Back To School Cyber Security Tips

While we may want to ignore it, Fall is on its way. And that means back to school season is upon us. There are a lot of things to do to prepare yourself or your kids for the return to school. But when it comes to security, let’s make them as quick and easy as possible.

Online and device security may not be the first thing that comes to mind with the new school year, but more and more middle school, high school and college students have mobile devices, laptops, and online educational requirements. It is more important than ever that students protect their digital lives as much as adults.  

Here are a few easy tips to protect yourself or your kids when starting school.  

Create A Password For Your Laptop And Phone 
Most devices come with a password option that requires you to enter or code or use your fingerprint (or your face for iPhone X). Ensure that you have this enabled for your phone and laptop. And remember to lock your computer every time you leave it alone.  

You can also physically lock down your computer by investing in a cable lock, which allows you to secure it to a desk. This is helpful for college students who are working in coffee shops and libraries that are open to the public.  

Use Multi-Factor To Secure Your Email 
Our email accounts are the hub of our online lives. And this is no different for students. Think of all the sites you use your email address for, and the network you’ve built with it.  

Because of this, it’s essential to never share your email password. This is not like a Netflix password that many have decided is acceptable to share. Your email password is truly for your eyes only.  

For extra security, enable multi-factor authentication (MFA) for your email account. This adds an extra layer of security by requiring you to enter your password and provide an additional form of authentication – usually a text message, or a code from an app (Such as Google Authenticator). Enabling MFA means that even if someone gets your email password they won’t be able to log in without that additional form of verification.  

For more information on how to better secure your email, check out our post on Email Security

Be Careful Of Public Wi-Fi
Students often use public Wi-Fi when working in libraries, cafes or other places on campus. It’s important to limit your access to sensitive accounts, like banking, when on public Wi-Fi. Consider using a VPN when using Wi-Fi as well, which allows you to browse anonymously.  CyberSec Industries can recommend a vetted VPN service that is easy to use and meets all of today's security standards. 


Update Software
It can be annoying when software update notifications continue to pop up on your screen. They always seem to come at the worst time, but they really shouldn’t be ignored. Shutting down browsers and your computer itself is often all you need to do to initiate updates for your computer.  

If you do see notifications, make sure you respond to them quickly. These updates include important fixes – sometimes addressing serious gaps in security or other issues.  

Backup Your Devices 
Loss and theft happen – no matter how careful you are. The best thing you can do is prepare by backing up your information. There are many cloud services that will back up your photos and documents automatically, so you don’t even need to think about it.  

Also, you can save sensitive information in a Password Manager – like copies of insurance cards, passports, and of course passwords. This information needs to be protected, so saving it in a Password Managers encrypted vault is your safest option.  

To recap, here’s a checklist to double check your cybersecurity:  

  • Set your computer to auto-lock. 
  • Set your smartphone’s pin code or fingerprint ID. 
  • Invest in a cable lock. 
  • Err on the side of caution when sharing online. 
  • Use a strong password for your email account. 
  • Don’t share your email login with anyone. 
  • Enable multi-factor authentication for your email account. 
  • Use a password manager  to manage your accounts. 
  • Generate unique passwords to avoid password reuse. 
  • Respond to all prompts to update your software. 
  • Restart your computer occasionally to ensure updates are completed. 
  • Use a VPN if you need to access personal accounts on open WiFi. 
  • Be mindful of the connection you’re using and what you’re accessing on that connection. 
  • Back up everything to an external hard drive, regularly. 

Malicious Ad Blockers Found in Chrome Store

If you have installed any of the below-mentioned Ad blocker extension in your Chrome browser, we recommend you remove it.

A security researcher has spotted five malicious ad blockers extension in the Google Chrome Store that had already been installed by at least 20 million users.

Unfortunately, malicious browser extensions are nothing new. They often have access to everything you do online and could allow its creators to steal any information victims enter into any website they visit, including passwords, web browsing history and credit card details.

Google immediately removed all of the following mentioned malicious ad blockers extension from its Chrome Store:

fakeadblockers

1. AdRemover for Google Chrome™ (10 million+ users)

2. uBlock Plus (8 million+ users)

3. [Fake] Adblock Pro (2 million+ users)

4. HD for YouTube™ (400,000+ users)

5. Webutation (30,000+ users)

CyberSec Industries also recommends that you clear your cookies on your browser if you had any of these extensions active. 

iPhone Apps Can Secretly Take Your Photo Without Alerting You

Your iPhone has a serious privacy concern that allows iOS app developers to take your photographs and record your live video using both front and back camera—all without any notification or your consent.

This alarming privacy concern in Apple's mobile operating system was highlighted by an Austrian developer and Google engineer, Felix Krause, who detailed the issue in his blog post published Wednesday.

Krause explained that that granting camera permission could enable iOS app developers to access:

  1. both the front and the back camera of your device,
  2. photograph and record you at any time the app is in the foreground,
  3. upload the recorded and captured content immediately.
  4. run real-time face detection to read your facial expressions

All of this without warning or alerting you. 

