Security

Top 10 Security Risks – Are you safe?

1.      Check your bank statement on a regular basis. Many indicators of cyber fraud can be found early on from a bank statement look for small, seemingly insignificant transactions.

 2.       Change all your financially related passwords including PayPal, Amazon, EBay, Bank logins and ANY site that may store credit card logins and ensure they are unique.

 3.       Take 15 minutes and review your logins with a particular emphasis on creating effective passwords. Passwords should not be a word but a phrase containing capitals, symbols and numbers.  Your password for each Application or Site needs to be unique.  We recommend ideally generating a Password using a Password Management Tool such as LastPass or RoboForm.

 4.       Check your operating system and applications are up to date on your devices. This includes your desktop computer, phones and tablets.

 5.       DO NOT TRUST your email. Even if you know the sender please do NOT click any links or open any attachments unless you are 100% certain of their content.

 6.       Vet your applications, do you really need Java and Flash, do you use it?

If not then remove it, streamline your OS and you lower your attack vector.

 7.       ALWAYS run updates from a legitimate source if you are unsure go to the developer’s website and check yourself.

 8.       Do not Trust ‘Fake’ Antivirus alerts such as XPAV, Windows security or Mac defender etc.

We recommend and install ESET to our customers, therefore you should only trust these Notifications. However if you use an alternative Antivirus and in doubt, please do not hesitate to contact us.

 9.       Social networks are great fun but treat them with respect. Honestly Apple do not need to give away iPads because the cellophane is ripped!

 10.   If in doubt give our Support Team a Call on 01246 266 039

 

Windows Server 2003 – EOL July 14 2015

On 14 July 2015 Windows Server 2003 & 2003 R2 will become End of Life. Server 2003 became end of Mainstream support on July 13 2010 and was originally released back on April 24 2003. That makes the operating system over 12 years old.

 

End of Life means that Microsoft will no longer offer any Security Updates for the Operating System and it will therefore be more liable to Virus & Malware Infections. Microsoft actually stopped releasing new features after Service Pack 2 came out on March 13 2007

Contact our Sales Team to discuss your options before its too late on 01246 266 039

More Information: www.microsoft.com/Windows-2003

Do you offer Customer Wifi in your Business? Are you aware of your legal responsibilities?

There are legal requirements that suppliers of WiFi hotspots need to comply with. Businesses that provide WiFi are responsible under the following laws:

The Data Protection act

European Directive for Data Retention Regulations 2009

The Code of Practice (Anti-Terrorism, Crime and Security Act 2001)

Regulation of Investigatory Powers Act 2000 

and Digital Economy Act 2010.

When a business supplies a WiFi hotspot, these legal requirements must be complied with, such as holding data and logging all URLs visited and who visited them. Another potential problem for suppliers is that of content filtering, which allows Businesses to block certain content – such as porn and illegal content and also includes protecting Children from seeing such inappropriate content.

The Home Office would expect such data to be retained for a period of 12 months. The purpose of maintaining this data is to assist intelligence and law enforcement agencies such as the police in their investigation of criminal and terrorist activities.

Miller Solutions Ltd can offer a Customer Wireless solution which can meet all of these requirements and also act as a Marketing Tool to help improve your business, Just give our Sales Team a call on 01246 266 039

Microsoft Recalls 3 Patches and advices users to uninstall

Microsoft has urged users to remove a buggy update as it yanked download links to the offending patch, after reports emerged it caused the dreaded blue screen of death.

The guilty patch run addressed 40 bugs across Internet Explorer and Windows 7 and Win 8 Pro other than Starter and Home Basic.

Altogether three updates were pulled for download from the Microsoft website.

The bad patch triggered crashes with a “x50 Stop error message (bugcheck)” after any of four updates (KB2982791 KB2970228 KB2975719 or KB2975331) were installed.

Don’t worry though if you use our Patch Management Solution as we have already Approved the Patches to be uninstalled.

USB ‘critically flawed’ after bug discovery, researchers say

Cyber-security experts have dramatically called into question the safety and security of using USB to connect devices to computers.

 

In one demo, shown off at the Black Hat hackers conference in Las Vegas, a standard USB drive was inserted into a normal computer.

Malicious code implanted on the stick tricked the machine into thinking a keyboard had been plugged in.

After just a few moments, the “keyboard” began typing in commands – and instructed the computer to download a malicious program from the internet.

Another demo, shown in detail to the BBC, involved a Samsung smartphone.

When plugged in to charge, the phone would trick the computer into thinking it was in fact a network card. It meant when the user accessed the internet, their browsing was secretly hijacked.

Mr Nohl demonstrated to the BBC how they were able to create a fake copy of PayPal’s website, and steal user log-in details as a result.

Unlike other similar attacks, where simply looking at the web address can give away a scam website, there were no visible clues that a user was under threat.

The same demo could have been carried out on any website, Mr Nohl stressed.

 

See More

Microsoft to end old Explorer fixes

Anyone using older versions of Microsoft’s Internet Explorer browser will soon no longer get security updates and bug fixes for the software.

From 12 January 2016 Microsoft will only support the latest copy of IE for the different versions of Windows.

 

Windows Platform Internet Explorer Version
Windows Vista SP2 Internet Explorer 9
Windows Server 2008 SP2 Internet Explorer 9
Windows 7 SP1 Internet Explorer 11
Windows Server 2008 R2 SP1 Internet Explorer 11
Windows 8.1 Internet Explorer 11
Windows Server 2012 Internet Explorer 10
Windows Server 2012 R2 Internet Explorer 11

http://blogs.msdn.com/b/ie/archive/2014/08/07/stay-up-to-date-with-internet-explorer.aspx

 

TrueCrypt Encryption

Beginning on Wednesday, the TrueCrypt homepage redirects visitors to the project’s official SourceForge-hosted page that displays a message to the effect that the software has been discontinued – and that users should switch to an alternative:

 

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

http://truecrypt.sourceforge.net/

 

In need of an alternative Encryption option then give us a call to discuss your requirments

New research shows rise in “deceptive downloads”

According to the latest cybersecurity report from Microsoft, “deceptive downloads” were the top threat for 95 percent of the 110 countries surveyed.

What are deceptive downloads?

Deceptive downloads are legitimate downloadable programs (usually free) such as software, games, or music that cybercriminals bundle with malicious items.

For example, you might receive a file in email or through social networking, but when you try to open it you see a message that says you don’t have the right software to open it. You do a search online and come across a free software download that claims it can help you open the file. You download that software, but you unknowingly might also be downloading malicious software (also known as “malware”) with it. This malware might have the ability to access personal information on your computer or use your computer for cybercrime.

It could be months or even years before you notice your system has malware.

How can I avoid deceptive downloads?

  • Think before you click.
  • Only download software from websites you trust. For more information, see How do I know if I can trust a website?
  • Turn on automatic updating so that you’re always using the latest, most secure versions of the software installed on your computer.
  • Make sure you’re using antivirus software and keeping it up to date.
  • Use newer software whenever possible.

What should I do if I think I’ve been a victim of a deceptive download?

Do a scan with your antivirus software. If your computer is running Windows 8 or Windows 8.1, you can use the built-in Windows Defender to check for and to help you get rid of a virus or other malware.

If your computer is running Windows 7 or Windows Vista, do the following:

  • Run the Microsoft Safety Scanner. The scanner works with the antivirus software that you already have on your computer, regardless of whether the software is from Microsoft.
  • Run a full scan of your computer using your AntiVirus software.
  • Some malicious software can be difficult to remove. If your antivirus software detects malware but can’t remove it, the give us a call.

If you would like any help or advice on Solutions including AntiVirus, Web Content Filtering and Automated Patch Management then give us a call (www.millersolutions.co.uk)

EU court backs ‘right to be forgotten’ in Google case

A top EU court has ruled Google must amend some search results at the request of ordinary people in a test of the so-called “right to be forgotten”.

The European Union Court of Justice said links to “irrelevant” and outdated data should be erased on request.

The case was brought by a Spanish man who complained that an auction notice of his repossessed home on Google’s search results infringed his privacy.

 

See More