IT Security Chichester | IT Security Sussex

ABM Blog

IT Security

Updated information about scams to watch out for, cyber security threats and the do's and dont's when using your technology.

World Password Day

May 7th celebrates password awareness day. Many of us like to use generic or simple passwords so we don't forget what they are, or for ease of use. However, this can be a dangerous comfort, especially in a business environment. 'Password1' has been the most common password used since security was a requirement. If this is used by you for any device - uh oh, maybe consider changing it? How do you create an effective password? What are the do's and don'ts of password use? Carry on reading.

Password Creator - Sometimes it is hard to decide on a password. Everything seems guessable. There are several online generators that are great for extremely random codes. If not, we can suggest some passwords for you.
Personal - Try and make them based on hard to know information. For example, it will be hard for someone to find out your favourite childhood car, or where you met your partner.
Length - I know it is tempting to keep them short and sweet. But a longer password is less likely to be guessed. For example, 'MiniCooperLoves1.6' has 18 characters! This is verified as a strong passcode (as it is above 16 characters) and would be hard for someone to guess.
Characters - Capital letters, full stops, exclamation marks, symbols, slashes, underscores and dashes are great ways to make up the characters in your password, and in addition, make it more complicated. Lots of websites don't allow passwords without characters now; and so it is a good idea to figure out a few passwords you can incorporate these specifics in to.

Password Do's

Keep it to yourself - In a business environment the only people who should know your passwords are: Your boss, you and your IT company if required. If it is a joint computer and you have the same log in, then another colleague may require it. Apart from that no one else should be able to know or guess.
Change your password - Every so often you should think about generating a new password. However, before doing this check it is okay and always update the relevant people. Changing them every 6 months to a year, keeps your data safe.
Use different passwords - Having one password for all your accounts and logins is a very bad idea! Someone gains your password; they then have access to everything.

Password Don'ts

Write it down - An easy way for anyone to access your information. Having a note somewhere with your password on it is a sure way for others to gain full access to your tech. If you must write it down, use a reminder sentence as to what it is, keep it somewhere no one would think to look and never detail what it is for, near the actual password.
Blank spaces - Try not to add blank spaces in your password. Instead use connectives. These are easily forgotten and can confuse you when typing it in.
Alphabet - Having a series of number or letters shouldn't be considered. E.g. 123456 or ABCDEF.
Obvious - As mentioned no obvious passwords, like your partners name or your nickname.

Do You Have A Virus?

Known as malware, a virus can be extremely detrimental to the running of your computer. The malware may have different objectives in mind, however most commonly they will destroy files, steal data and damage your computer. But how do you know if you have one?

Slow - Have you noticed a difference in the speed of your machine? This includes starting up your PC, navigating through your files, within your internet browser and opening programs. This is one of many tell- tale signs for a virus.
Storage - A virus likes to make your computer as slow and as unresponsive as possible. Pushing your machine to its limit is part of the attack. Part of this process is to flood your machine with malicious files and reduce file storage levels. As well as this some malware types like to delete files or encrypt them so you can't access your data.
Crashing, Error Messages & Pop Ups - Are you finding your machine is automatically closing down and restarting? Does your system freeze randomly? Are you seeing strange pop ups and error messages? If so, get your machine checked immediately.
Security - Malware can disable the security on your machine. Are you trying to complete a scan or install anti - virus and it isn't working? The virus wants to live on within your PC and so has disabled your ability to diagnose and potentially destroy.
Emails - It is likely that the malware will try to replicate and expand its reach. This is easily done through sending messages with links to your contacts, either via social media or just through email. If a person sees a link sent from yourself and clicks on it - their machine will also likely become infected.
Hard Drive Activity / High Network Activity - Continuous noise from the hard disk in your machine, even when you aren't using it, is also a sign of a virus. If your internet usage is extremely high, this could mean the virus is sending information back and forth.

Preventing Malware Attacks

It is hard to understand (even when following these tips), if you really have completely destroyed all traces of malware on your machine. Follow these steps and do what you can, but it is always best to have a trained professional completely safety check your machine.

Install a well known, well rated malware scanner - Malwarebytes is a great option. Use it weekly or fortnightly, run a scan in the background whilst completing your usual tasks. Delete any files found, for example PUP's Adware and Malware.
Have a good Anti - Virus software (security agent) - We offer our clients Trend Micro which we rate highly and use ourselves.
Don't download suspicious content from the internet - It is tempting to just download what you require from the internet, and many places are offering this service for free. If it seems to good to be true - it probably is.
Links - When opening emails, do not click on links unless you know the person, and even then, be wary. Create dialogue with the person sending and ensure this is correct.

If you are unsure and require help. Please give us a call. It is better to be safe than sorry. Malware can cause irreversible damage to your machine and if spread, it can shut down your business.

Opening Emails Safely

One of the most common problems we face when it comes to virus interaction, is someone opening an attachment on an email they believe to be safe. Recently the emails received have gotten more and more convincing. Everything in the email says ‘open me, I am important.’ But taking precautions to prevent malware infecting your systems is important enough to stop and spend the time ensuring that the email is safe. In a further post, we will list the different types of infections and what they can do to your machine.

