Education, advice and information you can use in your business.

Facebook Data Breach: 3 Things to Do Now

facebook-app-results-matter-cloud-services-source-pixabay-lobo-studio-hamburg

The security breach was announced on September 28 by Facebook and affected at least 50 million users. The attackers exploited bugs in the platforms “View As” privacy feature, which occurred in July 2017, when Facebook introduced a new video uploader.

The uploader feature appearing as active in the “View As” feature and created an access token, which was not supposed to happen. Access tokens provide a key to keep users logged into their accounts and to provide access to other platforms. This is a convenience to reduce the need to enter login credentials.

What to do now? Reconsider the use of the Facebook login feature. Using the login feature of platforms or reusing the same password across various is not work the risk taken for the small amount of convenience.

Check your privacy settings and credential recovery options on Facebook and your other platforms. Ensure you know how they are configured and update them. Facebook had a security update post in their developer’s blog suggesting user visit the “Security and Login” tab on the sites settings menu to review platforms connected through Facebook.

Change your password to something hard to guess and unique.  This breach apparently did not get passwords but access tokens instead. It will do no harm to update your password on Facebook and your other platforms.

Enable 2FA (two-factor authentication) using a third party app like Google Authenticator or Authy, both of which are free. Two-factor authentication requires you do something to verify identify beyond supply a password. There is the option to receive an e-mail or text message but using an app may reduce the risk from the 2FA messages being intercepted.

Turning on notifications for every login to your accounts across platforms could seem like over kill, in the beginning. It does settle down once you establish the pattern of where and when you login. Knowing that helps to keep you informed.

Sources

  • https://www.darkreading.com/threat-intelligence/when-facebook-gets-hacked-everyone-gets-hacked/d/d-id/1332953
  • https://www.fastcompany.com/90245345/facebook-data-breach-4-simple-steps-to-stay-safer-right-now
  • https://www.fastcompany.com/90219499/att-gets-sued-over-two-factor-security-flaws-and-23m-cryptocurrency-theft
  • Image: Pixabay, LoboStudioHamburg

Passwords Must Be Unique For Each Website or App – MyFitnessPal

The MyFitnessPal app suffers a data breach. What does that have to do with your business? You need to make sure you continue to educate your work team about the importance of having different passwords for accounts you use for work vs accounts you use personally.  If a member of your team used the same password to access MyFitnessPal as is used to access websites related to work, you could be at increased risk.

The 3 things you need to do:

  1. Discuss passwords with your team. Moving from awareness to action improves when you can make it real. This is real.
  2. Have a common sense security policy that is understood, implemented and test it. Moving to compliance starts with education and repeat offenders need to be treated seriously.
  3. Review your security strategy. If you don’t have a strategy for cyber security you will only be able to react. Being proactive gives you more options.

#MyFitnessPal #Databreach

Backup Strategies for Artists Important When Systems Fail


Your computer fails during a set. Are you prepared?

I was photographing a festival one night, and in the midst of the flashing lights and loud music, everything stopped. A weird scratching sound came over the speakers, and then silence. A frenzy ensued, as behind the stage people came popping up from left and right. A system had failed, and without a basic backup in place, there was absolutely nothing anyone could do.

over saturated picture of a person looking at computer equipment used by a DJ that has failedNormally, when a speaker system crashes, it takes a couple technicians and everything is up and running again. But this time it wasn’t the speakers. As the artist waved her hands in frustration, it was pretty obvious there was a problem with her computer. Unfortunately, her Macbook was the only piece of hardware she had, and as the computer shut down, so did her set. Without a plan in place, she had to pack it up and call it a night.

This could have been prevented. By only having only one computer that could play the music, the minute the computer stopped working, so did her event.  Had she carried even just an old computer with another copy of the music as a backup, the whole mess could have been avoided.

Having a basic backup solution is a start for any artist. Knowing your information is stored in multiple places, such a second computer, an external hard drive or even just a simple USB stick, leaves room for the disaster that will eventually strike.

Thinking it won’t happen is just avoiding the inevitable. The first step in protecting your assets, and the music and mixes involved in playing any show, is admitting that if your immediate technology does fail, you need to know what is your next plan of action.

Do you have that extra copy of your data backed up? If your computer fails, but you still have your hard drive, do you have a way to still play the files?

These are the questions you have to pay attention to, and if you answer no to any of them, maybe it’s time to take a better look at your plan. Having backup plans in place helps go ensure you don’t lose everything you worked so hard for.

Maybe the show you are opening tomorrow isn’t the biggest show of your career, but it definitely won’t be if you can’t even play.

Phishing Scams – How to Prevent a Disaster


Imagine this. You’re scrolling the internet and your instant messaging pops up. It’s someone you talk to quite frequently, and they’ve sent you a link telling you to check it out. You click the link, and suddenly your files start changing and you can’t open anything. Suddenly you’ve become a victim of a phishing scam.

What just happened?

You sit there confused, but in the back of your mind you understand the link you clicked was not what it seemed to be, and are now wondering what it will take to get the information back?

Phishing is a common cyber crime that has hit many unsuspecting people, and sometimes the results are harmless. Sometimes you are only locked out of your online accounts for few minutes. But other times serious damage can begin the minute your mouse clicks the link.

Hackers target companies and individuals by email, and most people see a link in an email and don’t even consider it is going to be detrimental to click.

A good rule to follow is to limit the links you do click in email messages.  Remember, when protecting yourself from phishing scams, pay attention to the where the link is going to take you, be skeptical of email attachments and pay close attention to the sender email address.

If something looks suspicious, taking the time to check and be sure makes sense.

Getting to a place where you understand how to protect yourself takes effort and some training. This training has come a long way over the years.

Find out how a few quick and focused training sessions can help you and your team improve your skills.  Ask us about some options for effective cyber security training.

World Password Day 2018

How secure are you?

Passwords are your first line of defense when it comes to protecting your private systems and information. Having a strong password in place leaves you just that much more secure.

On May 3, 2018, we celebrated World Password Day, and the facts are simple; most people either don’t understand the importance of a secure password, or don’t want to take the time to ensure information is protected in the simplest way.

I don’t know about you, but I’m just as guilty as the majority of the population for having the same password across the board, changing up one number or letter per platform. Just like you, I’ve left myself extremely vulnerable to hackers of any level.

With digital platforms filling up most of your spare time, it’s important to adhere to the rules and suggestions. Each of these platforms ask for a different sequence of characters, for good reason.

According to Entrepreneur Online, a survey was conducted by TeleSign a few years ago, which polled approximately 2,000 consumers throughout the U.S. and the U.K. The study concluded about 3 out of 4 people use duplicate passwords, some of which haven’t been changed in years.

Good to know I’m not the only one who could lose everything.

In the past year alone, about 40% of people received noticed of personal information being compromised, accounts being hacked, or have had a password stolen. Data breaches are inevitable. Therefore, why aren’t you taking better measures to protect your information.

When is the last time you changed your password? In the same survey, mentioned above, about 21% of people still use passwords they created 10 years ago. If you can’t remember the last time you changed your password, I highly suggest you take the time today to do so.

Keep them long, complicated, a sequence of numbers and letters. You can even generate up passwords for free online. Whatever you do, your password should not be something that can be guessed. No birthday’s please. Pet names are out too.

The next step you can take is to add another level of security. Two-factor authentication is a great way to significantly decrease the risk of any hacker. This method requires an additional type of identification, of which the user has on them at the time.

Passwords are inevitably a part of everyday life, and to be careless with them is simply asking for the worst to happen. Whatever method you use, being aware of how secure you are is detrimental for a future dealing with technology.


If you are curious as to how secure your password is visit www.howsecureismypassword.net. Enter in a password SIMILAR to the one you currently have and sit back and see how long it would take a hacker to enter your system.

 

The Importance of a Basic Backup Strategy

Are you prepared with a basic backup?

It doesn’t always take someone malicious to hack your computer system, but regardless of the reason, if a business is shut down for any matter of time, revenue is lost. The first step in running any business is ensuring there are basic backup plans in place.

