Russian hackers expose 1.2 B accounts

The idea of Internet security is almost always being called into question. It seems like nearly every month there is a security breach where important information like usernames and passwords are stolen. The trend appears to be increasing, with an ever-expanding number of accounts being hacked. In early August, news broke of possibly the biggest breach to date.

The latest big-scale breach

In early August, it emerged that a Russian hacker ring had amassed what is believed to be the biggest known collection of stolen account credentials. The numbers include around 1.2 billion username and password combinations, and over 500 million email addresses.

According to Hold Security, the company that uncovered these records, the information comes from around 420,000 sites. What is particularly interesting about this particular attack is that such a wide variety of sites were targeted when compared this with other attacks, which tend to either attack large brand names or smaller related sites.

How did this happen?

Despite what many believe, this was not a one-time mass attack; all sites that were compromised were not attacked at the same time. Instead, the hacker ring – called the Cyber Vor – was likely working on amassing this data over months or longer. How they were able to amass this much information is through what’s called a botnet.

Botnets are a group of computers infected by hackers. When the hackers establish a botnet, they attack computers with weak network security and try to infect them with malware that allows the hacker to control the computer. If successful, users won’t even know their computer has been hacked and is being used by hackers.

Once this botnet is established, the hackers essentially tell the computers to try to contact websites to test the security. In this recent case, the computers were looking to see if the websites were vulnerable to a SQL injunction. This is where hackers tell the computers in the botnet to look for fillable sections on sites like comment boxes, search boxes, etc. and input a certain code asking the website’s database to list the stored information related to that box.

If the Web developer has restricted the characters allowed in the fillable text boxes, then the code likely would not have worked. The botnet would notice this, and then move onto the next site. However, if the code works, the botnet notes this and essentially alerts the hacker who can then go to work collecting the data.

So, is this serious and what can I do?

In short, this could be a fairly serious problem. While 420,000 sites may seem like a large number, keep in mind that the Internet is made up of billions of websites. This means that the chances of your website’s data being breached by this ring are small. That being said, there is probably a good chance that one of the sites related to your website may have been breached.

So, it is a cause for concern. However, you can limit the chance of hackers gaining access to your information and a website’s information.

1. Change all of your passwords

It seems like we say this about once a month, but this time you really should heed this warning. With 1.2 billion username and password combinations out there, there is a chance your user name for at least one account or site has been breached.

To be safe, change all of your passwords. This also includes passwords on your computer, mobile devices, and any online accounts – don’t forget your website’s back end, or hosting service. It is a pain to do, but this is essential if you want to ensure your data and your website is secure from this attack.

2. Make each password different

We can’t stress this enough, so, while you are resetting your password you should aim to ensure that you use a different one for each account, site, and device. It will be tough to remember all of these passwords, so a manager like LastPass could help. Or, you could develop your own algorithm or saying that can be easily changed for each site. For example, the first letter of each word of a favorite saying, plus the first and last letter of the site/account, plus a number sequence could work.

3. Test your website for SQL injunctions

If you have a website, you are going to want to test all text boxes to see if they are secure against SQL injunctions. This can be tough to do by yourself, so it’s best to contact a security expert who can help you execute these tests and then plug any holes should they be found.

4. Audit all of your online information

Finally, look at the information you have stored with your accounts. This includes names, addresses, postal/zip codes, credit card information, etc. You should only have the essential information stored and nothing else. Take for example websites like Amazon. While they are secure, many people have their credit card and billing information stored for easy shopping. If your account is hacked, there is a good chance hackers will be able to get hold of your card number.

5. Contact us for help

Finally, if you are unsure about the security of your accounts, business systems, and website, contact us today to see how our security experts can help ensure your vital data is safe and sound.

Student Laptop Buyer’s Guide: Use These 6 Tips When Buying Your Student’s New Laptop This Fall

School is almost back in session. If you’re in the market for purchasing a new laptop for one of your children (it seems like anyone from elementary schoolchildren to college graduates need a laptop these days, right?), here are 6 tips to get the most out of your laptop purchase.

 Tip #1: Bigger is NOT necessarily better when it comes to laptops. If your student is on the go, smaller laptops are going to be your best bet. Go for less than 4 lbs. and either 11” or 13” screen size. The SurfacePro, UltraBook or MacBook Airs are all solid options for most students.

Tip #2: Pay for a good design. A student will be using their laptop day in and day out. Choose sleek over clunky.  Also, opt for a design that is made to protect the display and resist wear and tear over the next few years of use.

Tip #3: Buy for the long haul. Think about how long you want your student’s computer to last. Make the mistake of saving a few bucks now for a cheaper processor, lower memory or smaller hard drive, and you’ll be regretting that decision when you’re buying another laptop in 2 years instead of 3 or 4.

Tip #4: Go for long battery life… your student will use it!  Six hours of battery life is the MINIMUM spec you should purchase. If you can get 10+ hours of battery life in your budget, go for it.

Tip #5: Consider touch screen hybrids. Many Windows 8 devices such as the SurfacePro allow you to use the device as sort of a tablet/laptop hybrid. For kids that grew up on tablets and smartphones, these hybrids make them feel right at home with their new computer and actually make them more efficient.

Tip #6: Mac versus PC. This decision is really up to you and your preferences. Software choices these days allow your student to do just fine with either choice. Choose whichever operating system your student is used to using, and they’ll do just fine.

Still unsure what to buy? Don’t hesitate to give us a call, and we’ll be happy to guide you in the right direction. We’re here to help.

5 Ways Systems Can Be Breached

When it comes to business security, many small to medium firms often struggle to ensure that their systems and computers are secure from the various attacks and malware out there. While there are a million and one things you can do to secure systems, one of the most useful approaches is to be aware of common security threats. To help, here are five common ways your systems can be breached.

1. You are tricked into installing malicious software

One of the most common ways a system’s security is breached is through malware being downloaded by the user. In almost every case where malware is installed, the reason is because the user was tricked into downloading it.

A common trick used by hackers is to plant malware in software and then place this software on a website. When a user visits the site, they are informed that they need to download the software in order for the site to load properly. Once downloaded, the malware infects the system. Other hackers send emails out with a file attached, where only the file contains malware.

There are a nearly limitless number of ways you can be tricked into downloading and installing malware. Luckily, there are steps you can take to avoid this:

  • Never download files from an untrusted location – If you are looking at a website that is asking you to download something, make sure it’s from a company you know about and trust. If you are unsure, it’s best to avoid downloading and installing the software.
  • Always look at the name of the file before downloading – Many pieces of malware are often disguised with file names that are similar to other files, with only a slight spelling mistake or some weird wording. If you are unsure about the file then don’t download it. Instead, contact us as we may be able to help verify the authenticity or provide a similar app.
  • Stay away from torrents, sites with adult content, and movie streaming sites – These sites often contain malware, so it is best to avoid them altogether.
  • Always scan a file before installing it – If you do download files, be sure to get your virus scanner to scan these before you open the apps. Most scanners are equipped do this, normally by right-clicking on the file and selecting “Scan with….”

2. Hackers are able to alter the operating system settings

Many users are logged into their computers as admins. Being an administrator allows you to change any and all settings, install programs, and manage other accounts.

If a hacker manages to access your computer and you are set up as the admin, they will have full access to your computer. This means they could install other malicious software, change settings or even completely hijack the machine. The biggest worry about this however, is if a hacker gets access to a computer that is used to manage the overall network. Should this happen, they could gain control over all the systems on the network and do what they please on it.

In order to avoid this, you should ensure that if a user doesn’t need to install files or change settings on the computer, they do not have administrator access. Beyond this, installing security software like anti-virus scanners and keeping them up to date, as well as conducting regular scans, will help reduce the chances of being infected, or seeing infections spread.

3. Someone physically accesses your computer

It really feels like almost every security threat these days is digital or is trying to infect your systems and network from the outside. However, there are many times when malware is introduced into systems, or data is stolen, because someone has physically had access to your systems.

For example, you leave your computer on when you go for lunch and someone walks up to it, plugs in a USB drive with malware on it and physically infects your system. Or, it could be they access your system and manually reset the password, thereby locking you out and giving them access.

What we are trying to say here is that not all infections or breaches arrive via the Internet. What we recommend is to ensure that you password protect your computer – you need to enter a password in order to access it. You should also be sure that when you are away from your computer it is either turned off, or you are logged off.

Beyond that, it is a good idea to disable drives like CD/DVD and connections like USB if you don’t use them. This will limit the chances that someone will be able to use a CD or USB drive to infect your computer.

4. It’s someone from within the company

We have seen a number of infections and security breaches that were carried out by a disgruntled employee. It could be that they delete essential data or remove it from the system completely. Some have even gone so far as to introduce highly destructive malware.

While it would be great to say that every business has the best employees, there is always a chance a breach can be carried out by an employee. The most effective way to prevent this, aside from ensuring your employees are happy, is to limit access to systems.

Take a look at what your employees have access to. For example, you may find that people in marketing have access to finance files or even admin panels. The truth is, your employees don’t need access to everything, so take steps to limit access to necessary systems. Combine this with the suggestions above – limiting admin access and installing scanners – and you can likely limit or even prevent employee initiated breaches.

5. Your password is compromised

Your password is the main way you can verify and access your accounts and systems. The issue is, many people have weak passwords. There has been a steady increase in the number of services that have been breached with user account data being stolen. If a hacker was to get a hold of your username, and you have a weak password, it could only be a matter of time before they have access to your account.

