. The right software blocks threats before they can latch on to your computer and harm your systems. We will keep your computer healthy and safe with new anti-virus definitions.

Installing new updates can be a confusing and time-consuming process if you don’t know exactly what to do. You can’t afford to take chances with something so vital to the safety of your computer. We have the tools and abilities to update your anti-virus software with all of the latest technologies. Your computer needs the newest virus definitions to block and remove the threats that have just emerged lately. New anti-virus definitions will ensure that your computer won’t become a target during the next wave of virus attacks. We can help you rest easy knowing that your computer is in good hands.

If you need assistance updating your existing anti-virus software or purchasing new software, Greenlight can help. We have products that range from low monthly payments per user to complete systems installed on yearly pricing models. Call your account manager today, we will be more than happy to answer your questions.

Stay Smart Online: How to Navigate the Web without Fear of Data Theft

Stay Smart Online: How to Navigate the Web without Fear of Data Theft 1000 450 Greenlight Managed IT Support Services | Sydney | Melbourne

stay smart online - Hack codeMany small to medium-sized businesses make the error of thinking that they’re unlikely to fall victim to hacking, not like larger companies. That leads to an absence of strong data protection strategies. This is a mistake you don’t want to make. In the eyes of hackers, everybody is fair game. In fact, small and medium-sized businesses may have a higher chance of experiencing security problems because they don’t have dedicated IT support and strong security.

Statistics show that cyber criminals prefer small businesses because they have IT systems that are easier to penetrate. Compared to bigger enterprises that have strong IT networks and more secure data protection strategies, hackers can easily gain access to small businesses’ critical information and exploit it.

Increasing Number of Cyber Attacks

Just recently, Symantec released a report on Internet threat security that said there is a 500 percent spike in ransomware attacks. Hackers encrypt a user’s files and ask for a ransom in exchange for unencryption. They can also encrypt files on shared network drives.

Cybercriminals have made a lucrative business out of ransomware, earning between $100 and $500 per shot. What’s alarming is the fact that 3 percent of victims pay the amount, which is understandable when your business is on the line. The report also said that there is an increase in attacks on smartphones as well.

These facts show how important it is to not just tighten regulations surrounding piracy laws, but also encourage small to medium-sized businesses to be more serious about protecting their data. The solution can be as simple as having a dedicated IT manager to oversee the use of sensitive information and implement the right security systems. This won’t just prevent hackers from penetrating your IT systems but also foresee problems and implement preventative measures.

Having managed IT services will benefit SMBs. These will help you monitor your IT systems, making sure there’s no way cyber criminals can penetrate your network and use your data against you.

Stay Smart Online

Incidentally, this week is Stay Smart Online week here in Australia. Formerly known as the National Cyber Security Awareness Week, this campaign aims to promote safe and responsible Internet use, whether at home or in the workplace. The Australian Government has partnered with industry leaders and the community sector to raise awareness for safe Internet use. This year’s theme is focused on mobility, particularly appropriate due to the increasing number of individuals who bring their own devices and use personal applications for work.

With that in mind, let us share with you important tips on how you (and your employees) use the web without fear of exposing critical information to unauthorised persons.

Use hack-proof passwords. These are your first line of defence so make sure you avoid using common passwords because they are easily hacked. Use numerous combinations of lower and upper case letters, characters, and numbers, or even complete sentences. The more characters in a password, the harder it is to hack. Use a password manager so you don’t have to write down all passwords somewhere, you just need to remember one master password. It’s also advisable to change passwords every 4 to 6 weeks.

Install security software. Your computers must have firewall, anti-virus, and anti-spyware installed. These will protect you from worms, malware, and viruses that will damage your equipment and put your data at risk. Note that just having an antivirus installed is no longer enough.

Encrypt your hard drives. Passwords are not enough protection for your company data. Encrypting data will prevent others from reading your files. This will keep your data safe when being sent over the Internet or backed up on a server. Windows computers can use Microsoft’s BitLocker software to encrypt hard drives. You should also encrypt your USB drives and Internet traffic. PC World offers an easy step-by-step guide.

