Posted on

Five Ways to Avoid Hotel Phishing Scams

Seeing headlines about yet another hotel hacked have become commonplace and statistics are looking grim. A staggering 64% of US citizens have already had to deal with stolen data. Hotel phishing has become way too common.

Hotels are the perfect targets due to the amount of sensitive data they are processing each day and the tech they are using. Lots of high profile breaches that have happened lately signal that many of them do not have the right cybersecurity solutions in place. 

Hotel phishing scams are a common attack, and Verizon’s 2019 data breach report shows that out of all the data breaches detected, 32% involved phishing. 

What’s even more worrisome, 56% of those breaches weren’t discovered for months

Avoiding attempts of such scams is impossible, but lowering the risk of becoming a victim is. Here are five ways to detect and avoid phishing scams.  

#1 Staff Training 

Hotels often skip cybersecurity training because they wish to invest in other areas, yet a single successful phishing scam can lead to a breach that will tank their reputation and customer trust, which results in high fines.

Because emails are the primary trajectory attackers are using for their hotel phishing scams, it’s important that your employees are able to recognise such scam attempts right away. 

A single click is enough to infect the system. The same report from Verizon gives insight that internal actors were responsible for 34% of breaches. Every misclick will result in having your hotel hacked again and again.  

Cybersecurity training for the hotel staff must be a top priority. 

When staff members know how to detect a suspicious email, check the sender and double-check all domain names, the risk of them clicking on it becomes considerably lower. 

#2 Have an External Mail Warning System 

Creating a hotel phishing email is easier than ever, as people are more than willing to share their personal information online.

A well-constructed phishing email can look like a genuine company email from a well-known staff member.

An external email warning system helps identify suspicious emails by displaying a warning when the email originates from an external source. 

This will prompt the staff to double-check the sender and the actual address before opening the mail or clicking the link and report the suspicious email to the IT office. 

#3 Implement a Sandbox

Sandbox in IT is basically a completely isolated environment that fools malicious code into thinking it got access to actual systems. 

Sandboxes are used to test links and attachments and execute them without risking the security of your network. 

If the system detects malicious code or link, it will show a warning and remove the attachment/link so the user and systems stay safe. 

#4 Keep Your Network Secure 

Have antivirus, antispyware, and malware software on your network and all devices, as well as commercial firewalls. 

Keeping your main network inaccessible to outside devices will reduce the vectors of attack.

Have a different network for your guests, and keep all personal IT devices from your staff on a separate network too. 

#5 Stay Informed About Phishing Techniques & Have Procedures In Place

New phishing scams appear all the time, so make sure your IT department follows all new developments closely.  Ask them to regularly send internal newsletters on threats and distribute them to everyone.

Plus, make sure you have strict procedures in place when it comes to payments and authorising new transactions. For example, change of details must be confirmed by a vendor over the phone (rather than email), requests for money are escalated to a higher management level, and links aren’t clicked on unless they are expected.

Hotels Must Be Hypervigilant

The reason why so many hotels fall victim to hotel phishing attacks is the lack of updates to their systems, operations, and standards. 

When coupled with lack of staff training and monitoring solutions, a data breach might already be in progress without them having the slightest clue about it.

Posted on

Steps To Respond To a Ransomware Attack

steps after a ransomware attack

Cybersecurity is an important topic for any business now. In the last 12 months, 32% of businesses experienced some sort of cyber attack or data breach. That means that every third business had to deal with a cyber-attack, according to the Cyber Security Breaches Survey 2019 by the UK Department for Digital, Culture, Media, and Sport. It goes without saying that every business should prepare for a ransomware attack and other types of cyber-attacks.

Keeping your assets secure against cyberthreats needs much more than installing firewalls and anti-virus software. Today’s cyber threats are sophisticated and use every possible loophole in your security settings to get access.While there are different types of attacks, ransomware is one of the most malicious attacks businesses have to deal with. 

What’s a Ransomware Attack? 

Ransomware is a type of attack where malicious software (malware) takes over a computer or whole systems and denies any type of access until you pay a ransom. The ransom demand usually requires payment in cryptocurrency like Bitcoin, as it’s impossible to trace it. 

It is one of the most dangerous types of attacks, as it can stop a business dead in its tracks. In case the ransom is not paid, all data will be deleted from the system. 

This is bad enough if it happens to an individual. Imagine this happening to your company – you will lose all business and operational data, and you’ll have to start all over again. Some businesses never recover.

Preparing for a Ransomware Attack

The bad news with ransomware attacks? It can happen to anyone, and once it does, there’s not much you can do. 

But you can prepare for it. Here’s how: 

Data backup should be your number one priority.

It can save you thousands and millions, but it has to be done right by protecting your data storage properly. Ransomware attacks are carefully executed and attackers will often have access to your systems for months before they attack. 

Why? Because they want to make sure they hijack everything, including any possible backups you might have. 

This is why you should keep backups on another location. It would be best to have backups in the cloud but also have at least one backup offline – completely disconnected from any network – as even cloud backups can sometimes be affected.  

Make sure IT keeps all systems and software up to date.

Although updates are often a hassle, they exist for a reason. Most updates are released to take care of security vulnerabilities. When software and operating systems are not updated, you are basically inviting hackers to access your systems. Your IT department should ensure every device is up to date. 

