Shopping online is very convenient. You can click here and there and order whatever product you desire and have it delivered to your front door. You can compare pricing, look for deals, compare products, and it all can be done quickly and in the convenience of your own home, any time, night or day. The downfall? Wherever there is money and users to be found, there are malicious hackers roaming around.
Use familiar web sites. You need to be aware of the safer online shops, like Amazon. One tactic favored by malicious hackers is to set up their own fake shopping websites. Fake websites can either infect you the moment you arrive on them by way of malicious links. However, the most dangerous aspect you should be concerned about is the checkout process. Completing a checkout process will give cybercriminals your most important information: credit card data (including security number), name, and address. This opens you up to credit card fraud or social engineering attacks.
What are some key things to be aware of as you’re shopping? “Sticking with popular brands is as good as any advice when shopping online. Not only do you know what you’re getting by way of quality and price, but you also feel more confident that these well-established names have in place robust security measures. Their efforts can be quite remarkable, as researchers at Google and the University of San Diego found last year.”1
A few things to be aware of:
- Leery URL’s such as “coach-at-awesome-price.com” or “the-bestonlineshoppingintheworld.com”
- A strange selection of brands – as an example, the website claims to be specialized in clothes but also sells car parts or construction materials
- Strange contact information. If the email for customer service is “email@example.com” instead of “firstname.lastname@example.org” then you should be suspicious that online shop is fake
- Are prices ridiculously low? An online shop that has an iPhone 7 at $75 is most likely trying to scam you
The old adage “if it seems too good to be true, it probably is,” rings true in this case, and it’s best to steer clear of these sites.
Use Secure Connections. Wi-Fi has some serious limitations in terms of security. Unsecured connections allow hackers to intercept your traffic and see everything you are doing on an online shop. This includes checkout information, passwords, emails, addresses, etc.
Before You Buy Online…
- If the connection is open and doesn’t have a password, don’t use it.
- If the router is in an exposed location, allowing people to tamper with it, it can be hacked by a cybercriminal. Stay away.
- If you are in a densely-crowded bar with dozens of devices connected to the same Wi-Fi hotspot, this can be a prime target for an enterprising cybercriminal who wants to blend in and go unnoticed. Continue to socialize, don’t shop.
Access secure shopping sites that protect your information. If you want to purchase from a website, make sure it has SSL (secure sockets layer) encryption installed. The site should start with https:// and you should notice the lock symbol is in the address bar at the top.
Update your browser, antivirus and operating system. One of the more frequent causes of malware is unpatched software. Online shoppers are most at risk due to the sensitive information involved. At a minimum, make sure you have an updated browser when you are purchasing online. This will help secure your cookies and cache, while preventing a data leakage. You’ll probably fuss over having to constantly update your software because it can be a time consuming operation, but remember the benefits.
Always be aware of your bank statement. Malicious hackers are typically looking for credit card data, and online shops are the best place for them to get their hands on such information. Often times, companies get hacked and their information falls into the hands of cybercriminals.
For this reason, it’s a good habit to review your bank account and check up on any suspicious activity.
“Don’t wait for your bill to come at the end of the month. Go online regularly and look at electronic statements for your credit card, debit card, and checking accounts. Make sure you don’t see any fraudulent charges, even originating from sites like PayPal. If you do see something wrong, pick up the phone to address the matter quickly. In the case of credit cards, pay the bill only once you know all your charges are accurate. You have 30 days to notify the bank or card issuer of problems.”2
Using a credit card vs. a debit card is safer. Credit cards have additional legal defenses built in that make them safer to purchase online compared to debit cards. With credit cards, you aren’t liable if you are a victim of a fraudulent transaction, so long as you report the fraud in a timely manner. Secondly, credit cards give you leverage when it comes to disputing transactions with a seller. If you pay with a debit card, you can’t get your money back unless the seller agrees to it. With credit cards, the money you paid for a product isn’t counted against you until due process is complete, debit card holders however can only get their money back after this step. Ultimately, banks are much more protective of credit cards since it’s their money on the line, not yours.
Additional tips for safety:
- Never let someone see your credit card number – it may seem obvious, but never keep your PIN number in the same spot as your credit card
- Destroy and delete any statements you have read
- Notify your credit card issuer of any address change. Doing so will prevent them from sending sensitive files to the previous address
- Keep confirmation numbers and emails for any online purchases you may have done
- Immediately call your credit card company and close your account if you have lost or misplaced a credit card
Use antivirus protection. The most frequent tip on how to be safe online is to use a good antivirus tool. It will keep you safe against known malware. ”Before you begin shopping, outfit your phone or tablet with mobile security software. Look for a product that scans apps for viruses and spyware, blocks shady websites, provides lost-device protection and offers automatic updates.”3
Do not purchase from spam or phishing emails. A phishing email with a fake offer for a desirable product is a hard thing to resist for many shoppers, so they make an impulsive decision and click on the “Order Product” or “Buy Now”, and that’s when the malware attack starts. A phishing email is not like a standard email. The cybercriminal simply wants your click, and nothing else. The Unsubscribe button won’t stop the email spam. The best solution in these cases is for you to simply mark the email as spam, this will remove the mail from your inbox and block the sender from sending more spam.
Keep a record of your transactions. If you are a frequent online shopper, it may be difficult to remember from which site you bought a certain product. So, write it down: what you bought, when and from what website. Compare your spending details with the banking records from your online banking account, keep track of which websites you use for shopping and buying stuff online.
Hold on to your receipts and destroy them when you no longer need them. Keep the receipt for your purchase, just in case you need to confirm it again, as well as for warranty and return issues. If you want to get rid of receipt, make sure to destroy it completely, so that any possible identity thief won’t be able to find any information about you.
Don’t give out more private information than you need to. ”In order to shop online you need to provide two types of information: payment information, such as credit card data, and shipping location, which is usually your home or work address. Be suspicious of online shops that ask for information such as: date of birth, social security number or any other similar information. They don’t need it in order to sell you things.”4
Don’t keep too much information on your smartphone. These days, everybody stores a lot of important personal information on their phone, and most of us rarely take the time to secure them. These devices are now much less about calling people, and more about photos, social media, etc. Increasingly, people shop online using their smartphone, but this carries its own risks. Fake online shops can infect your smartphone with malware, and then have access to information such as phone numbers, notes, photos, and even app contents. Be careful what information you store on your smartphone.
If you take a few safety precautions, you can enjoy the convenience of technology with peace of mind while you shop online.
1 https://www.welivesecurity.com – ESET Security Forum
3 http://www.trendmicro.co.uk/home/internet-safety-for-kids/smart-mobile-tips-for-online-shopping/ – TrendMicro
https://staysafeonline.org – Powered by National Cyber Security Alliance
https://www.americanbar.org – American Bar Association
Bryley technicians recently assisted one of our clients from what could have been a serious situation. The client’s server went down, and Bryley techs responded quickly to the matter. Actions were performed onsite, but further testing needed to be performed back at the Bryley Office.
It was determined that the client’s server was overheating and needed to be replaced or they risked losing their data. Luckily, Bryley had a spare server that ran on a similar operating system, so technicians were able to move it over and recover their information. The client was pleased to have their data recovered and is conducting regular backups.
We are extremely fortunate to recover their data, but this case highlights the importance of regular checks of one’s equipment as well as conducting backups on a reliable service, such as Bryley’s. Let Bryley help you double-check your IT infrastructure, recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent data loss. Contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here to help.
When we think of worms, most of us think of the creature that helps our gardens thrive, however, in the technology field the word “worm” strikes fear into many a technology user. This particular form of malware has caused billions of dollars in damages in the last decade alone!1 Using Symantec’s definition, worms are “programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file.”1 Some liken it to a chain letter that no one wants, but is far more insidious and damaging.
“They make your computer more vulnerable to future attack, because every machine with a worm infection is broadcasting to the entire Internet that it can be taken over by anyone who cares to copy the method the worm used. Also some viruses and worms disable standard security measures, or install their own back-door services that allow other people to use your computer over the Net.”2
The first known worm was the Morris worm in 1988, named after Robert Morris, a student at M.I.T. While the worm was initially harmless, it “quickly began replicating copies of itself onto Internet servers of the day (predating the World Wide Web), eventually causing them to stop working due to exhaustion of resources.”3
In 2001 a worm by the name “Nimda” (admin spelled backwards), infected nearly 2.2 million servers and PCs within a 24-hour period through a multi-pronged approach including searching for unpatched applications, sending an infected mass email to a victim’s contact list, and downloading from a compromised website.4 This worm caused over $635 million in damages and dramatically decreased internet speeds and wreaked havoc on a user’s email account.
One of the more powerful attributes of a worm is its ability to propagate seemingly by itself, with little to no human interaction. This makes it ideal for cyber warfare. A prime example of this is the 2010 attack on Iran; the United States and Israel created what is now known as the Stuxnet worm to attack Iran’s nuclear enrichment program. By the time the worm was discovered and expelled from their infrastructure, 984 uranium enriching centrifuges were destroyed, setting Iran’s nuclear weapons program back by approximately 2 years!5
How does it spread?
What makes worms so dangerous and insidious is that once it is on your machine, it can wreak havoc without the user’s knowledge. Once the initial sequence is started (opening an attachment, clicking on a link, etc.), the worm will move on its own through the system, impeding the user’s activity. Worms also infect other machines by self-replicating and sending mass emails through the infected users’ email contacts.1 Oftentimes, victims think they are simply opening an attachment from a friend or acquaintance so their guard is down.
How do you know when you have a worm? There are several key symptoms that may indicate you have been infected:
- Emails sent without consent. If you are contacted by an individual in your contact list about a strange email you sent, but have no recollection of, you may be a victim of a worm.
- Software suddenly appearing on your desktop. If you notice that applications are suddenly appearing on your desktop, or have been removed, that’s a red flag that your machine may be compromised.
- Slow computer performance. If infected, your machine may run slower as the worm needs memory to effectively run and propagate.
- Pop-ups galore. If you are seeing numerous pop-ups and messages, it’s a surefire sign that you have a worm or virus on your machine.
- New windows open when connecting to the internet. A common symptom of an attack or worm is when you connect to the internet and it opens a new window that you did not request.
How to protect against worms
So, what can you do to prevent such an attack from occurring?
- Be cautious around attachments. Even if you recognize the sender, be cautious if they send you an unexpected email with an attachment and a vague subject line (“You have to see this!”). Be extremely cautious if you don’t recognize the sender.
- Perform regular updates. Their intended purpose is to quickly push out fixes to bugs that may be occurring and create a safe computer environment. When you browse the internet, your computer is at the mercy of its current protective measures. Viruses, malware and rootkits are always on the search for security holes to exploit and gain entry to your personal data. While the best antivirus software would prevent this from ever happening, in order to accomplish such a goal, you need to perform recommended updates.
Working with a managed IT service provider (MSP) can remove a lot of the burden and take away the mystery of proactive measures to protect your business.
Protecting your company’s data and infrastructure should be a top priority, but you do not need to do it alone. Let the Bryley experts help protect your company’s data and infrastructure. Please contact us at 844.449.8770 or by email at ITExperts@Bryley.com.
Hudson-based Bryley Systems and Bryley client, Stow-based Warren Insurance, together raised funds for the Hudson Boys & Girls Club. The donation was generated through Bryley’s refurbished computer program. Bryley donates a refurbished computer in exchange for a donation made to a local charity – generally the Hudson Boys & Girls Club or the Hudson Food Pantry.
With the cold weather quickly approaching it’s important to take care of your machines. While we all appreciate and like a warm working environment, it’s important not to place devices too close to heating devices.
A client of ours mistakenly left a space heater on overnight and came into work the next day to find the front bezel (front of the computer) had melted. The ports on the front, including power and USB, no longer function. This could have been a lot worse, with potential for fire.
This is a good reminder to double-check that everything is off before leaving for the day, and to make sure you leave ample space between your computers and heaters.
We know that budgeting can be a daunting task. That is why the Bryley Systems’ motto is “Dependable IT at a Predictable Cost”. Our fixed-price IT support programs make IT budgeting a breeze.
We understand that in order to have an accurate, working budget, the finance and IT teams need to come together to get an idea of the full picture.
Why does IT budgeting matter?
