Blog

In the last few years, we’ve seen workers connect to the office from home, creating a rise in security breaches for many industries. If you are a business owner looking to ensure your business is secure, you likely want to stay ahead of the curve and discover how cyber-attacks are set to evolve in the coming years. Maybe you’re just curious. In any case, here are the significant upcoming changes to the world of cyber security in the years to come.   Artificial Intelligence Artificial intelligence poses a massive threat to all users of the internet. Simply put, artificial intelligence enables hackers to invade your network and get better at it as they do so. Instead of trying to figure out your passwords, AI bots can simply brute force their way into many people’s private data; by trying millions of known-passwords, they can get into many accounts. A recent study by Scientists using 43 million LinkedIn accounts found that AI programs could guess a quarter of the passwords. Using unique and often arduously long and complex passwords will be necessary if this threat becomes as dangerous as experts are predicting. You should use two-factor authentication when possible as well. Biometric...

Have you ever wondered what a firewall is? Before sitting down to read this you’d be forgiven for only hearing about them in espionage thrillers. Don’t be fooled, firewalls are a vital part of keeping you and your network secure from malicious attacks. Simply put, firewalls are software or hardware dedicated to monitoring entry points on a computer (ports) from external devices, like other computers on the network. Based on rules and filters, the firewall either allows or denies access depending on the information collected by their IP address. In the next few paragraphs, we’ll go over a basic understanding of each type of firewall, and the pros and cons of each. Types of firewalls 1. Packet Filtering firewall Packet Filtering firewalls monitor junction points on your network such as the router. The firewall monitors packets of information and decides whether or not a message is dangerous. The advantage of this type of firewall is it can scan packets fast, it’s less taxing on your network and it’s generally less expensive to set up. 2. Circuit level gateway  Circuit level gateways monitor TCP handshakes and other network messages as sessions between the network and an outside source are created. Based on...

A VPN or virtual private network is something you might not think you need if you're not in the tech industry. But every individual and business that works on the internet could benefit from a VPN. If you’re an avid traveller, enjoy working in your local café, or just watching Netflix at home, a VPN can help secure your sensitive information and make your online browsing safer. A VPN masks your IP address, encrypts data, and reroutes it through secure networks, protecting your anonymity and security. But beyond the general safety concerns, what are some tangible reasons you should invest in a VPN? 1.      VPNs Offer Extra Security on Public Wi-Fi Networks   The fact that public Wi-Fi is less secure is not a secret, but it’s a part of everyday life. Whether you’re in a waiting room, at a Starbucks, in a hotel, or any public Wi-Fi, chances are you’re connecting to their network – but they’re more vulnerable to security breaches, phishing, and malware attacks. VPNs protect your passwords when you sign in to your accounts, hide your browsing history, and shield your banking information from malicious spying. So you can enjoy your online shopping from anywhere without worrying...

 Your email account is a wealth of personal information. Work emails, personal emails, account information, and sensitive data can all be targets of hackers with malicious intent. Whether you know, or just suspect, someone hacked your email account, you have to act quickly with these steps to secure your data and regain control. What Should You Do If Your Email Gets Hacked? There are several steps you should take to be extra safe in re-securing your accounts – you can never be too careful. 1.      Conduct a Deep Antivirus Scan Your email can act as a gateway for hackers to access your computer. Malware like Trojans, keyloggers, and spyware can track every move you make on your device that hackers can exploit. They can potentially get access to your banking information and make money transfers that you haven’t authorized. Running a thorough antivirus scan as soon as you suspect a hack can wipe away malware before it causes too much damage. 2.      Change Your Passwords and Security Questions Following your scan, you should change all your passwords to be safe – not only your email password, but you should change any account that's connected to payments. Secure your bank accounts, online...

Phishing emails and texts have evolved over time from the basic ploy to get your personal information to very sophisticated schemes that leave you questioning. Passwords, bank account information and other account information are vulnerable to these scams, so it's increasingly important to recognize the tactics and avoid them. How Do I Recognize Phishing? Scammers have the tools and cunning to make their messages seem legitimate. But there are some messages to look out for and question. They may look like a legitimate communication from companies you trust. Whether it's from your bank, Netflix, or even a government agency, scammers are doing their best to make their scams seem as authentic as possible. They may claim that there is a problem with your existing password.It could ask you to click on a link to make a payment.They could say that they’ve seen suspicious activity on your account.They may even include a fake invoice or coupon. The end goal of these scams is for you to click on the link that they’ve attached with their message, which can then give them access to your personal information. How Do I Protect Myself from Phishing Scams? Automatic Software Updates A simple way to ensure...

Your Internet connection is arguably one of the most important parts of your information systems, but you might find yourself limited by the hardware provided by your Internet service provider (ISP). This could come in the form of a modem-router combination provided by your ISP, which prompts the question of whether or not you really need to use what they provide.

Not too long ago, in order to answer your work phone or check the messages you had received from callers while you were away from your desk, you had to be in the workplace, at your desk. This is no longer the case, thanks to the proliferation of VoIP (Voice over Internet Protocol), and a particular ability that it gives businesses.