Make sure you have the latest software updates and security patches. Configure your computers to automatically download updates and always check for errors or failed updates. CSO.com, a website for security executives, suggests a free patch-management tool called Secunia Personal Software Inspector (PSI).

Segment your computer networks. Segmenting separates computers into groups to improve performance and security. You can segment your networks based on different functions like keeping records on customers, finance, and other important files. Here are some best practices for segmenting networks in virtual and private cloud environments.

Implement strict cloud computing practices. Anything you save in the cloud is no longer in your control, so make sure that you encrypt files before sending it out there. You must choose your cloud storage provider carefully, considering speed and security features. Greenlight ITC offers hybrid cloud services, which allow you to store sensitive data safely.

Educate employees. Your staff must be fully aware of the security policy. Educate and train them on how to use applications and access networks securely. Enforce the policies and be strict about it. The first line of defense in security lies in the hands of the employees. Their activities (using social media, instant messaging, and chat) can open the door to cyber criminals and put company data at risk, so make it known which activities are unsafe. Here are some tips from AVG on how you can keep that door shut.

Protect your data

Simple Ways to Protect Your Online Data

Simple Ways to Protect Your Online Data 1000 667 Greenlight Managed IT Support Services | Sydney | Melbourne

The Internet is full of threats to your privacy. There are web trackers that you could easily pick up browsing practically any website, actual hackers who are interested in you only for your credit card number, and others who are seeking to steal your identity. I have gathered a few of the best methods that can be used to protect your online privacy without a great deal of effort.

Beware of Open Wi-Fi

People are increasingly choosing restaurants and cafes based on whether or not they have free Wi-Fi because it allows for that instant access to the Internet that we all crave. However, these open Wi-Fi spots are excellent locations for people to mine data that will allow them to steal your identity and financial information. This is because all devices that are connected to the Internet will be able to see the information on any other devices connected to that network. In order to stop this from happening, I recommend avoiding open Wi-Fi altogether or only perform fairly innocuous tasks on open networks, such as looking at pictures of cats. If more sensitive tasks need to be performed, be sure to only go to websites that start with “https.” The “s” means that it is a secure channel. Look for a padlock symbol on the browser, which will indicate that the secure sight is functioning as it ought to.

Update Your Passwords

We are lazy, especially when we are on the Internet, and as a result we have lazy passwords. To have the strongest passwords possible, make sure that they are ten characters or longer and contain both uppercase and lowercase letters. Also make sure that they have letters, numbers, and some sort of special character. If you are having a hard time remembering a password, consider creating a phrase with no spaces and all of the above included. An example of this could be “Myp4ssw0rdisStrongerthanyours!”

Use Secure Cloud Storage

When you store any information in a cloud, it is important to understand that you are entrusting all of that information to a third-party. Before doing so, make sure that you choose a provider of cloud storage that has enough security to properly protect your information. Check the reviews of cloud managers before choosing one.

Update Digital Protection

Make sure that any digital protection that you might have, including firewalls, antivirus software, and antispyware software, is as up to date as possible. It they offer it, make sure that you check the box that will allow them to update automatically. This will save you the effort of having to check to make sure that you haven’t missed anything.

Opt Out of Tracking Cookies

Many sites are now using cookies that want to track your location. This can feel, to many, to be a huge breach of privacy. There are a few simple ways that will allow these cookies to be avoided. The first is to simply set the browser to automatically reject the application of any cookies. This can be done in the settings tab. The second is to install opt-out cookies that will automatically cause your browser to opt-out of any agreements that it did not specifically allow. There are a few dozen of these that need to be installed in order to ensure comprehensive coverage.

By following these simply methods of protecting your data, you will be able to browse the Internet with confidence knowing that your privacy will be maintained and that your financial information will be kept secure.