The Get Support Blog
Previous 1 2 3 4 5 6 7 Next
The revelations last week about Heartbleed, a security flaw in common website protection mechanisms, has caused shockwaves across the Internet. Many experts (including ourselves) are advising web users to change sensitive passwords immediately because they may have already been stolen by hackers.
Here are a few tips to improve password security to protect yourself in future.
How to choose a good password
Believe it or not, but some people choose the silliest, and therefore easiest to hack passwords. The most common passwords in circulation are "123456", "password" and "qwerty", all of which are easily guessed. Other examples include the names of spouses, children or pets - again easily guessed and therefore insecure.
The key to a good password is choosing one that is at least eight characters long and includes upper and lowercase letters and numbers. For increased security you should avoid using dictionary words - "real" words - in favour of random looking groups of letters. It is however very important that you choose a password you can remember without writing it down anywhere.
Keeping your password safe
However, for maximum password security, you must not use the same passphrase for every website - if someone manages to get hold of your password, they could then access all your online accounts and you would be no better off.
Having said that, the use of similar passwords is perfectly acceptable, so long as you take care to keep them safe in your memory.
Once you have settled on a password, there are still some things you need to do to keep it safe:
- Do not log in to your bank accounts, financial sites or social media accounts (or any sensitive websites for that matter) from a computer that is not yours. Internet cafes and kiosk PCs may be useful for checking your personal email on holiday, but they could also harbour malware that steals passwords.
- Avoid using public WiFi. As convenient as public WiFi hotspots may be, there always remains the potential for someone to be intercepting your web traffic and stealing passwords.
- Never write your passwords down. It sounds simple, but millions of people across the world still write their passwords on post-it notes stuck to their computer screen.
- Investigate the use of a password management program. 1Password (and similar apps) provide a way to create and store extremely secure passwords across devices, making life much easier.
Remember that you will need to apply these same principles to every password for every website.
The Heartbleed security flaw continues to be a major problem for many websites, so it is very important that you change your passwords now. Using the tips above you should be able to create strong passwords that are much harder for criminals to "break", giving you an additional layer of security.
As always, you should give the Get Support team a call on 01865 594000 if you need assistance with passwords, or would like further advice on keeping your mobile workforce secure when connecting to the office network via public WiFi.
A Luton man has been convicted of unfair trading by using a scam technique to sell people computer software that was available for free. Mohammed Khalid Jamil received a four month suspended prison sentence, a £5000 fine and was ordered to pay £5665 compensation to his victims and £13,929 in legal costs.
Jamil is believed to be the first person convicted of operating the "Microsoft Scam" in the UK.
What is the Microsoft Scam?
There are a couple of variations on the Microsoft scam, but they all operate in virtually the same way:
- A person, you, receives a random call from someone claiming to represent Microsoft.
- You will then be told that as part of their routing monitoring, a problem has been detected on your computer, placing your data at risk of loss or theft.
- They will then talk you through checking some settings on your computer which they claim prove that something is wrong.
- You will then be asked to download and install an application so that the scammer can control your computer remotely,
Once the scammer has gained control of your computer, they can then perform all manner of activities including:
- Downloading and installing spyware that will steal personal information, like bank account details.
- Steal personal data directly, claiming they need the files for "analysis".
- Charge you to install free security software, as was the case in Mr Jamil's version of the scam.
How to know if you are being scammed
Because there are common factors involved in the various Microsoft scams, there are some things to look out for:
- Microsoft will never, ever call you about a security problem with your home or work computers - they simply cannot access that information.
- Calls almost always come from a call centre abroad - in Mr Jamil's case, India.
- The caller will always ask you to download and install some software that will allow them to "fix the problem remotely".
Scam callers are always quite pushy, and will try and fluster you into doing as they say. By talking urgently, they will try and convince you that the "problem" is extremely serious and needs to be dealt with immediately.
What to do if you are targeted by a scammer
If you think you receive a call that you think is suspicious, the easiest solution is to simply hang up immediately. Remember that Microsoft cannot tell if your computer has problems or not. Do not under any circumstances carry out their instructions.
Instead you should contact Get Support for further advice. Our team of trained and trusted technical consultants will be able to help you confirm whether your computer really does have a problem. Get Support customers should also be aware that as part of their support agreement, our daily proactive monitoring services will often identify issues, allowing us to fix them long before you become aware of a problem.
If you are in any doubt at all about the security of your computer or have received a call claiming to be from Microsoft, give us a call now on 01865 594000.
Chances are that you got up this morning to news of "Heartbleed", a serious flaw affecting millions of websites across the world. You may have even received a number of emails from various online service providers telling you that they have successfully patched their servers to correct the problem.
But what is Heartbleed?
A serious problem with encryption
To keep your sensitive information (like credit card numbers and address details) safe from criminals, website operators typically encrypt data as it passes over the Internet. Your web browser establishes a secure connection to the website using a technology called Secure Sockets Layer (SSL) - you should see a padlock icon in the address bar of your browser when communicating via SSL.
The SSL connection acts like a secure pipe between your computer and the website, so that should someone successfully intercept your web traffic, they will not be able to read it. Your data remain safe whilst in transit.
The OpenSSL factor
The Heartbleed problem is caused by a flaw in the software that many websites use to create SSL connections. Although the encryption works flawlessly, there is a problem with the way that unencrypted data is stored on the website, potentially leaving it open to theft by cybercriminals.
Perhaps most concerning is that although the Heartbleed vulnerability has only just become common knowledge, the flaw has been installed on millions of websites for up to two years already.
Among the sites identified as having problems were Google, Facebook, Tumblr, Yahoo and Gmail.
What can you do?
Ultimately, responsibility for patching the OpenSSL flaw lies with website operators, many of whom have been working around the clock to fix problems.
However due to uncertainty about just how long many of these websites have been exposed means that some of your account data could already be compromised. As a result, Get Support are advising all of their customers and blog readers to change their website passwords immediately.
Although many website operators have been admirably open about problems they have encountered, some have refused to comment about whether they have been affected or not. Apple, Ebay and Evernote are among the organisations remaining tight-lipped about whether their clients have been affected.
Some good news
Microsoft do not use OpenSSL for Office 365. This means that Office 365 users have nothing to worry about because data stored in Office 365 accounts has never been exposed by the Heartbleed vulnerability. It's also good news for those businesses using Small Business Server on-site, they are unaffected. However if you have used the same password for Office 365 or your Office network that you use for other websites that may have been compromised, then we recommended changing your password and suggest not sharing passwords between websites and / or your office network.
If you are concerned that your business may have been affected by the Heartbleed flaw, or need assistance with securing your company website and network, give the Get Support team a call now on 01865 594000.
Previous 1 2 3 4 5 6 7 Next