Spent a couple of hours this morning updating the main Giakonda IT website using Joomla. Added some contact details.We know it still needs work but I think it’s getting better.
I’d welcome any constructive comments.
Just had a most frustrating trip to Swansea shopping centre. It made me realise how dishonest bit companies are. I bought a razor with 4 spare blades only to find on opening them there was only 1. The shaving cream I bought came in a packet that was 1/4 bigger than the jar, and the top was 1/3 the total volume with nothing there! I went to the bank to cash a cheque, a refund from a big American company, only to find it was out of date (90 days).
If you want to deal with an honest company that won’t swindle you then give us a try. I’m sure you won’t regret it.
Using Netgear NAS to back up all our data – coping very well.
Yesterday I needed to upgrade its storage capacity from 250GB to 1TB and was able to do this easily by swapping out a hard drive. No install thinking required! Great bit of kit
Wishing all our blog followers a Happy Christmas and a prosperous New Year.
Watch this space to see what’s new for 2012.
The NAS box is an inexpensive and very useful device for backing up files onsite or remotely.
I used Netgear Duo which contains two drives that I’ve set up so that they mirror each other, thereby ensuring whatever’s on them is pretty safe.
Since it’s built round Open Source software, the only cost of putting it together as a web server is your time. It took me a whole day to get it running as I had to acquire and instal the latest versions of PHP, WordPress and some addons from Netgear to turn it into a Linux web server.
All this on top of the fact that it stores all our company data, securely backed up automatically and on demand.
Remember when you connect to the internet, the internet connects to you and unfortunately almost all computers on the internet are under constant attack. So what’s the good news? Well many companies are trying hard to make the internet a safe place and there is a lot of good free (to home users) software, easily available to make you secure.
In the first instance make sure you have installed antivirus software. I recommend Avast (www.avast.com) for this because it has a lot of good features and is very effective. When you download it make sure you don’t accidently download and install Google Chrome, unless of course you want to. One of the nicest features of Avast is that it is easy to scan your computer before it properly starts up, called a boot scan. This can uncover problems that can’t be found by other methods. You could do this say once a week or maybe less frequently.
I also recommend you install a piece of software called Malwarebytes (www.malwarebytes.org), yes a bit of a mouthful but well worth having. You can use this to scan for all sorts of dodgy software, called malware hence the name. This piece of software can be run once a week to remove the mess a lot of websites leave you with.
The final piece of defensive software that I recommend is a firewall. There are many varieties of these, even one from Microsoft, but I recommend you install ZoneAlarm (www.zonealarm.com). Once installed it will ask you whether to allow or deny access to the internet every time a program tries to do that. You may be surprised how many times software on your machine accesses the internet without your permission. It is easy to say NO.
There is one more piece of software that is useful and desirable, that is Cleanup (www.stephengould.org). This software will remove all the old crap from your machine. It will probably save you a lot of space if you are a click-a-holic. It will possibly save you time too.
Well good luck with all this, plenty to do. If you have any worries please call me at GiaKonda IT on 01792422616.
If you allow friends to plug in usb devices into your machine you should be sure they are as responsible as you. In particular make sure they know where their devices have been and that they regularly scan them for viruses. Just plugging in a hacked device could damage your machine.
SOME SECURITY MEASURES TO PUT IN PLACE
Be vigilant, keep your wits about you; be aware that not all sites on the Internet or emails you receive are the genuine article! The Golden Rule is if in doubt dump it.
Protect your computer with a firewall, spam filters, anti-virus and anti-spyware software. Ask us for our leaflet on the best no cost solutions to this.
Don’t type any confidential data into sites unless they display “https:” rather than “http:” in the address bar (the s stands for secure). Unfortunately not all sites use this level of security. The best do.
Do not click on links, download files or open attachments in emails from unknown senders. It is best to open attachments only when you are expecting them and know what they contain, even if you know the sender (you can always reply to their email to check it’s legitimate).
Never give out your passwords for any reason! Any company that asks you to disclose your password is unreliable.
Make sure you secure your social web sites and don’t make everything about you and what you do public. There are a lot of people out there looking to use your information from Facebook, Twitter etc. to set you and your employer up.
Keep who you are and where you are private.
Be very careful when disposing of old computers and hard disks. Recycled computers have been found to retain confidential information pertaining to personal information and Internet banking. If you are a private individual we will wipe your hard drive to US Department of Defence level 7 standard for £10.
For free software for private use we recommend you visit www.avast.com www.malwarebytes.com and www.zonealarm.com
For companies we recommend Sophos Anti-Virus and of course we would like you to buy that from us!
GiaKonda IT Ltd can be contacted on 01792422616 or visited at
3 Humphrey Street Swansea SA1 6BG. Email wendy@giakonda.com
A basic introduction to eFraud, and the measures you can take to prevent, or at least minimize your exposure.
TYPES OF eFRAUD
Phishing
Emails are presented so as to seem official communications of a bank, retail organization or government department. They then ask the victim to “confirm” confidential data. Information asked for includes login details, credit card or banking account details, Date of Birth etc. The pretext is a security measure being implemented or response to some possibly fraudulent use of the account. The scam can be made to look real by use of images often taken from the real organisation. The attacker frequently makes use of a link in the email apparently taking the victim to the official site but in actuality leading to a hacked server. The gathered data is then either stored to a hidden area on the same server, or to a different hacked server or sent to a throw-away email account that the hacker will monitor for the duration of the scam. This sort of attack is also called “carding”, “web spoofing” or “brand spoofing”.
Spear-Phishing or Sniping
This is more complicated, effective and targetted form of phishing, involving online identity theft. The criminal has some prior knowledge of the company’s data or the victim’s private data so the email bait can be personalized with information that appears genuinely from the target individual. This addition of a cleverly constructed use of social information makes these attacks so much more effective.
Pharming
A type of phishing involving more technical expertise and organisation to accomplish. It is just part of the broad use of the term phishing.
Advanced Fee Fraud
Represented in large part by Nigerian Scams, these typically take the form of emails purporting to be from someone having large funds available overseas that, if not moved out of country soon, would be lost. The fraudster pleads with the victim for help in moving these funds to the victim’s country, in return for which the fraudster generously gives a portion of the funds. However, having once baited the victim’s interest, the victim needs to outlay some funds of his or her own in order to initiate the process. Similar scams exist for Lottery winners who need to send a fee in order to receive their winnings and also emails from friends abroad who due to some mishap need money urgently.
The email plays on greed, pity and kindness on the part of the victim to complete the scam.
Identity Fraud
Identity fraud is the process of stealing another person’s identity, usually by first stealing personal details as outlined previously, in order to profit financially at the victims expense. Any subsequent activity on the part of the attacker would be traced back to the victim. Disassociating themselves from the activities of their attacker is a long, tedious and not always successful task.
Credit Card Fraud
Whether obtained via phishing or key-logging (malware that reads the keys on your computer as you type), credit card information is actively traded publicly in Web forums and IRC channels or via more discreet means such as private Instant messaging networks or emails. This information is then used to purchase goods or services, using various techniques to make it difficult to trace the recipient. The transactions are done on sites (called ”cardable”) that do not restrict shipment of goods to the same address or region as the billing address of the card owner. Delivery is frequently made through drops that are handled by others for a fee and subsequently re-shipped to the fraudster.
See our next blog for the security measures that will help you – along with a good deal of common sense.
This document has been adapted from work done by the United States Computer Emergency Readiness Team. www.us-cert.gov
Protect your computer against power surges and brief outages
Some power strips protect your computer against power surges but these alone will not protect you from power outages. There are specific products that do offer an uninterruptible power supply. During a lightning storm or construction work that increases the odds of power surges, consider shutting your computer down and unplugging it from all power sources. Also be sure to unplug your network cable!
Back up all of your data
Even if you take steps to protect yourself, there will always be a possibility that something will happen to destroy your data. You have probably already experienced this at least once— losing one or more files due to an accident, a virus or worm, a natural event, or equipment failure. Regularly backing up your data on a CD/DVD or network reduces the stress and other negative consequences that result from losing important information. A one Terabyte usb external hard drive costs as little as £60. Determining how often to back up your data is a personal decision. If you are constantly adding or changing data, you may find weekly backups the best alternative; if your content rarely changes, you may decide that your backups do not need to be as frequent. You don’t need to back up software that you own on CD-ROM or DVD-ROM—you can reinstall this from the original media if necessary.
Use and maintain anti-virus software and a firewall
Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall. Make sure to keep your virus definitions up to date.
Regularly scan your computer for spyware
Spyware or adware hidden in software programs may affect the performance of your computer and give attackers access to your data. Use a legitimate anti-spyware program to scan your computer and remove any of these files. Many anti-virus products have incorporated spyware detection.
Keep software up to date
Install software updates (also called patches) so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should turn it on.
Evaluate your software’s settings
The default settings of most software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer. It is especially important to check the settings for software that connects to the internet (browsers, email clients, etc.). Apply the highest level of security available that still gives you the functionality you need.
Avoid unused software programs
Do not clutter your computer with unnecessary software programs. If you have programs on your computer that you do not use, consider uninstalling them. As well as consuming system resources, these programs may contain vulnerabilities that, if not fixed with the latest version, may allow an attacker to access your computer. Think before you download programs on a whim.
Consider creating separate user accounts
If there are other people using your computer, you may be worried that someone else may accidentally access, modify, and/or delete your files. Most operating systems (including Windows XP and Vista, Mac OS X, and Linux) give you the option of creating a different user account for each user, and you can set the amount of access and privileges for each account. You may also choose to have separate accounts for your work and personal purposes. While this approach will not completely isolate each area, it does offer some additional protection. However, it will not protect your computer against vulnerabilities that give an attacker administrative privileges. Ideally, you will have separate computers for work and personal use; this will offer a different type of protection. It is not a good idea to give yourself Administrative Privileges.
Establish guidelines for computer use
If there are multiple people using your computer make sure they understand the risks and how to use the computer and internet safely. Setting boundaries and guidelines will help to protect your data.
Use passwords and encrypt sensitive files
Passwords and other security features add layers of protection if used appropriately. By encrypting files, you ensure that unauthorized people can’t view data even if they can physically access it. You may also want to consider options for full disk encryption, which prevents a thief from even starting your laptop without a passphrase. When you use encryption, it is important to remember your passwords and passphrases; if you forget or lose them, you may lose your data.
Follow corporate policies for handling and storing work-related information
If you use your computer for work-related purposes, make sure to follow any corporate policies for handling and storing the information. These policies were likely established to protect proprietary information and customer data, as well as to protect you and the company from liability. Even if it is not explicitly stated in your corporate policy, you should avoid allowing other people, including family members, to use a computer that contains corporate data.
Dispose of sensitive information properly
Simply deleting a file does not completely erase it. To ensure that an attacker cannot access these files, make sure that you adequately erase sensitive files.
Follow good security habits
Review other security tips for ways to protect yourself and your data.
My next article will recommend the best free software available to help secure your PC.
GiaKonda IT Ltd can be contacted on 01792422616 or visited at
3 Humphrey Street Swansea SA1 6BG. wendy@giakonda.com
I’ve just submitted two MSc assignments on security issues. One was about the advantages and dangers of using social networking sites. The seconda was about secure use of mobile devices.
I was just wondering. How many of you secure your Smart phone with a strong password?