Photocredit: Stephen Coles; https://www.flickr.com/photos/stewf/ Is Email Phishing Unstoppable? Just don’t rely too much on your office antivirus software. Your antivirus software ~might~ be good at stopping viruses, but they’re becoming more irrelevant every day at protecting your data and devices. Some experts are pointing to a recent warning by the U.S. Department of Homeland Security’s Computer Emergency Readiness Team (CERT), where they issued a warning about global security product Symantec and Norton Security products containing dangerous vulnerabilities. This doesn’t mean they’re completely useless and they don’t perform an important function. There’s a more important reason to not blindly trust your antivirus software to keep your data safe.  People tend to rely too much on them, giving them a false sense of security.  Evolving Threat Tactics Just a few short years ago, antivirus software protected against 80 to 90 percent of online threats. Today, it’s more like 10 to 20 percent because of constantly evolving threat tactics. While some company executives feel smugly confident about their level of antivirus security, cyber criminals are getting in through the company’s weakest links—the users.  An alarming trend is the aggressive growth of phishing techniques used by attackers in 2016. Hackers are spending less effort...

How to Find Out if an Account Has Been Hacked The recent disclosure that Mark Zuckerberg’s own Facebook account password was hacked this week should set alarm bells off for anyone who’s ever created an online account. You have to wonder, if the Facebook founder’s email and password accounts aren’t safe, then what is? In case you haven’t heard, last weekend Mark Zuckerberg’s Twitter and Pinterest accounts were briefly hacked by a group calling itself OurMine. They demonstrated by announcing his lame password on his Facebook timeline. No, Facebook wasn’t hacked. Zuckerberg’s email and passwords were part of a LinkedIn database that was actually hacked back in 2012, (along with up to 167 million others), and just posted online in May this year. Since then, hackers have been having a heyday with them. So if Zuckerberg’s LinkedIn account was hacked, why did it affect his Facebook and Pinterest account? It’s because he used the same lame password for all of those accounts. And he never changed it after LinkedIn announced they were hacked....Since 2012. Apparently Zuckerberg is guilty of password laziness - using the same lame passwords on multiple accounts. He’s not alone. Along with millions of others who are getting...

Microsoft Finally Bans Easy-Stupid Passwords If you see the above Reset your password line when logging into your Microsoft account--and it tells you to “Choose a password that’s harder for people to guess”--it’s because Microsoft won’t let you use your dumbass password any more. Earlier this week Microsoft turned on a new feature that dynamically updates a list of bad passwords, and will block users from trying to use them. From now on, you can forget about all those stupid passwords so many people stubbornly stick to, like 123456, password, 12345678, qwerty, 12345, 123456789, football, 1234567, dragon, and baseball. These are the top 10 most common passwords used by people, as gleaned in part by 117 million LinkedIn accounts that were originally hacked in 2012 and leaked last week, and by the password attempts hackers use on various Microsoft accounts. Alex Weinert from Microsoft's Identity Protection Team says that Microsoft has been collecting all the password guesses used by hackers from the 10 million daily hacking attempts they see."We analyse the passwords that are being used most commonly. Bad guys use this data to inform their attacks," he explains."What *we* do with the data is prevent you from having a password...

DDoS Attacks: What to Expect & How to Mitigate   A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.  We’re talking about DDoS attacks today because they are so common now that most organizations in North America have experienced some form of DDoS attack in the last 12 months. In fact, one third of all downtime incidents are attributed to DDoS attacks, according to the worldwide Digital Attack Map (operated by Google Ideas and Arbor Networks). The New Botnet Armies Cyber attackers spend a lot of effort to build armies of botnets -  networks of infected computers -  by distributing malicious software via websites, social media, emails, attachments and other devious ploys (see Phishing in the Office Pool, some staggering facts on phishing, your employees and corporate risk). Once infected, these botnet computers can be controlled remotely without their owners' knowledge, and used like an army to launch attacks against any targets. Some botnets are millions of computers strong. Launching Attacks Botnets generate massive floods of traffic to overwhelm a target. Some floods are more connection requests than the server can handle, while others send huge...

DDoS Attack Ransom Notes a Growing Menace for Businesses of All Sizes Reports of DDoS attacks—preceded by ransom notes—are surging, according to surveys conducted by IBM Security and Digital Shadows. This is alarming because, while a DDoS attack won’t destroy your data, it will still disrupt your business and result in significant expenses.   “It’s Extortion 2.0”, says Netcotech CEO Gideon Gideon, “These criminals are using black art cyber tools to extort money from innocent organizations, and they’re doing it anonymously and from a distance.” Once the scourge of governments and large multinationals, more and more small and medium sized businesses across all sectors are seeing increases in these and other types of cyber attacks.   A few years ago, most DDoS attacks were either politically or protest motivated, dirty tricks from competitors, weapons of war by governments, or used to cloak other hacking attempts. Cyber criminals have since learned that many smaller organizations will pay a fee of a few thousand dollars to avoid becoming victimized. Since it’s relatively easy to stage an attack, all they need to do is send out batches of Ransom Notes to pre-selected targets. After that the process is mostly automated. The number...

