Posts

Did you know that according to recent reports, it takes companies and average of 6 months to realize that their data has been breached!? Scary!

Data breaches are one of the worst things that can happen to a company, as the financial and reputational repercussions can be huge. This makes early detection of breaches so important.

We have created this short video to help you learn how to spot the early signs of a data breach and what to do if you suspect that someone has gained access to your network. Watch it here:

If you are interested in finding out more about protecting your data, book a 15 minute, no obligation call with us at www.durham-it.ca/book-a-call/.

Did you get a much-needed break over the holidays? Even just a couple days off at the end of the year can give you that clear mind needed to jump start your business for 2022.

We like to call this “January Refresh & Refocus”. During this time, we encourage you to take a look at two areas of technology that will make the biggest difference in your business during 2022… Defend and Invest.

Defend is all about protecting your business. Cyber-crime is predicted to rise to an all-time high once again this year. Your business MUST be protected.

Invest is all about making sure your business is not being held back by your technology. When technology is used correctly, it can and should be the driving force behind your business.

We have created this free guide to help you plan for these two areas in 2022. Click here to download it: Guide – Defend & Invest

Want help putting together your 2022 technology strategy? Book a 15 minute, no obligation call with us at www.durham-it.ca/book-a-call/.

There is a major security alert that is affecting the whole of the internet right now. Security researchers have called it one of the most severe vulnerabilities the world has ever seen.

If you haven’t heard much about it, don’t be surprised. Unlike most cyber security alerts, this vulnerability is not affecting the normal computers that you use in your business. Instead, it is affecting the servers that power much of the web.

There are some small security measures that you can take to keep you and your team safe online. We will come to those in a minute. We are writing this to give you a simple guide to what has happened and what it means, without any baffling tech speak.

Let’s start at the beginning. At the end of last week, a problem was noticed in the highly popular game Minecraft. It quickly became apparent that the impact was far larger than just affecting a game. In fact, it has affected millions of web applications, including Apple’s iCloud.

The problem is a security flaw in a piece of software called Log4j. This software is designed to keep a record of everything that has happened within applications. This record helps developers track down problems and fix them.

Log4j is what is known as open-source software. It was developed for free by coders in their spare time and anyone can use it. Rather than write their own logging software, millions of developers have used it as it is a very efficient way to create new applications.

Unfortunately, with Log4j being so widely used, it means that the security flaw, Log4Shell, is now affecting millions of pieces of software, running on millions of machines. So, while it is not affecting the normal computers you use in your business, it is affecting many of the services you use.

The flaw allows hackers to run any code they would like on affected servers. They could steal data, delete information, or run other software. Experts say this flaw makes it so easy to run malicious code, virtually anyone could do it.

So, what happens from here? Luckily, the fix to the problem was developed quickly. It was released in a patch – like a Band-Aid to fix the bug. The real issue is updating all the software that has been using Log4j. It is so widely used that it is likely to take several months for the patch to be universally applied. Experts even believe that there will be some web applications that, for whatever reason, are never updated.

This is where it starts to affect you more directly. Here are a few of the risks to watch for.

  1. We are likely to see a lot of website hacks happen over the next few months.
  2. Some ecommerce sites that didn’t apply the patch quickly may find hackers have stolen their customers’ card numbers or other details.
  3. The risk of identity theft shoots up.
  4. Other websites you visit may try to secretly download malware – malicious software – onto your computer.

Here are some basic security measures you can take to stay safe online:

  • Always use long, randomly generated passwords
  • Never use a password for more than one service
  • Use a password manager to remember passwords for you
  • Keep a closer watch on your card statements for the next few months
  • Make sure you keep your business’s computers up-to-date and apply all patches to software.

If we can help reassure you that your business is secure, especially as we approach the holidays, feel free to book a free, no obligation 15-minute consultation at www.durham-it.ca/book-a-call/.

 

Published with permission from Your Tech Updates.

What would you do if you turned on your computer and saw a red screen saying that your business’s data was being held for ransom?

Most people would have no idea what to do next. This is a huge concern as the odds of a cyber criminal targeting your business increases every day. In this short video, we suggest how you should be preparing:

Interested in a free cyber security review? Book a 15 minute, no obligation call with us at www.durham-it.ca/book-a-call/.

This New Survey Confirms What Any IT Professional Will Tell You: Phishing is Still the Most Likely Way for Your Business to be Breached

A new survey released by a specialist website has confirmed that phishing attacks remain the greatest cyber security threat to businesses.

Phishing is where a hacker sends you an email pretending to be someone else. For example, they might fake an email from your bank or the government.

When you click a link in the email, you’re taken to a page that looks similar to your bank’s login page. But it’s not! It’s a fake page set up to steal your information. The criminals hope that you’ll enter your real login details, so that they can access your business’s bank accounts.

Other threats from phishing emails include fake PDFs – with names such as “invoice”. Often clicking these can allow the hacker to install malicious software, known as malware, on your computer.

