The Technology Blog

5 Cyber-Security for the Non-Tech Person

By | Cyber Security, Smartphones & Tablets | No Comments

5 Cyber-Security Tasks for the Non-Tech Person

Technology is constantly changing – new devices, software and cyber threats are continually being introduced. The average technology user does not have the knowledge or the ability to stay current on the latest cyber security needs for their computer, laptop, smartphone or tablet. Many people don’t include all security options available when they set up their device, or fail to update it after the initial setup.  

This is a mistake. Hackers are quick to pounce on easy targets such as non-tech people who don’t properly secure their computers, laptops, smartphones and tablets.

If you fully secure your device, hackers are far more likely to move onto an easier target. There are several basic actions you can take today to secure your device like a pro. These things take minimal work but provide secure protection from hackers and cyber criminals.

Cyber-Security Tasks for the Non-Tech Person - Pros 4 Technology Blog

5 Easy Cyber-Security Tasks that even the Non-Tech Person Can Do

Five Simple Cyber-Security Tasks to Make Your Computer, Smartphone or Tablet More Secure

  1. Use a password manager. Passwords are the ‘locks’ protecting your data.  Strong passwords are unique to each account, sophisticated and randomized. They can be difficult to remember, however. A password manager stores – and will even create – secure, randomized passwords. They save the password and have plugins that will fill in the password for each separate account.  Users only need to remember one password, the ‘Master Password.’ LastPass is one password manager that we recommend and there is a free version available.
  2. Use data encryption at home. Encryption is the process of your computer converting data into random code so that it’s much more difficult for a hacker to use should he gain access to your device. If a device is encrypted, a hacker is likely to move on to an easier target. Most routers have a ‘setup wizard’ to take you through this process. IMPORTANT NOTE: When encrypting your computer, use WPA2 with AES encryption.  Do not use WEP or TKIP. This method is outdated and is no longer secure. AES stands for Advanced Encryption Standard. It is used by the U.S. government and is the global standard in encryption.
  3. Make sure all of your devices have updated anti-virus and anti-malware software installed. This is essential for cyber-security. Most software is inexpensive or free. A simple Google search for ‘malware protection’ or ‘virus scanner’ give you such options immediately. Properly installed anti-virus software constantly monitors your devices and alerts you if a threat is detected. Check out our  blog post about protecting your android device from malware.
  4. Clean off your computer’s desktop. Having files on the desktop puts you at risk for sending sensitive information to the wrong recipient. Review all the files on your Desktop move them to the appropriate drives and folders. This also frees up RAM (random access memory) and can help your computer to run faster.
  5. Perform and/or enable regular software updates. Most computer and mobile device operating systems and software applications receive automated updates from the manufacturer. Don’t ignore requests for system updates or software updates – if it’s a legitimate source click yes, even if you need to schedule it for a more convenient time. Many updates are security patches rolled out to help combat the most recent cyber threats. Most devices update automatically or ask if you want the latest updates. Sometimes updates are not automatic, so we recommend proactively checking for updates yourself each week.
    1. If you have a Windows operating system, there will be a search box either at the bottom toolbar or in Settings. Search for ‘Updates’ and your computer will direct you to a page where you can check for updates.
    2. Mac software updates can be performed by clicking on the Apple Menu, selecting ‘Updates’ and making sure the the ‘Automatic Updates’ box is selected. There is also a ‘Check Now’ button that enables you to do your own weekly checks.

These essential cyber-security tasks are easy enough for most users to do. If you have questions or need help call the Pros 4 Technology at 920-400-1279 and we’ll help make sure all your devices are secured.

Backup Your Computer, Tablet and Smartphone Data

By | Cyber Security, Smartphones & Tablets | No Comments

Backup Your Computer, Tablet and Smartphone Data

If you own a computer or smartphone, your life is probably on it. Personal photos are important, but your devices also store sensitive information such as account information, credit card numbers, tax returns, and passwords. We often store data on cloud drives, such as Google Drive and iCloud, especially for smartphones and data-enabled tablets.

Anything stored online or on an internet-connected computer can be vulnerable to a hacker attack. Cybercriminals can remotely steal and wipe data from your devices if they are not properly secured. Read about 5 cyber-security tasks for non-tech people.

Data can also be at risk on the hard drive of your computer, tablet or smartphone, even if it’s not internet connected. Computers crash occasionally, which can corrupt or even wipe your data. Backing up data ensures that if a cyber-attack or hard drive crash happens, you can easily restore your data.

Backup computer data to external hard drive. Pros 4 Technology Blog

Backup computer and smartphone data to an external hard drive or secure, cloud-based service.

Two critical things can help keep your data secure:

  1. Frequently backup your data to an external hard drive. How much data are you willing to risk losing? One day? One week? This will determine the frequency of your backups.
  2. Encrypt all data on your device. Make it really difficult for a hacker to steal your data, and most will move on to an easier target, even if they do gain access.  

Backup Your Data to an External Hard Drive

An external hard drive can provide a secure place to store your backups on site. You should also consider automated offsite backup through a cloud-based service in addition to an external drive. For external hard drives, both Windows and Macs have software that easily allows you to backup data:

  • For Windows, connect the external hard drive, Select ‘Settings’ and turn on the ‘File History’.
  • On a Mac, once the hard drive is connected, open ‘System Preferences’ and turn on ‘Time Machine’.

Encrypt Your Computer Data

This is an important step to take after backing up your data.  Criminals do steal hard drives, knowing people backup their data. If they steal an encrypted hard drive, they will find it difficult to get any data.  It is securely password protected. Read our blog post on how to create secure passwords.

Cybercriminals need to work fast, so if your data takes too long to steal, they will typically move on to an easier target. Encryption and regular backups will help ensure that your personal data is safe from cyber-attacks, computer crashes or even theft.

How to Avoid Fake Check Scams

By | Scams | No Comments

How to Avoid Fake Check Scams

Con artists rely on two basic principles: people love the promise of easy money and they are ignorant of everyday financial transactions.  In the case of check or money order scams, they know people are excited to receive a large check in the mail. They also know that very few people understand the process or rules of wire transfers.

What Are Check Cashing Scams?

Money transfers done through checks, cashier’s checks or money orders are extremely hard to track. The process is slower than the transaction, so scammers use this to their advantage.

Banks will deposit a check and release the funds within a day or two. Unfortunately, it can take weeks to discover that a check is counterfeit. Scammers hope the promise of easy money will make victims deposit the checks immediately and send the “overpayment” back to them as requested. Weeks later, the check the victim received bounces. The victim is then liable for the money sent to the scammer. Learn more in our blog post about advanced fee fraud.

Fake check scams are a form of advanced fee fraud. Pros 4 Technology Blog

Fake check scams are a form of advanced fee fraud. Never refund money to someone you don’t know who has written you a check!

Online Purchase Check Scams

Con artists sometimes target people selling an item on sites like eBay or Etsy, purchasing the item and sending a fake check, written for an amount greater than agreed upon. The unsuspecting seller deposits the check, mails the item and sends the difference back, losing not only the money, but also the item they ‘sold.’

Scam Job Offers by Email

In a typical scam job offer, the victim agrees to perform certain work, for which the scammer pays them by check through the mail. When work is done, the ‘employer’ sends a check for a significant amount (sometimes thousands) over the agreed upon pay. The scammer conjures an excuse such as wanting the ‘employee’ to buy supplies, pay taxes or run an errand. With apologies, he or she asks the victim to deposit the check and return the difference.

Fake Contests

Fake contests usually involve an unexpected notice of winning a significant amount of money. The victim is asked to simply pay the taxes, insurance or fees on their winnings and then the scammer will send their money. The Federal Trade Commission urges consumers to throw this mail away immediately.

Four Ways to Avoid Check Cashing Scams

  1. Don’t send money to people you don’t know, even if they claim to be an employer or buyer.
  2. Do not share personal information (birth date, account numbers or passwords).
  3. Never prepay anything on monetary awards.
  4. Avoid dealing with someone who sends you a check for more than the agreed upon amount.  Stop the transaction immediately.

If you think you are being targeted by a fake check scam, don’t send the scammer money! Report the incident to the Better Business Bureau.

How to Stay Safe on Public Wi-Fi

By | Cyber Security, Smartphones & Tablets | No Comments

How to Stay Safe on Public WiFi Networks

We regularly connect with public WiFi networks when away from work or home: at the airport, in a coffee shop, even in our dentist’s office.  The public networks are for everyone. However, users should remember this can include hackers. Your devices are vulnerable to attacks on these Wi-Fi networks. Even if the network requires a password, it is still shared with others.

Here are 8 things you can do to boost cyber-security on a public WiFi:

  1. Disable sharing on your device.  Check the settings to make sure it is disabled.  This is the default on most public networks but always double check.
  2. Use a Virtual Private Network, or VPN. This program ensures anonymity while on a public network. You can use open source software (openvpn) or vpn private, which is  purchased for an added layer of privacy. There are unique benefits to both openvpn and vpn private. Contact us to learn more about setting up a VPN.
  3. Avoid using websites with sensitive information, such as bank and credit card accounts, which can be hacked on a public network. Wait until you are on a secure network like your home or office to log into such websites.
  4. Remove private information from your device before using a public network. Get rid of files with any connection to your bank account or social security number. If you must access these accounts, use remote access software provided by your business.
  5. Prevent physical theft of your device. Be aware of your physical surroundings. Hackers can simply steal devices and take data off them. Keep them on your person or within eyesight and reach at all times.
  6. Use a firewall and the updated anti-virus software. Also known as a packet filter, a firewall monitors incoming traffic to your computer and blocks unknown or potentially dangerous cybercriminals. Keep your antivirus software up to date.
  7. Authenticate your public connection. Hackers often create fake Wi-Fi hotspots to trick unsuspecting users into logging on so they can steal their data. Never just connect to the nearest open network.
  8. Only use websites with a Secure Sockets Layer (SSL). This is an extra layer of internet security. An easy way to check for the SSL is to look at the site’s URL (address).  Websites starting with ‘https’ have an SSL. Those starting in ‘http’ (without the ‘s’) do not.

 

How to stay safe on public wi-fi. Pros 4 Technology Blog

Free public wi-fi comes with its share of risks, including hackers who are waiting to steal your data.

Cybersecurity is only as strong as its weakest link. Make sure your device is protected before connecting to a public Wi-Fi network to keep your data safe.

Protect Yourself From Identity Theft

By | Cyber Security, Identity Theft | No Comments

Protect Yourself from Identity Theft

Common sense used to be the best way to protect yourself from identity theft. Collect mail in a timely manner, store your social security card in a safe place and shred sensitive documents.
Today we live in a digital world. An identity thief can drain our bank account in seconds if our data is not secure. If you don’t catch it quickly, it may be too late to recover the stolen funds.  According to LifeLock, 1 in 4 people has been affected by identity theft online. This year alone, 15 million people lost an estimated $16 billion in identity theft scams.

Five Types of Identity Theft

There are multiple ways our identity can be stolen.  The four common types of identity theft include:

  • Child Identity Theft
  • Tax Identity Theft
  • Medical Identity Theft
  • Senior Identity Theft
  • Social Identity Theft
Protecting Yourself from Identity Theft - Pros 4 Technology Blog

An identify thief can drain your bank account in seconds.

Four Ways to Protect Your Identity Online

Identity thieves are always coming up with new ways to access your personal information. There are four important things you must do to protect your identity. If your account is more secure, a hacker usually moves on to an easier target. Here are the best things you can do to protect your identity:

1. Prioritize Passwords

  • Use a password manager like LastPass to store unique, randomized passwords for all your logins. Learn more about effective passwords in our recent post, How to Create Secure Passwords.
  • Use two factor authentication whenever it’s available. Examples would include a code texted to your smartphone, or the security questions a bank uses for your account, after you input your password. For security questions, use answers only you would know, ones that a hacker could not find online.
  • Use passphrases instead of passwords. Longer passphrases are harder to crack, and hackers will typically move on to an easier target.

2. Go paperless where you can – Anything in your mailbox can be stolen more easily than online. Shred every paper document with your personal information before you discard it.

3. Monitor your credit reports and bank statements. If credit fraud isn’t caught right away, often the account owner is liable for payment. The latest tax scam involved hackers stealing tax information and placing small amounts of money into the bank account, mimicking a refund.  If anything is off, notify the bank or credit monitoring system and they can reverse charges. If you have been compromised, there is assistance. Report fraud immediately. The federal government provides the website Identitytheft.gov to help victims of identity theft.

4. Don’t trust – verify.

  • Before you respond to an email, expand the details of your recipient. If the “from” email address does not have the same domain as the organization, it is likely a scam.
  • Before entering any personal information onto any website, verify that the website is legitimate. Google search the company name. Illegitimate websites may be flagged by users or even mentioned in articles on internet security.
  • Check the website security status to the left of the URL. A secured site has a padlock icon left of the URL, like the one our website.

Identity theft can happen to anyone, online or from your mailbox. It seems counter-intuitive, but properly protected online data is safer than what’s in your mailbox. Awareness and vigilance are the best identity theft protection.

How to Create Secure Passwords

By | Business Network Security, Cyber Security | No Comments

How to Create Secure Passwords

Strong Passwords are Essential to Prevent Identity Theft

We need passwords to protect our personal information online, from email, to Facebook, to our bank and credit accounts and much more. Unfortunately, many people overlook the importance of a strong password, in favor of something easy to remember, using their name, birthday or even the word ‘password.’ All too often, the same weak password is used for every account.

Having your password stolen isn’t just an inconvenience any more. These common password mistakes can cost you your identity.

Stealing Passwords is Automated Now

Hackers can effortlessly perform brute force attacks on your internet connected devices and online accounts to steal passwords. Using automated software, their computer guesses every possible password combination in a matter of seconds or minutes. When your password combination hits, they gain entry.

The initial attack will often attempt passwords generated from names, birthdates and other personal information, which are commonly used because they’re easy to remember. If that’s unsuccessful, many programs can simply attempt every possible key combination. It can take as little as 8 seconds to crack a weak 6-character password.

However, if your password is at least 8 characters with a mix of lower and upper-case letters, it can take up to 10 days to crack. Add numbers and special characters to the mix and your password becomes very difficult to hack. Most hackers will move on to an easier target.

Use secure passwords to help prevent identify theft - Pros 4 Technology Blog

Use and manage secure passwords to protect yourself against hacking and identity theft.

How to Create and Manage Strong Passwords

Password Do’s

  • Use a different password for every online account.
  • Change passwords on a regular basis.
  • Change passwords if you suspect someone has access to your account or you’ve been hacked.
  • Use at least one of each of the following in all passwords:
    • Uppercase Letters
    • Lowercase Letters
    • Numbers
    • Special Characters

Password Don’ts

  • Don’t enter less than 8 characters unless you are limited by the account login.
  • Don’t use any personal information (birthdates are popular targets).
  • Don’t use words found in the dictionary – the more random the character combination, the better.

Use 2-Factor Authentication to Strengthen Login Security

Enable 2-factor authentication wherever it’s available for your sensitive logins. This step requires you to enter a unique code that is texted to your phone when you enter your password, and can prevent most hackers from gaining access, even if they do discover your password.

Use a Password Manager

You no longer need to remember or keep long lists of passwords. Password managers can store all of your passwords, and automatically generate new, much stronger ones than you would create yourselves. You only need to keep track of one strong password, and you can enable two-factor authentication to boost your login security even more. One of our favorite password managers is LastPass.

Protecting Your Android Smartphone or Tablet from Malware

By | Cyber Security, Smartphones & Tablets | No Comments

How to Defend Against Malware on Android Smartphones & Tablets

Google Android is the most commonly used operating system (OS) on smartphones. But it is also the most frequently attacked OS by malicious software, or malware. This can take the form of computer viruses, worms, Trojan horses or spyware. Apps can be created by any user online, including hackers, who can secretly embed malware to infect users’ phones.

Android smartphone apps can be infected with devastating malware and viruses.

Android smartphone apps can be infected with devastating malware and viruses. Investigate before you download!

Here are several things you can do to help protect your Android smartphone or tablet from malware:

  1. Download apps only from the Google Play Store . Google has an entire tech department dedicated to investigating apps and hunting down malware. The occasional bad app will slip through their net but it’s far less risky than downloading smartphone apps anywhere else.
  2. Scrutinize app reviews and ratings. You want an app that has 5-star ratings and positive reviews, but hackers can fake this information too, using a Trojan horse. Check for repeated and/or very short reviews – this can indicate fake content.
  3. Investigate the app’s creators. Businesses evaluate the developers of the apps they use. This is good practice for your personal devices as well. Research them online. Often a bad app will be flagged on a message board before it’s pulled from the app stores.
  4. Examine app permissions. Each app will request to access certain functions of your device. Think twice about downloading the app if permissions are attached to personal information, and make sure the access requested correlates to the app. If you are downloading a calculator app, why do they need to access your camera? Some of the riskier permissions to allow are:
    • Saving your data
    • Taking photos
    • Recording audio

Extra attention to these details will reduce the risk of malware attacks to your Android smartphone or tablet.

Four Ways to Secure Your LinkedIn Profile

By | Cyber Security, Email, Social Media | No Comments

Network Safely Online – Secure Your LinkedIn Profile

LinkedIn is the top name in professional networking and deservedly so.  Users have found jobs by posting their resume, expanding contacts and reaching out to obtain that dream job.  It’s Facebook for business professionals.

Many people forget, however, that it’s still an online network that requires personal identification information (PII) to form a profile.  LinkedIn is just as susceptible to security breaches and identity theft as any other social media platform. As recently as 2016 the site was hacked, affecting users with weak profiles and inadequate privacy settings.

The job search is stressful enough.  Using job search tools shouldn’t be. Four key actions can be taken to help secure your LinkedIn profile.

Secure your LinkedIn profile to network more safely online

Secure your LinkedIn profile and be wary of unusual connection requests and emails.

 1. Beware of Fake LinkedIn Connection Invitations

It’s flattering when a CEO wants to connect with you.  But if you don’t know the person, don’t connect.  Hackers create fake profiles to impress and connect with you so they can steal your PII. These things should make you suspicious of a connection invitation from someone you don’t know:

  • Spelling and/or grammatical errors
  • A name or photo of someone you don’t recognize
  • Job profile that doesn’t fit with the timelines on their job history

Bottom line, read their profile carefully and consider searching for the company’s website before accepting their invitation.

2. Be Wary of Phishing Emails

Those emails LinkedIn sends you notifying of job changes, job recommendations and connection invites? Most are real.  But hackers can fake those too. Never click an email link before verifying the sender. Also, take note of the following red flags:

  • Spelling and/or grammar issues
  • Your familiarity with the sender – is their identity questionable?
  • Links – Hover your cursor without clicking over links in the email. This shows you where the link actually goes. If it’s not what they say it is, its a scam. Don’t click!

3. Create Strong Passwords for Your Social Media Accounts

Creating and regularly updating strong passwords is essential for ALL of your online profiles.  LastPass is a password manager app that automatically generates strong passwords, and only requires you to login once. It fills in the specific, unique password for each of your online network profiles so you don’t need to remember them.  Repeatedly using a single password for all networks is a common security mistake that opens you up to hacking across all your online profiles.

4. Use Two-Factor Authentication

LinkedIn offers two-factor authentication for all users – you simply need to set it up. This is the single most important step in securing your account. Use the following steps to add this security feature to your profile:

  • Access your profile and scroll to the bottom.  Click the link that says ‘Manage your account and privacy.’
  • Under the ‘Login and security’ section, click ‘Two-step verification’ and enter a mobile phone number where LinkedIn can send you a security code by text message.  Enter this in at the prompts to turn the Two-step verification on.

These few extra steps can dramatically improve your profile security. You can make professional networking and the job search less stressful knowing that your identity is more secure in your online profiles.

Fake IRS Refunds: The Latest Tax Scam

By | Uncategorized | No Comments

Fake IRS Refunds: The Latest Tax Scam

Each year, the IRS publishes the ‘dirty dozen,’ a list of the top twelve scams hitting taxpayers. Making this year’s list is the false tax refund scam. A growing number of identity thefts are from tax preparers with lax data security. Regardless of how they access your personal information, the scammers file a fake tax return in your name and then put a REAL refund into your bank account.