HOW TO PROTECT YOURSELF

Apple currently does not have a way to grant temporary permissions to access the camera, allowing apps to take a picture during a limited period of time, and then revokes it after that.

So until they find a fix for this, CyberSec Industries recommends to revoke camera access to apps you don't use the camera function for. Below are the instructions:

Camera-Access-Settings-iOS.jpg
  1. On your iPhone or iPad open Settings app.
  2. From the Settings menu tap on ‘Privacy‘ option.
  3. On the Privacy menu find the Camera option and tap on it.
  4. Here you will find a list of apps that already have access to your device’s camera. To revoke camera access simply turn off the toggle next to the app.

That’s it. By turning off the toggle you have stopped that app from access your device’s camera. Next time you want to use Camera in the app you can return to the Privacy menu and re-enable the toggle.

 

Major WiFi Flaw Hacks All WiFi Networks And Devices

Two security researchers have discovered a massive flaw in WiFi that affects just about every device we own.

The flaw relates to a security protocol called WPA2 that is designed to prevent outsiders from accessing our home WiFi networks and spying on us, or hacking into any connected devices.

Now that the vulnerability is out in the open it’s only a matter of days or weeks before companies start pushing out updates, but it’s a huge job and because it affects just about every gadget we use it’s going to be up to us as much as it is them to plug the holes and protect ourselves.

So what can you do immediately? Make sure that all your devices are up to date, and that means all your devices including routers, TVs, mobile phones, any smart home equipment you might have.

Apple, Google, and other major tech companies are rushing to get the patch to this flaw out as quickly as possible. Be on the look out for updates to your devices. Once you see that an update is avaible, update your device immidatly. 

Netflix Users Beware-There's a Scam After Your Credit Card Info

This phishing scam aims to trick Netflix users into revealing their credit card details to pilfer money, as well as use stolen credentials to hack into other online services or sell that data on the dark web.

The phishing attack starts with a Netflix branded email asking users to update their account details and has a link to direct them to a spoofed landing page asking for their email address and password. Once that has been entered the page then directs them to another page asking for them to update their credit card details, all while looking like a genuine Netflix page.
After that stage a message pops up congratulating the scammed users for updating their account, and presents a button for them to use to get back to a legitimate Netflix page; in reality they have unwittingly handed over their Netflix login credentials and credit card information.
 

Netflix-scam-679x920.png

As you see in the picture above, the email address that the email is sent from is NOT from Netflix. It’s always advised to check the email address of any email being set to you that asks for login details and to avoid clicking on any links that have the slightest hint of being dodgy about them. 

For more information about how to stay protected from phishing scams as such, contact us directly. 

 

How to Keep Hackers Out of Your Email in Four Steps

Typically we think of our bank and financial accounts as being the most important accounts that we want to protect. But where does your bank or credit card link back to? Your email. Email truly is the gateway to your most valued and private information. When you reset your password for any site – of high value or low — it goes to your email. If a hacker has control of your email, they can reset nearly any account that you have. So don’t skimp when it comes to your email just because you’re worried about losing or not having access. The alternative of having your email hacked is much worse! To step up your email security and make it hacker proof, start with these four tips:

1. Create a really strong password

It’s literally the key to nearly everything in your life, so the password to your email should be unique. You should never reuse passwords, especially when it comes to your email. Think of it like a key. Say you live in an apartment building with 50 units. What if your landlord gave the same key to all 50 tenants? That would be crazy, and you should think of reusing passwords as being equally crazy.

Besides being unique, make sure your password is random, long, and complicated. Complicated doesn’t to mean unrecognizable or not memorable. Think of a phrase that you can remember, like “Blue dogs win tall pizza” and make it complicated, with uppercase letters and symbols, so it becomes something like “Blu3d0g$W!nTA//p!zz@”. That password is certainly random (blue dogs!) It’s long with 19 characters, and it’s quite complicated for someone to hack, but is definitely easier for you to remember if needed.

2. Add two-factor authentication (2FA)

Two checkpoints are better than one, right? That’s the point of 2FA, which means that even if someone hacks into your email account, they would need your second device of choice (usually your smartphone) before they’re granted access. Visit the settings in your email provider and check out the options for two-factor. It only takes a few minutes to setup and you can make it easier by specifying to ‘trust’ certain devices, like your own phone, so it’s less hassle for you and un-hackable by others.

3. Outsmart security questions

Many hackers use information that they already know about you, like your mother’s maiden name or pet’s name, to recover your password and hack into your accounts. Avoid this by not using security questions for their original purpose. Use fake answers to those questions, spell the real answer backwards, or just write something random.

