Our Blog

What is Email Spoofing?

Has your family or friends ever received a suspicious email from your email address? Have you received a questionable email from an address that looks like it’s coming from a friend? You may think you have been hacked but, in this case, someone is faking your email address. This is known as email spoofing and it is a common occurrence within email systems.

How do you know if someone is faking your address?

Many of us tend to forward emails, send photos or documents to our own personal email addresses for safekeeping later. Scammers recognize that behavior and therefore is the perfect opportunity for them to send a link or document download with a fake email, knowing you will open emails coming from your “own” email address.

There are many ways scammers can get a hold of your email address. Through social media, your contacts, and simply the various places on the internet that you submit your email address, scammers are able to find it. If you have an email address that is publicly used to send newsletters and other emails to a wide list of people, that address is more likely to be used by scammers for email spoofing.

How does email spoofing work?

All scammers need is an SMTP or Simple Mail Transfer Protocol which is an email delivery system such as Microsoft Outlook, Gmail, Yahoo! mail, etc. to send a fake email. They must have login access to an email delivery system, but the display name and email address can be edited to be shown however they like. Scammers then use botnets to send out spoofing emails. Botnets are a group of computers that have been hijacked by a third party and are hard to trace. Botnets can send these emails to an entire contact list and mutual contacts. For more information on botnets and how spoofing emails are sent, check out this article from Makeuseof.com.

How can you prevent being a victim of email spoofing?

It all comes back to the basics. Don’t click anything in an email that looks as if it was sent by you, but you do not remember sending it. Check your sent email to verify. Trust your gut. If an email looks suspicious coming from a contact of yours, do not download any files or click on links in the email. You can hover over the link to see if it is a trusted URL. It is always good to change and strengthen your password or add multi-factor authentication.

For more information on email spoofing and ways to prevent it, contact Integrated Computer Consulting (ICC) in Fort Collins, Colorado today! 970.821.8592.

Read On

May 15, 2019

Security

How Do I Upgrade Server 2008?

Security updates will end soon for both SQL Server and Windows Server 2008. SQL Server support will end on July 9, 2019 with Windows Server 2008 support ending on January 14, 2020. Thousands of business applications run on these servers and those versions that are not upgraded are vulnerable to cyber attacks. To limit the risk of an attack and data breach, it is recommended that you move your server to the cloud-based Microsoft Azure or upgrade your server to a current version of SQL or Windows.

What are the Next Steps?

There are two options for upgrading your server. You can migrate to Azure and receive three years of security updates for free. The other option is to upgrade to the current SQL or Windows Server versions.

What is Microsoft Azure?

Microsoft Azure is a cloud computing service with solutions including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). These services can be used for analytics, storage, network, virtual computing, and can replace your on-premise server.

What does Microsoft Azure Do?

Microsoft Azure is a flexible platform that allows you to use as much or as little resources as you need, and you only pay for what you use.  Microsoft Azure can back up your data at any time, from any location, and in any language. It also stores three backup copies in various locations in the data center and then three other copies in a remote Azure data center. Losing your data should never be a worry. In addition, Microsoft Azure can host and develop web and mobile apps, utilize multi-factor authentication for security, monitor and manage all your devices to collect data, and a whole lot more.

For more information on how to upgrade your server or to learn more about Azure, contact Integrated Computer Consulting (ICC) in Fort Collins, CO today at 970.821.8592. We can help!

Read On

April 12, 2019

IT News

How Do I Upgrade to Windows 10?

What to Know About Upgrading Your System Before January 14, 2020.

Microsoft’s Windows 7 is officially 10 years old at the end of 2019 with their release date of October 22, 2009. Microsoft has planned to no longer provide support after January 2020 so they can turn their focus and resources to newer technology and user experiences. After this date, software updates and technical assistance will no longer be available to protect consumers’ PCs.

What do I do next?

It is strongly suggested that you move to Windows 10 operating system before January 2020 to help keep your data safer and to keep your system’s security updated.

It is highly recommended that Windows 7 users move to a new device equipped with Windows 10. Newer PC’s are more powerful, secure, faster, and weigh less than older versions. Some workstations may be upgradeable but there are several technical factors that will determine if this makes sense.