The False Refund Tax Scam

The scammer contacts you, posing as a law enforcement officer or IRS agent. The person claims the refund was a mistake and must be paid back. Hackers have even developed automated messages threatening their victims with arrest warrants, criminal charges or social security blacklisting if the refunds are not sent back. These calls usually give a case number and phone number where you can return the money. Don’t fall for it.

Keep an eye on your bank account this tax season. If you see a refund amount different than what’s on your filed tax return, take action according to the type of refund:

  • Direct Deposit – Contact the Automated Clearing House of the bank where the direct deposit was sent.
  • Check – Write ‘VOID’ on the endorsement line on the back of the check. Immediately return it to the IRS location listed on the check. The city will be listed on the bottom text line, in front of the words ‘tax refund’. This IRS Scam Alert article lists IRS mailing addresses for returning paper checks. If you’ve cashed the check, you will need to contact the office to repay it and inform the IRS of the scam.

How to avoid the false refund scam?

  1. Ask your tax preparer about their data security. The IRS publication, Safeguarding Taxpayer Data, outlines their legal requirements and data security best practices.
  2. File as early as possible. This has shown to reduce the likelihood of fraud.
  3. Monitor your bank account for a refund deposit amount that doesn’t match the return you filed.
  4. Don’t cash a refund check unless it matches the return you filed. Return it to the IRS and alert them to the discrepancy.
  5. Be suspicious of email from the IRS. This is almost always a scam. The IRS does not contact taxpayers via email.

What is a Social Engineering Attack?

By | Business Network Security, Cyber Security, Email | No Comments

What is Social Engineering?

In a social engineering attack, a cyber-criminal uses human interaction (social skills) in email messages, phone calls, or unannounced personal visits. This cyber attacker may be respectful and seem to be perfectly legitimate but will use psychological manipulation to trick victims into making security mistakes or giving away confidential information. He or she might claim to be an employee, repair person, researcher, or sales representative, and may even offer credentials. Regardless of how they contact you or who they pretend to be, this type of cyber-criminal has one goal: to obtain or compromise sensitive information about your organization or its computer systems.

Social Engineering Attacks Leverage Human Error

Social engineering attacks are especially dangerous because they rely on human error, not vulnerabilities in operating systems or software programs. By asking what may seem to be innocent questions, the cyber-criminal may be able to piece together enough information to infiltrate your organization’s network. The attacker will be persistent! If unable to gather enough information from the first source, he or she may contact another source within your organization, then use information obtained from the first source to bolster his or her credibility and build trust.

Social Engineering Attacks leverage human error to gain access to sensitive company information | Pros 4 Technology Blog

Social engineering attacks leverage human error to gain access to sensitive company information.

Social Engineering Attacks – Do’s and Don’ts

To avoid being the victim of a social engineering attack:

  • DO be suspicious of unsolicited email messages, phone calls, or visits from individuals asking about employees or other internal information.
  • DO try to verify the identity of an unknown individual. Directly contact the company the individual supposedly represents using a phone number or email address you know to be valid.
  • DO install and maintain anti-virus software, firewalls, and email filters to cut down on questionable traffic.
  • DO take advantage of anti-phishing features offered by your email server and web browser.
  • DO pay attention to website URLs. Though a malicious website may look identical to a legitimate site, the URL may use a variation in spelling or a different domain.

If anything at all about individuals or their questions seems suspicious:

  • DON’T respond to requests for personal or financial information.
  • DON’T click on links in email messages.
  • DON’T use contact information that’s provided on a website connected to the request.
  • DON’T send sensitive information over the internet before checking a website’s security.

Find more information on how to avoid being a victim of a social engineering attack on the U.S. Homeland Security Website.

I Think I’m the Victim of a Social Engineering Attack – What Should I do?

If you think you have revealed sensitive information about your organization:

  • Report it to network administrators and other appropriate personnel so they can be alert for suspicious or unusual activity.
  • Contact financial institutions immediately if you think accounts may have been compromised.
  • Promptly change any passwords you may have revealed. If you used the same password for multiple accounts, change it for each account. Don’t use that password in the future.
  • Close any accounts that may have been compromised.
  • Watch for unexplainable charges to accounts.
  • Report the attack to the police or government agency responsible for cyber-crimes, such as: