All about Security

Today’s post will be about understanding a little more what to be aware of, recognizing potential threats and reacting to them efficiently. IT Security is big business and the marketing engine of some large companies is very effective at scaring the public into buying the wrong product for their needs.

But the truth is that common sense and a little knowledge will take you a very long way towards making your computer safe.

So here is an A,B,C of computer security:

A is for Acronym – Malware, Bloatware, Spyware… what is this all about?

With IT’s love of jargon, there are many categories of bad software people don’t want on their computers. Explaining them all would be too long and I would rather keep your attention.

The bottom line is that, with a decent firewall and an up-to-date anti-virus, 95% of those will be blocked before you even know there was an attempt on your machine.

Windows comes with a built-in Firewall which works very well in most circumstances. I
There are a very large number of anti-virus software out there which can work very well, including a number of free ones. Again, Microsoft Security Essentials for Windows 7 (renamed Windows Defender in Windows 8) is a perfectly valid choice for home users. For licensing reasons, most small business users need to pay for an anti-virus solution. At this point there are many choices to go for. We can always help if you need some clarity.

Tip: Whatever your decide NEVER install more than one anti-virus on your computer! You may think it will make you safer. The truth is that they will conflict with each other and will do much more harm than good.

At OfficeAnyplace, we use multiple layers of anti-virus filtering, with multiple providers, to take you from 95% to 99.9%.

B is for Bottom-right – Now you have your basic security in place, what else?

All you need to do is keep an eye on the icons in the bottom right-hand of your monitor. The anti-virus will run all the time, and some will require you to manually update the definitions now and then.

Generally speaking, green/blue is good, orange needs you to do some easy maintenance (typically one or two clicks) and red means something has happened which you need to pay attention to. Else, just let it run and only do something when it is flagged up.

C is for Check before you respond – The real danger is phishing.

No, it’s not a typo. Because security software is pretty efficient, the bad people out there need to be more inventive and intelligent to get their malware on users’ computers. Hackers and virus writers increasingly use subtle ways to try and trick you into falling unwittingly into their traps.

The most common tool they have at their disposal is phishing: most of us have received emails from banks we’ve never had business with, or been informed – purportedly by UPS – that a package we know nothing about is blocked by custom. Common sense dictates that there’s no such thing as free money and nobody would send you a package through a courier without letting you know. Those emails should of course be ignored.

But it is sometimes more difficult to identify a fake email when it appears to come from a company we DO do business with. An example is Apple and the following email:

—–

From: Apple/iCloud Support Team [mailto:cloud@yourios8audit.eu]
Sent: 08 October 2014 20:23
To:
Test Email Address
Subject: Your iCloud Service New Notice

Your iCloud – Test Email Address

This message is to therefore notify you that your Apple ID ( Test Email Address) has been temporarily suspended until you can confirm your Apple Account details on file. This security measure to secure your Apple Account from unauthorized use. We apologise for the inconvenience this may cause.

How can I verify my Apple Account and remove the suspension?
Just click the URL address below to prove ownership of your iCloud/Apple ID. Log-in in using your iCloud ID and password, then follow the prompts.

>> Certify My Apple/iCloud Account

While using Apple devices and web services, you’ll still sign in with your usual email account as your Apple login.

If you have queries or need support, visit the Apple Account Support Team.

Thanks again,
Apple & iCloud Europe Support

Resolution Your Ref: #FH3CTI18812-EU61

—– 
Here is what’s wrong with the above email:

  1. First look at the sender address. Emails from apple will always come from apple.com. It could be support.apple.com or anything but it has to finish with the exact terms “apple.com”. If the sender does not reflect correctly the company domain name, it’s a fake (be ware: apple.support.com is not the same as support.apple.com. What is important is the word that is attached to “.com” or “.co.uk”
  2. This email has been made safe, so click away if you want to, you may be surprised. But an easy way to find out where you will be taken is to let your mouse hover above the link “Certify My Apple/iCloud Account” and have a look at what is displayed. Again, if it is not a apple.com (in this case) address, do not click on it. In the original message, the link would send you to “myios8guru.com” followed by gobbledigook. Does that feel like a professional name to you?
  3. DATES. Many emails warn of dangers, of a new virus or a new breach in computer systems. Some are genuine and some are not. A very good first test to assess authenticity is to look at whether the email is dated or not. Fraudsters are lazy: they want to write one email and then leave it working for months on end, so will not include dates. Genuine providers are professional. They are more likely to include a recent date somewhere in their email to you. If in doubt, call us.

Here is a different example.

Phishing-example

 

This email was received by me and really comes from a genuine client. However the tone of the email is unusual: if Emma had emailed me, there would have been some warning beforehand that she wanted to share something with me.

Furthermore, although the (anonymized) link does point to google drive, the name of the file has nothing to do with what Emma normally works with. In this instance, Emma fell victim to some hackers who used her address book to send emails to all of her contacts.

If you receive an email from someone you know but it doesn’t “sound” like them, or it’s out of the blue, chances are they didn’t send it. Take the time to send a quick confirmation email to make sure it’s genuine and if not, simply delete it.

Another type of protection from viruses

Simon's Cup
You might have seen this picture on our Twitter feed (@OfficeAnyplace) but here is another another way to protect oneself from viruses in your office.

We won’t name our paranoid colleague, of course, to preserve what is left of his credibility.

More seriously though, if you have any question about the security you have in place on your machines, do feel free to get in touch with us in the usual way.