Blog

Keeping your internet-connected devices free from malware and infections makes the internet safer for you and more secure for everyone. 

The Keep a Clean Machine campaign is an ongoing effort to help everyone understand the importance of protecting internet-connected devices from malware and infections – especially malware that connects your devices with botnets.

What Are Botnets? Botnets are networks of personal computers infected by malware and remote controlled by criminals. Botnets are used to send junk email (spam), attack websites and distribute more malware, among other things. 

The malware used by botnets can infect your computer, turning it into a “bot” or “zombie,” meaning your computer can become part of the botnet and help criminals do their dirty work. 

To learn more about botnets, visit Microsoft Security’s Botnet page and read the “Botnets 101: Everything You Need To Know” blog from StopBadware and the National Cyber Security Alliance.

Prevention:

Keep a Clean Machine 

· Keep security software current: Having the latest security software, web browser and operating system are the best defenses against viruses, malware and other online threats.
· Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
· Protect all devices that connect to the internet: Along with computers, smartphones, gaming systems and other web-enabled devices also need protection from viruses and malware.
· Plug & scan: “USBs” and other external devices can be infected by viruses and malware. Use your security software to scan them.

Know someone who feels the need to share every detail of their life on social media with little or no regard to who might be watching? Could this someone you, or someone close to you, such as a family member or friend? Posts about making big-ticket purchases, leaving for vacation for 3 weeks, or broadcasting their current location can make life easier for identity thieves.

So, what can you do to help make sure you aren’t putting yourself at risk? Consider being aware of the information you are voluntarily sharing and other information your devices might be sharing for you. Check out these 4 tips below!

1.) Review Your Privacy Settings
As social media evolves, so do privacy settings. According to the Better Business Bureau, (BBB), one of the easiest ways to help make sure you’re sharing more safely on social media is to check the privacy settings and policies for the sites you’re using throughout the year, on a regular basis.

2.) Turn Off Location-Based Apps
According to the Federal Trade Commission, most social media apps normally allow users to pinpoint their precise whereabouts with geolocation tags. Therefore, if you haven’t turned the setting off, when you post a status update from your home, you may broadcast your address to the world. This can make it easier for identity thieves to use your address as one of the necessary pieces of financial data to potentially verify and steal your identity. Turn off geolocation on all your apps or websites before posting your thoughts on social media. If you need instructions on how to do this, simply Google the steps based on each application whether it’s for an iPhone, Android, Chrome, etc.

3.) Very Personal Information Should be Kept Offline
While most people KNOW to keep information such as their Social Security numbers private, the growing body of information posted online could be used against you. According to the Better Business Bureau (BBB), personal facts such as your full name, date of birth, current employer, names of your family members, and your home address may also make it easier for identity thieves and hackers to make use of this information.
Taking it a step further, even information that we share in passing can also be used by cyber criminals to answer your password retrieval questions. According to the Federal Deposit Insurance Corporation, you should also rethink sharing your marital status, name(s) of your pet’s, the schools you attended and even your hometown on social media.

4.) Rethink the Photos You Post
Though it is natural to want to share good news with your networks on social media, just be conscious of how much of it you are sharing. Let’s take getting a new driver’s license for example, if you search the hashtag “driverslicense,” on Instagram, you may see a lot of smiling faces waving that new license, and the personal information on it. So, next time you’re uploading a photo, just take a few moments to make sure that there is no personal information in sight.

Bottom Line
Although, it can be tough not to be able to share everything good or bad happening in your life on social media, making sure that these steps are taken may help you limit the risks of having your identity compromised. It’s just better to be safe then sorry when it comes to oversharing online.

What is VPN?
A VPN (Virtual Private Network) is a connection method that allows you to access the web safely and privately by routing your connection through a server and hiding your online actions.

How does it work?
You start the VPN software from your device to connect to a VPN server, which can be located in the United States or another country. The VPN software encrypts your data before your internet service provider (ISP) or Wi-Fi provider sees it. Your web traffic then passes back and forth through that server. The end result: your web activity, information and location are concealed from most websites.

Why use a VPN?
Now more than ever, it is important to be smarter and safer while using the internet. Plus, don’t you want to go online without being tracked, monitored and identified?

When you connect to a public Wi-Fi network, you don’t know who might be monitoring the traffic on that network. It is possible that the network is operated by someone who is after your personal data such as passwords, banking data, credit cards and other sensitive information.
Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust. Whether it’s a friend’s phone, a public computer, or a cafe’s free Wi-Fi—your data could be copied or stolen. Therefore, it is best if you use a VPN to connect to a public Wi-Fi network since it encrypts your traffic and no one on that network will be able to intercept your data.

Using a VPN provides:

More privacy – Connecting to a VPN hides your real IP address. Your connections cannot be linked to you or your device.

More security – VPN connections are secured and safe from hackers since all of your internet activity is encrypted and unreadable in transit. It will protect the data you transfer over public Wi-Fi.

More website access – You can get around websites blocked based on IP address.

More anonymity – Given that your true IP address is hidden, you’re unidentifiable online because you’re constantly using a different IP address and never your own. The online destination sees your data coming from the VPN server so it typically appears as if you’re in a different part of the world.

Get a VPN
It is up to you to protect yourself and your devices. Antivirus software and password managers definitely help keep you safer, but a VPN is a powerful tool that you should have in your personal security toolkit. Whether you opt for a free or paid service, having a way to encrypt your web traffic is critically important in today’s connected world.

