Archives

Security

Equifax

We never intended to return a third time to the Equifax hack story, but in “you couldn’t make it up news” we read about yet another security issue at the beleaguered credit rating company…

Equifax Hack – It Gets Worse!

Equifax has been accused of a fresh IT security breach, this time in Argentina. A cyber-crime blogger found that an online tool in the country could be accessed by using “admin” as both login and password! Doing so gave access to records including the national identity numbers of thousands of customers.

Username: Admin Password… Admin!

The news follows last week’s revelation of an attack that affected millions of users in the US and some in the UK. Equifax temporarily closed the website when the issue came to light. The case raises questions about how Equifax – and other companies – take care of customer data

The cyber-security researchers explored the site and found a list of 100 Argentinian employees. They were then able to uncover the company usernames and passwords for these people, all of which turned out to be matching words! Each one was solely the worker’s last name or their surname followed by their first initial, which simply had to be entered again as a password to access the system.

List of Equifax Customer Details

From the main page of the employee portal, the researchers found a listing of 715 pages worth of complaints and disputes from customers. It listed each person’s social security number in plain text. Altogether over 14,000 records were accessible to even a low-skilled hacker

Take Security Seriously

We keep making the point: IT security must be taken seriously. Some basic learnings from this story are:

  • Avoid making employee tools accessible via the internet
  • Don’t leave sensitive data unencrypted
  • Never leave usernames and passwords at their default settings
  • Create a strong password (click here for our advice)
  • Make sure employees create unique passwords that are hard to guess

For help making your company more secure, call us on 01482 424402 or visit www.digitalquill.co.uk.

ransomware

This is the third and final part our blogs about the National Cyber Security Centre (NCSC)’s tips on keeping safe from ransomware.

What is the impact of ransomware?

ransomwareRansomware prevents you from accessing your systems, your data, or both until you find a solution. If those systems are delivering business critical services, this can have a serious impact on your reputation, finances and your customers. Even if you took a recent backup of your system, it may still take some considerable time to restore it and you may even restore a backup that has formant ransomware on it. This is why we help organisations to write Business Continuity plans and install backup solutions.

Limiting the impact of a ransomware attack

The following measures will help to limit the impact of an attack by ransomware.

Access control: Don’t use the administrator account for day to day business, and never share passwords.  The encryption may only apply to the data owned by a single affected user, but if you share logins then everyone is affected.

Need to know: limit the access to your data and file systems to those who have a business need to use them.

Keep backups of your data. Organisations should always have a fully tested backup solution in place. Backup files must never be directly accessible by any machines that could be infected by ransomware – or it could spread to your backups too.

What to do if your organisation is infected by ransomware

Unplug any affected machines from the network, and switch them off at the mains. Then call an expert for advice. We can help businesses prevent ransomware and we may be able to help you recover if you have been attacked.

Digitalquill – Experts in Cyber Security

Digitalquill are experts in removing and preventing malware and ransomware. For more information, call us on 01482 424402 or email office@digitalquill.co.uk.

 

 

 

equifax hack

We reported on Friday how Equifax had been hit by possibly the world’s biggest cyber-theft. They notified their customers, but – astoundingly – they did so in such an insecure manner that it raises serious questions about the safety of people’s data. The Information Commissioner’s Office (ICO) is investigating how many UK citizens were affected by the Equifax hack and it acts as a timely reminder to take security seriously – for all businesses.

Equifax Hack – World’s biggest ever Cyber Theft?

equifax hackAfter having 142 million peoples’ personal details and credit card numbers stolen, the global company launched a basic, insecure, WordPress site to notify them. It took them 40 days to disclose that the hack had taken place, and they said: ““The information accessed includes names, Social Security numbers, birth dates, addresses and some driver’s license numbers.”

It also says “credit card numbers for approximately 209,000 US consumers” have been accessed along with “certain dispute documents with personal identifying information for approximately 182,000 US consumers.”

Equifax Website Security Flaws

Equifax’s website for notifications – https://www.equifaxsecurity2017.com – invites customers to enrol in a complimentary (for one year only) identity theft protection & credit file monitoring product: TrustedID Premier.

This raises questions about how much they really care about their customers’ personal data: the free WordPress template they have used also has a free SSL certificate – none of which suggests that the security of this website is important to them – despite it being used to harvest yet more personal data from the customers it has already let down.