What happens if I continue to use Windows 7?

If you continue to use Windows 7, Windows will still start and run but you will no longer receive security patches or software updates. This may cause your device to become more vulnerable to viruses and security risks.

Internet Explorer is an integral part of Windows 7 and will no longer receive support after January 14, 2020. For more information, visit Lifecycle FAQ- Internet Explorer

When should I upgrade to Windows 10?

The sooner the better! There are many companies that have scheduled upgrades and as the year progresses it gets less likely and more costly to get your upgrades addressed. Upgrading now will give you enough time to back up personal information and get everything moved over to Windows 10 to ensure it is working properly. If you need extra reminders to upgrade your Windows 7 to Windows 10, Microsoft will be alerting users with pop-ups about the Windows 7 end of support deadline, starting in April 2019.

If you are looking for information to upgrade your system or want to learn more about the Windows 7 End of Support, give Integrated Computer Consulting (ICC) in Fort Collins, CO a call today! 970.821.8592

Read On

April 10, 2019

IT News

Multi-Factor Authentication

High-profile security breaches are on the rise and company information is being compromised. “Billions of people were affected by data breaches and cyber attacks in 2018 – 765 million in the months of April, May, and June alone – with losses surpassing tens of millions of dollars.” (Positive technologies) Most of these breaches occur when login credentials of users are stolen and then used to gain access into a company’s network. Once hackers have access into the network, they can leverage their access to attain further information and/or perform employee impersonation putting the entire company network at risk.

There are a variety of ways that your password can be obtained without your knowledge. A phishing email can lead you to enter your password into a fake site, a hacker can guess simple passwords, or your password could be stolen from another network that has been compromised. How do you protect yourself, you ask? Multi-factor authentication or MFA can help prevent these cybercriminals from gaining access.

MFA is a two-step authentication process that can help secure your identity. It requires every user to provide more than a password to gain access to sensitive IT information. There are several types of authentication methods currently available. These methods include a hardware or software “token,” text message, phone call, security questions, or biometrics. Therefore, when you try to login to your network, a one-time passcode is sent via one of the methods for you to enter and securely gain access. MFA can seem daunting to set up at first, but once it is in place it is a small inconvenience for added security.

ICC highly recommends configuring MFA for all users that have access to public facing servers such as Exchange Outlook Web Access or Remote Desktop Services.  MFA has been a tested, reliable, and secure method for several clients returning a high success rate with limited inconvenience. If you have more questions about MFA or are looking to have it set up for your business, contact ICC at 970.821.8592, chat us at iccusa.net or email us at info@iccusa.net.

Read On

March 25, 2019

Security

Stop Phishing Emails and Malware in its Tracks!

Nowadays, businesses rely heavily on email as their main communication tool between other businesses and their customers. With over 270 billion emails sent and received each day, email is an important form of communication that we all use daily for our work and in our personal lives. However, inboxes are constantly under attack. Phishing emails and malware are easily sent through email and can attack your system if it is not properly protected. According to Verizon 2018 Data Breach Investigations Report, 92.4% of malware is delivered via email. Therefore, email is the #1 method for hackers to send malware to a user. With email being such a high target for phishing attacks and malware, protecting your company’s email system is crucial.

ICC offers a product called Proofpoint Essentials that can help stop phishing emails from disrupting your email system. Compatible with Office 365, this additional SPAM filter will help catch phishers and email fraud. It can control all aspects of inbound and outbound email and adds an extra level of protection to your email system.

Proofpoint Essentials quarantines suspicious emails and then sends the user an email to let you preview, approve, or block emails. It is an added layer of protection for you and your email system. Realizing that SPAM filters cannot be 100% effective and an email or two may slip through the cracks, ICC can train you and your employees to identify and properly deal with potential threats.

More than 90% of targeted attacks begin with email, and an email attack can have significant effects on downtime, productivity, data loss, or even financial loss. For a few dollars a month, you can protect your business and employees from email threats, or you can have your emails encrypted to further protect the content from unintended eyes and to make sure it reaches the correct recipient.

Overall, 76% of organizations say they experienced phishing attacks in 2017, according to Wombat 2018 State of the Phish. By the end of 2017, the average user was receiving 16 malicious emails per month (Symantec 2018 ISTR). That’s almost 200 potential attacks to one email address per year!

The email SPAM filter is just one component of protecting your email and your organization. If you are looking for more information on the Proofpoint Essentials product or additional ways to protect your email system, reach out to Integrated Computer Consulting (ICC) today! 970.821.8592.

Read On

February 26, 2019

IT Services

Do You Have an IT Disaster Recovery Plan?

Disaster recovery is an important topic in the IT world. Companies rely on their IT systems to conduct business. What happens if critical systems go offline due to a hardware failure, a malware infection, an operating system crash or a natural disaster?

One hour of downtime can cost small companies as much as $8,000, midsize companies up to $74,000, and large enterprises up to $700,000. (2015 report from the IT Disaster Recovery Preparedness (CRP) council).

Will you be prepared to handle the situation and continue with daily business transactions?

Are you prepared to handle one of these likely scenarios?

65% of small and medium-size businesses don’t have a disaster recovery in place. 87% of companies that lose access to their corporate data for more than a week go out of business within a year. (Markel direct).

Disaster recovery focuses on all aspects of a business that allows it to keep functioning. That is why it is so important to have a plan in place to avoid downtime and losing money.

Work with your local IT professional such as ICC, to lay out the following steps and to create your own personalized disaster recovery plan. Some of the critical steps include:

  • Starting with an overview and goals of your plan. Identify critical systems to the business.
  • Determine recovery time and recovery point objectives.
  • Document systems and inventory current equipment
  • Document outside vendors and their response plan
  • List actions to be taken once an event occurs
  • Implement a 3-2-1 backup plan
  • Create a client list and plan how you will notify them
  • Document insurance and legal contacts
  • Create a media outreach plan

Talk with ICC today about your business’ personalized disaster recovery plan and consider moving your system to the cloud. Cloud benefits include lower cost, boosting efficiency, and you can access it from anywhere If you have any questions, feel free to chat us at iccusa.net or give us a call at 970.419.060.

Read On

January 25, 2019

IT Services

If it Ain’t Broke, Don’t Fix it!

The philosophy, “If it ain’t broke, don’t fix it” can be very expensive when it comes to your IT. If you are relying on break-fix (as needed) IT services, you are probably wasting money and risking valuable downtime. The challenge is that it’s impossible to predict when something will break which could lead to downtime or, even worse, data loss. This leads to an unstable and truly unpredictable budget. That why an ICC IT professional can help you be more strategic about prevention and resolution for your services.

Our Catapult or Managed services (proactive support) offers 24/7 system monitoring, application updates, patch management, data security, and support to prevent problems from occurring in the first place. ICC holds quarterly business reviews to stay on top of any issues and manage the status of your services. Managed services not only provide a stable budget allocation but also detailed reporting of your network status. Paying a monthly fee for an ICC IT professional to handle your IT infrastructure not only minimizes productivity disruptions, but it also frees you to focus on doing what you do best: growing your business.

ICC has been serving the IT needs of Northern Colorado and Southern Wyoming for 20 years. Let us show you the ICC difference.

Read On

December 14, 2018

IT Services

How to Protect You and Your Business from a Cyber Security Threat

Simple Ways to Keep Your Information Safe

Cyber-attacks are more common now than ever, and we want to make sure you are prepared if it happens to you or your business. Here are a few helpful and simple ways to protect yourself from Cyber Security Threats.

  1. Wi-Fi – Make sure your business and even your home has a segmented guest and internal wi-fi network. Your main network should always be separated from a guest network. Visitors to your business should log onto your guest network so there isn’t a chance for them to access any information being shared on your main network. As for kids at home, they should be using the guest network in case they download bad apps or files that could be harmful to your main network.
  2. Data Backup – Is your data backed up? If someone at your company is a victim of a phishing email or has downloaded a corrupted file, hackers may steal your data and hold it ransom. This is a form of a cyber threat called ransomware. Oftentimes, a fee is requested from the cyber criminals in order to un-encrypt your data. Some hackers may return your data for a sum of money and others will keep it even though you paid the ransom. In this case, a cyber security insurance company is knowledgeable on hackers and can help assist you with the right plan of action.
  3. Two Factor Authentication – Two Factor Authentication is an extra layer of security that requires a username, password, and a second type of verification for access. A unique code is usually sent to your email or through text to give you access to a system or files.
  4. Strong Passwords – Creating unique and strong passwords is an easy way to help guard your personal information from intruders. The complex variety of characters, letters and numbers will help keep hackers at bay. If you keep your passwords in a notebook or on sticky notes, it is time for an upgrade! There are multiple cloud-based services that allow you to store all your passwords in once place instead of in an Excel file on your computer or on a piece of paper.
  5. Antivirus and Malware Protection – Antivirus protection is a program that prevents, detects and removes viruses that are designed to replicate and spread. Malware protection helps stop malicious code and other unwanted viruses, spyware, trojans and more. Always make sure your software is up to date so that you are protected. If you have questions about which type or brand of software your company needs, ICC is here to help.
  6. Human Error – The majority of cyber-attacks occur because of human error. Phishing emails are a popular form of cyber-attacks. Be sure to inspect the sender’s email address and company name in the email to ensure that it is not an imposter. Never respond or click a link in an email to provide financial or private information to anyone. Watch for files asked to be downloaded or links included in emails that may download a virus or malware to your system. Be alert, and if something doesn’t feel right about the email, do not take any action. Delete it immediately.

For more information on cyber security protection, reach out to our knowledgeable staff at ICC today! 970.373.4879.

Read On

November 19, 2018

Security

Why Windows 10 is the most secure Windows ever

With Device Guard, Credential Guard, and Application Guard, Windows uses virtualization to provide unprecedented protection from malware and advanced persistent threats.

Three years after its debut, Windows 10 is poised to overtake Windows 7 as the most popular version of the Windows operating system. Microsoft introduced virtualization-based security features – namely Device Guard and Credential Guard – in Windows 10, and in subsequent updates, has added other virtualization-based protections to the operating system.

Microsoft tackled the two biggest challenge for enterprises with Windows 10, password management and protecting the operating system from attackers. Windows Defender was renamed Windows Security in 2017 and now includes anti-malware and threat detection, firewall and network security, application and browser controls, device and account security, and device health. Windows Security shares status information between Microsoft 365 services and interoperates with Windows Defender Advanced Threat Protection, Microsoft’s cloud-based forensic analysis tool.

Device Guard and Credential Guard remain the two standout security features of Windows 10 – they protect the core kernel from malware and prevent attackers from remotely taking control of the machine. Microsoft has also grouped other virtualization-based protections such as Windows Defender Application Guard under the Windows Security umbrella. Windows Defender Advanced Threat Protection round out the analytics available to Windows 10 Enterprise customers.”Clearly, Microsoft thought a lot about the kind of attacks taking place against enterprise customers and is moving security forward by leaps and bounds,” said Ian Trump, a security lead at LogicNow.

Device Guard relies on Windows 10’s virtualization-based security to allow only trusted applications to run on devices. Credential Guard protects corporate identities by isolating them in a hardware-based virtual environment. Microsoft isolates critical Windows services in the virtual machine to block attackers from tampering with the kernel and other sensitive processes. With Application Guard, Microsoft Edge opens untrusted websites in an isolated Hyper-V enabled container, keeping the host operating system protected from potentially malicious sites. These features rely on the same hypervisor technology already used by Hyper-V.

Using hardware-based virtualization to extend whitelisting and protecting credentials was a “brilliant move” by Microsoft, said Chester Wisniewski, senior security strategist for Sophos Canada, an antivirus company.

Apps on lockdown

Device Guard relies on both hardware and software to lock down the machine so that it can run only trusted applications. Applications must have a valid cryptographic signature from specific software vendors — or from Microsoft if the application comes from the Windows Store. Device Guard assumes that all software is suspicious and relies on the enterprise to decide which is trusted.

Although there have been reports of malware code writers stealing certificates to sign malware, a significant majority of malware is unsigned code. The reliance of Device Guard on signed policies will block most malware attacks.

