Category Archives: security awareness

What You Need To Know About DDOS Attacks

The latest data shows that DDOS (Distributed Denial of Service) attacks grew in numbers by over 132% in the last year. It’s a style of attack that involves bombarding an organization’s web presence or filling their connection to the Internet with large amounts of traffic, causing the site to become unavailable. These attacks are difficult to block, but companies that understand DDOS attacks and the potential protective measures to prevent them have a better chance of securing their websites over the long-term.

DDOS Attacks

In this article, we’ll highlight everything you need to know about these attacks.

Large Bandwidth Levels Offer Security

Sites with larger bandwidth levels are better able to serve larger traffic numbers And so it’s important for companies to ensure they have the maximum level of bandwidth for their website to keep their site online during a DDOS attack.

Protect the System Perimeter

Companies can protect their server infrastructure from DDOS attacks by optimizing their systems to prevent an impact. For example, they can rate limit their router to prevent their web server from being overloaded. They might also add filters that tell the server to drop packets from obvious DDOS sources. Servers could also be optimized to drop spoofed or malformed packages that might be the source of a DDOS attack.

Companies can also leverage the power of the cloud by implementing cloud-based web application firewalls to redirect traffic to be scrubbed in the cloud before hitting production equipment. Think of it as a massive reverse proxy protecting all inbound connections to your web sites.

Identify the Signs of DDOS Attack Early

Companies must learn to identify the signs of a DDOS attack on their servers at the earliest available opportunity. The first sign of an attack is a significant spike in traffic levels. The impacted site might also experience significant service disruption at the start of the event. By recognizing these signs early and quickly, companies can consolidate their losses over time.

Have a incident response plan specifically for DDoS attacks and have the capability to inspect the source of that traffic using an out of band network monitoring solution, not necessarily your firewall because it may go down. Work with your ISP to determine who to contact in case of a DDoS, they may be able to help or at least escalate quickly.

Separate Web Server and Company Data

Companies are often able to weather a DDOS attack more effectively when their web server and their company data are on separate hosts. There are two benefits for separating company information in this way. Firstly, the hosting company will likely have the bandwidth to fend off a sustained DDOS attack. Secondly, companies will still be able to have access to their data in the event of a DDOS attack on their server. This ensures company operations aren’t severely impacted while the DDOS attack is resolved.

Through swift and responsive protective measures, companies can limit the impact of potential DDOS attack events on their organization. To learn more on this process, contact our expert team directly!

Preventing Key Management Challenges In Cloud Security

Cloud computing now allows growing companies to consolidate the data infrastructure and use online systems of storage that can be monitored and protected at a lower cost than tangible storage areas. However in this era of cloud computing, a number of challenges are preventing companies from achieving optimal data security. Within this article, we’ll focus on how to prevent key management challenges in cloud security.

Cloud Security Management Challenges

The Leading Key Management Issues

Companies operating within the cloud often find they experience a number of issues managing their encryption keys and determining who has access to their cloud data at any one particular time. The following are the leading key management issues cloud storage users experience:

  • Keys being stolen from users
  • Keys becoming vulnerable to attack
  • Keys representing a single point of security failure
  • Keys and passphrases remaining the same for many years

These key management issues are leading to significant security challenges for organizations that depend upon their cloud data to protect their customers and their proprietary information, and so it’s important to understand how to resolve these challenges and prevent potential key security threats from occurring.

Effective Key Management Techniques

By using these key management techniques, companies can gain a greater understanding on when their information is being used, and by whom, and can actively prevent attacks against their cloud data.

  • Use a Different SSH Keypair For Each Machine

    Secure shell (SSH) protocols help protect key data from being accessed outside the user’s cloud system. But companies using one single SSH keypair for each of their computers are creating a single point of security failure within their systems. It’s important to use different SSH keypairs for each machine to isolate security threats.

  • Lock System After Several Unsuccessful Login Attempts

    Brute force attacks are a common way for hackers to gain entry to a cloud system. Companies must ensure systems lock automatically after several unsuccessful login attempts. This will prevent outsiders from using automated machines to continually guess passwords and login data until they gain system entry.

  • Force Users to Change Passwords and Logins Regularly

    Users are a leading source for potential key management issues. It is important companies force all users to change their login details such as usernames and passwords on a regular basis. This ensures any data breach is only limited to a short period of time until login details change.

By teaching their work teams about key security within their cloud systems, companies can capitalize on the full cost benefits and flexibility that cloud storage offers. To discuss this topic in greater detail with a security expert, contact our staff today!

How Do You Recognize And Prevent Identity Theft?

