Category: Guidance

How to Stay Safe on Public WI-FI

The first piece of advice is to avoid public Wi-Fi completely.

A public Wi-Fi network is inherently less secure than your home or office Wi-Fi because it is publicly available.

If you do need to use public Wi-Fi then pick one which needs a password and do not carry out any financial activity or buy anything or access your email or do anything else needing passwords.

If you want to be secure when using public Wi-Fi you will need a VPN (Virtual Private Network) installed on your devices.  These encrypt all communications between your devices and their target websites etc.

They also let you browse websites without anyone being able to track your location and activities.

Alternatively you can take your own Wi-Fi with you by using your mobile phone to create a Wi-Fi hotspot for your devices.

Points to Remember

  1. Leave Wi-Fi turned off until you need it.

When you’re finished working online, turn it off again.

  1. Turn Off File Sharing

If you have file sharing of any kind enabled then turn it off while on public Wi-Fi as it could be copying your confidential information to the Internet unencrypted.

  1. Keep Your Antivirus and Antimalware Up to Date

You must have anti-virus and ant-malware installed and make sure to keep them up to date or their effectiveness will diminish.

  1. Use https Websites where Possible

Https access is safer than http access so stick to those websites that have https versions where possible.

  1. Don’t Leave Your Devices Unattended in Public

You don’t want some accessing your laptop, smart phone or other device. Even if they don’t steal it, they may access your information or install a malicious APP

Stay Safe.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Santander Security Advice

Like the other big banks, Santander do offer advice to their customers on how to avoid the scourge of online fraud.

https://www.santander.co.uk/uk/help-support/security-centre/keeping-yourself-secure

Santander say “We take every step possible to keep your finances and personal details safe. However, you play an important role too. Together we can make life really difficult for would-be criminals”.

There is a list of common threats and a basic description of each and tips on staying safe online.

The common threats Santander focus on are:-

  • Remote Access Scam
  • Tech support scams
  • Telephone scam/courier scam
  • Free trial offer scam
  • Guide to Invoice Fraud
  • Text message phishing (smishing)
  • Phishing
  • Mule accounts
  • Cheque fraud
  • Investment fraud / share sale
  • 419 / advance fee fraud
  • Trojans (Malware)
  • Spoofing – The caller ID scam
  • Pension scams

If you’re a Santander customer, you can ask them for specific advice about staying safe online and if you find irregularities in your account then do let them know ASAP.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Fightback Ninja Signature

Check Who’s Using Your Wi-Fi

If your connection to your home Wi-Fi always seems sluggish – maybe someone is accessing it who shouldn’t be.

If you unplug the router for a few minutes, that will remove anyone connected to it, but only until you reconnect the router then your devices and possibly someone else can connect again.

If you think someone has access to your Wi-Fi who shouldn’t have, and knows the passcode then you need to change the passcode.

If there is still reason to suspect someone is accessing your WI-FI without your permission, then there are steps  you can take to identify the culprit.

Check the Router Access List

You will need to login to your router. The instructions when you got the router will tell you how to do this and it may also say on the back of the device. These instructions differ for each router.

You will need to know its IP address (plus login and password) and then you can access from any computer browser.

The router will show you a list of devices currently attached to it and usually enough information for you to recognise who the devices belong to.

You will see something similar to this

Wired Devices      
MAC Address IP Address Device Name Time Connected
54:21:XX:XX:XX:XX 195.179.0.2 Erica’s PC 2 days 4 hours 31 minutes
Wireless Devices      
54:21:XX:XX:XX:XX 190.161.0.9 Chromecast 45 minutes
54:21:XX:XX:XX:XX 190.161.0.8 Android Phone 140927271 1 day 12 minutes
54:21:XX:XX:XX:XX 190.161.0.7 iPAD 35 minutes

The device name will hopefully tell you enough to identify the owner of the device but if you have several Android phones in the house, for example, then it may not be enough.

What to do if you find an unauthorized device

If you have set the router to encrypt the data then make that change and try again.

If you still seem to have an interloper then that person must have hacking skills and you woiuld need to invest time and money in a network monitoring or employ an expert to trace the interloper for you.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

How to keep your home wi-fi safe

Internet broadband comes into your home by means of a cable from outside. That cable is connected to a small box in your home called a router.  That router allows you to have Wi-Fi and cable network connections for your computers and other devices including televisions, iPads, mobile phones etc.

Router Login

You can login to the router from your computer using an IP address and a login and password.

You cannot change its IP address but you can and should change the login and password as soon as possible.

How you make that change depends on the make of router you have, which is determined by broadband supplier but is generally a straightforward process. The instructions with the router will explain how to do this.

Do not write the password down and leave it near to the router and of course do not tell anyone who you do not wish to have access to your Wi-Fi.

The router has various settings which are probably fine when you first receive the device but you may need to change if getting conflicts with the neighbours Wi-Fi for example.

Your router may have remote management facilities meaning that the broadband supplier can access it to make changes. It may be best to turn off this feature, but that would mean your supplier cannot access it either.

Wi-Fi and Encryption

Login to your router.

Locate the “Wireless Security” or “Wireless Network” settings page.

Select WPA2-PSK encryption.

Choose a network name that doesn’t specify your house number or name.

Choose a strong network password or pass number i.e. one that no-one could guess.

Save these settings

You will need to reconnect your devices to the Wi-Fi using the new password or pass number.

Protect your router and Wi-Fi against outsiders.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Paypal Two Step Verification

Logins and passwords are normal practice to let a valid user identify themselves.

But there are times where this is not a strong enough security and two-factor security adds another layer, thereby making it much more difficult for anyone else to access your account.

Two factor security means that in addition to the password, another security code of some form is needed. In the case of PayPal, that second code is a pin number sent to your mobile phone.

For anyone to access your PayPal account they would need both your password and your mobile phone.

Two factor security is available on many online services and banks e.g. Facebook. Google, Apple etc. We’re using PayPal as an example.

How to Setup 2 Factor Security in PayPal

PayPal call this Security Key.

  1. Log into your PayPal account.
  2. If your mobile phone number has already been verified by PayPal then that step is complete, otherwise you will need to key in your mobile number and verify it for PayPal. This is done through the Account page off the Profile and Settings menu
  3. To activate PayPal Security Key go to Profile – Profile and Settings – Account Settings – Security and you can start the process.

Once completed, you will always need that phone when you want to access PayPal but you will be more secure.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Free Website Audit Report

There are numerous versions of the basic email message about a free website audit.

This is because most of these messages aren’t from professional scammers but from people desperate to get work in the fields of website design, search engine optimisation, digital advertising etc.

The problem with these emails is that they are often full of lies. People seem to think it is acceptable to lie when writing Sales/Marketing messages BUT IT ISN’T.

An example from one of the more courteous versions sent to the radio station.

 “Hope you are fine. I was going through your website and I found it impressive!!! However when I search for your business keywords I see your competitors ranked on 1st page whereas I am unable to see your website anywhere on the 1st page of Google.

Then lots of stuff about why you have to be on the 1st page of Google to be noticed.

The website URL is never mentioned therefore he hasn’t looked at it.

He hasn’t searched for our business keywords as he clearly doesn’t know what they are.

He says our competitors are on 1st page Google.

What competitors are those? He clearly has no idea.

Then a list of issues with our website and these issues are all very general as he has not looked at our site and hopes by luck to find a fault that either our site does have or one that would worry us.

  • Low online presence for many competitive keywords
  • Unorganised social media accounts
  • Not compatible with all mobile devices

Then he mentions the audit report for our website which he has already prepared and will send us free of charge.

There is software that will automatically analyse websites and prepare a list of recommendations.

Presumably he could use such software to prepare a report if we actually replied saying we wanted to see it.

The whole email is a pack of lies, sadly. The company name and email address seem to be genuine and based in India and Singapore but that’s the only true part.

If you want website design, SEO or other such services then find a local company that has good customer reviews and can provide what you want but never reply to or try working with people who send out such blatant lies.

If you want a free audit report of your website – there are numerous ones available on the Internet, but do understand the reports are generic and every website is different which the automatic reports cannot recognise.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

GDPR has Landed

GDPR is the latest EU regulation intended to give consumers better protection for their personal information held by government, businesses and any other organisations.

And today’s the day it becomes Law.

GDPR may make a worthwhile difference for consumers as it puts pressure (and the threat of large penalties) on businesses to use clear concise language, make it clear what they want your data for and exactly how it will be used, ensure they have your consent for such messages and give you an easy route to making them delete all personal information.

You’ve probably had requests recently in the post or online from businesses wanting to stay in touch with you after today. This is because from today they have to show that you chose to allow them to contact you – not just assume it was OK as often happened in the past.

Plus many are taking the opportunity to revamp their policies over Marketing messages etc.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

 

How Common are Ransomware Attacks

“Ransomware threat on the rise as almost 40% of businesses are attacked”.

Security firm Malwarebytes surveyed companies and found one-third of victims lost revenue as a result of a ransomware attack.

The downtime caused by the ransomware rather than the cost of paying the ransom is what can kill a business.

Malwarebytes™ (software company selling anti-malware products) released its “Second Annual State of Ransomware Report”. The multi-country study surveyed 1,054 companies with no more than 1,000 employees across North America, France, U.K., Germany, Australia, and Singapore. More than one-third of businesses have experienced a ransomware attack in the last year. Twenty-two percent of these impacted businesses had to cease operations immediately.

Key Findings

“Businesses of all sizes are increasingly at risk for ransomware attacks,” said Marcin Kleczynski, CEO, Malwarebytes. “However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise.

The impact of ransomware on SMBs can be devastating. For roughly one in six impacted organizations, a ransomware infection caused 25 or more hours of downtime, with some organizations reporting that it caused systems to be down for more than 100 hours. Further, among SMBs that experienced a ransomware attack, 22 percent reported that they had to cease business operations immediately, and 15 percent lost revenue.

For many, the source of ransomware is unknown and infections spread quickly. For 27 percent of organizations that suffered a ransomware infection, decision makers could not identify how the endpoint(s) became infected. Further, more than one-third of ransomware infections spread to other devices.

The most common source of ransomware infections in U.S.-based organizations was related to email use. Thirty-seven percent of attacks on SMBs in the U.S. were reported as coming from a malicious email attachment and 27 percent were from a malicious link in an email.

Seventy-two percent of respondents believe that ransomware demands should never be paid. Most of the remaining organizations believe that demands should only be paid if the encrypted data is of value to the organization. Among organizations that chose not to pay cybercriminals’ ransom demands, about one-third lost files as a result.

“It’s clear from these findings that there is widespread awareness of the threat of ransomware among businesses, but many are not yet confident in their ability to deal with it,” said Adam Kujawa, Director of Malware Intelligence, Malwarebytes. “Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

UK Government Cyber Essentials 10 Step Plan

 

This is a summary of the UK Government 10 step plan for Cyber Essentials, which is designed for organisations looking to protect themselves in cyberspace.

1.     Risk Management

Embed an appropriate risk management regime across the organisation. This should be supported by an empowered governance structure, which is actively supported by the board and senior managers. These should aim to ensure that all employees, contractors and suppliers are aware of the approach, how decisions are made, and any applicable risk boundaries.

2.     Secure Configuration

Identify baseline technology builds and processes for ensuring configuration management can greatly improve the security of systems. Develop a strategy to remove or disable unnecessary functionality from systems, and to quickly fix known vulnerabilities.

3.     Network Security

The connections from your networks to the Internet, and other partner networks, expose your systems and technologies to attack. By creating and implementing some simple policies and appropriate architectural and technical responses, you can reduce the chances of these attacks succeeding. Your organisation’s networks may use of mobile or remote working, and cloud services, makes defining a fixed network boundary difficult.

4.     Managing User Privileges

All users should be provided with a reasonable (but minimal) level of system privileges and rights needed for their role. The granting of highly elevated system privileges should be carefully controlled and managed.

5.     User Education and Awareness

It’s important that security rules and the technology provided enable users to do their job as well as help keep the organisation secure. This can be supported by a systematic delivery of awareness programmes and training that deliver security expertise as well as helping to establish a security-conscious culture.

6.     Incident Management

Invest in establishing effective incident management policies and processes to help to improve resilience, support business continuity, improve customer and stakeholder confidence and potentially reduce any impact.

7.     Malware Prevention

Malicious software, or malware is an umbrella term to cover any code or content that could have a malicious, undesirable impact on systems. The risk may be reduced by developing and implementing appropriate anti-malware policies as part of an overall ‘defence in depth’ approach.

8.     Monitoring

System monitoring provides a capability that aims to detect actual or attempted attacks on systems and business services. Monitoring allows you to ensure that systems are being used appropriately in accordance with organisational policies.

9.     Removable Media Controls

Removable media provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. You should be clear about the business need to use removable media and apply appropriate security controls to its use.

10.Home and Mobile Working

Mobile working and remote system access offers great benefits, but exposes new risks that need to be managed. You should establish risk based policies and procedures that support mobile working or remote access to systems that are applicable to users, as well as service providers.

https://www.ncsc.gov.uk/guidance/10-steps-cyber-security has further information.

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

Why You Need Double Opt-In Marketing

With single opt-in, you let people sign up to your newsletter, subscription or whatever by simply clicking once on a link or filling in a contact form etc.

But double opt-in takes this a stage further and you have to get the person to either return an email confirming their registration or  click on another link in an email to confirm.

Hence it is a two-step process to register.  This extra step will mean you lose some people, who would have otherwise registered with just the single opt-in, but there are advantages to double opt-in and it becomes law in May 2018 with the European Directive General Data Protection Regulation (GDPR).

From May 2018, consent for processing personal data and any Marketing communications must be freely given and unambiguous i.e.no pre-ticked boxes, generic descriptions or over complicated terms and conditions.

GDPR also states that companies must keep a record of how and when the customer gave such consent. The double opt-in method is considered the easiest way to comply.

If you’re offering incentive to get people to sign up to your subscription or newsletter etc. then there are likely to be many people who sign up but with fake email addresses and spambots that try to sign up.  This means that many of the email addresses on your list will be bogus and hence you will be wasting your time sending out emails to them.

Double opt-in takes care of this as only people who give correct email addresses will sign up and if the second stage of confirmation has not put them off then you have a better quality email list.

So, double-opt-in as well as becoming a legal requirement may actually help you.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature