Category: Guidance

How to keep your home wi-fi safe

Internet broadband comes into your home by means of a cable from outside. That cable is connected to a small box in your home called a router.  That router allows you to have Wi-Fi and cable network connections for your computers and other devices including televisions, iPads, mobile phones etc.

Router Login

You can login to the router from your computer using an IP address and a login and password.

You cannot change its IP address but you can and should change the login and password as soon as possible.

How you make that change depends on the make of router you have, which is determined by broadband supplier but is generally a straightforward process. The instructions with the router will explain how to do this.

Do not write the password down and leave it near to the router and of course do not tell anyone who you do not wish to have access to your Wi-Fi.

The router has various settings which are probably fine when you first receive the device but you may need to change if getting conflicts with the neighbours Wi-Fi for example.

Your router may have remote management facilities meaning that the broadband supplier can access it to make changes. It may be best to turn off this feature, but that would mean your supplier cannot access it either.

Wi-Fi and Encryption

Login to your router.

Locate the “Wireless Security” or “Wireless Network” settings page.

Select WPA2-PSK encryption.

Choose a network name that doesn’t specify your house number or name.

Choose a strong network password or pass number i.e. one that no-one could guess.

Save these settings

You will need to reconnect your devices to the Wi-Fi using the new password or pass number.

Protect your router and Wi-Fi against outsiders.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Paypal Two Step Verification

Logins and passwords are normal practice to let a valid user identify themselves.

But there are times where this is not a strong enough security and two-factor security adds another layer, thereby making it much more difficult for anyone else to access your account.

Two factor security means that in addition to the password, another security code of some form is needed. In the case of PayPal, that second code is a pin number sent to your mobile phone.

For anyone to access your PayPal account they would need both your password and your mobile phone.

Two factor security is available on many online services and banks e.g. Facebook. Google, Apple etc. We’re using PayPal as an example.

How to Setup 2 Factor Security in PayPal

PayPal call this Security Key.

  1. Log into your PayPal account.
  2. If your mobile phone number has already been verified by PayPal then that step is complete, otherwise you will need to key in your mobile number and verify it for PayPal. This is done through the Account page off the Profile and Settings menu
  3. To activate PayPal Security Key go to Profile – Profile and Settings – Account Settings – Security and you can start the process.

Once completed, you will always need that phone when you want to access PayPal but you will be more secure.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Free Website Audit Report

There are numerous versions of the basic email message about a free website audit.

This is because most of these messages aren’t from professional scammers but from people desperate to get work in the fields of website design, search engine optimisation, digital advertising etc.

The problem with these emails is that they are often full of lies. People seem to think it is acceptable to lie when writing Sales/Marketing messages BUT IT ISN’T.

An example from one of the more courteous versions sent to the radio station.

 “Hope you are fine. I was going through your website and I found it impressive!!! However when I search for your business keywords I see your competitors ranked on 1st page whereas I am unable to see your website anywhere on the 1st page of Google.

Then lots of stuff about why you have to be on the 1st page of Google to be noticed.

The website URL is never mentioned therefore he hasn’t looked at it.

He hasn’t searched for our business keywords as he clearly doesn’t know what they are.

He says our competitors are on 1st page Google.

What competitors are those? He clearly has no idea.

Then a list of issues with our website and these issues are all very general as he has not looked at our site and hopes by luck to find a fault that either our site does have or one that would worry us.

  • Low online presence for many competitive keywords
  • Unorganised social media accounts
  • Not compatible with all mobile devices

Then he mentions the audit report for our website which he has already prepared and will send us free of charge.

There is software that will automatically analyse websites and prepare a list of recommendations.

Presumably he could use such software to prepare a report if we actually replied saying we wanted to see it.

The whole email is a pack of lies, sadly. The company name and email address seem to be genuine and based in India and Singapore but that’s the only true part.

If you want website design, SEO or other such services then find a local company that has good customer reviews and can provide what you want but never reply to or try working with people who send out such blatant lies.

If you want a free audit report of your website – there are numerous ones available on the Internet, but do understand the reports are generic and every website is different which the automatic reports cannot recognise.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

GDPR has Landed

GDPR is the latest EU regulation intended to give consumers better protection for their personal information held by government, businesses and any other organisations.

And today’s the day it becomes Law.

GDPR may make a worthwhile difference for consumers as it puts pressure (and the threat of large penalties) on businesses to use clear concise language, make it clear what they want your data for and exactly how it will be used, ensure they have your consent for such messages and give you an easy route to making them delete all personal information.

You’ve probably had requests recently in the post or online from businesses wanting to stay in touch with you after today. This is because from today they have to show that you chose to allow them to contact you – not just assume it was OK as often happened in the past.

Plus many are taking the opportunity to revamp their policies over Marketing messages etc.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

 

How Common are Ransomware Attacks

“Ransomware threat on the rise as almost 40% of businesses are attacked”.

Security firm Malwarebytes surveyed companies and found one-third of victims lost revenue as a result of a ransomware attack.

The downtime caused by the ransomware rather than the cost of paying the ransom is what can kill a business.

Malwarebytes™ (software company selling anti-malware products) released its “Second Annual State of Ransomware Report”. The multi-country study surveyed 1,054 companies with no more than 1,000 employees across North America, France, U.K., Germany, Australia, and Singapore. More than one-third of businesses have experienced a ransomware attack in the last year. Twenty-two percent of these impacted businesses had to cease operations immediately.

Key Findings

“Businesses of all sizes are increasingly at risk for ransomware attacks,” said Marcin Kleczynski, CEO, Malwarebytes. “However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise.

The impact of ransomware on SMBs can be devastating. For roughly one in six impacted organizations, a ransomware infection caused 25 or more hours of downtime, with some organizations reporting that it caused systems to be down for more than 100 hours. Further, among SMBs that experienced a ransomware attack, 22 percent reported that they had to cease business operations immediately, and 15 percent lost revenue.

For many, the source of ransomware is unknown and infections spread quickly. For 27 percent of organizations that suffered a ransomware infection, decision makers could not identify how the endpoint(s) became infected. Further, more than one-third of ransomware infections spread to other devices.

The most common source of ransomware infections in U.S.-based organizations was related to email use. Thirty-seven percent of attacks on SMBs in the U.S. were reported as coming from a malicious email attachment and 27 percent were from a malicious link in an email.

Seventy-two percent of respondents believe that ransomware demands should never be paid. Most of the remaining organizations believe that demands should only be paid if the encrypted data is of value to the organization. Among organizations that chose not to pay cybercriminals’ ransom demands, about one-third lost files as a result.

“It’s clear from these findings that there is widespread awareness of the threat of ransomware among businesses, but many are not yet confident in their ability to deal with it,” said Adam Kujawa, Director of Malware Intelligence, Malwarebytes. “Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

UK Government Cyber Essentials 10 Step Plan

 

This is a summary of the UK Government 10 step plan for Cyber Essentials, which is designed for organisations looking to protect themselves in cyberspace.

1.     Risk Management

Embed an appropriate risk management regime across the organisation. This should be supported by an empowered governance structure, which is actively supported by the board and senior managers. These should aim to ensure that all employees, contractors and suppliers are aware of the approach, how decisions are made, and any applicable risk boundaries.

2.     Secure Configuration

Identify baseline technology builds and processes for ensuring configuration management can greatly improve the security of systems. Develop a strategy to remove or disable unnecessary functionality from systems, and to quickly fix known vulnerabilities.

3.     Network Security

The connections from your networks to the Internet, and other partner networks, expose your systems and technologies to attack. By creating and implementing some simple policies and appropriate architectural and technical responses, you can reduce the chances of these attacks succeeding. Your organisation’s networks may use of mobile or remote working, and cloud services, makes defining a fixed network boundary difficult.

4.     Managing User Privileges

All users should be provided with a reasonable (but minimal) level of system privileges and rights needed for their role. The granting of highly elevated system privileges should be carefully controlled and managed.

5.     User Education and Awareness

It’s important that security rules and the technology provided enable users to do their job as well as help keep the organisation secure. This can be supported by a systematic delivery of awareness programmes and training that deliver security expertise as well as helping to establish a security-conscious culture.

6.     Incident Management

Invest in establishing effective incident management policies and processes to help to improve resilience, support business continuity, improve customer and stakeholder confidence and potentially reduce any impact.

7.     Malware Prevention

Malicious software, or malware is an umbrella term to cover any code or content that could have a malicious, undesirable impact on systems. The risk may be reduced by developing and implementing appropriate anti-malware policies as part of an overall ‘defence in depth’ approach.

8.     Monitoring

System monitoring provides a capability that aims to detect actual or attempted attacks on systems and business services. Monitoring allows you to ensure that systems are being used appropriately in accordance with organisational policies.

9.     Removable Media Controls

Removable media provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. You should be clear about the business need to use removable media and apply appropriate security controls to its use.

10.Home and Mobile Working

Mobile working and remote system access offers great benefits, but exposes new risks that need to be managed. You should establish risk based policies and procedures that support mobile working or remote access to systems that are applicable to users, as well as service providers.

https://www.ncsc.gov.uk/guidance/10-steps-cyber-security has further information.

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature