security

Computer binary code

Australian Businesses Suffer Significant Blows from Heartbleed Bug

Australian Businesses Suffer Significant Blows from Heartbleed Bug 1448 2048 Greenlight Managed IT Support Services | Sydney | Melbourne

Computer binary codeAs many as 10 percent of Australian businesses were affected by the recent Heartbleed attack, as security experts say Google “bungled” the entire situation. The bug, which makes sensitive data vulnerable to hackers, was first discovered in March by Neel Mehta of Google Security and then by security firm Codenomicon in April. The issue was only made public on April 7, after Google informed OpenSSL about it.

Its Impact on Australian Businesses

The security breach had a significant impact on Australian businesses and ordinary Internet users. In fact, one technology writer revealed in a post that 10 percent of 200 ASX-listed companies have been affected. That includes CERT Australia, the organization that is supposed to coordinate information about digital threats. Several GE Money sites were also among those vulnerable to attacks because of Heartbleed.

At least 500,000 sites have been discovered vulnerable. These include the Coles Mastercard and Mayer Card websites.

Data security is crucial to businesses. It’s important that companies can secure their customers data because, as one security expert puts it, Heartbleed is catastrophic. And since among the most critical businesses affected by security issues are banks, it’s important that clients are aware of the preventive measures their banks are implementing.

CNET Australia contacted several banks to find out what measures they’ve taken to protect customer data as well as advice on how they can ensure their data is secure. All the banks they talked with confirmed that their sites were not affected by the bug and most did not recommend customers change their passwords. CNET also talked to other major businesses like PayPal, Yahoo 7 and ANZ and got the same response. However, Yahoo 7 did not answer if customers need to change their passwords while ANZ recommended updating passwords regularly. GE Money says its customers’ data has not been compromised but also urged its customers to change passwords.

Websites Aren’t the Only Ones Affected

The impact of Heartbleed isn’t limited to websites. A Yahoo! news report said that it also affected equipment that connects to the Internet. That includes routers, firewalls, and switches. Because these products could contain the bug, it makes information —usernames, passwords, and credit card information — that’s passed through these equipment also susceptible to hacking. Cisco and Juniper, two of the largest creators of networking equipment, have confirmed this.

Changing passwords may not be enough to protect your data if the equipment is infected. While it’s easy to fix websites by installing updates, networking equipment needs to be repaired by makers.

Google Failed to Disclose the Issue Immediately

It’s a bold move for the two companies to be transparent about the issue. One security and computer forensics professor commends Cisco and Juniper for being upfront with clients, which can’t be said to most companies, like Google.

Google has received flak for the way it responded to the discovery of the bug. The search engine giant has patched its systems in March, weeks before news about Heartbleed became public. Furthermore, a handful of companies were also able to take counter measures earlier than most businesses.

Many felt that it failed to responsibly disclose the bug. IT security experts are calling it a selfish act. They felt that Google looked after its own interests first. And ordinary Internet users agree that there was a lack of responsible disclosure.

Many suspect that Google played favourites and deliberately withheld the critical information from rivals like Yahoo. Sites like Flickr and other Yahoo’s web services became vulnerable to the bug while Facebook, CloudFlare, and Akamai seemed to had a heads up and were able to patch their systems earlier than April 7, when the issue has been made public.

But what’s most interesting is news that Google allegedly didn’t inform the government about Heartbleed when it should. While it’s not surprising for companies to wait until they were able to patch their systems before they make any public announcement, keeping it from the federal government is another. Google’s delay could have resulted in making federal systems vulnerable to attacks.

According to a TIME article, the “NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report.”

So What Can You Do?

Heartbleed will have lingering effects. Because it stayed undetected for several years, there’s no telling how much information was compromised and what hackers can do with that information. That’s bad for businesses.

It’s great that many companies have taken the necessary steps in minimizing the consequences of this bug but it’s even more important to take matters into your own hands. Be more proactive. Change and update passwords regularly and strengthen your IT systems. Having the right IT infrastructure is critical. It is your lifeline.

If you’re unsure about your company’s Internet security, contact Greenlight now. We can help make your IT systems updated, reliable, and secure.

Dropbox

Dropbox Security Issues: Should You Worry about Your Company’s Data?

Dropbox Security Issues: Should You Worry about Your Company’s Data? 800 1050 Greenlight Managed IT Support Services | Sydney | Melbourne

DropboxShould you be worried about data security? This is a very relevant question since news of the Heartbleed bug broke out. As a result, numerous businesses implemented preventive measures and assured their customers that their data are safe.

Dropbox is one of those.  But the problem, critics say, is that Dropbox failed to do it right. Instead of sending direct emails to its users, Dropbox published a post in its blog, which is buried deep in its website. In it, Dropbox offered assurance and advised customers to regularly update their passwords.

Is That Enough to Secure Private Information?

According to the company, its security team is working non-stop. It has patched all public-facing systems that run on OpenSSL and re-issued and re-keyed SSL certificates for all domains. It also advised using strong passwords and not sharing it with other services. That’s one step to ensuring your data is safe. The next step is to check your routers and firewalls for infection. These could have been infected as well and it’s advised to get it checked by the manufacturer.

Dropbox also regularly issues transparency reports to show customers which agencies request access to user data. But critics say the reports aren’t very clear when it comes to data requests for users from countries other than the United States. If that isn’t enough reason to be concerned, Dropbox was also listed by Edward Snowden as one of the cloud providers that will soon become part of the National Security Agency’s Prism spy network in leaked documents.

Some were so concerned that they are calling for people to stop using Dropbox on a site called Drop-Dropbox. This, however, didn’t deter the company in its continued efforts to provide great service. Ross Piper, vice-president of enterprise strategy, undermined concerns about compromised data by Australian companies.

Your Data Could Still Be at Risk

Even without the Heartbleed bug, user data could still be at risk. There’s a risk of losing important data every time you use Dropbox, according to a post from Business IT. Most of the time, simple habits can result to getting sensitive information to fall in the wrong hands. Things like using a personal Dropbox account and sharing folders with others can make you at risk of hacking. That’s why everyone should exercise caution when storing and sending files through Dropbox.

What Does This Mean for Australian Businesses?

Dropbox is opening its first Australian office. And that is a strong indication of the kind of relationship the company has with its Australian market. The company claims that 95 percent of the top 100 Australian listed companies are Dropbox users. It takes pride in the fact that Australia has one of the highest per capita usage rates in the world. Dropbox is also working to meet the requirements of the Australian privacy principles.

Should You Still Continue Using Dropbox?

Although there are several alternatives for cloud storage and a couple of glitches in the past couple of years, Dropbox is still best in show. It’s easy to use. It’s universal. Plus, there’s an option for individuals to use it for free.

You can find comfort in the company’s commitment to privacy and security. One of its tools, Perfect Forward technology, prevents any vulnerability from regaining past access. According to CNET, it doesn’t allow any previous access a key might have had to be used again. That basically means you don’t have to worry about Heartbleed again.

Despite all these, Dropbox allows fast and secure file-sharing between computers. But you need something stronger for your business. Contact Greenlight if you need help in building computer networks that will allow seamless — and hack-proof — file-sharing methods. We can help protect your company’s data so you don’t have to worry about encryption flaws again.

Heart bleed bug Scare: Are YOU Protected?

Heart bleed bug Scare: Are YOU Protected? 150 150 Greenlight Managed IT Support Services | Sydney | Melbourne

Over the past few weeks, you may have heard some chatter about a security vulnerability named “Heart Bleed.” Not surprising.

According to the Sydney Morning Herald, the Heart Bleed security flaw has exposed tens of thousands of businesses to attacks by malicious hackers.

And as with any security scare hitting the web, businesses want to know “should we be worried?”

The short answer? Yes. The long answer? Read on to find out how Heart bleed can harm your business, and what you should do about it.

What is the Heart bleed bug, and How Does it Work?

Heart Bleed is software vulnerability that allows malicious hackers to access a range of network-connected devices and illegally gather passwords, usernames, encryption keys and personal information.

The vulnerability exists in OpenSSL software used by tens of thousands of businesses running open source web servers including Apache and nginx. The attackers’ goals are to gather sensitive information to gain unauthorized access to websites and networks. This data can then be sold to third parties.

Furthermore, malicious parties are able to:

  • Impersonate a website while suppressing alerts about invalid certificates
  • Decrypt all communication between your computer, tablet, phones and any online service 

How do I know if I’m vulnerable?

The fact the websites that you probably use on a daily basis have reacted very quickly to the bug is great, but because the Heart Bleed bug has been around for close to two years, there is a reasonable risk that your usernames and passwords may have been previously compromised without your knowledge.

You may have noticed that some sites you’re registered to may have logged you out as a security measure.

What are some services that have been affected?

Fortunately for many businesses, Microsoft products do not utilise the OpenSSL encryption mechanism. As such, it is extremely unlikely that your computer usernames and passwords were compromised when logging onto your company’s webmail, computer or virtual private networks.

The major Australian Banks have also released statements indicating that there exists no risk to their financial software and databases.

The bad news is that approximately two-thirds of the Internet runs systems using OpenSSL, and the likelihood of you having an exposed account is high.

A few of these are:

  • Google, including Gmail
  • Pinterest
  • Tumblr
  • Yahoo
  • GoDaddy
  • GitHub

Unconfirmed, but likely:

  • Twitter
  • Facebook
  • Apple
  • eBay

Mashable have also put together a fairly comprehensive list of web services that have been affected by Heart Bleed. Check out the Mashable Heart Bleed article here.

How can I protect my business from the Heart Bleed bug?

As with most wide-spread security vulnerabilities, the developer community has mobilized to educate and address the bug to minimize the extent of its damage.

It’s extremely important that you contact your IT service provider (or department) and ensure that your network is protected from the Heart Bleed vulnerability. In the majority of cases, service providers have proactively patched the vulnerability, but a phone call is a clever precaution.

A further step would be to revisit your business password policies. Passwords like “password123” are not going to cut it, and we strongly recommend mandatory password changes every 30 days.

For web-accessed software (think Gmail, MailChimp, your Sydney Morning Herald account, etc), we recommend using password management software such as LastPass.  LastPass enables users to use a single Master Password to protect the tens (or hundreds) of website user credentials.

The added benefit to using LastPass is that their software can identify websites you use that have been compromised by the Heart Bleed virus, making it easier for you to know whether your data is at risk.

If you re-use the same passwords across multiple websites, you may still be vulnerable. If you don’t routinely change your websites’ passwords, it’s possible that even your customers’ information may have been accessed.

Make sure that you select a new, secure password, and that you don’t re-use the same password across multiple websites. If you think your network may have been compromised by the Heart Bleed bug, get in touch with us today for a free consultation and simply call (02) 8412 0000.

Windows XP Support end of life ? So…. ?

Windows XP Support end of life ? So…. ? 150 150 Greenlight Managed IT Support Services | Sydney | Melbourne

windows-xp-support-end-of-lifeThere are still about 488 million active copies of Microsoft’s Windows XP live and running. It’s a wonder what Microsoft can actually do to move people forward onto their newest desktop environments. But what have we seen so far?

I have seen a lot of scare mongering by the Microsoft PR machine. If you’re running Windows XP, it’s likely you’re getting pop-ups warning about expired support.

Microsoft have a real problem on their hands, infact they have delayed this plan to end Windows XP support twice already. The problem is that the majority of users unwilling to upgrade thier systems believe they:

  • Don’t care what Operating System they are using.
  • Can’t upgrade due to software limitations.
  • Are unhappy with Windows 8. (I agree)
  • Are not running internet connected systems.

While I can at least agree with one of their views that Windows 8.1 is a terrible OS, unfortunately I cannot agree with them all.

So many devices that we use every day run on XP operating systems.
From ATM’s , Display systems, Specialized medical equipment & POS systems. It’s scary to think what could happen if these systems were even inadvertedly connected to the internet. And don’t laugh, this can happen.

The matter at hand is more serious than you may think, as XP will no longer be a secure environment as of April.This means Microsoft will stop rolling out security patches, XP will no longer be patched for vulnerabilities. You know, the ones hackers with malicious intent find on a daily basis.

This may not be a huge concern for your regular Joe who stays glued to the web for a bit of web surfing and the occasional cat video. But imagine the ramifications for a company whose computer fleet can be taken down with one vulnerability. That this can happen due to running an outdated 13 year old operating system is beyond ludicrous.

Reports suggest hackers may be stockpiling vulnerabilities that Microsoft doesn’t even know about already!

The day the patches stop, the world is opened up to large amounts of exploits and zero day vulnerabilities. Bad stuff, which Microsoft will not assist you with or fix.

As at now, businesses should at the very least be running Windows 7. It is currently patched as per Microsoft’s twice a month patch cycle. April is definitely going to be an interesting month.

If you’re running outdated software, give us a call on (02) 8412 0000 before Windows XP Support runs out. We’d be happy to provide some advice, and ensure that your business– and your customer information– is (and remains) safe.

How to Improve WordPress Security

How to Improve WordPress Security 150 150 Greenlight Managed IT Support Services | Sydney | Melbourne

wordpress-securityAs the most popular content management system, WordPress is also subject to a higher number of security risks than other content management systems. These security risks have the potential to your website and your entire business at risk. With sensitive data such as banking information or employee records, it’s important that those managing your WordPress site take care to protect this information from nefarious sources. Thankfully, it isn’t all doom and gloom – there are things that you can do to protect your WordPress site, reputation, and your business. Here are a few tips on keeping your WordPress website secure:

A secure web host

Ensuring that your web host has a good security plan is the first and one of the most important steps in keeping your website secure. Website hosts are the most frequent way that WordPress sites are hacked, with an estimated 41% of WordPress websites being compromised due to web host security issues. This is because the web host is often the first in line to be attacked as hackers try to access up to thousands of accounts that may be located on each server. Therefore, it is of course important to ensure that your website host has a high level of security to protect your business in case of attack. Questions such as how your host handles security breaches and what methods they use to scan for security vulnerabilities should be asked of your web host before making a final decision.

Update regularly

Regularly updating your WordPress site and plugins is important to keep your WordPress secure. Hackers are always looking for weaknesses in WordPress code and plugins in order to find ways into your site. Therefore, WordPress and companies that offer plugins must be constantly correcting any weaknesses found in order to stay ahead of these hackers. By updating your WordPress site and plugins regularly, you are ensuring that you are keeping up to date on the latest security fixes available.

Smart WordPress settings

Certain WordPress settings can also go a long way in keeping your site safe. Here are a couple common ones that go a long way in keeping your WordPress secure:

  • Strong passwords – Do not use common passwords or passwords that can easily be guessed. Weak passwords are a major reason why websites get hacked, with 8% of WordPress websites being compromised due to weak passwords. Popular names, phrases, or simply having a “123” password will leave your website wide open to hackers. Instead, use a mix of numbers, letters, and other characters that will make it more difficult for hackers to easily crack your passcode.
  • Remove admin user – Removing your site’s default administrator account is an important change to make when securing your WordPress site. Having a unique log in account name adds an extra layer of protection to WordPress since hackers also have to figure out your login name. When setting up your WordPress site, make sure that you create a new administrative account for yourself with a unique login name and delete your old admin account.

Backup regularly

Regularly backing up your files is also critical in keeping your WordPress site secure. Since it’s basically impossible to guarantee safety, it is important that in the event that your website or data is compromised and anything is corrupted or has to be removed, that you can restore your website to a recent state. You can choose to back up your site manually and/or use plugins that will allow for automatic backups.

Great WordPress security plugins

In addition to your host having security programs, it’s important that you have your own security software for your site. There are lots of security plugins that will cover security for the different ways that hackers may attack your site. Some of the types of security plugins that you’ll need include:

  • Login Limiter – This type of plugin will limit the number of login attempts that can be made, stopping hackers from trying login names and passwords until they find the right combination.
  • Security scans – These plugins find vulnerabilities in your site and offer tips on how to fix them.
  • Antivirus – These plugins will protect your site from viruses, trojans, and other malware, either stopping them from entering or removing them if found.

The best WordPress security plan involves using a number of approaches in order to reduce the risk of being compromised. By following the suggestions above and adopting a holistic approach to website security, then you can rest assured in the knowledge that your site is as secure as possible.

5 Solutions to Secure Your Mobile Phone Before It’s Too Late

5 Solutions to Secure Your Mobile Phone Before It’s Too Late 150 150 Greenlight Managed IT Support Services | Sydney | Melbourne

secure-your-mobile-phoneHave you ever had your cell phone lost or stolen? If so, you’re not alone. Each year at least 100,000 Australian cell phones are reported lost or stolen – which translates into someone losing possession of their cell phone every 6 minutes.  By the time you’re finished reading this, someone else will have their cell phone lost or stolen.

These situations demonstrate the importance of cell phone security. No one wants their cell phone data in the hands of someone else. On your cell phone could be banking records, shopping information, work reports, or sentimental or personal media. If your cell phone isn’t secure, all this information can fall into the hands of someone who may use that information to your detriment.

While Australia is a world leader in instituting policies that help people whose data has been compromised with a policy to block phones within 36 hours of being reported lost or stolen, for many people this simply doesn’t go far enough. Your cell phone records and information can be compromised within minutes, meaning that by the time measures are taken to block your cell phone, it’s already too late.

However, this doesn’t have to happen to you. There are steps that you can take to ensure the security of your mobile data and protect your information from falling into the wrong hands. Here are five easy solutions to keeping your cell phone secure:

Password protect your phone and sim card

Putting a password or PIN code on your phone and sim card is the most important thing you can do to secure your mobile data. This quick and easy method will prevent most unauthorised persons who have physical access of your mobile from accessing the data within. By putting a password on both your phone and sim, you have a double layer of protection that will make it almost impossible for most unauthorised users to gain access to your sensitive information.

Install security software

Every single person with a cell phone should install trusted security software. Security software has a multitude of tools to keep your phone data safe, such as firewall and anti-trojan software. This security will make it far more difficult for those who utilize “soft” options such as wireless networks to gain access to your phone data. In addition, many mobile security software programmes come with find my phone features, making it easy to locate your phone in the event that you lose possession of it.

Be careful when using unsecure networks

When connecting to unsecure or unencrypted networks, it is important to be careful with your activity and what networks you are connecting to. On an unsecured network, your mobile device may be left exposed as other users may be able to easily access your data through the network. This is doubly dangerous if you are sending or receiving sensitive information or undertaking important tasks such as online shopping or banking, as your credit card data and other information may be easily accessed. Ignore the urge to connect to unsecured networks unless necessary and take care as to what activity you undertake when on these networks.

Delete/be careful what data is on your phone

Be careful what sensitive information is stored on your phone. Even with your best efforts and top notch security, it is always possible that someone gains access to your mobile device. As a result, you may want to reconsider keeping important or sensitive data on your cell phone. Delete banking and shopping information data such as saved passwords and auto fill information that could leave you open to identity theft. Delete sensitive pictures or information that could be embarrassing or put you in compromising situations.

Backup data

Backing up valuable data is also an important security tactic. Mobile data being compromised by others is only one part of the security issue – it’s important that you have reliable access to important information as well. A compromised phone may need to be reset, meaning that all your data could be lost. Set your phone to sync important information, or use cloud based services to ensure that important documents or information won’t be lost in case of malfunctioning equipment.

With the rise in popularity of mobile technology within the last few decades, a mobile phone is one of the most important pieces of technology you may own. It can serve as an office on the go, an impromptu photographer, or your online shopping centre. With all of these uses, it’s important to keep the information stored within safe. Follow these tips and you too will be able to sleep soundly knowing you’ve done all you can to secure your mobile phone.

Edge of the Cloud – The Horizon for Cloud Computing

Edge of the Cloud – The Horizon for Cloud Computing 150 150 Greenlight Managed IT Support Services | Sydney | Melbourne

According to the latest statistics, cloud computing is big. So big, in fact, that a full one third of IT budgets are now expected to be spent on cloud computing technologies in 2014. Not only that, but cloud computing is also growing at a rapid pace. It’s estimated that the cloud computing market generated $131 billion in revenue in 2013 and will grow to $181 billion within the next two years.

Oh yeah, cloud computing is definitely big.

Far from just being a popular buzzword, cloud computing offers a number of benefits for its users. For example, it’s estimated that users who switch to cloud computing will save 21 percent. And for many businesses, that level of savings creates a compelling case for using cloud computing.

cloud-computing-2014However, like most cutting edge technology, cloud computing is changing. Fast. And with many of these changes, it is important for companies that use cloud computing services and technology to learn about these changes to take full advantage of the benefits that they offer.

Five Trends for Cloud Computing

 

Bring Your Own Cloud

One of the major changes forecasted for cloud computing is the rise of Bring Your Own Cloud (BYOC). This phenomenon involves employees using public or private third party cloud applications such as Dropbox or Google Docs in order to complete their jobs. BYOC is quickly increasing due to the fact that it allows workers to freely access information from any location or device, meaning that they can work on projects at home or on the go. In addition, it also allows for the easy backup of data, and many of the services used are free or extremely low cost. However, BYOC does come with drawbacks. These include the fact that sensitive work data may be subject to security breaches if employees fail to set up adequate security. In addition, if all of the work parties aren’t on board with the same cloud software, then cloud sprawl occurs, where efficiency is limited due to the fact that employees are using different software on the same project.

Better Security

With more people adopting cloud computing, the issue of creating a secure cloud platform gains more and more attention. The nature of cloud computing means that there are many security issues that companies now face when it comes to sensitive data. Issues such as moderating levels of access to various users or ensuring the security of BYOC employees means there may be a minefield of security issues to be dealt with. However, with companies such as Microsoft and Okta providing new identity management solutions to deal with the security of cloud platforms, the issue of security is one that is sure to be placed on the front burner for the next few years.

Platforms as a Service

Another development in the cloud computing sphere is the movement towards Platforms as a Service (PaaS) technology. With the availability of technology that facilitates the easy development of software apps, PaaS will be pushed to the forefront due to its ability to facilitate collaboration across the cloud. PaaS provides companies an avenue to develop and run applications across the cloud without needing to have localised hardware or software infrastructure. As a result, companies with multiple locations can work on the same project almost seamlessly, increasing efficiency and collaboration. In addition, PaaS technologies cut costs due to the fact that companies no longer have to purchase the requisite hardware and software for each individual location, but instead can use the infrastructure stored in one central cloud location.

Lower Prices

As storage technology continues to get cheaper, the price for cloud computing services will continue to see a corresponding rapid drop in price. One of the leading cloud computing services, Amazon Web Services, slashed their prices by 80 percent in 2013 alone. Other cloud companies have followed their lead, with Microsoft and Google offering competing prices with Amazon. Within the upcoming few months, it is expected that price drops will continue, allowing even the smallest of companies access to cloud technology that just a year or two ago may have been out of their financial reach.