“It is a great way to protect against zero-day attacks that make it by anti-malware defenses,” Trump said.

Three years after its debut, Windows 10 is poised to overtake Windows 7 as the most popular version of the Windows operating system. Microsoft introduced virtualization-based security features – namely Device Guard and Credential Guard – in Windows 10, and in subsequent updates, has added other virtualization-based protections to the operating system.

Microsoft tackled the two biggest challenge for enterprises with Windows 10, password management and protecting the operating system from attackers. Windows Defender was renamed Windows Security in 2017 and now includes anti-malware and threat detection, firewall and network security, application and browser controls, device and account security, and device health. Windows Security shares status information between Microsoft 365 services and interoperates with Windows Defender Advanced Threat Protection, Microsoft’s cloud-based forensic analysis tool.

Device Guard and Credential Guard remain the two standout security features of Windows 10 – they protect the core kernel from malware and prevent attackers from remotely taking control of the machine. Microsoft has also grouped other virtualization-based protections such as Windows Defender Application Guard under the Windows Security umbrella. Windows Defender Advanced Threat Protection round out the analytics available to Windows 10 Enterprise customers.”Clearly, Microsoft thought a lot about the kind of attacks taking place against enterprise customers and is moving security forward by leaps and bounds,” said Ian Trump, a security lead at LogicNow.

Device Guard relies on Windows 10’s virtualization-based security to allow only trusted applications to run on devices. Credential Guard protects corporate identities by isolating them in a hardware-based virtual environment. Microsoft isolates critical Windows services in the virtual machine to block attackers from tampering with the kernel and other sensitive processes. With Application Guard, Microsoft Edge opens untrusted websites in an isolated Hyper-V enabled container, keeping the host operating system protected from potentially malicious sites. These features rely on the same hypervisor technology already used by Hyper-V.

Using hardware-based virtualization to extend whitelisting and protecting credentials was a “brilliant move” by Microsoft, said Chester Wisniewski, senior security strategist for Sophos Canada, an antivirus company.

Isolating secrets

Credential Guard may not be as exciting as Device Guard, but it addresses an important facet of enterprise security: It stores domain credentials within a virtual container, away from the kernel and user mode operating system. This way, even if the machine is compromised, the credentials are not available to the attacker.

Advanced persistent attacks rely on the ability to steal domain and user credentials to move around the network and access other computers. Typically, when users log into a computer, their hashed credentials are stored in the operating system’s memory. Previous versions of Windows stored credentials in the Local Security Authority, and the operating system accessed the information using remote procedure calls. Malware or attackers lurking on the network were able to steal these hashed credentials and use them in pass-the-hash attacks.

By isolating those credentials in a virtual container, Credential Guard prevents attackers from stealing the hash, restricting their ability to move around the network. Credential Guard protects NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials from attackers.

Run in containers

Windows Defender Application Guard gives enterprise administrators the ability to control how Microsoft’s Edge browser identifies and blocks dangerous websites. Edge opens untrusted sites in an isolated Hyper-V enabled container, keeping the host operating system protected from potentially malicious sites. The isolated container has no user data, so the attacker in that virtual environment can’t obtain the user’s credentials. Once enabled, Application Guard will let enterprises block outside websites, limit printing, restrict the use of the clipboard and isolate the browser to only use local network resources.

Originally available for Windows 10 Enterprise, Application Guard now also supports Internet Explorer for Windows 10 Pro versions, provided the hardware requirements are met.

“Microsoft’s Implementation may not be as easy as some vendors, and Microsoft may not have a fancy dashboard, but to include security features like these [Credential Guard, Device Guard, Microsoft Hello two-factor authentication, and BitLocker] you have an operating system worthy of the title ‘Enterprise’ and a very hard target to hack,” Trump said.

Windows 10 – Not yet for everyone

Exciting features aren’t enough to spur adoption. Many businesses have held off on upgrading to Windows 10. The reluctance stems from the substantial investment required upfront, from better hardware and new Group Policy settings. However, the latest shift to Windows 10 reflects the reality that Windows 7 will enter end-of-life in January 2020 and even with support windows being extended, organizations have to plan their hardware refresh to support Windows 10.

