Malware

Toronto Businesses at Risk from Cyber Security Threat

Toronto Businesses at Risk from Cyber Security Threat

In the time of 1950s, Cyber word used to refer to Cybernetics – The technology of understanding the control and movement of machines and animals.  But today, the term is almost exclusively used to describe cyber security matters. Because it’s hard to visualize how digital signals traveling across a wire can represent a harmful digital attack, we’ve taken to visualizing the digital phenomenon as a physical one.

A cyber security threat is an attack that is mounted against us by means of cyberspace. Cyberspace, a virtual space in the digital device or system that doesn’t exist, has become the metaphor to help us understand digital weaponry that intends to harm us.

Network Infrastructure

As noted the evolving threats to Canada’s cyber network, the government of Canada has outlined a robust plan to make top level security to address the risks to the Canadian government and its business owners from the cyber attacks, and cyber crime.

Most parts of Canada cyber security strategy are focused at protecting confidential information of government, business owners and critical infrastructure, but the plan does directly affect ordinary Canadians through a series of specific security measures designed to make Canadians more secure online. In particular, the government of Canada has concerned itself with what ordinary Canadians worry about most: the security of their sensitive personal and confidential business information.

The National Cyber Security strategy of Canada recognizes that each Canadian has a significant role to play in protecting themselves from becoming the victim of cyber threat. 

As such, much of the government’s initiative is aimed at Canadian centers for cyber security to educate citizens on the most critical cyber security practices, frequently changing key passwords, including keeping antivirus protection up-to-date and only using secured wireless networks. 

The government of Canada is also trying to increase general awareness of the types of cyber threats that common online crimes generally present.

The Risk from Cyber Security Threat:

There are many risks from a cybersecurity threat. It is vital that information security is taken seriously within an organization’s information technology systems.

What are the risks of a cybersecurity threat?

  1. Data Breach
  2. Loss of Data
  3. Internet of Things (IoT) 
  4. Malware
  5. Social Engineering
  6. Hacking

 

The following are some of the cyber threats or risks that you should watch out for.

 

Data Breach:

Cloud data storage is very popular and rapidly increasing in popularity. Many businesses follow traditional methods of data storage and are transferring their data to the cloud. This leaves you vulnerable while you are backing up your data. It is possible that some systems can have unauthorized access to your information. Your cryptographic keys can be vulnerable during this process. There are also some transfer protocols that transmit sensitive data in plain text which is a significant vulnerability and not always obvious it exists. 

 

To mitigate the risks of a data breach, business owners need to be picky when it comes to choosing a cloud provider. Cloud security is an important part of protecting sensitive information such as intellectual property, credit card data and other important sensitive data that is at risk if a data breach were to occur.

 

Loss of Data:

Loss of data can be devastating to a business and it happens far too often. Sometimes important data may get lost due to many reasons. The reason behind loss of sensitive data may be through deletion, alteration and use of an unreliable, unsecure storage medium. 

Loss of data or a data breach can ruin the reputation of a business, cause a loss of customers, and drain your finances. 

 

Internet of Things Insecurities:

Internet of Things (IoT) technologies connects and networks devices across the world. They are perhaps the most vulnerable and prevalent type of cybersecurity threat in existence today. Many IoT devices are treated as “set and forget” when it comes to cybersecurity. They typically reside on a process network with default or admin-level credentials at the patching and firmware versions they were released with. 

 

This is a very vulnerable state and they are significant targets, representing a large part of the attack surface a potential hacker may try and exploit. Given the nature of IoT devices, they are usually not considered as directly connected to the internet and usually don’t use protocols and interfaces people are familiar with and consider as the “internet”

 

Malware/Ransomware Attack:

A malware attack refers to the activity when cybercriminals create malicious software that’s installed on the owner’s device or system without their knowledge to gain access to personal information or to damage the system, usually for financial gain. There are many causes of malware attacks from cyber criminals. 

 

Some common reasons are behind the malware attacks, the use of many free software programs, removable media, and not having an internet security software program in place. To prevent this, Software updates are important because they repair security holes that have been discovered on a regular basis, and fix or remove computer bugs.

 

 

Social Engineering or the Human Factor:

Whether with intent or without malice, people are the biggest threat to cybersecurity. Most of the businesses continue to face insider threats as a major form of cybersecurity breaches. The users in organizations are the weakest link.

 

This can be due to a lack of cybersecurity awareness — such as using easy-to-guess passwords or falling for phishing emails.

 

Social engineering is a very real problem. It is the practice of using human nature and tricking people either directly or to circumvent security systems.

 

The best solution for this problem is training staff on cybersecurity measures, monitoring their activities, and testing. 

 

Hacking:

Hacking is a general umbrella term. Most hacks are multifaceted and not as direct as people imagine. Sharing or leaking of seemingly benign information can lead to a privilege escalation that forms the basis for a broader more substantial hack. Many hacks are automated, at least on initial attack surface probing. 