HMRC Insecurities

In the same week, the BBC reports that the taxman is also playing fast and loose with our data. They say that a security researcher found loopholes in the HMRC website, but struggled to notify them so they could be fixed. He eventually managed to report the bug after 57 days of trying.

This is not good enough – security cannot be taken for granted and criminals could do no end of harm with all of this personal data. It may initially seem like a victimless crime as the banks reimburse stolen money but, in the end, someone has to pay for it. The reputational damage of losing customer data would sink most smaller companies, and larger companies face huge fines if they have not taken security seriously.

Digitalquill – Experts in IT Security

At Digitalquill we help businesses across the Hull area to keep customer data safe. Whether it’s securing a router, protecting backups or making sure you’re compliant with credit card processing rules – we can help. For more information simply call us on 01482 424402 or email office@digitalquill.co.uk.

Equifax

Great Britain’s data watchdog the Information Commissioner has announced it is investigating a major data breach at Equifax, the credit monitoring company. The personal details of millions of customers in the United States and United Kingdom are believed to have been stolen.

It was reported late on Thursday that cyber criminals had managed to steal the personal details of some 143 million Equifax customers in a major data breach – possibly the biggest ever – and the lost data includes financial information.

Data Breaches and Hacking – No Company is Safe

EquifaxEquifax announced that the hackers had succeeded in exposing personal data belonging to millions of customers between May and July. The information that the hackers obtained includes names, Social Security numbers, dates of birth, addresses and, some driving license details. Additionally, around 200,000 credit card numbers have also been compromised. They have said that a “limited” number of British customers’ data has been compromised.

In response, the company set up an advice section on its website and has said it will provide free identity theft protection and credit file monitoring to all if its affected customers.

Keep Your Business Safe from Hackers

Just because your company is smaller than Equifax and located in Hull, East Yorkshire or Lincolnshire does not mean that your data is not at risk. If hackers succeed in taking data then it affects your reputation, can harm your customers, and you may be fined by the Information Commissioner if you cannot prove you took reasonable steps to keep the data secure.

Digitalquill – Experts in IT Security

At Digitalquill we help businesses across the East Riding keep their customer data safe from prying eyes. Whether it is securing a wireless router, protecting confidential data, setting up a backup regime or maybe you need help to be compliant with the rules around credit card processing – we can help you. For more information call us on 01482 424402 or email office@digitalquill.co.uk.

 

 

passwords

The BBC are reporting that the entertainment retailer CEX have had customer passwords stolen in a Cyberattack.

CEX Cyber Attack – Why you should change passwords regularly

The second-hand video games and gadget retailer says it is working with police after up to two million of its customers have data stolen in the online breach. The stolen data includes customers’ names, addresses, email addresses, phone numbers and credit card information.

Best Practice For Passwords

passwordsOne of the most common ways people put their IT security at risk is through insecure passwords. Many people use simple passwords and share them across sites. As a result, a breach of passwords from one company could put you at risk if that password allows access to other websites too.

Researchers recently looked at over 2 million passwords that had been leaked online and made a “Worst Passwords List”. This list highlights the passwords people are using most often. These are easy to guess and easy to crack.

How to Choose a Secure Password

Password security is simple when you follow some basic advice:

  • Make passwords a minimum of 8-characters long. Every extra character makes it harder for automatic systems to guess them.
  • Don’t use a single dictionary word (like “bulldozer”) or a commonly-used phrase (like “letmein”).
  • Make your password difficult to guess but not so hard you forget it yourself. Determined criminals can easily work out your date of birth, your favourite food, pet’s name, by searching social media. It is best to restrict any personal information on Facebook, LinkedIn etc. or leave it off altogether.
  • Don’t use the same password on more than one website. One password breach will then make many more accounts insecure. You could append the website name to your secure password to help you remember it.
  • Use two-step verification wherever you can (e.g. having a text sent to your phone with a log-in code.)
  • Keep your operating system and software up to date.
  • Be wary of emails and websites that look suspicious – if in doubt, don’t click links.
  • Install an antivirus program such as AVG on your computer. We can supply AVG to businesses at a low price.

Digitalquill – Experts in Cybersecurity

For more information on password or IT security, call us on 01482 424402 or email office@digitalquill.co.uk.