The combination of Device Guard and Credential Guard could go a long way toward locking down an environment and stopping APT attacks, but the hardware requirements are hefty. To enable Device Guard and Credential Guard, the machines need Secure Boot, support for 64-bit virtualization, Unified Extensible Firmware Interface (UEFI) firmware, and the Trusted Platform Module (TPM) 2.0 chip. The UEFI lock, which prevents attackers from disabling UEFI by modifying the registry, is also recommended. Enabling Credential Guard on virtual machines have additional requirements, including 64-bit CPU, CPU virtualization extensions plus Extended Page Tables, and Windows Hypervisor. Application Guard requires being on a 64-bit machine, with Extended Page Tables (also called Second Level Address Translation, SLAT), as well as Intel VT-x extensions or AMD-V.

Only enterprise hardware, not consumer PCs, includes such features. For example, business laptops such as Lenovo ThinkPad and Dell Latitude models typically have these specs, but consumer models such as the Lenovo Yoga 3 Pro do not. The hypervisor-level protections are available only if the machine has a processor with virtualization extensions, such as Intel VT-x and AMD-V.

Other Windows 10 security features have different hardware requirements. Windows Hello, which supports face and fingerprint recognition, would typically need additional hardware. Windows Hello now supports FIDO 2.0 authentication for Windows 10 devices that are managed by Azure Active Directory, and there is now the option to use Windows Hello Face, Fingerprint, or PIN options from the main log-in screen.

Employees regularly working in the field or traveling extensively throughout the year are more likely to opt for a lighter laptop — and most Ultrabooks do not have TPM inside. “The executives are the ones I worry about,” Wisniewski said, as they’re the ones most at risk of attack and more likely to be using consumer models.

The hardware isn’t the only barrier to getting started; most organizations will also need to make changes to infrastructure and processes. Many IT teams don’t currently use UEFI or Secure Boot because they impact existing workflows and there are some single sign-on platforms that don’t play well with UEFI. IT may be concerned about getting locked out of computers with Secure Boot; it’s easier to wipe a machine and load a stock corporate image when setting it up. Likewise, some machines may run critical applications with specific requirements that cannot be upgraded.

Fortunately, Device Guard and Credential Guard don’t require an all-or-nothing decision. IT can build a new domain with Device Guard and Credential Guard protections turned on and move users who meet the hardware requirements. The machines that can’t be upgraded can be left in the existing domain. This lets IT maintain a “clean” network with signed policy and protected credentials and focus their attention on the older, “dirty” domains. “Don’t hold the entire network back for just one thing,” Wisniewski said.

Microsoft also recognizes that many organizations have a hybrid environment with different Windows versions. Very few can claim to have moved their entire infrastructure to Windows 10. Windows Defender ATP was originally available only with a Windows E5 or Microsoft Office 365 E5 subscription, but now there is down-level support for Windows 7 SP1 and Windows 8.1. Heterogenous organizations can get access to the advanced forensics.

Few enterprises believe the current state of enterprise Windows security is acceptable. Device Guard and Credential Guard actually offer a way forward, albeit one that demands a substantial investment. With Windows 10, “Microsoft is telling enterprises, ‘If you want good technology you need to do security [our way],'” Wisniewski said.

Source: Computerworld (https://www.computerworld.com/article/2984449/security/why-windows-10-is-the-most-secure-windows-ever.html )

Read On

September 22, 2018

IT News

Black Hat and Defcon cybersecurity experts share tips on how to protect yourself

During the week of Black Hat and Defcon, tens of thousands of security experts and hackers flock to Las Vegas for the back-to-back conferences. They hold discussions on issues like smart cities getting hacked, two-factor authentication, and security issues with voice assistants.

It can all get a little technical. But with so much cybersecurity knowledge in one place, I decided to ask individual experts for a single useful cybersecurity tip for the average person.

One of these tips may end up making all the difference when a hacker comes after you. Learning a little about how to protect yourself is increasingly critical at a time when hacker attacks on companies like Equifax and Yahoo can expose your personal information. But cybersecurity advice tends to be technical or inconvenient, which is why a lot of people tend to ignore it.

Think about how many 32-character passwords you really have, or how often you reuse your passwords. It’s a Cybersecurity 101 practice, but might not be simple for everyone. As a parallel, think about how often dentists say you should floss twice every day, and how you lie every time by saying that you do.

“Security people are rarely the best people to advise about mass usability,” Parisa Tabriz, Google’s director of engineering, said in her keynote speech at the Black Hat cybersecurity conference Aug. 8.

So here’s our roundup of advice on cybersecurity from the experts at Black Hat and Defcon. See for yourselves which tips you think are actually usable.

Parisa Tabriz, director of engineering at Google

Use Chrome.

I’m obviously biased, but Chrome stays up-to-date, and there are a lot of things we build in to keep people from ever encountering a phishing site or a site that’s going to download malware. We definitely invest in making it the most secure browser from an exploitation standpoint.

Think about the software you’re using in the same way that you’d look at a safety report for a car you’re going to buy.

Marcela A. Denniston, vice president of field engineering at ShieldX Networks

Use dual-factor authentication and biometrics as often as possible to make gaining access to personal accounts, systems and data more difficult for hackers.

Mårten Mickos, CEO of HackerOne

Cybersecurity works only when everybody is concerned about it. Learn about it, ask your friends what they’re doing, and have a daily discipline of thinking, “What could go wrong?”

Craig Williams, director of outreach at Cisco Talos Intelligence Group

Set things to automatically patch. It would probably take care of 85 percent of your problems. That goes for your computers, your IoT devices — anything that has a button.

Stina Ehrensvärd, CEO and founder at Yubico

Two-factor authentication is my obvious answer, but just some basic simple learning around what not to do and what to do is important. Learn to watch for phishing, don’t download stupid things, just some hygiene.

If you start there, and then have two-factor authentication, you’re gonna be really good.

Jonathan Couch, senior vice president of strategy at ThreatQuotient

Don’t trust anything. Or trust, but verify. Most attacks these days come from email, or you’re getting phone calls all the time. Before you take any action to give any money, give any personal information, you should trust but verify.

Don’t take people at their word at who they are over email or over the phone. Get some information, go out, do your own research and make sure you actually verify who this person is before you ever give away any personal information — or especially money.

Haiyan Song, senior vice president of security markets at Splunk

Be super vigilant. I send my team to Defcon, and I tell them to just go there, even if they don’t understand some of the talks. I want them to listen to these stories because I want them to feel paranoid.

Mikko Hyppönen, chief research officer at F-Secure

Back up your phone, back up your computer, back up your tablet, then make a backup of your backup so you can restore them even if your house burns down.

Patrick Sullivan, director of security at Akamai

If you have to use a password, and you’re not using something like a multifactor solution, take a look at a password manager. That makes it pretty easy to log in to sites and have a variety of passwords.

Chris Wysopal, chief technology officer at CA Veracode

Be skeptical about any information that’s pushed to you, whether it’s a messaging system or an email system. Just always be skeptical and always find another way of figuring out how to validate that that stuff is real.

Daniel Crowley, research director at IBM X-Force Red

The weakest link is definitely passwords. Expecting someone to remember 200 passwords that are 30 characters, mixed with numbers and symbols, is impossible. While we’re still using passwords, use a password manager.

Hyrum Anderson, technical director of data science at Endgame

This is what I tell my mom: Hover before you click so you see the actual URL at the bottom. Be suspicious of email, install an antivirus, install a DNS filter so you don’t have porn accidentally served to you. You present the greatest point of vulnerability to your safety.

Frank Mir, former UFC heavyweight champion*

Keep your passwords diverse and don’t use the same one for everything. Once I did that, I don’t think I ever had any problems. Just making sure I didn’t pick any simple passwords, and not using the same ones multiple times over. At times it can be a pain in the ass, trying to remember 30 different ones or keeping them in a safe place, but in the long run, it’s given me a lot fewer headaches.

For my children, for every device, whether it’s a Microsoft account all the way to their PlayStation account, use different passwords.

* Yes, we know Frank Mir is not a cybersecurity expert. But he did give some pretty good advice.

Souce: CNet.com

Read On

August 22, 2018

Security