A cybersecurity news website called Dark Reading compiles a Strategic Security Survey every year.

In the newly released 2021 survey, 53% of businesses that reported a breach this year said it happened primarily because of a phishing attack.

41% blamed malware for playing a part in their breach.

17% experienced something called a Denial of Service attack. This is where hackers send a flood of traffic to a network or website, hoping to overwhelm it and force it to shut down.

What’s important to remember is that none of these attacks were specifically targeting the victim’s business. Everyday hackers email thousands of people, waiting to see who opens and clicks on the emails.

That’s why the primary protection against phishing is training your people well. Software can help to protect your business, but not as much as training can.

If you need help with phishing awareness training, book a 15 minute, no obligation call with us at www.durham-it.ca/book-a-call/.

 

Published with permission from Your Tech Updates.

This is a question we get a lot. Many of you have heard about multi-factor authentication (MFA), but aren’t sure what it actually does and how it could benefit your business? Put simply, MFA is where you use a second device or account to prove that it is really you logging in. This offers a very high level of protection to your business.

We’ve created this short video to help explain what MFA is, how it works, and why you really, really want to be using it in your business.

Want to find out more about how your business could benefit from MFA? Book a 15 minute, no obligation call with us at www.durham-it.ca/book-a-call/.

A whaling what!? Never heard this term? Don’t worry, most haven’t.

Imagine that your staff got an email that they thought was from you (but really wasn’t!!), asking them to pay a time-sensitive bill from a new supplier. What are the chances that they would pay it? Many employees would since, well, you’re the boss!

When a cyber-criminal impersonates the boss, or someone in a position of power, this is called a whaling attack. Here is what you need to know to protect your business from this type of cyber-crime:

Want some advice to tighten up your business’s cyber security? Book a 15 minute, no obligation call with us at www.durham-it.ca/book-a-call/.

 

 

If Your Business’s WordPress Website is Hosted with GoDaddy, You Must Take Action Now

Last week, GoDaddy announced a major breach in its security, involving more than a million customers. If your business could be affected, there are some urgent actions you must take now.

You’ve probably heard of GoDaddy. It’s been around since the late 1990s when it started as a place to build and host your website. Later, it became famous for selling domain names. These days, it’s a huge internet company with revenue over $3 billion.

One of the things GoDaddy does is host WordPress websites. WordPress is a very popular Content Management System (CMS) that powers a third of all websites.

It announced last week that a hacker got into one of its WordPress hosting systems in early September by using a compromised password. The hacker was kicked out mid-November, but not before gaining access to data from 1.2 million WordPress hosted customers. Specifically, the hacker could access email addresses, original WordPress admin passwords, and other usernames and passwords.

If your business hosts a WordPress website with GoDaddy, please don’t panic. You may not be affected as the company hosts 5 million websites in total. We have been told that the breached passwords have been reset and that everyone affected has been contacted.

However, we prefer playing it 100% safe. We believe there are two risks you must protect yourself against. The first is phishing. This is where a cyber-criminal sends an email pretending to be someone they’re not, such as a big supplier or your bank. They want you to click on a bad link to either give them access to your network, or accidentally download malicious software, known as malware.

Any time your email address is compromised, you are likely to be the target of more phishing emails. The way to mitigate this risk is to train your staff on what to look out for and what to do if they are targeted in a phishing attack.

The second and greater risk is that someone has already been able to log into your website. Even though GoDaddy has now reset the passwords, it seems the hacker enjoyed free access to all this data for up to two months. There’s a possibility they could have logged into your website, and hidden malicious files there.

To play it safe, we recommend these three urgent steps:

  1. Change all admin passwords on your website.
  2. Check that there are no new admins that you didn’t set up. If there are, remove them immediately.
  3. Run a thorough security scan on your website to look for backdoor access (a secret place where hackers can get in), trojans and malicious files.

If you need help with any of this, please contact us immediately. We can be reached at 905-231-1303 or info@durham-it.ca

 

Published with permission from Your Tech Updates.

As business owners and managers, you have A LOT of responsibilities. One of the most important responsibilities is managing risks within your business, which includes protecting your company from predictable threats.

Cyber-attacks are a huge threat to all businesses. Can you 100% say that your business is protected from a cyber-attack? Unfortunately, most are not.

In our newest short video, we explain the biggest cyber-security risk to every business.

Want help securing your businesses IT defenses? Book a 15 minute, no obligation call with us at www.durham-it.ca/book-a-call/.

Have you ever heard of spoofed Wi-Fi? Many have not, but it has become a real concern. Reality is, public Wi-Fi is a prime target for attackers. If you ever connect to public Wi-Fi, such as those available in restaurants, you first need to be sure that you are protected. Our new video outlines what spoofed Wi-Fi is, and how it can put your business in jeopardy:

If you want to know more about how to protect your business from dangers like this, book a 15 minute, no obligation call with us at www.durham-it.ca/book-a-call/.