Start implementing user restrictions.

Not all of your employees need access to all your data. Ask your IT provider to implement user restrictions so that your employees have access only to data they need. In case they need more, they can request special and temporary access that is revoked as soon as they don’t need it anymore. This way, in case their accounts are compromised, the breach will be limited. 

Invest in monitoring software. 

You can get powerful software solutions that can monitor your whole systems for suspicious activity. This goes beyond the regular antivirus monitoring – it can monitor what users are doing, what data they are accessing, and alert you in case something is out of the ordinary. 

Don’t forget about employee training.

No matter what type of security software and solutions you utilise, if your employees are not aware of best practices on cybersecurity, you’re always just one bad click away from a ransomware attack. Make sure your employees know how to spot suspicious email, and know that they should never click on the links in such emails or download attachments.  

Work on your BYOD policies.

Many businesses, especially small- and medium-sized ones, often allow employees to bring their own devices (BYOD) to work. Without a good policy in place, however, this becomes a security issue. 

If an employee brings an infected device and connects it to the same network, you’re looking at a possible spread of infection – and ransomware – to all other devices and the whole system. Because of this, any device connecting to your system should be up to date, have antivirus software, and be cleared by the IT department regularly. This goes for smartphones too.

First Steps After a Ransomware Attack 

1. Take a photo of the note

This will help the IT determine what type of ransomware you’re dealing with. 

2. Determine the extent of the attack 

Your IT provider should be able to determine whether the ransomware has infected a single device, or if the infection is spreading through your network.

3. Isolate infected devices and disable sharing

All infected devices should be removed from the network to stop the spread. Any type of sharing that’s active should be shut off immediately. 

4. Notify employees

Send an email to all employees so that they can report whether their devices are working. Those who can work can continue, but those affected can help in other areas while IT deals with the issue. 

5. Let IT remove ransomware from infected devices 

IT should scrub the devices that were infected completely. Sometimes, a local backup on the device can solve the issue, but oftentimes, even that will be unavailable. 

6. Restore data from backups

Once you reinstall the operating systems, your IT can restore data on affected devices from a cloud or offline backup.

To Pay or Not to Pay? 

If you’re not prepared and have no backups, you might be tempted to pay. Take this year’s ransomware attack on the City of Baltimore’s government. Their systems were infected by ransomware that stopped numerous important systems: ATMs, airports, even hospitals. 

The attackers demanded the city pays about $76,000 in Bitcoin. The city refused to pay, only to realise many of their systems weren’t backed up. They lost huge amounts of data, and the attack ended up costing them $18 million

It seems that in the case of Baltimore, it would have been much better if they simply paid the ransom. Well, not really. 

Why? 

You’re dealing with criminals. Even if the city paid the ransom, there’s no guarantee that they would have gotten the access back. If they did, they would have become a prime target for future attacks too, since they paid the ransom already. This is why it’s so important to prepare – it will minimise damages.

Conclusion

Everyone’s at risk of a ransomware attack. Preventing it is next to impossible, but preparing for it is more than possible. Your IT provider should back up your data regularly, and you should make sure your employees know how to spot suspicious phishing attacks. When you prepare for a ransomware attack properly, you can minimise the impact of such an attack and save you from monetary and reputation damage. 

Posted on

7 Ways to Protect Yourself From Social Engineering Hacks

7 Ways to Prevent Your Social Media Being Hacked

Human interaction is the element that makes social networks so great, and businesses use it to connect with their user bases on an individual level. This human connection is also a vector used by hackers to get access to classified information, as well as access to internal networks and data. Such techniques are known as social engineering hacks.

Social engineering hacks is when hackers present themselves as trusted and friendly individuals or businesses to get their targets to disclose privileged and sensitive information. This tactic requires lots of research on the target to be successful, and the attack if often specifically aimed at individuals who have low-level access within their organisation, as this is enough to get access to everything else once they are in.

Research and reconnaissance include scanning the targets online behaviours and patterns, and social media accounts are a treasure trove of information. This is why it’s so important that all employees keep their social media accounts secure. The following seven tips will help keep social media accounts safe from hackers:

#1 Avoid Taking Part in the Things that Have Your Personal Details

Do you know all those various quizzes that “analyse” your social media account to tell you which “Game of Thrones” character are you most like, or tell you what kind of salad you are? How about some extensive personality tests that ask you to disclose super specific information about yourself to tell you what type of personality you are?

Always make sure to check what type of information you reveal and authorise access to. Many of them will require you to allow access to all your online images, your whole friend list, or your bio and personal information that might include phone numbers and emails. Only use such things if you can be 100% sure that the information you share will be used solely for marketing purposes and not compromise the security of your account.

Do you remember the story about an Android flashlight app that just asked for too much access? This is exactly how your data could become available to hackers and used against you.

#2 Increase Your Password Security

Password strength is what makes or breaks the security of your social media accounts. First of all, make sure to use a strong password. The holy trinity of strong passwords is a combination of the following:

  • Lower- and uppercase letters
  • Numbers
  • Special characters

Have at least 8 or more characters in your password, and never use personal details and information like your kid’s names or birthdays in your passwords, as this makes access easier. To minimise the risk of being hacked, change your password regularly and never use the same password for multiple accounts. If you have trouble remembering all your passwords, use a trustworthy password manager instead.

#3 Understand Your Privacy Settings

Once something is on the web, it stays there forever. Your online behaviours can be tracked, and most people don’t think they are valid targets to be tracked online, so they will reveal too much on too many public places.

Imagine sharing your personal or work email, where you live, or images of your kids and your home to any stranger you meet on the street. It would be quite reckless, wouldn’t it? This is exactly what many people are doing online when they don’t think about their privacy settings and post publicly on their social media accounts.

When using Facebook or any other social media site, make sure to limit your posts and images to your friends only. If you wish to share something publicly, always ensure that it can’t be something used to get access to your accounts or to follow your actions online. Also be wary of friend requests from people you don’t know. Chances are, at least one of them might just be trying to get access to your information.

#4 Up Your Account Security

A strong password is just a first step towards a safer account. Wherever possible, use additional security in form of two- or multi-factor authentication (2FA or MFA) – they will ask you for an additional code that’s generated just for you once you type in your login credentials. This way, if someone manages to crack your password, they will not get any further because they won’t have the code they need.

#5 Use Quality Antivirus Software

Make sure to have good antivirus protection on your PC. Your antivirus must not only regularly scan your PC, but also monitor your online activity. Such suites will immediately let you know if there’s an infected link or attachment in your emails. It can also scan social media messages and quarantine it before you could click on it by mistake.

#6 Only Install Apps from Trusted Sources

Since there’s limited access to good antivirus software for mobile phones, stay safe by only installing apps from trusted sources. Examples of trusted sources are Google Play and Apple’s App Store. Apple, in particular, is very strict when it comes to what apps are allowed on their store. They do a full scan and inspection of every app before it can be approved and published in their store.

#7 Log Out of Devices and Close Old Accounts

If there are some accounts you are not using anymore, it doesn’t mean they are safe from hackers. Always close all old accounts you are not using anymore. This way, you make sure hackers don’t get access to them and use them without your knowledge.

Also, make sure to log in on trusted devices and on trusted networks only. Make it a point to log out of all your active sessions regularly. This will help those services recognise anomalies in your login patterns and detect a possible breach easier.

Have a proactive approach towards your social media security and you will be a very hard target for anyone trying to get access to your accounts. It will be a challenge for anyone to launch social engineering hacks against you.

Have more questions? Check out our Smiley Geeks IT Help Membership from only $69 a month!

Posted on

6 Hospitality Businesses Who Faced Data Breach Fines

hospitality data breach fine

Contrary to popular belief, the hospitality industry is an excellent target of cybercrime because of the sheer amount of personal and sensitive data held. In fact, there are several businesses that have already faced data breach fines.

Every day, hotels, hostels, and restaurant chains handle credit cards, emails, contact preferences, home addresses, and other sensitive data from millions of customers, and hackers want to get their hands on that information.

A data breach can go undetected for quite a long time, as some of the cases below demonstrate, which would only increase the GDPR fine nowadays!

Here are 6 hospitality businesses who have recently faced data breach fines, and the cybercrime that caused them.

1. Hilton Fined $700,000 After Taking 10 Months To Notify Customers of Data Loss.

Back in 2014, Hilton hotels were a victim of a data breach, followed by another breach during 2015, which resulted in the data loss of over 360,000 customers. The data that was stolen held sensitive information like credit card numbers, names, addresses, and more.

The biggest issue is that Hilton failed to inform its customers about the breach in a timely manner. It took them ten months after they learned about the breach to inform their customers. This resulted in a $700,000 fine for lack of adequate security and failing to inform customers about the breach. If this had happened recently, their fines would be much higher under GDPR –  they would probably have to pay around $420 million.

2. Radisson Hotels Face Potential GDPR Fine

Radisson Hotel Group faces fines under the newly adopted GDPR. The breach was discovered in 2018, with Radisson claiming to have promptly informed the EU regulators within the 72-hour timeline. It was detected in the Radisson Rewards database, and some members of their Rewards programs were compromised.

Apparently, credit card or passwords were not stolen. Stolen data included names, addresses, email addresses, company names, Rewards member numbers, and frequent flyer numbers. As a result, the hotel chain might be facing a €10 million fine.

3. Trump Hotels Pay $50,000 After Not Informing Customers About Breach

Even Trump hotels aren’t spared of data breaches. The hotel chain suffered a data breach back in 2014 when over 70,000 credit card numbers and other personal data were stolen via the payment processing system that was infected. The now president Trump agreed to cover the $50,000 fine that was issued because the hotel chain didn’t bother to inform their customers about the breach even though they knew about it for months.

4. Wendy’s $50 Million Settlement

Restaurant chain Wendy’s had to pay a hefty fine because of the data breach that happened in 2015 and 2016 when 1,025 POS systems used at their locations were infected with malware that led to a lot of stolen credit card info. It is reported that over 18 million cards were compromised in the breach.

Many of these cards were used to commit fraudulent online purchases. As a result, Wendy’s had to face a class action lawsuit from affected financial institutions and consumers. Wendy’s reached a settlement that required them to pay $50 million by the end of 2019.

5. Zippy’s Restaurant $725,000 Data Breach

Zippy’s restaurant chain based in Hawaii suffered a data breach in November 2017. They first discovered the breach in March 2018. All cards used during that time might have been affected. The compromised information included credit card numbers, expiration dates, names, and security codes.

There is no information about how many customers were affected, but a class action lawsuit was filed against FCH Enterprises, the owner of Zippy’s Restaurant. It’s worth noting that not only the restaurant chain was affected. The other franchises held by FCH – Napoleon’s Bakery, Kahala Sushi, Pearl City Sushi, and Pomaika’i Ballrooms. FCH reached a settlement and agreed to pay $725,000.

6. The $915Million GDPR Marriott Case

Probably the case that got most traction is the large data breach that occurred with the Marriott hotel chain. Personal data and credit card details, even passport numbers and dates of birth of more than 500 million of their customers were stolen. The Marriott group includes hotel chains such as Sheraton, Westin, W, Le, Meridien.

The breach was first discovered in September 2018, while detailed investigation revealed ongoing unauthorized access dating back to 2014. They did encrypt sensitive data such as credit card information. However, the group stated they cannot be sure that encryption keys were not stolen too.

The most concerning part is that this was ongoing for four years, meaning security monitoring profoundly failed. The fine: $3.5 billion dollars plus $915 million from ICO GDPR.

With the rising risk of data breach and rising prices of fines, make sure you protect your customers’ sensitive data. This is especially true with the GDPR in place. By doing so, you avoid fines and ensure your guests rest easy knowing their personal information is safe with you.


Posted on

5 Reasons Hospitality Businesses Get Hacked

hospitality business hacking

The last several years have revealed that hospitality businesses are vulnerable to cyber attacks. Many major hospitality players being victims of cybercrime that was in some cases undetected for years. In a separate post, we have cited six hospitality businesses that faced data breach fines resulting from hospitality business hacking.

Hackers are becoming increasingly innovative in ways they gain access to secure hospitality systems. In contrast, the hospitality sector is lagging behind in security measures. Businesses often don’t treat cybersecurity as a priority but prefer to focus on customer experience only, which can have far-reaching consequences in case of a breach.

The most common factors that contribute to hospitality business hacking and data breaches include the following:  

#1 The Number of People Involved

It is the nature of the hospitality industry that makes hospitality businesses such targets – there are so many customers and staff involved that hackers easily benefit from those numbers.  Sooner or later, somebody will make a mistake and click on a malicious link delivered into their inbox from a spoofed email address, and that one click is often enough to get access to everything.

Once inside, hackers will easily find employee credentials to get access to sensitive information, such as customer names, emails, addresses, current residence, credit card information, loyalty programs and points, and more, and use all that information for monetary gain or to sell it on the dark web.  

Another big issue that contributes to the high vulnerability of the hospitality sector is the current hospitality retention rates. Retention rate in the hospitality industry is quite low in comparison to averages or other industries. In the UK, the annual staff retention level is just over 70%, which is concerning since the average retention is usually around 85%. Not only are staff usually less interested in the long-term protection of the business, but frequent changes of users and passwords often leads to bad practices like sharing or logging in for each other.

#2 Unsecured Networks Result in Hospitality Business Hacking

One of the easiest ways hackers are able to access guest and employee data is through Wi-Fi networks that are poorly secured and unsecured. While it’s hard to make sure a Wi-Fi network is 100% secure against attacks, hospitality businesses can do a lot to minimise the risk.

First of all, a network should never be unsecured. While it might seem like a great perk – use your network easily without having to ask for a passcode – this also means that anyone can access it, hackers included. The passcode should always be complex to avoid hackers simply guessing it. Businesses should avoid setting up “12345” or the business name as the passcode.

In addition to the right encryption settings for all the networks, it’s important to separate them too. Guests should always have a separate network for all their devices. Sharing the same network for business devices and guest devices is a recipe for disaster. Some of your guests may not be as innocent as they appear. They may be accessing your internal systems and data whilst also enjoying your coffee.

#3 Lack of Understanding

Another fault of many businesses in the hospitality industry is their lack of understanding of cybersecurity. Hotels are now interconnected digital systems that compete for customers by introducing new digital experiences. As such complex systems, they have a large number of endpoints – like the above-mentioned Wi-Fi networks, but also HVAC systems, Points of Sale (PoS), electronic door locks, smart devices – through which customer data is accessed and stored.

It’s true that they do adopt new technology and software to streamline their operations. But their outdated security measures don’t cover new security threats. You see, each of the endpoints used can also be an entry point for hackers to steal data. Sometimes, it’s enough to delay updating your PoS system for hackers to get a successful entry.   

Because hospitality businesses deal with such a large amount of sensitive data daily, it’s of utmost importance that they also understand the risks that come with the benefits of new software and tech solutions.

#4 Cybersecurity Isn’t Their Focus

Most hospitality businesses will agree that customer satisfaction and the overall experience with their brand is what matters most. The competition is fierce, and it’s very easy to lose customers. In their battle to retain customers, they will often prioritise to spend their money on user experience. As a result, they streamline all their internal operations towards this goal.

Providing a seamless experience in every single one of their locations require interconnection of all hotels from the same chain. For this reason, they are able to easily share their data on customers between locations. This way, the customer’s preferences when it comes to rooms and suites and other data that help make them feel welcome is accessible at any time, no matter which of their hotels the customer walks into. Such data sharing happens within the hotel chain national network, which all hotels have access to.

