The revelations last week about Heartbleed, a security flaw in common website protection mechanisms, has caused shockwaves across the Internet. Many experts (including ourselves) are advising web users to change sensitive passwords immediately because they may have already been stolen by hackers.
Here are a few tips to improve password security to protect yourself in future.
How to choose a good password
Believe it or not, but some people choose the silliest, and therefore easiest to hack passwords. The most common passwords in circulation are ‘123456’, ‘password’ and ‘qwerty’, all of which are easily guessed. Other examples include the names of spouses, children or pets – again easily guessed and therefore insecure.
The key to a good password is choosing one that is at least eight characters long and includes upper and lowercase letters and numbers. For increased security you should avoid using dictionary words – “real” words – in favour of random looking groups of letters. It is however very important that you choose a password you can remember without writing it down anywhere.
Keeping your password safe
However, for maximum password security, you must not use the same passphrase for every website – if someone manages to get hold of your password, they could then access all your online accounts and you would be no better off.
Having said that, the use of similar passwords is perfectly acceptable, so long as you take care to keep them safe in your memory.
Once you have settled on a password, there are still some things you need to do to keep it safe:
- Do not log in to your bank accounts, financial sites or social media accounts (or any sensitive websites for that matter) from a computer that is not yours. Internet cafés and kiosk PCs may be useful for checking your personal email on holiday, but they could also harbour malware that steals passwords.
- Avoid using public WiFi. As convenient as public WiFi hotspots may be, there always remains the potential for someone to be intercepting your web traffic and stealing passwords.
- Never write your passwords down. It sounds simple, but millions of people across the world still write their passwords on post-it notes stuck to their computer screen.
- Investigate the use of a password management program. 1Password (and similar apps) provide a way to create and store extremely secure passwords across devices, making life much easier.
Remember that you will need to apply these same principles to every password for every website.
The Heartbleed security flaw continues to be a major problem for many websites, so it is very important that you change your passwords now. Using the tips above you should be able to create strong passwords that are much harder for criminals to ‘break’, giving you an additional layer of security.
As always, you should give the Get Support team a call on 01865 594000 if you need assistance with passwords, or would like further advice on keeping your mobile workforce secure when connecting to the office network via public WiFi.
Chances are that you got up this morning to news of “Heartbleed”, a serious flaw affecting millions of websites across the world. You may have even received a number of emails from various online service providers telling you that they have successfully patched their servers to correct the problem.
But what is Heartbleed?
A serious problem with encryption
To keep your sensitive information (like credit card numbers and address details) safe from criminals, website operators typically encrypt data as it passes over the Internet. Your web browser establishes a secure connection to the website using a technology called Secure Sockets Layer (SSL) – you should see a padlock icon in the address bar of your browser when communicating via SSL.
The SSL connection acts like a secure pipe between your computer and the website, so that should someone successfully intercept your web traffic, they will not be able to read it. Your data remain safe whilst in transit.
The OpenSSL factor
The Heartbleed problem is caused by a flaw in the software that many websites use to create SSL connections. Although the encryption works flawlessly, there is a problem with the way that unencrypted data is stored on the website, potentially leaving it open to theft by cybercriminals.
Perhaps most concerning is that although the Heartbleed vulnerability has only just become common knowledge, the flaw has been installed on millions of websites for up to two years already.
Among the sites identified as having problems were Google, Facebook, Tumblr, Yahoo and Gmail.
What can you do?
Ultimately, responsibility for patching the OpenSSL flaw lies with website operators, many of whom have been working around the clock to fix problems.
However due to uncertainty about just how long many of these websites have been exposed means that some of your account data could already be compromised. As a result, Get Support are advising all of their customers and blog readers to change their website passwords immediately.
Although many website operators have been admirably open about problems they have encountered, some have refused to comment about whether they have been affected or not. Apple, Ebay and Evernote are among the organisations remaining tight-lipped about whether their clients have been affected.
Some good news
Microsoft do not use OpenSSL for Office 365. This means that Office 365 users have nothing to worry about because data stored in Office 365 accounts has never been exposed by the Heartbleed vulnerability. It’s also good news for those businesses using Small Business Server on-site, they are unaffected. However if you have used the same password for Office 365 or your Office network that you use for other websites that may have been compromised, then we recommended changing your password and suggest not sharing passwords between websites and / or your office network.
If you are concerned that your business may have been affected by the Heartbleed flaw, or need assistance with securing your company website and network, give the Get Support team a call now on 01865 594000.
A Luton man has been convicted of unfair trading by using a scam technique to sell people computer software that was available for free. Mohammed Khalid Jamil received a four month suspended prison sentence, a £5000 fine and was ordered to pay £5665 compensation to his victims and £13,929 in legal costs.
Jamil is believed to be the first person convicted of operating the “Microsoft Scam” in the UK.
What is the Microsoft Scam?
There are a couple of variations on the Microsoft scam, but they all operate in virtually the same way:
- A person, you, receives a random call from someone claiming to represent Microsoft.
- You will then be told that as part of their routing monitoring, a problem has been detected on your computer, placing your data at risk of loss or theft.