1. Implement Long Passphrases
   For many years, users have been adopting the practice of combining numbers and symbols to create stronger passwords, although, it didn’t take very long for cyber criminals to catch on. These hackers started substituting some letters in the word with certain numbers or symbols, such as ‘e’ with a ‘3’ and ‘s’ with a ‘$’. There are also automated tools available to easily crack simple substitutions like these. Users must often memorize dozens of difficult passwords nowadays, so most users would rather let their browsers remember them instead. These practices put password security at risk and therefore, you should consider implementing long passphrases. Choose the first letter of a phrase, length is key and the complexity is a plus.
2. Two-Factor vs. Multi-factor Authentication
   Two-factor authentication (2FA) has become a standard for managing access to corporate servers which users must now confirm their identity with a one-time code sent to their mobile device or using a personalized USB token. Two-factor and Multi-factor authentication solutions are used by businesses of all sizes seeking to keep confidential data secure. They can help to lower the likelihood of identity theft, as well as phishing scams, because criminals cannot compromise logins with usernames and password details only. Multi-factor authentication (MFA) is an additional security layer for businesses to address the vulnerabilities of a standard password-only approach. To be sure, here’s a great way to test: https://howsecureismypassword.net.
3. Ensure a Secure Connection
   There are currently a wide range of devices and places that can provide access to corporate networks, yet hackers can still steal passwords if employees use unsecured Wi-Fi connections or devices that don’t belong to them. In order to secure your Wi-Fi network, use a Wi-Fi Protected Access (WPA) 2 that applies stronger wireless encryption methods. For businesses with remote workers, consider providing a secure VPN connection for which users can securely connect to corporate servers, since all the traffic is protected through a VPN tunnel.
4. Add Advanced Authentication Methods
   While passwords are still the most commonly used method for authorization, there has been an increased tendency to start using non-password based and more advanced approaches. Instead of passwords, users can be authenticated using biometric verification, such as logging into an iPhone using a thumb print with Touch ID or for authenticating on a Windows 10 PC with facial recognition. These methods allow the system to identify users by recognizing their fingerprints, faces, irises, voices, or heartbeats.
5. Apply Password Encryption
   Encryption provides additional protection for passwords even if they are stolen by cyber criminals. There is a widespread tendency to use reversible encryption or apply only one-way encryption, but these methods are ineffective, because an attacker can obtain the password database and can easily crack and compromise the passwords. Instead, consider using an end-to-end encryption that is non-reversible. This way, you can protect passwords in transit over the network. Beware that it is dangerous to store password files in a plain text. There are many cases where hackers have been able to compromise an enterprise’s password database and got away with a wealth of unencrypted passwords.

Bottom Line
Stolen or weak passwords are still the most common reason for data breaches, so it is best that businesses, whether large or small should pay very close attention to password security policies and password management. By utilizing some of these recommended best practices, you can create an effective password security policy and provide stronger protection against unauthorized access.

Don’t get hooked!

Email phishing 101
Phishing is a type of online scam and easiest form of cyber attack, which can provide criminals everything they need to gain access to every aspect of your life. It is usually carried out through email that appears to be from legitimate companies to trick receivers into providing their personal information. The email usually includes a link that direct targets to malicious websites posing as legitimate sites and ask targets to enter their personal information such as credit card numbers, usernames, passwords, date of birth, etc.

Report phishing emails
Take a more proactive role to stop phishing by reporting them to the authorities. Forward spam emails to [email protected].

Phishing happens over the phone too!
Scammers are always looking for ways to get what they want to carry out fraud. With today’s technology, these crooks can make their phone numbers appear authentic (e.g. match the phone number on the back of an ATM card). Again, the objective is to get sensitive information.

Phishing quiz
Can you outsmart internet scammers? Take this quiz to find out  https://www.opendns.com/phishing-quiz/.

Avoid falling for a phishing scam
Use your own link. Do not click on the link included in the email. If you use a company and have a bookmark for the website, use that. Otherwise use a search engine to find the company’s correct site.

What to look for in a phishing email
1. Generic greeting. Phishing emails are usually sent in large batches. To save time, Internet criminals use generic names like “First Generic Bank Customer” so they don’t have to type all recipients’ names out and send emails one-by-one. If you don’t see your name, be suspicious.
2. Forged link. Even if a link has a name you recognize somewhere in it, it doesn’t mean it links to the real organization. Roll your mouse over the link and see if it matches what appears in the email. If there is a discrepancy, don’t click on the link. Also, websites where it is safe to enter personal information begin with “https” — the “s” stands for secure. If you don’t see “https” do not proceed.
3. Requests personal information. The point of sending phishing email is to trick you into providing your personal information. If you receive an email requesting your personal information, it is probably a phishing attempt.
4. Sense of urgency. Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim.

What to look for in a phishing website
1. Poor resolution. Phishing websites are often poor in quality, since they are created with urgency and have a short lifespan. If the resolution on a logo or in text strikes you as poor, be suspicious.
2. Forged URL. Even if a link has a name you recognize, it doesn’t mean it links to the real organization. Read URLs from right to left — the real domain is at the end of the URL. Also, websites where it is safe to enter personal information begin with “https” — the “s” stands for secure. If you don’t see “https” do not proceed. Look out for URLs that begin with an IP address, such as: http://12.34.56.78/firstgenericbank/account-update/ — these are phishes.