Each year, thousands of Canadians fall victim to online identity theft. This common issue can have lasting consequences on the financial and personal lives of those involved and so it’s imperative to learn the techniques and tools that can help prevent a potential identity theft event from taking place.

Preventing Identity Theft

Within this article, we’ll outline how to recognize and prevent identity theft.

Learn to Recognize the Signs

Identity theft can occur in numerous ways, but one of the first steps to preventing significant damage is to recognize when identity theft has taken place. The following are all signs that a person’s identity has been compromised:

  • Unexplained charges on credit cards
  • An alert to a name or address change on a bank account
  • Communication from a financial service provider highlighting possible fraud on an account

By responding quickly to these signs, and alerting financial institutions the moment fraud or identity theft is suspected, account holders can limit the financial impact of the event.

The Steps to Prevent Identity Theft

  1. Protect Your Social Insurance Number

    Your social insurance number is the number that identifies you to the various authorities. It’s important that this number is never given out to anyone other than a direct employer for regulatory purposes.

  2. Lock All Important Documents Away

    Within the home, it might be tempting to keep a passport or a birth certificate in a convenience place ready for travel. But these documents can be easily used for identity theft, and you should ensure that all important documents are kept in locked storage.

  3. Don’t Use Obvious Passwords for Banking Information

    Online hackers often use online bank accounts to access a person’s data and their finances. Try to use complex passwords when creating your accounts, and remember to never store your banking password information on your computer. This can ensure that additional level of protection.

  4. Review All Documents Carefully

    It might take more time, but you can prevent identity theft before it significantly impacts your life by reviewing all documentation carefully. Review any communication from your bank and review all statements you receive from credit agencies and credit card companies. This can help you to pinpoint a problem and secure your data.

The steps highlighted in this article can ensure your personal information is protected over the years to come. But remember to speak with your financial institution directly to learn more on the steps you can take to secure your account information. To learn more on this process, contact our security experts directly!

3 Tips To Protect Your Payments During Online Purchases

Whether on your desktop, laptop, smartphone, tablet or phablet, you can easily make online purchases for products and services via the Web.

Online Payment Purchases

More and more people are feeling comfortable about paying for things online. One reason for this is that many popular brick-and-mortar stores have online storefronts that are available 24 hours a day and seven days a week, which is appealing to shoppers in search of convenient shopping on their terms.

Even so, you still need to be careful when it comes to online shopping since cyber criminals are ever on the prowl for unsuspecting shoppers to victimize. But by following some best practices, you can enjoy safe e-retailing. Read on for 3 tips to protect your payments during online purchases.

  1. Install the official app or manually go to the web site
  2. Phishing attempts are used by cyber criminals to fool you into thinking that fake — but official-looking — websites and emails are genuine. If you visit a site that appears to be that of a merchant but is actually a counterfeit, the information you input — client number and password — can be harvested by cyber criminals.

    You can avoid phishing attempts by adhering to a few best practices. For instance, you should ensure that websites requesting personal info are legitimate. Rather than clicking on a link purporting to be the official website of a specific merchant or brand, you should type in the actual URL. As well, be wary of emails that request personal details, particularly since no reputable bank will ask that you transmit information via electronic communications.

  3. Check to ensure the payment site is using the HTTPS:// prefix
  4. Standard web traffic is sent unencrypted and if you’re on a public WiFi network or Internet connection, anyone can see your credentials or payment information in clear text. When shopping or performing any financial transactions, ensure that the web site is over encrypted channels.

  5. Use a low credit limit credit card
  6. Using credit cards are one of the safest methods of making purchases online as they don’t provide cybercriminals with a direct link to your bank account. You can sign up for a low credit limit credit card separate from your primary credit card to make review of statements and purchases much easier.

3 Reasons You Need To Teach Your Employees About Information Security

When it comes to information security awareness, the truth of the matter is that employees tend to be the weakest link in the proverbial chain – but they can also become your biggest strength and advocate for improving overall security. When we talk about educating employees It’s not only end-users that need training, but also information technology and information security personnel to perform skills assessment and identify gaps in their knowledge.

Information Security

Whether it involves using work-issued mobile devices to access unsecured wireless hot spots or clicking on malware-infecting links, workers don’t always do the right thing, and it’s up to you as the employer to ensure that they understand the do’s and don’ts so that your business interests aren’t compromised.

What follows are 3 reasons you need to teach your employees about information security.

  1. Fraud / Data Leakage
  2. If your workers like to click on links with reckless abandon, you need to take action. You might be surprised at how many millions of dollars have been lost owing to scams perpetrated through fraudulent emails. Such emails contain links that, once clicked on, can lead unsuspecting employees to divulge personal information that cyber criminals can then use for nefarious purposes.