This interconnectedness can have far-reaching consequences – just one breach into a single hotel from the whole chain is enough for hackers to quickly gain access to their whole system and steal information from central data points.

#5 Lack of Education Lead to Hospitality Business Hacking

With a lack of understanding of why security systems are crucial for all the digital systems in the hospitality industry, cybersecurity is often put into the back seat. This, in turn, results in a severe lack of education for staff members and partners.

If employees working in hospitality do not know how to spot risks, the chances of hospitality business hacking skyrocket. Not all employees are tech-savvy or IT professionals. Some of them don’t know how to spot a phishing attempt. However, with the right training, you can greatly reduce the chances of being hacked.

The best approach here would be to have cybersecurity staff that will take proactive measures to keep all systems secure. Therefore, it’s not a bad idea to appoint a Chief Information Security Officer (CISO) who would oversee all security-related operations. The CISO ‘s responsibility includes setting up a plan in case a breach happens.

The Right Measures Help Detect a Breach Quickly

The hospitality industry will remain a high-risk target for cyber attacks, and there will always be a risk. However, taking the right countermeasures will minimise hospitality business hacking. This ensures that if a breach does happen, there are rules in place that will help detect it quickly. Consequently, businesses take the right course of action.

Posted on

Why It’s Safer to Tether Your Internet Than Use Public Wi-Fi

Why It’s Safer to Tether Your Internet Than Use Public Wi-Fi feature image - picture of a pineapple

You’ve probably been in a situation where you desperately need an internet connection for your devices while you’re out and about. Most public places offer free internet. Public Wi-Fi, however, is risky business, and it’s best to avoid it.

The Risk of Public Wi-Fi

Coffee shops, airports, hotels, and restaurants offer their Wi-Fi without a second thought, but most lack proper security measures. Those networks are often the prime spots for hackers to execute their attacks and get access to sensitive information or spread malware. One of the most concerning ways they do this is with a device called Wi-Fi Pineapple.

Primarily, Wi-Fi Pineapple is used by companies specialised for penetration testing networks of various businesses. Even though the original use of the device is to audit wireless networks and test for vulnerabilities, hackers realised they could use it too.

How Hackers Use Wi-Fi Pineapple

Because Pineapple is so cheap (the whole kit costs about $100/£75), hackers use it to get access to sensitive information or spread malware.

  • They set it up as a fake Wi-Fi hotspot (known as a rogue access point –rogue AP), which enables them to do an attack called “Man-in-the-Middle” (MitM).
    • They fake a network SSID (name) that sounds reputable, like a hotel name, by changing one letter in the name, and then wait for unsuspecting users to connect their devices.
    • Once connected, they will intercept all communication between devices and the web.
  • Another way they can get your device to connect automatically is to spoof the SSIDs saved by your device.
    • When you have Wi-Fi on, your device will actively scan the surrounding for networks that you have saved and enabled auto-connect.
    • Your device does this by actually broadcasting the SSID of all saved networks.
    • Wi-Fi Pineapple can read those broadcasts, rename its SSID to match one of your saved networks, and your device will automatically connect to it.

It’s always better to tether your internet connection from your phone to avoid those risks.

Advantages and Disadvantages of Tethering Your Internet

Tethering is easy to set up –basically, you use your phone’s data plan to get an internet connection. It can be done via Wi-Fi, Bluetooth, or USB.

Advantages of Tethering

  • Safer than using public Wi-Fi
  • Your personal hotspot; nobody else can use it
  • Safe to browse all sites and log in to sensitive websites too (like a bank account)

Disadvantages of Tethering

  • Some carriers block this option, and you might have to pay extra fees to use it.
  • Can drain the phone battery quickly if the phone is not connected to a power source.
  • Can use up your data plan if your connected devices are not set up to treat the connection as a metered one.

Even so, battery drain or a small one-time fee is acceptable when compared to the risk of losing your personal information or business accounts because you used public Wi-Fi.

How to Tether Your Phone

ANDROID

For Wi-Fi tethering, you should go to:

  1. Settings > Wireless & Networks > Portable (Wi-Fi) Hotspot > Set Up Wi-Fi Hotspot.
  2. Enter SSID (name) of the Hotspot.
  3. Choose a security option – always go for WPA2 PSK (safest encryption).
  4. Set up Password.
  5. (Optional) Choose an AP Band – 2.4 GHz is the default, but you can go for 5GHz too if your devices support it.
  6. Turn on HotSpot, find it with your device, and connect to it.

For USB tethering, you should:

  1. Connect the phone to your device via USB.
  2. Disable Wi-Fi.
  3. Go to Settings > Wireless & Networks > More… > USB Tethering and activate it.

iOS:

  1. Go to Settings > Cellular or Settings > Personal Hotspot.
  2. Turn on Hotspot using a slider.
  3. You can choose to connect your devices via Wi-Fi, Bluetooth, or USB.
    • For Wi-Fi, you will have to set up Wi-Fi Password first (under Personal Hotspot).
    • Bluetooth connection only works with Macs, PCs, and third-party devices;to connect other iOS devices, you need to use Wi-Fi.
    • For USB, you will need the latest iTunes on the device you want to connect.

Keeping your personal and business data safe wherever you might be should always be your primary concern. Particularly in this day and age.