Graphics as a Service

The rising ability of the cloud to provide graphic solutions is another key change that is on the horizon of cloud computing. Graphics as a Service (GaaS) technology allows users to harness the graphics processing abilities within the cloud, making it easier for clients to run graphic needy programs without paying for expensive hardware. This new development is expected to benefit users in a wide range of fields that need high quality graphics, from the gaming industry to science and engineering.

With many companies still trying to get a hold on cloud computing it seems as if many of its benefits have not even yet been fully realised, much yet harnessed. However, by keeping in mind some of the trends in cloud computing, you will have a higher chance of being able to tap into the benefits of cloud computing and use this advantage to propel your business into the future.

Time for a Website Security Check

Time for a Website Security Check 150 150 Greenlight Managed IT Support Services | Sydney | Melbourne

Unfortunately, the internet is not always the safe haven we would like it to be.

For whatever reason, there are people out there that write scripts to probe the internet in search of websites with security vulnerabilities. Once a site is compromised, the breach may be used to redirect your visitors to alternative websites, deploy malware, or in worse cases, steal information about your customers.

While it easy to simply hope that it never happens to us, as business owners it is always in our best interest to proactively prevent such breaches from occurring, rather than dealing with the consequences afterward. It’s not as difficult as you might think. Here are some of the areas that your IT administrator might want to look at.

The Web Hosting Control Panel

Most shared hosting companies provide a web based control panel, common ones are cPanel and Plesk. While it is usually up to the hosting company to make sure that their host is up to date (and this is one thing I would be asking any potential hosting provider), as a customer you can still make sure that the password for the control panel is relatively hard to guess and certainly not left as a default such as ‘password’.

File Permissions

One trick that hackers use is to upload a new page onto your website. If you ask you web host to make the directories on your web site ‘read only’ then it is impossible for hackers to modify your web site or upload malicious code. You may even be able to do this from your control panel or FTP client. If you have a VPS, this can very easily be done from the command line.

Use Encryption

Sites that use https:// rather than http:// encrypt all the data that is sent between the web browser and the web site. This is particularly useful for filing in forms where a customer has to log on. Your web browser will issue a security warning if you do not your own SSL certificate, but there are relatively cheap these days, and this is an absolute must if you want to do any sort of online transaction.

Use a CDN

Content Delivery Networks have come a long way. Not only do they keep a local copy of parts of your website to speed it up, the more sophisticated ones have value added features that also act like a firewall. This allows them to detect spambots and the like to prevent inappropriate posts to your blog and other malicious attacks. They can also provide a whitelist of IP addresses to restricted parts of your website, such as the administrator pages.

Update your CMS

If your website is built around a commonly used Content Management System like Joomla, Drupal or WordPress, it is really important to update the core application as well as its plugins. This is no different from deploying a security update on your PC. Fortunately most of these will self-update at the click of a button from the admin section, but don’t forget to re-enable your file permissions back to read/write while you do this, and then re-secure the site again.

While we can never guarantee that a website will never be compromised, taking some (or all) of the initiatives I have mentioned may deter potential hackers to search for easier targets. If you’d like a free assessment of your website security, feel free to get in touch.

Malware Attacks – Is Your Business Protected?

Malware Attacks – Is Your Business Protected? 150 150 Greenlight Managed IT Support Services | Sydney | Melbourne

Earlier this month antivirus companies discovered a new and exciting, quite nasty piece of malware on the Internet. Short for malicious software, malware is often used to gather access to sensitive information, or to infiltrate and disrupt computers and networks.

Those pesky cyber criminals have been hard at work, creating a nasty program that will essentially lock all of your files with an uncrackable password. But don’t worry, they will return to save the day with the password and a hefty price tag!

The malware is generally deployed to people via infected websites and via phishing emails. They know how important data is to your business, and that’s why they are targeting small and large companies.

Think of it like this:

  1. A virus infects your computer, generating a public key.
  2. It then scours your computer and network, gathering all the data it can find.
  3. The virus contacts the keylogger’s server, and requests a private key.
  4. This private key is simply a super password that cannot be cracked (unless of course you are the NSA).
  5. Now they have something you need. Something that you would pay to get back.

