How To Use Public Wi-Fi Securely!

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 17 April 2017

Do you have frequent coffee meetings with colleagues or clients and need to access company information using the cafés free Wi-Fi?  DON’T! Have you ever used free Wi-Fi to log into your online banking? DON’T! Public Wi-Fi is not safe and hackers love to take full advantage of this.

Wi-Fi hotspots are incredibly practical for us be it for social media scrolling, work and private email checking and other business needs. However, they are a potential risk and are just as handy for attackers to steal your private information.

Below are some tips to secure your information if you need to use free Wi-Fi in public places.

Tips to minimise your risk

1. Be smart – Firstly, be aware that any information you send over Wi-Fi hotspots is up for grabs to anyone who has even a bit of an IT background. Your online banking details, usernames and passwords are all out in the open. Try not to use sensitive information or visit anything private whilst using free hotspots.
2. Check Authenticity – Be careful to which hotspot you are connecting. It is possible for a malicious actor to put their own hotspot in place and perhaps disguise as the cafés Wi-Fi. A popular name is ‘_FreeWi-Fi’ as the punctuation puts the hotspot to the top of the list and we are all guilty of being distracted by the word ‘Free’. If you connect through an attacker’s hotspot then everything you do will be recorded by them. Make sure to verify with the café, restaurant, library etc on the name of their network and the password before connecting to any Wi-Fi.

3. Disable File Sharing – If you are a Windows user, make sure to turn off file sharing and mark the connection as a public network. To do this: Control Panel > Network and Sharing Center > Change Advanced Sharing Settings and uncheck the file sharing option. Another extra precaution is to turn on Windows Firewall by: Control > System and Security > Windows Firewall
4. Over HTTPS – Ensure that the sites you are accessing are over HTTPS by looking at the address bar or for the security lock sign.
5. Patch! Patch! Patch! – Always have software up-to-date so that no current exploit can be used against you. Regarding Wi-Fi, keep your web browser, software, anti-virus and other internet-connected devices are all patched.
6. Two-Factor Authentication – It is always good practice to use two factor authentications where you can. If a hacker could obtain your password then there is another layer of protection in place that they will not be able to get past.
7. Use a VPN – A Virtual Private Network encrypts all traffic and ensures a safe way of using the Internet. It also masks your IP address so that phishing and man-in-the-middle attacks are reduced.
8. Log off and Forget– Once you have finished using the Wi-Fi connection, log off from any services you were using and forget the network. This prevents your phone from automatically connecting to it again when you are within range. Remember to always turn off your Wi-Fi if you are not using it to stop it from connecting to random open hotspots when you are out and about. Another tip that helps with this is to disallow your device to connect automatically within your Wi-Fi settings.

Security for us is not only when you have a strong password. Security for businesses is not only what happens within the company building. Protecting yourself and your business is an ongoing process. The tips above can help everyone reduce their risk of attack and loss of personal information and sensitive data to crafty hackers lurking in public areas.

Relax. Your security is Intact.

Author: Intact Security

Google


How To Tell If You Are Under Attack!

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 13 February 2017

35% of all cyber attacks are never detected and 54% of attacks go unnoticed for months, even years, leaving the bad guy to continually access your systems to steal more and more information every day. Not sure if you have been breached? Don’t know how to identify an attack within your systems? Below is a list of advice to help discover if your company is under attack.

  • There has been a sudden rise in your network traffic. It could be one of two things; your new blog post is extremely interesting or you are under attack.
  • An escalation of malformed data packets has been sent through your network and a large amount have been caught by your firewall.
  • An increase in failed log in attempts have been logged. An attacker may be trying to brute force into your network or application.
  • After monitoring your network for some time, day-to-day trends appear. However, lately the patterns in your traffic have been inaccurate. You should investigate further into this matter.
  • Alerts have been picked up by your Intrusion Detection System (IDS), but IT have not had the time to examine them all. Ensure that all priority alerts are handled first.
  • There has been unusual activity within accounts including administrative, such as the time they authenticated, actions that were carried out, what information they were accessing/editing.
  • Everything within System32 has a Microsoft signature. If something is running from System32 without the signature then it is malware.

Other behaviour all employees should be aware of:

  • Your work machine has got extremely slow at even completing the simplest of tasks.
  • New programs that you did not install are now present.
  • Your anti-virus has stopped running. To avoid detection, an attacker may disable your anti-virus so they can continue being undetected.
  • Fake emails from co-workers that contain attachments. These attachments could contain malicious software such as ransomware.
  • Random acts happening on your screen that are not in your control; e.g movement of your cursor which is landing correctly and performing actions.
  • Passwords for accounts have been changed.
  • Your web camera light comes on when you are not using it.

Even if your computer is functioning, does not mean that you have not been breached. It is important to report any peculiar signs to your IT team.

In 2017, cyber attacks are becoming as common as breathing. There is no way to completely obliterate the risk of being hacked but if you are smart about your security and vigilant of the pit falls, you will certainly decrease your chance of attack greatly. What do you do if you have been breached? Read next week’s issue to find out.

Still not convinced that you will get breached? Fortinet track real-time threats across the world that our caught by their customers’ FortiGate firewalls. To see the live global threat map, click here!

Relax. Your security is Intact.

Author: Intact Security

Google