How To Keep Your Password Secure

How To Keep Your Password Secure

  • Make sure your password is long and strong. That means at least 12 characters. Making a password longer is generally the easiest way to make it stronger. Consider using a passphrase of random words so that your password is more memorable, but avoid using common words or phrases. If the service you are using does not allow long passwords, you can make your password stronger by mixing uppercase and lowercase letters, numbers, and symbols.
  • Don’t reuse passwords you’ve used on other accounts. Use different passwords for different accounts. That way, if a hacker gets your password for one account, they can’t use it to get into your other accounts.
  • Use multi-factor authentication when it’s an option. Some accounts offer extra security by requiring something in addition to a password to log in to your account. This is called multi-factor authentication. The “something extra” you need to log in to your account fall into two categories:
    • Something you have — like a passcode you get via an authentication app or a security key.
    • Something you are — like a scan of your fingerprint, your retina, or your face.
  • Consider a password manager. Most people have trouble keeping track of all of their passwords. The longer and more complicated a password is, the stronger it is, but a longer password can also be more difficult to remember. Consider storing your passwords and security questions in a reputable password manager. To find a reputable password manager, search independent review sites, and talk to friends and family for ones that they use. Make sure to use a strong password to secure the information in your password manager. KeeperSecurity & LastPass are just a couple options.
  • Pick security questions only you know the answer to. If a site asks you to answer security questions, avoid providing answers that are available in public records or easily found online, like your zip code, birthplace, or your mother’s maiden name. And don’t use questions with a limited number of responses that attackers can easily guess — like the color of your first car. You can even use nonsense answers to make guessing more difficult — but if you do, make sure you can remember what you use.
  • Change passwords quickly if there’s a breach. If a company tells you there was a data breach where a hacker could have gotten your password, change the password you use with that company right away, and on any account that uses a similar password.

Why businesses need DNS protection

DNS Protection

What is DNS protection?

Before we talk about DNS security, you need to understand the DNS. The domain name system (DNS) works like a phone book for the internet. When a user enters text into a browser, DNS servers take that input and translate it into the unique internet protocol (IP) addresses that let the browser open the desired site. But DNS protocols were never designed with security in mind, and are highly vulnerable to cyberattacks, such as cache poisoning, DDoS, DNS hijacking, botnets, C&C, man-in-the-middle, and more.

By redirecting users’ web traffic through a cloud-based, DNS security solution, businesses can finely tune and enforce web access policies, ensure regulatory compliance, and stop 88% of threats at the network’s edge—before they ever hit the network or endpoints.  If your business is like many others that have embraced remote workforce DNS Protection should absolutely be part of your network security plans.  DNS Protection can also secure your mobile workforce without interfering with the VPNs, firewalls, and other security tools you already use.

Why businesses need DNS protection

Uncontrolled internet access is a high-risk activity for any business, regardless of size.  DNS Protection helps protect you from wasted bandwidth, malware from sophisticated attacks such as ransomware and other cybercrime.

Per a report from EfficientIP, the average cost of a single attack was $715,000 USD. When you do the math, it’s clear how DNS Protection for servers, endpoints, and other networked devices could make all the difference to a business’ success (and survival).

What DNS Solution is best for my business?

Choosing a DNS protection solution doesn’t need to be hard.  There are several reputable options we can work with including Webroot DNS Protection & Cisco Umbrella.  These are 2 great solutions that offer up a DNS layered security to protect your workforce.  Don’t wait call us today. (561) 404-9251

Why use two-factor authentication (2FA) or Multifactor (MFA) with your VPN connection?

What is a VPN?

Virtual private networks (VPNs) have been a popular way for companies to provide their employees remote access to their private servers and network resources. VPNs create secure connections between remote machines and your servers allowing your users to stay productive when out of the office. VPNs reduce the risk that hackers can find and enter your servers while your employees securely work from home or anywhere for that matter.