4. Take precautions outside your email

There are many things you can do beyond your email that will help secure it. First up – the devices where you access your email. Make sure you have a passcode (the longer, the better) on your phone and tablet, and a password on your computer, so there is yet another barrier to accessing your email. Next, let’s address the browsers where you log into your email. In case someone gets to your computer while it’s unlocked, change the settings on your browser so that closing the browser windows logs you out of accounts, rather than keeping you logged in.

Think of your email as the castle and you need to do everything you can to protect it. Start with these four steps, which won’t take much more than an hour of your day to setup. Also consider signing up for a password manager, if you haven’t already (ask us which password manager we recommend). This gives you a safe place to store that unique and very long email password you just created – and do the same for all of your other accounts, which will ultimately leave you less likely to be hacked.

 

Sonic Drive-In Credit/Debit Card Breach

If you've been to Sonic recently, you may want to go over your credit/debit card statement when possible. It has been reported that Sonic has been made aware of a breach affecting an unknown number of store payment systems. 

Credit/Debit card numbers and info have already been found for sale in underground dark web stores (from the following states: Texas, North Carolina, Arkansas, Louisiana, Virginia, Georgia and Washington state) . This breach has been recently reported and is still under investigation to see how large of a breach it actually is. 

CyberSec Industries advises that until more info is released, keep an eye out for any suspicious charges and report them immediately to your financial institution. 

For more info on this breach, check out this great article by KrebsonSecurity: Breach at Sonic Drive-In May Have Impacted Millions of Credit, Debit Cards

 

How Strong Is Your Password?

In today's day in age, your passwords are your keys to your digital front door. You want to ensure that they are strong and hard to crack or hacked. Below are some tips to follow to ensure your password(s) are strong and make it hard for the hackers to penetrate. 

1. Your password should include the following:

-Uppercase letters and lowercase letters intermixed. 
ex. PaSsWoRD

-Numbers should always be included. Having the numbers included in the word itself makes the password even stronger (not just at the end or beginning)
ex. PaSs1W0Rd

-Special Characters add an even better layer of protection.
ex. P@Ss1W0Rd#

2. NEVER use the same password for all of your logins. If someone gets or cracks your password, they now have access to all your logins. 

3. Your email(s) password should NEVER be used on any other logins. This password should be the most complicated one made. If a hacker gains access to your email, they pretty much have taken over your digital life (as in most logins require your email to be connected to it in case you "forget your password"). 

To have a full review of your Personal CyberSecurity (including social media access, email, PC/Mac, mobile device, etc), set up a consultation with our team today! 

Data Breach Leaks More Than 700 million Emails And Passwords

Have you changed your password to your email lately? Today might be a good day to do it.  It has been reported that 700 million emails and passwords have been leaked from an unprotected server used for spamming. Up to date, it is being considered one of the largest data breaches ever. 

Keep yourself protected by changed your email password now. CyberSec Industries recommends changing your password every quarter. Data breaches happen so often these days that changing your password quarterly would be keeping you ahead of the game.  We also recommend having a Password Manager help with this. Contact us for further info and for advice/tips on how to keep yourself further protected. 


Click the link below to learn more of this massive breach (Provided by Alex Hern, The Guardian)

Spambot leaks more than 700m email addresses in massive data breach

Homeland Security Warns Of Hurricane Harvey Email Scams

As most of the population are looking at ways to help those that have been affected by Hurricane Harvey, this is the time cyber criminals strike in full force. DHS has issued a warning to watch out for “malicious cyber activity” trying to take advantage of people's charitable giving after the hurricane. "Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a trusted source," the DHS warning said. "Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites."

CyberSec Industries recommends that you go directly to the legitimate website (via a Google search) instead of clicking on any attached links. This will ensure that you're going to the appropriate and legitimate website.  Feel free to contact us for further advice or tips. 

Click the link below for the official statement from the Department of Homeland Security:

POTENTIAL HURRICANE HARVEY EMAIL SCAMS

Hackers spreading Adware virus through Facebook Messenger

Hackers are currently running an adware-virus spreading campaign through Facebook Messenger using fake clickable links.  Please be aware of what you're clicking (always verify with the sender if the link was indeed sent by them, through a text message or phone call). See the article below for further info on this current virus. 
 

 

Hackers spreading multi-platform virus via Facebook Messenger

Microsoft Issues 25 Critical Security Patches-Update Now!

Microsoft has issued 25 security patches that cover a multitude range of areas of vulnerability. Update your computer now to have these patches secure those areas.  See the article below for additional information on these patches.  

For installing security updates, simply head on to Settings → Update & security → Windows Update → Check for updates.

Microsoft Issues Security Patches for 25 Critical Vulnerabilities

Email Attachments In The Workplace: Are you checking them?

Do you trust the attachment that you supervisor sent over to you? Is it really from the person that the email states it's from? Most businesses that have been hacked into are because of irresponsible management of emails. See the link below on more information about this trending topic by Help Net Security. Have additional questions about this? Reach out to us for further info. 

Majority of workers blindly open email attachments