IoT Tag

Holiday Season brings Security Risks – how to stay safe

The folks behind all sorts of online threats know that the holiday season is their most wonderful time of the year. As people are participating in unprecedented e-commerce, introducing new hardware into their environments, and rushing around with easily-skimmed cards it can be hard to defend yourself from all angles of attack.

 

Security Risks while Shopping

Online shopping can be a huge time-saver but it’s also a big risk. Amazon has done a pretty good job of securing customer data, but big firms like Target and Home Depot have been the victims of cyber attacks. Here are a couple of easy tips to keep yourself safer while shopping:

  • Use strong passwords and change them often
  • Don’t use the same password across multiple accounts
  • Pay in cash when shopping in person
  • Only order over a secure connection (when you can see the little lock in the URL bar)
  • Don’t shop on open wireless networks (like those at a college or a coffee shop)

 

Changing Hardware Environments

New kinds of tech get introduced around the holidays, but they aren’t always the safest things to bring into your ecosystem. Google Home and Echo Dot are cool toys, but they can store your searches. Web-connected devices like cameras or robots can be hacked to turn your device into part of a botnet. Even gifts like backup drives or a new phone for the office can pose a threat. Here are some things to keep you new hardware from becoming a headache:

  • Manage the settings on your home assistant devices to prevent them from collecting data
  • Change the default passwords on your IoT devices to prevent them from being hijacked by botnets
  • Keep an up-to-date antivirus to prevent infections from new hardware like hard drives or flash drives
  • Be cautious about downloading new apps for you phone – many of them are phishing scams or keyloggers

 

Defending Yourself can be difficult

There are all kinds of threats out in the world, but you can lower your personal risk by taking simple steps like updating programs and changing passwords frequently. Everyone should be running a strong, regularly-updated antivirus (we recommend ESET and you can call us if you’d like to purchase a license), and everyone should learn how to identify and avoid phishing attacks.

But what do you do to protect your business? What do you do to keep your work devices safe?

 

Business Protection is Priority One

Maybe more people are accessing your site this time of year, maybe your employees are handling heavier loads. There are a million things that can go wrong during this busy season and at PMCS we pride ourselves on preventing those problems. We take security very seriously and are proud of the ways that we can minimize risks to your business. PMCS relies on a suite of tools we can use to help you keep your business safe, including:

  • Enterprise-grade SonicWall Firewall devices
  • ESET Endpoint Protection Advanced – Antivirus for five or more users with an up-to-date threat console and remote monitoring
  • Proactive Maintenance Plans that check your systems for security risks
  • Backup Assist to keep your data safe and protect you from downtime in the event of an attack.

Don’t let yourself or your business be brought down by online threats this holiday season – call PMCS at (818)957-5647 for a free system assessment to identify any security risks. We’ll make sure your network is secure, your backups are stable, and that no downtime will plague you during this busy season.

Most businesses think their IT companies have done a great job of securing them, but when we come in with our tools we find gaps in coverage and all the flaws from previous systems. Give us a chance to explore your network and you’ll be shocked by the ways we can improve your security and protect your business and your customers.

Call to schedule your free assessment today!

(818)957-5647

KRACK Threatens your Wireless Devices and Security

 

On Monday a new vulnerability in WPA2 Wireless Security was revealed. The vulnerability doesn’t allow people to snoop on your encrypted traffic but makes unsecured traffic easy to see.

Major Service Vulnerabilities

This vulnerability, known as KRACK impacts the security of everything from wireless access points and routers to laptops to cell phones to smart refrigerators. Some companies have already released patches for their devices, including Microsoft, Apple, Ubiquiti, and Netgear.

If you are a PMCS customer who has a wireless network or wireless devices set up at your office please contact us as soon as possible so that we can secure your wireless environment. We are working with vendors and manufacturers to make sure that all of your office’s wireless devices can be patched and protected to keep you and your customers safe.

Until your devices are patched we do not recommend sharing any sensitive information over a wireless network; use cellular data for your phone or a physical Ethernet connection in your home or office. HTTPS communications are safe from this vulnerability, but all non-HTTPS interactions are at risk for traffic capture and observation.

Please call PMCS at (818)957-5647 as soon as possible to schedule patching so that we can ensure your business is not at risk and your data stays secure.

KRACK threatens “Smart” devices and the Internet of Things

If your office uses wireless security cameras, has a wireless “smart” device like a fridge, or if you use wireless baby monitors at home all someone needs to do to access the traffic from those devices is be within range of your wireless network. “Smart” devices like security cameras and baby monitors aren’t frequently patched and are therefore significant vulnerabilities in your network. You may not care that a hacker can see when your office fridge needs its filter changed, but you don’t want people watching the security footage inside of your building.

Again, please contact PMCS right away to secure your office Wireless Access Points, Routers, and Laptops; we can help you to secure those devices now and help you plan moving forward with your wireless smart devices. Give us a call at (818)957-5647 so we can start working with you to secure your office against KRACK attacks.

How to take down the internet with one DDoS attack

On October 21st the US lost access to a large part of the internet. Here’s how that happens.

If someone wants to take down your website they can orchestrate what’s called a Denial of Service (DoS) attack, which involves sending thousands and thousands of requests to your website’s server. The server can’t respond to the volume of requests and in its attempts to fill them slows your server’s response time, making it impossible for legitimate users to access your site or for you to make changes. If all of these requests are coming from a small number of computers you can block the attacker’s IP address on your router and free up your server’s resources for legitimate use.

The attack on the 21st was much grander in scale. A Distributed Denial of Service (DDoS) attack doesn’t use only one or two computers to generate attacks but tens of thousands, most of which are likely botnet computers owned by casual computer users who aren’t aware that their devices have been repurposed by a virus or malware into a node on a botnet. This alone makes it hard enough to block attacking IP addresses but DDoS attacks also frequently involve proxy services and packet anonymization to disguise the original IP addresses and make them impossible to block. Sometimes you’ll hear of a large company or a government agency being taken down, but it is rare to lose access to whole sections of the internet as the result of an attack.

So how did it happen?

Whether you know it or not your computer relies on Domain Name Servers (DNSs) to find their way around the internet. The website you know as google.com is known to computers as 8.8.8.8. DNSs are the servers that check how to route your computer to 8.8.8.8 and make sure that you aren’t getting sent to 8.8.8.148 instead, or that 8.8.8.148 isn’t pretending to be 8.8.8.8. There are millions of DNSs constantly checking that sites are what they say they are and allowing your computer to access them. Some are small and private, some are clusters at large server farms. The attack on the 21st was a series of massive DDoS attacks aimed at a company in New Hampshire called Dyn, which happens to be a major DNS provider for a lot of what we use online every day. The attack disabled Dyn’s DNS servers and as a result DNS went down for some major services, effectively barring the door to users whose computers were trying to find a location without a map.

Post-incident reports indicate that the attack was the result of a Mirai botnet, largely made up of web-enabled devices such as CCTV cameras. The fact that these cameras were so easily hijacked and have so little in-built security raises a lot of questions about the direction the tech industry has taken in supporting the internet of things, and the fact that large portions of the internet went dark on the 21st has raised valid concerns about the viability of cloud software in a world where access to your business infrastructure can be taken down by a smart refrigerator.

Solid security and physical redundancy can do a great deal to protect your business productivity. If you’re interested in an assessment of your security standards or curious to learn more about what a physical server can do for your office give PMCS a call for a consultation at (818)957-5647