Cloud backup and cloud storage: what is the difference?

The cloud hype has blurred the lines between cloud storage and cloud backup. Many providers like it that way because it gives them a broader appeal in capturing potential customers. But clouding up cloud definitions confuses the market. In reality they are very different solutions for different business challenges.

What is cloud storage?

Cloud storage, like Dropbox, Google Drive, Apple’s iCloud and Microsoft’s SkyDrive, is a great way to easy share files. The main goal of cloud storage is to store files online to be accessible, and to work with, from any device anywhere. You can compare it with a cloud based USB flash drive.

However, there is no guarantee, no monitoring and reporting, no support and if a server goes down in one of their data centers, you may never see those files again. The majority of the services have a web interface for you to upload files. Therefore files can only be encrypted on the server side; making transportation less secure. They do not offer an automated process for uploading or syncing files between your computer and their service. Files have to be put over manually or placed in a shared folder to be synced. And last but not least, only files and folders can be stored, so no application data.

Cloud Storage is a great way to share documents. However, it isn’t the place to back up your business-critical applications and documents.

What is cloud backup?

Cloud backup is a cloud-based application, which provides you with the ability to automatically backup your files, applications, virtual machines or servers and store them safely for disaster recovery purposes. Cloud Backup is an insurance for your data and business continuity.

Cloud backup is typically built around a local client application that runs on a, ideally multiple times daily, automatic schedule in the background. The application collects, compresses, encrypts and transfers data to the service provider’s servers. To reduce the amount of bandwidth consumed and the time it takes to transfer files, the service provider provides incremental backups after the initial full backup.

The primary data resides in the original location where secondary stored data is safely stored to the cloud, to be used for data recovery. The cloud backup solution stores all data with a custom retention policy, so you can fix corrupted files by restoring earlier versions of a file. Professional cloud backup solutions comprise special plugins to back up data from third party applications (e.g. MS Outlook, Exchange, SQL). Clear reporting on the success of the backups, makes it easy to verify if all files are safe.

Speak to me if you are interested in setting up Cloud backup on your PC , Server or Mac

Ransomware: What Is It And How Can You Prevent It?

Bill Hess at PixelPrivacy wrote this great article and made me aware so I was able to share it with you. The original article is here https://pixelprivacy.com/resources/ransomware/ check out Bills other articles – there is so really informative stuff there

Ransomware: What Is It And How Can You Prevent It?

Ransomware

Ransomware has been around for a while now and grows more prevalent with each passing year. Cases of ransomware were first seen in Russia in 2005.

2006 report from Trend Micro told of an early ransomware strain that affected Windows computers, which would search a hard drive for certain files, zipping them into a password-protected file, deleting the original files. Also created on the drive was a “ransom note” text file, telling how to make a payment to get the files restored.

In 2011, Trend Micro reported about an SMS ransomware strain that repeatedly displayed a ransomware page to users until they paid the ransom by dialing a premium SMS number.

By early 2012, ransomware began to spread outside of Russia, as the bad guys began to realize what a profitable business model it could be if performed properly. The rise of cryptocurrency in recent years has also contributed to the rise of ransomware, due to the ability to receive the demanded ransom via Bitcoin and other anonymous forms of payment.

Late 2013 saw the rise of “crypto-ransomware” that encrypted a user’s files, ensuring the need to pay a ransom even if the ransomware itself was removed from the computer. This type of ransomware demands a ransom be paid, upon which the user would receive a private key to decrypt their files.

Of course, payment of the ransom didn’t always result in the bad guys holding up their end of the deal. (Um, they’re “bad guys,” DUH!) However, most ransom payments have proven to result in the needed key to unlock files, as the scheme depends on victims believing that payment of the demanded sum will result in the freeing of their data.

In this article, we’ll take a look at how ransomware can hold your computing device and its files hostage, how you can prevent ransomware from attacking your computer, and what you can do if you find that your data is being held hostage.

What is Ransomware?

Ransomware is malicious software that encrypts or otherwise blocks access to the data stored on a user’s computer or mobile device. The victim is then told to pay a “ransom” to have the files unlocked so they can be accessed once again.

While some simple forms of ransomware can be easily decrypted by a knowledgeable user, more advanced methods of encryption make it nearly impossible to retrieve the encrypted files without the private key needed to perform the task.

Ransomware attacks are usually launched via a “trojan” application, which enters a system through a downloaded file or a security vulnerability in a network service.

While operating system and networking companies regularly release updates to fix security flaws used by such trojan apps, many users fail to install the updates, leaving their machines and networks open to attack.

Once downloaded to your computer, the program then runs, locking the system, encrypting data or, in some cases, even making threats that appear to come from a law enforcement agency. (One user turned himself in after a malware app threatened to call the authorities about child pornography on his hard drive. He actually had child porn on the drive.)

No matter the type of ransomware, the goal of the evil payload is almost always to extort a payment of some sort from the victim. The amount of money demanded from individuals can be a substantial amount, but not financially crippling for the individual.

Tom’s Guide notes amounts have been reported to be in the range of $300 to $700 for victims in the United States, although amounts can vary according to the victim’s location.

Protecting Your Computer From Ransomware

There are several ways to protect yourself from ransomware, and we’ll take a look at each one in this section.

We’ll look at how “smart computing,” keeping your computer and other connected devices updated, and running anti-virus and anti-malware apps can help you keep your system running clean and green, keeping your personal or business data from possibly being lost forever.

1 Practice Smart Computing

Always practice smart computing.

When I say that, I mean that you should always think twice about opening emails or email attachments from unknown parties. Never click a link found in an email, even if it appears to be from someone you know.

When browsing the web, use common sense and stay out of the darker corners of the web. (Like my doctor, Vinnie Boombotz says, “If you break your arm in three places, stay out of those places!”) Sure, the lure of free movies and music can be enticing, but think before you click.

Never install an application on your computer or mobile device unless you’re absolutely certain of the source of the app. If possible, restrict app downloads to those from known sources, such as the Windows Store, the Mac App Store, the iOS App Store and Google Play.

Mac and Windows owners may find this rule a bit tougher to follow, due to the plethora of app sources available on the web, but at the very least, be sure of the websites you’re downloading from.

Always make sure you show file extensions on your computer. This will help you identify the types of files you’re viewing. Be wary of clicking files you’re not sure of, especially if they show file extensions like “.app,” “.exe,” “.vbs” or “.scr.”

2 Keep Your Computer or Mobile Device Updated

One of the most important things you can do to protect your computer or mobile device from threats like ransomware is to keep it updated, regularly installing the latest updates. The best way to do so is to turn on automatic updates, so your device will keep itself updated and patched against the latest threats.

Luckily, Microsoft, Apple and Google usually react quickly when security flaws are exposed, often releasing a fix for the security holes within days. Android users can still be exposed, however, due to the various devices that run the mobile operating system, and the need for individual device makers to release updates for those many, many devices.

Windows 10

Windows 10 is easy to keep updated. Simply go to “Update & Security” in the “Settings” menu and make sure updates are set to install automatically. You can also manually install any available updates while you’re in this area.

Windows 10 Update Status

macOS

macOS is also easy to keep updated. On your Mac computer running macOS High Sierra or any recent version of the macOS operating system, do the following:

  1. Click the Apple icon you’ll find on the upper left-hand corner of your Mac’s Desktop.
  1. Click “System Preferences.”
  1. Click the “App Store” icon.
  1. On the App Store screen, make sure the “Automatically check for updates” and the “Install system data files and security updates” boxes are checked.
macOS App Store Updates

Your Mac will then notify you when an update is available. You can then load the Mac App Store app, click the “Update” tab and click the “Update” button for the macOS update. The app will download and install. Your Mac may reboot a few times during the installation, and it may take awhile.

You can also manually check for a macOS update by loading the Mac App Store app and clicking the “Update” tab, where your Mac will automatically check for any available updates.

macOS Updates

Android

Before updating your Android device, make sure it is fully charged and connected to a charger. These updates can take a while, so power is important.

You’ll also want to be connected to the internet via a Wi-Fi connection. Otherwise, you’ll be eating up some of the data on your cellular plan, and a Wi-Fi connection is usually faster.

In addition, before updating your device, make sure you have a recent backup. (Backups are also handy to have if you need to restore your device in case of a ransomware attack. I’ll talk more about that in the next section.)

On your Android device, tap the “Settings” icon. In the Settings menu, look for and tap “About phone,” or the equivalent for your device and version of Android. (These can differ, as manufacturers are allowed to customize and modify the menus on the devices they sell.)

Android Settings

In the “About phone” menu, tap on the “Software Updates” or equivalent menu option.

Android Phone Status System Updates

You’ll see the Software Update screen, which will either tell you that your device is up to date, as seen here, or that there is an update available. If an update is available, tap the “Install Now” button to download and install the update.

Android Check for Update

iOS

When an iOS update is ready, your iPhone, iPad or iPod touch will notify you. When you see the prompt, simply tap the “Install Now” button in the notification.

You can also manually check for and install an update by plugging your device into its charger, making sure you’re connected to the internet via Wi-Fi and doing the following:

  1. Tap the “Settings” icon on your device’s Home screen to enter the Settings app.
  1. Tap “General” in the Settings menu.
iOS Settings General

3. Tap “Software Update” in the General menu.

iOS Settings Software Updates

4. Your device will check for an available Software Update.

iOS Software Update Checking for Update

5. If an update is available, tap “Download and Install.”

iOS Software Update Download and Install

6. Depending on how much free space you have remaining on your device, you may be asked if it’s okay to temporarily remove apps to make space for the update files. Tap “Continue.” iOS will reinstall any apps it removed once the update has been completed.

7. To update iOS now, tap the “Install” button. If asked, enter your passcode. The update will begin, your device will reboot and prompt you for your passcode once the update has finished.

3 ​Backup, Backup, Backup!

I can’t stress strongly enough the importance of backing up your computer or mobile device on a regular basis. Always, make use of a backup solution that will back up your data on a scheduled basis to an external drive.