 

malware-explained

It’s like having two locks on your data, and a criminal organisation wants you to pay for their key to access it.

 

You may have read about some instances of this kind of cyber fraud that have been leaked to the public. One in particular that shocked us the most was a medical practice in Miami, Gold Coast. The malware virus that infected their systems forced them to roll back 1 year of patient records – the virus had even encrypted all of their backups. Scary stuff.

Here are a few tips and tricks I recommend to companies who want to avoid this nasty:

  • Conduct regular Offsite backups
  • Conduct user training on phishing emails
  • Carefully read emails
  • Check all links in emails before you click them
  • Do not open dodgy or questionable attachments

Below are also some handy articles we recommend you read or pass onto staff:

http://support.apple.com/kb/HT4933

And here is a great article on some examples of this exact attack happening to companies:

http://www.smh.com.au/it-pro/security-it/web-hijack-gangs-hold-businesses-to-ransom-20121223-2bsj4.html

Make sure you keep your computers and network up to date with all the latest security patches. If you’d like an assessment of your IT infrastructure, feel free to get in touch with us.

Cyber Security

Cyber Security – How a Checklist Could Save You Thousands

Cyber Security – How a Checklist Could Save You Thousands 1000 698 Greenlight Managed IT Support Services | Sydney | Melbourne

Having worked for a number of small and medium businesses in my time, I have always used software to generate and store the vast array of passwords that I’ve had to ‘remember’. Passwords are one of those necessary evils in this day and age, and I’m sure you can relate to the frustration of expired passwords, and meeting the complex ‘criteria’ most sites and services require.

Late last year former Attorney-General Nicola Roxon highlighted that 1 in 4 Australians had been victims of identity theft, identifying fraud as one of the fastest growing forms of crime in Australia, speaking about the critical nature of cyber security. Like a lot of other dangers, we often do not ‘connect’ with such crimes, as we have not experienced them ourselves.

Recently I visited the website for a service I had not used for a while, and was astonished to be logged in automatically by the password saving software I use (called LastPass) into a CRM (Customer Relationship Management Software) database of several thousand prospects and customers. I was staring at perhaps one of the most valuable assets belonging to a former employer of mine, for whom I had worked about two years ago.

That’s right, a company with whom I no longer had any ties had not changed its passwords in two years. What I did was contact them and let them know about this, but I think it’s fair to say a disgruntled or more opportunistic former employee may not have had the same response.

Databases are worth money.

We have to remember this and ensure we take the necessary measures to safeguard our vital confidential assets, by putting into place SYSTEMS. Systems are critical to the operation of any business, as well as for cyber security. I’ll treat the rest of this post as though I were advising my former employer on how they could have avoided this security breach.

The most basic approach to preventing this from happening to your business is to have checklists in place. Part of your cyber security strategy should involve the different tasks you will have to perform when an employee leaves your company. If you are too small and don’t actually have an IT Support team in-house, you can still assume or assign the responsibility to somebody. For example:

Has all physical equipment been returned

Whether it’s a laptop, USB sticks, smart phone, chargers, keys or passes to the office, these assets all have to be logged against each individual. Once an employee is due to depart from the company, someone within your business should be responsible for ensuring these assets are all returned

Email address

After resetting the outgoing employee’s password, ensure you set up an Out of Office Responder  to enable all those corresponding with that individual to have a new point of contact. Having worked in sales in the past, I’ve seen many companies lose business by not ensuring potential leads were kept in the loop

Accounts & Passwords

What passwords were given to the employee? If they had their own account for each of the services used in your business, make sure you lock or disable it, or at the very least change the password and any ‘backup emails’– i.e. any alternate email addresses that could have been entered in case the account holder forgot their password.

It is critical to protect your business assets from external threats. However, I guarantee that starting by securing your business from within is going to reap the most rewards for the amount of time and money (usually none) required.