Is Your Business Network a Hardened Vault or a Cardboard Door?         Whether a desktop, laptop or mobile device, almost every computer we use is connected to some type of network. More than simply internet access and email, our corporate networks let us work more efficiently, be more productive and save money doing it. They are integral components for functions like purchasing, selling, collaboration and customer service. The advancement of modern networking technology means we have greater access to more data available than ever before. And we’re continuously adding more business applications and databases year after year. This increases the complexity of our operations and our access to them. “The nastiest growing threats for businesses today are hardware-centric cyberattacks, ransomware, zombie botnets and identity theft.” Unfortunately, this advancement and complexity is also adding to our security concerns due to the growing number of increasingly sophisticated cyberattacks on small and medium sized organizations. It’s no longer just data hijacking or DDS attacks that are growing, the nastiest growing threats for businesses today are hardware-centric cyberattacks, ransomware, zombie botnets and identity theft. Still, we seldom think of our physical networks unless they’re broken. We simply rely on them to work. In reality, the security...

Cyber Security Industry Shifting to Crisis Mode as Jobs Go Unfilled   The dramatic rise in cybercrime is affecting governments, companies, NPO and industry organizations of all sizes around the globe, but that’s just the beginning. The trend lines started in 2007 to 2013 when Cyber security job postings started growing at double the growth rate of all IT jobs. The labour pool has never caught up. Today, there are over 200,000 unfilled cyber security jobs in the U.S. alone. Cisco estimates that globally there are over one million cyber security job vacancies today. Michael Brown, Symantec’s CEO, expects demand to rise to 6 million positions by 2019, with a shortfall of 1.5 million. What does that mean? So far in 2016, the Enterprise Strategy Group says “46% of organizations now claim that they have a problematic shortage of cybersecurity skills representing an 18% year-over-year increase.” It means that cyber security teams are understaffed in many places, making it difficult to properly protect their organization’s networks. This news comes at a bad time. 2015 is already identified as the being the worse year ever for cyber crime, with nearly 1,000 major data breaches and countless others.  In Canada, PwC says “Cybersecurity incidents...

Who Thinks These Weak Passwords are Funny? The Joke is on us.     We all know that password security is important—especially in an office. But our user's personal account passwords aren’t always top-of-mind when we think of office network and data security. It ought to be, because every user survey I’ve ever seen scares the crap out of me. It should scare you too. Security experts have been warning us for more than 20 years that the most common passwords people use online provide ZERO to NO barriers to intrusion by hackers. We collectively smirk and grin, and probably wonder at who these silly people are who think they’re securing their online accounts with such ridiculously simple passwords. “Stoopid people”, right? Well, the joke’s on us for everyone who manages an office with users who access an office network at work or from home. Let me explain, but first, you have to look closely here at SplashData’s January 2016 Annual List of the 25 Most Common Hacked Passwords… Yes, it looks just like the same list of the most common passwords we saw three years ago, and three years before that. Why aren't people "getting it"? Rank   Password   Change from 2013 1   123456   No...

New Ransomware Alert Issued US & Canada issue joint ransomware alert, discourage paying ransomware to cyber attackers The Canadian Cyber Incident Response Centre and the US Department of Homeland Security issued a joint ransomware cyber alert this week in response to the recent surge in attacks. Both government agencies strongly recommend that organizations and individuals NOT PAY the ransom demanded by cyber attackers. The new emerging variants are targeting healthcare in particular, and other organizations with attack strategies that are extremely ruthless and difficult to respond to. The warning was prompted by recent attacks at Hollywood Presbyterian in Los Angeles, Methodist Hospital in Kentucky, and MedStar, the biggest Washington, D.C.-area healthcare provider, among many others. In a profound understatement, the alert advised that “ransomware's consequences to an individual or institution could include a loss of sensitive data, a disruption of business operations and expenses to restore a system into working order”.   In case you’ve never heard the term before, Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid, usually with Bitcoins, an untraceable online currency.   Suggested Cyber Safety Tips In the meantime, please read following tips to...

Cyber Attack Stats Reveal What Typical Target Companies Look Like Surprise—it’s not the big companies we usually read about… We’ve all seen the headlines about a national retailer or government organization getting hacked into, where either millions of client credit cards were stolen or huge databases of personal information were accessed and downloaded. These are the headline grabbers, and they happen almost weekly today. Where it does happen, it often causes unimaginable grief, money and/or inconvenience for clients and customers; and panic, great expense and reputation loss for the target companies.      This week we show you some surprising facts uncovered by Ponemen Institute in a benchmark study sponsored by IBM. What’s notable is that most hacking attacks are NOT on the high profile and billion-dollar companies. By far, the most common targets are small to medium size businesses where the average “take” is $15,000. These are typically easier targets to crack and make up a hacker’s bread-and-butter revenue streams. Hacking cost the global economy an estimated $445 billion dollars last year. That’s serious money at stake, and a serious incentive for criminal organizations to continue increasing their operations.     Time and Effort Facts about Targeted Attacks 70 HOURS...