IT Security Tip #36: Working from home? DON’T! Until you read this…

If you plan on catching up on some work from home AND you’re using a personal device such as a smartphone or personal laptop – DON’T! Unless your personal device is monitored by us, you could accidentally introduce a virus to the company’s network.

ONLY devices that are under our vigilant watch of patching, updating and monitoring should be used to work remote. Side Note: We can set up a way for you to work from home securely; call our office if you would like us to set that up: 505-792-2375.

 

IT Security Tip #37: Use STRONG passwords!

Thanks to powerful brute-force-attack software readily available online, hackers can try tens of millions of possible password combinations per second. For example, hacking software can guess a five-character password in under three hours. If you only use lowercase letters, it’s 11.9 seconds.

You KNOW you need to have a better password than “password” or “letmein” if you have any hope of keeping hackers out of your PC; but what does a “strong” password mean? A good password should be at least eight characters long (or longer!) and have a combination of uppercase and lowercase letters, numbers and symbols that are hard to guess. Don’t use dictionary words with proper capitalization because they’re easy to guess (like Password123#). Even though it meets the requirements we just discussed, it’s easily hacked; remember, hackers have sophisticated password-hacking software that will run 24/7/365. If you want a quick tip for remembering your password, use a phrase and insert letters and numbers into it, like $h@KeNb8ke.


IT Security Tip #38: If this type of alert pops up, DON’T click on it!

You’re working at your computer when all of the sudden – BAM! – you get a pop-up notification that your PC is infected with a virus and you must “click here” to run a scan or install antivirus software. This is a common scareware tactic used by hackers to get you to click and download a virus. (You should know we would NEVER deliver that type of pop-up to you!)

Often it will appear to be a system alert or a Microsoft operating system alert. Regardless of how legitimate it looks, NEVER click on the site or the pop-up. The safest thing to do is close your browser; do not click on the X, “Close” or “Cancel” button in the pop-up or on the site because clicking on anything on the page or pop-up will trigger a virus download. If that won’t work, bring up your task manager (hold Control + Alt + Delete on a PC and Command + Option + Esc to “Force Quit” on a Mac) and close the web browser or application where it appeared. Next, notify your IT department (us!) that this has happened so we can double-check with a legitimate scan if your computer was infected.

 

IT Security Tip #39: How to foil ransomware

Not too long ago, the CryptoLocker ransomware virus was all over the news, infecting over 250,000 computers in its first 100 days of release (at least that’s the number reported – the real numbers are probably MUCH higher). The threat was fairly straightforward: Pay us or we’ll delete all your data.

Ransomware, like the CryptoLocker attack, works by encrypting your files to prevent you from using or accessing them. After your files are compromised, the hackers behind the attack then pop up a demand screen asking for payment ($400 to $2,000) within a set time frame (e.g., 72 hours or three days) in order to get the key to decrypt your files. The last CryptoLocker virus forced many business owners to lose data or pay up since there was no other way to decrypt the files.

Obviously the best way to foil a ransomware attack is to be incredibly diligent about IT security; but with hundreds of thousands of new attacks being created daily, there are no guarantees that you won’t get infected. Therefore, it’s critical to maintain a full, daily backup of your data OFF-SITE so that IF you do get whacked with ransomware, you can recover all your files without having to pay a thin dime; and don’t forget to back up off-site PCs, laptops, remote offices and third-party software data stored in cloud apps as well!

 

IT Security Tip #40: How to spot a phishing e-mail

A phishing e-mail is a bogus e-mail that is carefully designed to look like a legitimate request (or attached file) from a site you trust in an effort to get you to willingly give up your login information to a particular website or to click and download a virus.

Often these e-mails look 100% legitimate and show up in the form of a PDF (scanned document) or a UPS or FedEx tracking number, bank letter, Facebook alert, bank notification, etc. That’s what makes these so dangerous – they LOOK exactly like a legitimate e-mail. So how can you tell a phishing e-mail from a legitimate one? Here are a few telltale signs…

First, hover over the URL in the e-mail (but DON’T CLICK!) to see the ACTUAL website you’ll be directed to. If there’s a mismatched or suspicious URL, delete the e-mail immediately. In fact, it’s a good practice to just go to the site direct (typing it into your browser) rather than clicking on the link to get to a particular site. Another telltale sign is poor grammar and spelling errors. Another warning sign is that the e-mail is asking you to “verify” or “validate” your login or asking for personal information. Why would your bank need you to verify your account number? They should already have that information. And finally, if the offer seems too good to be true, it probably is.