7 Safety Tips – Internet of Things

7 Safety Tips – Internet of Things

Safety Tips for the Internet of Things

Smart devices are now being referred to Internet of Things (IoT). A cool-sounding name, however, an IoT device is really just another computer, but one where you don’t have much say in what software runs on it, or whether it can be patched properly, or even secured at all.

There are plenty of people now, who have smart light bulbs, thermostats, cameras and security systems. We love our gadgets, and we can’t resist playing with new technologies to see how they might be used and abused. But can you join the IoT craze without having your devices turned against you?

Here are 7 tips to help you stay safe:

Many smart things support Wi-Fi so that you don’t have to plug them into your smartphone or computer every time you want to use them. If your home Wi-Fi router allows you to create separate guest networks to keep untrusted visitors off your regular network, make a special guest network for your “things” and connect them there.

Turn off Universal Plug and Play (UPnP) on your router, and on your IoT devices if possible, to prevent this exposure. Don’t assume that “no one will notice” when you hook up your device for the first time. There are specialised search engines that go out of their way to locate and index online devices, whether you wanted them to be found or not.

Keep the firmware up to date on all of your IoT devices  patching is just as important as it is on your PC. It can be time consuming to figure out whether updates are available, but why not make a habit of checking the manufacturer’s website twice a year? Treat it like changing your smoke detector batteries: a small price to pay for safety and security.

Choose passwords carefully and write them down if needed. Complexity is important, but so is uniqueness. Many IoT devices have been found to have bugs that let attackers trick them into leaking security information, such as giving away your Wi-Fi password. Remember: one device, one password.

Favor devices that can work without the cloud. IoT “things” that require a cloud service are often less secure, and potentially give way more information, than those you can control entirely from within your home. Read the packaging carefully to determine whether permanent internet access is needed for the device to function. If it’s “all-or-nothing,” then you can’t try out the device on your own network first.

Only network devices as much as you need to. If all you want from your TV is to watch broadcast television, you don’t need to connect it to the network at all. If you only want to control it or stream to it from your home network, it doesn’t need access to or from the outside. Eliminate unnecessary internet connections when possible.

Don’t take your IoT devices to work or connect them to your employer’s network without permission from IT. Insecure devices could be used by attackers as a foothold into the organization, and used to assist with data stealing and illicit surveillance. You could put your company and your job at risk.

This IT Security Tip is brought to you by BlackBox Connections.

You Want Secure IT with Fast Response at the Best Price!
We are featured on Page 101 in the March ‘Business in Calgary’ magazine

KeyRanger- How Did the Hacker’s Get In?

KeyRanger- How Did the Hacker’s Get In?

KeyRanger – How Did the Hackers Get In? Hackers infected Macs through a tainted copy of a popular program known as Transmission a BitTorrent, which is used to transfer data through the peer-to-peer file sharing network. When users downloaded version 2.90 of Transmission, which was released on Friday, their Macs were infected with the ransomware.

“KeRanger” is programmed to stay quiet for three days after infecting a computer. Then it will connect to the attacker’s server and start encrypting files so they cannot be accessed. After encryption is completed “KeRanger” demands a ransom of 1 Bitcoin approximately $565 cdn.

How to Protect Yourself While Apple has taken steps to prevent further infections, this will do nothing to protect systems that have already been hit with the malware. Users who have directly downloaded Transmission installer from official website on March 4th will want to refer to Transmission for the proper security checks and install Transmission 2.92 which should automatically remove KeRanger.

With this recent KeRanger attack on Apple and the momentum that ransomware has been making, we strongly suggest reading our blog on tips to avoid ransomware https://3.96.205.29/tips-to-avoid-ransomware/

This IT Security Tech Tip brought to you by BlackBox Connections.

You Want Secure IT with Fast Response at the Best Price!
We are featured on Page 101 in the March ‘Business In Calgary’ magazine

A Brand New Phishing Scam

A Brand New Phishing Scam

A Brand New Phishing Scam

A brand new phishing scam is circulating in the workplace. Don’t let this happen to you …. It’s 3 pm and after getting a pick-me-up coffee to round out the day, you return to your desk and start going through your emails. You see an email from someone that applied for a job that you had listed. The email includes the applicant’s resume, you open the Word doc. and a WARNING pops up indicating something isn’t right. You click ‘OK’ and accept the warning.

By accepting the warning you’ve just allowed a malicious virus in which encrypted all your files on your computer, a cyber crook is asking you for 1 Bitcoin worth approximately $565 cdn.

What to do?

We recommend that you don’t pay, on the grounds that this means sending money to criminals.

Indeed, if you get hit by ransomware and you really need your files back, and you haven’t taken any precautions such as backing up, you might not have a choice but to pay.

“Prevention is better than cure” You can avoid becoming the next phishing victim by knowing these useful tips:

Back up often the ability to restore quickly undermines the attack.

Reputable antivirus software and firewall Business class firewalls and security software minimize exposure.

Block popups Popups are a prime tactic used by the bad guys, so simply avoid even accidentally clicking on an infected popup.

Exercise caution Don’t click on links inside emails, and avoid suspicious websites. If your PC does come under attack, use another computer to research details about the type of attack. But be aware that the bad guys are devious enough to create fake sites, perhaps touting their own fake antivirus software or their de-encryption program.

Disconnect from the Internet If you receive a Ransomware note, disconnect from the Internet so your personal data isn’t transmitted back to the criminals.

Alert authorities Ransomware is a serious form of extortion.

This IT Security Tech Tip brought to you by BlackBox Connections.

Responsive & Affordable IT Service
We are featured in the March ‘Business In Calgary’ magazine. pg 101

News

Personal Information is Like Money

Personal Information is Like Money

Personal Information Is Like Money

Value it and Protect it.

Your mobile devices which include smartphones, laptops and tablets are always within reach everywhere that you go, whether for work, travel or entertainment. These devices make it easy to connect to the world around you, but they can also pack a ton of information about you and work. It’s important to use your mobile devices safely, consider the following security tips for all your mobile devices.

Secure your devices Use strong passwords, passcodes or touch ID features to lock your devices. These security measures can help protect your information if your devices are lost or stolen and keep those prying eyes out.

Think before you app Information about you, such as the games you like to play, your contact list, where you shop and your location has value. Be thoughtful about who gets the information and how it is collected through apps.

Now you see me, now you don’t Some stores and other locations look for devices with WiFi or Bluetooth turned on to track your movements while your in range. Disable WiFi and Bluetooth when not in use.

Get savvy about WiFi hotspots Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your mobile device while you are connected. Limit what you do on public WiFi and avoid logging in to key accounts like email and financial services on these networks. Consider using a virtual private network (VPN) or a personal secure connection on the go.

Keep your device up to date Your mobile devices are just as vulnerable as your PC. Having the most up-to-date security software, web browser, operating system and apps is the best defense against viruses, malware and other online threats.

Delete when done Many of us download apps for specific purposes and then they are no longer useful or interesting to us. It’s a good practice to delete all apps you no longer use.

Remember personal information is like money. Value it. Protect it.

This IT Security Tip is brought to you by BlackBox Connections.

Responsive & Affordable IT Service
We’ve Lowered Our Prices – SALE Happening Now

Tips to Avoid Ransomware

Tips to Avoid Ransomware

Tips to avoid Ransomware

Here is the run down on Ransomware and what you need to know to stay safe from it.

Ransomware will encrypt your hard disk, lock you out and demand a fee to be paid in exchange for the decryption key. Ransomware is working and growing as cyber criminals are being paid out more and more.

On February 5th a Los Angels medical center was held ransom for 40 bitcoins (~$17,000 USD). Days past as IT professionals tried and failed to unlock the medical records. The administrators determined the best way to get their data back was to pay the ransom. Read the Letter from the President here.

As with other attacks, you can work to avoid Ransomware. Experts advise taking these steps to avoid attacks or protect yourself after an attack:

Back up often. the ability to restore quickly undermines the attack.

Reputable antivirus software and firewall. Business class firewalls and security software minimize exposure.

Block popups. Popups are a prime tactic used by the bad guys, so simply avoid even accidentally clicking on an infected popup.

Exercise caution. Don’t click on links inside emails, and avoid suspicious websites. If your PC does come under attack, use another computer to research details about the type of attack. But be aware that the bad guys are devious enough to create fake sites, perhaps touting their own fake antivirus software or their de-encryption program.

Disconnect from the Internet. If you receive a Ransomware note, disconnect from the Internet so your personal data isn’t transmitted back to the criminals.

Alert authorities. Ransomware is a serious form of extortion.

“Locky” Ransomware is the newest Ransomware variation. This virus comes in as a MS Word attachment in an e-mail that claims to be delivering an invoice (with a subject line that includes an apparently random invoice number starting with the letter J). If Macro’s are on virus installs if Macros are off you will see a warning. For more details about this virus you check out this article:

 

This IT Security Tech Tip brought to you by BlackBox Connections.

 

Responsive & Affordable IT Service
We’ve Lowered Our Prices – SALE Happening Now

Fraud and Phishing Scams During Tax Season

Fraud and Phishing Scams During Tax Season

Fraud and Phishing Scams During Tax Season

With tax season upon us there is an increase in fraud and phishing scams. The CRA has issued a warning that email, text and phone scams are making the rounds.

Knowing how to recognize a fraud and phishing scam is important to protect yourself. Everyday there seems to be newly invented types to get your money or personal information. The CRA has some detailed samples of fraud and phishing scams posted on their website. They have posted samples of the most popular ones and provide guidelines on protecting yourself.

The samples of the email scams all look very real and the one sample in particular that we have found to be popular this month is sample #15 below:

Sample #15

From: [email protected]
Sent: Monday, June 25, 2012 5:23 PM
To: undisclosed-recipients:
Subject: INTERAC e-Transfer from Canada Revenue Agency System

Dear customer,

Canada Revenue Agency has sent you an INTERAC e-Transfer\

(previously INTERAC Email Money Transfer).

Amount: $120.00 (CAD)

Sender’s Message: A message was not provided

Expiry Date: 25 June 2012

Action Required:
To deposit your money, click here:
(web link)

Trouble with the link? Type it into your web browser address bar.

Need help?
(web link)
——————————————————————————-
What is an INTERAC e-Transfer? (previously INTERAC Email Money Transfer). If you use online or mobile banking at a participating financial institution, you can send and receive money quickly and easily.

Email or text messages carry the notice while the financial institutions securely transfer the money using existing payment networks. If your financial institution does not yet offer INTERAC e-Transfer, you can still deposit transfers to any bank account in Canada.
Click (web link) for details.
——————————————————————————-
Pour voir les détails du virement en français, cliquez sur le lien ci-dessous :
(web link)

‘Rule of Thumb’ – when something looks suspicious, never to click on the link or open the attachment provided. Delete the email immediately.

 

This IT Security Tip is brought to you by BlackBox Connections.

Keep safe out there!