Top 5 Security Concerns For Small Businesses

Sixty percent of small businesses close within six months after a cyber-attack. That statistic comes from Rep. Chris Collins (R-NY), chair of the House Small Business Subcommittee on Health and Technology. Collins also said in a news release that nearly 20 percent of all cyber attacks are against small companies with fewer than 250 employees. Other security companies don’t just agree with congressional data; they think that the statistics are worse.

Security Concerns For Small Businesses

Security Concerns For Small Businesses

Verizon, in its most recent Data Breach Investigations Report, said that a whopping 72 percent of breaches that Verizon’s forensic analysis unit investigated targeted companies with fewer than 100 employees. For small businesses to protect themselves from cyber threats, they need to invest in virus protection and small business security tools. They should also focus their attention on five top Security Concerns For Small Businesses.

1. Email Security

Most email attacks start with a phishing scheme, which sends emails to people who work for small businesses. Within those emails, attackers embed links that could unleash a number of dangerous exploits that can severely harm businesses without security:

  • Ransomware. Small businesses victimized by ransomware find their computer files encrypted and locked. They’re asked to pay a ransom to an attacker, who promises to send an encryption key in exchange for the money, but the key never arrives. Businesses lose client information, financial records, and proprietary data forever.
  • Identity theft and bank fraud. Attackers might send a phishing email that looks like an urgent message from the employee’s bank. When the employee clicks the link and enters his or her login credentials, the attacker can empty the employee’s bank account, make purchases using the employee’s credit card, and open additional accounts using the employee’s identifying information.
  • Medical ID and insurance fraud. Cyber attackers use employee medical information both to obtain prescriptions and to bill insurance companies for medical services rendered. Victims receive either collection calls from doctor’s offices or notices saying that they’ve maxed out their health insurance benefits.
  • Backdoors. Malware downloaded from emails and installed on small business computers provide attackers with remote access to the computer and all of its files. Attackers can raid the company for information or hijack the computer to use in a DDoS attack.

2. Document Sharing

Many small business employees share documents online whether through email or through applications like Dropbox. Some small companies use tools like Office 365 or Google Apps to collaborate on company documents. However, if a cyber attacker obtains an employee password, all shared documents become vulnerable. Password managers can help employees both to design and to store complex tough-to-crack passwords.

3. Web Browsing

Attackers sometimes insert malware into legitimate websites. These attacks, called drive-by downloads, infect employee devices before spreading to the company network. Many virus protection programs scan websites, warning employees when links are unsafe to click. They also prevent other threats, like Java and Flash exploits, which give attackers an inroad to any small business network.

4. Mobile Devices

Mobile devices allow businesses to collect remote payments, and they allow employees to work from any location. However, lost or stolen devices could leave a small business network vulnerable to a data breach. Small businesses should protect their networks with tools that allow remote wipe of lost devices. Businesses that handle highly sensitive data, like patient health information, should encrypt both laptops and mobile devices.

5. Desktop Computers

Even though employees should know better by now, many still practice poor password security. They write their passwords on sticky notes and then adhere the notes to the bottoms of their computer keyboards. They might stick the notes to a highly visible corkboard, or share their passwords with their co-workers. Every desktop computer in a business should have antivirus software installed. Businesses should also have administrative password controls that allow managers to change passwords, delete them, or alter user access privileges.

Keeping Small Business Safe

Most small companies have limited financial resources and few IT personnel. A data breach or ransomware attack costs small businesses an average of $9,000 per incident. Investing in virus protection and other security measures cost much less than recovering from an attack. Small businesses are vulnerable enough to everyday obstacles. They can’t afford to be vulnerable to cyber attack.

6 Basic Things To Become A Good Hacker

Hacking had never been an easy work. Never! But still a lot of computer freaks want to be a hacker. Being a hacker is easy. What is tough is being a good hacker. Here I’m putting down some tips to be a good hacker. Having good skills in computers is an obvious thing that is required to be a hacker, so am not considering that below.

Hackers

1. Keep up to date

You gotta stay tuned with what’s new in the software market. Keep browsing for the latest software that can help you in hacking. After all, technology and science has made things easier so make use of them. Newer is the technology, faster is the work.

2. Be patient

Patience is a quality that every hacker should have in him. As they say, Rome was not built in a day, so is the case with hacking. If you think hacking someone’s profile or something is a task of a day or two, I’m sorry to say that you are mistaken! Hacking requires patience and of course it keeps checking it too, for in some cases it may take about a week or two to hack a profile!

3. Be a good observer

This quality will help you in making guesses. A good observer is one who observes things very carefully and keeps them in mind for you never know what is next and whenever it’s gonna help you. So, whenever you visit someone’s ,let’s say, facebook profile, observe things carefully like what music, movies, pages on facebook, etc. does the person likes.

4. An excellent guess-maker

After capturing details of a person from his/her facebook profile, your main target to hack is his/her primary e mail address. There is the test which decides how good you are at making guesses. Well, I’m not saying that make guesses for the passwords, but you can try for answers of the security questions. And the details of that person have the maximum probability to have answers hidden in them.

5. Never neglect small things

By small things I mean the things that you may have never thought of paying any attention to them, this is where you are mistaken. Well, even a small and un-necessary detail about the individual can prove to be of a great worth later on. This thing is interlinked to the quality of being a good observer and thus to the guess-making.

6. An effective convincer

You should have very good convincing skills so that you can make your target to log in on your phisher. Well, it’s a bit tough task to convince the person on the other end, but yes if you are a high class convincer, you are half way through.

Always remember – While you are hacking don’t think of any kinda guarantee that you’ll surely penetrate through someone’s account or else. Sometimes you have to taste defeat too. As they say, where there’s a will, there’s a way, so, try for an alternate method. Like, if your guessing method has failed many times, go for phishing method. If that too fails, try remote key logger. Well, there are many ways to hack something and one of them will surely work unless your target is very intelligent and has a good knowledge of computers too.

Try avoiding – Being over-confident is what you are not supposed to be. Don’t ever underestimate your target and take him/her as a fool. Always plan for the future and for your alternate hacking method that you’ll choose if the current one fails. One more thing you should avoid is publicizing yourself and your hacking skills and techniques.
Mind it.

If you are a good hacker, everyone knows your name; but if you are great hacker, no one knows who you are!!!

This article is written by Bharat Chauhan. He likes coffee and Pepsi very much, cause those are very good source of caffeine instead of doing drugs. If you wish to write for us, kindly check this.

Email and Internet Security [Simple Guide]

A computer user has to be aware of the incredible dangers lurking on the internet. Here are the two computer viruses causing the most damage in the digital land. Included are suggestions on how to deal with them in the most efficient way.

Downloader.Agent.Family – 26% of coverage

General Description

Trojans are programs that include in their code hidden features – harmful to the user’s computer system.

Principle of Operation

Trojans from downloader.agent.family group are self installing on your computer, in addition they download other Trojans or malicious files from the Internet on to your system, as well. Most Trojans run every time Windows starts using the system registry entries.

Email and Internet Security

Sample key:

HKLM SOFTWARE Microsoft Windows CurrentVersion Run

Trojan files can be placed into folders
Because of variety and different types, the list does not cover all possibilities, but her are the most common:

C: Windows

C: Windows system32

C: Windows Temp

Recommended Action

Immediate removal of the file before downloader.agent.family Trojan downloads and installs other Trojans. BitDefender software is right now the most effective tool in dealing with internet security threats.

Family Worm.Autorun – 23% of coverage

It uses worms to spread widely using a mechanism for Windows AutoPlay Media. Infected media (especially USB drives) contain specially crafted file autorun.inf which is responsible for automatically running specified applications when you connect the drive to your computer.

Here is a sample autorun.inf file used by the worm:

[AutoRun]

open = f7g.exe

shell open Command = f7g.exe

In this example, the system automatically starts the worm file named f7g.exe located in the root directory of the connected media.

Infection of the computer system in most cases is through stored copies of the file autorun.inf and a copy of the worm files in the main directory of all drives available in the system.

Additional mechanisms used by the worm

Depending on the version of the worm, it also activates a mechanism for hiding the fact that the system is infected in the first place. Some variants also create auxiliary processes in the computer system, whose task is to prevent a simple end of the worm’s execution code, even to remove the worm files from the disk. For this purpose, the processes are created with names similar to the names of system processes, such as:

C: WINDOWS svchost.exe

C: WINDOWS services.exe

C: WINDOWS servets.exe

Etc.

Most of the worms variations from worm.autorun are also capable of downloading recent versions of the infecting scripts.

The functions performed by the worm

The most common function is effected by a mass mailing worm, mail (spam). The infected system becomes a part of a botnet-u used for directing spam to selected target groups.

Recommended Action

Mailwasher is by far a leading software tool of any anti spam programs, most efficiently dealing with spam and email threats, by processing your mail on the remote exchange server, before allowing the messages to be loaded on your computer system or network.

Simple Tips To Secure Your Facebook Account

Getting Hacked is a nightmare! Especially if your Facebook account is hacked then it is worst of all. As a (Ethical) Hacker I know that it is really easy to hack anyone but at the same time it also easy to save your self. The following process will ensure your security on Facebook.

All you have to so to follow these simple steps after logging into your Facebook account:

#1: Goto your Account | Account Settings .

Account Settings

#2: Now Under “Account Security” section , Tick “Login Approval” .

Login Approval

#3: Click on “Set Up Now” .

Set Up Now

#4: Now give the “confirmation code” in the space give. The code will be sent in sms to your mobile.

Confirmation Code

#5: After giving the “confirmation code” . This message will appear, which means that setup is successful.

Setup Finished

HOW IT WORKS?

Now every time any unrecognised machine (Computer or mobile) will try to login your account they will have to give the “Confirmation Code” ,even if they have given correct password, and that code will be sent to your Mobile. Which means that even if anyone is having your Password, that person (Hacker) can’t log into your account.

HOW TO: Update WordPress Secret Keys

WordPress Secret Keys are kinda similar to passwords, harder the better. Which is tough to crack? This one “3gFi67dfads8FnU9” or something like “welcome”, “password”, etc.

In the WordPress 2.6, three security keys, AUTH_KEY, SECURE_AUTH_KEY, and LOGGED_IN_KEY, were added to ensure better encryption of information stored in the user’s cookies. WordPress Secret Keys are normally used for better Cookie Security. It makes cookies secure against attacks like when someone hacked into your database via an SQL injection exploit or some other tactics, etc.

Example of WordPress Secret Keys [Don’t Use This]

WP Secret Keys

The 8 security keys are AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, NONCE_KEY with respective salts AUTH_SALT, SECURE_AUTH_SALT, LOGGED_IN_SALT, and NONCE_SALT. They will make your site is harder to hack and crack by hackers.

These keys are required for the enhanced security. The four salts are recommended, but are not required, because WordPress will generate salts for you if none are provided. They are included in wp-config.php by default for inclusiveness.

Updating WordPress Secret Keys

Open wp-config.php file using any of your favorite file editor, I would recommend Notepad++. Find the default secret keys.

Now use the new Secret Code Generator for getting the secret keys, just copy and replace them. Don’t forget to save the file!

Also do remember changing these values will invalidate all existing cookies and logout all WordPress users (including admin) on your site. Who knows, even some hackers will lose their access to your account.

Updating WordPress secret keys is one of the most recommended WordPress Security Tips. If you are not comfortable with editing wp-config.php or facing any issues, you can ask someone you trust to do that for you, because simple mess in wp-config.php can collapse your entire site.

7 Best Tips To Keep Your Gmail Account Secure

Gmail is one of the most popular and user-friendly web based email on the Internet, and therefore the safety of your account is of paramount importance. Thus, it is necessary that you need to become security conscious and keep yourself away from the vicious eyes of the hackers. Since Gmail account allows you to gain access to many of the other resources like Google Adsense, Analytics, Orkut, Buzz, YouTube, Facebook, and much more, hacking your Gmail account can also damage all of these accounts. Earlier we provided tips for securing your WordPress blog and securing your Wireless Network.

This is best to follow the saying “Precaution is better than resentment and cure”, so let us learn some of the best 7 security tips to protect your account.

1. Keep the “always use https” option on

Since Google understands that using https improves the security of your accounts, keeping this ON is always better especially when you are accessing your Google account via a public network and thereby preventing others and hackers from eavesdropping into your account. It is possible to enable this option on by going to Settings > General > 5th Row and enable Always use https. This will help you to protect your identity safe and secure on a public network.

https - Gmail

2. Check your IP login session information regularly

Always keep track of your Gmail account activity by going to the bottom of the Gmail account page and check the “Last account activity”, which will show the details of the activity of when you accessed your account lastly. Even if hackers access your account after you, you will get to know, for only you know that your account has been hacked. This “details” also shows the other following information about how and when the account was accessed, like whether this is from the kind of the browser or mobile, etc. Including the IP address. So noting down the IP address when you are in doubt is a good practice.

IP details - Gmail

3. Choosing a unique security question

It is possible that a person who has a very good knowledge about you and your background information can easily find a way into your account using the secret answer to your security question for decoding the password. You will never get to know that they have accessed your password, using your password recovery secret question. So it is always good to keep them hard and not so easy to remember. In addition, it is good to reset the security questions and other password recovery options and recovery email address occasionally but regularly.

4. Back up Your Emails

If you are using Gmail as your primary account, it is a best practice to back up your account or emails as this may contain some important emails. Somehow, if your account gets compromised, it is always best to keep a copy of your emails elsewhere, as the hacker might delete all these important emails. So link your Gmail account with an email client and defeat the hacker or to a secondary email address.

5. Use unique passwords for each online service

When you are using a number of services that requires a password, use different password and do not lazily use the same password. This is because, for once the hacker gets into one of your accounts, say your Gmail account, then you are posing yourself at the risk of being hacked by the hacker of all of your other services also much easily and quickly than you could take a prevention measure at that instance.

6. Use keyscrambler to protect yourself from keyloggers

Keyloggers are sneaky little programs that can slip past the security software of your computer and is like a Trojan virus, hacks into your account by allowing the hacker to get all the information that you type back to the person who sent you this virus. The best way to protect your Gmail account from these Keyloggers is by using Key Scramblers, which is necessary to use software, and works awesomely simple.

7. Use Strong Passwords

The best you can do if you are reluctant or do not know how to use a password manager, is to check the strength of your password, and is always wise to use a unique password using a small tool from Microsoft strength checking tool and every time you change your password. This is much better than the password strength checking tool by Google.
Comments are appreciated!!

USEFUL : Tips For Creating Secure & Strong Passwords

This article is written by Praveen Sivaraman. He is associated with a hosting company which has a very good web hosting reviews.

Is Your Password Hackable? [INFOGRAPHIC]

Ask any expert a security tip, I bet the first tip would be ‘keep strong password’. Nothing replaces strong password. You can check this infographic to avoid the most common and dangerous passwords. You can also check Higher Resolution of this infographic.

Passwords Info

If you are using a weak password, I request you to make it strong, check the tips for creating a strong password.

[Image Credit]

Securing WiFi Connection – Basic Things

The benefits of the Internet are well known and people are now owning more than a single computer connected to the internet in their houses. This allows the entire family to stay online at the same time using laptops and desktops, but there are certain risks involved as well. The WiFi connection has to be secured from the very moment you set it up, otherwise people could hack into it and there are several detrimental effects associated with this situation.