Time Machine, which is built into macOS, is a great solution for Mac users, while Windows 10 users can take advantage of the built-in Backup and Restore app. Carbon Copy Cloner is a popular option for Mac users who want to make an image of their drive.

macOS Time Machine Back Up

Also, while a local backup is a great idea, a cloud backup is also an option you should strongly consider, which, in addition to offering a way to restore data in case of a ransomware infection, also provides a way to recover your data in case of a fire or other disaster that might destroy your local backup.

macOS Back Up

For mobile devices, users can make use of cloud backup services like iCloud for iOS, or Carbonite and Backblaze for both iOS and Android devices.

iOS iCloud Back Up

iOS users can also back their devices up to their Mac or Windows computer by connecting their device to their computer via a Lightning cable and using iTunes. Similar device-to-computer solutions are available for Android users.

​4 Use Antivirus and Anti-Malware Apps

Never, EVER connect to the internet on your computer or mobile device without running some type of antivirus and anti-malware software.

In this section, we’ll take a look at the options available to protect your Windows, Mac, iOS and Android devices from threats.

It should be noted upfront that while there are plenty of antivirus and malware scanning apps available for Windows, macOS and Android, there are much fewer available for the iOS platform.

This is due to how Apple keeps the iOS operating system locked down as a closed system, only allowing installation of apps via the Cupertino firm’s App Store. Many of the malware threats to the iOS platformhave been limited to “jailbroken” devices.

Windows Defender (Windows 10 Only)

When you install and run Windows 10 for the first time, Windows Defender is automatically enabled, offering you basic protection from online threats such as viruses and malware.

The app offers real-time protection against viruses, malware and other threats. It also offers the ability to scan your computer’s hard drive for threats.

Windows Defender Windows 10

Many users are pro-Defender since it’s included as a part of Windows, it automatically protects a new Windows installation and it’s relatively easy to use.

However, other users argue that Defender is not a viable way to protect a computer, as its features are limited compared to other antivirus packages, and it’s an attractive target for hackers due to its wide use (much like Windows itself became an attractive target due to its popularity.)

If you’re looking for simple, easy-to-use protection for your computer, Defender may prove to be enough for your needs. In April 2017, independent IT-security institute AV-Test found that Windows Defender caught 99.9% of “widespread and prevalent” malware, and 98.8% of zero-day attacks.

However, you should be advised that there are better options available. I’ll share some of my favorites below.

For more information, visit the Microsoft website.

BitDefender (Mac, Windows, iOS, Android)

BitDefender for Mac and Windows is a reliable security application, offering protection against malicious websites, a built-in password manager and even a secure browser for use when you want to protect online financial transactions and other security-sensitive online activities.

BitDefender (Mac, Windows, iOS, Android)

In addition to real-time virus and malware protection, as well as scanning capabilities, the app provides an anti-phishing module that will warn you when there are malicious links in your search results and even block access to dangerous websites.

Bitdefender on the iPhone and iPad offers only limited functionality, allowing you to check to see if any of your email accounts have been leaked, and an anti-theft module that allows you to locate, lock or wipe a lost or stolen device, which is already possible via iCloud.

In my humble opinion, the app isn’t worth the download, though you may feel differently.

Bitdefender for Android offers much more protection than the iOS app does. The app offers malware scanning, e-mail account security, the ability to lock your apps with a PIN, real-time protection for Chrome and default Android browsers, the ability to track, lock, and wipe your lost or stolen device, and more.

This version is a pay-for-play app, but it offers a 14-day free trial, so you can try it out without putting any money on the table.

For more information, visit the Bitdefender website.

Avast Antivirus (Windows, macOS, Android)

Avast Antivirus is free antivirus protection for Windows and macOS machines. The free version provides protection against viruses and malware using both real-time and hard drive scanning methods.

It scans your Wi-Fi network for security issues and intruders, and also stores your passwords for use on websites.

Avast Antivirus (Windows, macOS, Android)

Avast offers paid solutions as well, which adds features such as anti-phishing protection, spam email blocking, a firewall, webcam spying blocking, file shredding and more.

Avast Antivirus 2018 is available for Android devices. The ad-supported app (the ads can be removed with an in-app purchase) scans Android devices for malware and protects users from phishing attacks sent through email, phone calls, websites and SMS messages. The app also provides a PIN-protected photo vault, anti-theft features and more.

For more information, visit the Avast website.

Malwarebytes Anti-Malware (Windows, macOS, Android)

No matter which antivirus solution you select for your Windows, Mac or Android device, I strongly suggest you also install the Malwarebytes malware scanner.

Malwarebytes is designed for one thing, and one thing only: detecting malware that might be hiding on your device.

Malwarebytes Anti-Malware (Windows, macOS, Android)

The free version of Malwarebytes for Mac and Windows scans your computer’s hard drive for malware threats (and does it quite quickly). Most of the scans I perform on my Mac run for around 3 minutes or so.

If any malware is detected, the malware files are “quarantined” in a special directory created by Malwarebytes. Users can then view which files were quarantined and even delete the quarantined files with the click of a button.

Malwarebytes Anti-Malware (Windows, macOS, Android) Quarantine

The premium version also offers real-time protection against threats. If you’re budget-challenged, the free version will likely provide sufficient protection – just be sure to run the scan periodically.

A free trial period provides all of the premium features for 14 days.

Malwarebytes for Android checks for ransomware, malware and junk files, and also scans for malicious code. It scans for malicious links in emails, texts, websites, Facebook and WhatsApp. In addition, it detects apps that may be tracking your location, attempting to monitor your calls or charge you hidden fees.

The free version of this app does a great job of scanning your Android smartphone or tablet, and does it quickly, meaning you might be more apt to run the app for a scan from time to time.

For more information, visit the Malwarebytes website.

CRAP! I’ve Been Hit by Ransomware! Now What?

Your computer has been hit with ransomware, and now you’re faced with paying the ransom and hoping like hell that the bad guys will give you the key to unlock your precious data.

Don’t do that – only pay as a last resort. There is a good possibility you can recover your data without paying up.

1 Scareware (Windows and Mac)

Some ransomware is relatively easy to remove. “Scareware” browser screens that claim you have child porn on your hard drive and that your computer is locked are never true. (If you’re actually suspected of being in possession of child porn, the FBI will come knocking on your door, search warrant in hand, bright and early some morning. Just ask Jared from Subway.)

If you’re faced with this type of ransomware, you can usually shut it down by using force-quit on a Mac, or the Windows Task Manager on a Windows machine, to close the browser.

Then you’ll need to run an antivirus and/or malware detection application to remove the files causing the issue. That should clear this pesky critter from your machine.

2 ​Ransomware (Windows)

If your Windows machine is hit by real ransomware and you’re unable to access your data, or even unable to boot your computer to the Windows Desktop, try to do a System Restore to roll your system files to a point before they were infected.

Note: System Restore must have been enabled beforehand, but the good news is that Windows enables it by default, so unless you’ve changed the settings, you’re good to go.

To perform a System Restore in Windows 10, do the following:

  1. If your computer can boot to the Windows login screen, hold down your Shift key on your keyboard, click the power icon and select “Restart.”
  1. Your PC should then reboot to the recovery screen.
  1. Click “Troubleshoot.”
  1. Click “Advanced Options.”
  1. Click “System Restore.”
  1. Wait for the process to complete.

If you can’t access the recovery screens, you can use the USB stick or DVD you installed Windows from to boot the PC to access the recovery tools. You’ll need to click the “Repair Your Computer” option if you have to go this route.

If running System Restore doesn’t do the trick, try running a virus scanner from a bootable disc or USB stick. Bitdefender, Avast and many other antivirus software companies offer scanners that can be used in this manner.

I highly recommend creating a rescue disc or USB stick with apps that can help you in situations like this. Note to self: Write an article telling you how to create a rescue disc/stick.

This is the bad news part of this section: if you have no luck trying any of the above, you will likely need to perform a full restore from a backup or perform a clean reinstallation of Windows.

But, the good news is that you have a good backup of your hard drive, containing all your files, right? Right? Be sure to scan the backup for malware before restoring. No sense in starting this whole thing all over again. (If you need a refresher on backing up your computer, I suggest that back up a bit to the Backup section of this article. BEEP! BEEP! BEEP!)

If you get “lucky” enough to be infected by malware, and it didn’t appear to have encrypted your data, but it still looks like you’re missing some files, the malware may have just hidden them.

Try the following:

  1. Open a File Explorer window.
  1. Click the “View” tab in the top pane.
  1. Click the “Hidden items” checkbox to select it. (A check will appear, showing that it is enabled.)

If your lost data shows up after opting to show your hidden files, you’re golden. Just navigate to “C:\Users\”, open the folder for your username and right-click each hidden folder. Open “Properties” and uncheck the “Hidden” box. Your data should once again be accessible.

3 Ransomware (Mac)

The Mac has had relatively few malware attacks compared to the Windows platform. However, as the platform has become more popular in recent years, it has become more popular with hackers looking for a quick ransomware hit.

In February 2017, the Findzip ransomware was discovered. Only a relatively few Mac systems were hit by the ransomware.

The bad news was, even if you did pay the demanded ransom to the parties behind Findzip, they couldn’t give you the key to decrypting your data. Other than a rather involved method of recovery procedure, the only way to get your data back was to restore from a (hopefully) unaffected backup.

Your best bet for recovery from a ransomware attack on your Mac is to have a recent backup of your hard drive, which can be used to restore your files after the ransomware is cleaned, either using an antivirus and/or anti-malware app, or via a reinstallation of the macOS operating system.

What Have We Learned?

Ransomware can infect your computer, encrypt your files and prevent you from accessing your data, forcing you to either pay the price in hard currency or lose the time you’ll spend restoring your system to its former glory.

1 Practice Safe Computing

Always think twice before downloading files from questionable websites, opening attachments in emails or downloading that pirated movie, album or game. Only install apps from known-safe sources, such as the Windows Store or the Mac App Store.

2 Backup, Backup, Backup

Always have a recent hard drive backup handy, just in case you are hit by ransomware. In addition to a local backup on an external hard drive or USB stick, also back your files up to the cloud. Offsite backups like cloud backups offer another layer of protection.

3 Keep Your Computer or Mobile Device Updated

Always keep your devices’ operating systems updated. Either set your computer to automatically update or periodically check for updates.

Both Microsoft and Apple regularly provide updates for Windows 10 and macOS, respectively. Updates usually only take a few minutes and pay dividends by providing patches for recently discovered security holes used by ransomware developers.

4 Use Antivirus and Anti-Malware Apps

Install antivirus and anti-malware apps on your device. Also be sure to keep the app and its definitions updated to provide the latest in protection for your system.

5 Don’t Panic

If your computer or mobile device is hit with malware, don’t panic. Follow the steps I’ve laid out in the paragraphs above, and you’ll have a good chance of recovering your stricken data.

Now, go forth and sin no more! Or, at least use protection.

 

Document Management from Storetec coming soon

Another great product coming to our cloud based product catalogue – StoreTec Document Management. Achieve an all-digital workplace with Document Management from Storetec. Easily upload paper documents into the Cloud, such as confidential and sensitive invoices or documents, and store them securely online with access to them 24/7, from any location.

The Paper Trail

It’s highly likely that you still have bits of paper in desk drawers, in folders and filed away in cabinets. And most of those documents are likely to include sensitive information about current or former employees, clients and past invoices that need to be kept for auditing purposes. We know you have a paper trail. Every business does. But what if you could digitise that paper trail and even locate those documents easily with OCR capabilities – a quick search and find feature?

Introducing Document Management

Document Management is just that. Everything is stored within the ultra-secure hosting platform and all your documents are accessible in mere minutes. Since the average office worker spends 2.5 hours each week looking for misplaced, misfiled or lost paperwork, using Document Management means you can save 10 hours per month on average without experiencing any hassle.

It’s a real space saver

Paper documents take up approximately 18% of modern office space – that’s a huge chunk of space that could be better spent elsewhere in your business. With Document Management, you can purchase up to 50,000 DSUs (Document Storage Units / Pages) for unlimited users. Plus, it’s competitively priced too.

Full encryption at your fingertips

With GDPR around the corner, your business doesn’t have to worry when it comes to their document storage, while security is a major factor too. Document Management keeps your files stored securely in a UK-based Tier-4 Data Centre with layers of hack-proof encryption, so your data is always safe in the Cloud.

No software to install

Document Management is available directly from a cloud hosting platform, so that means there’s no software to install.

If you need more info, or would like to register interest , let me know.

Symantec .cloud now available from PR PC Support

PR PC Support are pleased to announce that we have added Symantec .Cloud to our arsenal of cloud based products.

What is Symantec .Cloud ?

Defend your confidential and sensitive data with unparalleled email and web threat protection from Symantec. As one of the world’s largest malware research organisations, Symantec is a global leader in security and is backed by the industry’s most secure service level agreements. With an easy to use web-based management portal, Symantec.cloud blocks 99% of spam before it reaches your mailbox, defends against both known and unknown cyber threats and delivers a GDPR-ready solution for compliance.

Combines global intelligence with advanced scanning

With 568,000 web attacks per day and $5 billion (£3.7 billion) lost to financial email fraud over the last three years, protecting critical business data against cyber threats is vital. Symantec’s Global Intelligence Network is built upon the key information that millions of desktops, servers and networks house when they run any Symantec security product. This intelligence, combined with Skeptic Advanced Scanning technology, allows the Symantec.cloud family of products to learn from what it sees and to consider how any malicious content could be applied in a harmful way, providing protection immediately.

Why choose Symantec .Cloud?

BUILT-IN AV ENGINE FOR ULTIMATE PROTECTION
Protects and defends mailboxes against cyber threats, including zero-day threats, with industry leading security protection.

BLOCKS 99% SPAM
99% spam is captured before it reaches the mailbox, with 100% of emails delivered and 100% uptime availability, ensuring confidence in the software.

EASY CLICK FOR EMAILS
Supports users when they click an email link with speedy background checks to ensure link credibility and safe web browsing.

QUICK EMAIL AND WEB CONTENT SCANS
Symantec scans an email within 60 seconds and identifies whether it houses malicious content, while web content is scanned within 100 milliseconds, leaving you to maximise business productivity.

GOVERNMENT-BACKED PROTECTION
Symantec is used by many UK banks and the UK Government, so you can rest assured you’re using the best email protection software on the market.

For further information – contact me

The Worst Passwords of the last year

Everyone who uses a PC or Mac gets told not to use easy to guess passwords like “123456” or “password” . As it turns out – people obviously aren’t that bothered as they still use them.

Password management application provider SplashData on Tuesday released a list of the 100 Worst Passwords of 2017, compiled from more than 5 million passwords leaked during the year. For a fourth consecutive year, “123456” and “password” took the top two spots on the list.The list included plenty of other usual suspects like “qwerty” (No. 4), “football” (No. 9), “iloveyou” (No. 10) and “admin” (No. 11), along with some new additions, including “starwars,” which ranked as the 16th worst password of 2017.

“Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,” SplashData CEO Morgan Slain said in a statement. “Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.”

Other new additions to the list this year included “letmein” (No. 7), “monkey” (No. 13), “123123” (No. 17), “hello” (No. 21), “freedom” (No. 22), “whatever” (No. 23) and “trustno1” (No. 25). SplashData warned that using any of the passwords on the top 100 list “would put users at grave risk for identity theft.”

The company recommends using passphrases instead of simple passwords, mirroring advice earlier this year from the National Institute of Standards and Technology. Passphrases should include at least 12 characters and a mix of characters, including upper and lower cases, SplashData recommended. Users should also be sure to set a unique password for each website, and consider using a password manager.

Without further ado, here’s SplashData’s list of the top 25 worst passwords of 2017. To see the full 100, click here.

1 – 123456
2 – password
3 – 12345678
4 – qwerty
5 – 12345
6 – 123456789
7 – letmein
8 – 1234567
9 – football
10 – iloveyou
11 – admin
12 – welcome
13 – monkey
14 – login
15 – abc123
16 – starwars
17 – 123123
18 – dragon
19 – passw0rd
20 – master
21 – hello
22 – freedom
23 – whatever
24 – qazwsx
25 – trustno1

Signs your company has outgrown its free email solution

Free email is great when your company is first starting out. But its good to recognise the signs which tell you when when you have grown beyond the capabilities of your free email service and you need a more robust and secure solution. The business email requirements of a growing company are much different than those of a small startup. Whether you’re using Gmail or another free service, there are signs that indicate your business has outgrown free email.

These points indicate whether you should move to a paid solution or not…

1. Security
If you’ve experienced any sort of security breach — or are even worried about it happening — you need a more secure solution that offers increased, enterprise-class security capabilities.

2. Storage

Maximum storage has been reached : a very simple reason to upgrade because your free email has now become paid for. Storage space should never cause you to delete or change how you use your email, especially when paid solutions offer large stores of data.

The current state of email security
With new threats emerging daily, every organization needs an email security strategy.

3. Domain names
Using a custom domain for your business email is a vital way to ensure your business appears professional. For example, “yourname@yourcompany.com” has a lot more credibility than “yourcompany@gmail.com.” While free custom email addresses are available, they often leave you open to security threats, because the company you host through will likely have access to your data and other information.

4. Data Privacy
If you’ve ever felt the need to own and manage your email data, it’s time to move to a paid solution. Often, when you agree to free email terms, you’re granting the email provider permission to mine your data and send you ads—which is how their companies remain profitable while offering free services. Not only can this distract from your work, it also puts your company’s data at risk.

5. File sharing
Need to share files and collaborate securely with your team? Paid email solutions enable team-based collaboration and sharing without putting confidential company information at risk. Office 365 for example offers Microsoft Teams which is a great way to share files, chat, calendars etc.

Move to a secure and robust email solution that offers your growing business increased security, enhanced customization and a variety of features and capabilities to improve collaboration. Not only will this keep your company running smoothly and increase teamwork, you will minimise time spent on IT Services getting the best out of your ‘free’ solution.

PR PC Support offer both Office 365 and Microsoft Hosted Exchange. Speak to me about upgrading and migrating from free email to a secure, robust ad and spam free email solution.

 

 

Mail Services Offered by PR PC Support

We are pleased to be able to offer Microsoft Hosted Exchange mailboxes and all versions of Office 365 at competitive rates. If you are thinking of moving your email to a more secure, robust and protected mail service , or even if you currently have a Hosted Exchange mailbox or Office 365 licence – speak to me and see if I can get you a better deal for existing users or a competitive quote for new users.

All our hosted Exchange mailboxes come with free email signature software with each mailbox.

We also offer a Secure email service which works with most common email platforms.

For more information please browse below

 

Hosted Exchange

Office 365

Secure Email Messaging

BitDefender – AntiVirus

Download Brochures

Office 365

Secure Email Messaging

Acronis Backup Cloud

BitDefender AntiVirus

Shame, confusion among office workers spur record numbers to give in to ransomware

Posted by : https://businessinsights.bitdefender.com/shame-confusion-among-office-workers-spur-record-numbers-to-give-in-to-ransomware

By Filip Truta on Nov 03, 2017

Despite considerable efforts to educate employees on ransomware, many organizations still don’t know what to do if they fall victim to an attack. According to part 2 of Intermedia’s Data Vulnerability Report, a record number of employees and their employers are paying ransom.

Intermedia examined the security habits of more than 1,000 office workers and found that many employees draw a blank when they fall victim to ransomware. About a third admit they aren’t even familiar with ransomware.

“This lack of awareness, paired with massive global attacks such as WannaCry and Petya (and new strains popping up all the time like Bad Rabbit), is resulting in both employees and employers paying ransoms in record numbers,” according to the report.

Although 70% of office workers say their organization regularly communicates about cyber threats, employees aren’t always told what exactly to do if hackers seize their computer. Because of this, employees hit by ransomware sometimes take matters into their own hands, which can dramatically undermine their organizations’ security efforts.

In fact, the study shockingly reveals that employees shoulder the costs of ransomware payments more often than their employers – 59% paid the ransom personally, and 37% said their employers handled the payment.

In organizations where WannaCry was named as part of the cybersecurity training, as many as 69% of employees paid a ransom themselves. Intermedia suggests shame, as well as lack of knowledge, may drive employees to pay ransom themselves.

Other findings include:

  • Over 73% of Millennial workers affected by ransomware report paying a work-related ransom
  • 68% of impacted owners / executive management said they personally paid a work-related ransom
  • Small and medium-sized businesses are particularly vulnerable to ransomware attacks as they lack the resources, tools and/or training that larger organizations use to recognize, prevent and protect themselves
  • Ransom paid by office workers averages $1,400
  • Growth in ransomware attacks is directly linked to the increased willingness of victims to cough up ransom money

To mitigate the risk of falling victim to a ransomware attack, companies would be smart to employ a proven enterprise security solution trained in sniffing out not just ransomware, but any kind of malware.

Regular backups are also a good idea. In case of an attack, organizations can restore from backup with little or no harm to their operations and, ultimately, their bottom line.

With ransomware damage costs predicted to exceed $5 billion in 2017 (up from $325 million in 2015), and the General Data Protection Regulation just around the corner, doing nothing is no longer an option – neither for big corporations nor for small businesses.

Hackers Distribute Malware-Infected Media Player to Hundreds of Mac Users

Yet another software supply-chain attack hits popular applications.
Lucian Constantin
Oct 20 2017, 3:52pm
https://motherboard.vice.com/en_us/article/bj789w/elmedia-player-malware-hack-mac-trojan

Hackers managed to compromise the website of a company that develops several popular apps for Apple computers, distributing malware-infected versions of those apps to hundreds of users. Security researchers from antivirus firm ESET reported Friday that the free version of Elmedia Player distributed from Eltima Software’s website contained a macOS information stealing trojan known as OSX/Proton. The same malware was distributed earlier this year through another trojanized version of a popular macOS application called HandBrake.

Eltima told me in an email that hackers also managed to trojanize one of the company’s other applications, an internet download manager called Folx that also acts as a BitTorrent client. The Proton malware is capable of stealing a lot of data from infected computers including history, cookies, bookmarks, and log-in data from browsers; cryptocurrency wallets; SSH authentication keys; macOS keychain data; Tunnelblick VPN configuration data; PGP encryption keys and data stored in 1Password, a password management application.

Elmedia Player has 1 million users as of August, according to Eltima. The company provides free and paid versions of its software programs and distributes them through its website and through the Mac App Store. Only the installers for Elmedia Player and Folx downloaded by users from the company’s website contained the Proton trojan, an Eltima spokeswoman told me. “The built-in automatic update mechanism [of the applications] seems to be unaffected.”

The security breach happened Thursday and was discovered relatively fast by ESET who reported the incident to the software developer. The malicious installers were available on Eltima’s website for around 24 hours and were downloaded by almost 1,000 users. “Users who downloaded and executed the software on October 19 before 3:15 PM EDT, are likely compromised,” the ESET researchers said. On Friday morning, Eltima announced that both apps are now “safe to install and malware-free.”

The attackers don’t appear to have compromised the company’s development infrastructure, as happened recently with the developer of a Windows application called CCleaner. Instead, the hackers just managed to hack into Eltima’s website through a vulnerability in a JavaScript-based library called TinyMCE. The malicious installers were not digitally signed with Eltima’s Apple developer certificate, but with a different developer ID under the name Clifton Grimm. It’s not clear if this certificate was obtained from Apple by using a fake identity or if it was stolen from another developer. Gatekeeper, Apple’s first line of defense against malware, allows signed binaries to execute without warning by default, Patrick Wardle, director of research at Synack and a macOS security expert, told me in a Twitter direct message. Because of this, most Mac malware is now signed with stolen or fraudulently obtained Apple developer IDs, with the latter being much more likely, he said. “It appears Apple has a problem with ensuring only legitimate developer IDs are given out,” Wardle said.

Apple revoked the misused Clifton Grimm certificate after being alerted by ESET and Eltima, but users who downloaded and executed the rogue Elmedia Player and Folx installers before this happened didn’t get a Gatekeeper warning. At installation, Proton displays a fake password authorization window in order to gain system administrator privileges. It’s not unusual for legitimate applications to request such access, so users might easily be tricked into inputting their password. There is some evidence that this new attack might have been perpetrated by the same attackers who compromised a legitimate download server for the HandBrake video converter application in May and distributed a malicious version of that program to macOS users.

In both cases, the trojanized installers infected computers with Proton and in both cases the malware’s command-and-control servers used domain names similar to those of the compromised software. The difference is that the rogue HandBrake installer was not digitally signed, meaning that users would have had to override Gatekeeper manually in order to install it.

To determine if they’ve been infected users can search their systems for the presence of the following files or directories: /tmp/Updater.app/, /Library/LaunchAgents/com.Eltima.UpdaterAgent.plist, /Library/.rand/ and /Library/.rand/updateragent.app/. If any of them exist, Proton was installed, according to ESET.

“As with any compromise with an administrator account, a full OS reinstall is the only sure way to get rid of the malware,” the ESET researchers said. “Victims should also assume that the secrets outlined in the previous section are compromised and take appropriate measures to invalidate them.”

Software supply-chain attacks pose a very serious danger because they abuse the existing trust relationship between users and software developers. These attacks can happen in several ways and can be very hard to detect and prevent. Attackers recently managed to distribute infected versions of CCleaner—a Windows system optimization tool—to over 2.2 million users after hacking into the program developer’s infrastructure. Last year, attackers hacked into the website of popular open-source Transmission BitTorrent client on two separate occasions and distributed infected installers to macOS users.