If this happens, your account is compromised. Combine this with the fact that many people use the same password for multiple accounts, and you could see a massive breach leading to data being stolen, or worse – your identity.

It is therefore a good idea to use a separate password for each account you have. Also, make sure that the passwords used are strong and as different as possible from each other. One tool that could help ensure this is a password manager which generates a different password for each account (I like LastPass).

If you are looking to learn more about ensuring your systems are secure, contact WAMS today to learn about how our services can help.

Join WAMS For The Final Summer School Webinar!

Summer School Session 4: From the Trenches – Live Interviews with People Using Cloud Today in their Office

Screen shot 2014-08-12 at 3.22.31 PM
Thursday, August 14 at 11:00 am

For the first time ever, we’ve gathered together a group of people who are using cloud TODAY in their office and are putting them on this live webinar for you to learn firsthand from them…

  • The details of exactly how they use Cloud Computing
  • The challenges they faced in deciding to go to the Cloud and the benefits they see today
  • How they navigated the waters to find a Cloud solution that worked for them
  • Their firsthand advice and tips for you if you’re considering Cloud Computing

Join us live to hear interviews with these Cloud users and get the chance to ask them your own questions! Sign up today! LIMITED SPACE! Resister at www.wamsinc.com/session4 

Cloud Panelists

Mike Konrad, President of Aqueous Technologies

Mike Konrad is the president of Aqueous Technologies, a company that specializes in the manufacturing of cleaning and cleanliness testing systems for the electronics assembly industry. Aqueous Technologies has been using the Cloud for about a year now, and Mike will be sharing how the Cloud has enabled him and his employees to work across the globe. He will also be giving his candid feedback on what it was like to transition from a traditional, on-site network to the Cloud.

Steve Wolf, Partner at Oster and Wolf

Steve Wolf is a founding partner at Oster and Wolf, a reputable CPA firm based in Woodland Hills, CA, that provides tax services to the business community. Steve will be sharing with you his straightforward and truthful reasons as to why they chose to go to the Cloud. He will also be discussing financially how and why it made sense for the accounting firm to “go Cloud.” The firm was also due for an upgrade, so Steve will be talking about the different factors that played into their decision and his honest opinion regarding the results.

Ken Wright, Corporate IT Director at Pacific Hospitality Group & Busch and Caspino

Ken Wright’s past experience has been working in IT specifically in the legal industry and now he faces new challenges in his role as Corporate IT Director for the jointly owned Pacific Hospitality Group and the law firm of Busch & Caspino. The newly formed firm of Busch & Caspino needed a technology solution that enabled the high power attorneys and their staff to work extremely productively and at any place and anytime. Ken’s challenge was to find a solid solution that would enable just that. Ken will be discussing from an IT perspective exactly why Cloud works perfectly for the firm.

Registration: Click here to register

Questions? Contact Allison at WAMS at akirk@wamsinc.com or at (714) 582-1624

Insert Headers And Footers In Excel

It’s undeniable that Microsoft Excel is one of the most popular spreadsheet applications used by businesses today. Not only does it simplify the process of creating spreadsheets with complex built-in formulas and colorful, descriptive charts, but it also allows you to add headers and footers. Let’s take a look at what headers and footers are and how you can make use of them in Excel.

What are headers and footers?

As with Word, Headers and footers are lines of text that print at the top (header) and bottom (footer) of each page in an Excel spreadsheet. They often contain descriptive text such as titles, dates, or page numbers displayed in page layout views and on printed pages.

Headers and footers are useful in providing quick information about your document or data in a predictable format and also help set out different parts of a document. Simply put, they make calculations, graphs, and pivot tables much easier to read and follow.

How to add and remove headers and footers:

  1. Select the spreadsheet for which you want to add headers or footers.
  2. On the Insert tab in the Text group, click Header & Footer; this displays the spreadsheet in page layout view.
  3. To add a header or footer, click on the left, right or center of the Header or Footer text box at the top or bottom of the spreadsheet page.
  4. You can now add a preset header or footer to your document, or create a custom header and footer.
  5. To start a new line in a header or footer text box, press ENTER; to include a single ampersand (&) in the text of a header or footer, use two ampersands. When you are done, click anywhere in the spreadsheet to close Header or Footer.
  6. Return to Normal page view by clicking on the View tab and Normal button.
  7. To remove the header or footer from a spreadsheet, select the View tab and click on Page Layout. Delete the information you want to remove.

The next time you need to repeat text on a page to make information more organized and easier to digest, you can simply do so with Excel’s header and footer feature. Looking to learn more about Microsoft Office and its features? Contact us today and see how we can help.