    You need to ensure that your workers are aware of the risks associated with clicking on links. In addition to possibly giving up their own personal information, they could also jeopardize corporate data.

  3. Social Engineering
  4. If your workers are into sites like Facebook and LinkedIn — and who isn’t these days? — then it’s incumbent on you to insure that they’re aware of information security best practices. With more and more workers bringing in their own devices and using them at work, you need to ensure that your IT department is on top of things and that this knowledge trickles down to the workforce. Many of these social media sites and still today email play a part in trying to get employees to give up personal information.

  5. Notification & Feedback
  6. In order to have your employees part of the overall security program at your organization it is imperative that they can provide feedback and notify your information security team of threats that they are facing in order to continuously improve an organization’s security posture.

What You Can Do

When it comes to training employees, you need to inform them about using privacy settings, what viruses and malware are, how they can be avoided or dealt with, and how to avoid social engineering, which is a strategy whereby fraudsters pose as friends or colleagues of workers so as to get confidential data. If you cover all the bases, you’ll have an employee base that is well able to steer clear of online threats.

10 Safest Methods to Shop Online

Shopping online has become safer than ever. With a provided level of convenience that you can’t get anywhere else, it’s not only a popular way to shop, but it has quickly become the method of choice for a majority of North American consumers over the last decade.

Shop Online

However, even with ever-improving safety features being offered to digital shoppers, it’s still important that you remain cautious when making transactions online! Offering the wrong types of information could become detrimental to your privacy, your safety, and your bank account.

Protecting your credit card and personal information is surprisingly quite easy, and with a little planning can ensure that each purchase is completed without worry. Check out our top 10 tips for safe online shopping below!

Ways to Protect Yourself

  1. Only shop through reputable websites. The company you’re purchasing with should be familiar and well publicized before you decide to buy anything through their online store. If you are shopping through a smaller site, make sure you read customer reviews. Negative experiences are often widely discussed online, so a quick search will give insight into any potential security issues.
  2. Don’t over indulge in personal information. An online store has no use for your social security number and other personal information. An address, email, name, phone number, and credit card number are should be all that’s necessary.
  3. All online businesses should have a SSL (secure sockets layer). Do not purchase anything from a store that doesn’t have one.
  4. Try to use PayPal for online purchases. It offers extra security and makes online shopping even more convenient. If your purchase never arrives, communication ends with the seller, or you run into mostly any other issue that prevents you from getting the goods you paid for, PayPal will cancel the transaction and all funds will be returned to your bank account or credit card.
  5. Keep track of your online shopping habits. Check your bank statements after making purchases to assure that you weren’t charged more than necessary. It’s easy for small charges to go unnoticed when you shop online often, but doing regular checks of your credit card statements will ensure there is no suspicious activity.
  6. Use strong passwords when you sign up with a new online store. The stronger the password, the harder it is for your account with the shop to get hacked. Additionally, use different passwords than you use for your e-mail. If someone happens to hack into the online store’s database, you don’t want them to be able to use that information to log into your e-mail account.
  7. Use apps for your favorite stores. Shopping over your mobile device is said to be safer than shopping through a store’s mobile website.
  8. Make sure you have a secure Wi-Fi connection at home. Making purchases through unsecure Internet service is never wise. Ensure that you avoid buying anything while on a public Wi-Fi signal, and have a strong password implemented for your home Wi-Fi.
  9. Use gift cards to make purchases instead of credit cards. This is the simplest tip, yet is often overlooked. By purchasing gift cards by cash in a store, you’ll be able to complete full purchases online without ever having to give out credit card information. You may even be able to gain perks through your local grocery store for buying gift cards, saving you even more money and making your online shopping more secure.
  10. Avoid free product purchases and deals that seem too good to be true. In most cases, they are too good to be true. Non-reputable sources may even distribute your personal information to third parties, all but ensuring your e-mail inbox will start filling with spam.

The most important tip when shopping online is the simplest: use your logic! If a website has bad reviews, asks for too much personal information, or otherwise seems too good to be true, then continue your search for a trustworthy site to complete your purchase on.

7 Online Safety Measures Your Kids Have to Take

While the Internet is a place where people can go to socialize, network, learn, play games, and do many things at once without even having to move from your seat, it isn’t always a safe place for children. Predators use the Internet to find young children who are incapable of making wise decisions. Accidentally leaking personal information can easily lead to huge problems.

Online Safety Measures For Kids

It’s crucial that you protect your child as they use the Internet. As technology keeps advancing, it’s imperative that you stay current with the latest technology that your children might be utilizing in or out of school.

Internet Safety Measures to Take

  1. Block explicit websites
  2. While your children may not be intentionally visiting these websites, a misspelled word in a URL can have them surfing websites far beyond their years. Ensure that you have a parental code on websites containing anything other than child-friendly content.

  3. Watch for cyber bullying
  4. It’s a sad reality about today’s youth, but cyber bullying is more common than ever. Monitor your child’s social accounts and online activity to ensure that not only are they not the victim of bullying, but that they themselves aren’t participating in bullying others.

  5. Ensure your children aren’t the target of an online scam
  6. Online scams aren’t just targeted towards seniors anymore. Tweens and young teens are often lured into thinking they’re getting a great deal on a new electronic, only to receive the package and realize they’ve received a poor quality knock off. If your children are at the age where they’re allowed to shop online, ensure you’re monitoring all purchases before checkout.

  7. Teach them chat room safety or make sure they avoid chat rooms all together
  8. If your child is allowed to use chat rooms to talk with other kids online, ensure there are rules set in place. Make sure they’re only talking to kids they know offline, and stress the importance of never giving out personal information online.

  9. Make sure you have a secured Internet connection
  10. Kids can make mistakes, but they shouldn’t compromise your overall Internet security. Ensure you’re using a secured Internet connection so if your child does make a mistake, it won’t cost you in the long run.

  11. Avoid spam, phishing and malware
  12. These are terms your children will likely not understand, but they’re important to your computer. Malware can infect your computer such a point that it becomes unusable, so ensuring you have a robust anti-virus before your children start using your computer is essential.

  13. Teach them how to avoid illegal downloading and pirating
  14. Not only is this against the law, but it increases the possibility that they’ll infect your computer with a virus or be exposed to mature material.

Ways to Manage and Monitor Your Children on the Internet

Fortunately, as technology grows and being online becomes almost second nature for many of us, Internet service providers and software developers provide us with ways to manage what are children can do on the Internet. Find an ISP that has child safety or parental control features. Many of these more secure and cautious ISPs will have ways for you to block, filter and manage what kids do while they are on the Internet.

Have a talk with your child as they get old enough to begin using the Internet. Of course, children are beginning to use online resources at early ages, especially when school begins. Talk with them about the dangers of being online. Explain to them that giving their personal information such as an address, name or phone number can lead to great danger. Make sure they understand that conversing with anyone they do not know is frowned upon.

Let your child know, depending on their age that meeting with anyone off the Internet isn’t wise. It is important that they understand how predators will pretend to pose as other children their age just to reel them in to an encounter with them. Let your child know that they should come to you if they ever notice anything suspicious or ever feel uncomfortable due to something online, they should come to you immediately.

Most Common Security Mistakes Made on Social Networks

Social networks have taken over and nearly everyone in the Western world uses an active profile on at least one social platform.

Social Media

While these can be a great way to stay in touch with family and old friends, the scary reality is that Facebook, Twitter, Instagram, LinkedIn and all of the other social platforms can be quite dangerous if they aren’t used with care. As frequent users of the platforms, it is imperative that we understand these common mistakes so that are privacy isn’t breached.

Like the golden rule in most sports, sometimes the best offence is a good defense. To better help you stay safe online, we’re taking a look at six common social media security mistakes!

  • Not understanding the social platform is perhaps the most common mistake. So many people are quick to sign up for social networks and to create profiles without fully understanding how they function, or what security features they’re lacking. This could easily lead to dangers such as stalkers, hackers and pedophiles.

    For example, when you sign up for Facebook, you actually have to activate certain security settings that will prevent them from showing personal information like location, e-mail address, photos and even phone number.
  • People don’t often take the time to read the privacy control guidelines, and even when they do, the privacy controls for these networks are usually quite confusing. It is easy to accidentally set up your privacy controls wrong, allowing the platform access to private information.
  • Leaving your profiles on public view will allow anyone to view your status. For instance, if you use location services to tag where you are or update photos of you on vacation, opportunists will use this information as a large hint that your home is unoccupied, giving them the opportunity to break in with ease.
  • Don’t accept third party invitations! Many apps and plugins will ask for “permission” if they can relay your personal information to third parties, however without specification of who that third party is, you have no control over where your information is going.
  • A lot of people will set the privacy controls on their social platforms, yet not set them accordingly on their electronic devices. Believe it or not, apps and desktop platforms often have two separate security controls and functions. If you’re downloading the mobile version of your favorite platform, ensure you read the privacy and user agreements carefully before logging in for the first time.
  • Don’t be afraid to block other social platform users. Don’t engage in conversation with people you don’t know, and don’t accept friend requests from unidentified profiles or people you aren’t acquainted with.

The most common mistakes made by social media users are all easily avoided. By simply understanding the platform and how it functions, reading over the privacy control guidelines, and being cautious as you engage with other social network users, you can easily set up your social accounts to only be viewed by those that you add as friends (or that you allow to follow you, depending on the platform).

Whenever using social media, follow the three golden rules: protect your personal information, only connect with those you know, and customize your privacy settings.

How to Protect your Website from Hackers

No matter if you’re selling goods or promoting your services, protecting your website and your corporate image is extremely important.

There are many ways to breach a website, and there are thousands of ways to assure the safety of them as well. By following these tips and taking proper measures to ensure your website is protected against hackers, you’ll not only be giving your users a worry-free browsing experience, but you’ll be protecting yourself and your company.

Hacking Website

Web Application Firewall Plugin

Many people choose to use a web application firewall. In its simplest terms, this is a solution that acts as a frontline protection mechanism to the actual website.

This plugin will protect your website from hackers, usually within the most common forms of hacking techniques. Luckily because of the sheer volume of supply and demand surrounding this technology, these plugins have become increasingly cheaper over time.

Threat Risk Assessments / Penetration Testing

Implementing threat risk assessments will help you to stay away from anything that may put your website at risk.

One of the most popular ways to deploy this strategy is to hire a company or individual to conduct the assessment for you. They will address many aspects of the website and even monitor it before they fill you in on current risks and make suggestions on what needs to be updated.

There are other forms of assessments – penetration tests, web application scans, vulnerability scans, that companies can offer to help with the risks of hackers. If you’re looking for someone to test the security of your website, consider doing research into using a professional organization that performs these types of tests.

Update Your Software

Always keep your software up to date. When software isn’t updated, it fails to provide the protection necessary to keep any of your website content secure.

Most hackers find the holes in software and use that to learn more about your personal information, or to obtain other information needed to breach your security. A lot of software will warn you when it needs to be updated through emails or pop-ups in your website’s backend. Never ignore these. Considering that technology is always changing and hackers are always finding new ways to get the information they seek, the updating of software is crucial.

Passwords

The biggest factor in website protection is making sure you change the default content management password. You should also keep your password discrete. Not only should it be kept confidential, but it should be a strong password with capitalized letters, numerals and characters, and it should change relatively frequently.

Using more than eight characters is usually best along with special characters will help and try using a long passphrase to reduce the risk of being hacked. And please make sure that the login page is secured with HTTPS!

Online protection is vital to the ongoing health of your website. For more information, contact our experts today!

Smart TV’s and Security

Smart
TV’s have become more and more popular every day because of the functionality
they offer; such as being able to video chat with family and friends, browse
the internet, watch movies/TV shows on streaming services while having the
comfort of the living/family room.

While
all of this added functionality and built in apps bring an added convenience to
a user’s experience, they all have risks associated with them. Almost all smart
TV’s are constantly connected either by ethernet cable or wirelessly which make
them an easy target for attackers, especially for those that are connected to
the internet directly and not behind a router or firewall. Many of them also
contain webcams and/or microphones that can be potentially taken control of by
attackers.

With the user base expanding as rapidly as
it is you would expect that some form of security measures would be in place;
however, in reality this is not the case. Recently in the news there have been
articles and videos showing security researchers and hackers taking control of
smart TV’s by accessing the settings menu, cloud storage accounts used on the
device, viewing contents of folders on locally attached hard drives (as well as
image those hard drives), and search for username and passwords at a later
point. Due to how new these devices are, not much effort has been spent
securing these devices.

Now that we know that there are real world attack vectors, what can we do to thwart these types of attacks?

Treat Smart TV’s as if they are Computers

Always
think of your smart TV as a computer and not a television. Remember these
devices have Wi-Fi and networking built-in along with webcams and microphones.

Avoid
Web Surfing

While one of the biggest perks of a smart TV is
the capability of browsing the web from the comfort of your couch, this also
introduces numerous security risks. For those who insist web browsing using the
smart TV, never go to online banking sites or store usernames and passwords in
the browser.

Disable Webcam / Microphone Features

Opt out of the use of webcams and microphones. While the novelty of chatting with your family and friends using your TV sounds cool, remember that with this feature enabled it can allow an attacker to take control and watch/listen to your conversations. 

While this might seem frightening, keep in mind that these devices are still relatively new and antivirus software will eventually become available. Given the popularity surrounding these devices, it is only a matter of time until manufacturers begin looking at how to harden these devices from attackers. 

 

Andre Sookram, BAISc (ISS), GPEN; Security Consultant