Picture this; a freak September snowstorm sends the city into panic. Tree branches are breaking from the weight of the snow, and one just happens to fall on the power line closest to your downtown office. The power goes out and your building is plunged into dark.

Power goes out, operations stop. All your files are now gone and without any way of getting them back, you’re starting at the bottom again.

When breaches occur, for any reason, operations and finance are the first things to be affected, and the network outages caused usually have long-lasting impact. Most businesses cannot come back from even three days spent at a standstill.

So what can you do?

By following the 3-2-1 rule, when it comes to a basic backup strategy, your company will be laughing during the next storm.

Your backup plan should be thought of like this; there should be 3 total copies of data, 2 of which are local, but on different mediums, and at least 1 copy that is offsite.

The local copy is what users rely on for primary access.

  • One of the easiest ways to create a backup is to store copies on any network attached storage, an external hard drive, or a USB drive.

Backup local copy to a local avenue.

  • Gives user immediate, instant access to whatever data needed, despite if it’s been deleted, overwritten, or lost.

Store a copy of all files securely offsite.

  • This helps in the aforementioned disaster. Regardless if something happens to the physical place of business, all data is still safe and secure.
  • There are many cloud-based solutions, which store information on remote servers which are accessed through the Internet.

Regardless of how you are backing up your data, the first step in protecting your business is having that backup plan. Every minute your team is without access will cost more than just revenue.

Take a look at how much it would cost your business if your systems were unavailable.  Try our online calculator yourself or give us a call 403-455-5969. The results might surprise you.

 

 

 

 

Federal Budget to Spend up to $1 Billion on Cyber Security

Murray Brewster, CBC News, explains how new money is coming from the Federal government to protect the 2019 election.

According to Brewster, the United States is still reeling from the effects of the 2016 presidential election, which the American intelligence community says was disrupted by Russian hacking and information influence operations.

With money in the budget to also include training and retaining cyber security experts, the requested amount will be allotted once details are agreed on about which departments will get funding, and where the rest of the money will be placed.

“There has also been a lot of debate in Canada about how to leverage the military to address the cyber skills shortage and meet its own growing needs for people with sophisticated technical skill sets,” stated Brewster.

The full article can be read here.

Freedom Mobile Private Details Extracted by Hacker

According to an article published by www.hackread.com, a hacker, using the alias NullHumanity, has identified a flaw in the customer login system of Freedom Mobile. With approximately 2,000 accounts at risk, the hacker explained he does not plan to exploit them.

The article mentioned that although this hacker has no plans to access the accounts for any reason but to inform Freedom of this flaw, there are others who wouldn’t be so kind.

“If a hacker manages to access secondary API through guessing the phone number and PIN combination, then he can expect to get sensitive details like date-of-birth, full name, phone number, email IDs, full call history, and billing-related information.”

The full article can be read here.

Winter Games Hit by Cyber Attack

The PyeongChang Winter Games were hit by a cyber attack, and although critical operations were not affected, event organizers were forced to shut down servers. The official games website also had to be taken offline to prevent further damage.

With cyber attacks rising in past Olympics games, this most recent attack in South Korea won’t be the last. According to the article, written by Aaron Tan, Japan is already bracing itself for more cyber attacks, aimed at the Tokyo Olympics in 2020.

Read the official article here.

Cyber Security for Marketers

Cyber Security for Marketers: Four Tips to Get Started

Esther Jeohn, head of global marketing at Penta Security Systems Inc, gives information on how you can deflect or even block the cyber-breach blow. Reading these four tips will give you and your PR team ideas on how to stay protected when it comes to cyber security. With the majority of marketing work done on the go, many of the platforms used are Cloud-based.

“The myriad of platforms make my workflow a whole lot easier, but the lack of integrations into one seamless platform inevitably means that information is being distributed to multiple locations. That information could be anything from company financial figures to customer contact information—which, if it fell into the wrong hands, could mean bad business,” says Jeohn in the article, which can be found here.

What can you do, as a marketer, to keep yourself and your company protected?