While VPNs are great, they are far from a perfect solution and are subject to security threats, such as phishing attacks. For example, an attacker will often send a legitimate looking email to one of your employees and invite them to log into their account via a link in the email to update their information, pay a bill, or other…. The hacker only has to wait for the unsuspecting employee to enter their username and password. Once in possession of valid credentials, the attacker will be able to connect to your VPN as a legitimate user, gain access to your network, steal information or cause other types of damage such as deploying ransomware.

How 2FA two-factor authentication secures your VPN network

Two-factor authentication (2FA) reduces the risk that hackers can access your network using these stolen or compromised credentials. 2FA requires users to validate their identity by presenting a second security factor in addition to their password. When connecting to a corporate network, users must first enter their computer or VPN credentials, followed by a time-based one-time password (TOTP). This TOTP (usually a 6 digit numeric code) is displayed on users mobile phone in an application called an authenticator. Google Authenticator and Microsoft Authenticator are 2 popular and free apps compatible with both iPhone and Android devices.

2FA makes it extremely difficult to impersonate a user without having access to this second factor. This means that even if hackers were to steal all of your employees’ usernames and passwords, they still wouldn’t be able to access your VPN because they don’t have the 2FA code generated in the authenticator app.

How can I enable 2FA for my company’s VPN?

Every firewall and network is a little different and thus the configuration can vary dramatically. If you are interested in securing your network with 2FA please reach out to TMD Technology Services to assist you in determining the best path forward.

Aside from your VPN we highly recommend using 2FA on all your important accounts including email, banking, website and social media.

Top Scary Computer Hacks That Could Affect YOUR Business This October

Top Scary Computer Hacks That Could Affect YOUR Business This October: 2018 Edition

2017 was a terrible year for the digital world and 2018 ain’t no better. Think your computer is safe from potential hackers? You’re wrong. Ghouls and witches aren’t the only scary thing this October! Vicious Ransomware, Malware, and Viruses are on the loose, and if not taken seriously, could dangerously affect your computer.

1) Gandcrab Ransomware

Gancrab was first discovered January of this year. This pesky bug encrypted users’ files and extorted a ransom in Cryptocurrency (DASH In particular).

Soon, Gancrab v1 was stopped in its tracks at the end of February. A decryptor was created and distributed online. Letting victims re-obtain their files without having to deal with the ransom.

Within one week (March), Gancrab v2 was released in the digital world. Tougher than it’s sibling before. Evolved from ransoming Crypto to attaching itself to personal Email.

Gancrab v3 got personal and changed it’s victim’s desktop wallpaper to a ransom note:

“We are sorry, but your files have been encrypted!

 Don’t Worry, we can help you to return all your files!

Files Decryptor’s Price Is $900 USD

 If Payment isn’t made until (date) the cost of decrypting files will be doubled”

Scary hu? What a way to put pressure on the victim!

Last but not least, Gancrab v4 was created soon after, and unfortunately armed with an abundance of updates, including a brand-new encryption algorithm. Using a microscopic algorithm (TEA) to be undetected, unless you REALLY look or have a program looking out for it specifically, Gancrab v4 is a vicious little bug.

Furthermore all encryptions have .KRAB instead of CRAB. They changed the way the ransomware attack its victims. Now spreading through fake software crack sites, once a user downloads and run a fake “stuffing” crack, the ransomware is then attached to the computer like a leech!

When you finally run this file, your computer is in Gancrab’s clutches.

Steps Gancrab v4 Goes For The Kill:

  •  Using fast (TEA) encryption algorithm to avoid detection, it creates itself a plain file.
  • Once the decryption is complete, Gancrab v4 wastes no time and drop a nasty virus.
  • Checks the list of the following processes obtaining CreateToolhelp32Snapshot API and terminate running programs.
  • Stops any antivirus programs from running.
  • Starts to encrypt victim’s files then delivers a ransom note on the user’s desktop.

How to prevent Gancrab Ransomware:

Computer Support

2) Trojan Glupteba

Not as severe as Gancrab, but this bug is one of the most annoying ones. There are so many variants of Trojan Glupteba, there’s too many to count. We’ll be here all day if we do. So many functionalities this bug entails, its insane.

How can Trojan Glupteba infect your computer? EASY, this bad boy can sneak into your computer data with ease using a file dropped by other malware. It gets away with it too, by pretending to be an authentic software.

Communicating with the user’s IP address, Glupteba gets to know the user pretty well. (whether the user likes it or not). It diverts the traffic towards unknown domains.

If You Have This Happening To You, Contact a Managed IT Service Immediately: Professional Virus Removal

It’s suspicious when you try to visit Facebook but somehow you end up in ostdownload.xyz or sportpics.xyzkinosport.top instead.

How To Prevent Trojan Glupteba:

  • Enable Web and Email filters
  • Browse Safely
  • Regularly Update Your Antivirus Program (Hire an IT professional for a Virus Removal Service)

3) Kuik Adware

Kuik is a simple yet annoying piece of Adware. Some of the worst bugs we’re facing this year. This pesky guy takes the form of a malware & adware. It pretends to be the actual Adobe Flash Player “update”.

Of course when someone notice their Flash Player needing an update, some people don’t think twice and fall victim to Kuik Adware’s clutches.

This obnoxious adware is equip with legimite flash player modules, .exe file named ‘upp.exe’. Once in your computer’s system, it communicates with all established network interface and adds a DNS: 18.219.162.248

Of course, like all the others, starts to collect the user’s data. Then forwards it to it’s hosting domain, kuikdelivery.com.

As soon as the domain reaches the server, it’s game over. It then activates malicious tasks on the system (including Chrome Extension) from unknown sources, crypto miners, etc. etc.

How To Prevent Kuik Adware:

  • Regularly Backup Important Data & Files
  • Update Your Antivirus & Spyware Programs
  • Block Any Spam Email with File Types: exe / pif / url / vb/ vbe/ com/ reg / cer / pst / cmd / bat / dll / dat / hta / js / wsf

4) Magniber Ransomware

Magniber is another vicious ransomware coming your way! Well… mostly in Asia, however, stay on your toes with this one! To be unlucky as to fall victim to Magniber is bad news. Don’t think less about this bug only cause it’s mostly affecting people in Asia, it’s slowly making its way over and the numbers are skyrocketing.

This unique Ransomware is spread through malvertisements.

What’s a Malvertisement? Infected web pages that redirects the user to a Magnitude Exploit kit website. Fun fact, it’s the eldest of most malicious browser toolkits that’s surprisingly still in use today to distribute ransomware. Go figure.

As soon as Magniber Ransomware James Bond’s it’s way into the user’s system, it immediately starts encrypting data. It uses a unique key to crack into your system obtaining what it needs to add further damage.

Once encrypted, it adds .dyaaghemy extension to all the files encrypted.

Towards the bottom on the files, you’ll find a file labeled, “Read Me”. There you’ll find the terrifying ransom note unique to each victim:

“Your documents, photos, database, and other important files have been encrypted!

Warning: Any attempts to restore your files with the 3rd party software will be fatal to your files. WARNING

To decrypt your software you need to buy the special software – “My Decryptor”

All transactions should be performed via Bitcoin network.

Within 5 days you can purchase this product at a special price: BTC 0.35

After 5 days the price of this product will increase up to BTC 0.700”

Creepy right?

The encrypted files are bugged with a unique key. Surprisingly, no patterns visible at first glance. This ransomware is scary as is, however it continues to grow and expand. It’s a major issue in Asia, but, it’s making its way to the US. It’s best to stay on your toes!

If you’re a business experiencing activity like this contact a professional immediately. A Business It Support is something your business need to stay safe as well as stay protected from future danger your computer might undergo.

How To Prevent Magniber Ransomware:

Regularly storing files in a cloud backup is ideal and the perfect backup plan for worse case scenarios. If you have valuable information that needs to be protected by all means, hire a professional managed IT service.

If you’re a business owner, it’s worth while to look into a Server Management service.

5) Thanatos Ransomware

Newer than its counterpart Gancrab, this guy is making its way through the tech world with ease. Remember the ILOVEYOU computer virus some time ago? Very similar.

Some of the most difficult ransomware to decrypt in 2018. It creates a randomly generated key every time for encryption. Which makes this malware hard to catch, and recover.

Soon after, it drops a payload (a.k.a. The all famous ransom note) in the user’s system in the form of the hacker’s favorite: .exe file or .txt file

Which is then set for auto run and opens every time the system is restarted. Thanatos Ransomware will start adding “.thanatos” extensions to infect your files. Soon enough, the user will receive a ransom note on it’s system.

How To Prevent Thanatos Ransomware:

  • Disable macros & Activex when using MS Office products
  • Backup your files & data regularly
  • Update your operating systems & applications

Whether it’s a business computer or a personal computer, running into malicious malware, ransomware or computer virus isn’t on anyone’s to-do list.

When you’ve done all you can, updating your pc’s operating system, updated your current antivirus program, avoid anything suspicious and somehow still fell victim, don’t be ashamed! This could happen to anyone. These malware are designed to trick even the most careful of users.

You won’t be the first victim, nor be the last! Hiring professional Managed IT Service might be something you need this October. It’s towards the end of the year, which is every hacker’s favorite season, right around the holidays.

Keep your PC and business computer safe from malware / ransomware with an antivirus and malware protection plan.

A Virus Removal service will be taken care of by a professional who seen this issue before and will know what to do right away to help save your computer from current / potential danger it might undergo.

3 Ways to Increase Laptop Security While On-The-Go

Laptop Security

1). Physical Laptop Security

When it comes to Laptop Security an often overlooked aspect is the physical security of the device. There are ways to lock your laptop down from outside of the machine. First, be sure that your laptop bag is always on your person, or that you use a padlock to keep the zipper securely closed. Most work benches at the airport have legs that you can easily secure the carry strap to. Or you can utilize a cable lock to secure it to something like a chair fastened to the ground or a building pillar.

Second, always keep a Kensington lock in your bag, and break it out every single time that you use your laptop in a public area. These are inexpensive, and you can always ask your IT provider if they have any spares. Trust us, if you’re showing initiative to protect company assets, your company will listen.

If you are in a hotel, a good way to keep your belongings safe is to put the ‘Do Not Disturb’ sign on the door. If that is posted, then the only foot traffic that should be in your room is your own. If something turns up missing and you and the Hotel are the only people with keys to your room, then this helps narrow down the search for the thief.

2). Laptop Security Software

We’re not talking about computer security like Webroot or Norton here, but something more along the lines of location software. Some examples of this may be Lojack for Laptops if you have a Windows machine, or Find My Mac if you are an Apple user. To help protect your information, these applications will setup passcodes that the thief will have to hack to bypass. Also, they can provide the location of your device if it’s missing or stolen.

3). Lock Screens & Timeouts

This might seem really simple but setting short timeouts on your computer and phone and requiring passwords to unlock can reduce the chance for someone to plant harmful software or steal data.

4). Backup Solution

If, in fact, your device does go missing, you know as well as we do that your work can’t be put on hold. It will continue to pile up – causing a mess of inconveniences – but the world doesn’t stop, even if your laptop is stolen. You need to be able to back up your most valuable data and recover it at a moment’s notice with a legitimate backup solution. And we’re not just talking about a file backup like Dropbox or Google Drive. A truly reliable backup solution allows for virtualizations of your laptop, so you can login to this virtual copy of your machine and it’s just like you’re sitting in front of it again.