Conclusion:

Are you concerned that your business is not secure from the cyber attacks? Our expert at Eyes Everywhere, have experience in analyzing and implementing robust security plans, from prevention all the way to mitigation, to protect our client’s critical information. Contact us Eyes Everywhere today to secure your systems and reduce your risk from cyber security threat.


Internet Explorer major security alert

A major security issue has been discovered in Internet Explorer, affecting pretty much all versions of it.

Microsoft is working on a fix. As soon as one is available, Eyes Everywhere I.T. consulting will deploy the patch out to our clients. No need to call in for support for this, we will do it for you.

Until then, please minimize usage of Internet Explorer, and consider using Firefox or Chrome as your alternative browser.


Bleeding Heart security hole …What you should do

The bleeding heart security hole that is affecting many websites is not as prevalent as originally thought (“only” 17% as opposed to over 60%), however, this is still a significant problem. Eyes Everywhere I.T. Consultants has patched any websites listed that affect our clients in the Toronto and GTA area, but the problem is global.

Most big websites have patched their systems already, so now it’s time to change your passwords. Please have a look at the websites that Mashable has put together here. If you are in the affected list, and have received a patch, please change your password on that site. If not, wait. There are many more websites that are affected, and not all will probably inform their users, so please contact them to make sure. http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/


Canada is 17th most virus-infected country…

Canada is 17th most computer virus-infected country, according to Kaspersky…Not good, people! Although not all viruses, adware, malware and other vulnerabilities can be stopped, proper maintenance and protective measures in place can drastically reduce such infections!
See nice representation of the world infections here: http://cybermap.kaspersky.com/


Email Safety – Best Practices & Tips

A lot of times, we get questions regarding the safety on email. This guide is applicable to people everywhere, not just to our clients in the Toronto/GTA area!

Easiest answer: if it is too good to be true or looks suspicious, don’t open it. No prince in Africa has left you a huge inheritance, nor did you win some mysterious Microsoft lottery!

More detailed answer of things to watch out for:

 

1. Look for misrepresented URLs/links

With your mouse, hover over (but not click) the link that says, for example www.itsupport.com, and see whether, when the mouse is held over it, it still shows ‘www.itsupport.com’, or now actually displays ‘www.ifooledyou.com’ or something. If these links are different, be suspicious.

 

2. Look for malicious attachments

Did you get an email from Canadapost or UPS saying you missed a package? Those are most-likely spam/virus delivery system. Not all the time, though. To check, do the test describe in #1. These emails also often contain attachments. They may contain an attachment that is called something like Delivery.PDF.exe (or Delivery.PDF .exe). The .exe is the thing that makes this not a PDF (Adobe file), but a malicious executable program. Another way to recognize that it is not a real Adobe file is that even though you see the aforementioned Delivery.PDF, the icon in front of it does not look like a typical PDF icon, with the red and white picture.

 

3. The URL to click, or source of email is misleading

An email from paypalservices .com is bogus (it would have been paypal.com). Also, and email that looks like it came from @paypal.com may contain both techniques decribed in #1 and #2 (more likely #1). It may also now say ‘click here to reactivate your account’ or some other bait to get you to click the link in the email. When you look at the link (or hover on top of it, as per method #1), you notice that it now gives a misleading url like paypalservices .com instead of paypal.com. This is bogus. Common variations of this also pretend to come from Facebook support (utilizing facebookmail .com instead of facebook.com) and other frequently-used websites.

 

4. If the email asks for personal information, never reply to it

If your personal information is needed or needs to be updated, just go to the website directly and do so. Do not fall for the trick described in #3 as per above, for example, and be directed to paypalservices .com or facebookmail .com to fill out those emails. If you think that the email is legitimate, simply open the browser yourself, type in the address of paypal (as an example) yourself, and log in manually. See if anything needs action. If not, it means that the email was bogus.

 

5. If the email threatens to close your account…

have your taxes audited, or the police needing your information by email or some other such odd threat/request, if you don’t respond to the email with various information, this is the same as #4, use the same precautions, as this is most-likely bogus.

 

Summary

This a general guide that allows the basic user to decrease their chances of being harmed by malicious/phishing emails.
Email systems can be compromised, so even someone you know well may have their computer infected (often without their knowledge), and have their email automatically send you an email, which contains a virus (that will attempt to infect your system as well).
Someone who got hold of that person you know may also pretend as if he’s the sender, with the same story.
Nothing basically replaces good I.T. support, a proper antivirus (that also protects your emails), as well as several other solutions that your tech support person can provide, which would harden and drastically-reduce your chances of being infected and having your data compromised.


Microsoft extending Windows 7 sales

Microsoft has announced that it will allow continued sales for computers with Windows 7 installs. This is not to say that Windows 8 is a bad operating system, as it is quite good, fast and stable, but most of our users (at least from what Eyes Everywhere I.T. Consulting has seen in the Toronto area) prefer the look and feel of Windows 7.