- They will then talk you through checking some settings on your computer which they claim prove that something is wrong.
- You will then be asked to download and install an application so that the scammer can control your computer remotely,
Once the scammer has gained control of your computer, they can then perform all manner of activities including:
- Downloading and installing spyware that will steal personal information, like bank account details.
- Steal personal data directly, claiming they need the files for “analysis”.
- Charge you to install free security software, as was the case in Mr Jamil’s version of the scam.
How to know if you are being scammed
Because there are common factors involved in the various Microsoft scams, there are some things to look out for:
- Microsoft will never, ever call you about a security problem with your home or work computers – they simply cannot access that information.
- Calls almost always come from a call centre abroad – in Mr Jamil’s case, India.
- The caller will always ask you to download and install some software that will allow them to “fix the problem remotely”.
Scam callers are always quite pushy, and will try and fluster you into doing as they say. By talking urgently, they will try and convince you that the “problem” is extremely serious and needs to be dealt with immediately.
What to do if you are targeted by a scammer
If you think you receive a call that you think is suspicious, the easiest solution is to simply hang up immediately. Remember that Microsoft cannot tell if your computer has problems or not. Do not under any circumstances carry out their instructions.
Instead you should contact Get Support for further advice. Our team of trained and trusted technical consultants will be able to help you confirm whether your computer really does have a problem. Get Support customers should also be aware that as part of their support agreement, our daily proactive monitoring services will often identify issues, allowing us to fix them long before you become aware of a problem.
If you are in any doubt at all about the security of your computer or have received a call claiming to be from Microsoft, give us a call now on 01865 594000.
Google made headlines around the world last week after slashing the costs of online file storage using their Google Drive product. For as little as $1.99 per month, users can now buy 100GB of Cloud storage for their files.
With prices like that, Google Drive is a no-brainer right? Actually, maybe not.
The Google Terms of Service
Google offers a number of useful tools and services either completely free, or at a very small cost. They pay for these loss-leading services by generating a detailed picture of their customers that can then be used to sell highly targeted advertising by marketers.
Under the general Google Terms of Service (which everyone agrees to when they sign up for a Google account), any files stored in the Google Drive or Apps services can be accessed by the company to “improve our Services, and to develop new ones”. For consumers, these terms may be perfectly acceptable. For businesses however, there may be significant implications.
What’s yours, stays yours…
Google is keen to stress that the Intellectual Property rights to any files stored in Drive remain your forever. However using Google Drive means that all users, including businesses, grant Google a license to:
“use, host, store, reproduce, modify, create derivative works […], communicate, publish, publicly perform, publicly display and distribute such content.”
On the plus side, businesses signing up for a paid Google Apps account are promised “confidentiality” for their data in a supplementary agreement. The two different agreements seem to contradict each other, adding an unwelcome layer of ambiguity into the mix.
Which terms of service override the other? Are the Apps for Business terms supplemental or do they take precedence? Just how much of your rights are you signing over when you sign up? The only thing that is clear is that users of the free Google services, including businesses, can have no expectation of privacy.
With so many unanswered questions, Google Apps could actually become a legal minefield for business users and their clients.
Microsoft Office 365 on the other hand is much more straightforward. At no point does the OneDrive Terms of Service grant Microsoft permission to distribute their customers’ content for instance.
“3.3. What does Microsoft do with my content? When you upload your content to the services, you agree that it may be used, modified, adapted, saved, reproduced, distributed and displayed to the extent necessary to protect you and to provide, protect and improve Microsoft products and services. For example, we may occasionally use automated means to isolate information from email, chats or photos in order to help detect and protect against spam and malware, or to improve the services with new features that makes them easier to use. When processing your content, Microsoft takes steps to help preserve your privacy.”
By having a clear definition of what Microsoft will and will not do with your company data, you can move forward confidently with Office 365.
A potential business problem
The Google Terms of Service prove just how important it is to check what you are agreeing to when signing up for a service – especially one offered for free. This is doubly true when considering that Microsoft’s Office 365 service, and accompanying OneDrive file storage solution, do not require users to hand over access rights to their content. Additionally data deleted from OneDrive stays deleted – Microsoft does not retain any copies for their own use.
From a business point of view, Microsoft Office 365 is a far safer choice for businesses looking to take advantage of Cloud-based productivity software.
If you would like to know more about the advantages offered by Microsoft’s Cloud services, give Get Support a call today on 01865 594000.
After nearly 14 years of service (and three replacement operating system releases), Microsoft is finally pulling the plug on Windows XP. From April 8th Microsoft will no longer offer support for the operating system, leaving millions of businesses across the world at risk of significant risk of data loss or cybercrime.
You probably never deal directly with Microsoft, so why does this announcement affect you? Because once the “extended support” period ends on April 8th, Microsoft will no longer provide any updates or security patches for Windows XP. The operating system will be officially retired and no further work will be done to secure or improve it.
With less than three weeks until XP becomes unsupported, businesses have a very narrow window of opportunity to get their affairs in order. Here are the steps you need to take as a matter of urgency.
1. Get your machines patched
Microsoft has been releasing service packs, updates and patches for years now and it is critical that all of your business (and home) machines are fully up-to-date. Use the Windows Update tool to get your machines fully patched and up to date, to make sure you get the benefits of the updates available.
2. Get your antivirus in order
The end of support means that security “holes” in Windows XP will not be patched after April 8th. Security experts believe hackers and virus writers will then deliberately target Windows XP machines because they are more vulnerable to attack. Ensure you have a reputable antivirus solution installed and running on all of your computers now. Make sure that your computers are set to collect antivirus updates automatically to reduce the chance of acquiring a malware infection in between software upgrades.
3. Plan to upgrade
Sticking with XP after April 8th is not a sensible proposition because it places your corporate data in danger of loss, theft or corruption – could your business really afford the downtime? Instead you need to begin working on their plans to upgrade to a new version of Windows as soon as possible. In many cases this will mean upgrading computer hardware to fully support the resource demands of Windows 8.1.
Obviously a company-wide system upgrade may involve significant capital expenditure, but it is important to get planning and budget sorted out as quickly as possible. The new features of Windows 8.1 provide additional security for company data, along with tools to improve productivity, helping to repay some of the investment in upgrading.
These three steps should help keep any XP computers you have running relatively smoothly for now. You must remember that these guidelines are just a temporary measure, buying you some time until an upgrade to a new version of Windows can be performed.
If you need help getting your legacy Windows XP PCs into shape before April 8th, or would like to discuss the upgrade options available, give the Get Support IT Services team a call today on 01865 594000, drop us an email to firstname.lastname@example.org or fill in the form.
A story has just broken that LinkedIn has been hacked and a file posting some (6.5 million) users passwords in encrypted form have been posted on a Russian web forum.
This isn’t as bad as the passwords being in plain text but that can still be decrypted / guessed by hackers.
Linked in has not been able to confirm or deny that this information is correct. According to @LinkedIn “Our team is currently looking into reports of stolen passwords. Stay tuned for more”
What this means is that your password for Linked in may not be safe.
If your password is in the list that's been published and it's decrypted, someone may gain access your linked in account. Worse still, if you have used your LinkedIn password elsewhere, those accounts could be at risk too.
Our advice is to change your Linked In password and if you are using the same password on other websites to change those too.
We are now recruiting for a Junior IT Support Technician. We are looking for someone ambitious who would like to join our team providing first-class support to our customers.
This exciting role will be based at our offices in Oxford. The ideal candidate will really enjoy IT, be great at communicating on the telephone and thrive on providing a first class service to our customers.
Get Support are proud to announce the launch of our brand-new website! The old one had served us well for a few years, but it was time for a change.
We wanted a site that was clean and easy to use, while projecting the friendly yet professional service Get Support has become known for.
We worked closely with our sister company PRO IT LABS who have delivered a flexible site with full content management, on-time and to an extremely tight budget.
Above: a screenshot of our old website
Over the coming weeks we will be announcing our brand-new ticket portal for logging and managing support jobs online and our revamped hardware sales site.
If you would like to stay up to date please join our mailing list.
Get Support makes IT simple and easy to understand and has a proven track record when it comes to supporting small businesses, as testified to by two of our customers:
“Working with Get Support has been really helpful over the years”, says Claire Moloney of Pink and Black Property Consultants, Summertown, Oxford. “They’re very quick to respond. If they need to explain anything to us they’ll do so in terms that we understand.”
And Alan Sowden (Chapman, Robinson & Moore, Kidlington, Oxford) added, “As accountants we’re not experts in how the IT systems work, but they are very important - critical to our everyday business. Get Support staff will explain what we need to understand in simple terms which aren’t full of technical jargon and just get the systems working every day as we need them to.”
Get Support is offering a free business grade Dell Latitude Laptop from our outlet store with every new support agreement for 5 or more PCs. Find out how you can get your free Dell Laptop worth at least £500
Or watch my video below:
On Thursday last week Apple’s CEO Steve Jobs gave a sneak preview into the future of the iPhone operating system.
The one thing that hits me about these phones is they don’t do everything – but they do most things and everything they do – they do extremely well.
OS 4 will be bringing lots of new features to the iPhone including the ability run multiple applications at once.
“It’s really easy to implement multi tasking in a way that really drains battery life these apps start running in the back ground and there goes your battery and it’s really easy to implement it in a way that reduces the performance of the foreground app and makes your phone feel really sluggish.... We have figured out how to implement multitasking for third party apps and avoid those things – that’s what took is a little longer but I think we nailed it’” Steve Jobs - Apple CEO
For the business user we see better email support and features including being able to access more than one Microsoft Exchange Server account from the phone. Data encryption keeps all your data safe should you lose your phone. There is also mobile device management – making it easy to roll out and look after iPhones across an organisation.
For the consumer there are features like iBooks (download and read books on your iPhone) and a completely new Game Centre – there are now over 50,000 games in the App Store. Apple are adding a Social gaming network, invite your friends and play!
For the App Developer – iAd – Apples advanced advertising platform, making adverts more interactive and rich in multimedia while keeping the user within the application they are running. Apple sells and hosts the ads and pays the developer.
You can watch the whole hour long presentation by clicking here