Even though public Wi-Fi networks are convenient, you are at high risk every single time you connect to them, even if it’s just for a few minutes. Tethering your internet is simple, convenient, and gives you your very own personal and secure hotspot.

Posted on

The Different Tactics Hackers Use to Gain Access to Your Computer

We’d all like to think that hackers are spending weeks on end planning their every move to attack a business but the truth of it is nowhere near as exciting. Although this could happen to a big target, for most people it’s a lot more boring and they get ‘accidentally’ caught in the net as hackers looking to make a quick buck send out malware or ransomware hoping someone will fall into the trap.

That doesn’t mean the effects aren’t any less devastating!

So, to make sure you can protect yourself, let’s look at the various different tactics hackers use to try and steal your business’ data.

1. Relying on Human Error

We’re sorry to say that lack of education in businesses and human error by employees account for a large portion of breaches in our experience. For example, employees attempting to access internal systems from unsafe locations, using personal (infected) devices on the network, or clicking malicious links in an email. Hackers cast their net far and wide, and the likelihood is someone will click something and open the door. And that’s all they need. 

Hackers also pray on the lack of oversight from business owners on their employees. According to Keeper Securities’ State of Cybersecurity in Small & Medium-Sized Businesses (SMB) report from 2017, 59% of small businesses do not have insight into the types of passwords employees use. This means that although the company is liable for a breach, they aren’t enforcing or even aware of the security standards of the passwords in use. 

2. Phishing

Phishing is one of the most common tactics hackers use. This is usually in form of an email that is spoofed to look like it’s coming from another sender, like your bank, or ISP. It will urge you to act immediately or you might lose your account, money, or face infractions. 48% of hacks on companies last year found that phishing or social engineering were the result.

Here are the warning signs you need to look out for in a phishing email

3. Public/Free Wi-Fi

Public computers and Wi-Fi networks are notorious for being plagued with malicious software that “sniffs” for data packets while you are using them. You risk losing your account data as soon as you type in your password. 

4. Phone Calls

Surprisingly these still work and is still one of the tactics hackers use! Hackers have been known to ring you claiming to be your bank or an organisation you’re affiliated with and ask you to confirm details over the phone. For example, banking pins or passwords as well as talking to you about family data or information, like your mother’s maiden name to get the ‘security question’ answers or take a stab at your password. If you feel a phone call is suspicious, never hand over your data, simply tell them now isn’t a good time and hang up.

5. Weak Passwords

Lazy, generic and consequently weak passwords are the easiest way for hackers to get access to your accounts. Many small business owners admitted that, while they still have password strength policies, 68% do not enforce them. A generic or commonly used password like 12345, makes it easy for hackers to gain access to your email or computer.

Check out our article below on protecting your password from hackers:

6. An Out-of-Date OS

While nobody likes how long OS updates take, they exist for a reason: to address flaws within the code that can potentially be exploited. Without regular updates, you enable easy access to hackers who are aware of the weak points.

7. Infected Attachments

It’s not just the links you should be wary of in an email. Masked to look like images or documents, they often carry viruses, malware, or spyware, like a keylogger that will install to your device and record your every keystroke to get your passwords that way.

8. Dodgy Devices

Be wary of those free devices being handed out to you as “freebies” in many cases, hackers can load malware or keystroke loggers on them so that when they are entered onto the computer they immediately infect it.

9. Pineapples – Spoofed Wi-Fi Points

A Wi-Fi pineapple is a fake Wi-Fi access point that has been purely set up to steal your data but it masks as public Wi-Fi. From the hacker’s point of view, they have multiple programs and software running to gain access but to the unsuspecting user, they just jump on as usual and voila, instant access to your data.

10. Unsuspecting Accessories

Your new smart lock, phone controlled thermostat, camera that is enabled to a network, card reader or any other online accessory all have access to your network. Hackers can use these as easy points of entry if they aren’t protected correctly to access your network and get to your data that way!

Unfortunately, we’ve only just scratched the surface of tactics hackers use to access your data and your files, and this is why we are firm advocators for using file protection as part of your cyber security strategy. That way, hackers can’t access the data from your files once you’ve been breached, therefore protecting the data stored within them.

To get automatic file and email encryption for small businesses using Microsoft’s Azure Information Protection, click the image below to get half off our course on udemy:

file and email encryption course image. click to take you to the course
Posted on

How “At Risk” Small Businesses REALLY Are to Cyber Attacks

busy coffee shop as a small business

Running a small business comes with a very specific set of challenges, like having limited resources, and often cyber security falls to the bottom of the list. But, the cost of a data breach, no matter the size of your organisation can be huge and the bad PR or image alone could be crippling as small businesses have to rely on reputation! 

Why Would Anyone Target Small Businesses?

Many small business owners don’t understand why their company would be an appealing target for hackers. They are small, don’t have vast funds or sensitive secrets that anyone would care about. They believe they are not big enough to be a target, so they don’t invest as heavily in cyber security as larger businesses do.

Some hackers do not target small businesses specifically but try to infect as many devices as possible, and without protective measures, backups in place, or the education, small businesses can very quickly become victims too.

The most common type of tactic that casts a wide net are ransomware attacks and more recently, cyber-attacks are becoming more targeted and specific.

The top 3 reasons why small businesses are targeted specifically by hackers are:

  1. The lack of investment into security makes it too easy for those looking to make quick money by selling details. 
  2. Small businesses often work with larger enterprises and if they’re not careful can serve as a point of entry for a large data breach.
  3. A small business is more likely to meet the hacker’s demands, such as a ransom, to get their data back because without it, their business is at a standstill. 

Cyber-attacks against Small Businesses are on the Rise

According to Keeper Securities’ State of Cybersecurity in Small & Medium-Sized Businesses (SMB) report from 2017, attacks against small and medium business owners are on the rise. A staggering 61% of small businesses that were interviewed reported they were affected by a cyber-attack. The most common type of attack included phishing or social engineering, with web-based attacks and general malware following closely behind.

What Small Businesses Should do to be Safe from Cyber Crime

Change of stance is the most crucial thing.

If small business owners continue to believe they are not a good target to hackers and believe they don’t matter, they will continue to be vulnerable to cyber attacks. Small businesses should focus on the following areas:

  • New Technology and Software – Investing in the newest software solutions can give small businesses the edge that they need to catch breach attempts early. Machine learning can detect anomalies in network traffic or credit card fraud attempts so that small businesses don’t have to pay as much attention. 
  • Employee Education – Teaching employees about cyber security lowers the risk considerably. Get them on board about it and teach them about password policies, what makes a strong password, why password sharing is risky, and signs that indicate a possible breach. Check out the TowerWatch Academy for regular courses that you might need for educating staff and using protection software. 
  • Regular Updates and Patching – Ensure all your systems are up to date and patched regularly. New patches are applied to parts of code that could have been used as points of entry before the patch which is why you should always keep up to date. 
  • Use Encryption – Encryption is a precaution in case a data breach happens. If hackers get to your data, having it encrypted will render it useless to them. 
  • Physical Security – Have surveillance in place in areas where you keep your sensitive data to avoid malicious actions from the real world.
  • Two Factor Authentication – In case a cyber attack is successful in getting credentials to log in to your system(s), a two-factor authentication will stop them from getting further than trying to log in and will immediately alert you so you can lock it down and change your passwords. 

If you need any help or support protecting yourself as a small business from cyber security attacks, join our free Facebook community for IT support for your small business.

Posted on

Data Breaches Aren’t Just Your Users’ Fault (Infographic)

As IT guys, it’s very easy to blame users for data breaches but it’s not always just their fault. Sometimes, data breaches aren’t users’ fault.

Sure, they need to update their passwords, stop giving things out and clicking on the suspicious email links. But, the buck stops with you as their IT professional. We thought these statistics from the IS Decisions’ research into IT Security managers in both the UK and US were very enlightening.

It shows that, compromised credentials are one of the main causes of data breaches and we must remember our users are human! It’s up to us to help limit the risk by:

  • Forcing users to frequently change their password – even if they hate us for it
  • Making sure policy dictates a different password for each program or part of the system
  • To give regular training on Phishing or data security that affects them – and stop assuming they will know something is off when they see it
  • To be approachable so that any issues are quickly reported

Doing these small things can make a big difference in data security and protection to minimise the risk of a breach due to compromised credentials. Here is the infographic and statistics below with some interesting results:
Infographic: Security Breaches from Compromised User Logins

UserLock FileAudit IS Decisions Priorités en matière de sécurité d'accès
Posted on

The All-Too-Frequent Failure of Data Protection in the Field of DevOps and Developers

I have decided to post this as a response to an article I read and ensuing discussion concerning the hacking of servers through RDP.

At present I see several major trends happening in this field:

  1. Ongoing transition to DevOps is happening also because of original System people (I am proud to have been one of them once upon a time, those that even used to install 2000/2003 on a physical server!) seeing the demand for 3rd level support declining steadily with the world of Cloud growing fast, so they understand the need to advance and expand into the field of software
  2. Current transition to DevOps is happening at fast pace because the software developers have begun to understand that it is not enough to simply “write code”. I can remember the time when the programmer did not know how to install an OS now I am delighted to see software developers that understand: their well-known world of code will have to become a world of Deployment!
  3. The younger people, those that never in their lives even tried to install a physical server and did not have to configure a Firewall from scratch, never had to deal with Assembler. These Children of the Cloud can develop products in a much faster way, providing a very effective delivery, albeit based on a pre-existing infrastructure.

I have been discussing the whole issue of DevOps with my colleagues lately, it can become a crucial one, as this community does mostly consist of brilliant system and software people that can work together in the Cloud, in Sweet Harmony (those over 30 might remember that song).

Personally, I have first encountered the field of DevOps while building the AWS infrastructure for an Israeli client. A software guy, whom I was helping to define the system, told me that he wanted to transit to DevOps, and that he was very eager to learn the architecture and networking I have set up for AWS (a quite beautiful structure with VPN clusters and about 200 VPC’s in different areas).

Evolution of Cyber Threats

Together with all this, the world of Cyber Threats is changing rapidly in several ways:

  1. Cyberattacks have become a fully-fledged business, operating according to a well-developed business model, even if this is performed by “illegitimate” criminal organizations or individuals. Some of the perpetrators used to serve for the Russian or Chinese versions of the NSA, and in China this is even done by proper cyber units of the People Liberation Army.
  2. The leakages of government/military level tools (Eternal Blue etc) have proven to be a huge game-changer, version of this software still penetrate systems that have not performed adequate patching until now! The speed with which Eternal Blue has morphed into Ransomware shows how quickly the bad guys adapt to the changes in environment, both in professional and commercial sphere.
  3. The size and frequency of DDOS attacks has reached record-breaking levels, and one can order DDOS services in easy and convenient manner, using tools that are similar to the shopping cart, you can see it for yourselves doing a simple search on a Dark Web. The IOT has also become a virtual petri dish for DDOS bots.
  4. The phishing threat has risen to a whole new level as means to steal sensitive data and intellectual property.
  5. The new and rapidly growing threat is Zero Day Exploits, very difficult to defend against during the initial phase of discovery (just like in point 1)

All this is very challenging, without a doubt.

In the World of Cloud everything becomes easier, more accessible and much more amazing. It is now possible to do in 5 minutes what would have taken 5-6 days before the Cloud was here, or even things that were just a fantasy just a few years ago.

Some of these changes are the possibility of deploying Virtual Machines in a few minutes’ time and getting instant access, Microsoft has also embraced the AWS approach, while dropping the default choice of NAT, so that the new machines are supplied directly with open 3389 (thus ensuring more speed).

Data Protection for DevOps

Now let us look back at our headline: why is the world of DevOps so slow to grasp the importance of Data Protection? From my experience as a consultant and designer of system architecture, the DevOps people cannot grasp the severity of the Cyber threat for some of the following reasons:

  1. Those that have transited from system administration and design know how to configure a server or a firewall, but they do not look at the application side, so if they need to install an outward-looking IIS server, they do not bother with configuring the necessary permissions and privileges, as this is “not really my business”
  2. Those who were software developers tend to exhibit more understanding of the applicative risks (like SQL Injection and various WAF issues), but all too frequently I see those guys setting up DEV machines with open 3389 configurations protected by ridiculously simple passwords (they think that because it is Dev – this is not really that important)
  3. Younger-generation Cloud kids that are used to direct cloud deployments usually do have awareness of Data Protection (a pleasant surprise!), but mostly use the only the ready-made manufacturer’s solutions, but if the concrete system requires a custom solution of some sort, like some sort of On-Prem connection, they cannot do it and there is no effective Data Protection as a result

What is to be done? They need to study and to learn new things! I have been dealing with the broad theme of Data Protection for many years already, but my eyes really were opened after I attended the very complicated and challenging course of Offensive Security, which really gave me the hands-on experience of Penetration Testing. During this course you could really see the process as performed by the attacker, who may be a system or software expert, a very creative and formidable foe.

Roughly, this is how it looks from the attacker’s point of view:

  1. Full scan and obtaining a complete system status and external structure
  2. Searching for weak spots
  3. Using existing tools to exploit the system weaknesses
  4. Building custom tools to exploit some of the weak spots
  5. Executing the exploit
  6. Your server is toast

This is a very concise summary, but enough to get a clear picture:

  1. When you install a server with open 3389, in a matter of seconds your server will be identified by various scanners that search the networks all the time, without stopping! The attacker, usually running a script, gets a precise update on a new open 3389 server. Following that, the operating system can by deduced based on the version of RDP that is detected
  2. After a few seconds the attacker’s scanner will start using a tool like Brut Force or Dictionary Attack, a relatively simple password will be discovered in a few minutes and your system breached (yes, a few minutes – during my lectures I sometimes set up a demo, showing how easy it is to breach AWS or Azure server with a simplistic or predictable password.

Yes, the open 3389 configuration is a “disaster”, because it gives the attackers some of the following information:

  1. I am not very professional, and me installing the open 3389 means that I also neglect installing addition defenses and security features
  2. This is a newly-installed server, without much or any protection, so this is the perfect time to penetrate the system, plant the “package”, and then wait to see what will be the purpose and content of the server (perfect for DC, as an example)
  3. My passwords will most probably be weak and predictable

Data Protection on RDP

On the issue of RDP:

  1. This protocol allows to run Remote Execution through it, which means running a malware without a need to plant it inside the server in advance
  2. Even if you have full patching, a weak password will give an attacker an opening to sneak in and plant the package in space of seconds, getting control of the server

So here is what needs to be done:

  1. You do not open a 3389 unless it is done through VPN or through ACL that restricts access to the source
  2. The passwords always (always!!!) need to be complex, never use the words that might appear in a dictionary, use password generators!
  3. You need to study all the time – every DevOps/Dev person needs to learn about existing and new off-the-shelf tools, such as Kali and others

One more thing (DevOps guys, please do not get angry with me about that): very few people are able to become true jacks-of-all-trades, that is why big tech companies employ dedicated DevOps teams that include system people, software developers and cyber experts as well.

The biggest problem is usually encountered when setting up new smaller companies or start-ups that do not possess the resources for the appropriate planning and execution of Data Protection. This can lead to Intellectual Property being obtained by your competitors (mostly in China, but also in other places) from the first day of the server’s operation.

Conclusion

To sum it all up:

  1. A 3389 port that is open to the internet is a really bad idea
  2. Simple passwords, even for a small Dev server, is very bad too
  3. Learning basic Data Protection is a must of all the range of DevOps positions

Eli Migdal – TowerWatch Solutions – CEO