Hull IT Security

The National Cyber Security Centre (NCSC) recently published some guidance for businesses on keeping safe from ransomware. We are translating them into plain English and giving practical advice on staying safe online. We are experts in Hull IT security and can help your business to stay safe online.

How does ransomware infect your system?

Hull IT Security
online hacker attack

Computers become infected with ransomware in a number of ways. Often, users get tricked into running programs that appear legitimate, but which actually contain ransomware. These can arrive in emails, through authentic-looking attachments or links to websites that resemble real ones (also known as phishing). Recent ransomware infections have relied on vulnerabilities in Windows or other software. If this is the case, then simply visiting a malicious website may be enough. File transfers between computers (using external drives or USB memory sticks) can also cause malware to spread.

Preventing ransomware with enterprise security

Ransomware is one of the many different types of malicous software. You can minimise the risk of your business computers being infected by ransomware by using the same precautions as malware in general.

Vulnerability management and patching

A lot of ransomware exploits software vulnerabilities in your operating system, web browser, plug-ins and other applications. When such loopholes are discovered, software providers make patches available to close them. Keeping software updated is the most effective way to stop your system being compromised. Find out how to update your Windows operating system here.

Controlling code execution

Only your administrator should be able to install software on business PCS, and you should only be logged in as the administrator if that is your intention. All other business activity should be conducted through “normal” user accounts. Your Hull IT Support company will be able to check this for you.

Block certain internet traffic

It is recommended to using a security service to proxy outgoing internet traffic. You can filter out attempted connections based on categories or the reputation of the sites your users attempt to visit. If staff attempt to access a malicious site it can be blocked as “not for business use” and keep your files safe.

Digitalquill – Experts in Hull IT Security

Digitalquill can help you with all of your Hull IT support, East Yorkshire IT security and Lincolnshire ransomware prevention needs. We don’t just act proactively, we help you put systems and policies in place to make an attack less likely. The best approach is with a combination of antivirus software, backup and policy.

Don’t let your business be put at risk, act today. Call Digitalquill on 01482 424402, email suppor@digitalquill.co.uk or visit www.digitalquill.co.uk for more information.

 

10 Top Tips to avoid Ransomware 

The National Cyber Security Centre (NCSC) have published some tips on keeping safe from ransomware. We would like to translate them into plain English and help you understand what you need to do to stay safe from Cyber Crime.

How to prevent a ransomware incident, and what to do if your organisation is infected.

10 Top Tips to avoid Ransomware Ransomware is a growing threat to global cyber security and one which may affect any organisation, however large or small if it does not have appropriate defences. In the first half of 2016, there was a threefold increase in ransomware types, compared to the previous year.  Ransomware has been a threat to Windows operating systems for many years, but attacks against Mac and Linux systems are also increasingly being seen.

The methods that ransomware uses to infect systems are similar to those used by other malicious software. The steps organisations should take in order to protect themselves are also well-known. Ransomware infection can cause a minor irritation or a wide-scale disruption – depending on the measures your business has taken. Ransomware attacks are not usually targeted at specific individuals, so infections are possible in any organisation.

What is Ransomware?

There are two different types of ransomware; the first will encrypt the files on a computer or your network. The second type will lock the computer’s screen. Both types of ransomware tell users that they must make a payment (a ‘ransom’) if they are to use their computer again. The ransom is usually demanded in an untraceable cryptocurrency, most often Bitcoin.

In many cases, the amount of ransom requested is relatively modest. This is deliberate – the criminals want to make paying the ransom the quickest and cheapest way to restore the computer, so people pay up. However, you should be cautious, as there is absolutely no guarantee that payment of the ransom will actually unlock the computer. The criminals may make further demands after unlocking only some files – and if the software is still on the PC, they can easily strike again.

Digitalquill – Experts in Ransomware

Even if you have not been unlucky and suffered an attack from ransomware, you must still take steps to stay safe. We can check that your malware prevention tools are up to date and effective – and we can provide business grade AVG virus protection. We also conduct system security audits and make sure you have the safety measures you need. Call us on 01482 424402 for advice.

 

cyber security

The Independent reports that businesses and service providers who do not have effective proper cyber-security measures could soon face large fines of up to £17 million under recently announced Government proposals.

Businesses to be fined if they suffer a Cyber Attack

cyber securityThe measures come in response to the recent cyber-security attacks that hit the NHS earlier this year. They would affect transport, energy and health providers. The fines – of up to £17m or 4% of a company’s global turnover – are aimed to force them to invest in IT security measures. They would not apply to companies found to have followed proper procedures. Loss of data will continue to be covered the General Data Protection Regulations.

What does good IT Security Look Like?

It’s easy to imagine these rules extending to other companies, and IT security is always a good idea no matter how small your business is. Measures to take include monitoring threats and detecting attacks, staff training, and arranging for quick-recovery systems in the event of an attack. Most businesses cannot afford a dedicated IT board member, and that is where the Digitalquill virtual IT director service comes in. We work with you and your team, to oversee your IT strategy. We will get to know your business, its requirements, its systems and its processes. We will then recommend to your board of directors any areas where your IT hardware or systems could be improved – to contribute to the continued success of your business.

Why do I need a Virtual IT Director?

We do everything that a dedicated IT director would do: we ensure business continuity plans are created and put in place; ensure your IT systems are secure; and we create a plan for your business’s technological development so you can gain – and maintain – a competitive advantage.

Digitalquill: IT Security Experts

Are you a business owner in Hull, East Yorkshire or Lincolnshire? Find out more about Digitalquill’s virtual IT director service by calling us on 01482 424402.

 

ransomware

The BBC reports that three months after a ransomware attack that crippled parts of the NHS, $140,000 worth of bitcoins paid out by victims of the WannaCry attack have been cashed out by the criminals.

ransomwareWhat is Ransomware

Ransomware is a form of malicious software – or malware – similar to a virus – except instead of destroying files, it locks your computer, and a pop-up message demands payment to restore access to your PC.

What Do I Do if Ransomware strikes?

It can be terrifying to be presented with a demand for money, and your instincts may tell you to pay up – particularly if the message alleges you have downloaded embarrassing files onto your computer. Some ransomware even imitates the Police, presenting an official looking logo – but no law enforcement agency operates in such a way and so you should never enter your credit card details.

What you should do, as soon as you see a message on screen is:

  • Stop using the computer
  • Disconnect it from the network (remove cables or switch off your router)
  • Call an expert.

Digitalquill’s local IT support technicians are familiar with many types of ransomware and are skilled in the removal and prevention of attacks. Once we have restored your computer we can advise on how to avoid becoming a victim again, and help you build a backup system to protect files in the future.

Ransomware removal and Ransomware prevention

Even if you have not suffered an attack from ransomware, you still need to take care. Make sure you have a good paid-for virus protection program (we recommend AVG). If you are not sure whether or not you are protected, then we can complete a security audit of your system and ensure you have the right safety measures in place. Call us on 01482 42440 to find out more about IT support services for businesses in Hull and East Yorkshire.

cyber security nhs

The UK government plans to invest £21m in beefing up cyber security within the NHS after the devastating WannaCry cyber-attack that took many of the health service’s computer systems offline and harmed patient-care.

Health Secretary Jeremy Hunt wants the money to be used to prevent future malware attacks to make sure operations, and appointments are not disrupted again. The money will be shared between 27 hospitals across England including King’s College, St Mary’s, Royal London and Manchester Royal Infirmary. It will be spent on updating IT systems, improving staff training and raising awareness of how to deal with cyber-attacks.

cyber security nhsHealth Minister Lord O’Shaughnessy said that better use of information and data can transform health and care, but organisations’ resilience to cyber threats and the safe and secure flow of information and data across the health and social care system are critical to improving outcomes,”

The investment is part of the government’s response to the UK’s National Data Guardian’s review of data security. As well as the funding for the NHS, the commitments in the report include making the National Data Guardian’s statutory, and implementing data protection legislation to provide a framework to protect personal data and impose stricter penalties for data breaches. The government said it would also help the NHS move away from outdated operating systems like Windows XP.

Have you got a Cyber Security Strategy?

It is not just the NHS that is at risk from cyber attacks. Every business in the UK should have a strategy to protect itself: with the right mixture of policy, procedure, software and hardware protection. A ransomware attack could cripple a business in minutes, and it may never be possible to recover unless you have adequate system backups to restore your systems.

Digitalquill – Experts in Cyber Security

We help businesses in Hull, East Yorkshire and Lincolnshire stay safe from cyber threats. For more information call us on 01482 424402 or email office@digitalquill.co.uk.