Wifi security tips

1. Analyzing The Problem First

The problem is that when you first purchase the router you will be tempted to rush through the installation process and you could commit several errors. Even if the connection works smoothly for you, in the absence of certain security measures, the WiFi connection will be easy to hack even by people who don’t have an advanced knowledge in this field. It is important to know that securing your connection is a very easy operation if you follow some simple steps and you shouldn’t let the lack of experience have a deterring effect.

An unsecured connection will lead to extra charges and a decrease in speed, so the few minutes spent securing the connections are worthwhile. The first thing that you should do is to change the default name and password, because these are known by those people who would try to break into your WiFi connection. It is the first line of defense and one of the most effective ones for the little effort it requires.

2. Secure your WiFi connection

Modern routers are fitted with their own firewall which should always be activated to increase security and even used in conjunction to the ones available on your computer. These two actions are going to make the hackers’ mission increasingly difficult and it won’t take a lot of effort on your part. If your modem allows the WPA/WEP encryption don’t hesitate to make full use of it and the stronger the encryption you choose, the better secured the WiFi connection will be.

MAC addresses are the physical address of the computer and it pays off to activate the MAC address filter if you are using the same computers to connect to the WiFi. The MAC address is static and it can’t be changed, and as a result the router will only connect to the computers whose MAC addresses match. In this way, nobody else but the home devices will be able to connect to it which greatly increases the safety of the WiFi connection.

3. Other WiFi Connection Security Tips

Beside these rather technical safety measures, there are a few other ways to keep your connection secured and one of these is a smart positioning of the router. By placing it in the middle of the house rather than close to a window, the amount of signal that is lost to the outdoors is considerably less.

This has a two pronged effect, one being a faster connection thanks to the improved WiFi signal and the second is that you greatly reduce signal leakage to the outside.
Just as important and simple to apply is shutting down the network during the time you are not using it, which also translates in less energy consumption. Beside the cheaper bill, this action will give hackers considerably less time to attack your connection, which is pretty much a win-win situation.

This article is written by Loretta F. Austin. She writes also for slow-computer-solutions.org. If you wish to write for us, kindly check this.

Security Concern In United States [INFOGRAPHIC]

According to Unisys, identity theft is a leading concern of Americans, with seven of ten US citizens seriously concerned about this issue. National security represents the top area of concern for Americans, with two-thirds of US citizens seriously concerned about war and terrorism. This increase is possibly due to higher concerns related to the war or terrorism, identity theft and bankcard fraud, but concern increased for all aspects of security.

The recent Sony PlayStation Network security breach is an example, and also the hacking of European Space Agency (ESA) website. Unisys compiled an excellent infographic displaying all the major security concerns in United States of America.

Security Concern in US

HOW TO: Prevent Facebook Friends To Post On Your Wall

Everyday I used to get freaking SPAM wall posts, and seriously deleting them one by one annoys me a lot! Though Facebook is a secure and most popular social network, still such spammers find loop holes to create applications and ruin our profiles. If you encounter such fake application, I advise you to report them.

Our profile is, indeed, indirectly hacked and automatically posts some strange objectionable content on your friends’ wall and they are tempted to click on them.

You will now learn how to prevent your Facebook friends to write on your Facebook wall.

Disable Wall Post

Prevent Your Facebook Friend To Post On Your Wall

#1 – First go to Account | Privacy Settings.

Privacy - FB

#2 – Under Sharing on Facebook section, select customize settings.

customize settings

#3 – Now under Things others share section, disable Friends can post on my Wall. You can preview your profile to see the changes.

Uncheck Wall

Updated Settings

Go to Privacy Settings, under “How You Connect” choose “Only Me” for “Who can post on your Wall?”. As simple as that!

By this simple setting, you can save your time. We have lots of Facebook Tips here, to enjoy further tips you can subscribe us. 🙂