Without a budget, IT leaders will have to justify every IT expenditure as it arises, creating unnecessary bottlenecks. Furthermore, “you may be forced to request and justify every IT expenditure as it arises, which makes for significant unnecessary overhead. Smaller organizations may find themselves willingly migrating into a periodic budgeting process, as IT expenditures that were once simply spent as incurred, or justified with a 30-second hallway conversation, blossom into significant IT spending that can be consolidated and made more transparent through a budgeting process.”1
IT budgeting affects more than just your department
When creating an IT budget, it’s important to think of how it will tie into other departments. The budget will directly impact employees and initiatives that your organization has. It’s easy to see the budget as a mere spreadsheet. But remember, there are real consequences for every number that is either increased or decreased.
Think of IT budgeting as financial planning
Consider IT spending as an investment for your organization’s future, much in the same way as you would with your personal financial planning. “Only after gaining an understanding of the organization’s short- and long-term goals can [business leaders] help ensure that the organization is aligning its IT strategy with its business strategy, resulting in the right IT investment decisions.”2 Consider, “What is the organization’s cash flow? How will IT spending impact the organization’s overall capital and operating budgets? Are any major projects on the horizon that might impact the IT infrastructure? Remember to consider both the financial and non-financial implications of IT-related initiatives.”2 Another aspect that should not be overlooked is the human component. Does the organization plan on making any changes that could impact an employee’s ability to fully utilize new software? And, how will new initiatives impact employees’ work lives?
Creating budgets also helps to establish and understand priorities. “Instead of looking at the budget solely as an administrative process, regard it as a validation and support tool for your IT strategy. If you don’t have a formal or informal IT strategy in place, the budgeting process is as good a place as any to start investigating areas for improvement that will be cornerstones of your first attempts at more strategic IT management.”1
Align IT with organizational strategy
IT budgeting should not be performed in a bubble; but rather performed with the entire organization in mind. Once the IT budget is prepared, compare it to the overall budget to ensure the goals are aligned. Key questions to ask are “Do the selected IT initiatives align with and support the organization’s strategic objectives? Should any initiatives that weren’t selected for the budget be reconsidered? Would any of the organization’s strategic initiatives make one of the selected IT initiatives obsolete?”2 It is best to think of your IT budget in three sections:
- Run – What it takes to keep the organization running. This should be the last place to trim as doing so could create unnecessary operational risk. Items included in this group are considered mission-critical: server replacements, key software upgrades, personnel costs.
- Grow – introduce new capabilities and improve existing ones. These are often more flexible and are easily added or trimmed depending on cash flow. Items in this section include implementing new software for optimization, purchasing a firewall for additional protection, and upgrading the website to attract more customers.
- Transform – This is more of a long-term project for research and development endeavors. Unless associated with key organizational initiatives, these are the first to be cut when budgets are trimmed. These initiatives are ones in which the organization believes it will benefit from in the future. Examples include new product offerings, , redundancy, , and the like.
Tips and best practices
When considering the impact the budget will have on the organization as a whole, it is imperative to put forth significant time and due diligence into its creation. It’s too simple to see the budgeting exercise as just another painful administrative duty that one must accomplish. But it is really much more than that. A budget “is the financial manifestation of the strategy and direction your department or organization will take over the coming year.”1
- Use last year’s budget. This will give you a rough idea of what you want the upcoming budget to look like. It will also provident insight into areas to pad as well as those that can be reduced.
- Spreadsheets are your friends. Excel spreadsheets will prove invaluable when it comes to updating and creating a budget. It is beneficial to have previous years’ budgets listed as it will indicate long-term trends and the ability to predict future expenses.
- Factor in slack. Once a budget is set, it is generally difficult to go back for more funds. Consider, carefully, the amounts requested to ensure they are sufficient to accomplish the objectives.
- Seek expert advice. You can’t be expected to know everything about the realm of IT and budgeting, so don’t be afraid to seek out the advice of experts. They will offer guidance and work with you to identify key initiatives and allocations for your future success.
Creating an IT budget can be a daunting task, but you are not alone. Bryley Systems’ experts will work with you to determine your priorities and build a budget accordingly. It’s easy with our fixed-price IT support programs.
We are your technology partner. Please contact us at 844.449.8770 or by email at ITExperts@Bryley.com.
We’re here for you with “Dependable IT at a Predictable Cost.”