In order to compromise Macs, attackers need a way to get malicious applications onto them, and hacking into a legitimate developer’s website to surreptitiously trojanize a popular app is a great way to achieve this, Wardle said. We’ve seen attackers use this mechanism before, so it won’t be surprising if they continue to rely on this attack vector, he said.

KRACK attacks – is your Wi-Fi at risk ?

Here’s what its all about and what to do

The latest bug to hit with its own logo called the KRACK Attack. KRACK attacks mean that most encrypted Wi-Fi networks are not as secure as you think.
KRACK works against networks using WPA and WPA2 encryption, which these days covers most wireless access points where encryption has been turned on.
An attacker within Wi-Fi range could, in theory, sniff out some of the encrypted traffic sent to some of the computers in your organisation or home. Even if an attacker can only “bleed off” small amounts of traffic, in dribs and drabs, the end result could be very serious.

KRACK explained

KRACK is short for Key Reinstallation Attack, which is a curious name that probably leaves you as confused as we felt when we heard about it, so here’s our extremely simplified explanation of what happens (please note this explanation covers just one of numerous flavours of similar attack). At various times during an encrypted wireless connection, you (the client) and the access point (the AP) need to agree on security keys.
To do so, a protocol known as the “four-way handshake” is used, which goes something like this:
(AP to client) Let’s agree on a session key. Here’s some one-time random data to help compute it.
(Client to AP) OK, here’s some one-time random data from me to use as well.
At this point, both sides can mix together the Wi-Fi network password (the so-called Pre-Shared Key or PSK) and the two random blobs of data to generate a one-time key for this session.
This avoids using the PSK directly in encrypting wireless data, and ensures a unique key for each session.
(AP to client) I’m confirming we’ve agreed on enough data to construct a key for this session.
(Client to AP) You’re right, we have.

The KRACK Attacks (with numerous variations) use the fact that although this four-way protocol was shown to be mathematically sound, it could be – and in many cases, was – implemented insecurely. In particular, an attacker with a rogue access point that pretends to have the same network number (MAC address) as the real one can divert message 4 and prevent it reaching the real AP. During this hiatus in the handshake, the client may already have started communicating with the AP, because the two sides already have a session key they can use, albeit that they haven’t finalised the handshake. This means that the client will already be churning out cryptographic material, known as the keystream, to encrypt the data it transmits.

To ensure a keystream that never repeats, the client uses the session key plus a nonce, or “number used once”, to encrypt each network frame; the nonce is incremented after each frame so that the keystream is different each time. As far as we can determine, all the KRACK attacks involve reused keystream material accessed by “rewinding” crypto settings and thus encrypting different data with the same keystream. If you know one set of data you can figure out the other – that’s the best case; some cases are worse than that because you can as good as take over the connection both ways.

Back to the handshake

At some point, the real AP will send another copy of message 3, possibly several times, until the rogue AP finally lets the message get through to the client.
The mathematical certainty in the protocol now meets cryptographic sloppiness in its implementation.
The client finalises the handshake at last, and resets its keystream by “reinstalling” the session key (thus the name of the attack), and resetting the nonce to what it was immediately after stage 2 of the handshake.
This means the keystream starts repeating itself – and re-using the keystream in a network encryption cipher of this sort is a big no-no.
If you know the contents of the network frames that were encrypted the first time, you can recover the keystream used to encrypt them; if you have the keystream from the first bunch of network frames, you can use it to decrypt the frames encrypted the second time when the keystream gets re-used.
Even if attackers are only able to recover a few frames of the data in any session, they still come out ahead.
Gold dust sounds less valuable than a gold ingot – but if you collect enough gold dust, you get to the same value in the end.

What to do

Changing your Wi-Fi password won’t help: this attack doesn’t recover the password (PSK) itself, but instead allows an attacker to decrypt some of the content of some sessions.
Changing routers probably won’t help either, because there are numerous variants of the KRACK Attacks that affect most Wi-Fi software implementations in most operating systems.

Here’s what you can do:

Until further notice, treat all Wi-Fi networks like coffee shops with open, unencrypted, wireless.
Stick to HTTPS websites so your web browsing is encrypted even if it travels over an unencrypted connection.
Consider using a VPN, which means that all your network traffic (not just your web browsing) is encrypted, from your laptop or mobile device to your home or work network, even if it travels over an unencrypted connection along the way.

Apply KRACK patches for your clients (and access points) as soon as they are available.

Simply put, if you ever use open Wi-Fi access points (or Wi-Fi access points where the password is widely known, e.g. printed on the menu or handed out by the barista), you are already living in a world where at least some of your network traffic could be sniffed out at will by anyone. The precautions that you take in those cases – why not take them all the time? If you always encrypt everything yourself, in a way that you get to choose and can control, you never have to worry what you might have forgotten about.

 

Unifi Networks were one of the first to release patches for their routers and firewalls – if you are interested in upgrading your wireless network to Unifi Enterprise grade – speak to me http://prpcs.co.uk/services/wifi-optimisation