Do you know the sender? - When doing business, you can be in touch with lots of different people at once. Some you may know personally and some you will not. Because of this when you receive an email from a new contact you can automatically mistake it for a new business associate and open it and any attachments. The first step is to confirm the sender is genuine. You can do this by searching their email online. If the email is fake it will generally show up as such. Also, people tend to use aspects of their business or real name in the email. For example, we have @abm.uk.net at the end of ours. If the address is totally unrelated chances are it may be fake.
File types - With attachments, be careful to check the file type. You do not have to click on it to do this. In the top of an email the attachments show up with a little icon. The icon will generally tell you what the attachment is. For example, the PDF logo looks like (1) this and shows up like this when in an email. If you can’t identify what the item is through the image, then there will be an indication in the title. If the document is named at the end there will be a (.) then the listed file type. For example, ‘File Opening Procedures .docx’ Generally .docx and .pdf files are safe, if you are expecting them and know the sender. File types that are strange to see and should be opened with caution or not at all are .exe, .bat and .msi. These are programs and are not usually sent via email. As well as this some dangerous files are saved in containers. Containers are just a term to explain several files saved in one. For example, .zip or .rar files. If you receive these when you are not expecting them do not just open them and hope for the best. (see number 5)
Reading the email - We all know there is a manner in which to send emails within business. Obviously within a company it can be different, Colleague to colleague is less formal than sending to a client etc. When receiving an email you are not sure about, the simplest thing to do (after you have established the sender and what the file is) is to read the content. Have they got your name right? Have they mentioned what you expect? Have they shown abnormal urgency for you to open the attachment? Have they got a professional demeanor within the email? Do they have a signature at the end of the email? But most of all does the email read right? If this person is doing business with you or vice versa, the email will have some formality and the person should have checked for any misspelling, or missed words. Obviously being human there is always room for mistakes, but if the whole email doesn’t read right, then you might want to rethink opening anything within it. For example, a little while ago I got an email saying my Apple account was breached and I needed an email change. The email looked convincing with the logo and link through. However, noticeably the email address was strange. Then with further inspection and actually reading the email the text was strange. It was like someone had put what they wanted to say in google translate and then copied it into the email. There were wrong spellings of words and sentences that were incomplete. Then in the footer was a different language and some strange legislation supposedly from Apple. Did I follow the link? No definitely not. I deleted the email and later logged into my account through the correct sources. There were no issues unsurprisingly. Also, something else you can do is confirm with the sender. Reply or create a new message and give a response just to clear everything up and prove it is genuine.
Links - If there are not only attachments but links in the email. Check the authenticity of these as well. You can do this by hovering over the link and a URL should appear. DO NOT click on it. Just hover over and see if it looks legitimate and recognisable. If it seems like the URL of a website for the company you are working with then that is a good sign. You can always go to a search engine and search the company to check.
Saving - If you really want to check the attachment because everything else mentioned seems trustworthy, there are ways. You will need an anti - virus program installed on your machine. The way we like to do this is: RIGHT click on the file and save it into a temporary location. Somewhere away from other files just in an empty folder will do. From here go to the location where it was saved. Right click again on the file and choose the option to scan it with your anti-virus software. This will only be effective if your software is up to date. It will give you an idea if the file holds anything nasty.

If ever in doubt do not open the attachment. We understand that business is important and opening files can be part of the back and forth between companies. But it is honestly better safe than sorry in this case. Having a virus can cause more effects than you realise. And in some cases, can shut down a whole business. If all else fails, pick up the phone and talk with the sender, this way you can confirm if the email is genuine. In a further post, we will list some of the most devastating Malware and what each of them do. Also giving details as to the experiences we have had with them. But for now, just politely check with the sender and follow the steps above if not. For more information, call us. We are happy to assist with prevention and to give some ideas on how to install processes or key information within your business so no harm comes to your systems.

Yell Scam

For those of you who aren’t familiar with Yell. Like the old directories, Yell hosts all company data. You can have a basic free appearance to add visibility to your business. Or you can pay to have a spot within a specified map region. This improves your visibility on Google and to people requiring your services in the area. The great thing about Yell is that you can monitor your progress, change your profile information, add photos and invite your customers to review you.
Another feature of Yell is that people can contact you asking for your services. Most of the time it is effective, you contact the person back and start creating a business relationship. However, a percentage of the time you receive marketing spam, or people trying to send you a virus and access your machine. It is very easy to fall into this trap. The hacker uses your weakness in that they know you want new business. Who doesn’t? This means you will potentially go out of your way to work with the potential customer.
How does the scam work?

They contact you through message on yell asking for you to email them with their personal email.
You email them using the email and then they reply. The reply will usually contain a link they want you to click on ‘to show you what they require’. Clicking links in emails is dangerous, let alone from someone you don’t know.
If you click the link it will either lead to a download of a virus, or for you to log in to some sort of account. Don’t do this! It is a fake page they have created to harvest your information. This is a phishing scam.
They will use your account information: potentially scamming you via taking funds, holding information hostage, or through downloading a virus of some sort, and controlling your machine.

How do you know it is a scam?

Here are some pictures showing you what happens. Of course, we didn’t click on the link and so we don’t know the exact scam this person was attempting to pull. But after scanning the link in the email out of curiosity, we realized it truly was a malicious link. There are other detailed cases of this happening.